#1496
[Docker] How-To
Install on CentOs (7)
sudo tee /etc/yum.repos.d/docker.repo <<-'EOF' [dockerrepo] name=Docker Repository baseurl=https://yum.dockerproject.org/repo/main/centos/7/ enabled=1 gpgcheck=1 gpgkey=https://yum.dockerproject.org/gpg EOF
yum install docker-engine systemctl enable docker.service systemctl start docker
docker run --rm hello-world
Install Docker Compose
curl -L https://github.com/docker/compose/releases/download/1.8.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose docker-compose --version
To init/start a docker compose :
docker-compose build docker-compose up -d
New :
wget -qO- https://get.docker.com/ | sh usermod -aG docker $(whoami) systemctl enable docker.service systemctl start docker.service yum install epel-release yum install -y python-pip pip install docker-compose yum upgrade python*
How To Upgrade CentOS 6 to CentOS 7 – Vultr.com [SSH] fatal: no matching mac found
On CentOS 6 : https://www.liquidweb.com/kb/how-to-install-docker-on-centos-6/
Enter running container :
Issue with IPv4/IPv6 port forwarding :
https://www.gesellix.net/post/docker-and-ipv6-on-ubuntu-13-10-saucy-salamander/
In /etc/sysctl.conf :
then reboot the machine or :
With error like :
Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on …
check :
https://docs.docker.com/engine/admin/systemd/#http-proxy
stop & delete all containers & images :
to remove unused containers:
to remove unused images :
https://stackoverflow.com/questions/32723111/how-to-remove-old-and-unused-docker-images
To remove untagged images :
docker images --no-trunc | grep '<none>' | awk '{ print $3 }' | xargs -r docker rmiRemove :
– all unused images
– all stopped containers
– all volumes not used by at least one container
– all networks not used by at least one container
Commit a container to an image
Export the image to a file
Import the image :
Allow unsecure registry (CentOS7)
echo '{ "insecure-registries":["SERVER_IP:SERVER_PORT"] }' > /etc/docker/daemon.json service docker restartDefault docker home :
Centos : Change docker daemon settings :
edit:
To change home :
ExecStart=/usr/bin/dockerd --graph {{docker_home}}To change storage driver :
To increase default image size :
with docker >= 1.18
/etc/docker/daemon.json
"graph": "/opt/app/docker", "storage-driver": "devicemapper", "storage-opts": [ "dm.basesize=20G" ],“graph” option has been replaced by “data-root”
Add another user to docker group :
The mechanism by which adding a user to group docker grants permission to run docker is to get access to the socket of docker at /var/run/docker.sock. If the filesystem that contains /var/run has been mounted with ACLs enabled, this can also be achieved via ACLs.
Network :
Create / Delete a network
Create a container for this network :
Create a tunnel to the Docker network (allow resolution of containers’s hostnames from host)
if the containers are in a dedicated network, don’t forget to move the ssh-server in the same one (with –network=NETWORK_NAME)
Inspect an image :
Tag and push :
example =
Dockerfile : Add SSH Server (centos/RHEL)
CentOS : Upgrade docker version :
Remove previous versions
yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engineInstall dependencies
Add new repo
yum-config-manager \ --add-repo \ https://download.docker.com/linux/centos/docker-ce.repoInstall Docker CE
CentOS / Docker / LVM :
https://docs.docker.com/storage/storagedriver/device-mapper-driver/#configure-direct-lvm-mode-for-production
Steps =
– add a new disk
– create a partition + table partition (gparted)
edit /etc/docker/daemon.json :
{ "storage-driver": "devicemapper", "storage-opts": [ "dm.thinpooldev=/dev/mapper/docker2-thinpool", "dm.use_deferred_removal=true", "dm.use_deferred_deletion=true", "dm.basesize=20G" ], "insecure-registries":["....lan:5000", "....lan:5000", "....lan"], "debug": true }delete all docker content (/var/lib/docker)
restart service
Docker behind a proxy (Centos7 & systemctl)
Dockerfile, execute command using ENV value :
FROM ... ENV FOO "BAR" ADD start.sh /start.sh RUN chmod +x /start.sh ENTRYPOINT ["/start.sh"] CMD ["echo", "${FOO}"]with start.sh :
Inspect tag from containers/images :
docker inspect --format '{{ index .Config.Labels "LABEL_NAME"}}' CONTAINER_IDTruncate docker JSON log file :
see also : https://stackoverflow.com/questions/980283/truncating-a-file-while-its-being-used-linux
Config Docker daemon for log rotation :
{
"log-driver": "json-file",
"log-opts": {"max-size": "10m", "max-file": "3"}
}
How to determine what containers use the docker volume?
When docker cp does not work (docker before 1.8) with Error Path not specified
Update restart policy for a running container =
Enable the live restore setting to keep containers alive when the daemon becomes unavailable
Reload Docker daemon config (without restart)
Switch from VirutalBox to Docker :
As outlined here, Docker for Windows requires Hyper-V. This needs to be disabled before you can run VirtualBox.
And to start using Docker for Windows again, re-enable Hyper-V:
see : https://fredrikaverpil.github.io/2018/03/15/switching-between-docker-and-virtualbox-on-windows-10/
Install on CentOS7 / RHEL 7 :
Install docker-compose on CentOS7 / RHEL 7 :
see https://docs.docker.com/compose/install/
Error :
Check the number of running process on the host machine for the docker container user (not the docker daemon)
Check also the “defunct” processes :
Install docker :
In case of error with container-selinux :
Error: Package: 3:docker-ce-18.09.9-3.el7.x86_64 (docker-ce-stable) Requires: container-selinux >= 2:2.74 Error: Package: containerd.io-1.3.7-3.1.el7.x86_64 (docker-ce-stable) Requires: container-selinux >= 2:2.74Execute :
As it is not possible to expose a new port on a running container, it’s possible to create a 2nd container to expose a port and forward the traffic to the 1st container :
For example, to expose port 7001 from container 172.16.0.2 via port 9170 :
An easy way to keep a container running in detached mode is is to tail the /dev/null device as the CMD or ENTRYPOINT command of your Docker image.
Crontab and docker
Error :
the input device is not a TTY
Solution :
do not use “-it”
Update docker daemon to use a mirror registry (instead of docker.io / docker hub)
{ "registry-mirrors": ["https://MIRROR_ADDRESS"] }and reload docker daemon
Remove all images matching a specific string :
docker rmi $(docker images --format "{{.Repository}}:{{.Tag}}"|grep "MY_VERSION")List all containers from a specific network :
docker network inspect \ -f '{{ range $key, $value := .Containers }}{{ printf "%s\n" $key}}{{ end }}' \ <network-id>Attach a volume to a container while it is running :
https://jpetazzo.github.io/2015/01/13/docker-mount-dynamic-volumes/
RHEL 7 :
Error while installing docker-ce:
Enable RPMS repo :
Expose docker daemon:
Update daemon.json file in /etc/docker:
{"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}Add /etc/systemd/system/docker.service.d/override.conf :
Reload the systemd daemon:
Restart docker:
In case of errors like:
driver failed programming external connectivity on endpoint XXX”
Rester docker config when using directlvm
Remove all dangling images:
Docker image for Web hello-world:
https://hub.docker.com/r/tutum/hello-world
docker / docker-compose Error
Solution:
Clean iptables chain and restart docker:
See https://stackoverflow.com/questions/31667160/running-docker-container-iptables-no-chain-target-match-by-that-name
docker-compose on RHEL8:
Use network “host”:
docker cli:
docker-compose:
version: "3" services: web: build: . container_name: html-container network_mode: "host"Configure concurrent upload/download:
in /etc/docker/daemon.json
{ "max-concurrent-uploads": 1, "max-concurrent-downloads": 1 }