This page (revision-52) was last changed on 23-Apr-2022 17:05 by Harry Metske

This page was created on 23-Apr-2022 17:05 by unknown

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
52 23-Apr-2022 17:05 49 KB Harry Metske to previous
51 23-Apr-2022 17:05 48 KB HarryMetske to previous | to last
50 23-Apr-2022 17:05 48 KB HarryMetske to previous | to last
49 23-Apr-2022 17:05 48 KB Harry Metske to previous | to last
48 23-Apr-2022 17:05 48 KB Harry Metske to previous | to last
47 23-Apr-2022 17:05 48 KB Harry Metske to previous | to last
46 23-Apr-2022 17:05 39 KB Harry Metske to previous | to last
45 23-Apr-2022 17:05 39 KB Harry Metske to previous | to last
44 23-Apr-2022 17:05 39 KB Harry Metske to previous | to last
43 23-Apr-2022 17:05 38 KB Harry Metske to previous | to last
42 23-Apr-2022 17:05 38 KB Harry Metske to previous | to last DOCKER_OPTS="-s devicemapper"
41 23-Apr-2022 17:05 38 KB HarryMetske to previous | to last

Page References

Incoming links Outgoing links
Docker
Docker

Version management

Difference between version and

At line 10 changed 13 lines
* [docker public registry|https://registry.hub.docker.com/] | [my jspwiki hub |https://registry.hub.docker.com/u/metskem/jspwiki/]
* [The 12factor app|http://12factor.net]
* [docker-registry|https://github.com/docker/docker-registry/]
* [docker-registry-ui|https://registry.hub.docker.com/u/atcol/docker-registry-ui/]
* VAMP [http://vamp.io] | [http://magnetic.io/vamp]
* [Consul|http://demo.consul.io]
* [Apache Mesos|http://mesos.apache.org/]
* [Atomic|http://www.projectatomic.io/]
* [OpenShift 3 Technical Architecture|https://docs.google.com/presentation/d/1Isp5UeQZTo3gh6e59FMYmMs_V9QIQeBelmbyHIJ1H_g/pub]
* [Java Application Servers are dead|http://jaxenter.com/java-application-servers-dead-112186.html]
* [HashiCorp Atlas|https://atlas.hashicorp.com/]
* [8 Docker questions|http://blog.xebialabs.com/2014/12/31/8-questions-need-ask-microservices-containers-docker-2015/]
* [docker-hosting-6-things-to-watch-out-for|https://medium.com/@phildougherty/docker-hosting-6-things-to-watch-out-for-80a70088c655]
* [docker public registry|https://registry.hub.docker.com/]
At line 12 added one line
Install with {{apt-get install docker.io}}. Beware that you need a 64bit version OS !
At line 25 removed one line
At line 28 removed 2 lines
Install with {{apt-get install docker.io}}. Beware that you need a 64bit version OS !
At line 746 removed one line
%%
At line 749 removed 173 lines
%%collapsebox
Linking containers together
You can link a container to another running container by using the {{RUN --link <name>:<alias>}} option.\\
The envvars from the target container then are visible in the source container (potential security issue, don't put sensitive data in envvars in the tgt container) . \\
See the following, first we start a jspwiki container (and expose port 8080) :
{{{
[metskem@vbox docker]$ docker run -d --name wiki --env="jspwiki.baseURL=http://10.0.0.195:8080" --expose=8080 harry:jspwiki-2.10.2-svn-14
ff1e7ec53f0bede9932406826939498ed526bafd6145486d61603c0041d27747
[metskem@vbox docker]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ff1e7ec53f0b harry:jspwiki-2.10.2-svn-14 "/bin/sh -c '/usr/lo 26 seconds ago Up 24 seconds 8080/tcp wiki
[metskem@vbox docker]$
}}}
Secondly we start another container that links to the wiki container:
{{{
[metskem@vbox ~]$ docker run -ti --link wiki:alias2wiki centos:centos7 bash
[root@f959f7929aae /]# env|sort
ALIAS2WIKI_ENV_jspwiki.baseURL=http://10.0.0.195:8080
ALIAS2WIKI_ENV_jspwiki.basicAttachmentProvider.storageDir=/var/jspwiki/pages
ALIAS2WIKI_ENV_jspwiki.fileSystemProvider.pageDir=/var/jspwiki/pages
ALIAS2WIKI_ENV_jspwiki.pageProvider=VersioningFileProvider
ALIAS2WIKI_ENV_jspwiki.workDir=/var/jspwiki/work
ALIAS2WIKI_ENV_jspwiki.xmlGroupDatabaseFile=/var/jspwiki/etc/groupdatabase.xml
ALIAS2WIKI_ENV_jspwiki.xmlUserDatabaseFile=/var/jspwiki/etc/userdatabase.xml
ALIAS2WIKI_NAME=/thirsty_darwin/alias2wiki
ALIAS2WIKI_PORT=tcp://172.17.0.15:8080
ALIAS2WIKI_PORT_8080_TCP=tcp://172.17.0.15:8080
ALIAS2WIKI_PORT_8080_TCP_ADDR=172.17.0.15
ALIAS2WIKI_PORT_8080_TCP_PORT=8080
ALIAS2WIKI_PORT_8080_TCP_PROTO=tcp
HOME=/root
HOSTNAME=f959f7929aae
<< snip >>
}}}
Now you can see the envvars from the wiki container in the centos container, prefixed with <aliasname>_ENV_ .
%%
! Upgrading to 1.5 and more tweaks
[Instructions|https://docs.docker.com/installation/centos/#manual-installation-of-latest-docker-release]
{{{
backup current images:
for IM in `docker images -q|sort -u`; do echo saving $IM;docker save $IM > /tmp/$IM.tar ; done
cd /root/docker/downloads
rpm -e docker
curl --silent https://get.docker.com/builds/Linux/x86_64/docker-latest > docker
chmod +x docker
docker --version
cp ~/docker/downloads/docker /usr/bin
copy 2 unit files from https://github.com/docker/docker/tree/master/contrib/init/systemd to /etc/systemd/system
sudo systemctl enable docker.service
}}}
Another issue with AUFS is that you cannot install httpd (example)
{{{
error: unpacking of archive failed on file /usr/sbin/suexec: cpio: cap_set_file
}}}
The solution is to run with devicemapper, so edit your {{ /etc/default/docker }} and set
{{{
DOCKER_OPTS="-s devicemapper"
}}}
So save all your images with the docker save command restart the docker daemon and restore all images with the docker load command :
{{{
docker save `docker images -q` > ~/docker-images-all.tar
sudo service docker restart
cat ~/docker-images-all.tar | docker load
}}}
And, after that you have to retag all your images and remove the /var/lib/docker/aufs directory .
! Running your own registry
You probably need a central place to store and distribute your images. The docker public repository is sometimes a bit "too central" and you want to run your won registry somewhere in your own datacenter.
For general documentation see [https://github.com/docker/docker-registry/]. \\
First install the docker-registry image with __docker pull registry__.
Or go to this [docker registry] page, for how to install and run your own registry.
Then you have to retag your image before you can send it to your local registry :
{{{
docker tag harry:jspwiki-2.10.2-svn-14 10.0.0.195:5000/metskem/jspwiki:2.10.2-svn-14
}}}
And before you can push, you have to modify the arguments of the docker daemon. In my case it is in {{/etc/systemd/system/docker.service}} :
{{{
ExecStart=/usr/bin/docker --daemon --insecure-registry=10.0.0.195:5000 -H fd://
}}}
Followed by a
{{{
systemctl daemon-reload
systemctl restart docker
}}}
Then the actual push :
%%collapsebox
pushing to local registry
{{{
[metskem@vbox system]$ docker push 10.0.0.195:5000/metskem/jspwiki:2.10.2-svn-14
The push refers to a repository [10.0.0.195:5000/metskem/jspwiki] (len: 1)
Sending image list
Pushing repository 10.0.0.195:5000/metskem/jspwiki (1 tags)
511136ea3c5a: Image successfully pushed
5b12ef8fd570: Image successfully pushed
dade6cb4530a: Image successfully pushed
359721211f5c: Image successfully pushed
98beb40b6504: Image successfully pushed
fad8a5aad415: Image successfully pushed
c5eb18fad024: Image successfully pushed
b454f7f76947: Image successfully pushed
a0e7ab13f41d: Image successfully pushed
2dc77cfd261e: Image successfully pushed
a21d9f3f4938: Image successfully pushed
7e99f3d52e90: Image successfully pushed
f4feb8f23da5: Image successfully pushed
c66f1b045bd0: Image successfully pushed
04e2170f152e: Image successfully pushed
679107dfd59a: Image successfully pushed
64c35add867a: Image successfully pushed
a1a54333a532: Image successfully pushed
eaf42bb4a4da: Image successfully pushed
7c14d4420bb2: Image successfully pushed
da0330415812: Image successfully pushed
62f598132165: Image successfully pushed
acf1f70d0d41: Image successfully pushed
e1c301a21dae: Image successfully pushed
81181bc94763: Image successfully pushed
3475c657c51b: Image successfully pushed
7a26e9db5921: Image successfully pushed
a6167bad8bc2: Image successfully pushed
96ce60f733f1: Image successfully pushed
1ff51e43d8fa: Image successfully pushed
a488f594ffcd: Image successfully pushed
e2700e924062: Image successfully pushed
65858638c162: Image successfully pushed
70cd6c38f806: Image successfully pushed
770aaa29b831: Image successfully pushed
5118b9f70abc: Image successfully pushed
12d78307ddcd: Image successfully pushed
badeb5836316: Image successfully pushed
1402803586b7: Image successfully pushed
3c1489a3cf9b: Image successfully pushed
4531617a5dbb: Image successfully pushed
00c67b76b331: Image successfully pushed
Pushing tag for rev [00c67b76b331] on {http://10.0.0.195:5000/v1/repositories/metskem/jspwiki/tags/2.10.2-svn-14}
}}}
%%
BUT, what about authentication and authorization ?! ==> probably configurable...
__registry-ui__
There is a web-pplication that allows you to view/edit registries and images. And of course that is also a docker container again , run it with :
{{{
docker run -p 8080:8080 --name=registry-ui atcol/docker-registry-ui
}}}
I added the registry I just started , you do have to use an IP address that is accessible from the registry-ui container.
At line 924 changed 41 lines
I dedicated a [separate page|Docker-JSPWiki] for that.
!!! Pushing an image to the hub
If you want to make your image public, first __tag__ it and then __push__ it:
{{{
[root@vbox ~]# docker tag harry:jspwiki-2.10.2-svn-14 registry.hub.docker.com/metskem/jspwiki:2.10.2-svn-14
[root@vbox ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
harry jspwiki-2.10.2-svn-14 3e33f5d2d612 43 hours ago 618.3 MB
registry.hub.docker.com/metskem/jspwiki 2.10.2-svn-14 3e33f5d2d612 43 hours ago 618.3 MB
harry tomcat-8.0.20 d9e7a3a95230 43 hours ago 542.7 MB
harry java7 c5eb18fad024 9 days ago 501.5 MB
centos centos7 dade6cb4530a 4 weeks ago 224 MB
centos latest dade6cb4530a 4 weeks ago 224 MB
centos 7 dade6cb4530a 4 weeks ago 224 MB
[root@vbox ~]# docker push registry.hub.docker.com/metskem/jspwiki:2.10.2-svn-14
The push refers to a repository [registry.hub.docker.com/metskem/jspwiki] (len: 1)
Sending image list
Please login prior to push:
Username: metskem
Password:
Email: metskem@apache.org
Login Succeeded
The push refers to a repository [registry.hub.docker.com/metskem/jspwiki] (len: 1)
Sending image list
Pushing repository registry.hub.docker.com/metskem/jspwiki (1 tags)
511136ea3c5a: Image already pushed, skipping
5b12ef8fd570: Image already pushed, skipping
dade6cb4530a: Image already pushed, skipping
359721211f5c: Image successfully pushed
98beb40b6504: Image successfully pushed
fad8a5aad415: Image successfully pushed
<<<< snip >>>>>>>
95ef590ff04d: Image successfully pushed
3e33f5d2d612: Image successfully pushed
Pushing tag for rev [3e33f5d2d612] on {https://cdn-registry-1.docker.io/v1/repositories/metskem/jspwiki/tags/2.10.2-svn-14}
}}}
I dedicated a [separate page|Docker JSPWiki] for that.
At line 968 changed one line
* [https://serfdom.io/]
* linking containers together
!!! Docker management tools
At line 970 removed 3 lines
!!! Docker (management) tools
At line 1,008 removed 91 lines
!! Openshift 3
! Resources
* [Docs|http://docs.openshift.org/latest/welcome/index.html]
! Installation
There is an all-in-one Docker container for it, just run :
%%collapsebox
docker run
{{{
metskem@athena:~$ docker run -d --name=openshift --net=host --privileged -v /var/run/docker.sock:/var/run/docker.sock openshift/origin start
00f2418d2f45f0ce6d69b220c1d208f80f098fe6a63f17dfd529586b9eeb3036
metskem@athena:~$ docker logs -f openshift
I0406 08:58:51.662636 1 start_allinone.go:181] Starting an OpenShift all-in-one
I0406 08:59:17.176061 1 start_master.go:274] Starting an OpenShift master, reachable at 0.0.0.0:8443 (etcd: [https://10.0.0.164:4001])
I0406 08:59:17.176094 1 start_master.go:275] OpenShift master public address is https://10.0.0.164:8443
I0406 08:59:17.176152 1 etcd.go:47] Started etcd at 10.0.0.164:4001
[etcd] Apr 6 08:59:18.196 INFO | openshift.local is starting a new cluster
[etcd] Apr 6 08:59:18.197 INFO | etcd server [name openshift.local, listen on 0.0.0.0:4001, advertised url https://10.0.0.164:4001]
[etcd] Apr 6 08:59:18.197 INFO | peer server [name openshift.local, listen on 0.0.0.0:7001, advertised url https://10.0.0.164:7001]
[etcd] Apr 6 08:59:18.198 INFO | openshift.local starting in peer mode
[etcd] Apr 6 08:59:18.198 INFO | openshift.local: state changed from 'initialized' to 'follower'.
[etcd] Apr 6 08:59:18.198 INFO | openshift.local: state changed from 'follower' to 'leader'.
[etcd] Apr 6 08:59:18.198 INFO | openshift.local: leader changed from '' to 'openshift.local'.
I0406 08:59:19.820209 1 start_master.go:317] Static Nodes: [athena]
E0406 08:59:20.181728 1 reflector.go:115] Failed to list *api.ResourceQuota: Get https://10.0.0.164:8443/api/v1beta1/resourceQuotas?namespace=: dial tcp 10.0.0.164:8443: connection refused
E0406 08:59:20.181780 1 reflector.go:115] Failed to list *api.LimitRange: Get https://10.0.0.164:8443/api/v1beta1/limitRanges?namespace=: dial tcp 10.0.0.164:8443: connection refused
[restful] 2015/04/06 08:59:20 log.go:30: [restful/swagger] listing is available at /swaggerapi/
[restful] 2015/04/06 08:59:20 log.go:30: [restful/swagger] Swagger(File)Path is empty ; no UI is served
I0406 08:59:20.938037 1 master.go:431] Started Kubernetes API at 0.0.0.0:8443/api/v1beta1
I0406 08:59:20.938069 1 master.go:431] Started Kubernetes API at 0.0.0.0:8443/api/v1beta2
I0406 08:59:20.938078 1 master.go:431] Started Kubernetes API at 0.0.0.0:8443/api/v1beta3 (experimental)
I0406 08:59:20.938086 1 master.go:431] Started OpenShift API at 0.0.0.0:8443/osapi/v1beta1
I0406 08:59:20.938095 1 master.go:431] Started OAuth2 API at 0.0.0.0:8443/oauth
I0406 08:59:20.938103 1 master.go:431] Started login server at 0.0.0.0:8443/login
I0406 08:59:20.938112 1 master.go:431] Started OpenShift UI 0.0.0.0:8443/console/
I0406 08:59:20.938120 1 master.go:431] Started Swagger Schema API at 0.0.0.0:8443/swaggerapi/
E0406 08:59:21.215538 1 reflector.go:115] Failed to list *api.LimitRange: Get https://10.0.0.164:8443/api/v1beta1/limitRanges?namespace=: dial tcp 10.0.0.164:8443: connection refused
E0406 08:59:21.215653 1 reflector.go:115] Failed to list *api.ResourceQuota: Get https://10.0.0.164:8443/api/v1beta1/resourceQuotas?namespace=: dial tcp 10.0.0.164:8443: connection refused
I0406 08:59:21.345234 1 master.go:488] No master policy found. Creating bootstrap policy based on: openshift.local.policy/policy.json
I0406 08:59:21.643400 1 master.go:109] Started Kubernetes Scheduler
I0406 08:59:21.643424 1 master.go:90] Started Kubernetes Replication Manager
I0406 08:59:21.643433 1 master.go:98] Started Kubernetes Endpoint Controller
I0406 08:59:22.770614 1 nodecontroller.go:189] Registered node in registry: athena
I0406 08:59:22.770636 1 nodecontroller.go:194] Successfully registered all nodes
I0406 08:59:22.770645 1 master.go:133] Started Kubernetes Minion Controller
I0406 08:59:22.770724 1 start_master.go:351] Using images from "openshift/origin-<component>:v0.4.2"
W0406 08:59:22.770868 1 master.go:601] Could not start DNS: listen tcp 0.0.0.0:53: bind: address already in use
E0406 08:59:23.338955 1 nodecontroller.go:279] Can't collect information for node athena: Get https://athena:10250/api/v1beta1/nodeInfo: dial tcp 127.0.1.1:10250: connection refused
I0406 08:59:31.454306 1 start_node.go:189] Starting an OpenShift node, connecting to https://10.0.0.164:8443
W0406 08:59:31.752616 1 node.go:91] Error running 'chcon' to set the kubelet volume root directory SELinux context: exit status 1
I0406 08:59:31.753905 1 node.go:61] Connecting to Docker at unix:///var/run/docker.sock
I0406 08:59:31.754512 1 proxier.go:328] Setting Proxy IP to 10.0.0.164
I0406 08:59:31.754534 1 proxier.go:333] Initializing iptables
I0406 08:59:31.815591 1 node.go:233] Started Kubernetes Proxy on 0.0.0.0
I0406 08:59:31.815729 1 manager.go:103] cAdvisor running in container: "/docker/00f2418d2f45f0ce6d69b220c1d208f80f098fe6a63f17dfd529586b9eeb3036"
I0406 08:59:31.816218 1 fs.go:87] Filesystem partitions: map[/dev/disk/by-uuid/5bbd6a91-bc46-4eb8-85f7-859dab4be488:{mountpoint:/etc/resolv.conf major:8 minor:6}]
I0406 08:59:31.818789 1 machine.go:223] Couldn't collect info from any of the files in "/etc/machine-id,/var/lib/dbus/machine-id"
I0406 08:59:31.818841 1 manager.go:124] Machine: {NumCores:4 CpuFrequency:1701000 MemoryCapacity:3834273792 MachineID: SystemUUID:609A7519-D21D-B211-8000-C930BF194D9E BootID:3c399cdc-65ba-4445-b488-1afd7505d8dc Filesystems:[{Device:/dev/disk/by-uuid/5bbd6a91-bc46-4eb8-85f7-859dab4be488 Capacity:59727097856}] DiskMap:map[8:0:{Name:sda Major:8 Minor:0 Size:128035676160 Scheduler:deadline}] NetworkDevices:[{Name:eth0 MacAddress:e8:03:9a:e8:75:86 Speed:10 Mtu:1500} {Name:vboxnet0 MacAddress:0a:00:27:00:00:00 Speed:0 Mtu:1500} {Name:wlan0 MacAddress:c4:85:08:52:76:78 Speed:0 Mtu:1500}] Topology:[{Id:0 Memory:3834273792 Cores:[{Id:0 Threads:[0 1] Caches:[{Size:32768 Type:Data Level:1} {Size:32768 Type:Instruction Level:1} {Size:262144 Type:Unified Level:2}]} {Id:1 Threads:[2 3] Caches:[{Size:32768 Type:Data Level:1} {Size:32768 Type:Instruction Level:1} {Size:262144 Type:Unified Level:2}]}] Caches:[{Size:3145728 Type:Unified Level:3}]}]}
I0406 08:59:31.853574 1 manager.go:131] Version: {KernelVersion:3.13.0-40-generic ContainerOsVersion:CentOS Linux 7 (Core) DockerVersion:1.5.0 CadvisorVersion:0.10.1}
I0406 08:59:31.934820 1 proxier.go:566] Opened iptables from-containers portal for service "default/kubernetes" on TCP 172.30.17.2:443
I0406 08:59:31.949718 1 proxier.go:577] Opened iptables from-host portal for service "default/kubernetes" on TCP 172.30.17.2:443
I0406 08:59:31.964394 1 proxier.go:566] Opened iptables from-containers portal for service "default/kubernetes-ro" on TCP 172.30.17.1:80
I0406 08:59:31.983399 1 proxier.go:577] Opened iptables from-host portal for service "default/kubernetes-ro" on TCP 172.30.17.1:80
E0406 08:59:31.984679 1 manager.go:138] Docker container factory registration failed: failed to get cgroup subsystems: failed to find cgroup mounts.
E0406 08:59:31.985329 1 manager.go:144] Registration of the raw container factory failed: failed to get cgroup subsystems: failed to find cgroup mounts
I0406 08:59:31.985391 1 manager.go:865] Started watching for new ooms in manager
E0406 08:59:31.985560 1 manager.go:196] Failed to start OOM watcher, will not get OOM events: neither /var/log/messages nor /var/log/syslog exists from which to read kernel errors
I0406 08:59:32.278897 1 node.go:176] Started Kubelet for node athena, server at 0.0.0.0:10250, tls=true
I0406 08:59:32.278926 1 node.go:178] Kubelet is setting 10.0.0.164 as a DNS nameserver for domain "local"
I0406 08:59:32.296608 1 plugins.go:56] Registering credential provider: .dockercfg
E0406 08:59:33.093823 1 event.go:127] Unable to write event '&api.Event{TypeMeta:api.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:api.ObjectMeta{Name:"athena.13d26114728cfd92", GenerateName:"", Namespace:"", SelfLink:"", UID:"", ResourceVersion:"", CreationTimestamp:util.Time{Time:time.Time{sec:0, nsec:0x0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*util.Time)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil)}, InvolvedObject:api.ObjectReference{Kind:"Node", Namespace:"", Name:"athena", UID:"athena", APIVersion:"", ResourceVersion:"", FieldPath:""}, Reason:"starting", Message:"Starting kubelet.", Source:api.EventSource{Component:"kubelet", Host:"athena"}, FirstTimestamp:util.Time{Time:time.Time{sec:63563907572, nsec:0x10a07592, loc:(*time.Location)(0x328f180)}}, LastTimestamp:util.Time{Time:time.Time{sec:63563907572, nsec:0x10a07592, loc:(*time.Location)(0x328f180)}}, Count:1}': 'events "athena.13d26114728cfd92" already exists' (will not retry!)
}}}
%%
And there is a [management console|https://10.0.0.164:8443/console] available.
You first create a project :
{{{
openshift ex new-project proj2 --description="test desc 2" --display-name="displee naam 2" --admin=admin
}}}
Install the stuff on another Centos7 virtualbox image, see OpenShift [Setup details|http://docs.openshift.org/latest/getting_started/setup.html] and [Installation|http://docs.openshift.org/latest/getting_started/installation.html].
This page (revision-52) was last changed on 23-Apr-2022 17:05 by Harry MetskeTop