see host install
enable at boot-time
vi /etc/rc.d/rc.inet1 brctl addbr br0 brctl addif br0 eth1 ifconfig br0 10.0.0.254/16 up vi /etc/rc.d/rc.local
PATH=$PATH:/usr/local/bin:/usr/local/sbin sysctl -w net.ipv4.ip_forward=1 echo starting dockerd dockerd >> /var/log/dockerd.log 2>&1 & pgrep -a dockerd
vi /etc/rc.d/rc.local_shutdown
echo -n killing dockerd... pkill dockerd && echo done || echo FAIL
status
pgrep -a docker ls -lF /var/run/docker.sock brctl show br0
reload
pgrep -a dockerd kill -HUP PID-HERE
we could not validate that running instances come back after a reboot. the best we’ve got is a come back after killing and starting the docker daemon again.
you can now operate your Docker host
systemctl list-unit-files | grep containerd systemctl list-unit-files | grep docker systemctl status containerd.service systemctl status docker.socket systemctl status docker.service
ls -lF /run/containerd/containerd.sock ls -lF /run/docker.sock dockerd -H fd:// --containerd=/run/containerd/containerd.sock
as user
docker images -a docker ps -a docker pull pbraun9/devuan docker pull pbraun9/devuan-svr4
failed to start containerd: exec: "containerd": executable file not found in $PATH
==> add PATH into rc.local
seen on debian bookworm with docker-ce which starting dockerd manually
failed to load listeners: no sockets found via socket activation: make sure the service was started by systemd
==> look closer in the journalctl logs: Error initializing network controller
failed to start daemon: Error initializing network controller: error creating default "brige" network: Failed to Setup IP tables: Unable to enable NAT rule: (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE: Warning: Extension MASQUERADE revision 0 not supported, missing kernel module? iptables v1.8.9 (nf_tables): RULE_INSERT failed (No such file or directory): rule in chain POSTROUTING
==> fix your kernel config see https://blog.hypriot.com/post/verify-kernel-container-compatibility/
see host-xfs quotas for an advanced storage setup
dockerd https://docs.docker.com/engine/reference/commandline/dockerd/
Configure and troubleshoot the Docker daemon https://docs.docker.com/config/daemon/
Daemon user namespace options https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-user-namespace-options
Set ulimits in container (–ulimit) https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit
Enable IPv6 support https://docs.docker.com/config/daemon/ipv6/
How to run dockerd in the background without logs https://stackoverflow.com/questions/54852529/how-to-run-dockerd-in-the-background-without-logs
Local File logging driver https://docs.docker.com/config/containers/logging/local/
Isolate containers with a user namespace https://docs.docker.com/engine/security/userns-remap/
Run the Docker daemon as a non-root user (Rootless mode) https://docs.docker.com/engine/security/rootless/
User privileges in Docker containers https://medium.com/jobteaser-dev-team/docker-user-best-practices-a8d2ca5205f4
Understanding root inside and outside a container https://www.redhat.com/en/blog/understanding-root-inside-and-outside-container
Running Docker Containers as ROOT: https://dockerlabs.collabnix.com/security/Running-Containers-as-ROOT.html
Keep containers alive during daemon downtime https://docs.docker.com/config/containers/live-restore/