tested on slackware current (aug 2021)
XFS or EXT4 is required for OverlayFS2 though XFS has an advantage: you can specify a max file-system size for the container. You need to enable quota for that matter.
mkfs.xfs /dev/nvme0n1p3 vi /etc/fstab /dev/nvme0n1p3 /docker xfs defaults,noatime,nodiratime,prjquota 0 2 mkdir /docker/ touch /docker/XFS_NOT_MOUNTED mount /docker/ #rm -rf /var/lib/docker/ ln -s ../../docker /var/lib/docker
slackpkg search iptables
slackpkg search git-2
slackpkg search procps-ng
slackpkg search xz
ls -lF /proc/cgroups
curl https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh > check-config.sh
chmod +x check-config.sh
./check-config.sh
grab the latest Docker CE release as binaries
rel=20.10.10
wget https://download.docker.com/linux/static/stable/x86_64/docker-$rel.tgz
tar xzf docker-$rel.tgz
ls -lF /usr/local/bin/
cp -i docker/* /usr/local/bin/
note it is also available on github as release tag.
#git clone https://github.com/docker/docker-ce.git
see alternate host install for other systems
make the docker commands available to some user
grep docker /etc/group grep docker /etc/passwd groupadd -g 331 docker usermod -aG docker OPERATOR
we define bridge rather than bridge IP as it sets both gateway and cidr.
we want instances to survive daemon down-time and even a host system reboot, hence we enable live-restore.
and we’re giving a try to no-new-privileges.
vi /etc/docker/daemon.json # new file
{
"bridge": "br0",
"data-root": "/docker",
"debug": false,
"exec-opts": [
"native.cgroupdriver=cgroupfs"
],
"ip-masq": false,
"iptables": false,
"ip6tables": false,
"live-restore": true,
"log-level": "warn",
"no-new-privileges": true,
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.size=5G"
]
}
moar options
# "bip": "", # "dns": [], # "dns-search": [], # "hosts": [], # "ipv6": false,
by default you get an hosts file with instance’s IP only and same resolv.conf as on the host.
enable at boot-time
vi /etc/rc.d/rc.inet1 brctl addbr br0 brctl addif br0 eth1 ifconfig br0 10.0.0.254/16 up vi /etc/rc.d/rc.local PATH=$PATH:/usr/local/bin:/usr/local/sbin sysctl -w net.ipv4.ip_forward=1 echo starting dockerd dockerd >> /var/log/dockerd.log 2>&1 & pgrep -a dockerd vi /etc/rc.d/rc.local_shutdown echo -n killing dockerd... pkill dockerd && echo done || echo FAIL
status
pgrep -a docker ls -lF /var/run/docker.sock brctl show br0
reload
pgrep -a dockerd kill -HUP PID-HERE
as user
docker run -d --name devuan --hostname devuan --workdir /root pbraun9/devuan docker exec -ti devuan /bin/bash df -h
we could not validate that running instances come back after a reboot. the best we’ve got is a come back after killing and starting the docker daemon again.
you can now operate your Docker host
as user
newgrp docker docker images -a docker ps -a docker pull pbraun9/devuan docker pull pbraun9/devuan-svr4
failed to start containerd: exec: "containerd": executable file not found in $PATH
==> add PATH into rc.local
Install Docker Engine from binaries https://docs.docker.com/engine/install/binaries/
Post-installation steps for Linux https://docs.docker.com/engine/install/linux-postinstall/
dockerd https://docs.docker.com/engine/reference/commandline/dockerd/
Configure and troubleshoot the Docker daemon https://docs.docker.com/config/daemon/
Daemon user namespace options🔗 https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-user-namespace-options
Set ulimits in container (–ulimit)🔗 https://docs.docker.com/engine/reference/commandline/run/#set-ulimits-in-container---ulimit
Enable IPv6 support https://docs.docker.com/config/daemon/ipv6/
How to run dockerd in the background without logs https://stackoverflow.com/questions/54852529/how-to-run-dockerd-in-the-background-without-logs
Local File logging driver https://docs.docker.com/config/containers/logging/local/
How to Enable Disk Quotas on an XFS File System https://www.thegeekdiary.com/how-to-enable-disk-quotas-on-an-xfs-file-system/
Docker Per-Container Disk Quota on Bind Mounted Volumes https://stackoverflow.com/questions/57248180/docker-per-container-disk-quota-on-bind-mounted-volumes
Storage quota per container - overlay2 backed by xfs https://forums.docker.com/t/storage-quota-per-container-overlay2-backed-by-xfs/37653
Docker Container Size Quota https://reece.tech/posts/docker-container-size-quota/
About storage drivers https://docs.docker.com/storage/storagedriver/
Docker storage drivers https://docs.docker.com/storage/storagedriver/select-storage-driver/
Use the OverlayFS storage driver https://docs.docker.com/storage/storagedriver/overlayfs-driver/
Storage Drivers in Docker: A Deep Dive https://integratedcode.us/2016/08/30/storage-drivers-in-docker-a-deep-dive/
Docker Issues and Tips (aufs/overlay/btrfs..) https://github.com/AkihiroSuda/issues-docker
BTRFS vs OverlayFS https://www.reddit.com/r/docker/comments/5m4yhi/btrfs_vs_overlayfs/
how to clean up docker overlay directory? https://stackoverflow.com/questions/31712266/how-to-clean-up-docker-overlay-directory
Isolate containers with a user namespace https://docs.docker.com/engine/security/userns-remap/
Run the Docker daemon as a non-root user (Rootless mode) https://docs.docker.com/engine/security/rootless/
User privileges in Docker containers https://medium.com/jobteaser-dev-team/docker-user-best-practices-a8d2ca5205f4
Understanding root inside and outside a container https://www.redhat.com/en/blog/understanding-root-inside-and-outside-container
Running Docker Containers as ROOT: https://dockerlabs.collabnix.com/security/Running-Containers-as-ROOT.html
Keep containers alive during daemon downtime https://docs.docker.com/config/containers/live-restore/