IT/Software/Docker: Difference between revisions
Walttheboss (talk | contribs) No edit summary |
Walttheboss (talk | contribs) |
||
(9 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
= Docker = | |||
=== General Notes === | |||
Natively docker doesn't come with a web UI, but there are several projects that can offer that functionality, e.g. | |||
* Portainer (so far the "go to" for docker UI's) | |||
* Dockge (a quite new project) | |||
Nonetheless some basics are recommended :) | |||
==== What for? ==== | |||
* fast and reproducible deployment of services | |||
* nicely encapsulated services, no issues with dependency as the container has them installed already | |||
* more security through encapsulation, add even more whith running containers as different users | |||
* easy upgradeable, just pull the newer image and start the container with that | |||
==== Why not? ==== | |||
* needs some learning, concept is a bit different to bare metal installs | |||
==== Docker vs VM ==== | |||
* https://www.freecodecamp.org/news/docker-vs-vm-key-differences-you-should-know/ | |||
* in case of MSG, there are no VM's involved (afaik all services are installed bare metal), but encapsulation is still be a great benefit | |||
==== docker run vs docker compose run ==== | |||
* containers can be run "just" with a simple cli command, e.g. <code>docker run hello-world</code> | |||
** this is nice for quick tests | |||
** but will get overwhelming as soon as more containers and parameters are involved | |||
* docker compose uses yaml files (docker-compose.yml / compose.yml) https://docs.docker.com/compose/compose-file/ | |||
** <code>cd</code> to the folder where the compose file lies and run with <code>sudo docker compose up -d</code> (-d to run in background) | |||
** all applications/services are defined in these compose files | |||
** this allows for reproducible containers on any host | |||
*** if a host dies, just use the same compose file to spin the service up on another host and it will have the same settings | |||
*** '''persistent''' volumes/data still need to be copied/backuped | |||
* we won't go into build files, which are used to create your own containers | |||
===== Where to put the compose file and persistent data? ===== | |||
If you search the web, there are several opinions about this :) | |||
Generally it doesn't matter that much where you put those, as long the file permissions are set correctly. | |||
Some mentioned locations are: home directory, /opt/docker, /srv/docker | |||
Preference: | |||
* <code>/srv/docker/[SERVICE-STACK_NAME]</code> | |||
'''Most important''' is, that the compose files and persistent data are backuped, as it should be the case for any other application. | |||
==== Persistent vs Non-Persistent Data ==== | |||
In a gist: | |||
* '''non-persistent''' data is completely replaceable and does not need to be kept | |||
** container images (in a sence, the "logic" of a service) | |||
*** if an application needs an update, usually just a new release of the image can be pulled, which makes tedious manual updating obsolete | |||
** some services can be run completely non persistent: Redis, Adminer (simple webui for SQL DB's) | |||
* probably the bulk of services needs '''persistent''' storage, which '''should be backuped''' (as in any other non containerized service) | |||
** compose files (define the services and some configuration, depending how the container was made) | |||
** internal config files (many containerized services still use their existing config files) | |||
** application/user data (e.g. your uploaded files in Nextcloud, website data that is served by NGINX/Apache, sites made in Moodle) | |||
** docker offers different volume types for persistency: https://docs.docker.com/storage/volumes/ | |||
*** we'll mostly use bind mounts which are easier to access and backup | |||
=== Common CLI Commands === | |||
* CLI reference: https://docs.docker.com/engine/reference/commandline/cli/ | |||
Some useful commands for daily tasks (use <code>sudo</code> depending on how docker was installed) | |||
Check status of containers and see container names and IDs | |||
* <code>sudo docker ps</code> | |||
* <code>sudo docker ps -a</code> (also shows stopped containers) | |||
Check logs of a specific container | |||
* <code>sudo docker logs -f [CONTAINER_ID/NAME]</code> | |||
** <code>-f</code> to follow new lines | |||
*show logs of all containers of a compose stack | |||
**<code>cd</code> to compose folder | |||
**<code>sudo docker compose logs -f</code> | |||
Start containers | |||
* <code>sudo docker run [CONTAINER_NAME]</code> | |||
* compose | |||
** <code>cd</code> to compose folder | |||
** <code>sudo docker compose up -d</code> | |||
Stop containers | |||
* <code>sudo docker stop [CONTAINER_ID/NAME]</code> | |||
* stop all containers of a compose stack | |||
** <code>cd</code> to compose folder | |||
** <code>sudo docker compose down</code> | |||
Restart containers | |||
* <code>sudo docker restart [CONTAINER_ID/NAME]</code> | |||
* restart all containers of a compose stack | |||
** <code>cd</code> to compose folder | |||
** <code>sudo docker compose restart</code> | |||
Update containers | |||
* compose | |||
** <code>cd</code> to compose folder | |||
** change the image tag in the compose file to the version you want to upgrade to, or use the latest tag | |||
** <code>sudo docker compose pull</code> (all containers from stack) | |||
** <code>sudo docker compose pull [CONTAINER_NAME]</code> (pull only the specified containers, leave space for multiple) | |||
** <code>sudo docker compose up -d</code> | |||
** <code>sudo docker ps</code> to check if containers are running | |||
** <code>sudo docker compose logs -f</code> to check for errors in the logs | |||
=== Installation === | |||
==== Manually ==== | |||
* https://docs.docker.com/engine/install/ubuntu/ | |||
==== Ansible Playbook ==== | |||
* [[IT/Software/Ansible#Execute Playbooks|how to run playbooks]] | |||
* ssh enabled on host <code>sudo apt update && sudo apt install openssh-server -y</code> | |||
* https://github.com/stefannyffenegger/automation/blob/main/ansible/pb_prompt_install-docker.yml | |||
==== Offline Manually ==== | |||
Install docker and docker-compose: | Install docker and docker-compose: | ||
If you always want to automatically get the latest version of Docker on Ubuntu, you must add its official repository to Ubuntu system. To do that, run the commands below to install prerequisite packages: | If you always want to automatically get the latest version of Docker on Ubuntu, you must add its official repository to Ubuntu system. To do that, run the commands below to install prerequisite packages: | ||
sudo apt update | <code>sudo apt update</code> | ||
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common | |||
<code>sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common</code> | |||
Next, run the commands below to download and install Docker’s official GPG key. The key is used to validate packages installed from Docker’s repository making sure they’re trusted. | Next, run the commands below to download and install Docker’s official GPG key. The key is used to validate packages installed from Docker’s repository making sure they’re trusted. | ||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | <code>curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -</code> | ||
sudo apt-key fingerprint 0EBFCD88 | |||
<code>sudo apt-key fingerprint 0EBFCD88</code> | |||
Now that the official GPG key is installed, run the commands below to add its stable repository to Ubuntu. To add the nightly or test repository, add the word nightly or test (or both) after the word stable in the commands below. | Now that the official GPG key is installed, run the commands below to add its stable repository to Ubuntu. To add the nightly or test repository, add the word nightly or test (or both) after the word stable in the commands below. | ||
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | <code>sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"</code> | ||
After this command, Docker’s official GPG and repository should be installed on Ubuntu. | After this command, Docker’s official GPG and repository should be installed on Ubuntu. | ||
If you have older versions of Docker, run the commands below to remove them: | If you have older versions of Docker, run the commands below to remove them: | ||
sudo apt-get remove docker docker-engine docker.io containerd runc | <code>sudo apt-get remove docker docker-engine docker.io containerd runc</code> | ||
When you have removed all the previous versions of Docker, run the commands below to install the latest and current stable version of Docker: | When you have removed all the previous versions of Docker, run the commands below to install the latest and current stable version of Docker: | ||
sudo apt-get install docker-ce docker-ce-cli containerd.io | <code>sudo apt-get install docker-ce docker-ce-cli containerd.io</code> | ||
This will install Docker software on Ubuntu. | This will install Docker software on Ubuntu. | ||
Add your account, for most cases it will be ubuntu, to Docker group and restart: | Add your account, for most cases it will be ubuntu, to Docker group and restart: | ||
sudo usermod -aG docker $USER | <code>sudo usermod -aG docker $USER</code> | ||
Reboot your instance: | Reboot your instance: | ||
sudo reboot | <code>sudo reboot</code> | ||
To verify that Docker CE is installed correctly you can run the hello-world image: | To verify that Docker CE is installed correctly you can run the hello-world image: | ||
sudo docker run hello-world | <code>sudo docker run hello-world</code> | ||
If Docker is installed correctly you will see the following response: | If Docker is installed correctly you will see the following response: | ||
Line 36: | Line 167: | ||
Then you need to install docker-compose. This makes it easier for you to install containers on docker. | Then you need to install docker-compose. This makes it easier for you to install containers on docker. | ||
To install it, run the commands below to download version 1.26.0. As of this writing, this was the current version. | To install it, run the commands below to download version 1.26.0. As of this writing, this was the current version. | ||
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | <code>sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose</code> | ||
After downloading it, run the commands below to apply executable permissions to the binary file and create a symbolic link to /usr/binary | After downloading it, run the commands below to apply executable permissions to the binary file and create a symbolic link to /usr/binary | ||
sudo chmod +x /usr/local/bin/docker-compose | <code>sudo chmod +x /usr/local/bin/docker-compose</code> | ||
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose | <code>sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose</code> | ||
Now, Docker Compose should work. To test it, we will run the command below: | Now, Docker Compose should work. To test it, we will run the command below: | ||
docker-compose --version | <code>docker-compose --version</code> | ||
You should see similar output as below: | You should see similar output as below: | ||
Line 51: | Line 182: | ||
Source: https://docs.fuga.cloud/how-to-install-portainer-docker-ui-manager-on-ubuntu-20.04-18.04-16.04 | Source: https://docs.fuga.cloud/how-to-install-portainer-docker-ui-manager-on-ubuntu-20.04-18.04-16.04 | ||
=== Containers === | |||
==== In use ==== | |||
* Portainer: [[IT/Software/Portainer|Wiki article]] | |||
* Octoprint: [[IT/Software/Octoprint|Wiki article]] | |||
==== Potential use ==== | |||
* Nextcloud, MariaDB, Redis (existing data and config can be mounted over bind mount) | |||
* NGINX / Apache with reverse proxy, e.g. SWAG (based on NGINX, with certbot and fail2ban included) or Traefik | |||
* Moodle | |||
* ... | |||
* Interesting Docker projects: [[IT/Experimental/Docker|Wiki article]] |
Latest revision as of 07:31, 7 November 2024
Docker
General Notes
Natively docker doesn't come with a web UI, but there are several projects that can offer that functionality, e.g.
- Portainer (so far the "go to" for docker UI's)
- Dockge (a quite new project)
Nonetheless some basics are recommended :)
What for?
- fast and reproducible deployment of services
- nicely encapsulated services, no issues with dependency as the container has them installed already
- more security through encapsulation, add even more whith running containers as different users
- easy upgradeable, just pull the newer image and start the container with that
Why not?
- needs some learning, concept is a bit different to bare metal installs
Docker vs VM
- https://www.freecodecamp.org/news/docker-vs-vm-key-differences-you-should-know/
- in case of MSG, there are no VM's involved (afaik all services are installed bare metal), but encapsulation is still be a great benefit
docker run vs docker compose run
- containers can be run "just" with a simple cli command, e.g.
docker run hello-world
- this is nice for quick tests
- but will get overwhelming as soon as more containers and parameters are involved
- docker compose uses yaml files (docker-compose.yml / compose.yml) https://docs.docker.com/compose/compose-file/
cd
to the folder where the compose file lies and run withsudo docker compose up -d
(-d to run in background)- all applications/services are defined in these compose files
- this allows for reproducible containers on any host
- if a host dies, just use the same compose file to spin the service up on another host and it will have the same settings
- persistent volumes/data still need to be copied/backuped
- we won't go into build files, which are used to create your own containers
Where to put the compose file and persistent data?
If you search the web, there are several opinions about this :)
Generally it doesn't matter that much where you put those, as long the file permissions are set correctly.
Some mentioned locations are: home directory, /opt/docker, /srv/docker
Preference:
/srv/docker/[SERVICE-STACK_NAME]
Most important is, that the compose files and persistent data are backuped, as it should be the case for any other application.
Persistent vs Non-Persistent Data
In a gist:
- non-persistent data is completely replaceable and does not need to be kept
- container images (in a sence, the "logic" of a service)
- if an application needs an update, usually just a new release of the image can be pulled, which makes tedious manual updating obsolete
- some services can be run completely non persistent: Redis, Adminer (simple webui for SQL DB's)
- container images (in a sence, the "logic" of a service)
- probably the bulk of services needs persistent storage, which should be backuped (as in any other non containerized service)
- compose files (define the services and some configuration, depending how the container was made)
- internal config files (many containerized services still use their existing config files)
- application/user data (e.g. your uploaded files in Nextcloud, website data that is served by NGINX/Apache, sites made in Moodle)
- docker offers different volume types for persistency: https://docs.docker.com/storage/volumes/
- we'll mostly use bind mounts which are easier to access and backup
Common CLI Commands
- CLI reference: https://docs.docker.com/engine/reference/commandline/cli/
Some useful commands for daily tasks (use sudo
depending on how docker was installed)
Check status of containers and see container names and IDs
sudo docker ps
sudo docker ps -a
(also shows stopped containers)
Check logs of a specific container
sudo docker logs -f [CONTAINER_ID/NAME]
-f
to follow new lines
- show logs of all containers of a compose stack
cd
to compose foldersudo docker compose logs -f
Start containers
sudo docker run [CONTAINER_NAME]
- compose
cd
to compose foldersudo docker compose up -d
Stop containers
sudo docker stop [CONTAINER_ID/NAME]
- stop all containers of a compose stack
cd
to compose foldersudo docker compose down
Restart containers
sudo docker restart [CONTAINER_ID/NAME]
- restart all containers of a compose stack
cd
to compose foldersudo docker compose restart
Update containers
- compose
cd
to compose folder- change the image tag in the compose file to the version you want to upgrade to, or use the latest tag
sudo docker compose pull
(all containers from stack)sudo docker compose pull [CONTAINER_NAME]
(pull only the specified containers, leave space for multiple)sudo docker compose up -d
sudo docker ps
to check if containers are runningsudo docker compose logs -f
to check for errors in the logs
Installation
Manually
Ansible Playbook
- how to run playbooks
- ssh enabled on host
sudo apt update && sudo apt install openssh-server -y
- https://github.com/stefannyffenegger/automation/blob/main/ansible/pb_prompt_install-docker.yml
Offline Manually
Install docker and docker-compose:
If you always want to automatically get the latest version of Docker on Ubuntu, you must add its official repository to Ubuntu system. To do that, run the commands below to install prerequisite packages:
sudo apt update
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
Next, run the commands below to download and install Docker’s official GPG key. The key is used to validate packages installed from Docker’s repository making sure they’re trusted.
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo apt-key fingerprint 0EBFCD88
Now that the official GPG key is installed, run the commands below to add its stable repository to Ubuntu. To add the nightly or test repository, add the word nightly or test (or both) after the word stable in the commands below.
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
After this command, Docker’s official GPG and repository should be installed on Ubuntu.
If you have older versions of Docker, run the commands below to remove them:
sudo apt-get remove docker docker-engine docker.io containerd runc
When you have removed all the previous versions of Docker, run the commands below to install the latest and current stable version of Docker:
sudo apt-get install docker-ce docker-ce-cli containerd.io
This will install Docker software on Ubuntu.
Add your account, for most cases it will be ubuntu, to Docker group and restart:
sudo usermod -aG docker $USER
Reboot your instance:
sudo reboot
To verify that Docker CE is installed correctly you can run the hello-world image:
sudo docker run hello-world
If Docker is installed correctly you will see the following response: Response: Hello from Docker! This message shows that your installation appears to be working correctly.
Then you need to install docker-compose. This makes it easier for you to install containers on docker.
To install it, run the commands below to download version 1.26.0. As of this writing, this was the current version.
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
After downloading it, run the commands below to apply executable permissions to the binary file and create a symbolic link to /usr/binary
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
Now, Docker Compose should work. To test it, we will run the command below:
docker-compose --version
You should see similar output as below: Response: docker-compose version 1.24.0, build 0aa59064
Source: https://docs.fuga.cloud/how-to-install-portainer-docker-ui-manager-on-ubuntu-20.04-18.04-16.04
Containers
In use
- Portainer: Wiki article
- Octoprint: Wiki article
Potential use
- Nextcloud, MariaDB, Redis (existing data and config can be mounted over bind mount)
- NGINX / Apache with reverse proxy, e.g. SWAG (based on NGINX, with certbot and fail2ban included) or Traefik
- Moodle
- ...
- Interesting Docker projects: Wiki article