Difference between revisions of "Docker"

From Univention Wiki

Jump to: navigation, search
 
(11 intermediate revisions by 3 users not shown)
Line 6: Line 6:
  
 
== Installation ==
 
== Installation ==
 
+
docker is part of UCS since UCS 4.0-2. It can be installed with the following command
docker packages can be installed with the following commands
 
 
<source lang=bash>
 
<source lang=bash>
ucr set repository/online/component/docker=enabled \
 
        repository/online/component/docker/unmaintained=enabled
 
 
univention-install docker.io
 
univention-install docker.io
 
</source>
 
</source>
Line 16: Line 13:
 
After that, docker is ready to use:
 
After that, docker is ready to use:
 
<pre>
 
<pre>
~# docker  
+
~# docker -v
Usage: docker [OPTIONS] COMMAND [arg...]
+
Docker version 1.3.2, build 39fa2fa
 +
</pre>
 +
 
 +
= Using UCS docker images =
 +
 
 +
Univention provides several docker images: https://registry.hub.docker.com/u/univention/.
 +
 
 +
== Setup a generic UCS system via docker ==
 +
 
 +
A generic UCS docker image can be downloaded by the following command
 +
<pre>
 +
docker pull univention/ucs-generic-amd64:4.0-1
 +
</pre>
 +
 
 +
Then, a new UCS docker container can be started in the following way
 +
<pre>
 +
docker run -d -e rootpwd=univention --hostname=dockertest \
 +
  --name=dockertest_container \
 +
    -p 8011:80 univention/ucs-generic-amd64:4.0-1 /sbin/init
 +
</pre>
 +
 
 +
A shell in the docker container can be started by
 +
<pre>
 +
docker exec -it dockertest_container /bin/bash
 +
</pre>
 +
 
 +
The started docker container can easily be configured through the web based appliance setup wizard. In the example above the port 8011 of the docker host is redirected to the port 80 of the container. Thus, the HTTP port of the docker container can reached by typing http://<IP of the docker host>:8011.
 +
 
 +
== Setup a DC master via docker ==
 +
 
 +
The first UCS system must always be a domaincontroller master. Univention provides pre-defined images for this setup which can be downloaded by the following command:
 +
<pre>
 +
docker pull univention/ucs-master-amd64:4.0-1
 +
</pre>
 +
 
 +
The new UCS docker container can be started in the following way
 +
<pre>
 +
docker run -d -e rootpwd=univention --hostname=master --name=master \
 +
    -p 8011:80 univention/ucs-master-amd64:4.0-1 /sbin/init
 +
</pre>
  
A self-sufficient runtime for linux containers.
+
The started docker container is available after some seconds and can be configured through the web based appliance setup wizard. In the example above the port 8011 of the docker host is redirected to the port 80 of the container. Thus, the HTTP port of the docker container can reached by typing http://<IP of the docker host>:8011.
 +
Alternatively, the container can be configured automatically configured via a  [http://docs.univention.de/installation-4.0.html#appliance:use:auto:profile profile file]
  
Options:
+
== Setup a DC slave via docker ==
  --api-enable-cors=false                Enable CORS headers in the remote API
 
  -b, --bridge=""                        Attach containers to a pre-existing network bridge
 
                                          use 'none' to disable container networking
 
  --bip=""                              Use this CIDR notation address for the network bridge's IP, not compatible with -b
 
  -D, --debug=false                      Enable debug mode
 
  -d, --daemon=false                    Enable daemon mode
 
  --dns=[]                              Force Docker to use specific DNS servers
 
  --dns-search=[]                        Force Docker to use specific DNS search domains
 
  -e, --exec-driver="native"            Force the Docker runtime to use a specific exec driver
 
  --fixed-cidr=""                        IPv4 subnet for fixed IPs (ex: 10.20.0.0/16)
 
                                          this subnet must be nested in the bridge subnet (which is defined by -b or --bip)
 
  -G, --group="docker"                  Group to assign the unix socket specified by -H when running in daemon mode
 
                                          use '' (the empty string) to disable setting of a group
 
  -g, --graph="/var/lib/docker"          Path to use as the root of the Docker runtime
 
  -H, --host=[]                          The socket(s) to bind to in daemon mode or connect to in client mode, specified using one or more tcp://host:port,
 
                                        unix:///path/to/socket, fd://* or fd://socketfd.
 
  --icc=true                            Enable inter-container communication
 
  --insecure-registry=[]                Enable insecure communication with specified registries (no certificate verification for HTTPS and enable HTTP
 
                                        fallback) (e.g., localhost:5000 or 10.20.0.0/16)
 
  --ip=0.0.0.0                          Default IP address to use when binding container ports
 
  --ip-forward=true                      Enable net.ipv4.ip_forward
 
  --ip-masq=true                        Enable IP masquerading for bridge's IP range
 
  --iptables=true                        Enable Docker's addition of iptables rules
 
  --mtu=0                                Set the containers network MTU
 
                                          if no value is provided: default to the default route MTU or 1500 if no default route is available
 
  -p, --pidfile="/var/run/docker.pid"    Path to use for daemon PID file
 
  --registry-mirror=[]                  Specify a preferred Docker registry mirror
 
  -s, --storage-driver=""                Force the Docker runtime to use a specific storage driver
 
  --selinux-enabled=false                Enable selinux support. SELinux does not presently support the BTRFS storage driver
 
  --storage-opt=[]                      Set storage driver options
 
  --tls=false                            Use TLS; implied by tls-verify flags
 
  --tlscacert="/root/.docker/ca.pem"    Trust only remotes providing a certificate signed by the CA given here
 
  --tlscert="/root/.docker/cert.pem"    Path to TLS certificate file
 
  --tlskey="/root/.docker/key.pem"      Path to TLS key file
 
  --tlsverify=false                      Use TLS and verify the remote (daemon: verify client, client: verify daemon)
 
  -v, --version=false                    Print version information and quit
 
  
Commands:
+
Some apps need a local running OpenLDAP server. For this case, Univention provides pre-defined DC slave images which can be downloaded by the following command:
    attach    Attach to a running container
+
<pre>
    build    Build an image from a Dockerfile
+
docker pull univention/ucs-slave-amd64:4.0-1
    commit    Create a new image from a container's changes
+
</pre>
    cp        Copy files/folders from a container's filesystem to the host path
 
    create    Create a new container
 
    diff      Inspect changes on a container's filesystem
 
    events    Get real time events from the server
 
    exec      Run a command in an existing container
 
    export    Stream the contents of a container as a tar archive
 
    history  Show the history of an image
 
    images   List images
 
    import    Create a new filesystem image from the contents of a tarball
 
    info      Display system-wide information
 
    inspect  Return low-level information on a container
 
    kill      Kill a running container
 
    load      Load an image from a tar archive
 
    login    Register or log in to a Docker registry server
 
    logout    Log out from a Docker registry server
 
    logs      Fetch the logs of a container
 
    port      Lookup the public-facing port that is NAT-ed to PRIVATE_PORT
 
    pause    Pause all processes within a container
 
    ps        List containers
 
    pull      Pull an image or a repository from a Docker registry server
 
    push      Push an image or a repository to a Docker registry server
 
    restart  Restart a running container
 
    rm        Remove one or more containers
 
    rmi      Remove one or more images
 
    run      Run a command in a new container
 
    save      Save an image to a tar archive
 
    search    Search for an image on the Docker Hub
 
    start    Start a stopped container
 
    stop      Stop a running container
 
    tag      Tag an image into a repository
 
    top      Lookup the running processes of a container
 
    unpause  Unpause a paused container
 
    version  Show the Docker version information
 
    wait      Block until a container stops, then print its exit code
 
  
Run 'docker COMMAND --help' for more information on a command.
+
The new UCS docker container can be started in the following way
 +
<pre>
 +
docker run -d -e rootpwd=univention --hostname=slave --name=slave \
 +
    -p 8012:80 univention/ucs-slave-amd64:4.0-1 /sbin/init
 
</pre>
 
</pre>
 +
 +
The started docker container is available after some seconds and can be configured through the web based appliance setup wizard. In the example above the port 8012 of the docker host is redirected to the port 80 of the container. Thus, the HTTP port of the docker container can reached by typing http://<IP of the docker host>:8012.
 +
Alternatively, the container can be configured automatically configured via a  [http://docs.univention.de/installation-4.0.html#appliance:use:auto:profile profile file]
 +
 +
== Setup a member server via docker ==
 +
 +
Most applications use the system role member server which doesn't use a local OpenLDAP server. Univention provides pre-defined images for this setup which can be downloaded by the following command:
 +
<pre>
 +
docker pull univention/ucs-member-amd64:4.0-1
 +
</pre>
 +
 +
The new UCS docker container can be started in the following way
 +
<pre>
 +
docker run -d -e rootpwd=univention --hostname=member --name=member \
 +
    -p 8013:80 univention/ucs-member-amd64:4.0-1 /sbin/init
 +
</pre>
 +
 +
The started docker container is available after some seconds and can be configured through the web based appliance setup wizard. In the example above the port 8013 of the docker host is redirected to the port 80 of the container. Thus, the HTTP port of the docker container can reached by typing http://<IP of the docker host>:8013.
 +
Alternatively, the container can be configured automatically configured via a  [http://docs.univention.de/installation-4.0.html#appliance:use:auto:profile profile file]
 +
 +
= Building Univention UCS docker images =
 +
 +
Über docker.knut.univention.de oder
 +
* http://jenkins.knut.univention.de:8080/job/Mitarbeiter/job/Arvid%20Requate/
 +
 +
= Docker first steps =
 +
# List images <pre>docker images</pre>
 +
# List running containers <pre>docker ps</pre>
 +
# Get shell <pre>docker exec -it member /bin/bash</pre>
 +
# Restart a container <pre>docker restart member</pre>
 +
  
 
[[Category:Development]]
 
[[Category:Development]]
 +
<!--[[Category:Docker]]-->

Latest revision as of 12:21, 4 November 2016

Produktlogo UCS Version 4.0

Docker with UCS

Docker is an open-source project that automates the deployment of applications inside software containers.

Installation

docker is part of UCS since UCS 4.0-2. It can be installed with the following command

univention-install docker.io

After that, docker is ready to use:

~# docker -v
Docker version 1.3.2, build 39fa2fa

Using UCS docker images

Univention provides several docker images: https://registry.hub.docker.com/u/univention/.

Setup a generic UCS system via docker

A generic UCS docker image can be downloaded by the following command

docker pull univention/ucs-generic-amd64:4.0-1

Then, a new UCS docker container can be started in the following way

docker run -d -e rootpwd=univention --hostname=dockertest \
   --name=dockertest_container \
    -p 8011:80 univention/ucs-generic-amd64:4.0-1 /sbin/init

A shell in the docker container can be started by

docker exec -it dockertest_container /bin/bash

The started docker container can easily be configured through the web based appliance setup wizard. In the example above the port 8011 of the docker host is redirected to the port 80 of the container. Thus, the HTTP port of the docker container can reached by typing http://<IP of the docker host>:8011.

Setup a DC master via docker

The first UCS system must always be a domaincontroller master. Univention provides pre-defined images for this setup which can be downloaded by the following command:

docker pull univention/ucs-master-amd64:4.0-1

The new UCS docker container can be started in the following way

docker run -d -e rootpwd=univention --hostname=master --name=master \
    -p 8011:80 univention/ucs-master-amd64:4.0-1 /sbin/init

The started docker container is available after some seconds and can be configured through the web based appliance setup wizard. In the example above the port 8011 of the docker host is redirected to the port 80 of the container. Thus, the HTTP port of the docker container can reached by typing http://<IP of the docker host>:8011. Alternatively, the container can be configured automatically configured via a profile file

Setup a DC slave via docker

Some apps need a local running OpenLDAP server. For this case, Univention provides pre-defined DC slave images which can be downloaded by the following command:

docker pull univention/ucs-slave-amd64:4.0-1

The new UCS docker container can be started in the following way

docker run -d -e rootpwd=univention --hostname=slave --name=slave \
    -p 8012:80 univention/ucs-slave-amd64:4.0-1 /sbin/init

The started docker container is available after some seconds and can be configured through the web based appliance setup wizard. In the example above the port 8012 of the docker host is redirected to the port 80 of the container. Thus, the HTTP port of the docker container can reached by typing http://<IP of the docker host>:8012. Alternatively, the container can be configured automatically configured via a profile file

Setup a member server via docker

Most applications use the system role member server which doesn't use a local OpenLDAP server. Univention provides pre-defined images for this setup which can be downloaded by the following command:

docker pull univention/ucs-member-amd64:4.0-1

The new UCS docker container can be started in the following way

docker run -d -e rootpwd=univention --hostname=member --name=member \
    -p 8013:80 univention/ucs-member-amd64:4.0-1 /sbin/init

The started docker container is available after some seconds and can be configured through the web based appliance setup wizard. In the example above the port 8013 of the docker host is redirected to the port 80 of the container. Thus, the HTTP port of the docker container can reached by typing http://<IP of the docker host>:8013. Alternatively, the container can be configured automatically configured via a profile file

Building Univention UCS docker images

Über docker.knut.univention.de oder

Docker first steps

  1. List images
    docker images
  2. List running containers
    docker ps
  3. Get shell
    docker exec -it member /bin/bash
  4. Restart a container
    docker restart member
Personal tools