Docker Setup - sakaki-/gentoo-on-rpi-64bit GitHub Wiki

This is just a quick run through on setting up docker and a Gui on the rpi under gentoo

Install

First to install docker from the command line as root

emerge app-emulation/docker
emerge app-emulation/docker-compose

Next to start it up (assuming we're using openrc)

# Start the service
/etc/init.d/docker start
# Add to default run level
rc-update add docker default

Kernel Configuration

In some cases we need to turn on some kernel options and rebuild the kernel. There is a script that can be used to check if the correct options are switched on.

/usr/share/docker/contrib/check-config.sh

However something to be aware of is that with newer kernel's they sometimes change the config option names. So you may get a False Positive on a missing configuration entry.

Kernel Config Options

  • CONFIG_MEMCG_SWAP General Setup -> Control Group support -> Swap controller
  • CONFIG_MEMCG_SWAP_ENABLED General Setup -> Control Group support -> Swap controller enabled by default
  • CONFIG_CGROUP_PERF General Setup -> Control Group support -> Perf controller
  • CONFIG_CFS_BANDWIDTH General Setup -> Control Group support -> CPU Controller -> CPU Bandwidth provisioning for FAIR_GROUP_SCHED
  • CONFIG_RT_GROUP_SCHED General Setup -> Control Group support -> CPU Controller -> Group scheduling for SCHED_RR/FIFO
  • CONFIG_HUGETLBFS File systems -> Pseudo filesystems -> HugeTLB file system support
  • CONFIG_CGROUP_HUGETLB General Setup -> Control Group support -> HugeTLB controller

Renamed in newer kernels

These were renamed in the latest kernel so isn't picked up by the docker script

  • CONFIG_NF_NAT_IPV4 has moved to CONFIG_IP_NF_NAT
  • CONFIG_NF_NAT_NEEDED has moved to CONFIG_NF_NAT

Depreciated Config Options

  • CONFIG_INET_XFRM_MODE_TRANSPORT I think this is IPsec transport mode which is depreciated in 5.4 kernels https://wiki.ubuntu.com/Kernel/Reference/IOSchedulers
  • Non-multiqueue IO schedulers are not longer supported in linux 5.3 and onwards CONFIG_IOSCHED_CFQ CONFIG_CFQ_GROUP_IOSCHED

Not preset within the default kernel

  • CONFIG_AUFS_FS This can be ignored as it was used for docker 18.06 and older, overlay2 is now preffered which is built into the kernel
  • ZFS This isn't included with the linux kernel by default due to it being licenced under the CDDL licence

Docker Configuration

Daemon Configuration

For the docker daemon configuration I've found it's best to first create a new file of /etc/docker/daemon.json

{
 "data-root": "/mnt/vol2/var/docker",
 "bridge": "none",
 "default-address-pools":
 [
  {"base":"10.100.0.0/16","size":24}
 ]
}
  • The data-root represents where we are storing the data for docker images / containers etc.
  • The "bridge": "none" line disables the default network bridge (I'll get to why below)
  • The default-address-pools is the range of IP subnets to use when creating new networks and a subnet is not specified.

In order for this configuration file to be used, edit the /etc/conf.d/docker file and set the following.

DOCKER_OPTS="--config-file /etc/docker/daemon.json"

To restart docker

/etc/init.d/docker restart

Network Configuration

I've found it's better to disable the default network bridge with docker and to just create a user defined one instead. There's a few different reasons for doing this

  • The default bridge is now considered legacy
  • By default the default docker bridge will try to use docker0 as the bridge name. this will conflict if you try to run multiple docker daemons at the same time. the user created networks on the other hand tend to take on a unique name of something like br-1e31d1f1a2ec for the bridge name.
  • You get the added bonus of dns resolution between containers on a user network, which avoids the need for ip address's if you're not using stacks.

To create a new user network that we can use similar to the old default bridge we turned off.

docker network create --driver=bridge --subnet=10.100.0.0/24 --gateway=10.100.0.1 defnet \
-o "com.docker.network.bridge.enable_ip_masquerade"="true" \
-o "com.docker.network.bridge.enable_icc"="true" \
-o "com.docker.network.bridge.host_binding_ipv4"="0.0.0.0" \
-o "com.docker.network.driver.mtu"="1500"

The only downside is that you need to make sure you use --network=defnet when setting up new containers. For inbuilt docker dns see "docker embedded dns" on google.

Basic Test

To show information about docker

docker info

To do a basic test to check we can deploy a docker image

docker run --rm hello-world

Gui Setup

Portainer

One of the best Gui's for docker is Portainer which is a web base UI for managing docker containers. In order to install it we need to deploy it as a docker container to the server.

docker volume create portainer_data
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --network=defnet --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce

Note the above is for the newer version2. We should now be able to access the UI via the web on port 9000

  • http://DOCKER_HOST:9000

It should prompt for the creation of a new admin user, so set one up. And when asked click on the Local / Continue option for which docker server to manage