ref : https://docs.docker.com/engine/reference/commandline/dockerd/#linux-configuration-file


/etc/docker/daemon.json



/lib/systemd/system/docker.service




######### docker image save(tar.gz) and load 


특정 이미지 downlaod


$ docker pull centos:7.3.1611


받은 이미지를 tar.gz 로 변환 

( https://docs.docker.com/engine/reference/commandline/image_save/ )

$ docker image save -o centos7.3.1611.tar.gz centos:7.3.1611


tar.gz 를 load


$ docker image load -i centos7.3.1611.tar.gz


######### docker image save(tar.gz) and load 




“Error: open /tmp/docker-import-123456789/repo/bin/json: no such file or directory”


https://arvimal.wordpress.com/2014/08/16/error-open-tmpdocker-import-repobinjson-no-such-file-or-directory/



$ cat trac_2016.tar.gz | docker import - trac






change (using keyserver.ubuntu.com:80 )

from

apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

to

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D



docker run --privileged -it --name dind -d jpetazzo/dind



https://github.com/jpetazzo/pipework



git clone https://github.com/jpetazzo/pipework.git

./pipework eth2 dind udhcpc

or

./pipework em1 chozo99 192.168.10.240/24@192.168.10.254



시간 변경

http://askubuntu.com/questions/138423/how-do-i-change-my-timezone-to-utc-gmt

dpkg-reconfigure tzdata







sysctl kernel.core_pattern=core.%e.%p

docker run -d --ulimit core=-1 --privileged=true 




Android

https://registry.hub.docker.com/u/aerath/docker-android-x86/dockerfile/

RUN cd android-sdk-linux/tools/;./android -s update sdk --no-ui --filter 1,2,3,10,19,20,22,40,42,60,61,65,79,80,102,103,112,113,118,119,120,121,122,123,124




https://github.com/jpetazzo/pipework/#connect-a-container-to-a-local-physical-interface


docker run --name chozo99 --rm -it ubuntu bash

sudo ./pipework eth0 chozo99 192.168.15.250/24@192.168.15.254



Virtualbox

If you use VirtualBox, you will have to update your VM network settings. Open the settings panel for the VM, go the the "Network" tab, pull down the "Advanced" settings. Here, the "Adapter Type" should be pcnet (the full name is something like "PCnet-FAST III"), instead of the default e1000 (Intel PRO/1000). Also, "Promiscuous Mode" should be set to "Allow All". If you don't do that, bridged containers won't work, because the virtual NIC will filter out all packets with a different MAC address.



https://github.com/docker/docker/issues/11432


아래는 docker_1.5 dev 버전 기준..( commit 52f6da223839a5ac1fc003b259b74f6a02fc2858 )


아래 디렉토리의 모든 디렉토리를 지운다.

/var/lib/docker/execdriver/native


컨테이너중 running 이라면 해당 컨테이너의 ID 폴더가 있는게 정상이지만,

모든 컨테이너가 중지 되어 있다면, 모두 삭제 되어야함.






port forwading

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html

http://serverfault.com/questions/342407/linux-how-to-port-forwarding-with-iptables-between-2-hosts-on-different-network


mysql server 실행

docker run --name chozo99 --rm -e MYSQL_ROOT_PASSWORD=**** mysql:5.5


docker inspect --format '{{ .NetworkSettings.IPAddress }}' chozo99


local 에서 mysql 접속...

mysql --host=`docker inspect --format '{{ .NetworkSettings.IPAddress }}' chozo99` -uroot -p'****' mysql


외부에서 접속시 포트개방

$ echo 1 > /proc/sys/net/ipv4/ip_forward


$ iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3306 -j DNAT \

      --to `docker inspect --format '{{ .NetworkSettings.IPAddress }}' chozo99`:3306

$ iptables -t nat  -A POSTROUTING -j MASQUERADE


reference

iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 3306 -j DNAT \

      --to `docker inspect --format '{{ .NetworkSettings.IPAddress }}' chozo99`:3306

$ iptables -t nat -D POSTROUTING -j MASQUERADE


iptables -t nat -L PREROUTING  -n --line-numbers

iptables -t nat -D PREROUTING 2






http://blog.docker.com/2013/07/how-to-use-your-own-registry/

https://github.com/docker/docker-registry


0. https://github.com/docker/docker-registry  설치

$ docker run -p 5000:5000 registry 

or

$ docker run --name my_registry -p 5000:5000 -v /my_storage/registry:/tmp/registry registry



1. 해당 이미지의 IMAGE ID 확인

$ docker images 

REPOSITORY                 TAG                 IMAGE ID            CREATED             VIRTUAL SIZE

1234                       latest              40e372dbf7a1        23 hours ago        780.6 MB


2. tag

ps. 푸시 할때 REPOSITORY 를 이용하므로 자신의 repository 주소를 포함한 이름으로 수정 해야함.

이름작성시 domain 구분자(.) 또는  port 구분자(:) 가 있어야함

일반적으로 REPOSITORY 는 username/imagename

따라서 REPOSITORY 를 보고 Public 인지 판단.


$ docker tag 40e372dbf7a1 192.168.20.211:5000/1234

$ docker  images 

REPOSITORY                 TAG                 IMAGE ID            CREATED             VIRTUAL SIZE

1234                       latest              40e372dbf7a1        22 hours ago        780.6 MB

192.168.20.211:5000/1234   latest              40e372dbf7a1        22 hours ago        780.6 MB


3. push

$ docker push 192.168.20.211:5000/1234


4. Search

$ docker search 192.168.20.211:5000/123

NAME           DESCRIPTION   STARS     OFFICIAL   AUTOMATED

library/1234                 0                    

or

$ curl -X GET http://192.168.20.211:5000/v1/search

{"num_results": 1, "query": "", "results": [{"description": "", "name": "library/1234"}]}

-----

$ curl -X GET http://192.168.20.211:5000/v1/search | python -m json.tool

{

    "num_results": 1,

    "query": "",

    "results": [

        {

            "description": "",

            "name": "library/1234"

        }

    ]

}


5. Delete

namespace=library; repository=1234

$ curl -X DELETE http://192.168.20.211:5000/v1/repositories/1234/




Note. 

docker pull/push 할때 아래 에러 발생시, 해당 머신의 docker 데몬 옵션 변경 필요 ( registry server 아님 )

ps. trusted 된 인증이 아니라면( by 인증기관 ) 간단히 아래 처럼 사용 ( self cert  안됨 : ... x509: certificate signed by unknown authority ... 에러 발생)




FATA[0004] Error: v1 ping attempt failed with error: Get https://192.168.20.211:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry 192.168.20.211:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/192.168.20.211:5000/ca.crt


기본적으로 ssl을 사용하므로, 인증서가 필요함

간단히 사용하고자 한다면 


/etc/default/docker 파일에 아래 추가

DOCKER_OPTS="$DOCKER_OPTS --insecure-registry=192.168.20.211:5000"


$ service docker restart



+ Recent posts

티스토리툴바