The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Difference between revisions of "LXD/Docker in LXD"
(Created page with "If you have followed our notes about LXD in LXD then there is not much you need to do to be able to run Docker inside your container. {{note|The container...") |
|||
Line 23: | Line 23: | ||
The linked container said... "Hello World!" | The linked container said... "Hello World!" | ||
=== Building a Funtoo Docker Container === | |||
To build a docker container you will need a Dockerfile with the description how to build an image and internet connection and docker of course. | |||
{{file|filename=Dockerfile|body= | |||
# This Dockerfile creates a funtoo stage3 container image. By default it | |||
# creates a stage3 generic 64bit image. It utilizes a multi-stage build and requires | |||
# docker-17.05.0 or later. It fetches a daily snapshot from the official | |||
# sources and verifies its checksum as well as its gpg signature. | |||
# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools | |||
# to fetch the signing key. | |||
# we are going to use alpine as our bootstrap container | |||
ARG BOOTSTRAP | |||
FROM ${BOOTSTRAP:-alpine:3.7} as builder | |||
WORKDIR /funtoo | |||
# here are all the arguments about arch/subarch ... defined | |||
ARG ARCH=x86-64bit | |||
ARG SUBARCH=generic_64 | |||
ARG DIST="https://build.funtoo.org/funtoo-current" | |||
ARG FILENAME="stage3-latest.tar.xz" | |||
ARG BDFL_KEY="E986E8EE" | |||
ARG BDFL_FP="E8EE" | |||
ARG SIGNING_KEYS="11FD00FD 683A2F8A BEA87CD2 EEE54A43 62DD6D47 6B365A89" | |||
RUN echo "Building Funtoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" \ | |||
&& sleep 3 \ | |||
&& apk --no-cache add gnupg tar wget xz \ | |||
&& STAGE3="${DIST}/${ARCH}/${SUBARCH}/${FILENAME}" \ | |||
&& wget -nv "${STAGE3}" "${STAGE3}.gpg" "${STAGE3}.hash.txt" \ | |||
&& gpg --list-keys \ | |||
&& echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \ | |||
&& echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \ | |||
&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \ | |||
&& gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys ${BDFL_KEY} ${SIGNING_KEYS} \ | |||
&& gpg --list-keys --fingerprint | grep ${BDFL_FP} | tr -d '[:space:]' | awk 'BEGIN { FS = "=" } ; { print $1 ":6:" }' | gpg --import-ownertrust \ | |||
&& gpg --verify ${FILENAME}.gpg ${FILENAME} \ | |||
&& echo "Hash value from hash file:" \ | |||
&& cat ${FILENAME}.hash.txt \ | |||
&& echo "Hash value computed:" \ | |||
&& sha256sum ${FILENAME} \ | |||
&& awk '{print $2 " stage3-latest.tar.xz"}' ${FILENAME}.hash.txt | sha256sum -c - \ | |||
&& tar xpf ${FILENAME} --xattrs --numeric-owner \ | |||
&& sed -i -e 's/#rc_sys=""/rc_sys="docker"/g' etc/rc.conf \ | |||
&& echo 'UTC' > etc/timezone \ | |||
&& rm stage3-latest.tar.xz* \ | |||
&& rm -rf usr/src/linux-debian-sources-4.14.12 \ | |||
&& rm -rf lib64/modules/4.14.12-2 \ | |||
&& rm -rf boot/*-4.14.12-2 | |||
FROM scratch | |||
WORKDIR / | |||
COPY --from=builder /funtoo/ / | |||
CMD ["/bin/bash"] | |||
}} | |||
And this is how we use it. Create a directory my_funtoo_img and put the Docker file in there. And then run this: | |||
{{console|body= | |||
###i## mkdir my_funtoo_img | |||
###i## cd my_funtoo_img | |||
###i## touch Dockerfile | |||
}} | |||
Paste the contents inside Dockerfile and continue with: | |||
{{console|body= | |||
###i## docker build -t funtoo . | |||
Sending build context to Docker daemon 4.096kB | |||
Step 1/16 : ARG BOOTSTRAP | |||
Step 2/16 : FROM ${BOOTSTRAP:-alpine:3.7} as builder | |||
---> 791c3e2ebfcb | |||
Step 3/16 : WORKDIR /funtoo | |||
---> Using cache | |||
---> 55f68b42e50c | |||
Step 4/16 : ARG ARCH=x86-64bit | |||
---> Using cache | |||
---> 756b8f4d4229 | |||
Step 5/16 : ARG SUBARCH=generic_64 | |||
---> Using cache | |||
---> be81f9929e20 | |||
Step 6/16 : ARG SUFFIX | |||
---> Using cache | |||
---> 5eaf818944d2 | |||
Step 7/16 : ARG DIST="https://build.funtoo.org/funtoo-current" | |||
---> Using cache | |||
---> ac85a6ef2c5d | |||
Step 8/16 : ARG FILENAME="stage3-latest.tar.xz" | |||
---> Using cache | |||
---> 980145cd90ab | |||
Step 9/16 : ARG BDFL_KEY="E986E8EE" | |||
---> Using cache | |||
---> e4a24bfc1232 | |||
Step 10/16 : ARG BDFL_FP="E8EE" | |||
---> Using cache | |||
---> 6e53c1d550bf | |||
Step 11/16 : ARG SIGNING_KEYS="11FD00FD 683A2F8A BEA87CD2 EEE54A43 62DD6D47 6B365A89" | |||
---> Using cache | |||
---> 9576df27fa15 | |||
Step 12/16 : RUN echo "Building Funtoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" && sleep 3 && apk --no-cache add gnupg tar wget xz && STAGE3="${DIST}/${ARCH}/${SUBARCH}/${FILENAME}" && ec | |||
ho "STAGE3:" $STAGE3 && wget -nv "${STAGE3}" "${STAGE3}.gpg" "${STAGE3}.hash.txt" && gpg --list-keys && echo "standard-resolver" >> ~/.gnupg/dirmngr.conf && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf | |||
&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf && gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys ${BDFL_KEY} ${SIGNING_KEYS} && gpg --list-keys --fingerprint | grep ${BDFL_FP} | tr -d '[:space:]' | | |||
awk 'BEGIN { FS = "=" } ; { print $1 ":6:" }' | gpg --import-ownertrust && gpg --verify ${FILENAME}.gpg ${FILENAME} && echo "Hash value from hash file:" && cat ${FILENAME}.hash.txt && echo "Hash value compu | |||
ted:" && sha256sum ${FILENAME} && awk '{print $2 " stage3-latest.tar.xz"}' ${FILENAME}.hash.txt | sha256sum -c - && tar xpf ${FILENAME} --xattrs --numeric-owner && sed -i -e 's/#rc_sys=""/rc_sys="docker"/g' | |||
etc/rc.conf && echo 'UTC' > etc/timezone && rm stage3-latest.tar.xz* && rm -rf usr/src/linux-debian-sources-4.14.12 && rm -rf lib64/modules/4.14.12-2 && rm -rf boot/*-4.14.12-2 | |||
---> Running in 6df725ddcdb1 | |||
Building Funtoo Container image for x86-64bit fetching from https://build.funtoo.org/funtoo-current | |||
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz | |||
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz | |||
(1/26) Installing libgpg-error (1.27-r1) | |||
(2/26) Installing libassuan (2.4.4-r0) | |||
(3/26) Installing libcap (2.25-r1) | |||
(4/26) Installing ncurses-terminfo-base (6.0_p20171125-r1) | |||
(5/26) Installing ncurses-terminfo (6.0_p20171125-r1) | |||
(6/26) Installing ncurses-libs (6.0_p20171125-r1) | |||
(7/26) Installing pinentry (1.0.0-r0) | |||
Executing pinentry-1.0.0-r0.post-install | |||
(8/26) Installing libbz2 (1.0.6-r6) | |||
(9/26) Installing libgcrypt (1.8.3-r0) | |||
(10/26) Installing gmp (6.1.2-r1) | |||
(11/26) Installing nettle (3.3-r0) | |||
(12/26) Installing libffi (3.2.1-r4) | |||
(13/26) Installing libtasn1 (4.12-r3) | |||
(14/26) Installing p11-kit (0.23.2-r2) | |||
(15/26) Installing libunistring (0.9.7-r0) | |||
(16/26) Installing gnutls (3.6.1-r0) | |||
(17/26) Installing libksba (1.3.5-r0) | |||
(18/26) Installing db (5.3.28-r0) | |||
(19/26) Installing libsasl (2.1.26-r11) | |||
(20/26) Installing libldap (2.4.45-r3) | |||
(21/26) Installing npth (1.5-r1) | |||
(22/26) Installing gnupg (2.2.3-r1) | |||
(23/26) Installing tar (1.29-r1) | |||
(24/26) Installing wget (1.19.5-r0) | |||
(25/26) Installing xz-libs (5.2.3-r1) | |||
(26/26) Installing xz (5.2.3-r1) | |||
Executing busybox-1.27.2-r11.trigger | |||
OK: 25 MiB in 39 packages | |||
STAGE3: https://build.funtoo.org/funtoo-current/x86-64bit/generic_64/stage3-latest.tar.xz | |||
2018-09-06 00:08:23 URL:https://1570734985.rsc.cdn77.org/funtoo-current/x86-64bit/generic_64/2018-08-27/stage3-generic_64-funtoo-current-2018-08-27.tar.xz [374824936/374824936] -> "stage3-latest.tar.xz" [1] | |||
2018-09-06 00:08:23 URL:https://build.funtoo.org/funtoo-current/x86-64bit/generic_64/stage3-latest.tar.xz.gpg [566/566] -> "stage3-latest.tar.xz.gpg" [1] | |||
2018-09-06 00:08:23 URL:https://build.funtoo.org/funtoo-current/x86-64bit/generic_64/stage3-latest.tar.xz.hash.txt [72/72] -> "stage3-latest.tar.xz.hash.txt" [1] | |||
FINISHED --2018-09-06 00:08:23-- | |||
Total wall clock time: 1m 18s | |||
Downloaded: 3 files, 357M in 1m 15s (4.78 MB/s) | |||
gpg: directory '/root/.gnupg' created | |||
gpg: keybox '/root/.gnupg/pubring.kbx' created | |||
gpg: /root/.gnupg/trustdb.gpg: trustdb created | |||
gpg: key 28CE446E6B365A89: 1 signature not checked due to a missing key | |||
gpg: key 28CE446E6B365A89: public key "Daniel Robbins (metro:ryzen) <drobbins@funtoo.org>" imported | |||
gpg: key 4BE69BAE62DD6D47: 1 signature not checked due to a missing key | |||
gpg: key 4BE69BAE62DD6D47: public key "Daniel Robbins (metro:odroid-c2) <drobbins@funtoo.org>" imported | |||
gpg: key 2A7B0B2EEEE54A43: 1 signature not checked due to a missing key | |||
gpg: key 2A7B0B2EEEE54A43: public key "Daniel Robbins (metro:odroid-xu4) <drobbins@funtoo.org>" imported | |||
gpg: key A9021CE4BEA87CD2: 1 signature not checked due to a missing key | |||
gpg: key A9021CE4BEA87CD2: public key "Daniel Robbins (metro:jaguar) <drobbins@funtoo.org>" imported | |||
gpg: key 3AA5CA5E683A2F8A: 1 signature not checked due to a missing key | |||
gpg: key 3AA5CA5E683A2F8A: public key "Daniel Robbins (metro:excavator) <drobbins@funtoo.org>" imported | |||
gpg: key 9266C4FA11FD00FD: 1 signature not checked due to a missing key | |||
gpg: key 9266C4FA11FD00FD: public key "Daniel Robbins (metro:node) <drobbins@funtoo.org>" imported | |||
gpg: key 9A658306E986E8EE: public key "Daniel Robbins (BDFL) <drobbins@funtoo.org>" imported | |||
gpg: no ultimately trusted keys found | |||
gpg: Total number processed: 7 | |||
gpg: imported: 7 | |||
gpg: inserting ownertrust of 6 | |||
gpg: Signature made Mon Aug 27 08:06:40 2018 UTC | |||
gpg: using RSA key 30737D12308C9D0C882FC34B57CB0A121BAECB2E | |||
gpg: checking the trustdb | |||
gpg: marginals needed: 3 completes needed: 1 trust model: pgp | |||
gpg: depth: 0 valid: 1 signed: 6 trust: 0-, 0q, 0n, 0m, 0f, 1u | |||
gpg: depth: 1 valid: 6 signed: 0 trust: 6-, 0q, 0n, 0m, 0f, 0u | |||
gpg: Good signature from "Daniel Robbins (metro:node) <drobbins@funtoo.org>" [full] | |||
Hash value from hash file: | |||
sha256 dad9f3f8a58eb8a20f5697a57b30ab140cdce11a1624fde7d409070ba1052e60 | |||
Hash value computed: | |||
dad9f3f8a58eb8a20f5697a57b30ab140cdce11a1624fde7d409070ba1052e60 stage3-latest.tar.xz | |||
stage3-latest.tar.xz: OK | |||
Removing intermediate container 6df725ddcdb1 | |||
---> 3e47b26959ff | |||
Step 13/16 : FROM scratch | |||
---> | |||
Step 14/16 : WORKDIR / | |||
---> Using cache | |||
---> 4bb5c1565f15 | |||
Step 15/16 : COPY --from=builder /funtoo/ / | |||
---> Using cache | |||
---> 6759ad727278 | |||
Step 16/16 : CMD ["/bin/bash"] | |||
---> Using cache | |||
---> c869e0c35b0c | |||
Successfully built c869e0c35b0c | |||
Successfully tagged funtoo:latest | |||
###i## | |||
}} | |||
[[Category:LXD]] | [[Category:LXD]] |
Revision as of 09:47, September 6, 2018
If you have followed our notes about LXD in LXD then there is not much you need to do to be able to run Docker inside your container.
The container has to be setup similarly as for LXD in LXD (security.nesting needs to be enabled) so let us know if you want this turned on for your container at bugs.funtoo.org
Let's start a simple Hello world docker container inside our LXD container.
Install and start docker
As simple as:
root # emerge -v app-emulation/docker root # /etc/init.d/docker start
Starting your first docker microcontainer
root # docker run --detach --name app carinamarina/hello-world-app root # docker run --detach --name web --link app:helloapp -p 80:5000 carinamarina/hello-world-web
Go to your containers ip address and if you were not running anything on port 80 you should get:
The linked container said... "Hello World!"
Building a Funtoo Docker Container
To build a docker container you will need a Dockerfile with the description how to build an image and internet connection and docker of course.
# This Dockerfile creates a funtoo stage3 container image. By default it
# creates a stage3 generic 64bit image. It utilizes a multi-stage build and requires
# docker-17.05.0 or later. It fetches a daily snapshot from the official
# sources and verifies its checksum as well as its gpg signature.
# As gpg keyservers sometimes are unreliable, we use multiple gpg server pools
# to fetch the signing key.
# we are going to use alpine as our bootstrap container
ARG BOOTSTRAP
FROM ${BOOTSTRAP:-alpine:3.7} as builder
WORKDIR /funtoo
# here are all the arguments about arch/subarch ... defined
ARG ARCH=x86-64bit
ARG SUBARCH=generic_64
ARG DIST="https://build.funtoo.org/funtoo-current"
ARG FILENAME="stage3-latest.tar.xz"
ARG BDFL_KEY="E986E8EE"
ARG BDFL_FP="E8EE"
ARG SIGNING_KEYS="11FD00FD 683A2F8A BEA87CD2 EEE54A43 62DD6D47 6B365A89"
RUN echo "Building Funtoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" \
&& sleep 3 \
&& apk --no-cache add gnupg tar wget xz \
&& STAGE3="${DIST}/${ARCH}/${SUBARCH}/${FILENAME}" \
&& wget -nv "${STAGE3}" "${STAGE3}.gpg" "${STAGE3}.hash.txt" \
&& gpg --list-keys \
&& echo "standard-resolver" >> ~/.gnupg/dirmngr.conf \
&& echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf \
&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf \
&& gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys ${BDFL_KEY} ${SIGNING_KEYS} \
&& gpg --list-keys --fingerprint
And this is how we use it. Create a directory my_funtoo_img and put the Docker file in there. And then run this:
root # mkdir my_funtoo_img root # cd my_funtoo_img root # touch Dockerfile
Paste the contents inside Dockerfile and continue with:
root # docker build -t funtoo . Sending build context to Docker daemon 4.096kB Step 1/16 : ARG BOOTSTRAP Step 2/16 : FROM ${BOOTSTRAP:-alpine:3.7} as builder ---> 791c3e2ebfcb Step 3/16 : WORKDIR /funtoo ---> Using cache ---> 55f68b42e50c Step 4/16 : ARG ARCH=x86-64bit ---> Using cache ---> 756b8f4d4229 Step 5/16 : ARG SUBARCH=generic_64 ---> Using cache ---> be81f9929e20 Step 6/16 : ARG SUFFIX ---> Using cache ---> 5eaf818944d2 Step 7/16 : ARG DIST="https://build.funtoo.org/funtoo-current" ---> Using cache ---> ac85a6ef2c5d Step 8/16 : ARG FILENAME="stage3-latest.tar.xz" ---> Using cache ---> 980145cd90ab Step 9/16 : ARG BDFL_KEY="E986E8EE" ---> Using cache ---> e4a24bfc1232 Step 10/16 : ARG BDFL_FP="E8EE" ---> Using cache ---> 6e53c1d550bf Step 11/16 : ARG SIGNING_KEYS="11FD00FD 683A2F8A BEA87CD2 EEE54A43 62DD6D47 6B365A89" ---> Using cache ---> 9576df27fa15 Step 12/16 : RUN echo "Building Funtoo Container image for ${ARCH} ${SUFFIX} fetching from ${DIST}" && sleep 3 && apk --no-cache add gnupg tar wget xz && STAGE3="${DIST}/${ARCH}/${SUBARCH}/${FILENAME}" && ec ho "STAGE3:" $STAGE3 && wget -nv "${STAGE3}" "${STAGE3}.gpg" "${STAGE3}.hash.txt" && gpg --list-keys && echo "standard-resolver" >> ~/.gnupg/dirmngr.conf && echo "honor-http-proxy" >> ~/.gnupg/dirmngr.conf && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf && gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys ${BDFL_KEY} ${SIGNING_KEYS} && gpg --list-keys --fingerprint