meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:docker [2019/03/26 09:58] – [macvlan] niziaklinux:docker [2020/05/07 09:05] (current) niziak
Line 1: Line 1:
 +====== Docker ======
  
   * **Docker image** - operating system with preconfigured application (service)   * **Docker image** - operating system with preconfigured application (service)
Line 79: Line 80:
   * https://github.com/ClusterHQ/flocker   * https://github.com/ClusterHQ/flocker
  
-====== Volumes ====== 
-[[https://docs.docker.com/engine/tutorials/dockervolumes/]] 
- 
-  Data volumes are designed to persist data, independent of the container’s life cycle. Docker therefore never automatically delete volumes when you remove a container, nor will it “garbage collect”     volumes that are no longer referenced by a container. 
-  A Docker data volume persists after a container is deleted. 
- 
-Volumes types: 
-  * local storage (original image data located in specified directory  are copied to volume during creation) 
-  * bind-mounted host (original image data are **not copied**) 
-  * volume plugins 
- 
-===== BTRFS Volume plugin for Docker ===== 
-[[https://github.com/anybox/buttervolume]] 
- 
- 
-Volume destination inside container must be a absolute path. 
- 
-Run shell with mounted volume from another docker: 
-<code bash>docker run --rm -i --volumes-from dbdata busybox ash</code> 
-<code bash>docker run --rm -i --volumes-from dbdata debian:jessie-slim /bin/bash</code> 
- 
-Single file can be mounted as volume: 
-<code bash>docker run --rm -it -v ~/.bash_history:/root/.bash_history debian:jessie-slim bash /bin/bash</code> 
- 
-Create named volume and share it between multiple containers: 
-<code bash> 
-docker run -d -P -v my-named-volume:/opt --name test1 debian:jessie-slim bash 
-docker run -d -P -v my-named-volume:/opt --name test2 debian:jessie-slim bash 
-docker run -d -P -v my-named-volume:/opt --name test3 debian:jessie-slim bash 
-</code> 
- 
-To protect data from being deleted with volume use ''local-persist'' plugin: [[https://github.com/CWSpear/local-persist]] 
- 
-Find orphaned volumes 
-<code bash> 
-docker volume ls -f dangling=true 
-docker volume rm <volume name> 
-</code> 
- 
-Transfer volume to another host [[https://www.guidodiepen.nl/2016/05/transfer-docker-data-volume-to-another-host/]] 
- 
-[[https://github.com/gdiepen/docker-convenience-scripts/blob/master/docker_get_data_volume_info.sh]] 
- 
-====== Network ====== 
- 
-[[http://blog.oddbit.com/2014/08/11/four-ways-to-connect-a-docker/]] 
-[[http://stackoverflow.com/questions/26539727/giving-a-docker-container-a-routable-ip-address]] 
- 
-===== Linux Kernel drivers ===== 
- 
-  * **bridge** - gives connectivity between endpoints, but external access requires NAT 
-  * **macvlan** - to expose endpoints directly to LAN (can get address from network DHCP server) 
-    * **macvlan** needs to be used in cases where common dhcp server is used since dhcp server would need unique mac address which **ipvlan** does not have. 
-    * PROBLEMS: 
-      * The switch the host is connected to may have a policy that limits the number of different MAC addresses on a physical port. 
-      * Many NICs have a limit on the number of MAC addresses they support in hardware. Exceeding the limit may affect the performance. 
-      * IEEE 802.11 doesn’t like multiple MAC addresses on a single client. It is likely macvlan sub-interfaces will be blocked by your wireless interface driver, AP or both 
-  * **ipvlan** - [[https://www.kernel.org/doc/Documentation/networking/ipvlan.txt|ipvlan.txt]] similar to macvlan, but endpoints have the same MAC address. Ipvlan has two modes of operation. Only one of the two modes can be selected on a single parent interface. All sub-interfaces operate in the selected mode: 
-    * **L2** - bridge mode (requires external router if endpoints are in different networks) 
-    * **L3** - packets are routed between endpoints (without touching TTL) 
-    * *ipvlan* - should be used in cases where some switches restrict the maximum number of mac address per physical port due to port security configuration. 
-      * use it if parent interface is wireless 
-    * PROBLEMS: 
-      * Shared MAC address can affect DHCP operations. If your VMs or containers use DHCP to acquire network settings, make sure they use unique ClientID in the DHCP request and ensure your DHCP server assigns IP addresses based on ClientID, not client’s MAC address. 
-      * Autoconfigured EUI-64 IPv6 addresses are based on MAC address. All VMs or containers sharing the same parent interface will auto-generate the same IPv6 address. Ensure that your VMs or containers use static IPv6 addresses or IPv6 privacy addresses and disable SLAAC. 
- 
- 
-==== macvlan ==== 
- 
-There can be only one macvlan network with the same subnet and gateway. So better is to create network manually: 
-<code bash> 
-docker network create --driver=macvlan \ 
--o parent="br0" \ 
---subnet="192.168.0.0/22" \ 
---gateway="192.168.0.1" \ 
-${NETWORK_NAME} 
-</code> 
- 
-and then attach containers to existing network: 
-<file yaml docker-compose.yml> 
-version: '2' 
- 
-services: 
-  myservice: 
-    networks: 
-      lan: 
-         ipv4_address: "192.168.0.241" 
- 
-networks: 
-   lan: 
-        external: 
-            name: real_lan 
-</file>  
- 
-or 
-<code bash>docker network connect --ip="192.168.0.241" real_lan myservice</code> 
- 
-====== data persistence in swarm ====== 
-[[http://mysqlrelease.com/2016/08/trying-out-mysql-in-docker-swarm-mode/]] 
-[[https://forums.docker.com/t/data-base-persistence-in-docker-swarm-mode/20665/7]] 
  
 ====== Backup ====== ====== Backup ======