- Oct 2020
-
github.com github.com
-
I debugged docker-compose and docker-py and figured out that you should either use environment variables or options in command. You should not mix these . If you even specify --tls in command then you will have to specify all the options as the TLSConfig object, as now TLSConfig object is created completely from the command options and operide the TFSConfig object created from the environment variable.
-
-
github.com github.com
-
To be clear: this setup works great with just docker daemon, but something about -compose is amiss.
-
Using the docker client I have good success accessing the remote docker server. We call the remote server up to a hundred thousand times a day with good success. Attempting to use docker-compose, installed either via curl OR pip install --upgrade with python 2.7, we get an SSL error:
-
-
github.com github.com
-
docker --tlsverify ps executes just fine, while docker-compose --tlsverify up -d --force-recreate gives me an error: SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
-
I only have one set of certs. And I can't see how they can be different because docker commands work using the endpoint. It's just the docker-compose command that fails
-
docker-compose command you can not mix environment variable and command option. You can specify setting in env variable and then just use docker-compose ps. The connection will be secured with TLS protocol if DOCKER_TLS_VERIFY variable is set.
-
You dont need to pass --tls or --tlsverify option in the docker-config path as the task already sets DOCKER_TSL_VERIFY environment varaible. I debugged docker-compose and docker-py library and verified that if you pass any flag --tls or --tlsverify flag it tries to create tslConfig object out of options and not from environment
-
-
github.com github.com
-
stackoverflow.com stackoverflow.com
-
you'll run into the error you've run into if your remote Docker host has a certificate signed by something other than the ca.pem that you've got at that location.
-
-
docs.docker.com docs.docker.com
Tags
Annotators
URL
-
-
marketplace.visualstudio.com marketplace.visualstudio.com
- Aug 2020
-
github.com github.com
-
An Image is an ordered collection of root filesystem changes and the corresponding execution parameters for use within a container runtime
Official definition of a container image
-
- Jul 2020
-
github.com github.com
- Jun 2020
-
media-exp1.licdn.com media-exp1.licdn.com
-
How to prevent the environment from being “invalidated”?Docker containers (Rocker)
Rocker
-
- May 2020
-
psyarxiv.com psyarxiv.com
-
Peikert, A., & Brandmaier, A. M. (2019). A Reproducible Data Analysis Workflow with R Markdown, Git, Make, and Docker. https://doi.org/10.31234/osf.io/8xzqy
-
-
github.com github.com
-
if [ -z "${DOCKER_HOST:-}" ]; then if _should_tls || [ -n "${DOCKER_TLS_VERIFY:-}" ]; then export DOCKER_HOST='tcp://docker:2376' else export DOCKER_HOST='tcp://docker:2375' fi fi
-
-
github.com github.com
-
docs.gitlab.com docs.gitlab.com
-
docs.docker.com docs.docker.com
-
Image consumers can enable DCT to ensure that images they use were signed. If a consumer enables DCT, they can only pull, run, or build with trusted images. Enabling DCT is a bit like applying a “filter” to your registry. Consumers “see” only signed image tags and the less desirable, unsigned image tags are “invisible” to them.
-
-
rehansaeed.com rehansaeed.com
-
Authors of third-party tools should prefix each label key with the reverse DNS notation of a domain they own, such as com.example.some-label.
-
-
-
NOTE: Note: If you have 2 Factor Authentication enabled in your account, you need to pass a personal access token instead of your password in order to login to GitLab's Container Registry.
-
- Apr 2020
-
blog.miguelgrinberg.com blog.miguelgrinberg.com
-
Although Miguel's tutorial is excellent, this companion piece by vsupalov can be helpful.
-
-
discuss.erpnext.com discuss.erpnext.com
-
github.com github.com
-
AinD launches Android apps in Docker, by nesting Anbox containers inside Docker.
AinD - useful tool when we need to run an Android app 24/7 in the cloud.
Unlike the alternatives, AinD is not VM, but IaaS based
Tags
Annotators
URL
-
-
code.visualstudio.com code.visualstudio.com
-
To use Gunicorn as your web server, it must be included in the requirements.txt file as an app dependency. It does not need to be installed in your virtual environment/host machine.
-
-
superuser.com superuser.com
-
docker-compose rm -f -s -v yourService
useful commands for launching a single service in a docker-compose file without running it in the background so you can see the logs:
docker-compose rm -fsv service docker-compose up service
-
-
-
PHP built-in server with sqlite enabled
Docker based PHP development environment
Tags
Annotators
URL
-
- Mar 2020
-
pythonspeed.com pythonspeed.com
-
from Docker Compose on a single machine, to Heroku and similar systems, to something like Snakemake for computational pipelines.
Other alternatives to Kubernetes:
- Docker Compose on a single machine
- Heroku and similar systems
- Snakemake for computational pipelines
-
-
-
That makes sense, the new file gets created in the upper directory.
If you add a new file, such as with:
$ echo
new file> merged/new_file
It will be created in the
upper
directory -
Combining the upper and lower directories is pretty easy: we can just do it with mount!
Combining lower and upper directories using mount:
$ sudo mount -t overlay overlay -o lowerdir=/home/bork/test/lower,upperdir=/home/bork/test/upper,workdir=/home/bork/test/work /home/bork/test/merged
-
Overlay filesystems, also known as “union filesystems” or “union mounts” let you mount a filesystem using 2 directories: a “lower” directory, and an “upper” directory.
Docker doesn't make copies of images, but instead uses an overlay.
Overlay filesystems, let you mount a system using 2 directories:
- the lower directory (read-only)
- the upper directory (read and write).
When a process:
- reads a file, the overlayfs filesystem driver looks into the upper directory and if it's not present, it looks into the lower one
- writes a file, overlayfs will just use the upper directory
-
- Feb 2020
-
blog.loadimpact.com blog.loadimpact.com
-
when we ran it natively on the source machine (i.e. not Dockerized, which reduces performance for all the tools by ~40%)
-
-
discourse.drone.io discourse.drone.ioDrone1
Tags
Annotators
URL
-
-
www.prisma.io www.prisma.io
-
docker-compose up -d
Error for me here...
➜ hello-world docker-compose up -d zsh: command not found: docker-compose
-
-
aws.amazon.com aws.amazon.com
- Jan 2020
-
feedback.azure.com feedback.azure.com
-
Azure ACI doesn't accept privileged containers. (--cap-add=NET_ADMIN)
-
-
docs.docker.com docs.docker.com
-
For a port to be accessible to containers or non-Docker hosts on different networks, that port must be published using the -p or --publish flag.
-
-
blog.cspub.net blog.cspub.net
-
But the reason is that, if your host system does not have the vm.overcommit_memory=1 enabled, you will not be able to switch it inside container.
Fixed redis issue on harbor: "Can't save in background: fork: Cannot allocate memory"
Added on /root/harbor/docker-compose.yml:
command: sh -c 'echo 1 > /proc/sys/vm/overcommit_memory'
Also executed command: sh -c 'echo 1 > /proc/sys/vm/overcommit_memory' on the main server harbor (not only on the container)
Tags
Annotators
URL
-
- Nov 2019
-
www.reddit.com www.reddit.com
Tags
Annotators
URL
-
- Oct 2019
-
github.com github.com
-
sysctls: net.ipv6.conf.all.disable_ipv6: 0
Possible solution for blocking ipv6 in docker.
Tags
Annotators
URL
-
- Sep 2019
-
stackoverflow.com stackoverflow.com
-
use the REPOSITORY:TAG combination rather than IMAGE ID
Error response from daemon: conflict: unable to delete c565603bc87f (cannot be forced) - image has dependent child images
I really feel like this should be the accepted answer here but it does depend on the root cause of the problem. When you create a tag it creates a dependency and thus you have to delete the tag and the image in that order. If you delete the image by using the tag rather than the id then you are effectively doing just that.
-
-
github.com github.com
-
default nginx config for openresty lua
-
- Aug 2019
-
medium.com medium.com
-
Comandos Docker y Docker-Compose
Comandos más comunes de Docker y compos
-
- Jul 2019
-
-
forum.zato.io forum.zato.io
-
forum.zato.io forum.zato.io
-
www.dataquest.io www.dataquest.io
Tags
Annotators
URL
-
- May 2019
-
devopsdays.org devopsdays.orgProgram2
-
Allan Moraes - Automatizando o Monitoramento de Infraestrutura
Docker, Grafana e Ansible fazem parte da palestra do Allan e também são tópicos cobertos na prova DevOps Tools do Linux Professional Institute.
705.1 IT Operations and Monitoring (weight: 4)
-
Tiago Roberto Lammers - Nossa jornada DevOps na Delivery Much para microserviços e o que aprendemos
Microservices é um dos temas cobertos pela certificação DevOps Tools do Linux Professional Institute e também é um assunto determinante na escolha de ferramentas do cinto de utilidade de um profissional DevOps. Aproveite para conversar com o Tiago sobre a sua experiência com o uso do Docker, assunto que também cai na prova.
Tópicos (dentre outros):
701.1 Modern Software Development (weight: 6) 701.4 Continuous Integration and Continuous Delivery (weight: 5) 702.1 Container Usage (weight: 7)
-
- Apr 2019
-
segmentfault.com segmentfault.com
-
取image的大概过程如下
- 从registry获取manifest(image 配置文件)
- 读取manifest配置文件的digest,这个就是image id
- 根据image id查看本地有无相同id的image
- 如果没有,会给registry服务发送请求,获取image的配置文件
- 查看本地每一个layer是否存在
- 如果不存在,则会去服务器拿相应的layer
- 等所有的layer下载完成后,image就下载完成了
Tags
Annotators
URL
-
-
success.docker.com success.docker.com
-
If this is a production situation, and security and stability are important, then just "convenience" is likely not the best deciding factor (any more than leaving your house unlocked all the time might be "convenient").
如果这是生产情况,安全性和稳定性很重要,那么“便利”可能不是最好的决定因素(不仅仅是让你的房子一直解锁可能是“方便的”)
- 您可以考虑将每个push to registry的版本 - 以某种形式(毕竟,您发布了新版本的代码,并使其他人可以访问)。
- :latest与Git存储库中的master分支相当。是否每个
push to master
都考虑准备投入生产? - Releases将(通常)通过验证过程(CI/QA /acceptance/etc)。是否应首先验证master中的更改,并且仅在验证(标记并)部署到生产之后?
- 发行版(Releases)带有版本;这可以是显式版本(标记),也可以是隐式(不可变标记:图像的摘要)
显式版本 -- image tag<br> 隐式版本 -- 不可变标记 :image digest
-
This is now a problem, because different instances of the same service now run different versions of the application; this can lead to hard-to-find issues, such as:
现在这是一个问题,因为同一服务的不同实例现在运行不同版本的应用程序;这可能导致难以发现的问题,例如:
- 根据访问者最终的节点(或实例),可能会向他们提供不同的内容
- 对服务进行了安全更新,但某些实例仍然运行旧版本
- 修复了一个错误,但由于“某些原因”,一些节点仍然暴露了该错误
- 最新的更新包含一个错误,但它没有引起注意,因为大多数实例仍在运行以前的版本
-
Doing so would revert to the old behavior, where images are just pulled on each node. This used to cause quite some issues and was intended as a stopgap solution at the time (until pinning by digest was implemented). This section illustrates some of the problems with this approach.
docker stack deploy中不推荐使用
--resolve-image=never
<br> 这样做会恢复到原来的行为,即只在每个节点上拉动图像。这曾经引起相当多的问题,并且当时是作为权宜之计的解决方案(直到通过摘要实现固定)。本节说明了此方法的一些问题。 -
However, there is not a 1:1 relation of digests to tags, so when pulling an image by digest, only the digest is known. If you happen to have an image pulled (manually) with a tag that matches that digest, the tag is shown, but not otherwise
但是,摘要与标签之间没有1:1的关系,因此在通过摘要pull image时,只知道摘要。如果您碰巧使用与该摘要匹配的标记(手动)拉出图像,则会显示标记,否则不会显示
-
- Mar 2019
-
www.thedevelopersconference.com.br www.thedevelopersconference.com.br
-
Usando Traefik para automatizar o proxy reverso de seus containers docker
Ainda que esse não seja um assunto cobrado diretamente na prova, essas são ferramentas que devem fazer parte do cinto de utilidades de um bom DevOps. E busca por "container" nos nossos tópicos, nesse link, que tu vais descobrir a importância de conhecer bem sobre o assunto.
-
Pipeline de CI/CD no Kubernetes usando Jenkins e Spinnaker
Uau! Muitos assuntos da prova LPI DevOps são explorados nessa palestra. Fica de olho no tópico: 702 Container Management.
-
- Jan 2019
-
-
this is in /srv/www/ on the host.
This site actually gives somewhat clear instructions about which directories from which to run the commands. I think where I went wrong befire was using various directories that in the end did not match the actual installations.
-
- Dec 2018
-
lethalman.blogspot.com lethalman.blogspot.com
- Jun 2018
-
binarioetico.it binarioetico.it
-
Azienda allo stato dell'arte per soluzioni IT in ambienti OpenSource.
Tags
Annotators
URL
-
- May 2018
-
serverfault.com serverfault.com
-
You can pull the image on a computer that have access to the internet.
sudo docker pull ubuntu Then you can save this image to a file
sudo docker save -o ubuntu_image.docker ubuntu Transfer the file on the offline computer (USB/CD/whatever) and load the image from the file:
sudo docker load ubuntu_image.docker
-
- Apr 2018
- Dec 2017
-
docs.docker.com docs.docker.com
- Nov 2017
-
domino.research.ibm.com domino.research.ibm.comCoverAUS2
-
Random I/O throughpu
Docker introduces no overhead compared to Linu.
-
Network round-trip latency
Docker NAT doubles latency compaire to native.
-
-
halfanhour.blogspot.com halfanhour.blogspot.com
-
professors
Here’s one:
-
Docker eventually sold out to (I believe) Bell and the professors did just fine.
How times have changed.
-
- Sep 2017
-
nixos.org nixos.org
-
NixOS is a Linux distribution with a unique approach to package and configuration management.
This is another approach to systems management and software as a services. I don't really understand in detail the difference between NixOS and docker, but googling NixOS vs Docker shows that its a topic that is ripe for a bunfight.
Tags
Annotators
URL
-
-
singularity.lbl.gov singularity.lbl.gov
-
Singularity containers can be used to package entire scientific workflows, software and libraries, and even data.
Very interesting, basically Singularity allows containers to run in HPC environments, so that code running in the container can take advantage of the HPC tools, like massive scale and message passing, while at the same time keeping the stuff in the container safer.
Tags
Annotators
URL
-
-
docs.docker.com docs.docker.com
-
Note: When mapping ports in the HOST:CONTAINER format, you may experience erroneous results when using a container port lower than 60, because YAML will parse numbers in the format xx:yy as sexagesimal (base 60). For this reason, we recommend always explicitly specifying your port mappings as strings.
Cool feature
Tags
Annotators
URL
-
- Aug 2017
-
dockone.io dockone.io
-
- Jun 2017
-
discuss.circleci.com discuss.circleci.com
-
docker 1.13
-
- Mar 2017
-
blog.outsider.ne.kr blog.outsider.ne.kr
-
Prophet : Facebook에서 오픈 소스로 공개한 시계열 데이터의 예측 도구로 R과 Python으로 작성되었다.
python statics opensource, also can use R
-
Docker Swarm을 이용한 쉽고 빠른 분산 서버 관리 : Docker Swarm으로 서버 오케스트레이션 하는 방법을 설명한 글이다. 현재 사용 가능한 오케스트레이션 도구들의 장단점도 정리되어 있고 Swarm이 제공하는 기능을 설명한 후 실제로 따라 해 보면서 테스트해볼 수 있게 글이 작성되어 있어서 오케스트레이션 도구를 검토하고 있다면 찬찬히 읽어봐야 할 글이다. 얼마 전에 Docker Swarm을 보고 간단하면서 기능이 강력해서 꽤 좋은 인상을 받았는데 정리된 글이 나와서 반갑다.(한국어)
Tags
Annotators
URL
-
-
veggiemonk.github.io veggiemonk.github.io
Tags
Annotators
URL
-
- Jan 2017
-
www.brandpending.com www.brandpending.com
-
> docker run -d --log-driver=syslog --log-opt syslog-address=tcp://192.168.99.100:514 --log-opt
-
-
h.readthedocs.io h.readthedocs.io
-
Cannot connect to the Docker daemon
For Linux/Unix people, it may very well be that you did not add your username to the 'docker' group and as a consequence you cannot communicate with the docker daemon. I had just experienced this (while running Linux Mint 18.1, but the symptoms ought to be similar for Debian/Ubuntu as well).
To fix it, I ran:
sudo usermod -aG docker $(whoami)
Log out and log back in. This ensures your user is running with the correct permissions.
This will ensure that you do not need to sudo every time, when you interact with docker.
There are instructions in the below link for Unix (MacOS) users as well.
-
-
-
-
starting kong serf agent
Tags
Annotators
URL
-
-
www.joyent.com www.joyent.com
- Dec 2016
-
prometheus.io prometheus.io
Tags
Annotators
URL
-
-
blog.toast38coza.me blog.toast38coza.me
-
techoverflow.net techoverflow.net
-
github.com github.com
Tags
Annotators
URL
-
- Jun 2016
-
onsnetwork.org onsnetwork.org
-
Docker is a type of virtual machine
How does it compare to the packages installed directly? Could be useful for development, but maybe not practical for HPC applications. Maybe just create a cd iso with all the correct programs and their dependencies.
-
- Apr 2016
-
delivery.acm.org delivery.acm.org
-
In its default configuration, the CJRS web service (either deployed as an executable jar, or a war file in a servlet container) is configured to use the SLURM JobExecutionService, and directly invokes ‘srun’, ‘sbatch’, and ‘salloc’ commands that are available on the host it is running on.A natural consequence of this is that SLURM jobs are submitted using the same user ID as owner of the CJRS web service process. For the purposes of training and demonstration, it is recommended to deploy the application so that it runs as a single, unprivileged user created specifically for the purpose of training. In theory, however, anybody who obtains the executable jar file may run it on a machine they have access to, bound to some random high port exclusive to that user, allowing it to launch SLURM jobs on their behalf via the REST API.
This will likely not be portable to Docker due to security issues; two separate users will be needed: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
-
-
gigadb.org gigadb.org
-
Workflow, Virtual-Machine
The dockerised workflows are discussed in more detail in this blog posting here: http://blogs.biomedcentral.com/gigablog/2015/07/30/fermenting-reproducible-research-revolution/
Tags
Annotators
URL
-
- Dec 2015
-
www.computerweekly.com www.computerweekly.com
-
Useful explanation of the different ways of sharing persistent data between a Docker host and containers.
-
- May 2015
-
developer.zendesk.com developer.zendesk.com
-
sudo: false makes travis use its docker infrastructure, which means builds start faster and have more CPU available
-
- Mar 2015
-
blog.turret.io blog.turret.io
-
Excellent guide for creating a fresh CoreOS image for AWS using Ext4 and OverlayFS.
This is the future for CoreOS and should be more stable than btrfs.
-