Ubuntu as Docker host
The latest news are that new Ubuntu will be even more container-friendly.
There is also now the new “Snappy” Ubuntu Core that includes all code and updates of Ubuntu in a new small footprint, but with the same, strange, read-only filesystem. In all aspects, extremely similar to CoreOS or Project Atomic.
Essential customizations
ssh upravitelj@192.168.0.11
sudo su -
Hostname is already set to lanserver.
Update everything
apt-get update && apt-get upgrade
And check for new release
do-release-upgrade
Set static IP address
I found a shell command that will get current configuration that was
assigned via DHCP, and write it to a configuration file. Please note
that latest ubuntu supports source directive, so I won’t write in main
/etc/network/interfaces if I don’t have to.
sudo su -
# maybe change ^enp to ^eth on old versions
ifconfig | awk -F':' '/^enp/{ ethdev=$1; sub(/ .*/, "", ethdev); getline; addr=$2; sub(/ .*/, "", addr); printf "\nauto %s\niface %s inet static\n\taddress %s\n\tnetmask %s\n", ethdev, ethdev, addr, $4 }' \
| tee -a /etc/network/interfaces.d/ethernet
route | awk ' $1 == "default" { print "\tgateway " $2 }' \
| tee -a /etc/network/interfaces.d/ethernet
# Set DNS servers also
echo 'dns-nameservers 8.8.8.8 8.8.4.4' | tee -a /etc/network/interfaces.d/ethernet
# disable enp* (eth0) DHCP settings
sed -i -re 's/^auto enp\S+/# \0/' /etc/network/interfaces
sed -i -re 's/^iface enp\S+ inet dhcp/# \0/' /etc/network/interfaces
service network restart
Source: Configure Static IP Address and Set DNS in Ubuntu 15.10 Desktop and Server
Secure SSH
Import my public keys from GitHub:
# don't execute as root
ssh-import-id gh:cvladan
Change SSH port to 22111:
sed -i -r 's/^.*(Port)\W+(.*)$/\1 22111/gi' /etc/ssh/sshd_config
service sshd restart
Configure Windows desktop client for easier connect:
set F="%HOMEDRIVE%%HOMEPATH%\.ssh\config"
echo. >> %F%
echo Host lanserver >> %F%
echo HostName 192.168.0.11 >> %F%
echo User upravitelj >> %F%
echo Port 22111 >> %F%
echo IdentityFile "~/.ssh/id_rsa" >> %F%
echo IdentitiesOnly yes >> %F%
Logout and check that you can login with keys, without password.
ssh lanserver
If successfull, we should disable password login completely, and set basic sshd settings:
sed -i -r 's/^#?(UseDNS|PermitRootLogin|PasswordAuthentication|UsePAM|ChallengeResponseAuthentication)\s+yes/\1 no/' /etc/ssh/sshd_config
service sshd restart
Note: Don’t disable UsePAM as it produces a problems with locale, but
not as root user.
SSH Welcome Message
MOTD (Message Of The Day) is displayed after the user has logged in:
cat <<'EOF' > /etc/issue.net
Welcome to eTaktiker LAN Server
EOF
sed -ri 's/^#(Banner)/\1/gi' /etc/ssh/sshd_config
My custom bash settings
Set
mkdir -p /etc/profile.d
cat <<'EOF' > /etc/profile.d/custom-settings.sh
# typing * will include hidden (dot .*) files
shopt -s dotglob
# both ctrl-r and ctrl-s should work on history log
stty -ixon
# basic aliases
alias ls="ls -a --color=tty" # show all and in color
alias ll='ls -l --color=tty'
# docker alias helpers
alias d='docker'
alias ds='docker ps'
alias di='docker images'
alias drm='docker rm -f $(docker ps -qa)'
EOF
Disable sleep on lid closed
Note: This is required for local deployments (eg. laptop)
systemctl is a new command to control services. To disable sleeping when we close the lid, execute the following:
sed -i -r 's/^#?(HandleLidSwitch=).*$/\1ignore/' /etc/systemd/logind.conf
systemctl restart systemd-logind
Essential packages
Install basic packages
apt-get -y install htop mc
Docker install
We can install from packages (apt-get install docker.io), but that is
not always the latest version.
So, we will do it as instructed on their site:
To avoid having to use sudo when you use the docker command, we’ll create a Unix group called docker and add users to it.
curl -sSL https://get.docker.com/ | sh
sudo docker run hello-world
# Add myself to docker group
sudo usermod -aG docker upravitelj
# Relogin and then verify running docker without sudo
docker run hello-world
# Configure Docker to start on boot
sudo systemctl enable docker
Enable Docker’s remote API
Warning: This is highly insecure and do it only on local DOcker installations.
If we want to execute Docker commands from remote client we need to enable Docker to listen on TCP port also.
echo -e "\n# Enable remote API\nDOCKER_OPTS='-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock'" >> /etc/default/docker
service docker restart
Install Docker Compose
Docker Compose was called Fig before and is really essential part of the whole Docker expirience.
VERSION_NUM=1.7.0
curl -L https://github.com/docker/compose/releases/download/$VERSION_NUM/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
After that, install command completion for bash:
curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose --version | awk 'NR==1{print $NF}')/contrib/completion/bash/docker-compose > /etc/bash_completion.d/docker-compose
Completion will be available upon next login.
Articles & sources:
Auto-start containers on system boot
There is an option to auto-start running containers on system reboot.
Docker will restart containers when the daemon restarts if you pass
-r=True to the startup options. On Ubuntu, you can accomplish this
permanently by modifying DOCKER_OPTS="-r=true" in
/etc/default/docker.
As usual, there is a bug explained and worked-around here.
Ubuntu workaround
I found out the service-file from service docker status. Anyway, as
explained here,
I should be creating /etc/systemd/system/docker.service.d/docker.conf,
but I will not - I will directly change main file
/lib/systemd/system/docker.service, because it will be in upstream
very soon.
[Service]
EnvironmentFile=-/etc/default/docker
ExecStart=/usr/bin/docker daemon $DOCKER_OPTS -H fd://
Back to normal
Now, as it should be, changes in file /etc/default/docker will be
propagated. So change it and add DOCKER_OPTS="-r=true"
Now, when checking service docker status, we will notice the new
command line option that we need.