Ubuntu as Docker host

Ubuntu as Docker host

The latest news are that new Ubuntu will be even more container-friendly.

There is also now the new “Snappy” Ubuntu Core that includes all code and updates of Ubuntu in a new small footprint, but with the same, strange, read-only filesystem. In all aspects, extremely similar to CoreOS or Project Atomic.

Essential customizations

ssh upravitelj@192.168.0.11
sudo su -

Hostname is already set to lanserver.

Update everything

apt-get update && apt-get upgrade

And check for new release

do-release-upgrade

Set static IP address

I found a shell command that will get current configuration that was assigned via DHCP, and write it to a configuration file. Please note that latest ubuntu supports source directive, so I won’t write in main /etc/network/interfaces if I don’t have to.

sudo su -

# maybe change ^enp to ^eth on old versions
ifconfig | awk -F':' '/^enp/{ ethdev=$1; sub(/ .*/, "", ethdev); getline; addr=$2; sub(/ .*/, "", addr); printf "\nauto %s\niface %s inet static\n\taddress %s\n\tnetmask %s\n", ethdev, ethdev, addr, $4 }' \
| tee -a /etc/network/interfaces.d/ethernet

route | awk ' $1 == "default" { print "\tgateway " $2 }' \
| tee -a /etc/network/interfaces.d/ethernet

# Set DNS servers also
echo 'dns-nameservers 8.8.8.8 8.8.4.4' | tee -a /etc/network/interfaces.d/ethernet

# disable enp* (eth0) DHCP settings
sed -i -re 's/^auto enp\S+/# \0/' /etc/network/interfaces
sed -i -re 's/^iface enp\S+ inet dhcp/# \0/' /etc/network/interfaces

service network restart

Source: Configure Static IP Address and Set DNS in Ubuntu 15.10 Desktop and Server

Secure SSH

Import my public keys from GitHub:

# don't execute as root
ssh-import-id gh:cvladan

Change SSH port to 22111:

sed -i -r 's/^.*(Port)\W+(.*)$/\1 22111/gi' /etc/ssh/sshd_config
service sshd restart

Configure Windows desktop client for easier connect:

set F="%HOMEDRIVE%%HOMEPATH%\.ssh\config"
echo. >> %F%
echo Host lanserver >> %F%
echo     HostName 192.168.0.11 >> %F%
echo     User upravitelj >> %F%
echo     Port 22111 >> %F%
echo     IdentityFile "~/.ssh/id_rsa" >> %F%
echo     IdentitiesOnly yes >> %F%

Logout and check that you can login with keys, without password.

ssh lanserver

If successfull, we should disable password login completely, and set basic sshd settings:

sed -i -r 's/^#?(UseDNS|PermitRootLogin|PasswordAuthentication|UsePAM|ChallengeResponseAuthentication)\s+yes/\1 no/' /etc/ssh/sshd_config
service sshd restart

Note: Don’t disable UsePAM as it produces a problems with locale, but not as root user.

SSH Welcome Message

MOTD (Message Of The Day) is displayed after the user has logged in:

cat <<'EOF' > /etc/issue.net
Welcome to eTaktiker LAN Server
EOF

sed -ri 's/^#(Banner)/\1/gi' /etc/ssh/sshd_config

My custom bash settings

Set

mkdir -p /etc/profile.d

cat <<'EOF' > /etc/profile.d/custom-settings.sh

# typing * will include hidden (dot .*) files
shopt -s dotglob

# both ctrl-r and ctrl-s should work on history log
stty -ixon

# basic aliases
alias ls="ls -a --color=tty"  # show all and in color
alias ll='ls -l --color=tty'

# docker alias helpers
alias d='docker'
alias ds='docker ps'
alias di='docker images'
alias drm='docker rm -f $(docker ps -qa)'

EOF
Disable sleep on lid closed

Note: This is required for local deployments (eg. laptop)

systemctl is a new command to control services. To disable sleeping when we close the lid, execute the following:

sed -i -r 's/^#?(HandleLidSwitch=).*$/\1ignore/' /etc/systemd/logind.conf
systemctl restart systemd-logind

Essential packages

Install basic packages

apt-get -y install htop mc

Docker install

We can install from packages (apt-get install docker.io), but that is not always the latest version.

So, we will do it as instructed on their site:

Installation on Ubuntu

To avoid having to use sudo when you use the docker command, we’ll create a Unix group called docker and add users to it.

curl -sSL https://get.docker.com/ | sh
sudo docker run hello-world

# Add myself to docker group
sudo usermod -aG docker upravitelj

# Relogin and then verify running docker without sudo
docker run hello-world

# Configure Docker to start on boot
sudo systemctl enable docker

Enable Docker’s remote API

Warning: This is highly insecure and do it only on local DOcker installations.

If we want to execute Docker commands from remote client we need to enable Docker to listen on TCP port also.

echo -e "\n# Enable remote API\nDOCKER_OPTS='-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock'" >> /etc/default/docker
service docker restart

Install Docker Compose

Docker Compose was called Fig before and is really essential part of the whole Docker expirience.

VERSION_NUM=1.7.0
curl -L https://github.com/docker/compose/releases/download/$VERSION_NUM/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

After that, install command completion for bash:

curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose --version | awk 'NR==1{print $NF}')/contrib/completion/bash/docker-compose > /etc/bash_completion.d/docker-compose

Completion will be available upon next login.

Articles & sources:


Auto-start containers on system boot

There is an option to auto-start running containers on system reboot. Docker will restart containers when the daemon restarts if you pass -r=True to the startup options. On Ubuntu, you can accomplish this permanently by modifying DOCKER_OPTS="-r=true" in /etc/default/docker.

As usual, there is a bug explained and worked-around here.

Ubuntu workaround

I found out the service-file from service docker status. Anyway, as explained here,

I should be creating /etc/systemd/system/docker.service.d/docker.conf, but I will not - I will directly change main file /lib/systemd/system/docker.service, because it will be in upstream very soon.

[Service]
EnvironmentFile=-/etc/default/docker
ExecStart=/usr/bin/docker daemon $DOCKER_OPTS -H fd://
Back to normal

Now, as it should be, changes in file /etc/default/docker will be propagated. So change it and add DOCKER_OPTS="-r=true"

Now, when checking service docker status, we will notice the new command line option that we need.

Old way of doing it

Runninng Docker containers as systemd services

date 01. Jan 0001 | modified 28. May 2021
filename: Infrastructure - Ubuntu as Docker host