docker

Move Elasticsearch data to dedicated LV

# create lvm
pvcreate /dev/disk/by-id/ata-INTEL_SSDSC2KB076T8_*
vgcreate data /dev/disk/by-id/ata-INTEL_SSDSC2KB076T8_*
lvcreate --name elasticsearch --size 2T data
mkfs.ext4 /dev/data/elasticsearch
 
# pre-sync data
mount /dev/data/elasticsearch /mnt/
rsync -aHAXx --numeric-ids /var/lib/docker/volumes/elasticsearch/ /mnt/
 
# sync data
docker stop elasticsearch
rsync --delete -aHAXxv --numeric-ids /var/lib/docker/volumes/elasticsearch/ /mnt/
rsync --delete -aHAXxv --numeric-ids /var/lib/docker/volumes/elasticsearch/ /mnt/
umount /mnt
 
# mount new LV

GitLab: Docker CI pipeline

Optinal: Create nested LXD container
http://www.panticz.de/lxd/nesting

CONTAINER_NAME=gitlab-runner1-dev
lxc launch ubuntu:18.04 ${CONTAINER_NAME} -p disk-zfs -p nic-dev-mgmt -c boot.autostart=true -c security.nesting=true -c security.privileged=true
#-c volatile.dev-mgmt.hwaddr=00:11:22:33:44:55
 
lxc exec ${CONTAINER_NAME} -- apt update
lxc exec ${CONTAINER_NAME} -- apt dist-upgrade
lxc exec ${CONTAINER_NAME} -- apt purge -y lxd lxd-client snapd unattended-upgrades
lxc exec ${CONTAINER_NAME} -- apt autoremove
 
lxc file push /root/.ssh/authorized_keys ${CONTAINER_NAME}/root/.ssh/authorized_keys
lxc exec ${CONTAINER_NAME} -- bash -c "sed -i 's/eth0:/dev-mgmt:/g' /etc/netplan/50-cloud-init.yaml"
lxc exec ${CONTAINER_NAME} -- netplan apply
 
printf 'lxc.apparmor.profile = unconfined\nlxc.cgroup.devices.allow = a\nlxc.mount.auto=proc:rw sys:rw\nlxc.cap.drop=' | lxc config set ${CONTAINER_NAME} raw.lxc -
lxc restart ${CONTAINER_NAME}

Install Docker inside LXD container
# http://www.panticz.de/install-docker

podman

Install

sudo apt-get install -y software-properties-common uidmap
sudo add-apt-repository -y ppa:projectatomic/ppa
sudo apt-get -y install podman

Container

podman run --name nginx -v /tmp/html:/usr/share/nginx/html:ro -d -p 8080:80 docker://nginx
 
podman run \
    -dt \
    -p 8080:8080/tcp \
    -e HTTPD_VAR_RUN=/var/run/httpd \
    -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
    -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
    -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
    registry.fedoraproject.org/f27/

Links
https://podman.io/

Docker: Anisble snippets

Ansible docker modules
https://docs.ansible.com/ansible/latest/modules/docker_container_module.html

- name: Enable autostart for running containers
  shell: docker update --restart=always $(docker ps -q)

- name: Get container info
  docker_container_info:
    name: www1
  register: result

- name: Does container exist?
  debug:
    msg: "The container {{ 'exists' if result.exists else 'does not exist' }}"

- name: Stop container
  docker_container:
    name: "{{ result.container.Name }}"
    state: stopped
  when:
    - result.exists
    - result.container.State.Running

Docker: Container

Ubuntu

docker run -it ubuntu:18.04

Import MySql / Mariadb dump into container

cat gogs.sql | docker exec -i gitea_db_1 mysql --host=localhost --user=gitea --password=gitea gitea

Apache

docker run -d --name apache -p 8080:80 httpd:latest

Nginx
https://hub.docker.com/_/nginx

docker run --name nginx -v /tmp:/usr/share/nginx/html:ro -d -p 8080:80 nginx

GitLab runner

docker run -d --name gitlab-runner --restart always \
  -v /srv/gitlab-runner/config:/etc/gitlab-runner \
  -v /var/run/docker.sock:/var/run/docker.sock \
  gitlab/gitlab-runner:latest
 
docker run --rm -t -i -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \
    ...

Docker: HAProxy

Container
https://hub.docker.com/_/haproxy

Configuration
/tmp/haproxy/haproxy.cfg

global
  maxconn 4096
  #stats timeout 30s
  #debug
 
defaults
  log global
  mode http
  option httplog
  option dontlognull
  timeout connect 5000
  timeout client 50000
  timeout server 50000
  log 127.0.0.1 local0
  #option httpchk
 
frontend frontend1
  bind :80
  mode http
  use_backend backend1
 
backend backend1
  mode http
  balance roundrobin
  option httpchk GET / HTTP/1.1
  http-check expect status 400
  server www1 172.17.0.2:80 check
  server www2 172.17.0.4:80 check
  server www3 172.17.0.6:80 check
 
listen stats 
  bind :9000
  mode http
  stats enable
  stats hide-version
  stats realm Haproxy\ Statistics
  stats refresh 60s
  stats show-node
  stats auth haproxy:password
  stats uri /

Deploy

docker run -d --name haproxy -v /tmp/haproxy:/usr/local/etc/haproxy:ro -p 8080:80 -p 9000:9000 haproxy:latest
docker logs -f  haproxy

Nginx (proxy) Docker container

Create required directories
mkdir -p /etc/docker/nginx/{conf.d,html}

Configure nginx as webserver
cat < /etc/docker/nginx/conf.d/default.conf
server {
listen 80;
server_name _;

root /usr/share/nginx/html;
index index.html index.htm;
}
EOF

Configure nginx as proxy
cat < /etc/docker/nginx/conf.d/proxy.conf
server {
listen 80;
server_name foo.example.com;

location / {
proxy_pass http://localhost:8080/;
}
}
EOF

Create container

Kubernetes

kubectl Cheat Sheet
https://kubernetes.io/docs/reference/kubectl/cheatsheet/

Dump Kubernetes Objects
kubectl get componentstatuses
kubectl get configmaps
kubectl get daemonsets
kubectl get deployments
kubectl get events
kubectl get endpoints
kubectl get horizontalpodautoscalers
kubectl get ingress
kubectl get jobs
kubectl get limitranges
kubectl get nodes
kubectl get namespaces
kubectl get pods
kubectl get pods --all-namespaces -o wide
kubectl get persistentvolumes
kubectl get persistentvolumeclaims
kubectl get quota