[lug] A few docker questions...

Bear Giles bgiles at coyotesong.com
Sat Jan 25 09:34:34 MST 2020 

A have a few docker questions since I know there have been a few
presentations and I have no idea how to do a search without getting a ton
of false matches.

*Problem statement*

The immediate problem is that I'm trying to set up 'pihole' for DNS
filtering. I've used it on a rPi but for some reason it gets itself tied up
in knots after a month or two. It's also incredibly sensitive to power hits
- it's on a UPS but sometimes we lose power for so long that the UPS dies
and I haven't set up apcd for automatic shutdowns yet.

On the rPi I can use host networking since it's the only docker container
running.

However I *can't* use it on my more powerful servers since it grabs ports
80 and 443 in addition to port 53. Those servers are running multiple
containers and many want to grab the http/https ports. It really needs to
be on its own IP address.

In most cases I could remap the port but it's different with the host
network (or more precisely 'network_mode: host') since it doesn't allow
ports to be remapped.

I'm looking at pihole at the moment but in truth I have a number of
services running that I would like to access from everywhere on my home
network. Most can stay on an internal CIDR but one or two, e.g., pihole,
would be useful if I can put them on main CIDR.

*Constraint*

I want to capture this in docker-compose.yml. It's partly for documentation
- I find it really convenient to define everything via docker-compose.yml
since it makes it easy to add auxiliary containers as needed. However
there's either not a direct mapping between the command line options on
'docker run ...' or I'm missing something important.

*Wrong answer #1*

One *wrong* answer is to use a bridge network. It works fine locally - but
the containers aren't visible outside of that host.

*Wrong answer #2*

Another *wrong* answer is to use a user-defined bridge network that
overlays the main CIDR. You either can't do it or it totally messes up your
host's networking.

*First question - docker-compose*

The first question is pretty straightforward. Is there a way for a
docker-compose.yml file to specify a host ip address without everything
being bound to 0.0.0.0? Ports can't be remapped and I haven't been able to
figure out the magic 'network' stanza that allows me to specify a single ip
address. For instance I tried

version: "3.5"

services:
  sh:
    image: ubuntu
    container_name: sh
    networks:
      host:
        ipv4_address: 10.0.20.3

networks:
  host:
    external: true

but get

bgiles at eris:/tmp$ docker-compose up
Creating sh ... error

ERROR: for sh  user specified IP address is supported on user defined
networks only

ERROR: for sh  user specified IP address is supported on user defined
networks only
ERROR: Encountered errors while bringing up the project.


*Second question - overlay networks*

The second question is more advanced - I've tried to create an overlay
network. I've created the network (which required calling 'docker swarm init'
first), created a server running 'consul' for the key-value pairs. I
figured out where Ubuntu hides the docker.conf information. However when I
add

ExecStart=/usr/bin/dockerd -H fd://
--containerd=/run/containerd/containerd.sock --cluster-store=consul://
192.168.1.15:8500/network --cluster-advertise=eno1:0


It fails but I haven't found helpful error messages. I verified (with curl)
that I can query that server. The 'eno1' is my ethernet device that can
reach that address and I've tried it with both 'eno1' and 'eno1:0'.

The book I'm referencing may be outdated - do I need something else?

*Third question - other overlay networks? Other key-value servers?*

The book I'm reading also discusses the OVS virtual network but doesn't go
into much depth over why you would want to use it instead of the default
virtual network. If anything it recommends sticking with the default vx.
Are there benefits to using a different one?

There's also references to other key-value servers, e.g., etcd and
zookeeper. Again are there benefits to that? In fact, long term, I may
switch to zookeeper since I know it integrates into hadoop. However that's
a bit more than I want to bite off at the moment unless there's a clear
benefit for it.

*Fourth question - docker swarm and Ubuntu*

The third question relates to docker swarm. I've also been looking at it
and it seems to require docker-machine. However it's not in the Ubuntu
docker.io package and I can't find it in a different package. 'apt-cache
search' suggests the docker snap but I've had bad experiences with it. I'll
grant that it's mostly because I somehow had both docker.io and docker snap
installed on a system but when I was cleaning up that mess I tried to use
the docker snap on all of my systems and couldn't get past some problems on
one of the hosts.

Is it possible to use docker swarm on Ubuntu?

Thanks...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20200125/3dfb83ba/attachment.html>

More information about the LUG mailing list