The Go Blog

Docker Introduction on the raspberry pi

bantana
4 June 2015

docker info

12:59 $ sudo docker info
Containers: 15
Images: 18
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 48
Execution Driver: native-0.2
Kernel Version: 3.18.6-v7+
Operating System: Raspbian GNU/Linux 7 (wheezy)
CPUs: 4
Total Memory: 744.5 MiB
Name: devpi
ID: NXCY:K4QS:REBY:IFVD:QZW3:LPYH:BKUS:SVNO:PJFV:4P2R:F6YN:NGMR
Debug mode (server): true
Debug mode (client): false
Fds: 10
Goroutines: 15
EventsListeners: 0
Init Path: /usr/bin/docker
Docker Root Dir: /var/lib/docker
WARNING: No memory limit support
WARNING: No swap limit support

docker search

13:23 $ sudo docker search tutorial

NAME                                       DESCRIPTION       STARS     OFFICIAL   AUTOMATED
learn/tutorial                                               10
caterpillar/java-tutorial                                    2
caterpillar/python-tutorial                                  2
florentbenoit/docker-angularjs-tutorials                     1                    [OK]
tobegit3hub/tutorial-beego                                   0                    [OK]
mgalloy/docker-austin-tutorial-02                            0                    [OK]
msfuko/nodejs-tutorial                                       0                    [OK]
alectolytic/quagga-bgp-tutorial                              0                    [OK]

13:14 $ sudo docker search redis

NAME                         DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
redis                        Redis is an open source key-value store th...   801       [OK]
tutum/redis                  Redis Docker image image – listens in po...     26                   [OK]
torusware/speedus-redis      Always updated official Redis docker image...   24                   [OK]
sameersbn/redis                                                              10                   [OK]
orchardup/redis              https://github.com/orchardup/docker-redis       5                    [OK]
clue/redis-benchmark         A minimal docker image to ease running the...   2                    [OK]
nicescale/redis              Redis services in NiceScale Platform, you ...   1                    [OK]
kampka/redis                 A Redis image build from source on top of ...   1                    [OK]
williamyeh/redis             Redis image for Docker                          1                    [OK]

docker pull learn/tutorial

13:29 $ sudo docker pull learn/tutorial
Pulling repository learn/tutorial
8dbd9e392a96: Download complete
Status: Image is up to date for learn/tutorial:latest
devpi✔

docker images

3:30 $ sudo docker images
REPOSITORY          TAG                 IMAGE ID            CREATED              VIRTUAL SIZE
redis               3                   0f3059144681        17 hours ago         111 MB
redis               3.0                 0f3059144681        17 hours ago         111 MB
redis               3.0.2               0f3059144681        17 hours ago         111 MB
redis               latest              0f3059144681        17 hours ago         111 MB
learn/tutorial      latest              8dbd9e392a96        2.149806 years ago   128 MB

docker images create

apt-get install locales
locale-gen en_US en_US.UTF-8
dpkg-reconfigure locales
reboot ro exit

dpkg-reconfigure openssh-server

default configuration for libcontainer

$ find ./ -type f |xargs grep -i "default configuration for libcontainer"
.//daemon/execdriver/native/template/default_template.go:// New returns the docker default configuration for libcontainer
✔ ~/goproj/src/github.com/docker/docker [master|✔]
00:05 $ cat .//daemon/execdriver/native/template/default_template.go
package template

import (
  "syscall"

  "github.com/docker/libcontainer/apparmor"
  "github.com/docker/libcontainer/configs"
)

const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV

// New returns the docker default configuration for libcontainer
func New() *configs.Config {
  container := &configs.Config{
    Capabilities: []string{
      "CHOWN",
      "DAC_OVERRIDE",
      "FSETID",
      "FOWNER",
      "MKNOD",
      "NET_RAW",
      "SETGID",
      "SETUID",
      "SETFCAP",
      "SETPCAP",
      "NET_BIND_SERVICE",
      "SYS_CHROOT",
      "KILL",
      "AUDIT_WRITE",
    },
    Namespaces: configs.Namespaces([]configs.Namespace{
      {Type: "NEWNS"},
      {Type: "NEWUTS"},
      {Type: "NEWIPC"},
      {Type: "NEWPID"},
      {Type: "NEWNET"},
    }),
    Cgroups: &configs.Cgroup{
      Parent:           "docker",
      AllowAllDevices:  false,
      MemorySwappiness: -1,
    },
    Mounts: []*configs.Mount{
      {
        Source:      "proc",
        Destination: "/proc",
        Device:      "proc",
        Flags:       defaultMountFlags,
      },
      {
        Source:      "tmpfs",
        Destination: "/dev",
        Device:      "tmpfs",
        Flags:       syscall.MS_NOSUID | syscall.MS_STRICTATIME,
        Data:        "mode=755",
      },
      {
        Source:      "devpts",
        Destination: "/dev/pts",
        Device:      "devpts",
        Flags:       syscall.MS_NOSUID | syscall.MS_NOEXEC,
        Data:        "newinstance,ptmxmode=0666,mode=0620,gid=5",
      },
      {
        Device:      "tmpfs",
        Source:      "shm",
        Destination: "/dev/shm",
        Data:        "mode=1777,size=65536k",
        Flags:       defaultMountFlags,
      },
      {
        Source:      "mqueue",
        Destination: "/dev/mqueue",
        Device:      "mqueue",
        Flags:       defaultMountFlags,
      },
      {
        Source:      "sysfs",
        Destination: "/sys",
        Device:      "sysfs",
        Flags:       defaultMountFlags | syscall.MS_RDONLY,
      },
      {
        Source:      "cgroup",
        Destination: "/sys/fs/cgroup",
        Device:      "cgroup",
        Flags:       defaultMountFlags | syscall.MS_RDONLY,
      },
    },
    MaskPaths: []string{
      "/proc/kcore",
      "/proc/latency_stats",
      "/proc/timer_stats",
    },
    ReadonlyPaths: []string{
      "/proc/asound",
      "/proc/bus",
      "/proc/fs",
      "/proc/irq",
      "/proc/sys",
      "/proc/sysrq-trigger",
    },
  }

  if apparmor.IsEnabled() {
    container.AppArmorProfile = "docker-default"
  }

  return container
}

about the --cap-add:

cd github.com/docker/docker
find ./ -type f |xargs grep -i "var capabilityList"
.//vendor/src/github.com/docker/libcontainer/capabilities_linux.go:var capabilityList = map[string]capability.Cap{

var capabilityList = map[string]capability.Cap{
  "SETPCAP":          capability.CAP_SETPCAP,
  "SYS_MODULE":       capability.CAP_SYS_MODULE,
  "SYS_RAWIO":        capability.CAP_SYS_RAWIO,
  "SYS_PACCT":        capability.CAP_SYS_PACCT,
  "SYS_ADMIN":        capability.CAP_SYS_ADMIN,
  "SYS_NICE":         capability.CAP_SYS_NICE,
  "SYS_RESOURCE":     capability.CAP_SYS_RESOURCE,
  "SYS_TIME":         capability.CAP_SYS_TIME,
  "SYS_TTY_CONFIG":   capability.CAP_SYS_TTY_CONFIG,
  "MKNOD":            capability.CAP_MKNOD,
  "AUDIT_WRITE":      capability.CAP_AUDIT_WRITE,
  "AUDIT_CONTROL":    capability.CAP_AUDIT_CONTROL,
  "MAC_OVERRIDE":     capability.CAP_MAC_OVERRIDE,
  "MAC_ADMIN":        capability.CAP_MAC_ADMIN,
  "NET_ADMIN":        capability.CAP_NET_ADMIN,
  "SYSLOG":           capability.CAP_SYSLOG,
  "CHOWN":            capability.CAP_CHOWN,
  "NET_RAW":          capability.CAP_NET_RAW,
  "DAC_OVERRIDE":     capability.CAP_DAC_OVERRIDE,
  "FOWNER":           capability.CAP_FOWNER,
  "DAC_READ_SEARCH":  capability.CAP_DAC_READ_SEARCH,
  "FSETID":           capability.CAP_FSETID,
  "KILL":             capability.CAP_KILL,
  "SETGID":           capability.CAP_SETGID,
  "SETUID":           capability.CAP_SETUID,
  "LINUX_IMMUTABLE":  capability.CAP_LINUX_IMMUTABLE,
  "NET_BIND_SERVICE": capability.CAP_NET_BIND_SERVICE,
  "NET_BROADCAST":    capability.CAP_NET_BROADCAST,
  "IPC_LOCK":         capability.CAP_IPC_LOCK,
  "IPC_OWNER":        capability.CAP_IPC_OWNER,
  "SYS_CHROOT":       capability.CAP_SYS_CHROOT,
  "SYS_PTRACE":       capability.CAP_SYS_PTRACE,
  "SYS_BOOT":         capability.CAP_SYS_BOOT,
  "LEASE":            capability.CAP_LEASE,
  "SETFCAP":          capability.CAP_SETFCAP,
  "WAKE_ALARM":       capability.CAP_WAKE_ALARM,
  "BLOCK_SUSPEND":    capability.CAP_BLOCK_SUSPEND,
  "AUDIT_READ":       capability.CAP_AUDIT_READ,
}

Related articles