Installing Docker on Ubuntu-22.04
Installing Docker on Ubuntu 22.04 #
Much of this page shamelessly stolen from [This Digital Ocean Post][DOBlogpost].
Introduction #
Docker is an application that simplifies the process of managing application processes in containers. Containers let you run your applications in resource-isolated processes. They’re similar to virtual machines, but containers are more portable, more resource-friendly, and more dependent on the host operating system.
For a detailed introduction to the different components of a Docker container, ask me.
In this tutorial, you’ll install and use Docker Community Edition (CE) on Ubuntu 22.04. You’ll install Docker itself, work with containers and images, and push an image to a Docker Repository.
Wolfspyrelabs Prerequisites #
To follow this tutorial, you will need the following:
- One Ubuntu 22.04 server
- Server set up following the Ubuntu 22.04 initial server setup guide.
- including a sudo non-root user and a firewall.
- if you wish to create your own images and push them to Docker Hub, you’ll need an account on Docker Hub
Disable ipv6 #
for T in default all `ip link list |awk ' $1~/^[0-9]+:/ {print $2}'|sed -e 's/://'|egrep -v 'lo'`; do
echo -n "${T} - "
echo "net.ipv6.conf.${T}.disable_ipv6 = 1" >> /etc/sysctl.d/9901-disable-ipv6.conf;
echo 'Done';
done
sysctl -p /etc/sysctl.d/9901-disable-ipv6.conf
Set up apt proxy config #
cat << EOF>> /etc/apt/apt.conf.d/proxy.conf
Acquire::http::Proxy "http://skwirreltrap.wolfspyre.io:3128/";
Acquire::https::Proxy "http://skwirreltrap.wolfspyre.io:3128/";
EOF
Add skwirreltrap to /etc/hosts #
STUFF HERE
Add our Networks to /etc/networks #
..... STUFF HERE
Add our ssl certs #
STUFF HERE
1 — Installing Docker #
The Docker installation package available in the official Ubuntu repository may not be the latest version. To ensure we get the latest version, we’ll install Docker from the official Docker repository. To do that, we’ll add a new package source, add the GPG key from Docker to ensure the downloads are valid, and then install the package.
First, update your existing list of packages:
sudo apt update
Next, install a few prerequisite packages which let apt use packages over HTTPS:
sudo apt install apt-transport-https ca-certificates curl software-properties-common
Then add the GPG key for the official Docker repository to your system:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
Add the Docker repository to APT sources:
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Update your existing list of packages again for the addition to be recognized:
sudo apt update
Make sure you are about to install from the Docker repo instead of the default Ubuntu repo:
apt-cache policy docker-ce
You’ll see output like this, although the version number for Docker may be different:
Output of apt-cache policy docker-ce
docker-ce:
Installed: (none)
Candidate: 5:20.10.14~3-0~ubuntu-jammy
Version table:
5:20.10.14~3-0~ubuntu-jammy 500
500 https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages
5:20.10.13~3-0~ubuntu-jammy 500
500 https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages
Notice that docker-ce is not installed, but the candidate for installation is from the Docker repository for Ubuntu 22.04 (jammy).
Finally, install Docker:
sudo apt install docker-ce
To be explicit, however:
apt install containerd.io docker-ce-cli docker-ce-rootless-extras docker-scan-plugin git git-man iptables less liberror-perl libip6tc2 libltdl7 libnetfilter-conntrack3 libnfnetlink0 libnftnl11 libslirp0 patch pigz slirp4netns
Docker should now be installed, the daemon started, and the process enabled to start on boot.
Check that it’s running:
sudo systemctl status docker
The output should be similar to the following, showing that the service is active and running:
Output
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-04-01 21:30:25 UTC; 22s ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 7854 (dockerd)
Tasks: 7
Memory: 38.3M
CPU: 340ms
CGroup: /system.slice/docker.service
└─7854 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Installing Docker now gives you not just the Docker service (daemon) but also the docker command line utility, or the Docker client.
We’ll explore how to use the docker command later in this tutorial.
2 — Wolfspyrelabs Docker configuration #
docker daemon network configuration #
[docker’s networking documentation][docker-documentation-networking-bridge] about bridges is…. medium. took a bit of digging.
http://www.faqs.org/rfcs/rfc1918.html 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
sytemd config #
Docker’s config can be managed a few different ways… but on hosts configureed to use systemd, the proxy config cannot be managed in the daemon options in /etc/default/docker
systemd-resolved #
journald #
moving docker dir #
lvcreate TinkyVG -n TinkyDataLV -L +50G
mkfs.ext4 -m 0 -L TinkyDataFS -M /data /dev/mapper/TinkyVG-TinkyDataLV
echo 'LABEL=TinkyDataFS /data ext4 defaults 0 0' >> /etc/fstab
root@tinky:~# mount -=a^C
root@tinky:~# mkdir /data
root@tinky:~# mount -a
root@tinky:~# ls /data
lost+found
mkdir /data/docker
mkdir /data/docker-tmp
service docker stop&& cd /var/lib/docker/&& tar cpf - . | (cd /data/docker/&& tar xpf -); du -sh /data/docker /var/lib/docker&& cd / && rm -rf /var/lib/docker; ln -s /data/docker /var/lib/docker
/etc/docker/daemon.json
cat <<EOF>>/etc/docker/daemon.json
{
"data-root": "/data/docker",
"log-driver": "journald"
}
EOF
setting Docker proxy amd other runtime env vars #
mkdir -p /etc/systemd/system/docker.service.d/
cat <<EOF>> /etc/systemd/system/docker.service.d/wolfspyre-settings.conf
[Service]
Environment="HTTP_PROXY=http://skwirreltrap.wolfspyre.io:3128"
Environment="HTTPS_PROXY=http://skwirreltrap.wolfspyre.io:3128"
Environment="NO_PROXY=localhost,127.0.0.1,*.wolfspyre.io,*.wolfspyre.com,127.0.0.0/8,10.0.0.0/8,198.18.0.0/15,192.0.2.0/24"
Environment=DOCKER_TMPDIR="/data/docker-tmp"
EOF
Step 3 — Executing the Docker Command Without Sudo (Optional) #
By default, the docker command can only be run the root user or by a user in the docker group, which is automatically created during Docker’s installation process. If you attempt to run the docker command without prefixing it with sudo or without being in the docker group, you’ll get an output like this:
Output
docker: Cannot connect to the Docker daemon. Is the docker daemon running on this host?.
See ‘docker run --help’.
If you want to avoid typing sudo whenever you run the docker command, add your username to the docker group:
sudo usermod -aG docker ${USER}
Copy
To apply the new group membership, log out of the server and back in, or type the following:
su - ${USER}
You will be prompted to enter your user’s password to continue.
Confirm that your user is now added to the docker group by typing:
groups
sammy sudo docker
If you need to add a user to the docker group that you’re not logged in as, declare that username explicitly using:
sudo usermod -aG docker username Copy The rest of this article assumes you are running the docker command as a user in the docker group. If you choose not to, please prepend the commands with sudo.
Let’s explore the docker command next.
Step 3 — Using the Docker Command
https://docs.docker.com/engine/reference/commandline/dockerd/ [DOBlogpost]: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-22-04 [docker-documentation-networking-bridge]: https://docs.docker.com/network/bridge/ [rfc1918]: http://www.faqs.org/rfcs/rfc1918.html [docker-documentation-registry-mirror]:https://docs.docker.com/registry/recipes/mirror/