{"id":294,"date":"2018-04-29T19:47:02","date_gmt":"2018-04-29T17:47:02","guid":{"rendered":"https:\/\/ubuntu.dirkschmidtke.de\/?post_type=portfolio&#038;p=294"},"modified":"2025-01-07T19:13:00","modified_gmt":"2025-01-07T18:13:00","slug":"docker","status":"publish","type":"portfolio","link":"https:\/\/ubuntu.dirkschmidtke.de\/en\/portfolio\/docker\/","title":{"rendered":"Docker"},"content":{"rendered":"<p><a href=\"https:\/\/www.docker.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Docker<\/a> is the hottest shit in virtualization, a quasi-standard for application containers isolated from each other. The larger the machine parks to be managed, the more worthwhile it is to set them up and <em> &#8220;orchestrate<\/em>&#8221; them.<\/p>\n<p>But Docker can also be worthwhile on a smaller scale: complex applications that would normally require a server admin to install and configure numerous packages can be <em>&#8220;deployed&#8221;<\/em> &#8211; installed, started, stopped, restored to a previous state or deleted &#8211; with just a few commands.<\/p>\n<p>The version control system Git is used for downloading and synchronizing the image files.<\/p>\n<h3>Installation<\/h3>\n<p>Installation via the Ubuntu package sources is possible:<\/p>\n<pre>sudo apt-get install docker.io<\/pre>\n<p>Allthough Ubuntu LTS receives updates of the Docker package, it is worthwhile to get fresh packages immediately from Docker&#8217;s own repository. Their docker package is called docker-ce (&#8220;ce&#8221; like Community Edition), not docker.io.<\/p>\n<pre>sudo curl -fsSL https:\/\/download.docker.com\/linux\/ubuntu\/gpg -o \/etc\/apt\/keyrings\/docker.asc\r\nsudo chmod a+r \/etc\/apt\/keyrings\/docker.asc\r\necho \"deb [arch=$(dpkg --print-architecture) signed-by=\/etc\/apt\/keyrings\/docker.asc] https:\/\/download.docker.com\/linux\/ubuntu \\\r\n$(. \/etc\/os-release &amp;&amp; echo \"$VERSION_CODENAME\") stable\" | \\\r\nsudo  tee \/etc\/apt\/sources.list.d\/docker.list &gt; \/dev\/null\r\nsudo apt update\r\nsudo apt install docker-ce<\/pre>\n<p>Easier, but not secure, is it to pull the latest version via the setup script from <a href=\"https:\/\/get.docker.com\" target=\"_blank\" rel=\"noopener noreferrer\">get.docker.com<\/a>:<\/p>\n<pre>wget -qO- https:\/\/get.docker.com\/ | sh<\/pre>\n<h3>Running docker as root and rootless<\/h3>\n<p>Docker requires root rights to run the Docker daemon and all containers. This inevitably creates a security problem. If you do not run Docker as root or via sudo, but add your own user to the docker group, this gives your user root-like rights, which does not mitgate the problem.<\/p>\n<p>The Docker developers are aware of this problem and have created a remedy with Docker Rootless. This often works, as long as containers do not require root rights.<\/p>\n<p>To configure a Docker CE setup so that Docker is executed in an unprivileged namespace, install the following package, which performs the actions of the <a href=\"https:\/\/get.docker.com\/rootless\" target=\"_blank\" rel=\"noopener\">rootless script<\/a> and also configures an App Armor profile to allow unprivileged processes to create user namespaces:<\/p>\n<pre>sudo apt install docker-ce-rootless-extras<\/pre>\n<h3>Alternatives<\/h3>\n<p>Redhat has released <a href=\"https:\/\/podman.io\/\" target=\"_blank\" rel=\"noopener\">Podman<\/a>, a partially compatible alternative to Docker that does not require root rights by default.<\/p>","protected":false},"excerpt":{"rendered":"<p>How to install docker.io from the Ubuntu repository or docker-ce from the company website. Should you run it with root or rootless? Is it okay to add your user to the docker group?<\/p>\n","protected":false},"author":1,"featured_media":296,"comment_status":"open","ping_status":"closed","template":"","meta":{"footnotes":""},"portfolio_category":[23],"portfolio_tag":[],"class_list":["post-294","portfolio","type-portfolio","status-publish","has-post-thumbnail","hentry","portfolio_category-virtualisierung-emulatoren"],"_links":{"self":[{"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio\/294","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio"}],"about":[{"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/types\/portfolio"}],"author":[{"embeddable":true,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/comments?post=294"}],"version-history":[{"count":10,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio\/294\/revisions"}],"predecessor-version":[{"id":959,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio\/294\/revisions\/959"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/media\/296"}],"wp:attachment":[{"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/media?parent=294"}],"wp:term":[{"taxonomy":"portfolio_category","embeddable":true,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio_category?post=294"},{"taxonomy":"portfolio_tag","embeddable":true,"href":"https:\/\/ubuntu.dirkschmidtke.de\/en\/wp-json\/wp\/v2\/portfolio_tag?post=294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}