What about Docker on NethServer 7?

alefattorini · September 22, 2016, 3:01pm

Thanks for your advice, I think that docker will be a killer application for our next release! We have to think the best approach for NethServer, trying to keep things as simple as possible

Please keep hanging around, you won’t regret it.

Walter_Schoenly · September 23, 2016, 9:23pm

On an inverted Docker note, there is an offical centos 7 dockerfile (container) on Docker Hub.

https://hub.docker.com/_/centos/

This would mean that you could install Nethserver in a docker container using a centos installation method. This also allows for the possibility of developing our own Nethserver containers for distribution.

Oh, wait… post is for nothing. Looks like this has already been toyed with…
https://hub.docker.com/r/nethserver/docker-demo/

filippo_carletti · September 23, 2016, 9:58pm

That’s the demo of NethServer running on the official Demo running on Docker – NethServer
We have plans to work on docker after the final release of NethServer 7.

JOduMonT · October 1, 2016, 10:12pm

Not sure i’m following the same idea of @Walter_Schoenly
But just in case KVM into Docker exemple :

syntaxerrormmm · March 16, 2017, 8:43pm

Have somethings moved in the meantime?

I’m experimenting Docker in 7 with little integration with standard Community release (some tweaks with shorewall and some with default values but quite fine). At the moment I have all the stuff manually set up, trying to get this working with NextCloud (no avail for the moment).

Also, do you plan to have a GUI? (I have seen there’s a cockpit-docker package but I didn’t check it out toroughly). I would advice Portainer as a GUI, if cockpit is not going to be ok with 7.

davidep · March 17, 2017, 8:35am

There is native Docker support in shorewall 5 and my experiment should not be required anymore!

I think firewall rules integration was the biggest issue. Now that the shorewall developers fixed it we could integrate the solution (trivial):

# grep -n -i docker /etc/shorewall/*
/etc/shorewall/shorewall.conf:174:DOCKER=No  # <- change to "Yes"

I’ve no plans to develop neither an API nor a GUI for NethServer+Docker at this moment: there are too many use-case specific requirements (things that depend on what I install), and few general requirements (backup? front-end http?..). I’d start with a howto/prototype, as usual, to catch them all!

filippo_carletti · March 17, 2017, 10:50am

To change shorewall.conf:

config setprop firewall Docker enabled
signal-event firewall-adjust

giacomo · March 20, 2017, 1:02pm

I played a bit both with docker and Portainer on NS 7.
Even if Shorewall as built-in support for docker, it doesn’t work out.of.the-box.

Probably we need to hack something, but I don’t have time right now.
Does anyone want to try playing with Shorewall and Docker?

syntaxerrormmm · March 21, 2017, 4:40pm

Aye, I had to do other changes on shorewall policies to enable Portainer access. Will document it if needed, just say it is.

Not a lot of time to spare, but the argument seems interesting on my side. Not in short time, but I plan to spend some time on the issue.

JOduMonT · March 24, 2017, 2:16pm

I know I’ll probably dig deeper in a way people don’t want but
recently I tried the new FreeNAS Corral (please don’t do this error

and they claim offer VM and Docker … but in reality they turn boot2docker into a VM which I think it’s not for production (but again it’s me).

So all that for just saying if you/me/we/us craving so much for Docker
Why not running CoreOS inside a VM with apache proxy in Nethserver

stephdl · March 25, 2017, 2:13am

I don’t use docker but what about their docker management panel ?

Edit: i meant cockpit and their docker panel management

Jclendineng · March 27, 2017, 2:33pm

See I run freenas 9.* and the jails are fantastic. The issue I have with docker on the new corral is that I dont have the resources to dedicate to a vm for EVERY docker instance, plex, nextcloud, etc. I liked the way it handled it pre-corral, and docker is a good idea for people with lots of cores, just not for home server instances. /offtopic

JOduMonT · March 27, 2017, 9:29pm

to be beautiful it is very beautiful
1’ but like the guy said on is demo they try (but they don’t) to not over user local resource
I means I had a hard time with my old MacBookPro 8.1 to run it.

2’ My second point is I don’t like the fact they force me to use Chrome.

But at the end it’s look like a https://my-netdata.io/ with over kill demand of resource.

As you probably figure I try a lot of stuff
One cockpit I try these days for Docker is : http://portainer.io/
It’s light but give you power to dig and is quite intuitive.

stephdl · March 27, 2017, 9:43pm

Yes it looks nice, did you try it On NS ?

JOduMonT · March 28, 2017, 8:10am

hum netdata ? yes I try it on nethserver

portainer ? yes and no, it’s what I use with my CoreOS which is in KVM on Nethserver.

stephdl · March 28, 2017, 9:31am

I recall a conference at the fosdem last year…5 levels of virtualisation… It could be nice to test it directly in NS.

JOduMonT · March 29, 2017, 12:56pm

Hi it’s me again

I just understood @davidep made it happen, I mean Docker on Nethserver 7

But like @indra

How We could fix this ?

davidep · March 29, 2017, 12:58pm

That package was just an experiment and is now obsolete, since Shorewall implemented a builtin support for Docker net filter chain.

JOduMonT · March 29, 2017, 12:59pm

Doh I just force the installation with yum --nogpgcheck

indra · March 30, 2017, 6:46am

How did this go, not breaking to much other things? I would do it too, but mine is a production server with 50+ email accounts, file sharing, etc . Breaking it would be hell (and mess up my holiday).