Hi it’s me again 
I just understood @davidep made it happen, I mean Docker on Nethserver 7
But like @indra
How We could fix this ?
That package was just an experiment and is now obsolete, since Shorewall implemented a builtin support for Docker net filter chain.
Doh I just force the installation with yum --nogpgcheck 
1 Like
How did this go, not breaking to much other things? I would do it too, but mine is a production server with 50+ email accounts, file sharing, etc . Breaking it would be hell (and mess up my holiday).
Never be too prudent, so you could try it in a VM and have validate backup
but it when surprisingly very well I instead of using apache as proxy I dockerise it with HAProxy.
O btw, @stephdl; Portainer run well on Nethserver with Docker.
The only thing is the package is not maintained so it’s not a viable solution for production.
PS: I also stop the services and uninstall it, without any issue or need to reboot
Are you talking that you installed portainer by a rpm…you have a docker image for that. Does portainer is merely used ?
easy to play with portainer, on a NS7
curl -fsSL https://get.docker.com/ | sh
systemctl enable docker
systemctl start docker
docker run -d -p 9000:9000 -v "/var/run/docker.sock:/var/run/docker.sock" portainer/portainer
then go to http://IP:9000
create the first user admin, then set to run portainer ond the localhost. That’s all
Probably a zillion things more to do, but I can create a basic httpd ‘hello word’ reachable on port 32768
2 Likes
hum to clarify my tough, and following what “Discourse” propose, which means talking about one idea per post
the package is not maintained was related to nethserver-doker
so now my turn to ask you to clarify
you means if I install docker [quote=“stephdl, post:47, topic:1127”]
curl -fsSL https://get.docker.com/ | sh
systemctl enable docker
systemctl start docker
docker run -d -p 9000:9000 -v “/var/run/docker.sock:/var/run/docker.sock” portainer/portainer
[/quote]
I will have no firewall issue ?
You can try this after installing portainer:
config setprop firewall Docker enabled
signal-event firewall-adjust
I know you will have some troubles, but I don’t rember exactly when. Usually a firewall-adjust is enough to fix it.
1 Like
Guys; @stephdl & @giacomo
I love both of you so much, and everyone in this forum, but specially both of you 
I’m going to get ride of my CoreOS VM to put everything at the Nethserver level.
3 Likes
I’ll love you more once you will share with us your achievements! 
I’m eager to know what are you working on
The road is long but the way is free…please wait a bit, it is even not an alpha stage.
something more workable with the portainer container (persistent data and start at boot if not stopped)
yum update -y
curl -fsSL https://get.docker.com/ | sh
the service docker must be tricked with shorewall
cp /lib/systemd/system/docker.service /etc/systemd/system/docker.service
vim /etc/systemd/system/docker.service
then change
-After=network.target firewalld.service
+After=network.target shorewall.service
and to bind the 0.0.0.0 IP to your real IP, like this you will be able to reach the tcp port of your container directly in portainer (set the IP of your server)
-ExecStart=/usr/bin/dockerd
+ExecStart=/usr/bin/dockerd --ip=xxx.xxx.xxx.xxx
then update the docker service
systemctl daemon-reload
systemctl enable docker
systemctl start docker
create default entries
mkdir /etc/e-smith/db/configuration/defaults/docker
echo 'service' > /etc/e-smith/db/configuration/defaults/docker/type
echo 'enabled' > /etc/e-smith/db/configuration/defaults/docker/status
/etc/e-smith/events/actions/initialize-default-databases
config setprop firewall Docker enabled
signal-event firewall-adjust
create and launch the portainer docker
mkdir /var/lib/portainer
docker run -d -p 9000:9000 --restart unless-stopped --name portainer-container -v /var/lib/portainer:/data -v "/var/run/docker.sock:/var/run/docker.sock" portainer/portainer
a good article to read : https://media-glass.es/portainer-the-ui-for-docker-d067f6335f23
to update portainer, you need to update the image, then remove the container and create it again. Since the data is persistent on the host, you will found all your settings.
- update all your images
docker images | awk '/^REPOSITORY|\<none\>/ {next} {print $1}' | xargs -n 1 docker pull
- stop portainer
docker kill portainer-container
- remove portainer
docker rm portainer-container
- create again portainer
docker run -d -p 9000:9000 --restart unless-stopped --name portainer-container -v /var/lib/portainer:/data -v "/var/run/docker.sock:/var/run/docker.sock" portainer/portainer
4 Likes
@JOduMonT some news and feedbacks to share on docker and specially portainer…I love it
1 Like
What I would be interested in to know is how docker containers vs local install of an application relate in terms of resources needed. Anyone has any documentation or hands-on experience with that?
I’d love to see some comparison data.
I’m not sure the interest about the ressources is what you search with docker. In fact the possibility to install/kill/reinstall the container is a killer feature.
The data are safe if you link the data folder to the host.
The case of nextcloud is a good example, it needs several dependencies not available on ns, but with a container you can install it easily. Even if it is a container, you can configure it like if it is a real instance
docker exec -u www-data nextcloud php occ status
Actually docker is usable by the command line, and it is not really fun…but with portainer you can be safe of cli.
AFAIK the overhead of KVM hypervisor is less then 5%, in case of LXC container I think the overhead can be considered almost null.
I like very much the idea of portainer, we need only a safe way to integrate it with Shorewall.
4 Likes
For now I have just tested and played with container, create, link them together, kill them to test the persistent data…no really investigations with a security matter
this is what I did, following the advice of @filippo_carletti and your. Doesn’t it enough ?
Of course the docker is available by its specific port
It’s not enough: if docker or the firewall are restarted, all NAT chains are lost.
Thank I will test it