====== Docker - 仮想化コンテナ ====== {{windows:docker_container_engine_logo.png?200|Docker Logo}}\\ **Docker** (ドッカー) は、コンテナと呼ばれるOSレベルの仮想化(英語版)環境を提供するオープンソースソフトウェアである。VMware 製品などの完全仮想化を行うハイパーバイザ型製品と比べて、ディスク使用量は少なく、仮想環境(インスタンス) 作成や起動は速く、性能劣化がほとんどないという利点を持つ。\\ [[wwjp>Docker|Docker - Wikiwand]] より\\ \\ 本家: [[https://www.docker.com/|Docker: Accelerated Container Application Development]]\\ ソースコード: [[https://github.com/docker/docker-ce|GitHub - docker/docker-ce: Docker CE]]\\ ドキュメント: [[http://docs.docker.jp/|Docker ドキュメント日本語化プロジェクト — Docker-docs-ja 24.0 ドキュメント]]\\ \\ [[windows:docker|Docker - 仮想化コンテナ]] (Windows)\\ \\ [[linux:podman|Podman - ローカル環境からコンテナと Kubernetes をシームレスに操作]]\\ ※Docker互換の次世代コンテナエンジンに移行を推奨😉\\ ===== インストール ===== 公式: [[https://docs.docker.com/engine/install/fedora/|Install Docker Engine on Fedora | Docker Docs]] [[gtr>https://docs.docker.com/engine/install/fedora/|翻訳]]\\
$ sudo dnf -y install dnf-plugins-core
パッケージ dnf-plugins-core-4.4.4-1.fc39.noarch は既にインストールされています。
$ sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
repo の追加: https://download.docker.com/linux/fedora/docker-ce.repo
$ sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Docker CE Stable - x86_64                                                      13 kB/s |  11 kB     00:00    
docker 自動起動設定🤔\\
$ sudo systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
$ sudo docker run --rm hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete 
Digest: sha256:d000bc569937abbe195e20322a0bde6b2922d805332fd6d8a68b19f524b7d21d
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:

For more examples and ideas, visit:
==== インストール後の手順 ==== [[https://docs.docker.com/engine/install/linux-postinstall/|Linux post-installation steps for Docker Engine | Docker Docs]] [[gtr>https://docs.docker.com/engine/install/linux-postinstall/|翻訳]]\\ Docker デーモンは Unix ソケットにバインドするので、デフォルトでは、Unix ソケットを所有するのは root ユーザーであり、他のユーザーは sudo を使用してのみそれにアクセスできる。Docker デーモンは常に root ユーザーとして実行される。
$ docker run hello-world
docker: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
$ sudo ls -al /var/run/docker.sock
srw-rw---- 1 root docker 0  2月 17 06:31 /var/run/docker.sock
**非 root ユーザーとして Docker を管理するには... (開発環境向け)**\\ docker グループを作成する。(通常はインストール時に作成されている)\\
$ sudo groupadd docker
groupadd: グループ 'docker' は既に存在します
Docker を管理するユーザーを docker グループに追加する。\\
$ id tomoyan
uid=1000(tomoyan) gid=1000(tomoyan) groups=1000(tomoyan),10(wheel),18(dialout)
$ sudo usermod -aG docker $USER
$ id tomoyan
uid=1000(tomoyan) gid=1000(tomoyan) groups=1000(tomoyan),10(wheel),18(dialout),972(docker)
$ newgrp docker
開発環境では docker グループに所属するユーザーは、sudo で管理者実行する必要がなくなるので作業効率がアップします😍💕💕💕\\
$ docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:

For more examples and ideas, visit:

Docker からこんにちは!

このメッセージを生成するために、Docker は次の手順を実行しました。
 1. Docker クライアントが Docker デーモンに接続しました。
 2. Docker デーモンは、Docker Hub から「hello-world」イメージをプルしました。
 3. Docker デーモンは、そのイメージから新しいコンテナを作成し、
 4. Docker デーモンはその出力を Docker クライアントにストリーミングし、Docker クライアントがそれを送信しました。

もっと野心的なことを試すには、次のコマンドを使用して Ubuntu コンテナを実行できます。
 $ docker run -it ubuntu bash

無料の Docker ID を使用して、イメージを共有したり、ワークフローを自動化したりできます。

==== 使い方 ==== ==== コンテナビルド [build] ====
$ docker build --help

Usage:  docker buildx build [OPTIONS] PATH | URL | -

Start a build

  docker buildx build, docker buildx b

ディレクトリを作成して Dockerfile を作成する🤔\\
$ mkdir haruo_docker && cd haruo_docker
$ nano Dockerfile
FROM docker.io/amd64/fedora:39

RUN dnf update -y && \
dnf install -y git glibc-locale-source glibc-langpack-ja figlet lolcat neofetch && \
dnf clean all
# cowsay figlet toilet lolcat neofetch

RUN localedef --force -i ja_JP -f UTF-8 ja_JP.UTF-8 && \
ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && \
echo $TZ > /etc/timezone

RUN git clone --depth 1 https://github.com/xero/figlet-fonts.git
ADD ./message /message
CMD cat /message | figlet -f "Bloody" -d "/figlet-fonts" -w 120 | lolcat && \
neofetch | lolcat && \
date | lolcat
$ docker build --tag haruo_docker:0.01 .
$ docker build --tag haruo_docker:0.01 --no-cache .
進行状況のプレーン出力を得るには --progress plain を指定できる🤔 (標準は --progress auto)\\
$ docker build --tag haruo_docker:0.01 --no-cache --progress plain .
#0 building with "default" instance using docker driver

#6 215.1 Last metadata expiration check: 0:01:48 ago on Tue Feb 20 13:41:10 2024.
#6 215.4 Dependencies resolved.
#6 215.5 Downloading Packages:
==== コンテナ実行 [run] ====
$ docker run --help

Usage:  docker run [OPTIONS] IMAGE [COMMAND] [ARG...]

Create and run a new container from an image

  docker container run, docker run

      --add-host list                  Add a custom host-to-IP mapping (host:ip)
      --annotation map                 Add an annotation to the container (passed through to the OCI
                                       runtime) (default map[])
  -a, --attach list                    Attach to STDIN, STDOUT or STDERR
      --blkio-weight uint16            Block IO (relative weight), between 10 and 1000, or 0 to disable
                                       (default 0)
      --blkio-weight-device list       Block IO weight (relative device weight) (default [])
      --cap-add list                   Add Linux capabilities
      --cap-drop list                  Drop Linux capabilities
      --cgroup-parent string           Optional parent cgroup for the container
      --cgroupns string                Cgroup namespace to use (host|private)
                                       'host':    Run the container in the Docker host's cgroup
                                       'private': Run the container in its own private cgroup namespace
                                       '':        Use the cgroup namespace as configured by the
                                                  default-cgroupns-mode option on the daemon (default)
      --cidfile string                 Write the container ID to the file
      --cpu-period int                 Limit CPU CFS (Completely Fair Scheduler) period
      --cpu-quota int                  Limit CPU CFS (Completely Fair Scheduler) quota
      --cpu-rt-period int              Limit CPU real-time period in microseconds
      --cpu-rt-runtime int             Limit CPU real-time runtime in microseconds
  -c, --cpu-shares int                 CPU shares (relative weight)
      --cpus decimal                   Number of CPUs
      --cpuset-cpus string             CPUs in which to allow execution (0-3, 0,1)
      --cpuset-mems string             MEMs in which to allow execution (0-3, 0,1)
  -d, --detach                         Run container in background and print container ID
      --detach-keys string             Override the key sequence for detaching a container
      --device list                    Add a host device to the container
      --device-cgroup-rule list        Add a rule to the cgroup allowed devices list
      --device-read-bps list           Limit read rate (bytes per second) from a device (default [])
      --device-read-iops list          Limit read rate (IO per second) from a device (default [])
      --device-write-bps list          Limit write rate (bytes per second) to a device (default [])
      --device-write-iops list         Limit write rate (IO per second) to a device (default [])
      --disable-content-trust          Skip image verification (default true)
      --dns list                       Set custom DNS servers
      --dns-option list                Set DNS options
      --dns-search list                Set custom DNS search domains
      --domainname string              Container NIS domain name
      --entrypoint string              Overwrite the default ENTRYPOINT of the image
  -e, --env list                       Set environment variables
      --env-file list                  Read in a file of environment variables
      --expose list                    Expose a port or a range of ports
      --gpus gpu-request               GPU devices to add to the container ('all' to pass all GPUs)
      --group-add list                 Add additional groups to join
      --health-cmd string              Command to run to check health
      --health-interval duration       Time between running the check (ms|s|m|h) (default 0s)
      --health-retries int             Consecutive failures needed to report unhealthy
      --health-start-period duration   Start period for the container to initialize before starting
                                       health-retries countdown (ms|s|m|h) (default 0s)
      --health-timeout duration        Maximum time to allow one check to run (ms|s|m|h) (default 0s)
      --help                           Print usage
  -h, --hostname string                Container host name
      --init                           Run an init inside the container that forwards signals and reaps
  -i, --interactive                    Keep STDIN open even if not attached
      --ip string                      IPv4 address (e.g.,
      --ip6 string                     IPv6 address (e.g., 2001:db8::33)
      --ipc string                     IPC mode to use
      --isolation string               Container isolation technology
      --kernel-memory bytes            Kernel memory limit
  -l, --label list                     Set meta data on a container
      --label-file list                Read in a line delimited file of labels
      --link list                      Add link to another container
      --link-local-ip list             Container IPv4/IPv6 link-local addresses
      --log-driver string              Logging driver for the container
      --log-opt list                   Log driver options
      --mac-address string             Container MAC address (e.g., 92:d0:c6:0a:29:33)
  -m, --memory bytes                   Memory limit
      --memory-reservation bytes       Memory soft limit
      --memory-swap bytes              Swap limit equal to memory plus swap: '-1' to enable unlimited swap
      --memory-swappiness int          Tune container memory swappiness (0 to 100) (default -1)
      --mount mount                    Attach a filesystem mount to the container
      --name string                    Assign a name to the container
      --network network                Connect a container to a network
      --network-alias list             Add network-scoped alias for the container
      --no-healthcheck                 Disable any container-specified HEALTHCHECK
      --oom-kill-disable               Disable OOM Killer
      --oom-score-adj int              Tune host's OOM preferences (-1000 to 1000)
      --pid string                     PID namespace to use
      --pids-limit int                 Tune container pids limit (set -1 for unlimited)
      --platform string                Set platform if server is multi-platform capable
      --privileged                     Give extended privileges to this container
  -p, --publish list                   Publish a container's port(s) to the host
  -P, --publish-all                    Publish all exposed ports to random ports
      --pull string                    Pull image before running ("always", "missing", "never")
                                       (default "missing")
  -q, --quiet                          Suppress the pull output
      --read-only                      Mount the container's root filesystem as read only
      --restart string                 Restart policy to apply when a container exits (default "no")
      --rm                             Automatically remove the container when it exits
      --runtime string                 Runtime to use for this container
      --security-opt list              Security Options
      --shm-size bytes                 Size of /dev/shm
      --sig-proxy                      Proxy received signals to the process (default true)
      --stop-signal string             Signal to stop the container
      --stop-timeout int               Timeout (in seconds) to stop a container
      --storage-opt list               Storage driver options for the container
      --sysctl map                     Sysctl options (default map[])
      --tmpfs list                     Mount a tmpfs directory
  -t, --tty                            Allocate a pseudo-TTY
      --ulimit ulimit                  Ulimit options (default [])
  -u, --user string                    Username or UID (format: <name|uid>[:<group|gid>])
      --userns string                  User namespace to use
      --uts string                     UTS namespace to use
  -v, --volume list                    Bind mount a volume
      --volume-driver string           Optional volume driver for the container
      --volumes-from list              Mount volumes from the specified container(s)
  -w, --workdir string                 Working directory inside the container

$ docker run --rm -ti haruo_docker:0.01
██░ ██ ▄▄▄ ██▀███ █ ▒█████ ▓█████▄ ▒█████ ▄████▄ ██ ▄█▀▓█████ ██▀███ ▓██░ ██▒▒████▄ ▓██ ▒ ██▒ ██ ▓██▒▒██▒ ██▒ ▒██▀ ██▌▒██▒ ██▒▒██▀ ▀█ ██▄█▒ ▓▀ ▓██ ▒ ██▒ ▒██▀▀██░▒██ ▀█▄ ▓██ ░▄█ ▒▓██ ▒██░▒██░ ██▒ ░██▌▒██░ ██▒▒▓█ ▓███▄░ ▒███ ▓██ ░▄█ ▒ ░▓█ ░██ ░██▄▄▄▄██ ▒██▀▀█▄ ▓▓█ ░██░▒██ ██░ ░▓█▄ ▌▒███░▒▓▓▄ ▄██▒▓██ █▄ ▒▓█ ▄ ▒██▀▀█ ░▓█▒░██▓ ▓███▒░██▓ ▒██▒▒▒█████▓ ░ ████▓▒░ ░▒████▓ ░ ████▓▒░▒ ▓███▀ ░▒██▒ █▄░▒████▒░██▓ ▒██▒ ░░▒░▒ ▒▒ ▓▒█░░ ▒▓ ░▒▓░░▒▓▒ ▒ ▒ ░ ▒░▒░▒░ ▒▒▓ ▒ ░ ▒░▒░▒░ ░ ░▒ ▒ ░▒ ▒▒ ▓▒░░ ▒░ ░░ ▒▓ ░▒▓░ ▒ ░▒░▒▒ ░ ░▒ ░ ▒░░░▒░ ░ ░ ▒ ▒░ ░ ▒ ░ ▒ ▒░ ░ ▒ ░▒ ▒░ ░ ░ ░ ░▒ ░ ▒░ ░ ░░ ░ ░░ ░░░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░ ▒ ░ ░░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ .',;::::;,'. root@6a63f819a589 .';:cccccccccccc:;,. ----------------- .;cccccccccccccccccccccc;. OS: Fedora Linux 39 (Container Image) x86_64 .:cccccccccccccccccccccccccc:. Host: W25AEZ .;ccccccccccccc;.:dddl:.;ccccccc;. Kernel: 6.7.4-200.fc39.x86_64 .:ccccccccccccc;OWMKOOXMWd;ccccccc:. Uptime: 5 days, 8 hours, 58 mins .:ccccccccccccc;KMMc;cc;xMMc:ccccccc:. Packages: 388 (rpm) ,cccccccccccccc;MMM.;cc;;WW::cccccccc, Shell: bash 5.2.26 :cccccccccccccc;MMM.;cccccccccccccccc: Resolution: 1366x768 :ccccccc;oxOOOo;MMM0OOk.;cccccccccccc: CPU: Intel i3-3120M (4) @ 2.500GHz cccccc:0MMKxdd:;MMMkddc.;cccccccccccc; GPU: Intel 3rd Gen Core processor Graphics Controller ccccc:XM0';cccc;MMM.;cccccccccccccccc' Memory: 6659MiB / 15881MiB ccccc;MMo;ccccc;MMW.;ccccccccccccccc; ccccc;0MNc.ccc.xMMd:ccccccccccccccc; cccccc;dNMWXXXWM0::cccccccccccccc:, cccccccc;.:odl:.;cccccccccccccc:,. :cccccccccccccccccccccccccccc:'. .:cccccccccccccccccccccc:;,.. '::cccccccccccccc::;,. 20242月 20日 火曜日 22:58:20 JST
{{:linux:haruo_docker_001.png|haruo docker 001}} ==== レシピ ==== [[.docker:openlitespeed|OpenLiteSpeed (docker)]]\\ ==== Rootless モード ==== 公式: [[https://docs.docker.com/engine/security/rootless/|Run the Docker daemon as a non-root user (Rootless mode) | Docker Docs]] [[gtr>https://docs.docker.com/engine/security/rootless/|翻訳]]\\ ===== 参考文献 ===== [[zn>fagai/articles/55c1b34172ca5a0bce09|業務でdocker-composeを使うことになった人のためのマニュアル。]]\\ [[zn>tns_00/articles/docker-communicate-with-containers|Dockerでコンテナ間通信を行う方法]]\\ [[git>litespeedtech/ols-dockerfiles|GitHub - litespeedtech/ols-dockerfiles]]\\ ==== 付録 ==== [[tw>tomoyan596sp/status/1706444519787638984|DockerのまとめもJupyterLabになりました😅 動かして理解できるノート作成は大切です😊]]\\ [[tw>tomoyan596sp/status/1755580783035900283|できた😍オカルトレインボーDockerコンテナ🤣 また酷いまとめ作ろうとしてるでしょ😅]]\\