--- title: docker tags: deploy description: Deploying Resources with Docker --- # Deploying Resources with Docker <!-- Put the link to this slide here so people can follow --> ## ### Manual installation (Debian) ```bash= ### Intial server preparing # turn off a speaker sudo modprobe -r pcspkr # create a work user su - apt update && apt upgrade apt install sudo usermod -aG sudo $user ### OPTIONAL ### install VMTools mkdir -p /mnt/cdrom mount /dev/cdrom /mnt/cdrom cd /tmp ls /mnt/cdrom tar zxpf /mnt/cdrom/$VMTools_version.tar.gz -C /tmp/ cd vmware-tools-distrib ./vmware-install.pl # then 10 million times - yes ### Install Docker # OPTIONAL # sudo apt -y remove docker docker-engine docker.io containerd runc # sudo apt -y install \ apt-transport-https \ ca-certificates \ curl \ gnupg \ lsb-release \ # add docker GPG key # DEBIAN curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg # UBUNTU curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg # Add docker repositary # DEBIAN echo \ "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null # UBUNTU echo \ "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null # Install docker sudo apt update sudo apt -y install docker-ce docker-ce-cli containerd.io # Test docker sudo docker run hello-world # Install Docker-compose sudo apt -y install docker compose # Add user to "docker" group sudo gpasswd -a $(whoami) docker reboot/sudo gpasswd -a $(whoami) docker ### REMOVE DOCKER sudo apt-get purge docker-ce docker-ce-cli containerd.io sudo rm -rf /var/lib/docker sudo rm -rf /var/lib/containerd ``` ### Manual installation (Windows) ```bash= # in powershell (admin) dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart # download and install latest Linux kernel https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi # in powershell wsl --set-default-version 2 ### help https://tretyakov.net/post/ustanovit-docker-na-windows-10-wsl2/ ### nano for Windows (do not forget about "Path"!) https://files.lhmouse.com/nano-win/ ``` ### Wireguard install ```bash= # man1 https://igancev.ru/2021-02-21-vpn-wireguard-docker # man2 https://github.com/linuxserver/docker-wireguard#docker-compose-recommended # Installation sudo apt update && apt upgrade -y mkdir -p /home/$(whoami)/config/wireguard/config nano /home/$(whoami)/config/wireguard/docker-compose.yml ``` #### docker-compose.yml content (quantity of users sets in the PEERS field (auto gen) ```bash= --- version: "2.1" services: wireguard: image: ghcr.io/linuxserver/wireguard container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=1000 - PGID=1000 - TZ=Europe/Moscow - SERVERURL=[Domain or IP] #optional - SERVERPORT=52821 #optional - PEERS=3 #optional - PEERDNS=1.1.1.1,1.0.0.1 #optional - INTERNAL_SUBNET=10.12.13.0 #optional - ALLOWEDIPS=0.0.0.0/0 #optional volumes: - /path/to/appdata/config:/config - /lib/modules:/lib/modules ports: - 51820:52821/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 restart: unless-stopped ``` ### Docker favorite commands ```bash= # up containers docker-compose up -d # recreate image docker-compose up --force-recreate --build -d #stop all conatiners docker stop $(docker ps -q -a) # delete all containers docker rm $(docker ps -q -a) # delete image docker rmi [image name / id] # delete all images docker rmi -f $(docker images -a -q) # stop and erase all containers and images docker stop $(docker ps -a -q); docker rm $(docker ps -a -q); docker rmi -f (docker images -a -q) # enter into a working container docker exec -it $id /bin/bash # copy file from a container and vice versa Usage: docker cp [OPTIONS] CONTAINER:PATH LOCALPATH|- docker cp [OPTIONS] LOCALPATH|- CONTAINER:PATH #### Achtung (actual only if ports in docker-compose.yml file was changed ) Autogenerating QR-codes is not acceptable here becouse of uncommon ports. Generated configs must be edited for correct ports, for example: ```bash= [Interface] Address = [IP] PrivateKey = [key] ListenPort = 52821 DNS = [DNS] [Peer] PublicKey = [Pubkey] Endpoint = [IP]:52821 AllowedIPs = [Allowed IPs] ``` #### Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.** ##### In this instance PUID=1000 and PGID=1000, to find yours use id user as below: ```bash= $ id username uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup) ``` #### Continue installation ```bash= cd /home/$(whoami)/config/wireguard/ # Update wireguard image version docker-compose pull wireguard # Update wireguard container docker-compose up -d # OPTIONAL # Remove the old dangling images docker image prune # Add first user docker exec -it wireguard /app/add-peer user # Show first user docker exec -it wireguard /app/show-peer user # AUX # lot at logs docker logs -f wireguard # Check container version docker inspect -f '{{ index .Config.Labels "build_version" }}' wireguard # Check image version docker inspect -f '{{ index .Config.Labels "build_version" }}' ghcr.io/linuxserver/wireguard ``` #### docker compose ```typescript= version: '3' services: db: image: postgres:12.0-alpine restart: always volumes: - psql_volume:/var/lib/postgresql/data/ environment: - POSTGRES_USER=medonc - POSTGRES_PASSWORD= - POSTGRES_DB=medonc django: restart: always volumes: - static:/medonc/static - media:/medonc/media build: context: . dockerfile: prod.Dockerfile expose: - "8000" depends_on: - db nginx: restart: always image: nginx:1.15-alpine ports: - "80:80" - "443:443" volumes: - ./data/nginx:/etc/nginx/conf.d - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot - static:/medonc/static - media:/medonc/media command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" depends_on: - db certbot: restart: always image: certbot/certbot volumes: - ./data/certbot/conf:/etc/letsencrypt - ./data/certbot/www:/var/www/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" volumes: static: driver: local psql_volume: media: ``` #### docker.file ```typescript= FROM python:3.9-slim RUN apt update && apt install libmariadb-dev g++ -y COPY requirements.txt /tmp/requirements.txt RUN pip install -r /tmp/requirements.txt RUN mkdir /medonc RUN mkdir /logs COPY medonc /medonc WORKDIR /medonc ENV EMAIL_HOST smtp-pulse.com ENV EMAIL_PORT 465 ENV EMAIL_HOST_USER n.muravev@cslab.io ENV EMAIL_HOST_PASSWORD EXPOSE 8000 RUN python manage.py collectstatic --noinput RUN ls ./static CMD ["gunicorn", "-b", "0.0.0.0:8000", "medonc.wsgi"] ``` #### requierments.txt ```typescript= django==3.1.3 gunicorn==20.0.4 djangorestframework==3.12.2 psycopg2-binary==2.8.6 django-ckeditor==6.0.0 django-client-side-image-cropping==0.1.7 Pillow==8.1.2 dj-rest-auth==2.1.4 django-allauth==0.44.0 django-admin-sortable2==0.7.8 ``` #### Manual installation (Debian) ```bash= # turn off a speaker sudo modprobe -r pcspkr su - apt update && apt upgrade apt install sudo usermod -aG sudo $user # install VMTools mkdir -p /mnt/cdrom mount /dev/cdrom /mnt/cdrom cd /tmp ls /mnt/cdrom tar zxpf /mnt/cdrom/$VMTools_version.tar.gz -C /tmp/ cd vmware-tools-distrib ./vmware-install.pl # then 10 million times - yes # Install Docker sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg \ lsb-release \ #py-pip \ #python3-dev \ #libffi-dev \ #openssl \ #gcc \ #libc-dev \ #rust \ #cargo \ #make \ # docker curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo \ "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io # compose apt install docker compose # add user 2 docker group sudo gpasswd -a $(whoami) docker reboot/logout ``` #### ```bash= pip install --upgrade pip groupadd -r uwsgi && useradd -r -g uwsgi uwsgi Flask==2.0.1 uwsgi==2.0.19 redis==3.5.3 requests=2.25.1 ``` #### ```typescript= ``` #### ```typescript= ``` #### ```typescript= ``` #### ```typescript= ``` #### ```typescript= ``` #### ```typescript= ``` #### ```typescript= ```