Try   HackMD

EVA Lab - Rootless docker 使用說明

說明如何在 EVA Lab 的機器上使用 rootless docker

Limitations

Notices

  • 支援以下 container 資源限制

    • cpu
    • cpuset
    • io
    • memory
    • pids

  • 支援以下 docker runtimes

    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →
    也可使用 docker info | grep "Runtimes" 查看目前支援的 runtimes

    • nvidia
    • runc

  • docker runtime 預設使用 runc
    如需使用 GPU,請參照 How to use GPU in container

  • 基於安全性 :Warning:,未來將會開啟防火牆,限制對外服務

Get Started

如第一次使用此服務,請按照以下步驟進行初次設定







# 設定 rootless 環境
dockerd-rootless-setuptool.sh install

# 啟用開機時自動執行 docker 服務
systemctl --user enable docker
loginctl enable-linger $(whoami)

Usage

Daemon

















# The daemon config is located at ~/.config/docker/daemon.json
# The systemd unit file is installed as ~/.config/systemd/user/docker.service
# 查看 docker 服務狀態
systemctl --user status docker

# 啟動 docker 服務
systemctl --user start docker

# 停止 docker 服務
systemctl --user stop docker.service docker.socket

# 啟用開機時自動執行 docker 服務,並立即執行
systemctl --user enable --now docker

# 關閉開機時自動執行 docker 服務,並立即執行
systemctl --user disable --now docker

Client

Basic





















# 查看 docker 資訊
docker info

# 查看目前正在執行的 containers
docker ps

# 查看所有 containers
docker ps -a

# 啟動 container
docker start {container}

# 停止 container
docker stop {container}

# 重新啟動 container
docker restart {container}

# 執行 container
docker run {...}

Clean cache









# 清理未使用的 images
docker system prune

# 清除所有 images
docker system prune -a

# 清理所有 volumes
docker system prune --volumes

Others



# 切換 docker context
docker context use rootless

Best Practices

  • Always use the resources as you need, please check How to limit resources
  • Always specify gpu ids, instead of --gpus all
  • Clean cache periodically

Tutorials

How to limit resources

Please refer to Runtime options with Memory, CPUs, and GPUs

How to use GPU in container

Setup









# Make a folder for rootless docker config
mkdir -p ~/.config/docker

# Add nvidia runtime to rootless docker
nvidia-ctk runtime configure --config ~/.config/docker/daemon.json --runtime=docker

# Restart docker.service
systemctl --user restart docker

Sample usage






# Run nvidia-smi
docker run --rm --runtime=nvidia --gpus all ubuntu nvidia-smi

# Specify gpu ids & run nvidia-smi
docker run --rm --runtime=nvidia --gpus '"device=0,1,2,3"' ubuntu nvidia-smi

How to set nvidia runtime as default

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

It is not recommended to set nvidia runtime as default.
Please run container with --runtime=nvidia when you needed.


















# After running these commands,
# you do not need to add --runtime=nvidia to docker run command anymore.

# Edit daemon.json
nano ~/.config/docker/daemon.json

# Add default-runtime config like below
{
    "default-runtime": "nvidia",
    "runtimes": {...}
}

# Reload docker config
systemctl --user reload docker

# Check default runtime
docker info | grep "Default Runtime"

Troubleshooting

Ping doesn't work

請聯絡網管

VSCode dev container

Cannot run container as non-root user

By default, the root user in rootless container is mapped to UID/GID of your host user.

So, the simplest solution is to set the remoteUser as root in devcontainer.json.

For other solutions, you could check microsoft/vscode-remote-release - Issue #4646.

Others

請聯絡網管並截圖 systemctl --user status docker 資訊

Last changed by 
guyleaf
0
901

Read more

如何從 Network-Manager 設定轉移至 Netplan

Network-Manager 是 Ubuntu Desktop 官方安裝預設之網路管理套件Netplan 則是 Ubuntu Server 官方安裝預設之網路管理套件

Sep 7, 2024
Ubuntu 升版須知

sudo apt update

Sep 6, 2024
2020q3 Homework1 (quiz1)

contributed by < guyleaf > 題目 考慮一個單向 linked list,其結構定義為: typedef struct __node { int value; struct __node *next; } node_t;

Sep 16, 2020
2020q3 Homework1 (lab0)

contributed by < guyleaf > 環境 $ uname -a Linux guyleaf-GS637RD 5.4.0-47-generic #51-Ubuntu SMP Fri Sep 4 19:50:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ gcc --version gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0 Copyright (C) 2019 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO

Sep 16, 2020
Read more from guyleaf
Published on HackMD