EVA Lab - Rootless docker 使用說明

說明如何在 EVA Lab 的機器上使用 rootless docker

EVA Lab - Rootless docker 使用說明

Limitations

不可對外 TCP/UDP ports < 1024
其他限制請參見 Known limitations - Run the Docker daemon as a non-root user (Rootless mode)

Notices

支援以下 container 資源限制
- cpu
- cpuset
- io
- memory
- pids
支援以下 docker runtimes

:bulb: 也可使用 docker info | grep "Runtimes" 查看目前支援的 runtimes
- nvidia
- runc
docker runtime 預設使用 runc
如需使用 GPU，請參照 How to use GPU in container
基於安全性 :Warning:，未來將會開啟防火牆，限制對外服務

Get Started

如第一次使用此服務，請按照以下步驟進行初次設定






# 設定 rootless 環境
dockerd-rootless-setuptool.sh install

# 啟用開機時自動執行 docker 服務
systemctl --user enable docker
loginctl enable-linger $(whoami)

Usage

Daemon
















# The daemon config is located at ~/.config/docker/daemon.json
# The systemd unit file is installed as ~/.config/systemd/user/docker.service
# 查看 docker 服務狀態
systemctl --user status docker

# 啟動 docker 服務
systemctl --user start docker

# 停止 docker 服務
systemctl --user stop docker.service docker.socket

# 啟用開機時自動執行 docker 服務，並立即執行
systemctl --user enable --now docker

# 關閉開機時自動執行 docker 服務，並立即執行
systemctl --user disable --now docker

Client

Basic




















# 查看 docker 資訊
docker info

# 查看目前正在執行的 containers
docker ps

# 查看所有 containers
docker ps -a

# 啟動 container
docker start {container}

# 停止 container
docker stop {container}

# 重新啟動 container
docker restart {container}

# 執行 container
docker run {...}

Clean cache








# 清理未使用的 images
docker system prune

# 清除所有 images
docker system prune -a

# 清理所有 volumes
docker system prune --volumes

Others


# 切換 docker context
docker context use rootless

Best Practices

Always use the resources as you need, please check How to limit resources
Always specify gpu ids, instead of --gpus all
Clean cache periodically

Tutorials

How to limit resources

Please refer to Runtime options with Memory, CPUs, and GPUs

How to use GPU in container

Setup








# Make a folder for rootless docker config
mkdir -p ~/.config/docker

# Add nvidia runtime to rootless docker
nvidia-ctk runtime configure --config ~/.config/docker/daemon.json --runtime=docker

# Restart docker.service
systemctl --user restart docker

Sample usage





# Run nvidia-smi
docker run --rm --runtime=nvidia --gpus all ubuntu nvidia-smi

# Specify gpu ids & run nvidia-smi
docker run --rm --runtime=nvidia --gpus '"device=0,1,2,3"' ubuntu nvidia-smi

How to set nvidia runtime as default

:warning:
It is not recommended to set nvidia runtime as default.
Please run container with --runtime=nvidia when you needed.

















# After running these commands,
# you do not need to add --runtime=nvidia to docker run command anymore.

# Edit daemon.json
nano ~/.config/docker/daemon.json

# Add default-runtime config like below
{
    "default-runtime": "nvidia",
    "runtimes": {...}
}

# Reload docker config
systemctl --user reload docker

# Check default runtime
docker info | grep "Default Runtime"

Troubleshooting

Ping doesn't work

請聯絡網管

VSCode dev container

Cannot run container as non-root user

By default, the root user in rootless container is mapped to UID/GID of your host user.

So, the simplest solution is to set the remoteUser as root in devcontainer.json.

For other solutions, you could check microsoft/vscode-remote-release - Issue #4646.

Others

請聯絡網管並截圖 systemctl --user status docker 資訊

EVA Lab - Rootless docker 使用說明

Limitations

Notices

Get Started

Usage

Daemon

Client

Basic

Clean cache

Others

Best Practices

Tutorials

How to limit resources

How to use GPU in container

Setup

Sample usage

How to set nvidia runtime as default

Troubleshooting

Ping doesn't work

VSCode dev container

Cannot run container as non-root user

Others

Read more

如何從 Network-Manager 設定轉移至 Netplan

Ubuntu 升版須知

2020q3 Homework1 (quiz1)

2020q3 Homework1 (lab0)