위키
포럼
도구
바뀐글
랜덤

카타코더 Docker - Run Docker From Rootless Users

1 개요[ | ]

카타코더 Docker - Run Docker From Rootless Users
카타코더 Docker - Rootless Docker
카타코더 Docker
# 🔗 제목
카타코더 Docker/2 e
🡵 카타코더 Docker - Manage Container Log Files
🡵 카타코더 Docker - Ensuring Container Uptime With Restart Policies
🡵 카타코더 Docker - Adding Docker Metadata & Labels
🡵 카타코더 Docker - Load Balancing Containers
🡵 카타코더 Docker - Orchestration using Docker Compose
🡵 카타코더 Docker - See Container Metrics With Docker Stats
🡵 카타코더 Docker - Creating Optimised Docker Images using Multi-Stage Builds
🡵 카타코더 Docker - Formatting PS Output
🡵 카타코더 Docker - Run Docker From Rootless Users
🡵 카타코더 Docker - Learn Docker Swarm 101
🡵 카타코더 Docker - Docker Swarm Mode Playground

2 Create Ubuntu User[ | ]

root@host01:~# useradd -m -p $(openssl passwd -1 password) lowprivuser
root@host01:~# su - lowprivuser
lowprivuser@host01:~$ touch /root/blocked
touch: cannot touch '/root/blocked': Permission denied

lowprivuser@host01:~$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/json: dial unix /var/run/docker.sock: connect: permission denied

3 Install Rootless Docker[ | ]

lowprivuser@host01:~$ curl -sSL https://get.docker.com/rootless | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 59.1M  100 59.1M    0     0  26.4M      0  0:00:02  0:00:02 --:--:-- 26.4M
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 13.9M  100 13.9M    0     0  18.9M      0 --:--:-- --:--:-- --:--:-- 18.9M
# systemd not detected, dockerd daemon needs to be started manually

/home/lowprivuser/bin/dockerd-rootless.sh --experimental --storage-driver vfs

# Docker binaries are installed in /home/lowprivuser/bin
# Make sure the following environment variables are set (or add them to ~/.bashrc):

export XDG_RUNTIME_DIR=/tmp/docker-1001
export PATH=$PATH:/sbin
export DOCKER_HOST=unix:///tmp/docker-1001/docker.sock

4 Access Docker[ | ]

lowprivuser@host01:~$ echo 'export XDG_RUNTIME_DIR=/tmp/docker-1001' >> ~/.bashrc
lowprivuser@host01:~$ echo 'export PATH=$PATH:/sbin' >> ~/.bashrc
lowprivuser@host01:~$ echo 'export DOCKER_HOST=unix:///tmp/docker-1001/docker.sock' >> ~/.bashrc
lowprivuser@host01:~$ source ~/.bashrc
lowprivuser@host01:~$ ./bin/dockerd-rootless.sh --experimental --storage-driver vfs
+ [ -w /tmp/docker-1001 ]
+ [ -w /home/lowprivuser ]
+ rootlesskit=
+ which docker-rootlesskit
+ which rootlesskit
+ rootlesskit=rootlesskit
...
INFO[2019-03-23T11:55:10.766472291Z] Loading containers: start.
INFO[2019-03-23T11:55:10.862534623Z] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be usedto set a preferred IP address
INFO[2019-03-23T11:55:10.913511860Z] Loading containers: done.
INFO[2019-03-23T11:55:10.919429385Z] Docker daemon                                 commit=29de017 graphdriver(s)=vfs version=master-dockerproject-2019-03-22
INFO[2019-03-23T11:55:10.919596351Z] Daemon has completed initialization
INFO[2019-03-23T11:55:10.963715756Z] API listen on /tmp/docker-1001/docker.sock

5 Run Containers[ | ]

새 터미널
root@host01:~# su - lowprivuser
lowprivuser@host01:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

lowprivuser@host01:~$ docker info
Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
...
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

lowprivuser@host01:~$ docker run -d redis
Unable to find image 'redis:latest' locally
latest: Pulling from library/redis
f7e2b70d04ae: Pull complete
421427137c28: Pull complete
4af7ef63ef0f: Pull complete
f4d05f269476: Pull complete
3e747b51b85f: Pull complete
c41406f91978: Pull complete
Digest: sha256:930d3a5f0a781b99dbdfd3b5de498ecf4288d4c31500580be3e4c7a47e26eb3e
Status: Downloaded newer image for redis:latest
02d3448750bf55480b4d12e9cb632f13425552c9ac16225664c5f1462a8e1087

lowprivuser@host01:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS               NAMES
02d3448750bf        redis               "docker-entrypoint.s…"   About a minute ago   Up About a minute   6379/tcp            quirky_albattani

lowprivuser@host01:~$ ps aux | grep lowprivuser
root      2822  0.0  0.2  52284  3288 pts/0    S    11:58   0:00 su - lowprivuser
root      3205  0.0  0.2  52284  3292 pts/1    S    12:01   0:00 su - lowprivuser
lowpriv+  3379  0.0  0.3 109024  5772 ?        Sl   12:03   0:00 containerd-shim -namespace moby -workdir /home/lowprivuser/.local/share/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/02d3448750bf55480b4d12e9cb632f13425552c9ac16225664c5f1462a8e1087 -address /tmp/docker-1001/docker/containerd/containerd.sock -containerd-binary /home/lowprivuser/bin/containerd -runtime-root /tmp/docker-1001/docker/runtime-runc
lowpriv+  3504  0.0  0.0  14228   924 pts/1    S+   12:04   0:00 grep --color=auto lowprivuser
원본 주소 "https://zetawiki.com/w/index.php?title=카타코더_Docker_-_Run_Docker_From_Rootless_Users&oldid=497377"
문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}