From 183df4b15bc3bf2f200aa74dc010ac265016b1c6 Mon Sep 17 00:00:00 2001 From: David Young Date: Thu, 12 Oct 2017 23:53:50 +1300 Subject: [PATCH] Update for docker-cleanup --- examples/scripts/gcb-aliases.sh | 2 +- .../ha-docker-swarm/docker-swarm-mode.md | 43 ++++++++++++++++--- manuscript/reference/git-docker.md | 23 +++++++--- manuscript/reference/networks.md | 2 + mkdocs.yml | 12 +----- 5 files changed, 61 insertions(+), 21 deletions(-) diff --git a/examples/scripts/gcb-aliases.sh b/examples/scripts/gcb-aliases.sh index 5402fb2..d6994c2 100644 --- a/examples/scripts/gcb-aliases.sh +++ b/examples/scripts/gcb-aliases.sh @@ -1,4 +1,3 @@ -alias git='docker run -v $PWD:/var/data funkypenguin/git-docker git' # Run git client within container (for hosts without git) alias dklc='docker ps -l' # List last Docker container alias dklcid='docker ps -l -q' # List last Docker container ID alias dklcip='docker inspect -f "{{.NetworkSettings.IPAddress}}" $(docker ps -l -q)' # Get IP of last Docker container @@ -14,3 +13,4 @@ alias dkrmi='docker-remove-images' # Delete images for supplied IDs or all if n alias dkideps='docker-image-dependencies' # Output a graph of image dependencies using Graphiz alias dkre='docker-runtime-environment' # List environmental variables of the supplied image ID alias dkelc='docker exec -it `dklcid` bash' # Enter last container (works with Docker 1.3 and above) +alias git='docker run -v $PWD:/var/data -v /var/data/git-docker/data/.ssh:/root/.ssh funkypenguin/git-docker git' # Run git client in a container (for hosts witohut git) diff --git a/manuscript/ha-docker-swarm/docker-swarm-mode.md b/manuscript/ha-docker-swarm/docker-swarm-mode.md index 30583fa..70ad99d 100644 --- a/manuscript/ha-docker-swarm/docker-swarm-mode.md +++ b/manuscript/ha-docker-swarm/docker-swarm-mode.md @@ -175,14 +175,47 @@ To: ### Setup automated cleanup -This needs to be a docker-compose.yml file, excluding trusted images (like glusterfs, traefik, etc) +Docker swarm doesn't do any cleanup of old images, so as you experiment with various stacks, and as updated containers are released upstream, you'll soon find yourself loosing gigabytes of disk space to old, unused images. + +To address this, we'll run the "[meltwater/docker-cleanup](https://github.com/meltwater/docker-cleanup)" container on all of our nodes. The container will clean up unused images after 30 minutes. + +First, create docker-cleanup.env (_mine is under /var/data/config/docker-cleanup_), and exclude container images we **know** we want to keep: + ``` -docker run -d \ --v /var/run/docker.sock:/var/run/docker.sock:rw \ --v /var/lib/docker:/var/lib/docker:rw \ -meltwater/docker-cleanup:latest +KEEP_IMAGES=traefik,keepalived,docker-mailserver +DEBUG=1 ``` +Then create a docker-compose.yml as follows: + +``` +version: "3" + +services: + docker-cleanup: + image: meltwater/docker-cleanup:latest + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker:/var/lib/docker + networks: + - internal + deploy: + mode: global + env_file: /var/data/config/docker-cleanup/docker-cleanup.env + +networks: + internal: + driver: overlay + ipam: + config: + - subnet: 172.16.0.0/24 +``` + +!!! note + Setup unique static subnets for every stack you deploy. This avoids IP/gateway conflicts which can otherwise occur when you're creating/removing stacks a lot. See [my list](/reference/networks/) here. + +Launch the cleanup stack by running ```docker stack deploy docker-clenaup -c ``` + ### Tweaks Add some handy bash auto-completion for docker. Without this, you'll get annoyed that you can't autocomplete ```docker stack deploy -c ``` commands. diff --git a/manuscript/reference/git-docker.md b/manuscript/reference/git-docker.md index 7b71d03..3561aae 100644 --- a/manuscript/reference/git-docker.md +++ b/manuscript/reference/git-docker.md @@ -8,16 +8,27 @@ So how can we use git on this system, to push/pull the changes we make to config I [made a simple container](https://github.com/funkypenguin/git-docker/blob/master/Dockerfile) which just basically executes git in the CWD: -To use it transparently, add an alias for the "git" command: +To use it transparently, add an alias for the "git" command, or just download it with the rest of the [handy aliases](https://raw.githubusercontent.com/funkypenguin/geek-cookbook/master/examples/scripts/gcb-aliases.sh): ``` alias git='docker run -v $PWD:/var/data -v \ -/var/data/git-docker/data:/root funkypenguin/git-docker git' +/var/data/git-docker/data/.ssh:/root/.ssh funkypenguin/git-docker git' ``` -## Limitations +## Setup SSH key -docker run -v /var/data/git-docker/data:/root funkypenguin/git-docker ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 +If you plan to actually _push_ using git, you'll need to setup an SSH keypair. You _could_ copy across whatever keypair you currently use, but it's probably more appropriate to generate a specific keypair for this purpose. + +Generate your new SSH keypair by running: + +``` +mkdir -p /var/data/git-docker/data/.ssh +chmod 600 /var/data/git-docker/data/.ssh +docker run -v /var/data/git-docker/data/.ssh:/root/.ssh funkypenguin/git-docker ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 +``` + +The output will look something like this: +``` Generating public/private ed25519 key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Created directory '/root/.ssh'. Your identification has been saved in /root/.ssh/id_ed25519. @@ -36,4 +47,6 @@ The key's randomart image is: |o..o..+.oo | |...=OX+.+. | +----[SHA256]-----+ -[root@ds3 data]# +``` + +Now add the contents of /var/data/git-docker/data/.ssh/id_ed25519.pub to your git account, and off you go - just run "git" from your Atomic host as usual, and pretend that you have the client installed! diff --git a/manuscript/reference/networks.md b/manuscript/reference/networks.md index 6211fa8..7ac0237 100644 --- a/manuscript/reference/networks.md +++ b/manuscript/reference/networks.md @@ -5,6 +5,8 @@ In order to avoid IP addressing conflicts as we bring swarm networks up/down, we Network | Range --|-- [Traefik](https://geek-cookbook.funkypenguin.co.nz/ha-docker-swarm/traefik/) | _unspecified_ +[Docker-cleanup](https://geek-cookbook.funkypenguin.co.nz/ha-docker-swarm/docker-swarm-mode/#setup-automated-cleanup) | +172.16.0.0/24 [Mail Server](https://geek-cookbook.funkypenguin.co.nz/recipies/mail/) | 172.16.1.0/24 [Gitlab](https://geek-cookbook.funkypenguin.co.nz/recipies/gitlab/) | 172.16.2.0/24 [Wekan](https://geek-cookbook.funkypenguin.co.nz/recipies/wekan/) | 172.16.3.0/24 diff --git a/mkdocs.yml b/mkdocs.yml index fafbf00..ea6854f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,5 +1,5 @@ site_name: Funky Penguin's Geek Cookbook -site_description: 'A short description of my project' +site_description: 'The "Geek Cookbook" is a collection of guides for establishing your own highly-available docker container cluster (swarm). This swarm enables you to run self-hosted services such as GitLab, Plex, NextCloud, etc.' site_author: 'David Young' site_url: 'https://geek-cookbook.funkypenguin.co.nz' edit_uri: 'edit/master/manuscript/' @@ -51,15 +51,7 @@ pages: - OAuth Proxy: reference/oauth_proxy.md - Data Layout: reference/data_layout.md - Networks: reference/networks.md -# - git-docker: reference/git-docker.md -# - Huginn: advanced/huginn.md -# - Nextcloud: advanced/nextcloud.md -# - OwnTracks: advanced/owntracks.md -# - Shaarli: advanced/shaarli.md -# - Wallabag: advanced/wallabag.md - - - + - git-docker : reference/git-docker.md extra: disqus: 'geeks-cookbook'