Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker_notes:docker [2025-03-02 Sun wk09 11:21] – [References] baumkpdocker_notes:docker [2025-11-27 Thu wk48 17:12] (current) – [Portainer agent] baumkp
Line 21: Line 21:
 Install Docker Engine : [Docker Engine](https://docs.docker.com/engine/install/) Install Docker Engine : [Docker Engine](https://docs.docker.com/engine/install/)
  
 +====downgrade docker====
 +The upgrade of docker-ce from version 28.5.2 to 29.0.0 seems to have broken something and the environment stopped function correctly, seems to be docker-ce and traefik related, both packages seem to have been fixed about 3 days later.  The immediate solution was to downgrade the docker-ce version back to the previous version that still function correctly and hope they release a fix the newer version upstream in the near future.
 +For debian based systems:
 +  *''sudo apt policy docker-ce''
 +    *<code>docker-ce:
 +Installed: 5:29.0.0-1~debian.13~trixie
 +Candidate: 5:29.0.0-1~debian.13~trixie
 +Version table:
 +*** 5:29.0.0-1~debian.13~trixie 500
 +      500 https://download.docker.com/linux/debian trixie/stable amd64 Packages
 +      100 /var/lib/dpkg/status
 +   5:28.5.2-1~debian.13~trixie 500
 +      500 https://download.docker.com/linux/debian trixie/stable amd64 Packages
 +   5:28.5.1-1~debian.13~trixie 500
 +      500 https://download.docker.com/linux/debian trixie/stable amd64 Packages
 +   5:28.5.0-1~debian.13~trixie 500</code>
 +  *''sudo apt install docker-ce=5:28.5.2-1~debian.13~trixie''
 +
 +This problem keeps on giving.  A few days later I notice that my Portainer instance, that was running in Docker could not see the VM running portainer docker instances, it show the error: "Failed loading environment" The remote Portainer agents were operating.  The Local Portainer instance runs on a Socket, whereas the agents communicate via IP, perhaps this is related?  In anycase the solution was edit the docker.service as follows:
 +++++sudo systemctl edit docker.service|
 +<code>[Service]
 +Environment=DOCKER_MIN_API_VERSION=1.24</code>
 +And then ''sudo systemctl restart docker.service'' to restart docker to implement this change.
 +++++
 +Presumably this will eventually be resolved up stream and this fix can be removed.
 +
 +Some references to assist with this:
 +  *[[https://www.linuxuprising.com/2019/02/how-to-downgrade-packages-to-specific.html|How To Downgrade Packages To A Specific Version With Apt In Debian]]
 +    *''sudo apt policy <package>'' to find correct package versions available
 +    *''sudo apt install <package>=<version>'' to install the desired available package version
 +  *[[https://www.linuxuprising.com/2018/10/how-to-keep-package-from-updating-in.html|How To Keep A Package From Updating In Debian]]
 +    *''sudo apt-mark hold PACKAGE'' to hold a PACKAGE from upgrading
 +    *''sudo apt-mark showhold'' to show pakges that have been marked as held
 +    *''sudo apt-mark unhold PACKAGE'' to remove a hold mark from PACKAGE
 +  *[[https://www.linuxuprising.com/2018/10/how-to-search-available-packages-from.html|How To Search For Available Packages From Command Line In Debian [APT]]]
 +    *''sudo apt-cache search KEYWORD'' e.g. ''sudo apt-cache search docker-ce''
 +    *''sudo apt search KEYWORD'' e.g. ''sudo apt search docker-ce''
 ====Docker Desktop for Linux==== ====Docker Desktop for Linux====
 I have preferred to run Docker command as a native Linux applications.  Docker Desktop originally was created to allow operating systems other than Linux to run Docker by creating a virtual Linux machine to operate them within.  Linux does not need this as the various docker programs run natively. A version of Docker Desktop was created for Linux that looks like it has some additional user interface features, but to date I have not wanted to setup an additional VM for this purpose and am happy to continues to use the Linux KVM VM solution. I have preferred to run Docker command as a native Linux applications.  Docker Desktop originally was created to allow operating systems other than Linux to run Docker by creating a virtual Linux machine to operate them within.  Linux does not need this as the various docker programs run natively. A version of Docker Desktop was created for Linux that looks like it has some additional user interface features, but to date I have not wanted to setup an additional VM for this purpose and am happy to continues to use the Linux KVM VM solution.
Line 76: Line 113:
 ++++ ++++
 ++++nft list table ip nat| ++++nft list table ip nat|
-<code># Warning: table ip nat is managed by iptables-nft, do not touch!+<code bash nft.conf># Warning: table ip nat is managed by iptables-nft, do not touch!
 table ip nat { table ip nat {
  chain DOCKER_OUTPUT {  chain DOCKER_OUTPUT {
Line 121: Line 158:
  
 =====Portainer agent===== =====Portainer agent=====
 +Running Portainer agent from docker is a tedious.  I decided to make it operate using compose.
 +++++docker agent docker compose,  docker-compose.yml|
 +<code yaml>name: portainer
 +services:
 +
 +  portainer-agent:
 +    container_name: portainer-agent
 +    image: portainer/agent
 +    ports:
 +      - "9001:9001" 
 +    volumes:
 +      # Mount the host's Docker socket into the container
 +      - /var/run/docker.sock:/var/run/docker.sock
 +      # Mount the host's Docker volumes into the container
 +      - /var/lib/docker/volumes:/var/lib/docker/volumes
 +    deploy:
 +      resources:
 +        limits:
 +          cpus: '0.5'
 +          memory: 1024M
 +      restart_policy:
 +        condition: unless-stopped
 +        delay: 5s
 +        window: 120s</code>
 +++++
 +
 +++++run docker agent from docker|
 Portainer agent allows a remote docker machine to be seen else were via the network.  Default port seems to be 9001. Portainer agent allows a remote docker machine to be seen else were via the network.  Default port seems to be 9001.
   * First stop the agent container: ''%%docker stop portainer_agent%%''   * First stop the agent container: ''%%docker stop portainer_agent%%''
Line 126: Line 190:
   * Then pull the latest portainer/agent: ''%%docker pull portainer/agent%%'', default is latest if version is not specified.   * Then pull the latest portainer/agent: ''%%docker pull portainer/agent%%'', default is latest if version is not specified.
 <code yaml>docker run -d   -p 9001:9001   --name portainer_agent   --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent</code> <code yaml>docker run -d   -p 9001:9001   --name portainer_agent   --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent</code>
 +++++
 +It would seem remote agents by default do not show out of date images, can be toggled on/off under ''Host > Setup "Show image up to date indicators for Stacks, Services and Containers"''
  
  
Line 260: Line 326:
 ===reference=== ===reference===
   *[[https://devdojo.com/bobbyiliev/how-to-change-the-docker-ps-output-format|How to change the docker ps output format]]   *[[https://devdojo.com/bobbyiliev/how-to-change-the-docker-ps-output-format|How to change the docker ps output format]]
 +  *[[https://dev.to/cicube/docker-cheat-sheet-most-useful-commands-ghl|Docker Cheat Sheet - Most Useful Commands]]
   *Docker Docs   *Docker Docs
     *[[https://docs.docker.com/reference/cli/docker/container/ls/|docker container ls]]     *[[https://docs.docker.com/reference/cli/docker/container/ls/|docker container ls]]
Line 286: Line 353:
     * ''docker network create network_named''     * ''docker network create network_named''
   - Host (Appears on the host machine as if installed there, no separate network.)   - Host (Appears on the host machine as if installed there, no separate network.)
-  - MACVLAN +    -If you use the host network mode for a container, that container's network stack isn't isolated from the Docker host (the container shares the host's networking namespace), and the container doesn't get its own IP-address allocated.   
 +  - MACVLAN 
 +    -The macvlan network assigns a unique MAC address to each container, making it appear to be a physical device on your network, just like a traditional virtual machine. The Docker daemon then routes the traffic to containers on the basis of their MAC address. It also allows you to assign an IP address from the same subnet in which the Docker host resides. This avoids the use of the host network, there is no NAT overhead, and you won't run into network performance issues.  
     - MACVLAN (without subVLAN) this create a new ip address on the host machine     - MACVLAN (without subVLAN) this create a new ip address on the host machine
       * <code bash>docker network create \       * <code bash>docker network create \