Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker_notes:docker [2025-11-15 Sat wk46 06:59] – [downgrade docker] baumkpdocker_notes:docker [2026-01-17 Sat wk03 09:03] (current) – [Docker CLI] baumkp
Line 38: Line 38:
    5:28.5.0-1~debian.13~trixie 500</code>    5:28.5.0-1~debian.13~trixie 500</code>
   *''sudo apt install docker-ce=5:28.5.2-1~debian.13~trixie''   *''sudo apt install docker-ce=5:28.5.2-1~debian.13~trixie''
 +
 +This problem keeps on giving.  A few days later I notice that my Portainer instance, that was running in Docker could not see the VM running portainer docker instances, it show the error: "Failed loading environment" The remote Portainer agents were operating.  The Local Portainer instance runs on a Socket, whereas the agents communicate via IP, perhaps this is related?  In anycase the solution was edit the docker.service as follows:
 +++++sudo systemctl edit docker.service|
 +<code>[Service]
 +Environment=DOCKER_MIN_API_VERSION=1.24</code>
 +And then ''sudo systemctl restart docker.service'' to restart docker to implement this change.
 +++++
 +Presumably this will eventually be resolved up stream and this fix can be removed.
  
 Some references to assist with this: Some references to assist with this:
Line 68: Line 76:
 ++++For some more details, tldr;|This may affect other services operating on the host machine.  The default FORWARD chain is set to DROP.  On my existing home web server this effectively stopped the KVM bridge network from operating, so the virtual machines could not communicate outside the local host IP address with other LAN addresses, including the router / gateway.  ++++For some more details, tldr;|This may affect other services operating on the host machine.  The default FORWARD chain is set to DROP.  On my existing home web server this effectively stopped the KVM bridge network from operating, so the virtual machines could not communicate outside the local host IP address with other LAN addresses, including the router / gateway. 
  
-Linux forwarding is required for Docker and can be checked with  ''sudo sysctl net.ipv4.ip_forward''.+Linux forwarding is required for Docker and can be checked with  ''sudo sysctl net.ipv4.ip_forward'' and ''sudo sysctl net.ipv6.conf.all.forwarding''
  
 It would also adversely affect my Linux router should I attempt to load docker on this machine.  To make matters worse my Linux router is based on nftables which may not operate well with iptables.  I will cross that hurdle should I get there. Interestingly, it would seem that iptables operates on/as nftables in the Debian 11. It would also adversely affect my Linux router should I attempt to load docker on this machine.  To make matters worse my Linux router is based on nftables which may not operate well with iptables.  I will cross that hurdle should I get there. Interestingly, it would seem that iptables operates on/as nftables in the Debian 11.
Line 150: Line 158:
  
 =====Portainer agent===== =====Portainer agent=====
 +Running Portainer agent from docker is a tedious.  I decided to make it operate using compose.
 +++++docker agent docker compose,  docker-compose.yml|
 +<code yaml>name: portainer
 +services:
 +
 +  portainer-agent:
 +    container_name: portainer-agent
 +    image: portainer/agent
 +    ports:
 +      - "9001:9001" 
 +    volumes:
 +      # Mount the host's Docker socket into the container
 +      - /var/run/docker.sock:/var/run/docker.sock
 +      # Mount the host's Docker volumes into the container
 +      - /var/lib/docker/volumes:/var/lib/docker/volumes
 +    deploy:
 +      resources:
 +        limits:
 +          cpus: '0.5'
 +          memory: 1024M
 +      restart_policy:
 +        condition: unless-stopped
 +        delay: 5s
 +        window: 120s</code>
 +++++
 +
 +++++run docker agent from docker|
 Portainer agent allows a remote docker machine to be seen else were via the network.  Default port seems to be 9001. Portainer agent allows a remote docker machine to be seen else were via the network.  Default port seems to be 9001.
   * First stop the agent container: ''%%docker stop portainer_agent%%''   * First stop the agent container: ''%%docker stop portainer_agent%%''
Line 155: Line 190:
   * Then pull the latest portainer/agent: ''%%docker pull portainer/agent%%'', default is latest if version is not specified.   * Then pull the latest portainer/agent: ''%%docker pull portainer/agent%%'', default is latest if version is not specified.
 <code yaml>docker run -d   -p 9001:9001   --name portainer_agent   --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent</code> <code yaml>docker run -d   -p 9001:9001   --name portainer_agent   --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent</code>
 +++++
 It would seem remote agents by default do not show out of date images, can be toggled on/off under ''Host > Setup "Show image up to date indicators for Stacks, Services and Containers"'' It would seem remote agents by default do not show out of date images, can be toggled on/off under ''Host > Setup "Show image up to date indicators for Stacks, Services and Containers"''
  
Line 212: Line 247:
 |''docker rmi -f $(docker images -a -q)'' | To delete all the images| |''docker rmi -f $(docker images -a -q)'' | To delete all the images|
 |''docker system prune'' | To delete all dangling and unused images, containers, cache and volumes| |''docker system prune'' | To delete all dangling and unused images, containers, cache and volumes|
-|''docker system prune -a'' | To delete all used and unused images| +|''docker system prune -a'' | To delete all dangling and unused images| 
-|''%%docker system prune --volumes%%'' | To delete all docker volumes|+|''%%docker system prune --volumes%%'' | To delete all docker unused system volumes|
  
 **Inspect / Troubleshoot Containers:** **Inspect / Troubleshoot Containers:**
-|<38em>|+|<56em>|
 ^COMMAND ^ DESCRIPTION^ ^COMMAND ^ DESCRIPTION^
 |''docker ps'' | List running containers| |''docker ps'' | List running containers|
Line 227: Line 262:
 |''docker stats'' | Show stats| |''docker stats'' | Show stats|
 |''docker port CONTAINER'' | Show mapped port of a container| |''docker port CONTAINER'' | Show mapped port of a container|
 +|''docker system df -v'' | displays information regarding the amount of disk space used by the Docker daemon|
 +|''docker system info'' | displays docker system information|
  
 **Run Commands:** **Run Commands:**
Line 240: Line 277:
  
 **Images:** **Images:**
-|<35em>|+|<40em>|
 ^COMMAND ^ DESCRIPTION^ ^COMMAND ^ DESCRIPTION^
 |''docker images'' | List all local images| |''docker images'' | List all local images|
Line 259: Line 296:
  
 **Volumes:** **Volumes:**
-|<50em>|+|<55em>|
 ^COMMAND ^ DESCRIPTION^ ^COMMAND ^ DESCRIPTION^
 |''docker volume ls'' | List all volumes| |''docker volume ls'' | List all volumes|
Line 266: Line 303:
 |''docker volume rm VOLUME'' | Destroy a volume| |''docker volume rm VOLUME'' | Destroy a volume|
 |''%%docker volume ls --filter="dangling=true%%"'' | List all dangling volumes (not referenced by any container)| |''%%docker volume ls --filter="dangling=true%%"'' | List all dangling volumes (not referenced by any container)|
-|''docker volume prune'' | Delete all volumes not referenced by any container|+|''docker volume prune'' | Delete all system volumes not referenced by any container|
  
 **Network:** **Network:**
-|<50em>|+|<55em>|
 ^COMMAND ^ DESCRIPTION^ ^COMMAND ^ DESCRIPTION^
 |''docker network ls'' | List all volumes| |''docker network ls'' | List all volumes|
Line 351: Line 388:
  
 ====References==== ====References====
 +  *[[https://www.fobwp.com/network_mode-host-docker-compose-guide/|Using network_mode: host in Docker Compose Explained]]
   *[[https://www.aidenwebb.com/posts/dockers-seven-network-types-and-when-to-use-them/|Dockers seven network types and when to use them]]   *[[https://www.aidenwebb.com/posts/dockers-seven-network-types-and-when-to-use-them/|Dockers seven network types and when to use them]]
   *[[https://dev.to/wallacefreitas/docker-networking-a-comprehensive-guide-3d5j|Docker Networking: A Comprehensive Guide]]   *[[https://dev.to/wallacefreitas/docker-networking-a-comprehensive-guide-3d5j|Docker Networking: A Comprehensive Guide]]
Line 358: Line 396:
   *[[https://4sysops.com/archives/macvlan-network-driver-assign-mac-address-to-docker-containers/|Macvlan network driver: Assign MAC address to Docker containers]]   *[[https://4sysops.com/archives/macvlan-network-driver-assign-mac-address-to-docker-containers/|Macvlan network driver: Assign MAC address to Docker containers]]
   *[[https://4sysops.com/archives/configuring-ipvlan-networking-in-docker/|Configuring IPvlan networking in Docker]]   *[[https://4sysops.com/archives/configuring-ipvlan-networking-in-docker/|Configuring IPvlan networking in Docker]]
 +
 +=====Docker IP6=====
 +
 +====References====
 +  *[[https://exia.dev/blog/2025-08-10/Enable-IPv6-For-Docker-Container/|Enable IPv6 For Docker Container]]
 +  *[[https://neonode.cc/en/blog/ipv6_docker_docker_compose/|How to Set Up IPv6 Networking in Docker and Docker Compose]]
 =====network troubleshooting===== =====network troubleshooting=====
 A lot of containers are setup to be small and hence do not include many, if any of the tools required to diagnose problems.  A small docker image ''netshoot'' includes the most common networking tools and when attached to the same docker network can be used to diagnose the network and containers networks thereon. A lot of containers are setup to be small and hence do not include many, if any of the tools required to diagnose problems.  A small docker image ''netshoot'' includes the most common networking tools and when attached to the same docker network can be used to diagnose the network and containers networks thereon.
Line 366: Line 410:
   *[[https://github.com/nicolaka/netshoot|netshoot: a Docker + Kubernetes network trouble-shooting swiss-army container]] ''%%docker run --name netshoot --rm -it nicolaka/netshoot /bin/bash%%''   *[[https://github.com/nicolaka/netshoot|netshoot: a Docker + Kubernetes network trouble-shooting swiss-army container]] ''%%docker run --name netshoot --rm -it nicolaka/netshoot /bin/bash%%''
   *[[https://gist.github.com/bastman/5b57ddb3c11942094f8d0a97d461b430|Docker - How to cleanup (unused) resources]]   *[[https://gist.github.com/bastman/5b57ddb3c11942094f8d0a97d461b430|Docker - How to cleanup (unused) resources]]
 +
 +=====Docker Container Repositories=====
 +
 +====References====
 +  *[[https://www.linuxserver.io/|linuxserver.io]]
 +    *[[https://www.linuxserver.io/blog/docker-security-practices|Docker Security Practices]]
 +
  
 =====Docker Cleanup===== =====Docker Cleanup=====