n1. Docker installation and operation exceptions encountered

[ TOC]

0 x00 Docker directory and path####

CentOS7: The default Docker installation directory and configuration file

# Systemctl startup item parameters
/etc/systemd/system/docker.service
/usr/lib/systemd/system/docker.service

# Docker metadata directory
/var/lib/docker

# Docker Deamon startup items
/etc/sysconfig/docker

# Docker daemon.json parameters
/etc/docker/daemon.json
/root/.docker/config.json

Ubuntu: Docker installed by snap

# Global configuration
/var/snap/docker
/var/snap/docker/current/  #Docker startup configuration
config/ etc/  run/

# User configuration
/root/snap/docker

0 x01 basic configuration####

1. How to modify the Docker default storage location?

Description: By default, the storage location of Docker is /var/lib/docker, and the specific location can be checked through sudo docker info | grep "Docker Root Dir".

Method 1: Realize through soft connection. When starting Docker, it is found that the storage directory is still /var/lib/docker but it is actually stored in the data disk (capacity change).

systemctl stop docker
# Way 1.Soft connection
mv /var/lib/docker /disk/docker
ln -s /disk/docker /var/lib/docker  #Target soft link

# Way 2.Package the docker directory
sudo tar -czvf /usr/docker.tar.gz docker/
cd /disk/&& sudo tar -xzvf docker.tar.gz

Method 2: Change the storage path of the image and container, that is, we need to modify the configuration file to specify the startup parameters. The parameter to specify the storage path of the image and container is --graph=/var/lib/docker, because it is in docker.service Load the following into the environment variables, the last picture can be clear (the following several ways can be regarded as one)

#(1) note:Similarities and differences of release version,Restart after modification
Ubuntu:/etc/default/docker
OPTIONS='--graph="/disk/docker" -H fd://'  #Or DOCKER_OPTS="-g /disk/docker"

CentOS6:/etc/sysconfig/docker
OPTIONS='--graph="/disk/docker" --selinux-enabled -H fd://'

#(2) Configuration file location(Not recommended this way)
# /usr/lib/docker-storage-setup/docker-storage-setup or/etc/sysconfig/docker-storage-setup、/etc/sysconfig/docker-storage
DOCKER_STORAGE_OPTIONS=--graph="Path to save"
# Restrictive default value, such as 100GB maximum storage space.
DATA_SIZE=800GB #Change docker default storage size

# In fact, relying on the loading of the following files, we can directly specify the storage location of the docker hang in the ExecStart startup, so it is regarded as a modification method);
CentOS7:/usr/lib/systemd/system/docker.service  
EnviromentFile=-/etc/sysconfig/docker
Environment=GRAPH=/disk/docker
ExecStart=/usr/bin/dockerd --graph=/disk/docker $GRAPH $OPTIONS 
systemctl daemon-reload           #reload configuration file
systemctl restart docker.service  #Restart docker

WeiyiGeek.docker

Method 4: If docker is version 1.12 or above, you can modify (or create a new) /etc/docker/daemon.json file
The advantages of this method will take effect immediately after the modification, without restarting the docker service.

vim /etc/docker/daemon.json 
{" registry-mirrors":["http://7e61f7f9.m.daocloud.io"],"graph":"/disk/docker"}
2. How to split the container log file?

Description: In addition to docker image taking up a lot of disk space for a long time, writing a lot of logs when the container is running is also a headache, and the business will be down at any time without any monitoring warning (at least I have encountered 1 Times).

By default (JSON File logging drive), Docker captures the standard output (and standard error) of all containers and writes it to a file in JSON format. For the application's standard output (stdout) log, Docker Daemon is running this container A goroutine will be created at the time, responsible for the standard output log.
Since this goroutine is bound to the standard output file descriptor of all processes in the entire container, all standard output logs applied in the container will be received by the goroutine and written to the log file corresponding to this container, that is, the log file is located /var/lib/docker/containers/<container_id> /The file name is -json.log

Docker provides users with a log interface through the docker logs command. The essence of its implementation principle is based on the one-to-one correspondence with the container -json.log, (kubectl logs is similar)

WeiyiGeek.goroutine

Several solutions for excessive log files:

# docker storage-When the driver is overlay2, limit the disk space that a single container can occupy
- 1. xfs, the linux file system CentOS 7, the default file system changed from the original EXT4 to the XFS file system
- 2. pquot(project quotas )SystemXFS supports setting disk quotas by users, groups and projects. Project disk quotas allow you to limit the amount of disk space on a single directory hierarchy.
# Specify the file system type when mounting, use-o enbale project quotas
mount –o prjquota /dev/xvdb1 /xfs
# Limited project=test/data directory soft limit=5M hard limit=6M
xfs_quota –x –c 'limit –p bsoft=5m bhard=6m test'/data

(1) Images space usage:
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE                SHARED SIZE         UNIQUE SIZE         CONTAINERS
onlyoffice/documentserver   latest              d06214a03e27        2 months ago        2.145GB             0B                  2.145GB             1(2)Containers space usage:
CONTAINER ID        IMAGE                       COMMAND                  LOCAL VOLUMES       SIZE                CREATED             STATUS                NAMES
d415211e52da        onlyoffice/documentserver   "/bin/sh -c /app/ds/…"6                   986MB               4 weeks ago         Up 3 days             onlyoffice(4)Local Volumes space usage:
VOLUME NAME                                                        LINKS               SIZE
a4974599165f539b98fd57fc53ccc073a7e8cdf4cd36cbc5e349fb8d4f6a1325   02.51MB(5)Build cache usage: 0B
CACHE ID            CACHE TYPE          SIZE                CREATED             LAST USED           USAGE               SHARED

Practical solution:

# Example 1.Empty stopped containers and volumes including logs/container/The internet/Mirror(To free up space-尽量在缺订需要的container)
docker system prune -af
# Deleted Containers:
# 9 c8a4f60ad62cee63c7d5b48041e29363ee4f839aedb2cec9a76df3e6ccda2e8
# 2 d5cca572c06e11a6a2005cd46d154b71bad151610ce074424a32850aedb2b39
# 8 c78c868d29285afeb00eb617d0a8e3280b6da2f69bf8dd42e04a8e334d3ae22

# Deleted Networks:
# blog_default

# Deleted Images:
# untagged: snipe/snipe-it:latest
# untagged: snipe/[email protected]:7a61e8a407490b9e99c758a18ba814c10fe55f1465e036bfd1ee5445537c7661
# Total reclaimed space:1.096GB

# Example 2./etc/docker/daemon.The modification of this option in the container created by json [restart daemon] cannot take effect,Only valid for newly created containers;"log-driver":"json-file","log-opts":{"max-size":"500m","max-file":"3"}

docker inspect -f '{{.HostConfig.LogConfig}}' test1
# { json-file map[max-file:10 max-size:2m]}
more /var/lib/docker/containers/25d2d645bfc9e6530039d6aac890f69dd9af33f8f966adc2d7287b74964678e3/25d2d645bfc9e6530039d6aac890f69dd9af33f8f966adc2d7287b74964678e3-json.log
# {" log":"Mem: 3164836K used, 696576K free, 45448K shrd, 2104K buff, 1633504K cached\n","stream":"stdout","time":"2020-06-18T03:34:33.738111441Z"}
# {" log":"CPU:   0% usr   0% sys   0% nic 100% idle   0% io   0% irq   0% sirq\n","stream":"stdout","time":"2020-06-18T03:34:33.73833528Z"}
# {" log":"Load average: 0.16 0.20 0.19 1/639 5\n","stream":"stdout","time":"2020-06-18T03:34:33.738342617Z"}

# Example 3.Set the disk space that each container can use to 1G:
{" data-root":"/data/docker","storage-driver":"overlay2","storage-opts":["overlay2.override_kernel_check=true","overlay2.size=1G"],}

# Example 4.Clean up log files
# By rm-If rf or file manager deletes a file, it will unlink from the directory structure of the file system. The premise is that the container is stopped. Otherwise, if the file is occupied by the process, the disk space will always be occupied.
cat /dev/null>/var/lib/docker/containers/<container_id>/containerid-json.log
3. How to configure Docker Deamon to be remotely linked by Docker Client?

Answer: We need to make changes in the docker.service configuration file and add -H tcp://0.0.0.0:2375 to the startup parameters of dockerd

# Modify startup parameters
nano /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd://--containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375

# Reload the daemon and restart docker
systemctl daemon-reload
systemctl restart docker

# Check the monitoring situation
netstat -tlnp
# Active Internet connections(only servers)
# Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
# tcp6       00:::2375:::*                    LISTEN      11389/dockerd

# Simple authentication remote access
curl http://127.0.0.1:2375/containers/json | jq
[{" Id":"25d2d645bfc9e6530039d6aac890f69dd9af33f8f966adc2d7287b74964678e3","Names":["/test1"],"Image":"test1","ImageID":"sha256:5ec0e2b89f7aadb6178c17b3db73aba2e209f9556a436562de7f32b077b776bd","Command":"top -b -d 2","Created":1592451272,"Ports":[],"Labels":{"Author":"WeiyiGeek","Description":"Test Dockerfile"},"State":"running","Status":"Up 35 minutes","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"257f6a8500710d76efba6a1c9be8c0f10b4308afb481baf1e9ba77cf98f596bd","EndpointID":"ac4518815359da7b8182167dfeeec728c0ea51accd1736719005f1596797e944","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02","DriverOpts":null}}},"Mounts":[]}]

WeiyiGeek.Dockerd-TCP

4. Modify the mapping port of the running container#####

Description: Recommended method 2 and 3 for the running container to modify its mapping port;

$nano /var/lib/docker/containers/d415211e52da6ca66aeee3c81b38be609ffac59522b06e0ff9fa253e29fa441a/hostconfig.json
# Set the port to be mapped according to the following json format
" PortBindings":{"443/tcp":[{"HostIp":"","HostPort":"9000"}],"80/tcp":[{"HostIp":"","HostPort":"9001"}]}

$systemctl restart docker
$docker ps
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS                             PORTS                                                 NAMES
d415211e52da        onlyoffice/documentserver   "/bin/sh -c /app/ds/…"43 minutes ago      Up 14 seconds                      0.0.0.0:9001->80/tcp,0.0.0.0:9000->443/tcp           onlyoffice

Answer: The local resources related to Docker are stored in the /var/lib/docker/ directory by default, and the overlay2 file system is taken as an example by default
The container directory stores container information, the graph directory stores image information, and the aufs directory stores specific image layer files.

$ll /var/lib/docker/image/overlay2/distribution/diffid-by-digest/sha256/
Total amount 16-rw-r--r--1 root root 716 months 415:15 3c78d525c5d6e0101e4f53d5e4ee827c838b9d346f44e40db49c66638040d980
- rw-r--r--1 root root 716 months 415:15 44559339aea968e196d4930b3d79068926964f415c0fccd3e1b197a5dd928ee7
6. How to assign a fixed IP address to the container instead of changing the IP address every time the container is restarted? _

Answer: Customize the establishment of a fixed subnet for network settings and a fixed IP of the container

$ docker network create -d bridge --subnet 172.25.0.0/16 my-net
$ docker run --network=my-net --ip=172.25.3.3-itd --name=my-container busybox
7. Modify the storage and mount path in the created image or the running container

Description: Modify the operation process related to the newly mounted path in the created image or the running container;
The process is as follows:

#1. Stop the docker container and service
sudo docker stop $(docker ps -a | awk '{ print $1}'| tail -n +2)
sudo service docker stop

#2. Backup container configuration file
cd /var/lib/docker/containers/de9c6501cdd3
cp hostconfig.json{,.bak}
cp config.v2.json{,.bak}

#3. Modify the configuration path before the colon of hostconfig
cat -n hostconfig.json | grep -C 5"Binds"

#4. Modify the source configuration path of config
cat config.v2.json
" MountPoints":{"/etc/mysql/my.cnf":{"Source":"/home/server/mysql/conf/my.cnf","Destination":"/etc/mysql/my.cnf","RW":true,"Name":"","Driver":"","Relabel":"","Propagation":"rprivate","Named":false,"ID":""},....

#5. Then start the docker service
8. How to enter the network namespace of the Docker container?

Description: Docker deleted the relevant network namespace files in the /var/run/netns directory on the host host after creating the container.
Therefore, the network namespace of the container cannot be seen or accessed on the host host.

# The following operations can view and set the network namespace
$ docker inspect --format='{{. State.Pid}} ' $container_id  #Get the container process ID
1234
$ sudo ln -s /proc/1234/ns/net /var/run/netns/ #Link the corresponding network namespace file in the proc directory to/var/run/netns directory.
# Then, you can see the network namespace information of the container on the host host. E.g**
$ sudo ip netns show
1234

# Set the namespace of the operation container
$ sudo ip netns exec 1234 ifconfig eth0 172.17.0.100/16
9. How to reset Docker local data#####

$ sudo rm -rf /var/lib/docker #Note that this operation will remove all Docker local data, including images and containers.

0 x02 Into the pit####

Report error problem 0: requires containerd.io >= 1.2.2-3, but none of the providers can be installed
Environment: CentOS 8 1911 (Core)
Error problem:

package docker-ce-3:18.09.9-3.el7.x86_64 requires containerd.io >=1.2.2-3, but none of the providers can be installed
 - conflicting requests
 - package containerd.io-1.2.10-3.2.el7.x86_64 is excluded
 - package containerd.io-1.2.13-3.1.el7.x86_64 is excluded
 - package containerd.io-1.2.2-3.3.el7.x86_64 is excluded
 - package containerd.io-1.2.2-3.el7.x86_64 is excluded
 - package containerd.io-1.2.4-3.1.el7.x86_64 is excluded
 - package containerd.io-1.2.5-3.1.el7.x86_64 is excluded
 - package containerd.io-1.2.6-3.3.el7.x86_64 is excluded(Try to add'--skip-broken'To skip packages that cannot be installed or'--nobest'Not only use the best choice of software packages)

Solution:

yum install -y wget
wget https://download.docker.com/linux/centos/7/x86_64/edge/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
yum install -y containerd.io-1.2.6-3.3.el7.x86_64.rpm
yum install docker-ce docker-ce-cli

Error question 1: Error running DeviceCreate (createSnapDevice) dm_task_run failed
Error message:

docker:Error running DeviceCreate(createSnapDevice) dm_task_run failed

Solution: Rebuild the resource pool metadata, https://stackoverflow.com/questions/30719896/docker-dm-task-run-failed-error

# Different installation paths may be different
service docker stop
thin_check /var/lib/docker/devicemapper/devicemapper/metadata
thin_check --clear-needs-check-flag /var/lib/docker/devicemapper/devicemapper/metadata
service docker start

Error question 2: Error response from daemon: devmapper: Error mounting: invalid argument
Error message:

docker start e7e
Error response from daemon: devmapper: Error mounting '/dev/mapper/docker-253:4-11534337-ee772425c4996ca581e5c234806adf41aede9424a83ce1402596105a9f66434d' on '/export/docker/devicemapper/mnt/ee772425c4996ca581e5c234806adf41aede9424a83ce1402596105a9f66434d': invalid argument

The reason for the error: The container was created when selinux was enabled. Then modified /etc/selinux/config to selinux as disabled.

After the physical machine is restarted, selinux is in the closed state, the container originally created when selinux is enabled cannot start and report this error.

Repair method:

There are two main types:
1. You can reset selinux to enable and restart the physical machine to fix it.
2. Modify the configuration of the container, for example, the configuration of my container is/var/lib/docker/containers/e7ef71494940ba293be4b3f74198bf34835c35537810053b051d9a6c33adbd32/config.v2.json file. Among them"MountLabel":"system_u:object_r:svirt_sandbox_file_t:s0:c12,c257","ProcessLabel":"system_u:system_r:svirt_lxc_net_t:s0:c12,c257"Rework and modify to"MountLabel":"","ProcessLabel":"", And then restart the docker daemon, the container can be repaired.

Error question 3: Error response from daemon: devmapper: Thin Pool has 155398 free data blocks which is less than minimum required 163840 free data blocks.
Error message:

/usr/bin/docker-current: Error response from daemon: devmapper: Thin Pool has 155398 free data blocks which is less than minimum required 163840 free data blocks. Create more free space in thin pool or use dm.min_free_space option to change behavior

Solution:

sudo docker rm $(sudo docker ps -q -f status=exited)
sudo docker volume rm $(sudo docker volume ls -qf dangling=true)
sudo docker rmi $(sudo docker images --filter "dangling=true"-q --no-trunc)

Error question 4: [graphdriver] prior storage driver \”devicemapper\” failed: devmapper: Base Device UUID and Filesystem verification failed: devmapper: Current Base Device
Operating environment: CentOS 7.3.1611, Docker Version 1.12.6-16.el7.centis.x86_64, API 1.24;
Error message:

# Docker startup error
docker.service - Docker Application Container Engine
 Loaded:loaded(/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
 Drop-In:/usr/lib/systemd/system/docker.service.d
   └─flannel.conf
 Process:5226 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY(code=exited, status=1/FAILURE)
 Main PID:5226(code=exited, status=1/FAILURE)
# Key point of error
dockerd-current[5226]: time="..." level=info msg="libcontainerd: new containerd process, pid: 5238"
dockerd-current[5226]: time="..." level=warning msg="devmapper: Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to dm.thinpooldev section."
node-198 dockerd-current[5226]: time="2020-01-18T17:00:27.872191345+08:00" level=error msg="[graphdriver] prior storage driver \"devicemapper\" failed: devmapper: Base Device UUID and Filesystem verification failed: devmapper: Current Base Device UUID:59df6192-df22-4d88-9e90-02755e7e3242 does not match with stored UUID:24907e3f-5114-4948-91ea-c1a4e92854ef. Possibly using a different thin pool than last invocation"
node-198 dockerd-current[5226]: time="2020-01-18T17:00:27.872410561+08:00" level=fatal msg="Error starting daemon: error initializing graphdriver: devmapper: Base Device UUID and Filesystem verification failed: devmapper: Current Base Device UUID:59df6192-df22-4d88-9e90-02755e7e3242 does not match with stored UUID:24907e3f-5114-4948-91ea-c1a4e92854ef. Possibly using a different thin pool than last invocation"

The cause of the error: Since the Metadata disk storing Docker was mounted, the storage was abnormally shut down during a certain shutdown. After the solution was resolved, the machine was mounted on the remote NFS disk. After the mounting, the UUID of the disk changed, resulting in the loopback. The method cannot connect to the storage pool of Docker's DeviceMapper;

Solution: Check the actual uuid of loop0 and modify the UUID in deviceset-metadata

# View system disk UUID
$ls -alh /dev/disk/by-uuid
$blkid
#59 df6192-df22-4d88-9e90-02755e7e3242

# Conventional path
/var/lib/docker/devicemapper/metadata/deviceset-metadata
# Custom path
/disk/docker/devicemapper/metadata/deviceset-metadata
# Content settings
{" next_device_id":1,"BaseDeviceUUID":"59df6192-df22-4d88-9e90-02755e7e3242","BaseDeviceFilesystem":"xfs"}

Precautions:

Error message 5: Usage of loopback devices is strongly discouraged for production use

# docker info or can be seen at startup
WARNING: Usage of loopback devices is strongly discouraged for production use

Reason for error: It is strongly not recommended to run docker in loopback mode;

Solution:

# Way 1:Add Docker in the Docker startup item_STORAGE_OPTIONS(Not recommended,Just ignore the warning)
DOCKER_STORAGE_OPTIONS="--storage-opt dm.no_warn_on_loop_devices=true"

# Method 2: When the docker daemon is started, add the metadata storage of the device mapper and the mirror data storage of the docker to select independent block devices, either lvm or independent disk partitions
- - storage-opt dm.datadev=/dev/xxxx  --storage-opt dm.metadatadev=/dev/xxx

WeiyiGeek. Solution

Error message 6: Socket/TCP of Docker Deamon service cannot be connected

#1. start up/Stop docker:
Start systemctl start docker
Daemon restart sudo systemctl daemon-reload
Restart the docker service systemctl restart docker
Sudo service docker restart
Close docker service docker stop
Close docker systemctl stop docker
#2. Add the current user to the docker user group, and then log in to the current user again
sudo gpasswd -a ${USER} docker
#3. Run docker as a high-privileged user
sudo systemctl start docker

Exception message 7: The specified container is connected to the current connection and the networks keyword custom network, the application still cannot interconnect with each other
Problem: When using Docker-compose to deploy multiple containers, it has been set to connect the specified container to the current connection and the network keyword custom network, and the applications still cannot be interconnected;
Reason: firewalld does not trust docker's ip address
Solution: Add all docker ip to the whitelist.

$firewall-cmd  --zone=trusted --add-source=172.17.0.1/16--permanent
success
$firewall-cmd  --zone=trusted --add-source=172.20.0.1/16--permanent
success
$firewall-cmd --reload
success

WeiyiGeek. Container Interconnection

Exception message 8: pull images x509 certificate has expired or is not yet valid
Description: Set up docker to pull the mirror mirror source, when pulling and downloading the mirror, it prompts that the certificate verification fails;

$sudo docker pull onlyoffice/documentserver
Using default tag: latest
Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate has expired or is not yet valid

Cause of the error: Generally, the local system time error causes the error certificate to expire, so check the local system time first

$date
2019 Sunday, May 19,:57:54 CST

Solution: Synchronize the time to the current time to solve: ntpdate cn.pool.ntp.org;

Exception information 9. The following warning appears when docker info is executed: bridge-nf-call-iptables is disabled
Problem Description:

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Solution: Configure iptables to view bridged network traffic

cat >/etc/sysctl.conf<<'EOF'
net.bridge.bridge-nf-call-ip6tables =1
net.bridge.bridge-nf-call-iptables =1
EOF
sysctl -p

Exception message 10. The error message standard_init_linux.go:211: exec user process caused "no such file or directory" is displayed when building a container image.
Problem recovery:

$docker-compose up
Starting blog ... done
Attaching to blog
blog    | standard_init_linux.go:211: exec user process caused "no such file or directory"
blog exited with code 1

problem causes:

Exception information 11.Error response from daemon: driver failed programming external connectivity on endpoint loving_bassi (37b4c399f676cf46e35fd26b2298ad81aac87739d8aee416f449e36c6cb22503)
Problem information: docker: Error response from daemon: driver failed programming external connectivity on endpoint loving_bassi (37b4c399f676cf46e35fd26b2298ad81aac87739d8aee416f449e36c6cb22503): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 90 DNA to-destination 172.17.0.2:80! -i docker0: iptables: No chain/target/match by that name.
The cause of the problem: There is no such chain, target, and rule match in the docker0 network card in iptables, that is, the custom chain DOCKER defined when the docker service is started is cleared for some reason;
Solution: Restart the docker service and regenerate the custom chain DOCKER and then start the container;

# pkill docker
# iptables -t nat -F
# ifconfig docker0 down
# brctl delbr docker0
# service docker restart

Exception information 12. When using the docker port command to map the port of the container, the system reports an error "Error: No public port '80' published for xxx"
The cause of the problem: Dockerfile must specify the correct open port through EXPOSE when creating a mirror.
Solution: Specify PublishAllPort = true when the container starts.

**Exception information 13. When using memory and swap restrictions to start the container, a warning is reported: "WARNING: Your kernel does not support cgroup swap limit. WARNING: Your kernel does not support swap limit capabilities. Limitation discarded."? **
Cause of the problem: Because the system does not enable the statistical function of memory and swap usage by default, the introduction of this function will bring performance degradation. To enable this function, you can take the following actions;
Solution:

Exception information 14.Docker warning WARING: No swap limit support
Problem description: The warning WARNING: No swap limit support in the docker memory limit under the Linux operating system probably means that the swap memory limit is not supported;
Solution: Tested under Ubuntu 20.04 TLS

# 1. edit/etc/default/grub file.
vim /etc/default/grub

# 2. Find GRUB_CMDLINE_LINUX=Configuration item and append &quot;cgroup_enable=memory swapaccount=1”。

# 3. Save the file and execute the following command:
sudo update-grub

# 4. Restart server
reboot

0 x03 Interview Questions####

Answer: When using the ADD command, if the source file to be copied is a tar package, it will help us unpack the tar package to the specified directory when building the container, and using the copy command will not decompress the tar package;
Another difference is that the ADD instruction can either add a file in the build context or a URL, while COPY can only add files in the build context;

Answer: The difference in usage scenarios CMD instructions are the commands and parameters that are executed by default after the container is started ((if multiple CMDs are defined, only the last one is executed)), and ENTRYPOINT is used for the preparation work before the application runs (let the container be the application Or run as a service);
Note: At least one CMD or ENTRYPOINT instruction needs to be set in the Dockerfile;

Recommended Posts

n1. Docker installation and operation exceptions encountered
ubuntu Docker installation and deployment of Rancher
Ubuntu installation and deployment Redash operation notes (2020.08)
CentOS7 docker installation
CentOS7 Docker Nginx deployment and operation detailed explanation
Installation and cracking of confluence6.3 operation records under Centos
Installation and cracking of Jira7 operation records under Centos
One, docker into the pit (win10 and Ubuntu installation)
Common exceptions and solutions for Ubuntu system installation and configuration
PyCUDA-Ubuntu 14.04 installation and testing
OpenMPI-Ubuntu installation and configuration
Ubuntu introduction and installation
docker (consul and Jenkins)
Docker CentOS installation method
Centos7 docker installation details