system/docker/README


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

Docker is an open-source project to easily create lightweight, portable,
self-sufficient containers from any application. The same container that
a developer builds and tests on a laptop can run at scale, in production,
on VMs, bare metal, OpenStack clusters, public clouds and more.

To use docker as a limited user, add your user to the 'docker' group:

	# groupadd -r -g 281 docker
	# usermod -a -G docker <your_username>

This will require logging out and back in.

To have the docker daemon start and stop with your host,
add to /etc/rc.d/rc.local:

	if [ -x /etc/rc.d/rc.docker ]; then
		/etc/rc.d/rc.docker start
	fi

and to /etc/rc.d/rc.local_shutdown (creating it if needed):

	if [ -x /etc/rc.d/rc.docker ]; then
		/etc/rc.d/rc.docker stop
	fi

For cgroups, docker does not support mounting cgroups on the "all" single hierarchy controller,
but rather the individual controllers.

To accomplish this, add the following to your /etc/fstab:

  cgroup                                  /cgroup/cpuset          cgroup          rw,relatime,cpuset 0 0
  cgroup                                  /cgroup/cpu             cgroup          rw,relatime,cpu 0 0
  cgroup                                  /cgroup/cpuacct         cgroup          rw,relatime,cpuacct 0 0
  cgroup                                  /cgroup/memory          cgroup          rw,relatime,memory 0 0
  cgroup                                  /cgroup/devices         cgroup          rw,relatime,devices 0 0
  cgroup                                  /cgroup/freezer         cgroup          rw,relatime,freezer 0 0
  cgroup                                  /cgroup/net_cls         cgroup          rw,relatime,net_cls 0 0
  cgroup                                  /cgroup/blkio           cgroup          rw,relatime,blkio 0 0


And in addition, add to /etc/cgconfig.conf the following:

	mount { 
        	cpuset  = /cgroup/cpuset;
        	cpu     = /cgroup/cpu;
        	cpuacct = /cgroup/cpuacct;
        	memory  = /cgroup/memory;
        	devices = /cgroup/devices;
        	freezer = /cgroup/freezer;
        	net_cls = /cgroup/net_cls;
        	blkio   = /cgroup/blkio;
	}

If you are interested in enabling cgroup memory resource controll over swap as
well, then append "swapaccount=1" to your kernel's parameters. This is often in
/etc/lilo.conf, on the "append" variable.

NOTE: google-go-lang is only needed at compile time - not needed for runtime.