|
Size: 855
Comment: Add note on root access, wharfer and docker-no-trivial-root
|
Size: 2176
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
= How to install Docker on Ubuntu 16.04 = [[https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-16-04|How To Install and Use Docker on Ubuntu 16.04]] (very well explained + provides interesting details + it works) = Installing Wharfer on one of the AD machines = {{{ > sudo vim /etc/docker/daemon.json { "userns-remap": "<remap_user | default >" } # Currently the remap user needs to be created per machine # It needs to be added to /etc/subuid, /etc/subgid manually because these aren't # automatically updated with our user management (they are on standard Ubuntu). # If the name "default" is used docker creates a "dockremap" user. # In this case the /etc/subuid, /etc/subgid files need to look like the following so that # the processes in the container appear as "nobody" on the host > sudo vim /etc/subuid … append .. dockremap:65534:65536 > sudo vim /etc/subgid … append … dockremap:65534:65536 # If more security than provided by wharfer is needed (e.g. lots of students) # also install https://github.com/ad-freiburg/docker-no-trivial-root # Note however that its restrictions then also apply to non-wharfer docker # use while wharfer alone does not impact other docker use # Install docker-no-trivial-root following the instructions in the Setup section on GitHub https://github.com/ad-freiburg/docker-no-trivial-root#setup #Install wharfer following the instructions in the Setup section on GitHub https://github.com/ad-freiburg/wharfer#setup }}} = Docker Troubleshooting = |
|
| Line 6: | Line 47: |
| Line 17: | Line 59: |
== How to install docker == [[https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-16-04|How To Install and Use Docker on Ubuntu 16.04]] (very well explained + provides interesting details + it works) To be continued ... |
Contents
How to install Docker on Ubuntu 16.04
How To Install and Use Docker on Ubuntu 16.04 (very well explained + provides interesting details + it works)
Installing Wharfer on one of the AD machines
> sudo vim /etc/docker/daemon.json
{
"userns-remap": "<remap_user | default >"
}
# Currently the remap user needs to be created per machine
# It needs to be added to /etc/subuid, /etc/subgid manually because these aren't
# automatically updated with our user management (they are on standard Ubuntu).
# If the name "default" is used docker creates a "dockremap" user.
# In this case the /etc/subuid, /etc/subgid files need to look like the following so that
# the processes in the container appear as "nobody" on the host
> sudo vim /etc/subuid
… append ..
dockremap:65534:65536
> sudo vim /etc/subgid
… append …
dockremap:65534:65536
# If more security than provided by wharfer is needed (e.g. lots of students)
# also install https://github.com/ad-freiburg/docker-no-trivial-root
# Note however that its restrictions then also apply to non-wharfer docker
# use while wharfer alone does not impact other docker use
# Install docker-no-trivial-root following the instructions in the Setup section on GitHub
https://github.com/ad-freiburg/docker-no-trivial-root#setup
#Install wharfer following the instructions in the Setup section on GitHub
https://github.com/ad-freiburg/wharfer#setup
Docker Troubleshooting
"docker: Got permission denied while trying to connect" or "ERROR: Couldn't connect to Docker daemon" (2018-01-19)
WARNING: This is defacto equivalent to root access
We're currently working on two solutions that combined should in the future be relatively safe. These are wharfer and docker-no-trivial-root
Add user to group docker and switch to that group:
sudo usermod -aG docker <username> # Logout # Login newgrp docker