Size: 1757
Comment: improve wharfer
|
Size: 2042
Comment:
|
Deletions are marked like this. | Additions are marked like this. |
Line 10: | Line 10: |
sudo vim /etc/docker/daemon.json | > sudo vim /etc/docker/daemon.json |
Line 17: | Line 17: |
# If the name "default" is used docker creates a "dockremap" user | |
Line 19: | Line 18: |
# If more security than provided by wharfer is needed (e.g. lot's of students) | # If the name "default" is used docker creates a "dockremap" user. # In this case the /etc/subuid, /etc/subgid files need to look like the following so that # the processes in the container appear as "nobody" on the host > sudo vim /etc/subuid … append .. dockremap:65534:65536 > sudo vim /etc/subgid … append … dockremap:65534:65536 # If more security than provided by wharfer is needed (e.g. lots of students) |
Contents
How to install Docker on Ubuntu 16.04
How To Install and Use Docker on Ubuntu 16.04 (very well explained + provides interesting details + it works)
Installing Wharfer on one of the AD machines
> sudo vim /etc/docker/daemon.json { "userns-remap": "<remap_user | default >" } # Currently the remap user needs to be created per machine # It needs to be added to /etc/subuid, /etc/subgid manually because these aren't # automatically updated with our user management (they are on standard Ubuntu). # If the name "default" is used docker creates a "dockremap" user. # In this case the /etc/subuid, /etc/subgid files need to look like the following so that # the processes in the container appear as "nobody" on the host > sudo vim /etc/subuid … append .. dockremap:65534:65536 > sudo vim /etc/subgid … append … dockremap:65534:65536 # If more security than provided by wharfer is needed (e.g. lots of students) # also install https://github.com/ad-freiburg/docker-no-trivial-root # Note however that its restrictions then also apply to non-wharfer docker # use while wharfer alone does not impact other docker use # Install wharfer following the instructions at the Building/Download and Setup sections https://github.com/ad-freiburg/wharfer#buildingdownload
Docker Troubleshooting
"docker: Got permission denied while trying to connect" or "ERROR: Couldn't connect to Docker daemon" (2018-01-19)
WARNING: This is defacto equivalent to root access
We're currently working on two solutions that combined should in the future be relatively safe. These are wharfer and docker-no-trivial-root
Add user to group docker and switch to that group:
sudo usermod -aG docker <username> # Logout # Login newgrp docker