🪆
Proxmoxでコンテナ
Proxmoxには
こんなボタンがあるので、コンテナも作れるんだ、くらいに思っていたのですが、実際には試したことがないので試してみました。
Proxmoxの"コンテナ"はLXC(Linux Container)らしい。
DockerやKubernetesの"コンテナ"とはちょっと違う。
今回はアプリケーションコンテナ(Docker)を使ってみる。
- LXC
- OS環境をコンテナ化する
- UbuntuやCentOSのカーネルだけをホストと共有する感じ
- Docker
- アプリケーションをコンテナ化する
- nginxプロセスなどを隔離環境で動かす。カーネルはホストと共有。
ProxmoxでDockerを動かすときはVMで動かすことが推奨らしい。
If you want to run application containers, for example, Docker images, it is recommended that you run them inside a Proxmox QEMU VM. This will give you all the advantages of application containerization, while also providing the benefits that VMs offer, such as strong isolation from the host and the ability to live-migrate, which otherwise isn’t possible with containers.
とはいえ、商用環境でなければ動きそうなのでやってみる。
StorageのlocalのCT templateでtemplatesを押す。
一覧はコマンドラインでも出るpveam available
root@pve1:~# pveam update
update successful
root@pve1:~# pveam available
mail proxmox-mail-gateway-8.1-standard_8.1-1_amd64.tar.zst
mail proxmox-mailgateway-7.3-standard_7.3-1_amd64.tar.zst
mail proxmox-mailgateway-8.0-standard_8.0-1_amd64.tar.zst
system almalinux-9-default_20221108_amd64.tar.xz
system alpine-3.18-default_20230607_amd64.tar.xz
system alpine-3.19-default_20240207_amd64.tar.xz
system archlinux-base_20230608-1_amd64.tar.zst
system centos-9-stream-default_20221109_amd64.tar.xz
system debian-11-standard_11.7-1_amd64.tar.zst
system debian-12-standard_12.2-1_amd64.tar.zst
system devuan-4.0-standard_4.0_amd64.tar.gz
system fedora-38-default_20230607_amd64.tar.xz
system fedora-39-default_20231118_amd64.tar.xz
system gentoo-current-openrc_20231009_amd64.tar.xz
system opensuse-15.4-default_20221109_amd64.tar.xz
system opensuse-15.5-default_20231118_amd64.tar.xz
system rockylinux-9-default_20221109_amd64.tar.xz
system ubuntu-20.04-standard_20.04-1_amd64.tar.gz
system ubuntu-22.04-standard_22.04-1_amd64.tar.zst
system ubuntu-23.04-standard_23.04-1_amd64.tar.zst
system ubuntu-23.10-standard_23.10-1_amd64.tar.zst
turnkeylinux debian-10-turnkey-collabtive_16.1-1_amd64.tar.gz
turnkeylinux debian-10-turnkey-concrete5_16.1-1_amd64.tar.gz
turnkeylinux debian-10-turnkey-drupal8_16.2-1_amd64.tar.gz
turnkeylinux debian-10-turnkey-ezplatform_16.0-1_amd64.tar.gz
turnkeylinux debian-10-turnkey-foodsoft_16.1-1_amd64.tar.gz
turnkeylinux debian-10-turnkey-magento_16.1-1_amd64.tar.gz
turnkeylinux debian-10-turnkey-moinmoin_16.1-1_amd64.tar.gz
turnkeylinux debian-10-turnkey-mongodb_16.1-1_amd64.tar.gz
turnkeylinux debian-10-turnkey-processmaker_16.1-1_amd64.tar.gz
turnkeylinux debian-10-turnkey-revision-control_16.1-1_amd64.tar.gz
turnkeylinux debian-10-turnkey-trac_16.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-ansible_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-asp-net-core_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-b2evolution_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-canvas_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-domain-controller_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-drupal9_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-faveo-helpdesk_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-fileserver_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-gallery_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-gameserver_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-ghost_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-gnusocial_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-jenkins_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-joomla3_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-mahara_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-mayan-edms_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-mediaserver_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-moodle_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-mumble_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-odoo_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-plone_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-rails_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-redis_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-sahana-eden_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-snipe-it_17.3-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-symfony_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-tkldev_17.2-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-tomcat-apache_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-tomcat_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-torrentserver_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-tracks_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-ushahidi_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-vanilla_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-xoops_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-yiiframework_17.1-1_amd64.tar.gz
turnkeylinux debian-11-turnkey-zoneminder_17.2-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-avideo_18.1-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-bagisto_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-bookstack_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-bugzilla_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-cakephp_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-codeigniter_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-concrete-cms_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-core_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-couchdb_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-django_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-dokuwiki_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-drupal10_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-drupal7_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-e107_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-elgg_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-espocrm_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-etherpad_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-foswiki_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-gitea_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-gitlab_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-icescrum_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-invoice-ninja_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-joomla4_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-lamp_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-lapp_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-laravel_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-leantime_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-lighttpd-php-fastcgi_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-limesurvey_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-mantis_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-matomo_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-mattermost_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-mediawiki_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-mibew_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-mysql_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-nextcloud_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-nginx-php-fastcgi_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-nodejs_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-observium_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-omeka_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-opencart_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-openldap_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-openvpn_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-orangehrm_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-oscommerce_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-otrs_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-owncloud_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-phpbb_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-phplist_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-postgresql_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-prestashop_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-processwire_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-redmine_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-roundup_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-silverstripe_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-simplemachines_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-suitecrm_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-syncthing_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-typo3_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-web2py_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-wireguard_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-wordpress_18.0-1_amd64.tar.gz
turnkeylinux debian-12-turnkey-zencart_18.0-1_amd64.tar.gz
turnkeylinuxというのがDockerに近いアプリケーション寄りのコンテナに見える。100個くらいしかないので、このなかに使いたいアプリがある場合はこれでもよさそう("turnkey"は鍵を回すだけでOKということで"すぐに使える"とかの意味)
使えるOSはこんな感じ。
- Debian: 昔からあるメジャーなapt系のdistribution
- Devuan: Debianからsystemdを抜いたやつ
- Ubuntu: 個人的によく使うapt系
- CentOS, AlmaLinux, Rocky: RHELクローン
- Fedora: RedHat系の新しいのを使いたいとき向け
- Alpine: 軽い
- OpenSUSE: 古株SUSEの血を引くdistribution。使ったことはない。
- Gentoo: パッケージをインストールするときにソースコードを落としてローカルインストールするらしい。面白そうだけど使い捨てには不便そう。
- ArchLinux: Gentooと並んでローリングリリースという明確なバージョン番号を持たないdistribution。
Dockerが動くx86_64系のdistribution
- CentOS
- Debian
- Fedora
- Ubuntu
とりあえずDebianで行ってみる。
Download
Create CT
作成完了
コンテナを起動してpct enter コンテナ番号でコンテナのシェルに入る。IPアドレスがわかるので、コンテナ作成時に指定したSSH鍵でログイン可能。
カーネルはホストと共用。
root@pve1:~# uname -a
Linux pve1 6.5.13-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.5.13-1 (2024-02-05T13:50Z) x86_64 GNU/Linux
root@pve1:~# pct enter 111
root@docker01:~# ip -br -4 addr
lo UNKNOWN 127.0.0.1/8
eth0@if53 UP 192.168.10.103/24
root@docker01:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@docker01:~# uname -a
Linux docker01 6.5.13-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.5.13-1 (2024-02-05T13:50Z) x86_64 GNU/Linux
次はLXCコンテナにDockerをインストール
手順:https://docs.docker.com/engine/install/debian/
root@docker01:~# apt-get update
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://security.debian.org bookworm-security InRelease [48.0 kB]
Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:4 http://security.debian.org bookworm-security/main amd64 Packages [155 kB]
Get:5 http://security.debian.org bookworm-security/main Translation-en [94.3 kB]
Get:6 http://security.debian.org bookworm-security/contrib amd64 Packages [644 B]
Get:7 http://security.debian.org bookworm-security/contrib Translation-en [372 B]
Get:8 http://deb.debian.org/debian bookworm/main amd64 Packages [8786 kB]
Get:9 http://deb.debian.org/debian bookworm-updates/main amd64 Packages.diff/Index [10.6 kB]
Get:10 http://deb.debian.org/debian bookworm-updates/contrib amd64 Packages.diff/Index [1591 B]
Get:11 http://deb.debian.org/debian bookworm-updates/main amd64 Packages T-2024-04-23-2036.10-F-2023-11-06-2008.27.pdiff [8935 B]
Get:11 http://deb.debian.org/debian bookworm-updates/main amd64 Packages T-2024-04-23-2036.10-F-2023-11-06-2008.27.pdiff [8935 B]
Get:12 http://deb.debian.org/debian bookworm-updates/contrib amd64 Packages T-2024-02-16-2007.16-F-2024-02-16-2007.16.pdiff [682 B]
Get:12 http://deb.debian.org/debian bookworm-updates/contrib amd64 Packages T-2024-02-16-2007.16-F-2024-02-16-2007.16.pdiff [682 B]
Get:13 http://deb.debian.org/debian bookworm/main Translation-en [6109 kB]
Get:14 http://deb.debian.org/debian bookworm/contrib amd64 Packages [54.1 kB]
Get:15 http://deb.debian.org/debian bookworm/contrib Translation-en [48.7 kB]
Get:16 http://deb.debian.org/debian bookworm-updates/main Translation-en [16.0 kB]
Get:17 http://deb.debian.org/debian bookworm-updates/contrib Translation-en [408 B]
Fetched 15.5 MB in 3s (5436 kB/s)
Reading package lists... Done
N: Repository 'http://deb.debian.org/debian bookworm InRelease' changed its 'Version' value from '12.2' to '12.5'
root@docker01:~# apt-get install ca-certificates curl
Reading package lists... Done
Building dependency tree... Done
ca-certificates is already the newest version (20230311).
The following additional packages will be installed:
libcurl3-gnutls libcurl4
The following NEW packages will be installed:
curl libcurl4
The following packages will be upgraded:
libcurl3-gnutls
1 upgraded, 2 newly installed, 0 to remove and 47 not upgraded.
Need to get 1090 kB of archives.
After this operation, 1363 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://deb.debian.org/debian bookworm/main amd64 libcurl4 amd64 7.88.1-10+deb12u5 [390 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 curl amd64 7.88.1-10+deb12u5 [315 kB]
Get:3 http://deb.debian.org/debian bookworm/main amd64 libcurl3-gnutls amd64 7.88.1-10+deb12u5 [385 kB]
Fetched 1090 kB in 0s (7363 kB/s)
Reading changelogs... Done
Selecting previously unselected package libcurl4:amd64.
(Reading database ... 19150 files and directories currently installed.)
Preparing to unpack .../libcurl4_7.88.1-10+deb12u5_amd64.deb ...
Unpacking libcurl4:amd64 (7.88.1-10+deb12u5) ...
Selecting previously unselected package curl.
Preparing to unpack .../curl_7.88.1-10+deb12u5_amd64.deb ...
Unpacking curl (7.88.1-10+deb12u5) ...
Preparing to unpack .../libcurl3-gnutls_7.88.1-10+deb12u5_amd64.deb ...
Unpacking libcurl3-gnutls:amd64 (7.88.1-10+deb12u5) over (7.88.1-10+deb12u3) ...
Setting up libcurl3-gnutls:amd64 (7.88.1-10+deb12u5) ...
Setting up libcurl4:amd64 (7.88.1-10+deb12u5) ...
Setting up curl (7.88.1-10+deb12u5) ...
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for libc-bin (2.36-9+deb12u3) ...
root@docker01:~# install -m 0755 -d /etc/apt/keyrings
root@docker01:~# curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
root@docker01:~# chmod a+r /etc/apt/keyrings/docker.asc
root@docker01:~# echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
> tee /etc/apt/sources.list.d/docker.list > /dev/null
root@docker01:~# apt-get update
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://deb.debian.org/debian bookworm-updates InRelease
Hit:3 http://security.debian.org bookworm-security InRelease
Get:4 https://download.docker.com/linux/debian bookworm InRelease [43.3 kB]
Get:5 https://download.docker.com/linux/debian bookworm/stable amd64 Packages [22.3 kB]
Fetched 65.6 kB in 0s (144 kB/s)
Reading package lists... Done
root@docker01:~# apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
apparmor dbus-user-session docker-ce-rootless-extras git git-man iptables liberror-perl libglib2.0-0 libglib2.0-data libip6tc2 libltdl7 libnetfilter-conntrack3 libnfnetlink0 libslirp0 patch pigz
shared-mime-info slirp4netns xdg-user-dirs
Suggested packages:
apparmor-profiles-extra apparmor-utils aufs-tools cgroupfs-mount | cgroup-lite git-daemon-run | git-daemon-sysvinit git-doc git-email git-gui gitk gitweb git-cvs git-mediawiki git-svn firewalld
low-memory-monitor ed diffutils-doc
The following NEW packages will be installed:
apparmor containerd.io dbus-user-session docker-buildx-plugin docker-ce docker-ce-cli docker-ce-rootless-extras docker-compose-plugin git git-man iptables liberror-perl libglib2.0-0 libglib2.0-data
libip6tc2 libltdl7 libnetfilter-conntrack3 libnfnetlink0 libslirp0 patch pigz shared-mime-info slirp4netns xdg-user-dirs
0 upgraded, 24 newly installed, 0 to remove and 47 not upgraded.
Need to get 136 MB of archives.
After this operation, 507 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://deb.debian.org/debian bookworm/main amd64 pigz amd64 2.6-1 [64.0 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 apparmor amd64 3.0.8-3 [616 kB]
Get:3 http://deb.debian.org/debian bookworm/main amd64 dbus-user-session amd64 1.14.10-1~deb12u1 [78.1 kB]
Get:4 http://deb.debian.org/debian bookworm/main amd64 libip6tc2 amd64 1.8.9-2 [19.4 kB]
Get:5 http://deb.debian.org/debian bookworm/main amd64 libnfnetlink0 amd64 1.0.2-2 [15.1 kB]
Get:6 http://deb.debian.org/debian bookworm/main amd64 libnetfilter-conntrack3 amd64 1.0.9-3 [40.7 kB]
Get:7 http://deb.debian.org/debian bookworm/main amd64 iptables amd64 1.8.9-2 [360 kB]
Get:8 https://download.docker.com/linux/debian bookworm/stable amd64 containerd.io amd64 1.6.31-1 [29.8 MB]
Get:9 http://deb.debian.org/debian bookworm/main amd64 liberror-perl all 0.17029-2 [29.0 kB]
Get:10 http://deb.debian.org/debian bookworm/main amd64 git-man all 1:2.39.2-1.1 [2049 kB]
Get:11 http://deb.debian.org/debian bookworm/main amd64 git amd64 1:2.39.2-1.1 [7171 kB]
Get:12 http://deb.debian.org/debian bookworm/main amd64 libglib2.0-0 amd64 2.74.6-2 [1398 kB]
Get:13 http://deb.debian.org/debian bookworm/main amd64 libglib2.0-data all 2.74.6-2 [1207 kB]
Get:14 https://download.docker.com/linux/debian bookworm/stable amd64 docker-buildx-plugin amd64 0.14.0-1~debian.12~bookworm [29.7 MB]
Get:15 http://deb.debian.org/debian bookworm/main amd64 libltdl7 amd64 2.4.7-5 [393 kB]
Get:16 http://deb.debian.org/debian bookworm/main amd64 libslirp0 amd64 4.7.0-1 [63.0 kB]
Get:17 http://deb.debian.org/debian bookworm/main amd64 patch amd64 2.7.6-7 [128 kB]
Get:18 http://deb.debian.org/debian bookworm/main amd64 shared-mime-info amd64 2.2-1 [729 kB]
Get:19 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce-cli amd64 5:26.1.1-1~debian.12~bookworm [14.6 MB]
Get:20 http://deb.debian.org/debian bookworm/main amd64 slirp4netns amd64 1.2.0-1 [37.5 kB]
Get:21 http://deb.debian.org/debian bookworm/main amd64 xdg-user-dirs amd64 0.18-1 [54.4 kB]
Get:22 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce amd64 5:26.1.1-1~debian.12~bookworm [25.2 MB]
Get:23 https://download.docker.com/linux/debian bookworm/stable amd64 docker-ce-rootless-extras amd64 5:26.1.1-1~debian.12~bookworm [9318 kB]
Get:24 https://download.docker.com/linux/debian bookworm/stable amd64 docker-compose-plugin amd64 2.27.0-1~debian.12~bookworm [12.5 MB]
Fetched 136 MB in 12s (11.1 MB/s)
Preconfiguring packages ...
Selecting previously unselected package pigz.
(Reading database ... 19163 files and directories currently installed.)
Preparing to unpack .../00-pigz_2.6-1_amd64.deb ...
Unpacking pigz (2.6-1) ...
Selecting previously unselected package apparmor.
Preparing to unpack .../01-apparmor_3.0.8-3_amd64.deb ...
Unpacking apparmor (3.0.8-3) ...
Selecting previously unselected package containerd.io.
Preparing to unpack .../02-containerd.io_1.6.31-1_amd64.deb ...
Unpacking containerd.io (1.6.31-1) ...
Selecting previously unselected package dbus-user-session.
Preparing to unpack .../03-dbus-user-session_1.14.10-1~deb12u1_amd64.deb ...
Unpacking dbus-user-session (1.14.10-1~deb12u1) ...
Selecting previously unselected package docker-buildx-plugin.
Preparing to unpack .../04-docker-buildx-plugin_0.14.0-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-buildx-plugin (0.14.0-1~debian.12~bookworm) ...
Selecting previously unselected package docker-ce-cli.
Preparing to unpack .../05-docker-ce-cli_5%3a26.1.1-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-ce-cli (5:26.1.1-1~debian.12~bookworm) ...
Selecting previously unselected package libip6tc2:amd64.
Preparing to unpack .../06-libip6tc2_1.8.9-2_amd64.deb ...
Unpacking libip6tc2:amd64 (1.8.9-2) ...
Selecting previously unselected package libnfnetlink0:amd64.
Preparing to unpack .../07-libnfnetlink0_1.0.2-2_amd64.deb ...
Unpacking libnfnetlink0:amd64 (1.0.2-2) ...
Selecting previously unselected package libnetfilter-conntrack3:amd64.
Preparing to unpack .../08-libnetfilter-conntrack3_1.0.9-3_amd64.deb ...
Unpacking libnetfilter-conntrack3:amd64 (1.0.9-3) ...
Selecting previously unselected package iptables.
Preparing to unpack .../09-iptables_1.8.9-2_amd64.deb ...
Unpacking iptables (1.8.9-2) ...
Selecting previously unselected package docker-ce.
Preparing to unpack .../10-docker-ce_5%3a26.1.1-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-ce (5:26.1.1-1~debian.12~bookworm) ...
Selecting previously unselected package docker-ce-rootless-extras.
Preparing to unpack .../11-docker-ce-rootless-extras_5%3a26.1.1-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-ce-rootless-extras (5:26.1.1-1~debian.12~bookworm) ...
Selecting previously unselected package docker-compose-plugin.
Preparing to unpack .../12-docker-compose-plugin_2.27.0-1~debian.12~bookworm_amd64.deb ...
Unpacking docker-compose-plugin (2.27.0-1~debian.12~bookworm) ...
Selecting previously unselected package liberror-perl.
Preparing to unpack .../13-liberror-perl_0.17029-2_all.deb ...
Unpacking liberror-perl (0.17029-2) ...
Selecting previously unselected package git-man.
Preparing to unpack .../14-git-man_1%3a2.39.2-1.1_all.deb ...
Unpacking git-man (1:2.39.2-1.1) ...
Selecting previously unselected package git.
Preparing to unpack .../15-git_1%3a2.39.2-1.1_amd64.deb ...
Unpacking git (1:2.39.2-1.1) ...
Selecting previously unselected package libglib2.0-0:amd64.
Preparing to unpack .../16-libglib2.0-0_2.74.6-2_amd64.deb ...
Unpacking libglib2.0-0:amd64 (2.74.6-2) ...
Selecting previously unselected package libglib2.0-data.
Preparing to unpack .../17-libglib2.0-data_2.74.6-2_all.deb ...
Unpacking libglib2.0-data (2.74.6-2) ...
Selecting previously unselected package libltdl7:amd64.
Preparing to unpack .../18-libltdl7_2.4.7-5_amd64.deb ...
Unpacking libltdl7:amd64 (2.4.7-5) ...
Selecting previously unselected package libslirp0:amd64.
Preparing to unpack .../19-libslirp0_4.7.0-1_amd64.deb ...
Unpacking libslirp0:amd64 (4.7.0-1) ...
Selecting previously unselected package patch.
Preparing to unpack .../20-patch_2.7.6-7_amd64.deb ...
Unpacking patch (2.7.6-7) ...
Selecting previously unselected package shared-mime-info.
Preparing to unpack .../21-shared-mime-info_2.2-1_amd64.deb ...
Unpacking shared-mime-info (2.2-1) ...
Selecting previously unselected package slirp4netns.
Preparing to unpack .../22-slirp4netns_1.2.0-1_amd64.deb ...
Unpacking slirp4netns (1.2.0-1) ...
Selecting previously unselected package xdg-user-dirs.
Preparing to unpack .../23-xdg-user-dirs_0.18-1_amd64.deb ...
Unpacking xdg-user-dirs (0.18-1) ...
Setting up xdg-user-dirs (0.18-1) ...
Setting up libip6tc2:amd64 (1.8.9-2) ...
Setting up libglib2.0-0:amd64 (2.74.6-2) ...
No schema files found: doing nothing.
Setting up liberror-perl (0.17029-2) ...
Setting up apparmor (3.0.8-3) ...
Created symlink /etc/systemd/system/sysinit.target.wants/apparmor.service -> /lib/systemd/system/apparmor.service.
Setting up dbus-user-session (1.14.10-1~deb12u1) ...
Setting up docker-buildx-plugin (0.14.0-1~debian.12~bookworm) ...
Setting up libglib2.0-data (2.74.6-2) ...
Setting up shared-mime-info (2.2-1) ...
Setting up containerd.io (1.6.31-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service -> /lib/systemd/system/containerd.service.
Setting up patch (2.7.6-7) ...
Setting up docker-compose-plugin (2.27.0-1~debian.12~bookworm) ...
Setting up libltdl7:amd64 (2.4.7-5) ...
Setting up docker-ce-cli (5:26.1.1-1~debian.12~bookworm) ...
Setting up libslirp0:amd64 (4.7.0-1) ...
Setting up pigz (2.6-1) ...
Setting up libnfnetlink0:amd64 (1.0.2-2) ...
Setting up git-man (1:2.39.2-1.1) ...
Setting up docker-ce-rootless-extras (5:26.1.1-1~debian.12~bookworm) ...
Setting up slirp4netns (1.2.0-1) ...
Setting up git (1:2.39.2-1.1) ...
Setting up libnetfilter-conntrack3:amd64 (1.0.9-3) ...
Setting up iptables (1.8.9-2) ...
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/iptables-nft to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-nft to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/arptables-nft to provide /usr/sbin/arptables (arptables) in auto mode
update-alternatives: using /usr/sbin/ebtables-nft to provide /usr/sbin/ebtables (ebtables) in auto mode
Setting up docker-ce (5:26.1.1-1~debian.12~bookworm) ...
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service -> /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket -> /lib/systemd/system/docker.socket.
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for libc-bin (2.36-9+deb12u3) ...
インストールは完了。
テストコンテナ実行。"Hello from Docker!"が表示されているので無事に実行されている。
root@docker01:~# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete
Digest: sha256:a26bff933ddc26d5cdf7faa98b4ae1e3ec20c4985e6f87ac0973052224d24302
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
root@docker01:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0b0aba9aac4c hello-world "/hello" 8 seconds ago Exited (0) 7 seconds ago tender_hawking
rootでなんでも実行するのはよくないので一般ユーザを作っておく。
root@docker01:~# newuser=user01
root@docker01:~# adduser --disabled-password $newuser
Adding user `user01' ...
Adding new group `user01' (1000) ...
Adding new user `user01' (1000) with group `user01 (1000)' ...
Creating home directory `/home/user01' ...
Copying files from `/etc/skel' ...
Changing the user information for user01
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
Adding new user `user01' to supplemental / extra groups `users' ...
Adding user `user01' to group `users' ...
root@docker01:~# mkdir /home/$newuser/.ssh/
root@docker01:~# cp /root/.ssh/authorized_keys /home/$newuser/.ssh/
root@docker01:~# chown -R $newuser:$newuser /home/$newuser/.ssh/
root@docker01:~# chmod go-rwx /home/$newuser/.ssh/
root@docker01:~# apt install sudo
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
sudo
0 upgraded, 1 newly installed, 0 to remove and 47 not upgraded.
Need to get 1889 kB of archives.
After this operation, 6199 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 sudo amd64 1.9.13p3-1+deb12u1 [1889 kB]
Fetched 1889 kB in 1s (2202 kB/s)
Selecting previously unselected package sudo.
(Reading database ... 21393 files and directories currently installed.)
Preparing to unpack .../sudo_1.9.13p3-1+deb12u1_amd64.deb ...
Unpacking sudo (1.9.13p3-1+deb12u1) ...
Setting up sudo (1.9.13p3-1+deb12u1) ...
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for libc-bin (2.36-9+deb12u3) ...
root@docker01:~# echo "$newuser ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/$newuser
root@docker01:~# usermod -aG docker $newuser
これで一般ユーザでdocker実行できる。Dockerホスト(=LXCコンテナ)と同じカーネルでalpineコンテナが起動している(親=Proxmox、子=LXCコンテナ、孫=Dockerコンテナ)
ネットワークも独自のネームスペースにあるっぽい。
user01@docker01:~$ id
uid=1000(user01) gid=1000(user01) groups=1000(user01),100(users),996(docker)
user01@docker01:~$ uname -a
Linux docker01 6.5.13-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.5.13-1 (2024-02-05T13:50Z) x86_64 GNU/Linux
user01@docker01:~$ docker run -it alpine /bin/sh
/ # uname -a
Linux 2f9b2f7ba36c 6.5.13-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.5.13-1 (2024-02-05T13:50Z) x86_64 Linux
/ # hostname
2f9b2f7ba36c
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # exit
user01@docker01:~$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2f9b2f7ba36c alpine "/bin/sh" 2 minutes ago Exited (0) 2 minutes ago loving_hertz
0b0aba9aac4c hello-world "/hello" 53 minutes ago Exited (0) 53 minutes ago tender_hawking
Discussion