Docker: Difference between revisions

From Grid5000
Jump to navigation Jump to search
(Created page with "<!-- {{Maintainer|Florent Didier}} {{Portal|User}} {{Status|In production}} --> '''Docker''' is a software technology that provides operating-system-level virtualization. In...")
 
No edit summary
(44 intermediate revisions by 7 users not shown)
Line 1: Line 1:
<!--
{{Maintainer|Florent Didier}}
{{Portal|User}}
{{Portal|User}}
{{Status|In production}}
{{Portal|Tutorial}}
-->
{{TutorialHeader}}
 
'''Docker''' is a software technology that provides operating-system-level virtualization. In this page, we present some tools that are specifically designed to use Docker on Grid'5000.
'''Docker''' is a software technology that provides operating-system-level virtualization. In this page, we present some tools that are specifically designed to use docker on Grid'5000.


= Installing Docker from a node =
= Installing Docker from a node =
Line 15: Line 12:


; Install Docker
; Install Docker
The script g5k-setup-docker, available from the standard environment, installs Docker locally. Option -c makes docker command available without needing to log out and reconnect to the node
The script g5k-setup-docker, available from the standard environment, installs Docker locally and make Docker commands available without user needing to log out (by giving read write permissions to the file /var/run/docker.sock)
{{Term|location=node|cmd=<code class="command">g5k-setup-docker</code> <code>-c</code>}}
{{Term|location=node| cmd=<code class="command">sudo-g5k</code> <code>/grid5000/code/bin/g5k-setup-docker</code>}}


; Run docker
g5k-setup-docker can also call sudo-g5k internally, so it is possible to simply type
You can now check that docker is up and running
{{Term|location=node|cmd=<code class="command">g5k-setup-docker</code>}}
 
If you want to simply install Docker, without changing the permissions of /var/run/docker.sock (note that in this case you must log out and reconnect before using Docker commands), you can type
{{Term|location=node|cmd=<code class="command">g5k-setup-docker</code> <code>-i</code>}}
 
; Run Docker
You can now check that Docker is up and running
{{Term|location=node|cmd=<code class="command">docker run</code> <code>hello-world</code>}}
{{Term|location=node|cmd=<code class="command">docker run</code> <code>hello-world</code>}}
; Note for the environments nfs and big
In addition to the standard environment, g5k-setup-docker works with the environments '''debian10-x64-nfs''' and '''debian10-x64-big''' (and with '''debian9-x64-nfs''' and '''debian9-x64-big'''. Note that the directory containing g5k-setup-docker is not defined in the $PATH of these environments: you must so call the script from its full path <code>/grid5000/code/bin/g5k-setup-docker</code>.


= Using docker-machine and docker-g5k =
= Using docker-machine and docker-g5k =
Line 27: Line 33:
* the docker-g5k program
* the docker-g5k program


; Manage a node with docker-machine
== Provision a node with docker-machine ==
The [https://github.com/Spirals-Team/docker-machine-driver-g5k driver for docker-machine] allows you to reserve a node on Grid'5000 and to install a Linux image and Docker Engine on it, from your computer and in one single command.
The [https://github.com/Spirals-Team/docker-machine-driver-g5k driver for docker-machine] allows you to reserve a node on Grid'5000 and to install a Linux image and Docker Engine on it, from your computer and in one single command.
The reserved node is then available from commands like <code>docker-machine ssh</code> (standard ssh commands don't work when nodes are reserved with docker-machine).
The reserved node is then available from commands like <code>docker-machine ssh</code> (standard ssh commands don't work when nodes are reserved with docker-machine).


; Create a Swarm with docker-g5k
== Create a Swarm with docker-g5k ==
The [https://github.com/Spirals-Team/docker-g5k docker-g5k] program allows you to reserve several nodes, possibly on different sites, and to install a Linux image and Docker Engine on each node, in one single command.
The [https://github.com/Spirals-Team/docker-g5k docker-g5k] program allows you to reserve several nodes, possibly on different sites, and to install a Linux image and Docker Engine on each node, in one single command.
This command configures a Swarm, i.e. a set of Docker containers distributed over several nodes that communicate with each other.
This command configures a Swarm, i.e. a set of Docker containers distributed over several nodes that communicate with each other.


= Managing Docker images ? =
= Managing Docker images =
We recommend the following ways to manage Docker images on Grid'5000:
One difficult aspect of using Docker is efficient images management, as (1) it is often required to load such images on many nodes simultaneously; (2) Grid'5000 connection to the internet is limited to 1 Gbps.
The following strategies are recommended to manage Docker images:
 
== Use docker load/save ==
To load and save images quickly, we encourage you to use <code>docker load</code> and <code>docker save</code> commands, with .tar docker images stored in your Grid'5000 home. Users home are NFS mounted, with good network performance.
 
; Example:
{{Term|location=node1|
cmd=<code class="command">docker pull</code> <code>alpine</code><br>
<code class="command">docker save</code> <code>-o ~/alpine.tar alpine</code><br>
}}
{{Term|location=node2|
cmd=<code class="command">docker load</code> <code>-i ~/alpine.tar</code><br>
<code class="command">docker run</code> <code>-it alpine</code>
}}
 
You can also use <code>docker load</code> command instead of retrieving the image from Docker Hub, when deploying a Swarm with docker-g5k.
 
; Example with docker-g5k
Give read rights to your image
{{Term|location=frontend|cmd=<code class="command">chmod 644</code> <code>~/alpine.tar</code>}}
 
Deploy three Docker nodes in Nancy (activate the Grid'5000 VPN before launching this command)
{{Term|location=laptop|cmd=<code class="command">docker-g5k create-cluster</code> <code>--g5k-username "user" --g5k-password "********" --g5k-image "jessie-x64-std" --g5k-reserve-nodes "nancy:3"</code>}}
 
Load Alpine image on each node
{{Term|location=laptop|cmd=<code>for i in {0..2}; do</code> <code class="command">docker-machine ssh</code> <code>nancy-${i} "docker load -i /home/user/alpine.tar"; done</code>}}
 
== Use Inria private registry ==
 
The Inria registry has been closed by the end of 2019/beg. 2020.
 
As an alternative one can use gitlab.inria.fr to host docker images related to a git project, but this cannot be compared to the functionalities provided by a normal Docker registry.
 
== Use a persistent virtual machine to host your registry ==
If you want to benefit from a private registry with good network performance, and are ready to manually install your own registry, you can request a [[Persistent_Virtual_Machine|Persistent Virtual Machine]]. You can look at [http://vmware.github.io/harbor/ Harbor] or [http://port.us.org/ Portus] open source projects, in order to install your own registry.
 
= Avoid network conflict =
The default network used by docker is 172.16.0.1/16 which is use internally on Grid'5000 thus this can be a source of conflict.
 
If you want to avoid any conflict you can set an other network. On debian you will have to edit /etc/default/docker and specify the network you want to use like this:
DOCKER_OPTS="--bip=192.168.42.1/24"
 


; Use docker load/save
= Nvidia-docker =
You can use <code>docker load</code> and <code>docker save</code> commands with .tgz docker images stored in your home (or elsewhere). Each user's home is available (NFS mounted) from any node deployed with the standard environment.
If you want to use Nvidia's Docker image available for nodes with GPUs (e.g. see [https://www.nvidia.com/en-us/gpu-cloud/containers/]), you need to install [https://github.com/nvidia/nvidia-docker nvidia-docker]. A script is also available to automate the installation. Just run :


; Use Inria private registry
{{Term|location=node| cmd=<code class="command">g5k-setup-nvidia-docker</code>}}
A private registry is available for Inria members. Look at [https://qlf-sesi-harbor.inria.fr/harbor/sign-in Inria private registry] and its [https://partage.inria.fr/share/page/document-details?nodeRef=workspace://SpacesStore/b33e70e5-ca6e-4121-9051-782ca88603ba documentation].


; Use a persistent VM
(You don't need to run <code>g5k-setup-docker</code> before).
If you need to create your own private registry, you can request a [https://www.grid5000.fr/mediawiki/index.php/Persistent_Virtual_Machine persistent Virtual Machine].

Revision as of 12:50, 9 July 2020

Note.png Note

This page is actively maintained by the Grid'5000 team. If you encounter problems, please report them (see the Support page). Additionally, as it is a wiki page, you are free to make minor corrections yourself if needed. If you would like to suggest a more fundamental change, please contact the Grid'5000 team.

Docker is a software technology that provides operating-system-level virtualization. In this page, we present some tools that are specifically designed to use Docker on Grid'5000.

Installing Docker from a node

You can install and use Docker from a node with the standard environment by following these instructions:

Reserve a node
Terminal.png fnancy:
oarsub -I

(you can also use option -t deploy and Kadeploy if you prefer)

Install Docker

The script g5k-setup-docker, available from the standard environment, installs Docker locally and make Docker commands available without user needing to log out (by giving read write permissions to the file /var/run/docker.sock)

Terminal.png node:
sudo-g5k /grid5000/code/bin/g5k-setup-docker

g5k-setup-docker can also call sudo-g5k internally, so it is possible to simply type

Terminal.png node:
g5k-setup-docker

If you want to simply install Docker, without changing the permissions of /var/run/docker.sock (note that in this case you must log out and reconnect before using Docker commands), you can type

Terminal.png node:
g5k-setup-docker -i
Run Docker

You can now check that Docker is up and running

Terminal.png node:
docker run hello-world
Note for the environments nfs and big

In addition to the standard environment, g5k-setup-docker works with the environments debian10-x64-nfs and debian10-x64-big (and with debian9-x64-nfs and debian9-x64-big. Note that the directory containing g5k-setup-docker is not defined in the $PATH of these environments: you must so call the script from its full path /grid5000/code/bin/g5k-setup-docker.

Using docker-machine and docker-g5k

The Spirals Team in Lille developped two tools to ease Docker usage on Grid'5000:

  • a docker-machine driver
  • the docker-g5k program

Provision a node with docker-machine

The driver for docker-machine allows you to reserve a node on Grid'5000 and to install a Linux image and Docker Engine on it, from your computer and in one single command. The reserved node is then available from commands like docker-machine ssh (standard ssh commands don't work when nodes are reserved with docker-machine).

Create a Swarm with docker-g5k

The docker-g5k program allows you to reserve several nodes, possibly on different sites, and to install a Linux image and Docker Engine on each node, in one single command. This command configures a Swarm, i.e. a set of Docker containers distributed over several nodes that communicate with each other.

Managing Docker images

One difficult aspect of using Docker is efficient images management, as (1) it is often required to load such images on many nodes simultaneously; (2) Grid'5000 connection to the internet is limited to 1 Gbps. The following strategies are recommended to manage Docker images:

Use docker load/save

To load and save images quickly, we encourage you to use docker load and docker save commands, with .tar docker images stored in your Grid'5000 home. Users home are NFS mounted, with good network performance.

Example
Terminal.png node1:
docker pull alpine
docker save -o ~/alpine.tar alpine
Terminal.png node2:
docker load -i ~/alpine.tar
docker run -it alpine

You can also use docker load command instead of retrieving the image from Docker Hub, when deploying a Swarm with docker-g5k.

Example with docker-g5k

Give read rights to your image

Terminal.png frontend:
chmod 644 ~/alpine.tar

Deploy three Docker nodes in Nancy (activate the Grid'5000 VPN before launching this command)

Terminal.png laptop:
docker-g5k create-cluster --g5k-username "user" --g5k-password "********" --g5k-image "jessie-x64-std" --g5k-reserve-nodes "nancy:3"

Load Alpine image on each node

Terminal.png laptop:
for i in {0..2}; do docker-machine ssh nancy-${i} "docker load -i /home/user/alpine.tar"; done

Use Inria private registry

The Inria registry has been closed by the end of 2019/beg. 2020.

As an alternative one can use gitlab.inria.fr to host docker images related to a git project, but this cannot be compared to the functionalities provided by a normal Docker registry.

Use a persistent virtual machine to host your registry

If you want to benefit from a private registry with good network performance, and are ready to manually install your own registry, you can request a Persistent Virtual Machine. You can look at Harbor or Portus open source projects, in order to install your own registry.

Avoid network conflict

The default network used by docker is 172.16.0.1/16 which is use internally on Grid'5000 thus this can be a source of conflict.

If you want to avoid any conflict you can set an other network. On debian you will have to edit /etc/default/docker and specify the network you want to use like this:

DOCKER_OPTS="--bip=192.168.42.1/24"


Nvidia-docker

If you want to use Nvidia's Docker image available for nodes with GPUs (e.g. see [1]), you need to install nvidia-docker. A script is also available to automate the installation. Just run :

Terminal.png node:
g5k-setup-nvidia-docker

(You don't need to run g5k-setup-docker before).