Rundeck Docker install
Docker
DockerHub images: https://hub.docker.com/r/rundeck/rundeck/
docker
Move Elasticsearch data to dedicated LV
# create lvm pvcreate /dev/disk/by-id/ata-INTEL_SSDSC2KB076T8_* vgcreate data /dev/disk/by-id/ata-INTEL_SSDSC2KB076T8_* lvcreate --name elasticsearch --size 2T data mkfs.ext4 /dev/data/elasticsearch # pre-sync data mount /dev/data/elasticsearch /mnt/ rsync -aHAXx --numeric-ids /var/lib/docker/volumes/elasticsearch/ /mnt/ # sync data docker stop elasticsearch rsync --delete -aHAXxv --numeric-ids /var/lib/docker/volumes/elasticsearch/ /mnt/ rsync --delete -aHAXxv --numeric-ids /var/lib/docker/volumes/elasticsearch/ /mnt/ umount /mnt # mount new LV
GitLab: Docker CI pipeline
Optinal: Create nested LXD container
http://www.panticz.de/lxd/nesting
CONTAINER_NAME=gitlab-runner1-dev lxc launch ubuntu:18.04 ${CONTAINER_NAME} -p disk-zfs -p nic-dev-mgmt -c boot.autostart=true -c security.nesting=true -c security.privileged=true #-c volatile.dev-mgmt.hwaddr=00:11:22:33:44:55 lxc exec ${CONTAINER_NAME} -- apt update lxc exec ${CONTAINER_NAME} -- apt dist-upgrade lxc exec ${CONTAINER_NAME} -- apt purge -y lxd lxd-client snapd unattended-upgrades lxc exec ${CONTAINER_NAME} -- apt autoremove lxc file push /root/.ssh/authorized_keys ${CONTAINER_NAME}/root/.ssh/authorized_keys lxc exec ${CONTAINER_NAME} -- bash -c "sed -i 's/eth0:/dev-mgmt:/g' /etc/netplan/50-cloud-init.yaml" lxc exec ${CONTAINER_NAME} -- netplan apply printf 'lxc.apparmor.profile = unconfined\nlxc.cgroup.devices.allow = a\nlxc.mount.auto=proc:rw sys:rw\nlxc.cap.drop=' | lxc config set ${CONTAINER_NAME} raw.lxc - lxc restart ${CONTAINER_NAME}
Install Docker inside LXD container
# http://www.panticz.de/install-docker
podman
Install
sudo apt-get install -y software-properties-common uidmap sudo add-apt-repository -y ppa:projectatomic/ppa sudo apt-get -y install podman
Container
podman run --name nginx -v /tmp/html:/usr/share/nginx/html:ro -d -p 8080:80 docker://nginx podman run \ -dt \ -p 8080:8080/tcp \ -e HTTPD_VAR_RUN=/var/run/httpd \ -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ registry.fedoraproject.org/f27/
Links
https://podman.io/
Docker: Anisble snippets
Ansible docker modules
https://docs.ansible.com/ansible/latest/modules/docker_container_module.html
- name: Enable autostart for running containers shell: docker update --restart=always $(docker ps -q) - name: Get container info docker_container_info: name: www1 register: result - name: Does container exist? debug: msg: "The container {{ 'exists' if result.exists else 'does not exist' }}" - name: Stop container docker_container: name: "{{ result.container.Name }}" state: stopped when: - result.exists - result.container.State.Running
Docker: Container
Ubuntu
docker run -it ubuntu:18.04
Import MySql / Mariadb dump into container
cat gogs.sql | docker exec -i gitea_db_1 mysql --host=localhost --user=gitea --password=gitea gitea
Apache
docker run -d --name apache -p 8080:80 httpd:latest
Nginx
https://hub.docker.com/_/nginx
docker run --name nginx -v /tmp:/usr/share/nginx/html:ro -d -p 8080:80 nginx
GitLab runner
docker run -d --name gitlab-runner --restart always \ -v /srv/gitlab-runner/config:/etc/gitlab-runner \ -v /var/run/docker.sock:/var/run/docker.sock \ gitlab/gitlab-runner:latest docker run --rm -t -i -v /srv/gitlab-runner/config:/etc/gitlab-runner gitlab/gitlab-runner register \ ...
Gitea
Install as Docker container
http://www.panticz.de/docker/container/gitea
APT packages
https://gitlab.com/packaging/gitea
Download archive
https://dl.gitea.io/gitea/
Migrate from gogs
https://docs.gitea.io/en-us/upgrade-from-gogs/
Backup
https://docs.gitea.io/en-us/backup-and-restore/
Links
https://gitea.io/
Docker: HAProxy
Container
https://hub.docker.com/_/haproxy
Configuration
/tmp/haproxy/haproxy.cfg
global maxconn 4096 #stats timeout 30s #debug defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 log 127.0.0.1 local0 #option httpchk frontend frontend1 bind :80 mode http use_backend backend1 backend backend1 mode http balance roundrobin option httpchk GET / HTTP/1.1 http-check expect status 400 server www1 172.17.0.2:80 check server www2 172.17.0.4:80 check server www3 172.17.0.6:80 check listen stats bind :9000 mode http stats enable stats hide-version stats realm Haproxy\ Statistics stats refresh 60s stats show-node stats auth haproxy:password stats uri /
Deploy
docker run -d --name haproxy -v /tmp/haproxy:/usr/local/etc/haproxy:ro -p 8080:80 -p 9000:9000 haproxy:latest docker logs -f haproxy
Nginx (proxy) Docker container
Create required directories
mkdir -p /etc/docker/nginx/{conf.d,html}
Configure nginx as webserver
cat < /etc/docker/nginx/conf.d/default.conf
server {
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html index.htm;
}
EOF
Configure nginx as proxy
cat < /etc/docker/nginx/conf.d/proxy.conf
server {
listen 80;
server_name foo.example.com;
location / {
proxy_pass http://localhost:8080/;
}
}
EOF
Create container
Docker: Roundcube container
Start container
docker run --name=roundcube \
-e ROUNDCUBEMAIL_DEFAULT_HOST=imap.example.com \
-e ROUNDCUBEMAIL_SMTP_SERVER=smtp.example.com \
-e ROUNDCUBEMAIL_SMTP_PORT=993 \
-p 8080:80 \
-d roundcube/roundcubemail
# UI
http://SERVER_IP:8080/