Did you know that you can navigate the posts by swiping left and right?

docker on bhyve

12 Sep 2018 . Tech
#freenas #eve

Setup VM!

The first step is setting up an iohyve virtual machine. See the previous post about how to make a VM in freenas by using iohyve/bhyve..

The VM I’m going to use has the following settings (used the xenial minimal installer) and is called ‘dockerhost’:

[chip@eve ~]$ sudo iohyve getall dockerhost
Getting dockerhost iohyve properties...
bargs                  -A_-H_-P
bhyve_path             /usr/sbin/bhyve
boot                   1
con                    nmdm13
cpu                    8
description            Docker host for several docker containers. UI running at portainer.rawlk.com
install                no
loader                 grub-bhyve
name                   dockerhost
os                     Debian9
persist                1
ram                    10G
size                   20G
tap                    tap13
template               NO
utc                    YES
vnc                    NO
vnc_h                  600
vnc_ip                 127.0.0.1
vnc_tablet             NO
vnc_w                  800
vnc_wait               NO
[chip@eve ~]$ 

Make sure to set the boot to 1 so the dockerhost will autostart! I would highly suggest making the disk size a bit larger if you can afford it, ~30-40g is great, spare room for docker images and containers

Once you start the vm with iohyve start dockerhost we’ll want to install ssh so we don’t have to rely on the iohyve console. You can do that just like any normal debian/ubuntu instance with apt install openssh-server. From there, use ssh-keygen on the freenas machine to create a pub/private keypair if one doesn’t already exist. Copy the .pub public key to your new root user’s ~/.ssh/authorized_keys file in the new docker vm for password-less login. (Check ifconfig for your vm’s private ip address)

Install Docker and a Web-UI

Now that you have SSH access, Lets install docker and spin up a web-ui for managing the docker containers!

We’ll cheat by following the docker install guidelines from docker directly

The install, in detail:

root@dockerhost:~# sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    software-properties-common
Reading package lists... Done
Building dependency tree       
Reading state information... Done
ca-certificates is already the newest version (20180409).
curl is already the newest version (7.58.0-2ubuntu3.2).
apt-transport-https is already the newest version (1.6.3ubuntu0.1).
The following additional packages will be installed:
  python3-software-properties
The following NEW packages will be installed:
  python3-software-properties software-properties-common
0 upgraded, 2 newly installed, 0 to remove and 21 not upgraded.
Need to get 32.2 kB of archives.
After this operation, 331 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://68.106.66.131:80/data/00cf9151bb93b3ff/us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-software-properties all 0.96.24.32.5 [22.3 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 software-properties-common all 0.96.24.32.5 [9,912 B]
Fetched 32.2 kB in 0s (117 kB/s)                                                                          
Selecting previously unselected package python3-software-properties.
(Reading database ... 158808 files and directories currently installed.)
Preparing to unpack .../python3-software-properties_0.96.24.32.5_all.deb ...
Unpacking python3-software-properties (0.96.24.32.5) ...
Selecting previously unselected package software-properties-common.
Preparing to unpack .../software-properties-common_0.96.24.32.5_all.deb ...
Unpacking software-properties-common (0.96.24.32.5) ...
Processing triggers for man-db (2.8.3-2) ...
Setting up python3-software-properties (0.96.24.32.5) ...
Processing triggers for dbus (1.12.2-1ubuntu1) ...
Setting up software-properties-common (0.96.24.32.5) ...
Processing triggers for dbus (1.12.2-1ubuntu1) ...
root@dockerhost:~# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
OK
root@dockerhost:~# sudo apt-key fingerprint 0EBFCD88
pub   rsa4096 2017-02-22 [SCEA]
      9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
uid           [ unknown] Docker Release (CE deb) <docker@docker.com>
sub   rsa4096 2017-02-22 [S]

root@dockerhost:~# sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
Hit:1 http://us.archive.ubuntu.com/ubuntu bionic InRelease
Get:2 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]                                                                            
Get:3 https://download.docker.com/linux/ubuntu bionic InRelease [64.4 kB]                                                                               
Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB]                                 
Get:5 https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages [2,033 B]                      
Get:6 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]                                     
Get:7 http://us.archive.ubuntu.com/ubuntu bionic-updates/main i386 Packages [286 kB]                                       
Get:8 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [322 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages [191 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [191 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [89.5 kB]
Get:12 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [66.6 kB]  
Get:13 http://security.ubuntu.com/ubuntu bionic-security/universe i386 Packages [66.5 kB]
Get:14 http://security.ubuntu.com/ubuntu bionic-security/universe Translation-en [39.2 kB]
Fetched 1,564 kB in 1s (1,223 kB/s)                               
Reading package lists... Done
root@sync:~# apt update; apt install docker-ce -y
Hit:1 https://download.docker.com/linux/ubuntu bionic InRelease
Hit:2 http://us.archive.ubuntu.com/ubuntu bionic InRelease                                             
Hit:3 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease                                     
Hit:4 http://security.ubuntu.com/ubuntu bionic-security InRelease        
Hit:5 http://us.archive.ubuntu.com/ubuntu bionic-backports InRelease     
Reading package lists... Done                      
Building dependency tree       
Reading state information... Done
21 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  aufs-tools cgroupfs-mount libltdl7 pigz
The following NEW packages will be installed:
  aufs-tools cgroupfs-mount docker-ce libltdl7 pigz
0 upgraded, 5 newly installed, 0 to remove and 21 not upgraded.
Need to get 40.4 MB of archives.
After this operation, 199 MB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]
Get:2 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce amd64 18.06.1~ce~3-0~ubuntu [40.2 MB]
Get:3 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 aufs-tools amd64 1:4.9+20170918-1ubuntu1 [104 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu bionic/universe amd64 cgroupfs-mount all 1.4 [6,320 B]
Get:5 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 libltdl7 amd64 2.4.6-2 [38.8 kB]
Fetched 40.4 MB in 2s (20.7 MB/s)                                            
Selecting previously unselected package pigz.
(Reading database ... 158840 files and directories currently installed.)
Preparing to unpack .../archives/pigz_2.4-1_amd64.deb ...
Unpacking pigz (2.4-1) ...
Selecting previously unselected package aufs-tools.
Preparing to unpack .../aufs-tools_1%3a4.9+20170918-1ubuntu1_amd64.deb ...
Unpacking aufs-tools (1:4.9+20170918-1ubuntu1) ...
Selecting previously unselected package cgroupfs-mount.
Preparing to unpack .../cgroupfs-mount_1.4_all.deb ...
Unpacking cgroupfs-mount (1.4) ...
Selecting previously unselected package libltdl7:amd64.
Preparing to unpack .../libltdl7_2.4.6-2_amd64.deb ...
Unpacking libltdl7:amd64 (2.4.6-2) ...
Selecting previously unselected package docker-ce.
Preparing to unpack .../docker-ce_18.06.1~ce~3-0~ubuntu_amd64.deb ...
Unpacking docker-ce (18.06.1~ce~3-0~ubuntu) ...
Setting up aufs-tools (1:4.9+20170918-1ubuntu1) ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up cgroupfs-mount (1.4) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.3) ...
Setting up libltdl7:amd64 (2.4.6-2) ...
Processing triggers for man-db (2.8.3-2) ...
Setting up pigz (2.4-1) ...
Setting up docker-ce (18.06.1~ce~3-0~ubuntu) ...
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.3) ...

Now that docker is installed, install a webui for easy management:

root@dockerhost:~# docker run --name portainer -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data --restart always portainer/portainer
Unable to find image 'portainer/portainer:latest' locally
latest: Pulling from portainer/portainer
d1e017099d17: Pull complete 
a27de812d373: Pull complete 
Digest: sha256:ab096b92ed177b47adfa8a9a99e304d36596efa557b9627c066cee164cc39910
Status: Downloaded newer image for portainer/portainer:latest
e23a136afeb1a20cd90ad7e140c8d79d9e6519b4428e37aa37fe8e4bf48797df

Docker caches these images, if you re-run this command, it won’t go and download the images again

Visit the Web UI by visiting the vm’s IP address and port 9000. You shoudl be greated by a simple login page and/or dashboard. This new web-ui will let you provision, delete, monitor and administrate every docker container running in this vm. It is incredibly useful for a quick glance-check to make sure everything is running properly

Thats really it. Theres not much else for running docker on freenas. I went ahead an went a little further by creating a “pub_net” macvlan bridge network interface from the web ui. Any docker container I create using that will get its own IP address instead of sharing that of its host.

From here, There are a few odd things and personal choices to make. For example, I wanted to be able to store each container’s data outside of this vm on their own dataset on the freenas machine. This means, for every app I run, I make an NFS share from the freenas machine to the docker vm which is passed on to the container.