AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : blog
blog

Table des matières

1 billet(s) pour avril 2026

Notes ping ICMP2026/04/03 23:01Jean-Baptiste

Docker nproc nombre maximum de process

Docker nproc Nombre maximum de process

Erreur java.lang.OutOfMemoryError: unable to create new native thread

Exemple SystemD Docker

# CTR=`docker run --pids-limit 111 --detach --rm busybox /bin/sleep 8h`
# cat /sys/fs/cgroup/pids/system.slice/docker-${CTR}.scope/pids.max
111
# systemctl show docker-$CTR.scope | grep TasksMax
TasksMax=18446744073709551615
# systemctl disable --now postfix
# systemctl enable --now postfix
# cat /sys/fs/cgroup/pids/system.slice/docker-${CTR}.scope/pids.max
max

Source : https://access.redhat.com/solutions/3666581

Exemple de configuration du daemon Dockerd

Option --default-pids-limit=-1

/etc/sysconfig/docker 

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=json-file --signature-verification=false --default-pids-limit=-1'
Diag sur OpenShift
# oc debug node/$NODE_NAME
# chroot /host
# cgroup=$(awk -F: '/:pids:/{print $3}' /proc/self/cgroup)
# cat /sys/fs/cgroup/pids/"${cgroup}"/pids.max
  4096

Source : https://access.redhat.com/solutions/4074511

Exemple de création de conteneur

sudo docker create --name bankapp-inst -it \
  --sysctl fs.mqueue.msg_max=10000 \
  --sysctl fs.mqueue.msgsize_max=1049600 \
  --sysctl fs.mqueue.queues_max=10000 \
  --ulimit msgqueue=-1 \
  --ulimit nproc=256:512 \
  bankapp

Source : https://github.com/endurox-dev/endurox-docker

2025/03/24 15:06

Docker Network

Voir https://github.com/lbernail/dockeroverlays/blob/master/setup_vxlan 

systemctl stop docker
ip link set down dev br-1164ecd073bd
[root@acme]# ip route get 192.168.205.11
192.168.205.11 dev br-22c8d0f47cfe src 192.168.0.1 uid 0
    cache
[root@acme]# brctl show
bridge name     bridge id               STP enabled     interfaces
br-22c8d0f47cfe         8000.0242b28bc79b       no              veth05ae059
                                                        veth3091fa8
                                                        veth88ed8e5
docker0         8000.02426cf41f39       no

[root@acme]# docker network list
NETWORK ID          NAME                DRIVER              SCOPE
d5ff36324662        bridge              bridge              local
e82ce3715151        host                host                local
8195441310fe        none                null                local
22c8d0f47cfe        plop                bridge              local

[root@acme]# docker network inspect 22c8d0f47cfe

Il est possible d'explicite la conf dans Docker-compose 

networks:
  backend:
networks:
  backend:
    ipam:
      driver: default
      config:
        - subnet: 192.168.10.0/24

network host

Il est possible de faire : 

networks:
  hostnw:
    external:
      name: host

Mais il est mieux de faire 

services:
  webapp:
    build: .
    network_mode: "host"
2025/03/24 15:06
, ,

Docker - Install DokuWiki

Ajout des dépôts “backports” 

echo "deb http://ftp.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list
 
apt-get update

Install Docker 

apt-get install docker.io supervisor

Git clone de la conf Dockerfile et construction du conteneur

Dockerfile 

#
# INSTALLATION DE DOKUWIKI
#
 
FROM alpine:latest
 
#MAINTAINER Jean nospam@me.con
LABEL org.opencontainers.image.authors="Jean nospam@me.con"
 
RUN apk update \
        && apk upgrade
RUN apk add --no-cache \
        curl nginx tmux bash vim git openssh-client unzip wget supervisor ca-certificates \
        php5-fpm php5-json php5-zlib php5-zip php5-xml php5-pdo php5-phar php5-openssl \
        php5-gd php5-iconv php5-mcrypt \
        php5-curl php5-opcache php5-ctype php5-apcu \
        php5-intl php5-bcmath php5-dom php5-xmlreader \
        && rm -rf /var/cache/apk/*
 
# FIXME: privilégier la command COPY à la place de ADD
ADD ./etc/php5/fpm/pool.d/dokuwiki.conf /etc/php5/fpm.d/dokuwiki.conf
ADD ./etc/nginx/sites-available/default /etc/nginx/conf.d/
ADD ./etc/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
ADD ./install-dw.sh /root/install-dw.sh
ADD ./usr/local/bin/dw-clean.sh /usr/local/bin/
 
RUN mkdir -p /var/www/html/wiki
RUN addgroup dokuwiki \ 
        && adduser -s /usr/sbin/nologin -h /var/www/html/wiki -S -G dokuwiki dokuwiki
 
#RUN echo "daemon off;" >> /etc/nginx/nginx.conf
#RUN sed -i -e 's/# server_tokens off/server_tokens off/' /etc/nginx/nginx.conf
RUN mkdir -p /var/log/nginx/wiki
RUN bash /root/install-dw.sh
RUN chown dokuwiki -R /var/www/wiki
 
 
EXPOSE 80
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf", "-n" ]
git clone dw-docker
docker build -t jibe/dokuwiki dw-docker
mkdir /home/wiki

/home/wiki/bin/dw-start.sh 

#! /bin/bash
 
set -o nounset
 
cd /home/wiki
 
docker stop dokuwiki1 2>/dev/null || true
 
docker rm dokuwiki1 2>/dev/null || true
 
/usr/bin/docker run -a stdout --rm --name=dokuwiki1 -v /home/wiki/data/:/var/www/wiki/www/data -v /home/wiki/conf/:/var/www/wiki/www/conf -m 512m -p 8082:80 jibe/dokuwiki supervisord -c /etc/supervisor/supervisord.conf -n

/etc/supervisor/conf.d/wiki.conf 

[program:dokuwiki1]
command=/home/wiki/bin/dw-start.sh
autorestart=false
autostart=true
stopsignal=INT

Ajout des données à l'instance Docker de Dokuwiki (ici données par défaut) 

cd /tmp
git clone http://github.com/splitbrain/dokuwiki.git
cd dokuwiki                                                              
git checkout stable
cp -a data/ /home/wiki/
cp -a conf/ /home/wiki/

FIXME 

chmod -R a=rwX /home/wiki

Conf post install

http://monserveur:8082/install.php

Effacement du fichier install.php à l'intérieur du centenaire 

docker exec -it dokuwiki1 /bin/bash
 
rm /var/www/wiki/dokuwiki/install.php
exit
 
docker commit dokuwiki1 jibe/dokuwiki

Notes PRA / Réplication

Voir également https://www.dokuwiki.org/plugin:sync 

#! /bin/bash
 
rsync -axP --chown=999:999 --exclude="cache" --exclude="tmp" --exclude="attic" --delete webapp:/home/wiki/data/* /home/wiki/data/
rsync -axP --chown=999:999 --exclude="cache" --exclude="tmp" --delete  webapp:/home/wiki/conf/* /home/wiki/conf/
 
rm /home/wiki/data/tmp/* -rf
rm /home/wiki/data/cache/* -rf
touch -c /home/wiki/conf/local.php

/etc/hosts

--add-host=“git.acme.fr:10.8.17.115”

Pb

Pb Erreur 500 Composer detected issues in your platform: Your Composer dependencies require a PHP version ">= 8.1.0".
Composer detected issues in your platform: Your Composer dependencies require a PHP version ">= 8.1.0".
Solution

Supprimer le plugin en cause dans dokuwiki/lib/plugins/

2025/03/24 15:06
,

Docker image build

Voir :

Ansible :

Outils / Méthode / Container Image Builders :

Bonnes pratiques

Voir :

Quand cela est possible préférer COPY à ADD. Voir https://docs.docker.com/build/building/best-practices/

Immediately before your ENTRYPOINT or CMD directive, you then add a USER

Ne pas utiliser sudo mais gosu ou su-exec

Vérif Dockerfile Conrainerfile avec Hadolint

Voir : 

podman run --rm -i docker.io/hadolint/hadolint < Dockerfile

Exemple de Dockerfile et script

https://github.com/browserless/chrome/blob/master/start.sh

start.sh 

#!/bin/bash
set -e
 
# When docker restarts, this file is still there,
# so we need to kill it just in case
[ -f /tmp/.X99-lock ] && rm -f /tmp/.X99-lock
 
_kill_procs() {
  kill -TERM $node
  kill -TERM $xvfb
}
 
# Relay quit commands to processes
trap _kill_procs SIGTERM SIGINT
 
Xvfb :99 -screen 0 1024x768x16 -nolisten tcp -nolisten unix &
xvfb=$!
 
export DISPLAY=:99
 
dumb-init -- node ./build/index.js $@ &
node=$!
 
wait $node
wait $xvfb

Dockerfile 

CMD ["./start.sh"]

Buildha

voir https://www.grottedubarbu.fr/buildah-basics/

docker build 

buildah bud -t myapp:latest .

L'option bud est en réalité une version courte de l'option build-using-dockerfile

Modification d'image

# Copier nginx vers la registry locale
crane copy nginx:1.27.3-alpine localhost:5000/nginx:1.27.3-alpine --platform linux/amd64

# Aplatir l'image
crane flatten localhost:5000/nginx:1.27.3-alpine \
  -t localhost:5000/nginx:1.27.3-alpine-flat

Source : https://blog.stephane-robert.info/docs/conteneurs/outils/crane/

Autres

RUN apk add --no-cache shadow 

export DOCKER_BUILDKIT=0
2025/03/24 15:06

Docker exemple de Dockerfile pour Debian

Voir :

Voir aussi Alpine

Dockerfile 

FROM debian:jessie
 
#ENV http_proxy  http://192.168.56.1:3128
#ENV https_proxy http://192.168.56.1:3128
ARG https_proxy
ARG http_proxy
 
ENV DEBIAN_FRONTEND noninteractive
ENV TERM linux
ENV LANG C.UTF-8
ENV LANGUAGE C.UTF-8
ENV LC_ALL C.UTF-8
 
# https://jpetazzo.github.io/2013/10/06/policy-rc-d-do-not-start-services-automatically/
RUN echo -e '#!/bin/bash\nexit 101' > /usr/sbin/policy-rc.d
RUN chmod +x /usr/sbin/policy-rc.d
 
RUN echo "deb http://ftp.debian.org/debian jessie-backports main" > /etc/apt/sources.list.d/backports.list
RUN (apt-get update && apt-get upgrade -y -q && apt-get dist-upgrade -y -q && apt-get -y -q autoclean && apt-get -y -q autoremove)
RUN apt-get install -q -y --no-install-recommends python-minimal tmux bash locales sudo vim supervisor
 
RUN (locale-gen fr_FR.UTF-8 UTF-8 && dpkg-reconfigure locales)
 
ENTRYPOINT ["/usr/bin/supervisord", "-c",  "/etc/supervisor/supervisord.conf",  "-n"]
docker build -t plop --build-arg http_proxy=http://192.168.56.1:3128 --build-arg https_proxy=http://192.168.56.1:3128 .
2025/03/24 15:06
,

<< Billets récents | Anciens billets >>

blog.txt · Dernière modification : de 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki