Docker – Hayato Iriumi

How to Install Docker Compose 2 on Intel x86_64 Processor

I’m guessing most of the people out there still use Intel x86_64 processor. I am writing a blog article on how to install Docker Compose 2 on it.

Create a directory.
mkdir -p ~/.docker/cli-plugins/
Download Docker Compose 2 binary for x86_64.
curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
Give the binary file execute permission.
chmod +x ~/.docker/cli-plugins/docker-compose
Check if the binary has been installed successfully.
docker compose version
You should an output like the image below.

How to Install Docker Engine with Ansible on Oracle Linux 7

I am wanting to make sure Docker engine is present on my Jenkins host. To prove that Docker is not installed yet, here is the result of sudo systemctl status docker on the Jenkins host.

Unit docker.service could not be found.

Here is the Ansible playbook I came up with. The target host is an Oracle Linux 7 on ARM64 processor.

---
- name: Install docker
  gather_facts: No
  hosts: jenkins

  tasks:
    - name: Install Docker
      yum:
        name: docker-engine
        state: installed
      become: yes
    
    - name: Enable/Start Docker
      systemd:
        name: docker
        enabled: yes
        state: started
      become: yes

    - name: Add user vagrant to docker group
      user:
        name: vagrant
        groups: docker
        append: yes
      become: yes

Here is the result when I execute it.

ansible-playbook playbooks/docker-ce.yaml

PLAY [Install docker] ****************************************************************************************************************************

TASK [Install Docker] ****************************************************************************************************************************
changed: [jenkins.hayato-iriumi.net]

TASK [Enable/Start Docker] ***********************************************************************************************************************
changed: [jenkins.hayato-iriumi.net]

TASK [Add user vagrant to docker group] **********************************************************************************************************
ok: [jenkins.hayato-iriumi.net]

PLAY RECAP ***************************************************************************************************************************************
jenkins.hayato-iriumi.net  : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

When I ssh into the Jenkins host and check if Docker daemon is running here is the output.

[opc@jenkins ~]$ sudo systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-01-03 04:55:11 GMT; 1min 37s ago
     Docs: https://docs.docker.com
 Main PID: 18476 (dockerd)
    Tasks: 8
   Memory: 37.5M
   CGroup: /system.slice/docker.service
           └─18476 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Jan 03 04:55:10 jenkins dockerd[18476]: time="2022-01-03T04:55:10.694835968Z" level=warning msg="Your kernel does not support cgroup blkio weight"
Jan 03 04:55:10 jenkins dockerd[18476]: time="2022-01-03T04:55:10.695237969Z" level=warning msg="Your kernel does not support cgroup bl..._device"
Jan 03 04:55:10 jenkins dockerd[18476]: time="2022-01-03T04:55:10.695923611Z" level=info msg="Loading containers: start."
Jan 03 04:55:11 jenkins dockerd[18476]: time="2022-01-03T04:55:11.014165992Z" level=info msg="Default bridge (docker0) is assigned with...address"
Jan 03 04:55:11 jenkins dockerd[18476]: time="2022-01-03T04:55:11.130298822Z" level=info msg="Loading containers: done."
Jan 03 04:55:11 jenkins dockerd[18476]: time="2022-01-03T04:55:11.147750103Z" level=warning msg="Not using native diff for overlay2, th...overlay2
Jan 03 04:55:11 jenkins dockerd[18476]: time="2022-01-03T04:55:11.148281344Z" level=info msg="Docker daemon" commit=9bb540d graphdriver...03.11-ol
Jan 03 04:55:11 jenkins dockerd[18476]: time="2022-01-03T04:55:11.148597025Z" level=info msg="Daemon has completed initialization"
Jan 03 04:55:11 jenkins systemd[1]: Started Docker Application Container Engine.
Jan 03 04:55:11 jenkins dockerd[18476]: time="2022-01-03T04:55:11.208274084Z" level=info msg="API listen on /var/run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.

Migrated to ARM64 Oracle Linux 7

I have migrated my site to Oracle Linux 7 on ARM64 just because I was curious how it would work on ARM64 or if it would work on ARM64 at all.

As of this writing, I’ve got this WordPress site on Docker to work on Oracle Linux 7 on ARM64 processor. It was some struggle but I feel it’s snappier.

Here is the Docker Compose file that works for this site. As you can see, I commented out the mysql image and using Maria DB for ARM64 instead. Maria DB is a fork for MySQL, so it’s sufficient enough for my personal blog site.

version: "3.9"
services:
  db:
    image: arm64v8/mariadb # mysql/mysql-server:8.0.20-aarch64
    volumes:
      - ./mysql:/var/lib/mysql
    restart: always
    command: mysqld --default-authentication-plugin=mysql_native_password
    environment:
      MYSQL_ROOT_PASSWORD: YourPassword
      MYSQL_DATABASE: hayato_iriumi_db
      MYSQL_USER: blog_admin
      MYSQL_PASSWORD: AnotherPassword
    networks:
      proxynet:
  phpmyadmin:
    depends_on:
      - db
    image: arm64v8/phpmyadmin
    restart: always
    ports:
      - '8080:80'
    environment:
      PMA_HOST: db
      MYSQL_ROOT_PASSWORD: YourPassword
    networks:
      proxynet:
  wordpress:
    image: arm64v8/wordpress
    container_name: wordpress
    depends_on:
      - db
        # ports:
        # - "8000:80"
    restart: always
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_USER: blog_admin
      WORDPRESS_DB_PASSWORD: AnotherPassword
      WORDPRESS_DB_NAME: hayato_iriumi_db
      WORDPRESS_DEBUG: 'true'
    volumes:
      - ./html:/var/www/html
      - ./wp-content:/var/www/html/wp-content
    networks:
      proxynet:
  reverse:
    image: arm64v8/nginx
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
      - ./nginx/conf.d:/etc/nginx/conf.d
    ports:
      - "80:80"
      - "443:443"
    restart: always
    networks:
      proxynet:
volumes:
  db_data: {}
  wordpress: {}
networks:
  proxynet:

Docker Compose 2 works well on ARM64 as well. It is definitely faster than Docker Compose 1. By just changing the platform, I feel I upgraded my blog site for a better performance.

How to Install Docker Compose 2 on ARM Processor Linux Host (OL7)

I have provisioned Oracle Linux 7 on ARM processor on OCI. In an attempt to get my blog site to work on the host, I have installed Docker engine and now I want to install Docker Compose 2. Here are the steps.

Create a directory.
mkdir -p ~/.docker/cli-plugins/
Download the Docker Compose 2 binary for ARM64.
curl -SL https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-linux-armv7 -o ~/.docker/cli-plugins/docker-compose
Give the binary file execute permission.
chmod +x ~/.docker/cli-plugins/docker-compose
Check if the binary has been installed successfully.
docker compose version

Not Working on ARM Host

I spined up an ARM host on OCI and installed Docker Compose 2 and then downloaded my docker-compose.yaml file to start my blog engine on it, but I got the following error.

This means no image is available for ARM64. I don’t think there is anything I can do at the moment (unless I make the effort and create images myself), so I am giving it up for now. Oh well…

Edit: I did some research to see if those Docker images are available and they are. I will give it another try.

Docker Compose 2

Docker Compose has been around for a while and I have been using version 1 to spin up this site. I’ve found that Docker Compose 2 is working on ARM processor, so I may migrate my site to a ARM processor host and spin up with it.

I will write about it as I make progress with it.

How to Generate Free SSL by Let’s Encrypt

I attempted to use Certbot by Let’s Encrypt for free SSL certificate for my subdomain using a Docker container but it was never successful, so I left it alone for a while. The DNS service that I use provides SSL certs but it charges me extra for subdomain. There are other services such as SSL for Free but they either limit the number of certificates or they charge for subdomains or they want me to pay like $10 per month for wildcard certificate. That’s pretty steep considering the host is being used only privately. The alternative is to create your own private CA authority and issue SSL cert and have the root CA cert on the machines that you use the hosts.

But this morning, I figured out a way to generate the free SSL cert for my subdomain using Certbot. I will write about what worked for me.

I followed this instruction to install snapd on Ubuntu.

First, remove certbot if installed by apt.

sudo apt-get remove certbot

Install Certbot.

sudo snap install --classic certbot

Prepare the Certbot command.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Now prepare your NGINX server to accept HTTP traffic for acme challenge.

Edit nginx.conf to accept HTTP (port 80).

   server {
      location / {
          root   /var/www/html;
          index  index.html index.htm;
      }
      listen       80 default_server;
      listen       [::]:80 default_server;
      server_name  _;

If you have the HTTP redirect to HTTPS, uncomment the line.

# return 301 https://jenkins.hayato-iriumi.net$request_uri;

Now back to Certbot, execute the following command to start to issue your ssl cert.

sudo certbot certonly -a manual --rsa-key-size 4096 --email hiriumi@gmail.com -d jenkins.hayato-iriumi.net

You will see an output like the following.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jenkins.hayato-iriumi.net

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

s8wH1u2z00ePejV4hyy4y3CTyW3pYvrFgxwxwsPVdd8.O3THIaz5tgLf8NuxfBYw8FZfrdQNf_Y_1U--J0PsgqQ

And make it available on your web server at this URL:

http://jenkins.hayato-iriumi.net/.well-known/acme-challenge/s8wH1u2z00ePejV4hyy4y3CTyW3pYvrFgxwxwsPVdd8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Now you should create the file with the data specified in the output. Once you have that hit Enter to get the cert generated.

Lastly, when the cert generation is successful, you will see the output like the following.

Now switch to the root user by executing…

sudo -i

The cert files are at /etc/letsencrypt/archive/jenkins.hayato-iriumi.net

Copy cert1.pem and privkey1.pem to the directory where you would like to store your SSL files. In my ssl.conf file, I have specified the cert files like the following.

server {
    server_name jenkins.hayato-iriumi.net;
    listen 443 ssl;
    ssl_certificate /etc/nginx/conf.d/ssl/cert1.pem;
    ssl_certificate_key /etc/nginx/conf.d/ssl/privkey1.pem;
    client_max_body_size 3000m;

Now unc0mment the line in ssl.conf to redirect HTTP to HTTPS traffic. Once you restart your NGINX, NGINX starts to service the traffic in SSL.

I’m sure there are ways to automate this and I am thinking of exploring the way to do it but it works well for now.

How to install Docker and Docker Compose on Oracle Linux 7

I have a need to install Docker and Docker Compose on Oracle Linux 7. Here is my note for future reference.

sudo yum -y update
sudo yum install -y docker-engine
sudo systemctl start docker
sudo systemctl enable docker
sudo usermod -aG docker $USER

Now, logout and log back in and execute a docker command to see if you don’t need sudo to execute it.

docker ps -a

Now install Docker Compose.

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Now check if docker-compose was successfully installed.

docker-compose -v

New Server

I’ve migrated my blog to yet another host on OCI‘s free tier host. It was much easier this time because I had all my contents into one zip file and expanded it on the new host. By Dockerizing the whole site, it completely separates data and server and makes the migration so much easier.

As a blogger (though a mediocre one) who maintains the whole thing by himself, I cannot live without this anymore. It’s really convenient and much more maintainable.

Moved to OCI’s Free Tier

I decided to move to OCI’s free tier because the charge was going up faster than I expected. If you see this blog post, it’s on the free tier host.

I had already gone through the migration process so it wasn’t too hard to do it but still it was some work.

I was starting to get charged 67 cents a day. My ads on this blog doesn’t earn that much, so I was starting to be negative on the budget.

So far, since June 3 to June 17, only $3.13 but you can see the cost was starting to get higher in the last few days. The Shape of the host was VM.Stardard.E3.Flex with 2 AMD CPUs and 2GB of memory. $3.13 is nothing for the technical knowledge I gained migrating my WordPress site to my own Cloud but I wanted to make it economical to make it more sustainable. I thought 1 AMD CPU and 1GB of memory would do, so I moved everything to the free tier host. For more details about OCI’s free resources, click here.

As far as I know, it is possible for anyone who has OCI account to have a free tier host in us-ashburn-1 region in Availability Domain 3 with an AMD CPU. I saw a free tier host with ARM CPU just recently but I will wait and see if docker-compose releases bits for ARM processor. I don’t know if they will charge me for anything, but we will see. Once DNS propagates to this new host, I am going to terminate the old host.

Edit: I was just digging the OCI’s UI and found the combination is free. Just need to have docker-compose for ARM processor…