1 |
Andrew makes a good point that, of course, not all options will be |
2 |
relevant to a particular image or use case. The script is aimed to check |
3 |
for "full" compatibility. Having some reported as missing is by no means |
4 |
a deal breaker. |
5 |
|
6 |
Re nftables it's a very valid point as well. I too use nftables instead |
7 |
of iptables and, in general, anything that dares touch my rules I will |
8 |
either disable the option for it to do so or, if that's not possible, |
9 |
swiftly eradicate it off my system with vengeance. I'm not a big fan of |
10 |
how Docker manages netfilter rules so I too tend to disable that from |
11 |
the config and, as Andrew said, it has been slow at adopting nftables. |
12 |
It seems Docker is being developed with primary consideration for stable |
13 |
(read archaic) distributions that have long release cycles. |
14 |
|
15 |
If you use nftables at all - even via other software such as firewalld, |
16 |
etc - Docker may or may not like that. Previously, though admitedly |
17 |
quite a while ago, Docker just loved adding iptables rules in addition |
18 |
to my nftables rules. Needless to say, that quickly became a mess. |
19 |
|
20 |
nftables is _a lot_ easier to manage, even writing rules manually feels |
21 |
a lot more intuitive. So I think the learning curve (at least in terms |
22 |
of syntax) tends to be less steep IMO if you decide to go down that road |
23 |
at some point. |
24 |
|
25 |
Anyway, this probably wasn't a post of high contribution value haha |
26 |
|
27 |
Keep us updated in case you encounter any issues! |
28 |
|
29 |
Cheers, |
30 |
Victor |
31 |
|
32 |
On 17/05/2020 09:31, Peter Humphrey wrote: |
33 |
> On Sunday, 17 May 2020 00:58:54 BST Andrew Udvare wrote: |
34 |
>> On 16/05/2020 13:12, Peter Humphrey wrote: |
35 |
>>> I can't find any of those. Any clues for the uninitiated? |
36 |
>> |
37 |
>> I am running Docker fine on 5.6.12 and I am missing a lot: |
38 |
> |
39 |
> --->8 |
40 |
> |
41 |
>> In regards to NF options, I use nftables and I manage the firewall |
42 |
>> manually for Docker (I set {"iptables": false} in |
43 |
>> /etc/docker/daemon.json). Docker has been extremely slow at adopting |
44 |
>> nftables. |
45 |
> |
46 |
> I'm still pretty much in the dark about setting up nftables and iptables in |
47 |
> the kernel config. Not to worry, though; I dare say it'll become clearer in |
48 |
> time. |
49 |
> |
50 |
>> You definitely do not need zfs installed to use Docker. This machine |
51 |
>> doesn't have it. |
52 |
>> |
53 |
>> As Victor stated, CFQ is deprecated and gone and BFQ will work fine. And |
54 |
>> the script is basically for Red Hat (or corporate) users who still use |
55 |
>> iptables, CFQ, ext3 apparently, and a much older kernel. |
56 |
>> |
57 |
>> On my slightly stabler server (running 5.4.38), this is the output and |
58 |
>> Docker still works fine. Again on that server I use nftables and manage |
59 |
>> the firewall manually. The system has ext4 for its root and the rest of |
60 |
>> it is ZFS. |
61 |
> |
62 |
> --->8 |
63 |
> |
64 |
> Thanks gents. I'll just try it and see what happens. |
65 |
> |