| 1 |
Andrew makes a good point that, of course, not all options will be |
| 2 |
relevant to a particular image or use case. The script is aimed to check |
| 3 |
for "full" compatibility. Having some reported as missing is by no means |
| 4 |
a deal breaker. |
| 5 |
|
| 6 |
Re nftables it's a very valid point as well. I too use nftables instead |
| 7 |
of iptables and, in general, anything that dares touch my rules I will |
| 8 |
either disable the option for it to do so or, if that's not possible, |
| 9 |
swiftly eradicate it off my system with vengeance. I'm not a big fan of |
| 10 |
how Docker manages netfilter rules so I too tend to disable that from |
| 11 |
the config and, as Andrew said, it has been slow at adopting nftables. |
| 12 |
It seems Docker is being developed with primary consideration for stable |
| 13 |
(read archaic) distributions that have long release cycles. |
| 14 |
|
| 15 |
If you use nftables at all - even via other software such as firewalld, |
| 16 |
etc - Docker may or may not like that. Previously, though admitedly |
| 17 |
quite a while ago, Docker just loved adding iptables rules in addition |
| 18 |
to my nftables rules. Needless to say, that quickly became a mess. |
| 19 |
|
| 20 |
nftables is _a lot_ easier to manage, even writing rules manually feels |
| 21 |
a lot more intuitive. So I think the learning curve (at least in terms |
| 22 |
of syntax) tends to be less steep IMO if you decide to go down that road |
| 23 |
at some point. |
| 24 |
|
| 25 |
Anyway, this probably wasn't a post of high contribution value haha |
| 26 |
|
| 27 |
Keep us updated in case you encounter any issues! |
| 28 |
|
| 29 |
Cheers, |
| 30 |
Victor |
| 31 |
|
| 32 |
On 17/05/2020 09:31, Peter Humphrey wrote: |
| 33 |
> On Sunday, 17 May 2020 00:58:54 BST Andrew Udvare wrote: |
| 34 |
>> On 16/05/2020 13:12, Peter Humphrey wrote: |
| 35 |
>>> I can't find any of those. Any clues for the uninitiated? |
| 36 |
>> |
| 37 |
>> I am running Docker fine on 5.6.12 and I am missing a lot: |
| 38 |
> |
| 39 |
> --->8 |
| 40 |
> |
| 41 |
>> In regards to NF options, I use nftables and I manage the firewall |
| 42 |
>> manually for Docker (I set {"iptables": false} in |
| 43 |
>> /etc/docker/daemon.json). Docker has been extremely slow at adopting |
| 44 |
>> nftables. |
| 45 |
> |
| 46 |
> I'm still pretty much in the dark about setting up nftables and iptables in |
| 47 |
> the kernel config. Not to worry, though; I dare say it'll become clearer in |
| 48 |
> time. |
| 49 |
> |
| 50 |
>> You definitely do not need zfs installed to use Docker. This machine |
| 51 |
>> doesn't have it. |
| 52 |
>> |
| 53 |
>> As Victor stated, CFQ is deprecated and gone and BFQ will work fine. And |
| 54 |
>> the script is basically for Red Hat (or corporate) users who still use |
| 55 |
>> iptables, CFQ, ext3 apparently, and a much older kernel. |
| 56 |
>> |
| 57 |
>> On my slightly stabler server (running 5.4.38), this is the output and |
| 58 |
>> Docker still works fine. Again on that server I use nftables and manage |
| 59 |
>> the firewall manually. The system has ext4 for its root and the rest of |
| 60 |
>> it is ZFS. |
| 61 |
> |
| 62 |
> --->8 |
| 63 |
> |
| 64 |
> Thanks gents. I'll just try it and see what happens. |
| 65 |
> |
Archives