Gentoo Archives: gentoo-user

From: Andrew Udvare <audvare@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Kernel config for Docker
Date: Sat, 16 May 2020 23:59:05
Message-Id: c4f51fe6-1be9-d6b4-f611-bb3f7a2fd96c@gmail.com
In Reply to: [gentoo-user] Kernel config for Docker by Peter Humphrey
1 On 16/05/2020 13:12, Peter Humphrey wrote:
2 > I can't find any of those. Any clues for the uninitiated?
3
4 I am running Docker fine on 5.6.12 and I am missing a lot:
5
6 - CONFIG_NF_NAT_IPV4: missing
7 - CONFIG_IP_NF_FILTER: missing
8 - CONFIG_IP_NF_TARGET_MASQUERADE: missing
9 - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: missing
10 - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: missing
11 - CONFIG_NETFILTER_XT_MATCH_IPVS: missing
12 - CONFIG_IP_NF_NAT: missing
13 - CONFIG_NF_NAT_NEEDED: missing
14 - CONFIG_IOSCHED_CFQ: missing
15 - CONFIG_CFQ_GROUP_IOSCHED: missing
16 - CONFIG_IP_NF_TARGET_REDIRECT: missing
17 - CONFIG_EXT3_FS_XATTR: missing
18 - CONFIG_INET_XFRM_MODE_TRANSPORT: missing
19 - CONFIG_NF_NAT_FTP: missing
20 - CONFIG_NF_CONNTRACK_FTP: missing
21 - CONFIG_NF_NAT_TFTP: missing
22 - CONFIG_NF_CONNTRACK_TFTP: missing
23 - CONFIG_AUFS_FS: missing
24 - CONFIG_BTRFS_FS: missing
25 - CONFIG_BTRFS_FS_POSIX_ACL: missing
26 - /dev/zfs: missing
27 - zfs command: missing
28 - zpool command: missing
29
30 In regards to NF options, I use nftables and I manage the firewall
31 manually for Docker (I set {"iptables": false} in
32 /etc/docker/daemon.json). Docker has been extremely slow at adopting
33 nftables.
34
35 You definitely do not need zfs installed to use Docker. This machine
36 doesn't have it.
37
38 As Victor stated, CFQ is deprecated and gone and BFQ will work fine. And
39 the script is basically for Red Hat (or corporate) users who still use
40 iptables, CFQ, ext3 apparently, and a much older kernel.
41
42 On my slightly stabler server (running 5.4.38), this is the output and
43 Docker still works fine. Again on that server I use nftables and manage
44 the firewall manually. The system has ext4 for its root and the rest of
45 it is ZFS.
46
47 - CONFIG_BRIDGE_NETFILTER: missing
48 - CONFIG_NF_NAT_IPV4: missing
49 - CONFIG_IP_NF_FILTER: missing
50 - CONFIG_IP_NF_TARGET_MASQUERADE: missing
51 - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: missing
52 - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: missing
53 - CONFIG_NETFILTER_XT_MATCH_IPVS: missing
54 - CONFIG_IP_NF_NAT: missing
55 - CONFIG_NF_NAT_NEEDED: missing
56 - CONFIG_IOSCHED_CFQ: missing
57 - CONFIG_CFQ_GROUP_IOSCHED: missing
58 - CONFIG_IP_NF_TARGET_REDIRECT: missing
59 - CONFIG_EXT3_FS: missing
60 - CONFIG_EXT3_FS_XATTR: missing
61 - CONFIG_EXT3_FS_POSIX_ACL: missing
62 - CONFIG_EXT3_FS_SECURITY: missing
63 - CONFIG_INET_XFRM_MODE_TRANSPORT: missing
64 - CONFIG_NF_NAT_FTP: missing
65 - CONFIG_NF_CONNTRACK_FTP: missing
66 - CONFIG_NF_NAT_TFTP: missing
67 - CONFIG_NF_CONNTRACK_TFTP: missing
68 - CONFIG_AUFS_FS: missing
69 - CONFIG_BTRFS_FS: missing
70 - CONFIG_BTRFS_FS_POSIX_ACL: missing
71
72 Andrew

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-user] Kernel config for Docker Peter Humphrey <peter@××××××××××××.uk>