Difference between revisions of "Docker ARM Synology"

From Servarr
(reformat)
Line 1: Line 1:
# Log in as `root` to your synology.   
+
Log in as `root` to your synology.  Execute the following command:
# Download and extract the docker binaries by running:
 
  
<pre>
+
curl https://gist.githubusercontent.com/ta264/2b7fb6e6466b109b9bf9b0a1d91ebedc/raw/7b11f25c3dce181faa5206aed8051f176cc4e406/get-docker.sh | sh
curl https://download.docker.com/linux/static/stable/aarch64/docker-20.10.0.tgz | tar -xz -C /usr/local/bin --strip-components=1
 
</pre>
 
# Create somewhere for the docker files to live:
 
# mkdir -p /volume1/@Docker/lib  mkdir /docker  mount -o bind "/volume1/@Docker/lib" /docker
 
# Configure docker:
 
<pre>
 
mkdir -p /usr/local/etc/docker
 
cat <<EOT > /usr/local/etc/docker/docker.json
 
{
 
  "storage-driver": "vfs",
 
  "iptables": false,
 
  "bridge": "none",
 
  "data-root": "/docker"
 
}
 
EOT
 
</pre>
 
# Enable docker to start on boot:
 
 
 
<pre>
 
cat <<'EOT' > /usr/local/etc/rc.d/docker.sh
 
#!/bin/sh
 
# Start docker daemon
 
  
NAME=dockerd
+
If all goes well you should see the message:
PIDFILE=/var/run/$NAME.pid
+
<pre>Done. Please add your user to the docker group in the Synology GUI and reboot your NAS.</pre>
DAEMON_ARGS="--config-file=/usr/local/etc/docker/docker.json --pidfile=$PIDFILE"
 
  
case "$1" in
+
Do as it says:
    start)
+
# Add your user to the new 'docker' group using the synology UI
        echo "Starting docker daemon"
+
# '''Reboot.''' 
        mount -o bind "/volume1/@Docker/lib" /docker
 
        /usr/local/bin/dockerd $DAEMON_ARGS &
 
        ;;
 
    stop)
 
        echo "Stopping docker daemon"
 
        kill $(cat $PIDFILE)
 
        ;;
 
    *)
 
        echo "Usage: "$1" {start|stop}"
 
        exit 1
 
esac
 
exit 0
 
EOT
 
  
chmod 755 /usr/local/etc/rc.d/docker.sh
+
Hopefully you have a functioning `docker` and `docker-compose`, which should work when logged in as your normal user.
</pre>
 
# Create the docker group, replacing `MYUSERNAME` with the username you use to log in with SSH
 
  
synogroup --add docker root MYUSERNAME
+
Some caveats:
 +
# It seems most ARM Synology don't support seccomp, so the docker container has unfettered access to your system (even more so than with a regular docker)
 +
# Again, due to Synology constraints, all containers need to use `--network=host` (or `network: host` in compose) and everything will be directly accesible from the host.  There are no port maps
 +
# Obviously you can only run aarch64 images, but most hotio and linuxserver images offer an aarch64 version.
  
# Start it!
+
If you want a GUI you can use the following example compose:
  
/usr/local/etc/rc.d/docker.sh start
+
<pre>
 +
version: '2'
  
# Install docker compose:
+
services:
 +
  portainer:
 +
    image: portainer/portainer
 +
    restart: unless-stopped
 +
    network_mode: host
 +
    volumes:
 +
      - /var/run/docker.sock:/var/run/docker.sock
 +
      - portainer_data:/data
  
<pre>
+
volumes:
curl -L --fail https://gist.githubusercontent.com/ta264/af20c367aafa63795c3104d4b0c8b148/raw/4f6d257c026596cfce1c9052d9ac426a50e9f205/run.sh -o /usr/local/bin/docker-compose
+
  portainer_data:
chmod +x /usr/local/bin/docker-compose
 
 
</pre>
 
</pre>
 
# Reboot. 
 
# Hopefully you have a functioning `docker` and `docker-compose`
 
# You can start portainer with:
 
# docker run --network=host -v "/var/run/docker.sock:/var/run/docker.sock"  portainer/portainer-ce:linux-arm64
 
# Which will start portainer on port 9000 on the host.
 

Revision as of 19:43, 11 December 2020

Log in as `root` to your synology. Execute the following command: 

curl https://gist.githubusercontent.com/ta264/2b7fb6e6466b109b9bf9b0a1d91ebedc/raw/7b11f25c3dce181faa5206aed8051f176cc4e406/get-docker.sh | sh

If all goes well you should see the message: 

Done.  Please add your user to the docker group in the Synology GUI and reboot your NAS.

Do as it says:

  1. Add your user to the new 'docker' group using the synology UI
  2. Reboot.

Hopefully you have a functioning `docker` and `docker-compose`, which should work when logged in as your normal user.

Some caveats:

  1. It seems most ARM Synology don't support seccomp, so the docker container has unfettered access to your system (even more so than with a regular docker)
  2. Again, due to Synology constraints, all containers need to use `--network=host` (or `network: host` in compose) and everything will be directly accesible from the host. There are no port maps
  3. Obviously you can only run aarch64 images, but most hotio and linuxserver images offer an aarch64 version.

If you want a GUI you can use the following example compose: 

version: '2'

services:
  portainer:
    image: portainer/portainer
    restart: unless-stopped
    network_mode: host
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data

volumes:
  portainer_data:
Retrieved from "https://wikiold.servarr.com/index.php?title=Docker_ARM_Synology&oldid=2694"