Computer Science Docker

Do not install Docker without reading this, even on a computer that you manage yourself.

This page is designed to tell you how to install Docker on Computer Science systems.

What is Docker?

Docker is a system for creating and using "containers." A container is somewhat like a virtual machine, except that it doesn't have its own kernel. There are two main uses:

To package up a set of programs, in a way that you can use it from any versions of Linux, MacOS or Windows.
To package up services, e.g. a web server or database system, in a way that you can use them from any version of Linux, MacOS or Windows.

Do you need Docker or should you use Singularity?

Docker images are often used to package software for AI and data analysis. If you find a docker image that has software you want to use, we suggest that you use the program singularity to run the docker image, especially, if you are doing Cuda and AI/Learning tools and need GPUs on CS machines. Singularity is easier to use than Docker, and gives you access to your normal files within the container. It can run most Docker images. See Basic Singularity Command and Utilization

Note: Currently, rootless docker will not run along with Slurm job scheduler on our system which is required if you need to use GPUs.

However if you are trying to create a new Docker image, rather than just run an existing one, you'll need the actual Docker software. You'll also need the actual Docker if you need to run a Docker image that has servers such as a web server in it.

If you can become root

This section is for people who run their own Linux systems. If you're using a system that we run, such as the ilab systems, please see the next section.

If you can do su or sudo, you can do a normal Docker installation. You can install it using apt (Ubuntu) or yum (Centos), or get the most recent release directy from the Docker web page. But there's one thing you must do first .

If you simply install Docker without doing anything else, your system may lose access to the network. To prevent this, before installing Docker create the file /etc/docker/daemon.json . It should contain the following:

{
  "bip": "192.168.100.2/24",
  "mtu": 1500
}

This will cause Docker to use a network that doesn't conflict with any of ours.

One other warning: Docker images and volumes must be on a local disk. Docker doesn't work with NFS, i.e. file systems mounted from file servers. On most systens, your home directory is on a file server. So make sure you put Docker files on /usr, /var, /freespace, etc.

If you can't become root -- i.e. you're a normal user

Until recently, Docker could only be used by people who could do su or sudo. However the most recent release can be used by normal users. Here is a page that describes that: Run the Docker daemon as a non-root user .

However there are some things you must do before you try this out on one of the systems we run. The example below shows all of these things.

You must make sure you have an entry in /etc/subuid and /etc/subgid The command sudo /usr/libexec/addsubusers.py will do this. If the command doesn't work, please ask help@cs.rutgers.edu to install the necessary files on your system.
Docker's files won't work over the network. Our user directories are mounted from network file servers. So you have to arrange for Docker to put files on a local file system. On many of our systems, you can create a directory on /freespace/local. The commands below do that. First, do a df and verify that there's at least 10G free on that file system. If not, please send email to help@cs.rutgers.edu.
Docker uses its own network internally. Unfortunately this network conflicts with networks used by many of our systems. We recommend that you create a file .config/docker/daemon.json that tells Docker to use a different network.
On you next login, if your non root docker is not running, you can check its status via this command. systemctl --user status docker If it is not running, you can run it again via: systemctl --user start docker If it fails to start, make sure that you are running your docker on the same machine you setup your docker because it sits in a local filesystem.

Installing & Setting up Docker as a User without root

Here's an example of installing Docker as a user. Follow below, if you are setting up docker on the first iLab machine.

df -h /freespace/local
#if /freespace/local has less than 15GB, use another machine
 
# WARNING: we may remove files from /freespace between semesters.
# Because this setup uses /freespace/local, this setup is only
# effective on machine you setup this docker.
# Note: /freespace/local is a local filesystem, therefore
# its content is only available locally.

# make a directory for docker on a local file system
mkdir -p /freespace/local/$USER/docker

# link it to where docker expects it to be
mkdir -p ~/.local/share
ln -s /freespace/local/$USER/docker ~/.local/share
sudo /usr/libexec/addsubusers.py
# if the previous command fails, contact help@cs.rutgers.edu
# the system you're usin isn't properly set up

# create the network config file
mkdir -p ~/.config/docker
cp /etc/docker/daemon.json ~/.config/docker/daemon.json


# now do the installation as documented on the web page
# make sure we start in the home directory
cd

# the following command is for Ubuntu 20 and Ubuntu 22 ONLY
curl -fsSL https://get.docker.com/rootless | sh

# on Ubuntu 24 run this command instead
# /usr/bin/dockerd-rootless-setuptool.sh install

### up to here should only be done once
### below here has to be done every time you login

# the curl command will print two export commands. do them
export PATH="$HOME/bin:$PATH"
export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock

# put those two export commands in .bashrc if you are
# going to do this a lot

# you must do the following command again every time
# you login.
systemctl --user start docker
# verify that docker started with no errors
systemctl --user status docker

# now try it. fetch a copy of alpine and run it 
# To give docker access to /freespace/local 
# add -v hostpath/dockerpath parameter.
# You can add multiple -v options for more disks.
# I've picked alpine because it's a Linux system, but it's only 5 MB
docker run -v /freespace/local:/freespace/local -it alpine  
# you'll get a prompt like / #
# try something that uses the network
apk update

# exit back to your normal shell
 exit

If you are planning to run docker on another iLab machine,

only the following needs to be done on additional machines.

df -h /freespace/local
#if /freespace/local has less than 15GB, use another machine
 
# WARNING: we may remove files from /freespace between semesters.
# Because this setup uses /freespace/local, this setup is only
# effective on machine you setup this docker.
# Note: /freespace/local is a local filesystem, therefore
# its content is only available locally.


  # add entries to /etc/subuid and /etc/subgid
sudo /usr/libexec/addsubusers.py
# if the previous command fails, contact help@cs.rutgers.edu
# the system you're usin isn't properly set up


# make a directory for docker on a local file system
mkdir -p /freespace/local/$USER/docker

# you must do the following command again every time
# you login.
systemctl --user start docker
# verify that docker started with no errors
systemctl --user status docker

# now try it. fetch a copy of alpine and run it 
# To give docker access to /freespace/local 
# add -v hostpath/dockerpath parameter.
# You can add multiple -v options for more disks.
# I've picked alpine because it's a Linux system, but it's only 5 MB
docker run -v /freespace/local:/freespace/local -it alpine  
# you'll get a prompt like / #
# try something that uses the network
apk update

# exit back to your normal shell
 exit

Important Notes

We recommend using only one system for Docker, or at least one system per home directory. (E.g., in your home directory on /common/home or /freespace/local directory.

~/.local/share/docker will end up pointing to a local file system, e.g. in /freespace. As long as the name of that directory is the same everywhere you're OK. But if the local file systens are different, there's a conflict.
Your Docker images will end up on the local storage. If you use more than one system, you'll have copies on each system that you use.