Andrew makes a good point that, of course, not all options will be relevant to a particular image or use case. The script is aimed to check for "full" compatibility. Having some reported as missing is by no means a deal breaker.
Re nftables it's a very valid point as well. I too use nftables instead
of iptables and, in general, anything that dares touch my rules I will
either disable the option for it to do so or, if that's not possible,
swiftly eradicate it off my system with vengeance. I'm not a big fan of
how Docker manages netfilter rules so I too tend to disable that from
the config and, as Andrew said, it has been slow at adopting nftables.
It seems Docker is being developed with primary consideration for stable
(read archaic) distributions that have long release cycles.
If you use nftables at all - even via other software such as firewalld,
etc - Docker may or may not like that. Previously, though admitedly
quite a while ago, Docker just loved adding iptables rules in addition
to my nftables rules. Needless to say, that quickly became a mess.
nftables is _a lot_ easier to manage, even writing rules manually feels
a lot more intuitive. So I think the learning curve (at least in terms
of syntax) tends to be less steep IMO if you decide to go down that road
at some point.
Anyway, this probably wasn't a post of high contribution value haha
Keep us updated in case you encounter any issues!
Cheers,
Victor
On 17/05/2020 09:31, Peter Humphrey wrote:
> On Sunday, 17 May 2020 00:58:54 BST Andrew Udvare wrote:
>> On 16/05/2020 13:12, Peter Humphrey wrote:
>>> I can't find any of those. Any clues for the uninitiated?
>>
>> I am running Docker fine on 5.6.12 and I am missing a lot:
>
> --->8
>
>> In regards to NF options, I use nftables and I manage the firewall
>> manually for Docker (I set {"iptables": false} in
>> /etc/docker/daemon.json). Docker has been extremely slow at adopting
>> nftables.
>
> I'm still pretty much in the dark about setting up nftables and iptables in
> the kernel config. Not to worry, though; I dare say it'll become clearer in
> time.
>
>> You definitely do not need zfs installed to use Docker. This machine
>> doesn't have it.
>>
>> As Victor stated, CFQ is deprecated and gone and BFQ will work fine. And
>> the script is basically for Red Hat (or corporate) users who still use
>> iptables, CFQ, ext3 apparently, and a much older kernel.
>>
>> On my slightly stabler server (running 5.4.38), this is the output and
>> Docker still works fine. Again on that server I use nftables and manage
>> the firewall manually. The system has ext4 for its root and the rest of
>> it is ZFS.
>
> --->8
>
> Thanks gents. I'll just try it and see what happens.
>
signature.asc
Description: OpenPGP digital signature
