Use docker-compose on TrueNAS SCALE 22.12 (Bluefin) without Kubernetes

readme.md

⚠️ In October 2023, TrueNAS SCALE Cobia will be released. At that time, ix-systems is making the switch to containerd and Docker will be removed. While it may remain possible to enable apt and install docker, I have no plans to do so here.

However, there is an alternative way of running docker, based on systemd-nspawn now available for testing!

enable-docker.sh

#!/usr/bin/env bash

#
# Enable docker and docker-compose on TrueNAS SCALE (no Kubernetes)
#
# This script is a hack! Use it at your own risk!!
# Using this script to enable Docker is NOT SUPPORTED by ix-systems!
# You CANNOT use SCALE Apps while using this script!
#
# 1  Create a dedicated Docker dataset in one of your zpools
# 2  Save this script somewhere else on your zpool, not in the Docker dataset
# 3  Edit line 20 of the script, set a path to the Docker dataset you created
# 4  You can now start Docker by running the script from the SCALE console
#
# For these changes to persist after SCALE reboots and upgrades, run the script at start-up
#   Schedule this script to run via System Settings -> Advanced -> Init/Shutdown Scripts
#   Click Add -> Type: Script and choose this script -> When: choose to run as Post Init

## Set a path to your docker dataset
docker_dataset='/mnt/tank/docker'


## HEREDOC: docker/daemon.json
read -r -d '' JSON << END_JSON
{
  "data-root": "${docker_dataset}",
  "storage-driver": "overlay2",
  "exec-opts": [
    "native.cgroupdriver=cgroupfs"
  ]
}
END_JSON

## path to docker daemon file
docker_daemon='/etc/docker/daemon.json'

if [ ${EUID} -ne 0 ]; then
  echo "Please run this script as root or using sudo"
elif [ "$(systemctl is-enabled k3s)" == "enabled" ]; then
  echo "You can not use this script while k3s is enabled"
elif [ "$(systemctl is-active k3s)" == "active" ]; then
  echo "You can not use this script while k3s is active"
elif ! which docker &> /dev/null; then
  echo "Docker executable not found"
elif ! chmod +x /usr/bin/docker-compose &> /dev/null; then
  echo "Failed to make docker-compose executable"
elif ! install -d -m 755 -- /etc/docker &> /dev/null; then
  echo "Failed to install directory: /etc/docker"
elif ! zfs list "${docker_dataset}" &> /dev/null; then
  echo "Dataset not found: ${docker_dataset}"
else
  echo "Checking file: ${docker_daemon}"
  if test "${JSON}" != "$(cat ${docker_daemon} 2> /dev/null)"; then
    echo "Updating file: ${docker_daemon}"
    jq -n "${JSON}" > ${docker_daemon}
    if [ "$(systemctl is-active docker)" == "active" ]; then
      echo "Restarting Docker"
      systemctl restart docker
    elif [ "$(systemctl is-enabled docker)" != "enabled" ]; then
      echo "Enable and starting Docker"
      systemctl enable --now docker
    fi
  fi
fi

NAS-109044 / 23.10 / Remove docker from build

As long as they don't remove apt, we're good, and even then we could bring it back. I don't see what all the fuss is about, so they'll remove it, it's still a Linux machine, you can do pretty much anything you wish (as long as you don't expect iX to support you after that)

Yeah. besides making 100% clear it's a hack and you cannot expect anyone to help you if it breaks... there literally is no change really..

I think we all got the point already (docker is being removed) but for the record, here is the definitive commit 💀

• truenas/middleware@0049cb1

Jip-Hop and I are having fun with systemd-nspawn (i.e. "chroot on steroids") over here; come join us if you like and help shape it up :) I just figured out how to get Nvidia passthrough working with it (documented in the Gist thread).

Plenty of time until 23.10 hits release but this looks like it could be a good alternative to "roll your own docker on Scale".

Since I see Ornias has popped up here (they are like Beetlejuice, say "TrueNAS Scale Docker" 3 times and they show up) I will state what should be perfectly obvious: This is all at your own risk, you could easily damage your Scale install if you don't know what you are doing, or for that matter even if you do, in fact this could burn your house down and kill all your neighbors pets (at the same time) so, you know, proceed with caution.

Since I see Ornias has popped up here (they are like Beetlejuice, say "TrueNAS Scale Docker" 3 times and they show up)

I've been here and on the previous gist since November 2021.
And I also don't "pop-up", I've been following important projects on SCALE (from iX and others) long before you knew it even existed. (prior to official announcement)

My friend, again and again you continue to miss it.....

I got the joke.

Nice warning on top of this page now. 🙂 I'd say the alternative based on systemd-nspawn is ready for more testing! 😄

Please vote for this issue: Support for systemd-nspawn Linux Containers (jails for SCALE).

Hi. First of all, thanks for this! I've never used TrueChart's docker compose, but I believe you all when you say that running it natively is better 😄

I'm wondering if it is possible to enable "Intel Low-Power H.264 hardware encoder" in Jellyfin deployed using docker compose set-up this way?

According to Jellyfin’s documentation, some setting up is required (Debian/Ubuntu: Brainiarc7’s gist)

On Debian-based distributions:

Simply run:

sudo update-initramfs
update-grub

Then reboot.

Your modern Intel HD Graphics processor graphics will work just fine.

You can also add this to: /etc/modprobe.d/i915.conf

In the following syntax:

options i915 enable_guc=3

Other safe options to pass are enable_fbc=1.

I tried the two commands both in my docker container and on the host OS.

My docker container complained it doesn't understand update-initramfs.

Here's what my TrueNAS Scale says:

$ sudo update-initramfs -u
update-initramfs: Generating /boot/initrd.img-5.15.79+truenas
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
cryptsetup: ERROR: Couldn't resolve device boot-pool/ROOT/22.12.0
cryptsetup: WARNING: Couldn't determine root device
$ update-grub
-bash: update-grub: command not found

Any help/hints appreciated!

Hi. First of all, thanks for this! I've never used TrueChart's docker compose, but I believe you all when you say that running it natively is better 😄

I'm wondering if it is possible to enable "Intel Low-Power H.264 hardware encoder" in Jellyfin deployed using docker compose set-up this way?

According to Jellyfin’s documentation, some setting up is required (Debian/Ubuntu: Brainiarc7’s gist)

On Debian-based distributions:
Simply run:

sudo update-initramfs
update-grub

Then reboot.
Your modern Intel HD Graphics processor graphics will work just fine.
You can also add this to: /etc/modprobe.d/i915.conf
In the following syntax:

options i915 enable_guc=3

Other safe options to pass are enable_fbc=1.

I tried the two commands both in my docker container and on the host OS.

My docker container complained it doesn't understand update-initramfs.

Here's what my TrueNAS Scale says:

$ sudo update-initramfs -u
update-initramfs: Generating /boot/initrd.img-5.15.79+truenas
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
grep: /etc/initramfs-tools/modules: No such file or directory
cryptsetup: ERROR: Couldn't resolve device boot-pool/ROOT/22.12.0
cryptsetup: WARNING: Couldn't determine root device
$ update-grub
-bash: update-grub: command not found

Any help/hints appreciated!

This needs to be supported by the host kernel, and as you've discovered Ix Systems strips out most build tools/etc. from SCALE (it's not intended to function as standalone Debian distro). You'll need to ask on the Truenas forums/JIRA if this is possible to enable.

All that said have you already tried it and seen it fail? The Bluefin kernel (i.e. the latest production release of SCALE) added support for newer Intel processors as well as newer power efficiency modes. You may not need to do this step in the first place.

First off:
This is not "running natively" it runs in something that is in between a container and chroot.
Don't blindly believe things that are not actually proven/tested ;-)

Second:
You never can update the kernel (initramfs) in a container, not in this one and not in a docker container either.
No, iX is never going to enable you to run kernelmodifications lol.

All that said have you already tried it and seen it fail? The Bluefin kernel (i.e. the latest production release of SCALE) added support for newer Intel processors as well as newer power efficiency modes. You may not need to do this step in the first place.

Thanks for responding! Yeah, it didn't work out-of-the-box for me. Oh well, despite what people are saying about the prowess Intel QuickSync, I'm finding that the P2000 is transcodes at a much higher frame rate than my i3-9100, so I'm switching to using nvenc instead and have stopped playing around with IQSV.

First off: This is not "running natively" it runs in something that is in between a container and chroot. Don't blindly believe things that are not actually proven/tested ;-)

Second: You never can update the kernel (initramfs) in a container, not in this one and not in a docker container either. No, iX is never going to enable you to run kernelmodifications lol.

Thanks for responding! I see! Very useful to know. Looks like we'll be at the mercy of TrueNAS for a few things then!

Just updated to Bluefin. I deleted my docker dataset and set up the enable-docker script (modified to add nvidia runtime etc), then performed the update. Upon reboot I manually launched portainer, then I brought up each one of my stacks one by one. Nice byproduct is it forced me to grab all the latest images. Feels great to no longer have all of those ghost snapshots with the overlay2 driver. Things feel a bit more solid/snappier over all. I've also upgraded from Jellyfin to Emby and it picked up my 1050ti right away. Emby is running so fast and smooth it's unbelievable, feels better than Netflix Disney+ etc. Seafile, NGINX manager, ARRs, guacamole, emby, joplin, transmission_ovpn are running rock solid and fast also (off an old SATA SSD). Oh and 2 VMs for VS code-server (with hack to access the M$ extension store). All on a 10 year old CPU with 20gb of mismatched ram. I've looked at OMV, Unraid, Synology, Xpenology etc etc and this setup is 1000% the best NAS + Docker + Media Server solution period. They can completely butcher and cripple Cobia and try to block docker (they can't) blah blah, and I can die happy with this Bluefin setup.

To be clear: The performance things you see is not likely related to the docker setup you did.
Also: Cobia is not going to be "butchered" or "crippled", they just removed something they are not using anymore for the kubernetes stack.

Just because that might or might not affect you for hacks like these, doesn't mean it was intended for fuck with people using docker.
That being said: With docker removed, it should be safer now to run docker by installing it via apt-get :)

Why? Because iX isn't using it anymore, so less chance of potential conflicts!

It seems this no longer works with TrueNAS SCALE 22.12.1. Anyone has any tips on how to make it work?

It seems this no longer works with TrueNAS SCALE 22.12.1. Anyone has any tips on how to make it work?

Create empty /etc/docker.env file.

People also experiencing issues with SMB shared host paths breaking plex arrs etc. Welp I guess we didn’t have to wait til Cobia for them to butcher it and guess i’m never updating lol.

People also experiencing issues with SMB shared host paths breaking plex arrs etc. Welp I guess we didn’t have to wait til Cobia for them to butcher it and guess i’m never updating lol.

There is nothing new being butchered. Bluefin hostPath validation existed since bluefin launch.

People also experiencing issues with SMB shared host paths breaking plex arrs etc. Welp I guess we didn’t have to wait til Cobia for them to butcher it and guess i’m never updating lol.

There is nothing new being butchered.
Bluefin hostPath validation existed since bluefin launch.

Ok let me be more clear: a hostpath volume under a shared dataset would pass validation under 22.12.0, this “bug” was “fixed” in 22.12.1. This breaks 99% of people’s plex/emby/jellyfin configurations.

People also experiencing issues with SMB shared host paths breaking plex arrs etc. Welp I guess we didn’t have to wait til Cobia for them to butcher it and guess i’m never updating lol.

There is nothing new being butchered.
Bluefin hostPath validation existed since bluefin launch.

Ok let me be more clear: a hostpath volume under a shared dataset would pass validation under 22.12.0, this “bug” was “fixed” in 22.12.1. This breaks 99% of people’s plex/emby/jellyfin configurations.

This was warned against by me on SO MANY places, it was in fact a bug and never intended to work. It was fixed a week or so after release of Bluefin even.

Ok i’ll keep my buggy 22.12.0 and warn others to do the same, thanks.

Ok i’ll keep my buggy 22.12.0 and warn others to do the same, thanks.

It's one of the reasons I build NFS support into truecharts. Works flawlessly for media libraries for most of our users.

Docker inside a jail made with jailmaker survived the update to 22.12.1 without any issues. I've also never ran into host path validation. I have nextcloud use the same local path I use for my SMB shares.

People also experiencing issues with SMB shared host paths breaking plex arrs etc. Welp I guess we didn’t have to wait til Cobia for them to butcher it and guess i’m never updating lol.

There is nothing new being butchered.
Bluefin hostPath validation existed since bluefin launch.

Ok let me be more clear: a hostpath volume under a shared dataset would pass validation under 22.12.0, this “bug” was “fixed” in 22.12.1. This breaks 99% of people’s plex/emby/jellyfin configurations.

Hostpath validation shouldn’t matter for folks using this or other docker workarounds. 22.12.1 works fine with Jip-Hops Jailmaker. I personally use Plex, Emby, and several arrs with this setup.

It seems this no longer works with TrueNAS SCALE 22.12.1. Anyone has any tips on how to make it work?

Create empty /etc/docker.env file.

You're a genius! Thank you!

Do you mind explaining why this works? Noob here.

It seems this no longer works with TrueNAS SCALE 22.12.1. Anyone has any tips on how to make it work?

Create empty /etc/docker.env file.

You're a genius! Thank you!

Do you mind explaining why this works? Noob here.

Sure.

Take a you look in /etc/systemd/system/docker.service.d/override.conf and you'll see this
EnvironmentFile=/etc/docker.env

Docker service will fail to start if the file is missing with the following error
docker.service: Failed to load environment files: No such file or directory

You can see the log with command journalctl -u docker.service

It seems this no longer works with TrueNAS SCALE 22.12.1. Anyone has any tips on how to make it work?

Create empty /etc/docker.env file.

Do the contents of /etc get reset on the next upgrade?

This should probably be added to the enable-docker.sh script:

touch /etc/docker.env

It seems this no longer works with TrueNAS SCALE 22.12.1. Anyone has any tips on how to make it work?

Create empty /etc/docker.env file.

Do the contents of /etc get reset on the next upgrade?

This should probably be added to the enable-docker.sh script:

touch /etc/docker.env

I believe this is the case.

It seems this no longer works with TrueNAS SCALE 22.12.1. Anyone has any tips on how to make it work?

Create empty /etc/docker.env file.

You're a genius! Thank you!
Do you mind explaining why this works? Noob here.

Sure.

Take a you look in /etc/systemd/system/docker.service.d/override.conf and you'll see this EnvironmentFile=/etc/docker.env

Docker service will fail to start if the file is missing with the following error docker.service: Failed to load environment files: No such file or directory

You can see the log with command journalctl -u docker.service

Thank you.

When I checked /etc/systemd/system/docker.service.d/override.conf the only thing inside was LimitCORE=1. The journalclt info I confess that it's hard for me to understand much but I did see docker.service: Failed to load environment files: No such file or directory just didn't have a clue how to solve that. I guess I learned something new today.

I have a similar though more simple script to make this all work and I'm also thinking about adding the touch /etc/docker.env bit to it.

It seems this no longer works with TrueNAS SCALE 22.12.1. Anyone has any tips on how to make it work?

Create empty /etc/docker.env file.

You're a genius! Thank you!
Do you mind explaining why this works? Noob here.

Sure.
Take a you look in /etc/systemd/system/docker.service.d/override.conf and you'll see this EnvironmentFile=/etc/docker.env
Docker service will fail to start if the file is missing with the following error docker.service: Failed to load environment files: No such file or directory
You can see the log with command journalctl -u docker.service

Thank you.

When I checked /etc/systemd/system/docker.service.d/override.conf the only thing inside was LimitCORE=1. The journalclt info I confess that it's hard for me to understand much but I did see docker.service: Failed to load environment files: No such file or directory just didn't have a clue how to solve that. I guess I learned something new today.

I have a similar though more simple script to make this all work and I'm also thinking about adding the touch /etc/docker.env bit to it.

Did this work for you?