{"id":2394,"date":"2024-06-07T17:30:13","date_gmt":"2024-06-07T16:30:13","guid":{"rendered":"https:\/\/ryeroxley.com\/?p=2394"},"modified":"2024-06-12T10:46:41","modified_gmt":"2024-06-12T09:46:41","slug":"how-to-install-docker-on-jailmaker","status":"publish","type":"post","link":"https:\/\/ryeroxley.com\/index.php\/2024\/06\/07\/how-to-install-docker-on-jailmaker\/","title":{"rendered":"How to Install Docker on Jailmaker"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2394\" class=\"elementor elementor-2394\">\n\t\t\t\t<div class=\"elementor-element elementor-element-bbaad4b e-flex e-con-boxed e-con e-parent\" data-id=\"bbaad4b\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e883182 elementor-widget elementor-widget-text-editor\" data-id=\"e883182\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Summary<\/h2><p>This guide provides step-by-step instructions on how to install and configure Docker on Jailmaker. It includes setting up Docker, configuring network interfaces, and ensuring proper dataset organization and permissions. This guide is intended for users who are familiar with TrueNAS Scale and Docker.<\/p><h2>Table of Contents<\/h2><ol><li><a href=\"#prerequisites\" rel=\"noreferrer\">Prerequisites<\/a><\/li><li><a href=\"#dataset__creation\" rel=\"noreferrer\">Dataset Creation<\/a><\/li><li><a href=\"#setting-up-docker\" rel=\"noreferrer\">Setting Up Docker<\/a><\/li><li><a href=\"#troubleshooting\">Troubleshooting<\/a><\/li><li><a href=\"#setting-a-fixed-ip-address\">Setting a Fixed IP Address<\/a><\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-99e674e e-flex e-con-boxed e-con e-parent\" data-id=\"99e674e\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3eaadf8 elementor-widget elementor-widget-text-editor\" data-id=\"3eaadf8\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"prerequisites\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Prerequisites<\/h2><p>Before proceeding, ensure you have installed Jailmaker using the guide <a href=\"https:\/\/ryeroxley.com\/index.php\/2024\/06\/04\/how-to-install-jailmaker-on-truenas-scale\/\" target=\"_new\" rel=\"noreferrer\">here<\/a>.<br \/>You also need to know your network interface.<\/p><p><code><\/code><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-81161c2 e-flex e-con-boxed e-con e-parent\" data-id=\"81161c2\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-dc12a76 elementor-widget elementor-widget-text-editor\" data-id=\"dc12a76\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h4>Network Interface Identification<\/h4><ol><li>Navigate to the <strong>Network<\/strong> section in the TrueNAS Scale GUI.<\/li><li>Identify your network interface:<ul><li><strong>Simple Interface Example:<\/strong><ul><li>In this example the interface name: <strong>eno1<\/strong><\/li><\/ul><\/li><\/ul><\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2fcbfd6 e-flex e-con-boxed e-con e-parent\" data-id=\"2fcbfd6\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0cc67f7 elementor-widget elementor-widget-image\" data-id=\"0cc67f7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-4.webp\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"Network Interfaces Configuration\" data-elementor-lightbox-description=\"The image shows a network interfaces configuration screen with two interfaces listed: eno1 and eno2. The interface eno1 has an IP address of 192.168.0.20\/24, while eno2 has no IP address assigned. There are options to edit or refresh the settings for each interface.\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjM5NiwidXJsIjoiaHR0cHM6XC9cL3J5ZXJveGxleS5jb21cL3dwLWNvbnRlbnRcL3VwbG9hZHNcLzIwMjRcLzA2XC9pbWFnZS00LndlYnAifQ%3D%3D\">\n\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"230\" src=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-4-1024x230.webp\" class=\"attachment-large size-large wp-image-2396\" alt=\"Network interfaces configuration screen showing two interfaces, eno1 and eno2, with IP addresses listed for eno1.\" srcset=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-4-1024x230.webp 1024w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-4-300x68.webp 300w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-4-768x173.webp 768w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-4.webp 1422w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2b8e06f e-flex e-con-boxed e-con e-parent\" data-id=\"2b8e06f\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1066526 elementor-widget elementor-widget-text-editor\" data-id=\"1066526\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li style=\"list-style-type: none;\"><ul><li><strong>Bridge Interface Example:<\/strong><ul><li style=\"list-style-type: none;\"><ul><li>In this example the interface name: <strong>br0<\/strong><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-1296e5c e-flex e-con-boxed e-con e-parent\" data-id=\"1296e5c\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-388d03f elementor-widget elementor-widget-image\" data-id=\"388d03f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"955\" height=\"398\" src=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-5.webp\" class=\"attachment-large size-large wp-image-2397\" alt=\"Network interfaces management screen showing four interfaces with their names and statuses. One interface, br0, has an assigned IP address of 192.168.0.22\/24.\" srcset=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-5.webp 955w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-5-300x125.webp 300w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-5-768x320.webp 768w\" sizes=\"(max-width: 955px) 100vw, 955px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-8faf883 e-flex e-con-boxed e-con e-parent\" data-id=\"8faf883\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4a049e3 elementor-widget elementor-widget-text-editor\" data-id=\"4a049e3\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"dataset-creation\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Dataset Creation<\/h2><ol><li>Create datasets within the <strong>appdata<\/strong> pool for the app data.<ul><li><strong>Create Docker Dataset:<\/strong><ul><li>In the <code>appdata<\/code> pool, set up a Docker dataset for Docker data.<\/li><\/ul><\/li><li><strong>Create Additional Datasets:<\/strong><ul><li>Create datasets named <code>data<\/code> and <strong>stacks<\/strong> for Docker.<\/li><\/ul><\/li><li><strong>Setting Permissions<\/strong><ul><li>Set the permissions for the Docker datasets to user <strong>apps<\/strong> (UID 568) and group <strong>apps<\/strong> (UID 568) with group write privileges. Apply these settings recursively if necessary.<\/li><\/ul><\/li><\/ul><\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-39d8e54 e-flex e-con-boxed e-con e-parent\" data-id=\"39d8e54\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5059d42 elementor-widget elementor-widget-image\" data-id=\"5059d42\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1024\" height=\"482\" src=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-6-1024x482.webp\" class=\"attachment-large size-large wp-image-2398\" alt=\"Screenshot of a file management interface showing various datasets with their storage usage and encryption status.\" srcset=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-6-1024x482.webp 1024w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-6-300x141.webp 300w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-6-768x361.webp 768w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-6.webp 1203w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9d44aed e-flex e-con-boxed e-con e-parent\" data-id=\"9d44aed\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ea8a5e4 elementor-widget elementor-widget-text-editor\" data-id=\"ea8a5e4\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"setting-up-docker\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Setting Up Docker<\/h2><h4>Docker Template Code<\/h4><p>The Docker template code is stored in the <a href=\"https:\/\/github.com\/Jip-Hop\/jailmaker\" target=\"_new\" rel=\"noreferrer\" data-wplink-edit=\"true\">Jailmaker repository<\/a> under <code><strong>templates&gt;Docker&gt;config<\/strong><\/code>. Reproduced here:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-ff4fbbf e-flex e-con-boxed e-con e-parent\" data-id=\"ff4fbbf\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-05751a1 elementor-widget elementor-widget-code-block-for-elementor\" data-id=\"05751a1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-block-for-elementor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<pre class='line-numbers theme-okaidia' data-show-toolbar='yes'><code class='language-javascript'>startup=0\ngpu_passthrough_intel=0\ngpu_passthrough_nvidia=0\n# Turning off seccomp filtering improves performance at the expense of security\nseccomp=1\n\n# Use macvlan networking to provide an isolated network namespace,\n# so docker can manage firewall rules\n# Alternatively use --network-macvlan=eno1 instead of --network-bridge\n# Ensure to change eno1\/br1 to the interface name you want to use\n# You may want to add additional options here, e.g. bind mounts\nsystemd_nspawn_user_args=--network-bridge=br1\n    --resolv-conf=bind-host\n    --system-call-filter=&#039;add_key keyctl bpf&#039;\n\n# Script to run on the HOST before starting the jail\n# Load kernel module and config kernel settings required for docker\npre_start_hook=#!\/usr\/bin\/bash\n    set -euo pipefail\n    echo &#039;PRE_START_HOOK&#039;\n    echo 1 &gt; \/proc\/sys\/net\/ipv4\/ip_forward\n    modprobe br_netfilter\n    echo 1 &gt; \/proc\/sys\/net\/bridge\/bridge-nf-call-iptables\n    echo 1 &gt; \/proc\/sys\/net\/bridge\/bridge-nf-call-ip6tables\n\n# Only used while creating the jail\ndistro=debian\nrelease=bookworm\n\n# Install docker inside the jail:\n# https:\/\/docs.docker.com\/engine\/install\/debian\/#install-using-the-repository\n# Will also install the NVIDIA Container Toolkit if gpu_passthrough_nvidia=1 during initial setup\n# https:\/\/docs.nvidia.com\/datacenter\/cloud-native\/container-toolkit\/latest\/install-guide.html\ninitial_setup=#!\/usr\/bin\/bash\n    set -euo pipefail\n\n    apt-get update &amp;&amp; apt-get -y install ca-certificates curl\n    install -m 0755 -d \/etc\/apt\/keyrings\n    curl -fsSL https:\/\/download.docker.com\/linux\/debian\/gpg -o \/etc\/apt\/keyrings\/docker.asc\n    chmod a+r \/etc\/apt\/keyrings\/docker.asc\n\n    echo \\\n    &quot;deb [arch=$(dpkg --print-architecture) signed-by=\/etc\/apt\/keyrings\/docker.asc] https:\/\/download.docker.com\/linux\/debian \\\n    $(. \/etc\/os-release &amp;&amp; echo &quot;$VERSION_CODENAME&quot;) stable&quot; | \\\n    tee \/etc\/apt\/sources.list.d\/docker.list &gt; \/dev\/null\n    \n    apt-get update\n    apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin\n    \n    # The \/usr\/bin\/nvidia-smi will be present when gpu_passthrough_nvidia=1\n    if [ -f \/usr\/bin\/nvidia-smi ]; then\n        curl -fsSL https:\/\/nvidia.github.io\/libnvidia-container\/gpgkey -o \/etc\/apt\/keyrings\/nvidia.asc\n        chmod a+r \/etc\/apt\/keyrings\/nvidia.asc\n        curl -s -L https:\/\/nvidia.github.io\/libnvidia-container\/stable\/deb\/nvidia-container-toolkit.list | \\\n        sed &#039;s#deb https:\/\/#deb [signed-by=\/etc\/apt\/keyrings\/nvidia.asc] https:\/\/#g&#039; | \\\n        tee \/etc\/apt\/sources.list.d\/nvidia-container-toolkit.list\n\n        apt-get update\n        apt-get install -y nvidia-container-toolkit\n\n        nvidia-ctk runtime configure --runtime=docker\n        systemctl restart docker\n    fi\n\n    docker info\n\n# You generally will not need to change the options below\nsystemd_run_default_args=--property=KillMode=mixed\n    --property=Type=notify\n    --property=RestartForceExitStatus=133\n    --property=SuccessExitStatus=133\n    --property=Delegate=yes\n    --property=TasksMax=infinity\n    --collect\n    --setenv=SYSTEMD_NSPAWN_LOCK=0\n\nsystemd_nspawn_default_args=--keep-unit\n    --quiet\n    --boot\n    --bind-ro=\/sys\/module\n    --inaccessible=\/sys\/module\/apparmor\n<\/code><\/pre>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d0666bd e-flex e-con-boxed e-con e-parent\" data-id=\"d0666bd\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7d8df5f elementor-widget elementor-widget-text-editor\" data-id=\"7d8df5f\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"create-and-edit-the-template\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3>Create and Edit the Template<\/h3><ol><li>At a command prompt enter <strong>jlmkr create<\/strong> and provide your password if necessary.<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-096c5c9 elementor-widget elementor-widget-image\" data-id=\"096c5c9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-7.webp\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"Command Prompt Creating Jail on TrueNAS\" data-elementor-lightbox-description=\"The PuTTY terminal window shows a command prompt where the user has initiated the command jlmkr create. A warning message is displayed in yellow text: &quot;USE THIS SCRIPT AT YOUR OWN RISK! IT COMES WITHOUT WARRANTY AND IS NOT SUPPORTED BY IXSYSTEMS.&quot; Below the warning, the terminal prompts the user with &quot;Do you wish to create a jail from a config template? [y\/N]&quot;. The screen captures the initial stages of jail creation on a TrueNAS system.\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjQxMSwidXJsIjoiaHR0cHM6XC9cL3J5ZXJveGxleS5jb21cL3dwLWNvbnRlbnRcL3VwbG9hZHNcLzIwMjRcLzA2XC9pbWFnZS03LndlYnAifQ%3D%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"993\" height=\"246\" src=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-7.webp\" class=\"attachment-large size-large wp-image-2411\" alt=\"A terminal window showing a command prompt with the text &quot;admin@truenas20[~]$ jlmkr create&quot; followed by a request for the sudo password and a warning message in yellow.\" srcset=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-7.webp 993w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-7-300x74.webp 300w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-7-768x190.webp 768w\" sizes=\"(max-width: 993px) 100vw, 993px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-4a4ba7a e-flex e-con-boxed e-con e-parent\" data-id=\"4a4ba7a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e75fab6 elementor-widget elementor-widget-text-editor\" data-id=\"e75fab6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ol start=\"2\"><li>Enter <strong>y &lt;Enter&gt;<\/strong> followed by <strong>Enter<\/strong>.<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-a522084 e-flex e-con-boxed e-con e-parent\" data-id=\"a522084\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-98509b9 elementor-widget elementor-widget-image\" data-id=\"98509b9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-8.webp\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"Creating a Jail in TrueNAS via Terminal\" data-elementor-lightbox-description=\"The screenshot captures a terminal window on a TrueNAS system with the command &quot;jail create&quot; executed. A prominent warning message in yellow text advises the user to use the script at their own risk, noting that it is unsupported by IXSYSTEMS. The user is then prompted to create a jail from a config template, with options to respond with &#039;y&#039; or &#039;n&#039;. Instructions are provided to copy, paste, save, and close the config template using a text editor that will open upon pressing Enter. The cursor is positioned at the bottom, indicating readiness for the next command.\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjQxMiwidXJsIjoiaHR0cHM6XC9cL3J5ZXJveGxleS5jb21cL3dwLWNvbnRlbnRcL3VwbG9hZHNcLzIwMjRcLzA2XC9pbWFnZS04LndlYnAifQ%3D%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"834\" height=\"290\" src=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-8.webp\" class=\"attachment-large size-large wp-image-2412\" alt=\"Screenshot of a terminal window showing the process to create a jail in TrueNAS. The command &quot;jail create&quot; is entered, followed by a warning message about using the script at your own risk and a prompt to create a jail from a config template.\" srcset=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-8.webp 834w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-8-300x104.webp 300w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-8-768x267.webp 768w\" sizes=\"(max-width: 834px) 100vw, 834px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-8964b92 e-flex e-con-boxed e-con e-parent\" data-id=\"8964b92\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7344cb5 elementor-widget elementor-widget-text-editor\" data-id=\"7344cb5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ol start=\"3\"><li>Paste the template code from above.<\/li><li>Change <strong>startup=0<\/strong> to <strong>startup=1<\/strong>.<\/li><li>Edit the network bridge line to match your interface:<ul><li>For simple interface: <strong>systemd_nspawn_user_args=&#8211;network-macvlan=eno1<\/strong><\/li><li>For bridge network: <strong>systemd_nspawn_user_args=&#8211;network-bridge=br0<\/strong><\/li><\/ul><\/li><li>If using a GPU and need this available within Docker, set the appropriate variable to <strong>1<\/strong>:<ul><li><strong>gpu_passthrough_intel=1<\/strong> or <strong>gpu_passthrough_nvidia=1<\/strong><\/li><\/ul><\/li><li>After editing, press <strong>CTRL+X<\/strong> followed by <strong>y<\/strong> and <strong>Enter<\/strong>.<\/li><li>Name the jail <strong>docker<\/strong> and press <strong>y<\/strong> to start the jail.<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-eb687dd e-flex e-con-boxed e-con e-parent\" data-id=\"eb687dd\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-a140131 elementor-widget elementor-widget-image\" data-id=\"a140131\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-9.webp\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"Terminal Commands for TrueNAS Jail Creation\" data-elementor-lightbox-description=\"The image shows a terminal window with several commands being executed on a TrueNAS system. The commands include navigating through directories, sourcing the .zshrc file, listing existing jails, and initiating the creation of a new jail named &quot;docker.&quot; A warning message about using the script at one&#039;s own risk is highlighted in yellow.\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjQxMywidXJsIjoiaHR0cHM6XC9cL3J5ZXJveGxleS5jb21cL3dwLWNvbnRlbnRcL3VwbG9hZHNcLzIwMjRcLzA2XC9pbWFnZS05LndlYnAifQ%3D%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"848\" height=\"665\" src=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-9.webp\" class=\"attachment-large size-large wp-image-2413\" alt=\"A terminal window displaying a series of commands executed on a TrueNAS system, including navigation through directories, sourcing a file, listing jails, and creating a new jail named &quot;docker.&quot;\" srcset=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-9.webp 848w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-9-300x235.webp 300w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-9-768x602.webp 768w\" sizes=\"(max-width: 848px) 100vw, 848px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-ad7db77 e-flex e-con-boxed e-con e-parent\" data-id=\"ad7db77\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-94e84e3 elementor-widget elementor-widget-text-editor\" data-id=\"94e84e3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ol start=9>\n \t<li>The script will download the necessary files and unpack them to create a Debian jail.<\/li>\n<\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-6f45734 e-flex e-con-boxed e-con e-parent\" data-id=\"6f45734\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e336cae elementor-widget elementor-widget-text-editor\" data-id=\"e336cae\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"troubleshooting\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Troubleshooting<\/h2><ol><li>If the jail fails to start, review the network configuration by editing the config file:<ul><li><strong>jlmkr edit docker<\/strong><\/li><li>Restart the jail: <strong>jlmkr restart docker<\/strong><\/li><\/ul><\/li><li>To list running jails: <strong>jlmkr list<\/strong><\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-0195de0 e-flex e-con-boxed e-con e-parent\" data-id=\"0195de0\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-be716d8 elementor-widget elementor-widget-image\" data-id=\"be716d8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-10.webp\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"TrueNAS Jail List Command Output\" data-elementor-lightbox-description=\"The image shows a terminal window with the result of the &quot;jlmkr list&quot; command executed on a TrueNAS system. It lists a jail named &quot;docker&quot; with attributes such as running status (True), startup status (True), GPU_INTEL (False), GPU_NVIDIA (False), operating system (debian 12), and IP address (192.168.0.190...).\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjQyMCwidXJsIjoiaHR0cHM6XC9cL3J5ZXJveGxleS5jb21cL3dwLWNvbnRlbnRcL3VwbG9hZHNcLzIwMjRcLzA2XC9pbWFnZS0xMC53ZWJwIn0%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"968\" height=\"159\" src=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-10.webp\" class=\"attachment-large size-large wp-image-2420\" alt=\"A terminal window showing the output of the &quot;jlmkr list&quot; command on a TrueNAS system, listing a jail named &quot;docker&quot; with various attributes.\" srcset=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-10.webp 968w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-10-300x49.webp 300w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-10-768x126.webp 768w\" sizes=\"(max-width: 968px) 100vw, 968px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-c29d29a e-flex e-con-boxed e-con e-parent\" data-id=\"c29d29a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c6370b6 elementor-widget elementor-widget-text-editor\" data-id=\"c6370b6\" data-element_type=\"widget\" data-e-type=\"widget\" id=\"setting-a-fixed-ip-address\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>Setting a Fixed IP Address<\/h2><p>There are several ways of doing this but my preference is to use a static lease reservation in my DHCP server using the MAC address provided by <strong>ip addr<\/strong>.<\/p><ol><li>Find the jail&#8217;s IP address with <strong>ip addr.<\/strong><\/li><li>Find the MAC address provided by the output of <strong>ip addr<\/strong> (see below)<\/li><li>Set DHCP reservation for the MAC address to your prefered IP address.<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-918dda7 e-flex e-con-boxed e-con e-parent\" data-id=\"918dda7\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-6de998a elementor-widget elementor-widget-image\" data-id=\"6de998a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-11.webp\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"Network Interface Details for Docker Jail on TrueNAS\" data-elementor-lightbox-description=\"The image displays a terminal window where the user connects to the &quot;docker&quot; jail on a TrueNAS system using the &quot;jlmkr shell docker&quot; command. The subsequent &quot;ip addr&quot; command reveals details of network interfaces, including loopback (lo), mv-enol, and docker0, showing their respective IP addresses, link states, and configurations. The output includes IPv4 and IPv6 addresses and indicates the state of each network interface.\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjQyMSwidXJsIjoiaHR0cHM6XC9cL3J5ZXJveGxleS5jb21cL3dwLWNvbnRlbnRcL3VwbG9hZHNcLzIwMjRcLzA2XC9pbWFnZS0xMS53ZWJwIn0%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"437\" src=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-11-1024x437.webp\" class=\"attachment-large size-large wp-image-2421\" alt=\"A terminal window showing the execution of the &quot;jlmkr shell docker&quot; command on a TrueNAS system, followed by network interface details obtained through the &quot;ip addr&quot; command.\" srcset=\"https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-11-1024x437.webp 1024w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-11-300x128.webp 300w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-11-768x328.webp 768w, https:\/\/ryeroxley.com\/wp-content\/uploads\/2024\/06\/image-11.webp 1353w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Summary This guide provides step-by-step instructions on how to install and configure Docker on Jailmaker. It includes setting up Docker, configuring network interfaces, and ensuring proper dataset organization and permissions. This guide is intended for users who are familiar with TrueNAS Scale and Docker. Table of Contents Prerequisites Dataset Creation Setting Up Docker Troubleshooting Setting [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[27,7],"tags":[],"class_list":["post-2394","post","type-post","status-publish","format-standard","hentry","category-jailmaker","category-truenas-scale"],"_links":{"self":[{"href":"https:\/\/ryeroxley.com\/index.php\/wp-json\/wp\/v2\/posts\/2394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ryeroxley.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ryeroxley.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ryeroxley.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ryeroxley.com\/index.php\/wp-json\/wp\/v2\/comments?post=2394"}],"version-history":[{"count":27,"href":"https:\/\/ryeroxley.com\/index.php\/wp-json\/wp\/v2\/posts\/2394\/revisions"}],"predecessor-version":[{"id":2447,"href":"https:\/\/ryeroxley.com\/index.php\/wp-json\/wp\/v2\/posts\/2394\/revisions\/2447"}],"wp:attachment":[{"href":"https:\/\/ryeroxley.com\/index.php\/wp-json\/wp\/v2\/media?parent=2394"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ryeroxley.com\/index.php\/wp-json\/wp\/v2\/categories?post=2394"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ryeroxley.com\/index.php\/wp-json\/wp\/v2\/tags?post=2394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}