Portainer: [Feature Request] A field to add options for docker run/create

@ncresswell what's your position on this evo?

I think it might be useful for a limited number of users. Maybe poll for interest.

A simple free text area under advanced settings where the user can type in the option as syntax "--option=setting" would be how i would see this, but again, IMO only useful for maybe 1% of users.

Rgds,

Neil Cresswell

On 14/02/2017, at 9:22 AM, Anthony Lapenna <[email protected]notifications@github.com> wrote:

@ncresswellhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_ncresswell&d=DQMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=saZGjGslr-Jxyt5Rb0rCDlVUbfBroags7iKlZ3g7YrY&s=BAOdT7Srn8w4mLKkZYydN79vAD1sYq-D7jCcBw70xqE&e= what's your position on this evo?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_portainer_portainer_issues_597-23issuecomment-2D279510662&d=DQMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=saZGjGslr-Jxyt5Rb0rCDlVUbfBroags7iKlZ3g7YrY&s=4VFHsi0ErZeQOMF5QoiZ0N7puNdrQj3MXPJRRPCXHtA&e=, or mute the threadhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AWGrlf2HMC-5FVKj1fAnJpz4ym3G-2DxAAWlks5rcLt3gaJpZM4L-5FQSd&d=DQMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=saZGjGslr-Jxyt5Rb0rCDlVUbfBroags7iKlZ3g7YrY&s=8Uspt91MgYztg2WxcxOQdfoEz9uE8ebYeeYmByX-plM&e=.

I think this would be a great addition. Especially if this will also be added to the swarm-mode service create
At this moment i still have to create services trough ssh since i need to give the --with-registry-auth since my images are in a private registry.

I think too this would be a great addition, for support this case : https://github.com/portainer/portainer/issues/329#issuecomment-288742821

I think it's complicated to implement, portainer just forward api calls to docker API
So it's not "docker client" options that we can add, but "docker api" fields
And functions like "docker --rm" are only available on client, not on API

Good point about the API, didn't think about that ...
Looking at the API right now (assuming it's this one: https://docs.docker.com/engine/api/v1.26/#operation/ContainerCreate) they support a lot ("StopTimeout", "AutoRemove", "Links" etc.) but it's true that it's more complicated than just a single text input as it require to be formatted based on the API specs.

OK, well how about to start with, we just add a few (dropdown select box). This way we extend portainer to support these extra runtimes, but we dont have to parse to find the API... rather, we support 4-5 now.

Isnt that what i suggested?

Either way, agree..

Rgds,

Neil Cresswell

On 10/05/2017, at 1:08 PM, Anthony Lapenna <[email protected]notifications@github.com> wrote:

OK, well how about to start with, we just add a few (dropdown select box). This way we extend portainer to support these extra runtimes, but we dont have to parse to find the API... rather, we support 4-5 now.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_portainer_portainer_issues_597-23issuecomment-2D300384150&d=DQMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=-8xLgYA1lK63RgHS9YrwyyrSVIZxLEa0kdjW1KjT0cg&s=lQthyfWrKLWYek7tjYnDRZ4OW8gU4Eicu4r033p9ejU&e=, or mute the threadhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AWGrlZUhBXWCAET-5F59tIa9WjegbzW27oks5r4VRpgaJpZM4L-5FQSd&d=DQMFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=-8xLgYA1lK63RgHS9YrwyyrSVIZxLEa0kdjW1KjT0cg&s=myb9dNkyE-N4c11XHz6AkDx5s8vrGHZoJ2sIis1lwa4&e=.

Yes it is, I just relocated the suggestion inside this issue (the other one is closed and marked as duplicate).

For capadd capdrop, it's link to #468

Any decision on this request?

It's essential for me as well - in my case I was looking for "--shm-size" ("ShmSize") and "--cpu-shares" ("CpuShares").

It's not something that most users would need - though I think it's way more than 1% that would - but it's a showstopper for those that do. Even with the API constraints it can be a reasonably simple implementation: a single text field that accepts a JSON doc to be merged into HostConfig ("_Advanced_ advanced container settings"). That or a key-value map for just the top-level keys (would need to do a bit of data type detection).

I just started using Portainer and really like, the fewer containers I have to create command line, the better!

No real decision here, my point of view is that all docker run options should be available inside the container creation view. It's just a matter of UX/UI design. You might want to open a feature request for these options.

+1 I would need --security-opts for enabling group managed service account on windows containers.

Well @deviantony I just want to add a comment from my side concerning free defineable additional options. Basically I like the idea of having a line where to enter some more parameters portainer is not offering a solution yet for to specify them. Especially I was looking for the "--rm" option.

We are running your portainer project in our embedded device https://www.netiot.com/netpi/ and customer requests me to offer openVPN too for it. I found an exisiting container https://hub.docker.com/r/kylemanna/openvpn/ that has been pulled meanwhile 60Mio+ times (so not a 1% demand) and if you dig into details you will find that this openVPN container needs to be called multiple times first to create all the certificates (outputting them in a specified volume). The final call then is starting the server along with the volume where the certificates are located. With the clean option "--rm" the first containers all remove themselve (when I am using docker with command line on my raspberry) and you can start right away with another instance. On our device using portainer, customers need to remove the stopped containers manually cause --rm cannot be addressed.
Just to let you know how real life can be ...

Any news here? I would need the —dns option.

+1 This would also be very useful for me.

I would like to be able to specify --privileged when creating Services.

@Payden-Pringle You can already do this. Go in the Runtime & Resources Tab ->

I landed here looking for a way to add --volumes-from $othercontainer

Maybe I'm just completely missing it but I can't even find it after searching the docs and google for 20 minutes.

We do not support this.. we only support bind mounts, or named volumes.

From: Helmi [mailto:[email protected]]
Sent: Tuesday, 11 September 2018 4:44 AM
To: portainer/portainer portainer@noreply.github.com
Cc: Neil Cresswell neil@cresswell.net.nz; Mention mention@noreply.github.com
Subject: Re: [portainer/portainer] [Feature Request] A field to add options for docker run/create (#597)

I landed here looking for a way to add --volumes-from $othercontainer

Maybe I'm just completely missing it but I can't even find it after searching the docs and google for 20 minutes.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_portainer_portainer_issues_597-23issuecomment-2D419980431&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=u8r488eSo4VT4mmvN30v6t6q62ILWJX2FkdZbchayRA&s=7MiG8Je0twhljjcwr6xDGu5zuYa8eIPa-xpsHrtITEw&e=, or mute the threadhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AWGrlVZgqgDBNnJyECZQNF-5FYDYPcbH2bks5uZpbrgaJpZM4L-5FQSd&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=u8r488eSo4VT4mmvN30v6t6q62ILWJX2FkdZbchayRA&s=raLqlPRA417poRQRPkQKx_czYXjcyeFcWPxKkJ317HU&e=.

hmm interesting, so there's only support for a selected set of options from docker?

Am I supposed to create containers that use that option (in this case one from the dockker hub) through the docker cli then? I just wonder how it's meant to be with portainer.

@Helmi This option is not available yet in the container-creation view, I don't think we have it as a feature request either. You could open a new feature request for this.

@deviantony I see. Is there any special reason to not just enable a possibility to openly add additional args to the create/run command like initially suggested here? That just sounds like the best solution to me thought I admire I'm quite new to docker still so may not see the problems connected with that.

Yes, Portainer basically interacts with the Docker API. Some CLI options (such as docker --rm) are only available in the Docker client.

Besides filtering the features/flags that could be executed, we'd also need to map/translate all the existing docker run options (a lot) into Docker API requests.

My preferred way to go on this one is to simply add an equivalent of all the options in the container creation form. In the end, it's just a matter of UX/UI.

Thanks for the explanation. So what you basically say is that it would work if I just create that container manually in the meanwhile (from the cli).

I'll add a feature request in addition.

... memory-swap ?

I need it for --runtime=nvidia when I'm trying to use CUDA in docker.

@shwneo --runtime should be supported in 1.19.2, see https://github.com/portainer/portainer/issues/2162

... memory-swap ?

have you found a way to set --memory-swap through Portainer's UI?

I need "--cap-add=SYS_PTRACE --security-opt seccomp=unconfined" to enable gdb C++ debugging

Maybe you could create the 'add user-defined configuration part' field to enter a json configuration part.
Then you could append/merge this json with the configuration that is created elsewhere.
Obviously this should be hidden by default and have a pretty BIG warning that you might kill some kittens with it and a link to the docker engine API reference (so you can look up where you find your --with-dragons --enable-doomsday options)
(I did not evaluate your code, just assumed you are using the HTTP API)

I would like this feature so that I can add various options to Watchtower such as --cleanup to remove old images after automatic update. Fantastic software guys.

+1
I'd need to run with the --device option to add some host devices to the container. As a work-around I need to run in privileged mode which I don't like for various reasons.

+1 for shm-size

+1 I need --replicas-max-per-node as of docker-ce 19.03+

+1 --security-opt seccomp=unconfined for netdata

Any news here? I would need the —dns option.

I need too

+1 for nvidia-docker

+1 for --security-opt seccomp=unconfined, especially for mysql docker.
It may fix mbind: Operation not permitted errors.

+1 for --group-add , needed for example in nodered container.
a tool to add arbitrary run options would be really appreciated as Its a complete showstopper to use portainer in many use cases.

+1

+1

+1 for shm-size

+1

+1 for --net=host and --cap-add=NET_ADMIN in pihole container

+1 for shm-size

--device useful for exposing acceleration devices ( see https://docs.linuxserver.io/images/docker-jellyfin#intel )

We already allow mapping of devices. See resources and runtime when creating a container.

Rgds,

Neil Cresswell

On 17/04/2020, at 5:21 PM, Micah Roth notifications@github.com wrote:



--device useful for exposing acceleration devices ( see https://docs.linuxserver.io/images/docker-jellyfin#intelhttps://urldefense.proofpoint.com/v2/url?u=https-3A__docs.linuxserver.io_images_docker-2Djellyfin-23intel&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=eUtPLu8KjPwselQLHeMPG31UEcCYNaaNVbqXAu2EV2A&s=ajgJL84m0EZpYKzdHPy8D5NzKUKk0wyvmOWlK80toV0&e= )

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_portainer_portainer_issues_597-23issuecomment-2D615048650&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=eUtPLu8KjPwselQLHeMPG31UEcCYNaaNVbqXAu2EV2A&s=xc9rrSvYhWwQq85_PoIhlVfBX3F-Fth2Zg8BvYEmZq0&e=, or unsubscribehttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AFQ2XFJEFMTEC5BSOV3JRLTRM7RNXANCNFSM4C75ASOQ&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=0fx0h4vB56iTLpw2McH1ZD6TqG_QGpbggVOB-PfMJpM&m=eUtPLu8KjPwselQLHeMPG31UEcCYNaaNVbqXAu2EV2A&s=hN0KnVN1lSuU4e2sIbju8zz8RcZ4LERn5cregEn8WdI&e=.

+1

I need to use --gpus=all for allowing tensorflow to see my gpu, but this is not covered by any ui options in portainer. Complete blocker for using portainer as result for me, unfortunately.

I understand why you do not want to include UI options for every not-so-popular exotic parameter - but why not to allow users to append their own parameters as an escape hatch?
If it has to be translated to json, okay, I'll better prefer to read Docker's API once more and deal with possible complications, rather than not being able to do anything at all...

Can we seriously not add additional parameters like --cap-add or --net? I guess I'll stick with good ol' RDP & SSH then

--shm-size

In my case, it is needed for my pihole docker which just breaks if /dev/shm gets full when doing too many DNS requests.

I would also need it for the --security-opt, so the Windows containers are treated as Domain-Hosts. 👍

I too need this.

+1

+1 for shm-size

PS: I tried to work around this issue by defining a default shm size ("default-shm-size": "2G") in the docker daemon.json but it didn't show any effect, still deploying with 64M. Is the daemon config ignored during container creation using Portainer?

Any progress?
How to run this in portainer? docker run --gpus all -it tensorflow/tensorflow:latest-gpu bash

+1 for shm-size for chromium browser

+1 for shm-size, zoneminder is broken until I can set this value, any update on this?

+1 for shm-size, zoneminder is broken until I can set this value, any update on this?

+1 for shm-size, zoneminder is broken until I can set this value, any update on this?

FYI, the latest Zoneminder image now REQUIRING shm-size to be set.
For Mark/Andye - a workaround is
A) bind mount /dev/shm on the host as writable.
B) Ensure playback is set to 1x (it sometimes drops to -1x which appears frozen)

Wow 4 years old... really wish this was supported...

+1 for shm-size
@ptruman Thanks a ton!

+1 for shm-size. I also have images that require it (in my case, using Chrome in xfce4)

i want to limit available storage inside a container, how can i do this with portainer? i don't find a way to pass that option to a container.

https://docs.docker.com/engine/reference/commandline/run/#set-storage-driver-options-per-container

We've been tracking separate flag requests for container creation/update through different issues:

• Support for --shm-size: https://github.com/portainer/portainer/issues/4992
• Support for --security-opts: https://github.com/portainer/portainer/issues/1132
• GPU support can be tracked via https://github.com/portainer/portainer/issues/3143
• Capabilities via --cap-add and --cap-drop are already supported