WSL2 configuration for developing using rootless docker

wsl2-rootless-docker.md

NOTE: WORK IN PROGRESS

WSL2 configuration for developing using rootless docker

This document assumes Windows Insider Preview Dev.

Install Ubuntu 22.04

Installing Ubuntu 22.04.1 LTS from Microsoft Store.

If the graphical installer hangs or it is unusable due to some graphics driver issues, you can install Ubuntu 22.04 from the command line (** at least on my ThinkPad X13 AMD Gen3 does not show the installation GUI correctly):

# Anyway, terminate WSL2
wsl.exe --shutdown

# If the Ubuntu installation is half-done (otherwise, it may fail)
wsl.exe --unregister Ubuntu-22.04

# Most effective way to install Ubuntu 22.04 inside the CUI
Ubuntu2204.exe --ui=tui

systemd and DNS configuration

Edit (or create) /etc/wsl.conf

The following configuration do:

• enable systemd
• disable automatic /etc/resolv.conf generation

[boot]
systemd=true

[network]
generateResolvConf=false

For more details about the file, see Advanced settings configuration in WSL.

After editing the file, we should shutdown WSL2 once (it can be executed either on WSL2 bash or on host's cmd.exe/PowerShell):

wsl.exe --shutdown

And then, back to the WSL2 bash terminal and follow the instructions below.

Manually create /etc/resolv.conf

nameserver configuration on /etc/resolv.conf can be anything but it must be able to resolve docker related hosts:

# Use Google's public DNS for our purpose anyway
nameserver 8.8.8.8

git related configurations

You can share Git for Windows credential manager with WSL2 git using the following configuration:

git config --global credential.helper '/mnt/c/Program\ Files/Git/mingw64/bin/git-credential-manager-core.exe'

# customize for your own:
git config --global user.email [email protected]
git config --global user.name 'YOUR NAME'

Install Docker from Docker's official repository

The document is based on Install Docker Engine on Ubuntu.

Remove the existing things if any

sudo apt remove docker docker-engine docker.io containerd runc

Install the prerequisites

sudo apt update && sudo apt install -y ca-certificates curl gnupg lsb-release

Import Docker's GPG key

sudo mkdir -p /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install official docker and compose plugin

sudo apt update && sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

Make dockerd rootless

The document is based on Run the Docker daemon as a non-root user (Rootless mode).

uidmap to deal with subuid/subgid

sudo apt install -y uidmap

Stop the docker running with root account

sudo systemctl disable --now docker.service docker.socket

Install rootless docker

dockerd-rootless-setuptool.sh install

Edit your ~/.bashrc as instructed on the output from the command above:

# This is a little generalized version of DOCKER_HOST
export PATH=/usr/bin:$PATH
export DOCKER_HOST=unix://${XDG_RUNTIME_DIR}/docker.sock

And then, source the ~/.bashrc for the current session:

. ~/.bashrc

Install extras (if needed)

sudo apt install -y docker-ce-rootless-extras

Launch dockerd as user

Do the following with a user account:

systemctl --user enable docker

(Optional) Exposing privileged ports

If you want docker to run services on privileged ports (1-1024), you have to run the following commands:

sudo setcap cap_net_bind_service=ep $(which rootlesskit)

systemctl --user restart docker