Docker Linux Installation: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(44 intermediate revisions by the same user not shown)
Line 12: Line 12:


=RedHat/Centos=
=RedHat/Centos=
{{External|https://docs.docker.com/install/linux/docker-ce/centos/}}
The following sequence is based on the document linked above.
==Uninstall Old Docker Versions==
yum list installed | grep docker
yum erase ...
yum remove docker \
            docker-client \
            docker-client-latest \
            docker-common \
            docker-latest \
            docker-latest-logrotate \
            docker-logrotate \
            docker-selinux \
            docker-engine-selinux \
            docker-engine
==Intall Required yum Utilities==
yum install -y yum-utils device-mapper-persistent-data lvm2


==Setting a yum Repository==
==Setting a yum Repository==


Create a <tt>docker.repo</tt> in <tt>/etc/yum.repos.d</tt>:
Set up a Docker repository:


<pre>
yum-config-manager --add-repo https&#58;//download.docker.com/linux/centos/docker-ce.repo
 
This will create /etc/yum.repos.d/docker-ce.repo.
 
Alternatively, the repository file can be added by hand, in /etc/yum.repos.d, with the following content:
 
<syntaxhighlight lang='bash'>
[dockerrepo]
[dockerrepo]
name=Docker Repository
name=Docker Repository
Line 24: Line 55:
gpgcheck=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
gpgkey=https://yum.dockerproject.org/gpg
</pre>
</syntaxhighlight>


Alternative URL for Centos 6: https://yum.dockerproject.org/repo/main/centos/6
Alternative URL for Centos 6: https://yum.dockerproject.org/repo/main/centos/6
Line 33: Line 64:
{{Internal|Using yum with registry.access.redhat.com Images#Overview|Using yum with registry.access.redhat.com Images}}
{{Internal|Using yum with registry.access.redhat.com Images#Overview|Using yum with registry.access.redhat.com Images}}


==Remove Older Releases==
==Restrict Some Releases==


Remove older Docker releases,
yum-config-manager --disable docker-ce-edge
yum-config-manager --disable docker-ce-test


  yum list installed | grep docker
==RedHat==
 
===Enable the 'extras' Repository===
 
In installed on RedHat, enable the "extras" repository:
 
  yum-config-manager --enable rhel-7-server-extras-rpms
 
===Enable the "ol7" Repository===
 
Add /etc/yum.repos.d/public-yum-ol7.repo with the following content:
 
<syntaxhighlight lang='bash'>
[ol7_developer_EPEL]
name=Oracle Linux $releasever Developement Packages ($basearch)
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer_EPEL/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle-ol7
gpgcheck=1
enabled=1
</syntaxhighlight>
 
Import the key:


yum erase ...
<syntaxhighlight lang='bash'>
cd /etc/pki/rpm-gpg/
wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol7
</syntaxhighlight>


==Install==
==Install==


  yum install docker-engine
  yum install docker-ce
 
<font color=darkgray>Obsolete:</font>
 
<font color=darkgray>yum install docker-engine</font>


The yum installation procedure enables the docker server to start at boot:
The yum installation procedure enables the docker server to start at boot:
Line 53: Line 113:


  systemctl enable docker
  systemctl enable docker
==Start==
At this point, /var/lib/docker and /etc/docker are not created. To create and initialize, execute the following. Even if we execute it, we will be able to further configure the storage backend later, as described in [[#Set_Up_Storage_Backend|Set Up Storage Backend]]:
systemctl start docker
==Set Up Storage Backend==
===devicemapper Storage Setup===
For production use on Red Hat, set up devicemapper storage:
{{Internal|Docker_device-mapper_Storage_Backend#Installation|devicemapper Installation}}


==Reboot==
==Reboot==


<pre>
<syntaxhighlight lang='bash'>
docker version
docker version


Client:
Client:
Line 76: Line 149:
  OS/Arch:      linux/amd64
  OS/Arch:      linux/amd64
  Experimental: false
  Experimental: false
</pre>
</syntaxhighlight>


==Installation Verification==
==RedHat/Centos Post-Install==


{{Internal|Docker Installation Verification|Docker Installation Verification}}
{{Internal|#Post-Install|Post-Install}}


=Docker Installation for OpenShift=
=Docker Installation for OpenShift=
Line 99: Line 172:
   apt-get update
   apt-get update
   apt-get install apt-transport-https ca-certificates curl software-properties-common
   apt-get install apt-transport-https ca-certificates curl software-properties-common
   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
   curl -fsSL https&#58;//download.docker.com/linux/ubuntu/gpg | apt-key add -
   apt-key fingerprint 0EBFCD88
   apt-key fingerprint 0EBFCD88
   add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
   add-apt-repository "deb [arch=amd64] https&#58;//download.docker.com/linux/ubuntu $(lsb_release -cs) stable"


Note that $(lsb_release -cs) should return 'xenial' or equivalent. The last command adds the Docker repository in /etc/apt/sources.list.
Note that $(lsb_release -cs) should return 'xenial' or equivalent. The last command adds the Docker repository in /etc/apt/sources.list.
Line 118: Line 191:


  docker run hello-world
  docker run hello-world
At this point, [[docker info]] may return a warning:
WARNING: No swap limit support
This is addressed by configuring the kernel appropriately. cgroups and swap should be configured in /etc/default/grub, by adding
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
and then
update-grub
reboot


Start at boot:
Start at boot:
Line 123: Line 209:
  systemctl enable docker
  systemctl enable docker


Configure a user other than "root" to be able to use the docker client to connect to the server. For details on why we needed to do this see [[Docker_Concepts#Client.2FServer_Communication|Docker Concepts - Client/Server Communication]]. The installation procedure should have created the 'docker' group already:
=Post-Install=
 
==Warnings==
 
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
 
Fixed by adding the following to [[/etc/sysctl.conf]]:
 
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
 
==Non-root Management Access==
 
Configure a user other than "root" to be able to use the docker client to connect to the server. For details on why we needed to do this see [[Docker_Concepts#Client.2FServer_Communication|Docker Concepts - Client/Server Communication]]. The installation procedure should have created the 'docker' group already.
 
useradd -m -g docker -u 994 docker


  usermod -aG docker <''unprivileged-user-to-operate-docker-server''>
  usermod -aG docker <''unprivileged-user-to-operate-docker-server''>
Line 133: Line 235:
Inspect [[Docker_Concepts#Storage_Driver.2FBackend|storage backend details]].
Inspect [[Docker_Concepts#Storage_Driver.2FBackend|storage backend details]].


Also run: {{Internal|Docker Installation Verification|Docker Installation Verification}}
==Installation Verification==
 
{{Internal|Docker Installation Verification|Docker Installation Verification}}
 
=TODO=
 
  yum install --setopt=obsoletes=0  docker-ce-17.03.2.ce-1.el7.centos.x86_64  docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch

Latest revision as of 23:47, 23 August 2019

Internal

Overview

Verified with Centos 7.

Prerequisites

A 3.8 kernel or later is required.

RedHat/Centos

https://docs.docker.com/install/linux/docker-ce/centos/

The following sequence is based on the document linked above.

Uninstall Old Docker Versions

yum list installed | grep docker
yum erase ...
yum remove docker \
           docker-client \
           docker-client-latest \
           docker-common \
           docker-latest \
           docker-latest-logrotate \
           docker-logrotate \
           docker-selinux \
           docker-engine-selinux \
           docker-engine

Intall Required yum Utilities

yum install -y yum-utils device-mapper-persistent-data lvm2

Setting a yum Repository

Set up a Docker repository:

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

This will create /etc/yum.repos.d/docker-ce.repo.

Alternatively, the repository file can be added by hand, in /etc/yum.repos.d, with the following content:

[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg

Alternative URL for Centos 6: https://yum.dockerproject.org/repo/main/centos/6 Oracle Linux: https://yum.dockerproject.org/repo/main/oraclelinux/6/

This is an example of how to use an "entitled" RH repository:

Using yum with registry.access.redhat.com Images

Restrict Some Releases

yum-config-manager --disable docker-ce-edge
yum-config-manager --disable docker-ce-test

RedHat

Enable the 'extras' Repository

In installed on RedHat, enable the "extras" repository:

yum-config-manager --enable rhel-7-server-extras-rpms

Enable the "ol7" Repository

Add /etc/yum.repos.d/public-yum-ol7.repo with the following content:

[ol7_developer_EPEL]
name=Oracle Linux $releasever Developement Packages ($basearch)
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer_EPEL/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle-ol7
gpgcheck=1
enabled=1

Import the key:

cd /etc/pki/rpm-gpg/
wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol7

Install

yum install docker-ce

Obsolete:

yum install docker-engine

The yum installation procedure enables the docker server to start at boot:

systemctl is-enabled docker
enabled

If not, enable it:

systemctl enable docker

Start

At this point, /var/lib/docker and /etc/docker are not created. To create and initialize, execute the following. Even if we execute it, we will be able to further configure the storage backend later, as described in Set Up Storage Backend:

systemctl start docker

Set Up Storage Backend

devicemapper Storage Setup

For production use on Red Hat, set up devicemapper storage:

devicemapper Installation

Reboot

docker version

Client:
 Version:      17.03.1-ce
 API version:  1.27
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Fri Mar 24 00:36:45 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.03.1-ce
 API version:  1.27 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Fri Mar 24 00:36:45 2017
 OS/Arch:      linux/amd64
 Experimental: false

RedHat/Centos Post-Install

Post-Install

Docker Installation for OpenShift

Ubuntu

Docker installation on Ubuntu is described here, in order:

A summary is available below. The sequence was used to install 18.03.0-ce on Ubuntu 16.04 xenial.

Setup the repository. As root:

 apt-get update
 apt-get install apt-transport-https ca-certificates curl software-properties-common
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
 apt-key fingerprint 0EBFCD88
 add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

Note that $(lsb_release -cs) should return 'xenial' or equivalent. The last command adds the Docker repository in /etc/apt/sources.list.

Install Docker CE. As root:

Update the package index again after setting up the Docker repository:

apt-get update

Then install the latest docker-ce:

apt-get install docker-ce

Test:

docker run hello-world

At this point, docker info may return a warning:

WARNING: No swap limit support

This is addressed by configuring the kernel appropriately. cgroups and swap should be configured in /etc/default/grub, by adding

GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"

and then

update-grub
reboot

Start at boot:

systemctl enable docker

Post-Install

Warnings

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Fixed by adding the following to /etc/sysctl.conf:

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

Non-root Management Access

Configure a user other than "root" to be able to use the docker client to connect to the server. For details on why we needed to do this see Docker Concepts - Client/Server Communication. The installation procedure should have created the 'docker' group already.

useradd -m -g docker -u 994 docker
usermod -aG docker <unprivileged-user-to-operate-docker-server>

Test access for unprivileged user. As that user:

docker run hello-world

Inspect storage backend details.

Installation Verification

Docker Installation Verification

TODO

 yum install --setopt=obsoletes=0  docker-ce-17.03.2.ce-1.el7.centos.x86_64  docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch