Docker Linux Installation: Difference between revisions
(28 intermediate revisions by the same user not shown) | |||
Line 42: | Line 42: | ||
Set up a Docker repository: | Set up a Docker repository: | ||
yum-config-manager --add-repo https | yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo | ||
This will create /etc/yum.repos.d/docker-ce.repo. | This will create /etc/yum.repos.d/docker-ce.repo. | ||
Line 85: | Line 85: | ||
name=Oracle Linux $releasever Developement Packages ($basearch) | name=Oracle Linux $releasever Developement Packages ($basearch) | ||
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer_EPEL/$basearch/ | baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer_EPEL/$basearch/ | ||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle-ol7 | ||
gpgcheck=1 | gpgcheck=1 | ||
enabled=1 | enabled=1 | ||
</syntaxhighlight> | |||
Import the key: | |||
<syntaxhighlight lang='bash'> | |||
cd /etc/pki/rpm-gpg/ | |||
wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol7 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 94: | Line 101: | ||
yum install docker-ce | yum install docker-ce | ||
Obsolete: | <font color=darkgray>Obsolete:</font> | ||
yum install docker-engine | <font color=darkgray>yum install docker-engine</font> | ||
The yum installation procedure enables the docker server to start at boot: | The yum installation procedure enables the docker server to start at boot: | ||
Line 106: | Line 113: | ||
systemctl enable docker | systemctl enable docker | ||
==Start== | |||
At this point, /var/lib/docker and /etc/docker are not created. To create and initialize, execute the following. Even if we execute it, we will be able to further configure the storage backend later, as described in [[#Set_Up_Storage_Backend|Set Up Storage Backend]]: | |||
systemctl start docker | |||
==Set Up Storage Backend== | |||
===devicemapper Storage Setup=== | |||
For production use on Red Hat, set up devicemapper storage: | |||
{{Internal|Docker_device-mapper_Storage_Backend#Installation|devicemapper Installation}} | |||
==Reboot== | ==Reboot== | ||
< | <syntaxhighlight lang='bash'> | ||
docker version | docker version | ||
Client: | Client: | ||
Line 129: | Line 149: | ||
OS/Arch: linux/amd64 | OS/Arch: linux/amd64 | ||
Experimental: false | Experimental: false | ||
</ | </syntaxhighlight> | ||
== | ==RedHat/Centos Post-Install== | ||
{{Internal| | {{Internal|#Post-Install|Post-Install}} | ||
=Docker Installation for OpenShift= | =Docker Installation for OpenShift= | ||
Line 189: | Line 209: | ||
systemctl enable docker | systemctl enable docker | ||
Configure a user other than "root" to be able to use the docker client to connect to the server. For details on why we needed to do this see [[Docker_Concepts#Client.2FServer_Communication|Docker Concepts - Client/Server Communication]]. The installation procedure should have created the 'docker' group already | =Post-Install= | ||
==Warnings== | |||
WARNING: bridge-nf-call-iptables is disabled | |||
WARNING: bridge-nf-call-ip6tables is disabled | |||
Fixed by adding the following to [[/etc/sysctl.conf]]: | |||
net.bridge.bridge-nf-call-ip6tables = 1 | |||
net.bridge.bridge-nf-call-iptables = 1 | |||
==Non-root Management Access== | |||
Configure a user other than "root" to be able to use the docker client to connect to the server. For details on why we needed to do this see [[Docker_Concepts#Client.2FServer_Communication|Docker Concepts - Client/Server Communication]]. The installation procedure should have created the 'docker' group already. | |||
useradd -m -g docker -u 994 docker | |||
usermod -aG docker <''unprivileged-user-to-operate-docker-server''> | usermod -aG docker <''unprivileged-user-to-operate-docker-server''> | ||
Line 199: | Line 235: | ||
Inspect [[Docker_Concepts#Storage_Driver.2FBackend|storage backend details]]. | Inspect [[Docker_Concepts#Storage_Driver.2FBackend|storage backend details]]. | ||
==Installation Verification== | |||
{{Internal|Docker Installation Verification|Docker Installation Verification}} | |||
=TODO= | |||
yum install --setopt=obsoletes=0 docker-ce-17.03.2.ce-1.el7.centos.x86_64 docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch |
Latest revision as of 23:47, 23 August 2019
Internal
Overview
Verified with Centos 7.
Prerequisites
A 3.8 kernel or later is required.
RedHat/Centos
The following sequence is based on the document linked above.
Uninstall Old Docker Versions
yum list installed | grep docker
yum erase ...
yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-selinux \ docker-engine-selinux \ docker-engine
Intall Required yum Utilities
yum install -y yum-utils device-mapper-persistent-data lvm2
Setting a yum Repository
Set up a Docker repository:
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
This will create /etc/yum.repos.d/docker-ce.repo.
Alternatively, the repository file can be added by hand, in /etc/yum.repos.d, with the following content:
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
Alternative URL for Centos 6: https://yum.dockerproject.org/repo/main/centos/6 Oracle Linux: https://yum.dockerproject.org/repo/main/oraclelinux/6/
This is an example of how to use an "entitled" RH repository:
Restrict Some Releases
yum-config-manager --disable docker-ce-edge yum-config-manager --disable docker-ce-test
RedHat
Enable the 'extras' Repository
In installed on RedHat, enable the "extras" repository:
yum-config-manager --enable rhel-7-server-extras-rpms
Enable the "ol7" Repository
Add /etc/yum.repos.d/public-yum-ol7.repo with the following content:
[ol7_developer_EPEL]
name=Oracle Linux $releasever Developement Packages ($basearch)
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer_EPEL/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle-ol7
gpgcheck=1
enabled=1
Import the key:
cd /etc/pki/rpm-gpg/
wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol7
Install
yum install docker-ce
Obsolete:
yum install docker-engine
The yum installation procedure enables the docker server to start at boot:
systemctl is-enabled docker enabled
If not, enable it:
systemctl enable docker
Start
At this point, /var/lib/docker and /etc/docker are not created. To create and initialize, execute the following. Even if we execute it, we will be able to further configure the storage backend later, as described in Set Up Storage Backend:
systemctl start docker
Set Up Storage Backend
devicemapper Storage Setup
For production use on Red Hat, set up devicemapper storage:
Reboot
docker version
Client:
Version: 17.03.1-ce
API version: 1.27
Go version: go1.7.5
Git commit: c6d412e
Built: Fri Mar 24 00:36:45 2017
OS/Arch: linux/amd64
Server:
Version: 17.03.1-ce
API version: 1.27 (minimum version 1.12)
Go version: go1.7.5
Git commit: c6d412e
Built: Fri Mar 24 00:36:45 2017
OS/Arch: linux/amd64
Experimental: false
RedHat/Centos Post-Install
Docker Installation for OpenShift
Ubuntu
Docker installation on Ubuntu is described here, in order:
- https://docs.docker.com/install/linux/docker-ce/ubuntu/
- https://docs.docker.com/install/linux/linux-postinstall/
A summary is available below. The sequence was used to install 18.03.0-ce on Ubuntu 16.04 xenial.
Setup the repository. As root:
apt-get update apt-get install apt-transport-https ca-certificates curl software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - apt-key fingerprint 0EBFCD88 add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
Note that $(lsb_release -cs) should return 'xenial' or equivalent. The last command adds the Docker repository in /etc/apt/sources.list.
Install Docker CE. As root:
Update the package index again after setting up the Docker repository:
apt-get update
Then install the latest docker-ce:
apt-get install docker-ce
Test:
docker run hello-world
At this point, docker info may return a warning:
WARNING: No swap limit support
This is addressed by configuring the kernel appropriately. cgroups and swap should be configured in /etc/default/grub, by adding
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
and then
update-grub reboot
Start at boot:
systemctl enable docker
Post-Install
Warnings
WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
Fixed by adding the following to /etc/sysctl.conf:
net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1
Non-root Management Access
Configure a user other than "root" to be able to use the docker client to connect to the server. For details on why we needed to do this see Docker Concepts - Client/Server Communication. The installation procedure should have created the 'docker' group already.
useradd -m -g docker -u 994 docker
usermod -aG docker <unprivileged-user-to-operate-docker-server>
Test access for unprivileged user. As that user:
docker run hello-world
Inspect storage backend details.
Installation Verification
TODO
yum install --setopt=obsoletes=0 docker-ce-17.03.2.ce-1.el7.centos.x86_64 docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch