Docker Linux Installation: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(22 intermediate revisions by the same user not shown)
Line 42: Line 42:
Set up a Docker repository:
Set up a Docker repository:


  yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo


This will create /etc/yum.repos.d/docker-ce.repo.
This will create /etc/yum.repos.d/docker-ce.repo.
Line 101: Line 101:
  yum install docker-ce
  yum install docker-ce


Obsolete:
<font color=darkgray>Obsolete:</font>


  yum install docker-engine
  <font color=darkgray>yum install docker-engine</font>


The yum installation procedure enables the docker server to start at boot:
The yum installation procedure enables the docker server to start at boot:
Line 114: Line 114:
  systemctl enable docker
  systemctl enable docker


==Storage==
==Start==


Configure the devicemapper storage driver, '''before starting docker'''. Installation details are available here:
At this point, /var/lib/docker and /etc/docker are not created. To create and initialize, execute the following. Even if we execute it, we will be able to further configure the storage backend later, as described in [[#Set_Up_Storage_Backend|Set Up Storage Backend]]:


{{Internal|https://kb.novaordis.com/index.php/Docker_device-mapper_Storage_Backend#Installation|devicemapper Installation}}
systemctl start docker
 
==Set Up Storage Backend==
 
===devicemapper Storage Setup===
 
For production use on Red Hat, set up devicemapper storage:
 
{{Internal|Docker_device-mapper_Storage_Backend#Installation|devicemapper Installation}}


==Reboot==
==Reboot==


<pre>
<syntaxhighlight lang='bash'>
docker version
docker version


Client:
Client:
Line 142: Line 149:
  OS/Arch:      linux/amd64
  OS/Arch:      linux/amd64
  Experimental: false
  Experimental: false
</pre>
</syntaxhighlight>


==Installation Verification==
==RedHat/Centos Post-Install==


{{Internal|Docker Installation Verification|Docker Installation Verification}}
{{Internal|#Post-Install|Post-Install}}


=Docker Installation for OpenShift=
=Docker Installation for OpenShift=
Line 202: Line 209:
  systemctl enable docker
  systemctl enable docker


Configure a user other than "root" to be able to use the docker client to connect to the server. For details on why we needed to do this see [[Docker_Concepts#Client.2FServer_Communication|Docker Concepts - Client/Server Communication]]. The installation procedure should have created the 'docker' group already:
=Post-Install=
 
==Warnings==
 
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
 
Fixed by adding the following to [[/etc/sysctl.conf]]:
 
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
 
==Non-root Management Access==
 
Configure a user other than "root" to be able to use the docker client to connect to the server. For details on why we needed to do this see [[Docker_Concepts#Client.2FServer_Communication|Docker Concepts - Client/Server Communication]]. The installation procedure should have created the 'docker' group already.
 
useradd -m -g docker -u 994 docker


  usermod -aG docker <''unprivileged-user-to-operate-docker-server''>
  usermod -aG docker <''unprivileged-user-to-operate-docker-server''>
Line 212: Line 235:
Inspect [[Docker_Concepts#Storage_Driver.2FBackend|storage backend details]].
Inspect [[Docker_Concepts#Storage_Driver.2FBackend|storage backend details]].


Also run: {{Internal|Docker Installation Verification|Docker Installation Verification}}
==Installation Verification==
 
{{Internal|Docker Installation Verification|Docker Installation Verification}}
 
=TODO=
 
  yum install --setopt=obsoletes=0  docker-ce-17.03.2.ce-1.el7.centos.x86_64  docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch

Latest revision as of 23:47, 23 August 2019

Internal

Overview

Verified with Centos 7.

Prerequisites

A 3.8 kernel or later is required.

RedHat/Centos

https://docs.docker.com/install/linux/docker-ce/centos/

The following sequence is based on the document linked above.

Uninstall Old Docker Versions

yum list installed | grep docker
yum erase ...
yum remove docker \
           docker-client \
           docker-client-latest \
           docker-common \
           docker-latest \
           docker-latest-logrotate \
           docker-logrotate \
           docker-selinux \
           docker-engine-selinux \
           docker-engine

Intall Required yum Utilities

yum install -y yum-utils device-mapper-persistent-data lvm2

Setting a yum Repository

Set up a Docker repository:

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

This will create /etc/yum.repos.d/docker-ce.repo.

Alternatively, the repository file can be added by hand, in /etc/yum.repos.d, with the following content:

[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg

Alternative URL for Centos 6: https://yum.dockerproject.org/repo/main/centos/6 Oracle Linux: https://yum.dockerproject.org/repo/main/oraclelinux/6/

This is an example of how to use an "entitled" RH repository:

Using yum with registry.access.redhat.com Images

Restrict Some Releases

yum-config-manager --disable docker-ce-edge
yum-config-manager --disable docker-ce-test

RedHat

Enable the 'extras' Repository

In installed on RedHat, enable the "extras" repository:

yum-config-manager --enable rhel-7-server-extras-rpms

Enable the "ol7" Repository

Add /etc/yum.repos.d/public-yum-ol7.repo with the following content:

[ol7_developer_EPEL]
name=Oracle Linux $releasever Developement Packages ($basearch)
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/developer_EPEL/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle-ol7
gpgcheck=1
enabled=1

Import the key:

cd /etc/pki/rpm-gpg/
wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol7

Install

yum install docker-ce

Obsolete:

yum install docker-engine

The yum installation procedure enables the docker server to start at boot:

systemctl is-enabled docker
enabled

If not, enable it:

systemctl enable docker

Start

At this point, /var/lib/docker and /etc/docker are not created. To create and initialize, execute the following. Even if we execute it, we will be able to further configure the storage backend later, as described in Set Up Storage Backend:

systemctl start docker

Set Up Storage Backend

devicemapper Storage Setup

For production use on Red Hat, set up devicemapper storage:

devicemapper Installation

Reboot

docker version

Client:
 Version:      17.03.1-ce
 API version:  1.27
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Fri Mar 24 00:36:45 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.03.1-ce
 API version:  1.27 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   c6d412e
 Built:        Fri Mar 24 00:36:45 2017
 OS/Arch:      linux/amd64
 Experimental: false

RedHat/Centos Post-Install

Post-Install

Docker Installation for OpenShift

Ubuntu

Docker installation on Ubuntu is described here, in order:

A summary is available below. The sequence was used to install 18.03.0-ce on Ubuntu 16.04 xenial.

Setup the repository. As root:

 apt-get update
 apt-get install apt-transport-https ca-certificates curl software-properties-common
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
 apt-key fingerprint 0EBFCD88
 add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

Note that $(lsb_release -cs) should return 'xenial' or equivalent. The last command adds the Docker repository in /etc/apt/sources.list.

Install Docker CE. As root:

Update the package index again after setting up the Docker repository:

apt-get update

Then install the latest docker-ce:

apt-get install docker-ce

Test:

docker run hello-world

At this point, docker info may return a warning:

WARNING: No swap limit support

This is addressed by configuring the kernel appropriately. cgroups and swap should be configured in /etc/default/grub, by adding

GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"

and then

update-grub
reboot

Start at boot:

systemctl enable docker

Post-Install

Warnings

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Fixed by adding the following to /etc/sysctl.conf:

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

Non-root Management Access

Configure a user other than "root" to be able to use the docker client to connect to the server. For details on why we needed to do this see Docker Concepts - Client/Server Communication. The installation procedure should have created the 'docker' group already.

useradd -m -g docker -u 994 docker
usermod -aG docker <unprivileged-user-to-operate-docker-server>

Test access for unprivileged user. As that user:

docker run hello-world

Inspect storage backend details.

Installation Verification

Docker Installation Verification

TODO

 yum install --setopt=obsoletes=0  docker-ce-17.03.2.ce-1.el7.centos.x86_64  docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch