Warning Livedoc is no longer being updated and will be deprecated shortly. Please refer to https://documentation.tjhsst.edu.

Difference between revisions of "Docker setup"

From Livedoc - The Documentation Repository
Jump to: navigation, search
(Unmask/emerging)
m (Unmask/emerging: categorize)
 
Line 105: Line 105:
 
You may also want to create a docker group to give users access, because otherwise running docker requires root.  
 
You may also want to create a docker group to give users access, because otherwise running docker requires root.  
 
Members of the docker group, however, do not need to have root.
 
Members of the docker group, however, do not need to have root.
 +
[[Category:Current]]

Latest revision as of 00:39, 27 February 2016

Docker Logo

Installing Docker

If you want to learn what docker is, go here, they can explain it much better than I can.

Installing Docker is as simple as meeting the requirements, unmasking the packages, and emerging docker.

Meeting Requirements

The requirements for docker are fairly strict:

  • Kernel version 3.8 or later
  • The following Kernel configuration options need to be either enabled or added as modules:
    • CONFIG_MEMCG_SWAP
    • CONFIG_DM_THIN_PROVISIONING
    • CONFIG_NETFILTER_XT_MATCH_ADDRTYPE
    • CONFIG_IP_NF_TARGET_MASQUERADE
    • CONFIG_NF_NAT
    • CONFIG_NF_NAT_NEEDED

(and possibly more that those depend on)

How you go about meeting these requirements is mostly on you, the following is a description of how to meet them under KVM, the steps should be similar under bare-metal.

Updating Kernel Under KVM

We'll be building a new kernel with the required modules installed, then reconfiguring libvirt to use the new kernel.

First off, connect to stage64 (where we'll be building our new kernel) and checkout the relevant sources. I recommend the use of version 3.11.10.

cd /usr/src/linux
git checkout v3.11.10

Next the tricky part. You'll be going through the kernel options, and enabling all the ones we need. The goal is to ensure that none of the CONFIG_ options I listed earlier are set to "n". First run

make menuconfig

You'll have to search through and enable all the options yourself, I highly recommend using the search function (press the "/" key).

Also, make sure to set value of Local Version (under general config) to "-kvm-docker" (or just "-docker" if not making a virtual machine)

Once you're finished setting the config, save it as "config-<kernel version>-kvm-docker" (so "config-3.11.10-kvm-docker" if you used 3.11.10) and quit.

Copy the config file to ".config" and run

make
make modules_install
mv arch/x86/boot/bzImage kernel-<version>-kvm-docker
sftp <vm server>
cd /var/vminfo/boot
#You might want to ls to make sure the vm server doesn't already have this kernel
put config-<version>-kvm-docker
put kernel-<version>-kvm-docker

At this point you're done on stage64, connect to your vm server and edit the xml file for your VM. Find the OS section, it should look like this:

 <os>
   <type arch='x86_64' machine='pc-1.2'>hvm</type>
   <kernel>/var/vminfo/boot/kernel-3.4.77-kvm</kernel>

Change the <kernel> section to match the new kernel's location. Redefine the VM and reboot it.

Almost done, now all you need are the modules. Connect to your VM and create the directory /lib/modules/3.11.10-kvm-docker

Next you need to get the modules you installed on stage64, so run

rsync -av stage64:///lib/modules/3.11.10-kvm-docker/ /lib/modules/3.11.10-kvm-docker/ 

Finally, you'll need to load the modules. I don't quite know which modules exactly docker needs, but the following commands should get them into place.

modprobe -d /lib/modules/3.11.10-kvm-docker/ -v ip_tables
modprobe -d /lib/modules/3.11.10-kvm-docker/ -v ipt_state
modprobe -d /lib/modules/3.11.10-kvm-docker/ -v iptable_filter

Unmask/emerging

Add the following to /etc/portage/package.keywords (versions may need to be changed, check the output of "eix docker" and "eix lxc")

=app-emulation/lxc-0.8.0-r1 ~amd64
=app-emulation/docker-0.8.1 ~amd64

Emerge the package:

emerge -av app-emulation/docker

Finally, check to see if docker is working:

docker -d

If that doesn't list any errors, you should be good. If it mentions something along the lines of iptables v1.4.20: can't initialize iptables table `nat': Table does not exist

Then you haven't installed or loaded the modules correctly.

If you want the docker daemon (background process needed for docker to work) to start on boot, run the command

rc-update add docker default

You may also want to create a docker group to give users access, because otherwise running docker requires root. Members of the docker group, however, do not need to have root.