Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / Documentación de SUSE Linux Enterprise Server / Container Guide / Setting Up Docker Open Source Engine
Applies to SUSE Linux Enterprise Server 15 SP2

4 Setting Up Docker Open Source Engine

4.1 Preparing the Host

Prepare the host as described below. Before installing any Docker-related packages, you need to enable the container module:

Note
Note: Built-in Docker Orchestration Support

Starting with Docker Open Source Engine 1.12, container orchestration is now an integral part of the Docker Open Source Engine. Even though this feature is available in SUSE Linux Enterprise Server, it is not supported by SUSE and is only provided as a technology preview. Use Kubernetes for container orchestration. For details, refer to the Kubernetes documentation.

Procedure 4.1: Enabling the Container Module Using Graphical User Interface YaST

  1. Start YaST, and select Software › Software Repositories.

  2. Click Add to open the add-on dialog.

  3. Select Extensions and Modules from Registration Server and click Next.

  4. From the list of available extensions and modules, select Container Module 15 x86_64 and click Next.

    The containers module and its repositories will be added to your system.

  5. If you use Repository Mirroring Tool, update the list of repositories on the RMT server.

Procedure 4.2: Enabling the Container Module from Command Line Using SUSEConnect

  • The Container Module can be added also with the following command: 

    > sudo SUSEConnect -p sle-module-containers/15.2/x86_64
Procedure 4.3: Installing and Setting Up the Docker Open Source Engine

  1. Install the docker package: 

    > sudo zypper install docker

  2. To automatically start the Docker service at boot time: 

    > sudo systemctl enable docker.service

    This automatically enables docker.socket in consequence.

  3. To use Portus (for more info on Portus, see Section 5.4, “Portus”) and an SSL-secured registry:

    1. Open the /etc/sysconfig/docker file. Search for the parameter DOCKER_OPTS and add --insecure-registry ADDRESS_OF_YOUR_REGISTRY.

    2. Add CA certificates to the directory /etc/docker/certs.d/REGISTRY_ADDRESS 

      > sudo cp CA /etc/pki/trust/anchors/

    3. Copy the CA certificates to your system: 

      > sudo update-ca-certificates

  4. Start the Docker service: 

    > sudo systemctl start docker.service

    This automatically starts docker.socket.

The Docker daemon listens on a local socket accessible only by the root user and by the members of the docker group. The docker group is automatically created during package installation.

To allow a certain user to connect to the local Docker daemon, use the following command: 

> sudo /usr/sbin/usermod -aG docker USERNAME

This allows the user to communicate with the local Docker daemon.

4.2 Configuring the Network

To give the containers access the external network, enable the ipv4 ip_forward rule.

4.2.1 How the Docker Open Source Engine Interacts with iptables

To learn more about how containers interact with each other and the system firewall, see the Docker documentation.

It is also possible to completely prevent the Docker Open Source Engine from manipulating iptables. See the Docker documentation.

4.3 Storage Drivers

Docker Open Source Engine supports different storage drivers:

  • vfs: this driver is automatically used when the Docker host file system does not support copy-on-write. This driver is simpler than the others listed and does not leverage certain advantages of the Docker Open Source Engine such as shared layers. It is a reliable but slow driver.

  • devicemapper: this driver relies on the device-mapper thin provisioning module. It supports copy-on-write, so it leverages all the advantages of the Docker Open Source Engine.

  • btrfs: this driver relies on Btrfs to provide all the features required by the Docker Open Source Engine. To use this driver the /var/lib/docker directory must be on a Btrfs file system.

Since SUSE Linux Enterprise Server 12, the Btrfs file system is used by default, which forces the Docker Open Source Engine to use the btrfs driver.

It is possible to specify what driver to use by changing the value of the DOCKER_OPTS variable defined in the /etc/sysconfig/docker file. This can be done either manually or using YaST by browsing to System › /etc/sysconfig Editor › System › Management › DOCKER_OPTS menu and entering the -s storage_driver string.

For example, to force the usage of the devicemapper driver enter the following text: 

DOCKER_OPTS="-s devicemapper"
Important
Important: Mounting /var/lib/docker

It is recommended to mount /var/lib/docker on a separate partition or volume. In case of file system corruption, this would leave the operating system running the Docker Open Source Engine unaffected.

If you choose the Btrfs file system for /var/lib/docker, it is strongly recommended to create a subvolume for it. This ensures that the directory is excluded from file system snapshots. If you do not exclude /var/lib/docker from snapshots, the file system will likely run out of disk space soon after you start deploying containers. In addition, a rollback to a previous snapshot will also reset the Docker database and images. For more information, see Section 7.1.4.3, “Creating and Mounting New Subvolumes”.

4.4 Updates

All updates to the docker package are marked as interactive (that is, no automatic updates) to avoid accidental updates breaking running container workloads. In general, we recommend stopping all running containers before applying an update to Docker Open Source Engine.

To avoid data loss, we do not recommend having workloads rely on containers being startable after an update to Docker Open Source Engine. Although it is technically possible to keep containers running during an update via the --live-restore option, experience has shown that such updates can introduce regressions. SUSE does not support this feature.