Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Server 15 SP3

4 Setting up Docker Open Source Engine Edit source

4.1 Preparing the host Edit source

Prepare the host as described below. Before installing any Docker-related packages, you need to enable the Containers Module:

Note
Note: Built-in Docker orchestration support

Starting with Docker Open Source Engine 1.12, container orchestration is now an integral part of Docker Open Source Engine. Even though this feature is available in SUSE Linux Enterprise Server, it is not supported by SUSE and is only provided as a technology preview. Use Kubernetes for container orchestration. For details, refer to the Kubernetes documentation.

Procedure 4.1: Enabling the Containers Module using graphical user interface YaST
  1. Start YaST, and select Software › Software Repositories.

  2. Click Add to open the add-on dialog.

  3. Select Extensions and Modules from Registration Server and click Next.

  4. From the list of available extensions and modules, select Containers Module 15 SP3 x86_64 and click Next.

    The Containers Module and its repositories will be added to your system.

  5. If you use Repository Mirroring Tool, update the list of repositories on the RMT server.

Procedure 4.2: Enabling the Containers Module from command line using SUSEConnect
  • The Containers Module can also be added with the following command:

    tux > sudo SUSEConnect -p sle-module-containers/15.3/x86_64
Procedure 4.3: Installing and setting up Docker Open Source Engine
  1. Install the docker package:

    tux > sudo zypper install docker
  2. To automatically start the Docker service at boot time:

    tux > sudo systemctl enable docker.service

    This also automatically enables docker.socket.

  3. To use Portus (for more info on Portus, see Section 5.4, “Portus”) and an SSL-secured registry:

    1. Open the /etc/sysconfig/docker file. Search for the parameter DOCKER_OPTS and add --insecure-registry ADDRESS_OF_YOUR_REGISTRY.

    2. Add CA certificates to the directory /etc/docker/certs.d/REGISTRY_ADDRESS

      tux > sudo cp CA /etc/pki/trust/anchors/
    3. Copy the CA certificates to your system:

      tux > sudo update-ca-certificates
  4. Start the Docker service:

    tux > sudo systemctl start docker.service

    This automatically starts docker.socket.

The Docker daemon listens on a local socket accessible only by the root user and by the members of the docker group. The docker group is automatically created during package installation.

To allow a certain user to connect to the local Docker daemon, use the following command:

tux > sudo /usr/sbin/usermod -aG docker USERNAME

This allows the user to communicate with the local Docker daemon.

4.2 Configuring the network Edit source

To give the containers access to the external network, enable the ipv4 ip_forward rule.

4.2.1 How Docker Open Source Engine interacts with iptables Edit source

To learn more about how containers interact with each other and the system firewall, see the Docker documentation.

It is also possible to completely prevent Docker Open Source Engine from manipulating iptables. See the Docker documentation.

4.3 Storage drivers Edit source

Docker Open Source Engine supports different storage drivers:

  • vfs: This driver is automatically used when the Docker host file system does not support copy-on-write. This driver is simpler than the others listed and does not leverage certain advantages of Docker Open Source Engine such as shared layers. It is a reliable but slow driver.

  • devicemapper: This driver relies on the device-mapper thin provisioning module. It supports copy-on-write, so it leverages all the advantages of Docker Open Source Engine.

  • btrfs: This driver relies on Btrfs to provide all the features required by Docker Open Source Engine. To use this driver, the /var/lib/docker directory must be on a Btrfs file system.

Since SUSE Linux Enterprise Server 12 onward, the Btrfs file system is used by default, which forces Docker Open Source Engine to use the btrfs driver.

It is possible to specify what driver to use by changing the value of the DOCKER_OPTS variable defined in the /etc/sysconfig/docker file. This can be done either manually or using YaST by browsing to the System › /etc/sysconfig Editor › System › Management › DOCKER_OPTS menu and entering the -s storage_driver string.

For example, to force the usage of the devicemapper driver, enter the following text:

DOCKER_OPTS="-s devicemapper"
Important
Important: Mounting /var/lib/docker

It is recommended to mount /var/lib/docker on a separate partition or volume. In case of file system corruption, this would leave the operating system running Docker Open Source Engine unaffected.

If you choose the Btrfs file system for /var/lib/docker, it is strongly recommended to create a subvolume for it. This ensures that the directory is excluded from file system snapshots. If you do not exclude /var/lib/docker from snapshots, the file system will likely run out of disk space soon after you start deploying containers. In addition, a rollback to a previous snapshot will also reset the Docker database and images. For more information, see Section 7.1.4.3, “Creating and mounting new subvolumes”.

4.4 Updates Edit source

All updates to the docker package are marked as interactive (that is, no automatic updates) to avoid accidental updates breaking running container workloads. In general, we recommend stopping all running containers before applying an update to Docker Open Source Engine.

To avoid data loss, we do not recommend having workloads rely on containers being start-able after an update to Docker Open Source Engine. Although it is technically possible to keep containers running during an update via the --live-restore option, experience has shown that such updates can introduce regressions. SUSE does not support this feature.

Print this page