Setting up Docker for IBM® Cloud Private

IBM Cloud Private requires Docker. You must manually install Docker on your boot node. You can either manually install Docker on the rest of your cluster nodes, or the installer can automatically install Docker on your correctly configured master, worker, proxy, and optional management and Vulnerability Advisory (VA) nodes.

You must manually install a version of Docker that is supported by IBM Cloud Private on your boot node.

You can also manually install Docker on all your cluster nodes, or you can let the IBM Cloud Private installer set up Docker on your cluster nodes. If you want the installer to set up Docker on your cluster nodes, you can set this configuration during the installation of your cluster. See Configuring cluster nodes for automatic Docker installation.

For a list of Docker versions that are supported by IBM Cloud Private, see Supported Docker versions.

Manually installing Docker

You can either install the provided IBM Cloud Private Docker package, or install an IBM Cloud Private supported version of Docker from the Docker website.

Manually installing Docker from the Docker website

Complete the following steps on each node that you want to manually install Docker on.

  1. Install Docker.
  2. Verify your installation, see Verifying your installation.

Manually installing Docker by using the provided IBM Cloud Private Docker package

Complete the following steps on each node that you want to manually install Docker on.

  1. On your node, ensure that your package manager is configured to allow for package updates. Package managers include RPM for RHEL and Apt for Ubuntu.
  2. Download the Docker package for your node. See IBM Cloud Private Docker packages.
  3. Install Docker.

    • For Linux® 64-bit, run this command:

      chmod +x icp-docker-17.09_x86_64.bin
      sudo ./icp-docker-17.09_x86_64.bin --install
      
    • For Linux® on Power® 64-bit LE, run this command:

      chmod +x icp-docker-17.09_ppc64le.bin
      sudo ./icp-docker-17.09_ppc64le.bin --install
      
  4. Verify your installation, see Verifying your installation.

Verifying your installation

  1. Ensure that Docker engine is started. Run the following command:

    sudo systemctl start docker
    
  2. Configure your Docker engine, see Configuring your Docker engine.

Configuring your Docker engine

  1. If you want to change the location of the Docker default storage directory, you must configure a bind mount to the new directory before you install IBM Cloud Private. See Specifying a default Docker storage directory for manually installed Docker.
  2. To view logs of Docker containers and services from the IBM Cloud Private management console, you must set the default logging driver to json-file.

    1. Find the default logging driver for your Docker daemon.

      docker info|grep "Logging Driver"
      

      The output resembles the following code:

      Logging Driver: journald
      
    2. Configure the Docker logging driver to json-file. See https://docs.docker.com/engine/admin/logging/overview/#configure-the-default-logging-driver External link icon.
    3. Verify that the default logging driver is updated to json-file.

      systemctl daemon-reload
      systemctl start docker
      docker info|grep "Logging Driver"
      

      The output resembles the following code:

      Logging Driver: json-file
      
  3. If you are using a custom docker.servicefile, either ensure that the MountFlags parameter is set to share, or remove the MountFlags parameter from the docker.service file. For more information about manually creating the systemd unit file, docker.service, see https://docs.docker.com/engine/admin/systemd/#manually-creating-the-systemd-unit-files External link icon.
  4. For Red Hat Enterprise Linux (RHEL) systems, you must set the storage driver to devicemapper. To set the storage driver, see Configure Docker with the devicemapper storage driver Opens in a new tab.
    To use devicemapper storage in a production environment, you must enable direct-lvm mode. To manually configure direct-lvm mode, see Configure direct-lvm mode manually Opens in a new tab.
  5. Ensure that SELinux is not enabled for Docker.

    1. Check if SELinux is enabled.

      docker info  --format '{{json .SecurityOptions}}'
      

      If SELinux is enabled, the output resembles the following code:

      ["name=seccomp,profile=default","name=selinux"]
      
    2. If SELinux is enabled, remove the --selinux-enable setting from the Docker service file and save the file.

      vim /lib/systemd/system/docker.service
      

      For more information about modifying the Docker daemon configuration file, see Daemon configuration file External link icon.

    3. Apply the changes

      systemctl daemon-reload
      
    4. Restart the Docker daemon.

      systemctl restart docker.service
      
    5. Verify that SELinux is disabled.

      docker info  --format '{{json .SecurityOptions}}'
      

      If SELinux is disabled, the output resembles the following code:

      ["name=apparmor","name=seccomp,profile=default"]