Setting up Docker for IBM Cloud Private

IBM Cloud Private requires Docker. You must manually install Docker on your boot node. You can either manually install Docker on the rest of your cluster nodes, or the installer can automatically install Docker on your correctly configured master, worker, proxy, and optional management and Vulnerability Advisory (VA) nodes.

You must manually install a version of Docker that is supported by IBM Cloud Private on your boot node.

You can also manually install Docker on all your cluster nodes, or you can let the IBM Cloud Private installer set up Docker on your cluster nodes. If you want the installer to set up Docker on your cluster nodes, you can set this configuration during the installation of your cluster. See Configuring cluster nodes for automatic Docker installation.

For a list of Docker versions that are supported by IBM Cloud Private, see Supported Docker versions.

• Manually installing Docker
  • Manually installing Docker by using the provided IBM Cloud Private Docker package
  • Manually installing Docker from the Docker website
• Verifying your installation
• Configuring your Docker engine

Manually installing Docker

You can either install the provided IBM Cloud Private Docker package, or install an IBM Cloud Private supported version of Docker from the Docker website.

Manually installing Docker by using the provided IBM Cloud Private Docker package

Complete the following steps on each node that you want to manually install Docker on.

1. On your node, ensure that your package manager is configured to allow for package updates. Package managers include RPM for RHEL and Apt for Ubuntu.
2. Download the Docker package for your node. See IBM Cloud Private Docker packages.

3. Install Docker.

   • For Linux® x86_64, run this command:

     chmod +x icp-docker-18.03.1_x86_64.bin
     sudo ./icp-docker-18.03.1_x86_64.bin --install
     

   • For Linux® on Power® (ppc64le), run this command:

     chmod +x icp-docker-18.03.1_ppc64le.bin
     sudo ./icp-docker-18.03.1_ppc64le.bin --install
     

   • For IBM® Z, run this command:

     chmod +x icp-docker-18.03.1_s390x.bin
     sudo ./icp-docker-18.03.1_s390x.bin --install
     

     Note: To uninstall this Docker package, replace the --install option with --uninstall option in the command.

4. Verify your installation, see Verifying your installation.

Manually installing Docker from the Docker website

Complete the following steps on each node that you want to manually install Docker on.

1. Install Docker. Note: You might need to register to download the Docker package.
   • For Ubuntu, see the Docker documentation .
   • For SUSE Linux Enterprise Server (SLES) nodes, you can either manually install Docker by using the Docker installation instructions in the SLES documentation or by using the provided IBM Cloud Private Docker package.
2. Verify your installation, see Verifying your installation.

Verifying your installation

1. Ensure that Docker engine is started. Run the following command:

    sudo systemctl start docker
    sudo systemctl status docker
   

2. Configure your Docker engine, see Configuring your Docker engine.

Configuring your Docker engine

1. If you want to change the location of the Docker default storage directory, you must configure a bind mount to the new directory before you install IBM Cloud Private. See Specifying a default Docker storage directory for manually installed Docker.

2. Set up Docker log rotation. This reduces disk issues that are caused by retaining too much log information. To set up log rotation, complete the following steps:

   1. Configure log rotation by using the /lib/systemd/system/docker.service file. For the ExecStart parameter, add the following option:

      --log-opt max-size=10m --log-opt max-file=10
      

   2. Reload and restart Docker:

      sudo systemctl daemon-reload
      sudo systemctl restart docker
      

3. To view logs of Docker containers and services from the IBM Cloud Private management console, you must set the default logging driver to json-file.

   1. Find the default logging driver for your Docker daemon:

      sudo docker info|grep "Logging Driver"
      

      The output resembles the following code:

      Logging Driver: journald
      

   2. Configure the Docker logging driver to json-file. See the Docker documentation .

   3. Verify that the default logging driver is updated to json-file:

      sudo systemctl daemon-reload
      sudo systemctl start docker
      sudo docker info|grep "Logging Driver"
      

      The output resembles the following code:

      Logging Driver: json-file
      

4. If you are using a custom docker.servicefile, either ensure that the MountFlags parameter is set to share, or remove the MountFlags parameter from the docker.service file. For more information about manually creating the systemd unit file, docker.service, see the Docker documentation .
5. For Red Hat Enterprise Linux (RHEL) systems, review the storage driver settings. See Architectures and storage drivers .

6. Ensure that SELinux is not enabled for Docker.

   1. Check if SELinux is enabled:

      sudo docker info  --format '{{json .SecurityOptions}}'
      

      If SELinux is enabled, the output resembles the following code:

      ["name=seccomp,profile=default","name=selinux"]
      

   2. If SELinux is enabled, remove the --selinux-enable setting from the Docker service file and save the file:

      sudo vim /lib/systemd/system/docker.service
      

      For more information about modifying the Docker daemon configuration file, see Daemon configuration file .

   3. Apply the changes:

      sudo systemctl daemon-reload
      

   4. Restart the Docker daemon:

      sudo systemctl restart docker.service
      

   5. Verify that SELinux is disabled:

      sudo docker info  --format '{{json .SecurityOptions}}'
      

      If SELinux is disabled, the output resembles the following code:

      ["name=apparmor","name=seccomp,profile=default"]