【Linux operation 18】 - SUSE 12 SP5在线安装Docker

1、指导文档地址：

https://documentation.suse.com/sles/12-SP5/single-html/SLES-dockerquick/index.html

2、在线安装前提 General Preparation

在安装任何 Docker 相关的包之前，需要启用容器模块：
Prepare the host as described below. Before installing any Docker-related packages, you need to enable the container module:

Note: Built-in Docker Orchestration Support
Starting with Docker Open Source Engine 1.12, the container orchestration is now an
integral part of the  Docker Open Source Engine. Even though this feature is
available in SLESSP1 and in SLESSP2,   it is not supported and is only a
technical preview. Use Kubernetes for Docker container orchestration,
for details refer to the Kubernetes documentation.

PROCEDURE 1：ENABLING THE CONTAINER MODULE USING YAST
1、Start YaST, and select Software › Software Repositories.
2、Click Add to open the add-on dialog.
3、Select Extensions and Modules from Registration Server and click Next.
4、From the list of available extensions and modules, select Container Module 12 x86_64 and click Next.
The containers module and its repositories will be added to your system.
5、If you use Subscription Management Tool, update the list of repositories on the SMT server.

使用 YAST 启用容器模块 #
1、启动 YaST，然后选择软件 › 软件存储库。
2、单击添加以打开加载项对话框。
3、从注册服务器中选择扩展和模块，然后单击下一步。
4、从可用扩展和模块列表中，选择 Container Module 12 x86_64并单击 Next。
容器模块及其存储库将添加到您的系统中。
5、如果您使用订阅管理工具，请更新 SMT 服务器上的存储库列表。

PROCEDURE 2:ENABLING THE CONTAINER MODULE USING SUSECONNECT #
The Container Module can be added also with the following command:
$ sudo SUSEConnect -p sle-module-containers/12/x86_64 -r ''
Note: Note about the SUSEConnect syntax
The -r ‘’ flag is required to avoid a known limitation of SUSEConnect.
使用 SUSECONNECT 启用容器模块
也可以使用以下命令添加容器模块：
$ sudo SUSEConnect -p sle-module-containers/12/x86_64 -r ''
注意：有关 SUSEConnect 语法的注意事项
需要该-r ''标志以避免 SUSEConnect 的已知限制。

PROCEDURE 3: INSTALLING AND SETTING UP DOCKER OPEN SOURCE ENGINE #
1、Install the docker package:
sudo zypper install docker
2、To automatically start the Docker service at boot time:
sudo systemctl enable docker.service
This will automatically enable docker.socket in consequence.

3、In case you will use Portus and an SSL secured registry, open the /etc/sysconfig/dockerfile. Search for the parameter DOCKER_OPTSand add --insecure-registry ADDRESS_OF_YOUR_REGISTRY.
4、In the production environment when using the SSL secured registry with Portus, add CA certificates to the directory /etc/docker/certs.d/<registry address>and copy the CA certificates to your system:
sudo cp CA /etc/pki/trust/anchors/ && update-ca-certificates
5、Start the Docker service:
sudo systemctl start docker.service
This will automatically start docker.socket in consequence.

The Docker daemon listens on a local socket which is accessible only by the root user and by the members of the docker group. The docker group is automatically created at package installation time. To allow a certain user to connect to the local Docker daemon, use the following command:

sudo /usr/sbin/usermod -aG docker USERNAME

The user can communicate with the local Docker daemon upon his next login.

3、Networking #

If you want your containers to be able to access the external network, you must enable theipv4 ip_forward rule. This can be done using YaST by browsing to System › Network Settings › Routing menu and ensuring Enable IPv4 Forwarding is checked.

This option cannot be changed when networking is handled by the Network Manager. In such cases the /etc/sysconfig/SuSEfirewall2 file needs to be edited manually to ensure the FW_ROUTE`` flag is set to yes```:

FW_ROUTE="yes"

4、Networking Limitations on Power Architecture #

Currently Docker networking has two limitations on the POWER architecture.

The first limitation is about iptables. SLE 12 machines cannot run Docker Open Source Engine with the iptables support enabled. An update of the kernel is going to solve this issue. In the meantime the docker package for POWER has iptables support disabled via a dedicated directive inside of /etc/sysconfig/docker.

As a result of this limitation Docker containers will not have access to the outer network. A possible workaround is to share the same network namespace between the host and the containers. This however reduces the isolation of the containers.

The network namespace of the host can be shared on a per-container basis by adding --net=host to the docker run command.

SLE 12 SP1 hosts are not affected by this limitation but, given they use the same SLE 12 package,
they will have iptables support disabled. This can be changed by removing the -iptables=false
setting inside of  /etc/sysconfig/docker.

he second limitation is about network isolation between the containers and the host. Currently it is not possible to prevent containers from probing or accessing arbitrary ports of each other.

5、Installing sle2docker

The sle2dockeris used to import pre-built SUSE Linux Enterprise images. The imported pre-built images can then be used to create base Docker images.

The tool is part of the official container module. You can install it by using zypper. But prior to installing sle2docker, verify that the following prerequisites are fulfilled:

Ruby is installed on the host machine.
The docker daemon is running on the system.
The user invoking sle2docker must have proper rights to invoke Docker commands.

If the conditions above are fulfilled, you can install the sle2docker tool by running:

sudo zypper in sle2docker

6、Storing Images #
Prior to creating your own images, you should decide where you will store the images. The easiest solution would be to push these images to the Docker Hub. By default all images pushed to the Docker Hub are public. This is probably fine as long as this does not violate your company’s policy and your images do not contain sensitive data or proprietary software.

If you need to restrict access to your Docker images, there are two options:

Get a subscription on Docker Hub that unlocks the feature to create private repositories.
Run an on-site Docker Registry where to store all the Docker images used by your organization or company and combine them with Portus to secure the registry.

This chapter describes how to set up an on-site Docker Registry and how to combine it with Portus.

<1>What is a Docker Registry?
The Docker Registry is an open source project created by Docker Inc. It allows the storage and retrieval of Docker images. By running a local instance of the Docker Registry it is possible to completely avoid usage of the Docker Hub.

The Docker Registry is also used by the Docker Hub. However, the Docker Hub, as seen from the user perspective, is made of the following parts at least:

The user interface (UI): The part that is accessed by users with their browser. The UI provides a nice and intuitive way to browse the contents of the Docker Hub either manually or by using a search feature. It also allows to create organizations made by different users.
This component is closed source.
The authentication component: This is used to protect the images stored inside of the Docker Hub. It validates all push, pull and search requests.
This component is closed source.
The storage back-end: This is where the Docker images are sent and downloaded from. It is provided by the Docker Registry.
This component is open source.

<2>Installing and Setting Up Docker Registry #
Install the docker-distribution-registry package:

sudo zypper install docker-distribution-registry

To automatically start the Docker Registry at boot time:

sudo systemctl enable registry

Start the Docker Registry:

sudo systemctl start registry

The Docker Registry configuration is defined inside of /etc/registry/config.yml.

With the default configuration the registry listens on ports 5000 and stores the Docker images under /var/lib/docker-registry.

Note: Incompatible Versions of Docker Open Source Engine and Docker Registry
Docker Registry version 2.3 is not compatible with Docker Registry versions older than 1.10, because v2 manifests were only introduced with Docker Open Source Engine 1.10. As Docker Open Source Engine and Docker Registry can be installed on different boxes, the versions might be incompatible. If you experience communication errors between between Docker Open Source Engine and Docker Registry, update both to the latest versions.

<3>Limitations
The Docker Registry has two major limitations:

It lacks any form of authentication. That means everybody with access to the Docker Registry can push and pull images to it. That also includes the possibility to overwrite already existing images.
There is no way to see which images have been pushed to the Docker Registry. You can manually take notes of what is being stored inside of it. There is also no search functionality, which makes collaboration harder.

The next section is going to introduce Portus, the solution to all of the problems above.

<4>Portus
Portus is an authentication service and user interface for the Docker Registry. It is an open source project created by SUSE to address all the limitations faced by the local instances of Docker Registry. By combining Portus and Docker Registry, it is possible to have a secure and enterprise ready on-premise version of the Docker Hub.

Portus is available for SLES customers as a Docker image from SUSE Container Registry. For example, to pull the 2.4.0 tag, run the following command:

docker pull registry.suse.com/sles12/portus:2.4.0

In addition to the official version of the Portus image from SUSE Container Registry, there is a community version that can be found on Docker Hub. However, as a customer of SLES, we strongly suggest you use the official Portus image instead. The Portus image for SLES customers has the same code as the one from the community. Therefore, the setup instructions from http://port.us.org/docs/deploy.html apply for both images.

Portus was previously also available as an RPM package. To migrate from the RPM package to the Docker image, follow the instructions at http://port.us.org/docs/migrate-from-rpm.html.

【Linux operation 18】 - SUSE 12 SP5在线安装Docker相关推荐

【Linux operation 55】centos 9 steam 在线安装docker
1.卸载旧版本旧版本的 Docker 被称为docker或docker-engine.如果安装了这些,卸载它们以及相关的依赖项. yum remove docker \docker-client \ ...
川农在线计算机统考资料,川农《计算机图像处理（本科）》18年12月在线作业资料...
<计算机图像处理(本科)>18年12月在线作业: x6 A9 U% O! T4 f l8 e 核对题目下载答案 1 i6 D; T5 F6 z" K* S, s2 O1.[单 ...
CentOS 7 在线安装docker及问题处理（一）
目录前言一.条件准备二.操作步骤 1.添加docker的yum源 2.查看所有仓库中docker版本. 3.配置镜像加速器 4.加载daemon.json文件 5.安装docker 6.启动,并 ...
ubuntu 18.04 LTS 国内源安装docker
ubuntu 18.04 LTS 国内源安装docker 检查系统内核版本 $uname -r 4.15.0-42-generic 修改apt国内源为中科大源 sudo cp /etc/apt/sou ...
在线安装docker
文章目录一.安装docker 1. 在线安装docker 2. 换镜像源一.安装docker 1. 在线安装docker #安装 yum install docker#检验安装是否成功 [root ...
Linux离线与在线安装Docker 详细教程
前言: CentOS系统下Docker相关简单命令: 1.启动docker: systemctl start docker 或 service docker start 2.停止docker:syst ...
一、Docker：Linux/Windows在线安装Docker与命令大全总结
Docker是一种基于Linux的开源的应用容器引擎,它能够实现一个隔离的.安全的.独立的容器环境,在这个容器中可以安装各种产品,例如MySQL.Nginx.Python.Redis等,并且能够实现秒 ...
Ubuntu16.04/18.04/20.04下安装Docker
Docker Engine-Community 支持以下的 Ubuntu 版本: Xenial 16.04 (LTS) Bionic 18.04 (LTS) Focal 20.04(LTS) 或者更高 ...
Centos7.x 在线安装Docker和离线安装 Docker
文章目录一.在线安装二.联网下载软件 2.1. 下载rpm 2.2. 安装 docker 2.3.测试验证一.在线安装 sudo yum install -y yum-utils device- ...
在线安装 docker
系统要求:centos 7 64位,centos-extras存储库必须启用. 卸载旧版Docker 查询当前的Docker版本 $ docker -v 如果存在已安装的Docker,卸载 $ sud ...

【Linux operation 18】 - SUSE 12 SP5在线安装Docker

【Linux operation 18】 - SUSE 12 SP5在线安装Docker相关推荐

最新文章

热门文章