User Tools

Site Tools

Trace: docker_host_on_centos_7
docker_host_on_centos_7

Table of Contents

Docker host on CentOS 7

Base installation

  • minimal install
  • disable kdump
  • do not configure network
  • no security policy
  • create own partition layout, choose LVM
  • create 512MB /boot
  • create swap of 4GB on LVM, rename volumename cl to rootvg. use all remaing space on disk for LVM
  • do not use all space for root filesystem. I choose 16GB for / and keep the rest unused.
  • choose ext4 for all filesystems. I do not believe in XFS as Redhat does.

Configure network

# remove old interface config
nmcli con del eno1
nmcli con del eno2

Teaming

I am going to use vlans on a teaming interface of two network interfaces. It is easy to assign vlan interfaces to Openstack. This is the configuration for one server: 

# create team device
nmcli con add type team con-name team0 ifname team0 config '{"runner": {"name": "lacp"}}'

# add NICs to team
nmcli con add type team-slave con-name team0-uplink1 ifname eno1 master team0
nmcli con add type team-slave con-name team0-uplink2 ifname eno2 master team0

# bring up team
nmcli con up team0-uplink1
nmcli con up team0-uplink2

# verify team0 ports
ip link
teamnl team0 ports
teamdctl team0 state

# disable ip addresses on team interface
nmcli con mod team0 ipv4.method disabled
nmcli con mod team0 ipv6.method ignore

# finally  bring up team0
nmcli con up team0

Bonding

nmcli con add type bond con-name bond0 ifname bond0 mode 802.3ad

# disable IP on bond0 interface
nmcli c mod bond0 ipv4.method disabled
nmcli c mod bond0 ipv6.method link-local

# add slaves
nmcli con add type bond-slave ifname eno1 master bond0
nmcli con add type bond-slave ifname eno2 master bond0

VLAN

# create vlan devices
nmcli con add type vlan con-name vlan2 dev team0 id 2 connection.interface-name vlan2
nmcli con add type vlan con-name vlan11 dev team0 id 11 connection.interface-name vlan11

# disable ip addresses on vlan11 interface. we are going to use this as an external network in openstack
nmcli con mod vlan11 ipv4.method disabled
nmcli con mod vlan11 ipv6.method link-local

# ipv4 on vlan2
nmcli con mod vlan2 ipv4.method manual ipv4.addresses 172.16.2.12/24 ipv4.gateway 172.16.2.1 ipv4.dns 172.16.2.21,208.67.222.222 ipv4.dns-search mngt.bh.helux.nl

# ipv6 on vlan2
nmcli con mod vlan2 ipv6.method manual ipv6.addresses 2a02:22a0:bbb7:402::12/64 ipv6.gateway 2a02:22a0:bbb7:402::1 ipv6.dns 2620:0:ccc::2

# set hostname
hostnamectl set-hostname hp1.mngt.bh.helux.nl

Configure firewalld

Use my Using firewalld to create zones with subnets on CentOS 7 howto to create the zones and rules.

Configure disks

We are going to create an LV for Docker to store its containers. 

lvcreate -L16G -n docker rootvg
mkdir /var/lib/docker
mkfs.ext4 -m0 /dev/rootvg/docker

The disk is a SSD so adding noatime,discard to the mount options. Setting discard on the swap filesystems seems unstable.

/etc/fstab
/dev/mapper/rootvg-root / ext4 defaults,noatime,discard 1 1
UUID=0b76534c-06fd-4428-97fc-9cd937c1d875 /boot ext4 defaults,noatime,discard 1 2
/dev/mapper/rootvg-swap swap swap defaults 0 0
/dev/mapper/rootvg-docker /var/lib/docker ext4 defaults,noatime,discard 1 2
mount -o remount /
mount -o remount /boot
mount /var/lib/docker

Configure Chrony

yum -y install chrony
systemctl enable chronyd

I use my own NTP reference clock:

/etc/chrony.conf
.
.
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 172.16.2.250 iburst
.
.
systemctl restart chronyd

Repositories and yum config

Add EPEL and official Docker repository 

yum -y install epel-release
/etc/yum.repos.d/docker.repo
[docker]
name=Docker for Enterprise Linux 7 - $basearch
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=0
/etc/yum.conf
.
.
installonly_limit=2

Packages

Install some useful stuff 

yum -y install net-tools wget bind-utils deltarpm bash-completion yum-plugin-remove-with-leaves yum-utils

Update everything 

yum -y update

Install docker 

yum -y install docker-engine python-docker-py

Docker setting for Kolla: 

# Create the drop-in unit directory for docker.service
mkdir -p /etc/systemd/system/docker.service.d
# Create the drop-in unit file
tee /etc/systemd/system/docker.service.d/kolla.conf <<-'EOF'
[Service]
MountFlags=shared
EOF
systemctl daemon-reload
systemctl enable docker
systemctl restart docker

Root CA certificate to communicate with the Docker repository

On each node I trust my own root CA. 

update-ca-trust force-enable
cd /etc/pki/ca-trust/source/anchors
curl http://ldap.mngt.bh.helux.nl/cacert.pem -o HeluxCA.pem
update-ca-trust extract

Reboot and remove old kernel

reboot
package-cleanup --oldkernels --count=1
docker_host_on_centos_7.txt · Last modified: by herwarth

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki