If you haven’t checked out docker yet you definitely should! It hype says it’s going to do to application deployment what intermodal containers did to the cargo transportation industry. That’s a tall order, and we’ll see if it lives up to such a lofty goal. Regardless, it is a technology that could solve a lot of problems for Development and Operations teams and it is worth checking out.
Being such a new project it’s built to run on the latest-and-greatest version of a single distribution, Ubuntu. However many of us are working at CentOS/RHEL shops, and to use this technology you’ll need to jump through a few extra hoops to get it deployed.
Docker does its magic via LXC, cgroups, and a layered filesystem called AUFS. LXC is currently included in RHEL kernels, but AUFS is not. You’ll need to install components of both these systems to get docker working on your system.
Upgrading your Kernel
First you’ll need to update your kernel to one that supports AUFS. The one I use is one built by dotcloud. It conflicts with the kernel-firmware package, so remove that first, install the kernel the update your initrd via dracut.
rpm -e kernel-firmware
rpm -i http://get.docker.io/kernels/kernel-3.2.40_grsec_dotcloud-4.x86_64.rpm
/sbin/dracut --add-drivers dm-mod --add-drivers linear "" 3.2.40-grsec-dotcloud
edit /boot/grub/grub.conf to add a new entry for the 3.2.40 kernel, and append ‘selinux=0′ to the end of your command line. The dotcloud kernel isn’t compiled with selinux support. Then use
grub-install /dev/(your boot disk) to install the updated bootloader configuration.
There’s a few other things to do because of the differences in this kernel’s version and configuration vs. a standard RHEL kernel.
echo "blacklist evbug" >>/etc/modprobe.d/blacklist.conf
# plymouthd doesn't behave properly w/ chroot_caps
echo "kernel.grsecurity.chroot_caps = 0" >>/etc/sysctl.conf
# If you want to enable this after the system comes up:
echo "sysctl kernel.grsecurity.chroot_caps=1">>/etc/rc.local
Be sure ip forwarding is turned on. You can accomplish this via
echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
You also need to prevent iptables from starting at boot, or modify your iptables rules for docker networking to work.
Be sure your system mounts the /cgroups filesystem at boot. If not, add it to /etc/fstab:
echo "none /cgroup cgroup defaults 0 0" >>/etc/fstab
You should reboot into the new kernel at this point.
Installing the required tools
Next we’re going to build an aufs-utils RPM and install it.. You could just compile it from source, but if you are like me, it’s likely you are doing this for a ton of systems, so much cleaner to build an RPM, and install it on many systems keeping as much as possible under the management of the package management system..
Be sure you have development tools installed.. If not
yum groupinstall "Development tools" should do the trick. Next lets build the aufs-utils package and install it.. Here’s how I did it under CentOS6:
sudo yum install glibc-static
rpmbuild --rebuild aufs-util-9999-13.1.src.rpm
rpm -U (path-to)/aufs-util-9999-13.1.x86_64.rpm
You’ll also need to install lxc and lxc-libs – if you have the dag repo set up you can just ‘yum install’ it.. Otherwise, download and install them directly:
rpm -U lxc-0.8.0-1.el6.rf.x86_64.rpm lxc-libs-0.8.0-1.el6.rf.x86_64.rpm
Installing the docker binaries
Finally, we’ll download, install, and test the docker binaries. I tried to get compiling to work, by rebuilding the golang package from fedora on my CentOS box but didn’t get it working – the binaries work just fine:
tar xzf docker-latest.tgz
./docker -d &
./docker run -i -t busybox /bin/sh
The final command should give you a shell prompt from inside a busybox docker container. Hopefully it is all working for you at this point. If you had problems, or have changes to the directions, post them in the comments below!