-
Notifications
You must be signed in to change notification settings - Fork 4
DockerCentOS
robnagler edited this page Mar 3, 2021
·
1 revision
Generic install of Docker on CentOS 7 and 8 with TLS
yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engineyum install yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ceDo not start the docker daemon (it may have already started).
For complete documentation: https://docs.docker.com/engine/install/centos/
Create self-signed cert and restart Docker:
install -d -m 700 /etc/docker
install -d -m 700 /etc/docker/tls
cd /etc/docker/tls
openssl req -x509 -days 9999 -newkey rsa -keyout key.pem -out cert.pem -config /dev/stdin <<EOF
[req]
default_md = sha256
distinguished_name = subj
encrypt_key = no
prompt = no
serial = $(date +%s)
x509_extensions = v3_req
[v3_req]
subjectAltName = DNS:$(hostname -f), DNS:localhost.localdomain
[subj]
CN = $(hostname -f)
EOF
chmod 400 cert.pem key.pem
install -m 400 /dev/stdin /etc/docker/daemon.json <<EOF2
{
"data-root": "$data",
"hosts": ["tcp://localhost.localdomain:2376", "tcp://$(hostname -f):2376", "unix://"],
"iptables": true,
"live-restore": true,
"log-driver": "journald",
"tls": true,
"tlscacert": "/etc/docker/tls/cert.pem",
"tlscert": "/etc/docker/tls/cert.pem",
"tlskey": "/etc/docker/tls/key.pem",
"tlsverify": true,
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
]
}
EOF2install -D -m 444 /dev/stdin /etc/systemd/system/docker.service.d/override.conf <<EOF2
# https://docs.docker.com/config/daemon/#troubleshoot-conflicts-between-the-daemonjson-and-startup-scripts
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
EOF2
systemctl daemon-reload
systemctl restart docker
systemctl enable docker