Skip to content

Preparing a basic template

Jump to bottom
Khodayar Doustar edited this page Apr 26, 2020 · 10 revisions

Main doc: https://docs.okd.io/3.11/install/host_preparation.html

I'm using VMware vCenter as my IaaS, so we would need a template to populate my VMs with it:

  • 16GiB HDD for OS (/dev/sda)
  • 16Gib HDD for docker storage (/dev/sdb)
  • 16 GiB RAM
  • 4 vCPU
  • One network card with access to the private network (10.1.1.1/24), of course 10.1.1.1 should be set as the gateway.
  • RAM and CPU hot add should be enabled.

and CentOS 7 Latest release minimal installation.

  • LVM autoconfig
  • No NTP configuration

Install yum base packages:

[root@tmp ~]# yum install wget bash git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct glusterfs-fuse

Install and configure docker

[root@tmp ~]# yum install docker-1.13.1
[root@tmp ~]# cat /etc/sysconfig/docker-storage-setup 
DEVS=/dev/sdb
VG=docker-vg
[root@tmp ~]# docker-storage-setup

Verify docker storage setting

(check for dm.thinpooldev in setup file and docker-pool in lvs):

[root@tmp ~]# cat /etc/sysconfig/docker-storage
DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt dm.fs=xfs --storage-opt dm.thinpooldev=/dev/mapper/docker--vg-docker--pool --storage-opt dm.use_deferred_removal=true --storage-opt dm.use_deferred_deletion=true "
[root@tmp ~]# lvs
  LV          VG        Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  root        centos    -wi-ao---- 13.39g                                                    
  swap        centos    -wi-ao----  1.60g                                                    
  docker-pool docker-vg twi-a-t--- <6.36g             0.29   10.20                           
[root@tmp ~]#

Secure docker storage:

Add --log-opt max-size=1M --log-opt max-file=3

[root@tmp ~]# cat /etc/sysconfig/docker | grep -v ^# | grep -v ^$
OPTIONS='--selinux-enabled --signature-verification=false --log-opt max-size=1M --log-opt max-file=3'
if [ -z "${DOCKER_CERT_PATH}" ]; then
    DOCKER_CERT_PATH=/etc/docker
fi
[root@tmp ~]#

Secure docker volume setting:

Exclude this step for GlusterFS nodes (all glf## and glr##) or installation will fail

Install required package:

[root@tmp ~]# yum install docker-novolume-plugin
[root@tmp ~]# systemctl enable docker-novolume-plugin
[root@tmp ~]# systemctl start docker-novolume-plugin

Add --authorization-plugin=docker-novolume-plugin

[root@tmp ~]# cat /etc/sysconfig/docker | grep -v ^# | grep -v ^$
OPTIONS='--selinux-enabled --signature-verification=false --log-opt max-size=1M --log-opt max-file=3 --authorization-plugin=docker-novolume-plugin'
if [ -z "${DOCKER_CERT_PATH}" ]; then
    DOCKER_CERT_PATH=/etc/docker
fi
[root@tmp ~]#

Initiate docker:

[root@tmp ~]# systemctl enable docker
[root@tmp ~]# systemctl start docker
[root@tmp ~]# systemctl is-active docker
Clone this wiki locally