Skip to content

Setup Docker on Fedora 32

Jun Aruga edited this page Aug 28, 2020 · 8 revisions

This page is steps to setup Docker for the project on Fedora 32.

System preparation

See Fedora Magazine - Docker and Fedora 32 - Step 1: System preparation for detail.

Change cgroups to v1.

As Docker does not support cgroups v2 that is the default on Fedora 32, change the cgroups to v1.

$ sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"

Whitelist docker in firewall

The first command will allow Docker to make remote connections. The second command will allow docker to make local connections

Important note: I faced this issue on my Fedora 32 later. It's safer not to try the following steps.

$ sudo firewall-cmd --permanent --zone=trusted --add-interface=docker0
$ sudo firewall-cmd --permanent --zone=FedoraWorkstation --add-masquerade
$ sudo firewall-cmd --reload

If you want to remove the docker firewalld setting to be clean, you can run the following command.

$ sudo firewall-cmd --permanent --zone=trusted --remove-interface=docker0
$ sudo firewall-cmd --reload

If you see the following result, "maybe" it's okay.

$ sudo firewall-cmd --get-active-zones
FedoraWorkstation
  interfaces: wlp2s0
docker 
  interfaces: docker0

As an alternative safer way to run docker, just change "nftables" to "iptables" in the following part.

$ sudo grep ^FirewallBackend /etc/firewalld/firewalld.conf
FirewallBackend=nftables
$ sudo firewall-cmd --reload

You can refer this ticket for detail.

Docker

We would explain 2 use cases.

  • a. Install Docker CE from docker official repository.
  • b. Install Moby from Fedora official repository.

a. Install Docker CE from docker official repository.

Remove conflicts

If you are installing moby, then want to switch to Docker CE, run the following commands.

$ sudo dnf remove moby-engine
$ sudo dnf remove docker-compose

Remove the data and config files if you can.

$ sudo rm -rf /var/lib/docker
$ sudo rm -rf /etc/docker
$ sudo rm -f /etc/sysconfig/docker

Install Docker by the official tutorial.

Note the docker installation script fails like this as the repository is not provided.

$ cat /etc/fedora-release 
Fedora release 32 (Thirty Two)

$ curl -fsSL https://get.docker.com -o get-docker.sh

$ sudo sh get-docker.sh
...
Errors during downloading metadata for repository 'docker-ce-stable':
  - Status code: 404 for https://download.docker.com/linux/fedora/32/x86_64/stable/repodata/repomd.xml (IP: 99.86.243.99)

Edit the downloaded repository config file, replacing $releasever (= Fedora release version = 32) to 31.

$ sed -i.bak 's/$releasever/31/g' /etc/yum.repos.d/docker-ce.repo
$ sudo dnf install docker-ce docker-ce-cli containerd.io

Install docker-compose

$ curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o docker-compose
$ chmod +x docker-compose
$ sudo mv docker-compose /usr/local/bin/

b. Install Moby from Fedora official repository.

Follow this tutorial.

Remove conflicts

Refer Docker CE official - Uninstall Docker Engine.

$ sudo dnf remove docker-ce docker-ce-cli containerd.io

$ sudo rm -rf /var/lib/docker

Install Docker and docker-compose

$ sudo dnf install moby-engine docker-compose

You see dockerd is running with the --live-restore option.

$ ps -wwef | grep docker
root        5209       1  3 15:58 ?        00:00:00 /usr/bin/dockerd --host=fd:// --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald --storage-driver=overlay2 --live-restore --default-ulimit nofile=1024:1024 --init-path /usr/libexec/docker/docker-init --userland-proxy-path /usr/libexec/docker/docker-proxy

In the condition, docker swarm does not work. When the --live-restore option is enabled, you see the following error message.

$ docker swarm init
Error response from daemon: --live-restore daemon configuration is incompatible with swarm mode

You need to edit /etc/sysconfig/docker to remove --live-restore option to make docker swarm work. See this instruction for detail. This is moby specific operation installed from Fedora repository. Docker CE does not have and see /etc/sysconfig/docker file.

$ sudo vi /etc/sysconfig/docker
$ cat /etc/sysconfig/docker 
# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
# OPTIONS="--selinux-enabled \
#   --log-driver=journald \
#   --storage-driver=overlay2 \
#   --live-restore \
#   --default-ulimit nofile=1024:1024 \
#   --init-path /usr/libexec/docker/docker-init \
#   --userland-proxy-path /usr/libexec/docker/docker-proxy \
# "
OPTIONS="--selinux-enabled \
  --log-driver=journald \
  --storage-driver=overlay2 \
  --default-ulimit nofile=1024:1024 \
  --init-path /usr/libexec/docker/docker-init \
  --userland-proxy-path /usr/libexec/docker/docker-proxy \
"

Restart the docker daemon. Check --live-restore is not shown for the process.

$ sudo systemctl restart docker

$ ps -wwef | grep docker
root        5473       1  2 16:03 ?        00:00:00 /usr/bin/dockerd --host=fd:// --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald --storage-driver=overlay2 --default-ulimit nofile=1024:1024 --init-path /usr/libexec/docker/docker-init --userland-proxy-path /usr/libexec/docker/docker-proxy

Make sure docker swarm works.

$ docker swarm init
$ docker swarm leave --force