Making Docker Desktop more manageable with Portainer 2 – Let’s All Go to the Cloud
Log in to the VM as shown, using the default OPC user:
% ssh [email protected]
Activate the web console with: systemctl enable –now cockpit.socket
Last login: Mon Aug 21 14:15:13 2023 from 107.200.172.229
[opc@portainer2 ~]$
After logging in, you’ll want to update the repositories. To do this, as in the other recipes in this cookbook, you’ll need superuser privileges. The following output from the update was truncated for length:
[opc@portainer2 ~]$ sudo su –
Last login: Mon Aug 21 15:28:41 GMT 2023 on pts/0
[root@portainer2 ~]# yum upgrade -y && yum update -y
=======================================================================================================
Package Arch Version Repository Size
=======================================================================================================
Upgrading:
cloud-init noarch 22.1-8.0.4.el8_8.1 ol8_appstream 1.1 M
iscsi-initiator-utils x86_64 6.2.1.4-8.git095f59c.0.1.el8_8 ol8_baseos_latest 382 k
iscsi-initiator-utils-iscsiuio x86_64 6.2.1.4-8.git095f59c.0.1.el8_8 ol8_baseos_latest 102 k
microcode_ctl x86_64 4:20230214-2.0.3.el8 ol8_baseos_latest 7.7 M
systemd x86_64 239-74.0.4.el8_8.3 ol8_baseos_latest 3.6 M
systemd-libs x86_64 239-74.0.4.el8_8.3 ol8_baseos_latest 1.1 M
systemd-pam x86_64 239-74.0.4.el8_8.3 ol8_baseos_latest 506 k
systemd-udev x86_64 239-74.0.4.el8_8.3 ol8_baseos_latest 1.6 M
After updating the repositories, we’re ready to start installing Docker and begin our container journey. In order to install Docker, we’ll need to install the ZIP utilities to unzip the required files that we have downloaded. To do this, we’ll use the dnf command:
[root@portainer2 ~]# dnf install -y dnf-utils zip unzip
After installing the ZIP utilities, we’ll have to enable the Docker repository in order to download Docker. The following is the command to enable the repo and add it to the repo list:
[root@portainer2 ~]# dnf config-manager –add-repo=https://download.docker.com/linux/centos/docker-ce.repo
Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
Note
We need to eliminate a vulnerability that allows attackers to overwrite the host runc binary by executing a root command with any type of container. Attackers can exploit this vulnerability to use a new container with an attacker-controlled image or infiltrate an existing container if they have previous write access:
[root@portainer2 ~]# dnf remove –y runc
Install Docker using the following dnf command. The following output has been truncated for length:
[root@portainer2 ~]# dnf install -y docker-ce –nobest
Docker CE Stable – x86_64 1.3 MB/s | 49 kB 00:00
Dependencies resolved.
Package Arch Version Repository Size
Installing:
docker-ce x86_64 3:24.0.5-1.el8 docker-ce-stable 24 M
…
[Truncated due to length]
…
Complete!
Once Docker is installed, we can move on to enabling the Docker service and starting Docker Engine. In order to enable the Docker service, we need to use systemctl, as shown in the following snippet:
[root@portainer2 ~]# systemctl enable docker.service
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
Once the service is enabled, we can move to start the Docker service/Docker Engine. We’ll once again be using systemctl to call Docker Engine to start:
[root@portainer2 ~]# systemctl start docker.service
After starting the service, we’ll want to ascertain the status of the service to be assured that Docker has started properly and the service is running and healthy:
[root@portainer2 ~]# systemctl status docker.service
● docker.service – Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2023-08-21 15:50:49 GMT; 1min 19s ago
Docs: https://docs.docker.com
Main PID: 76180 (dockerd)
Tasks: 9
Memory: 28.2M
CGroup: /system.slice/docker.service
└─76180 /usr/bin/dockerd -H fd:// –containerd=/run/containerd/containerd.sock
Aug 21 15:50:48 portainer2 systemd[1]: Starting Docker Application Container Engine…
…
Truncated due to length lines 1-20/20 (END)
…
Now that our Docker Engine is up and running, we want to see what Docker version is running, as well as its health and all other Docker Engine-related data:
[root@portainer2 ~]# docker info
Client: Docker Engine – Community
Version: 24.0.5
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.2
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.20.2
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 24.0.5
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: false
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: 8165feabfdfe38c65b599c4993d227328c231fca
runc version: v1.1.8-0-g82f18fe
init version: de40ad0
Security Options:
seccomp
Profile: builtin
Kernel Version: 5.15.0-103.114.4.el8uek.x86_64
Operating System: Oracle Linux Server 8.8
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 15.32GiB
Name: portainer2
ID: 597d584f-bf1c-4cda-aa22-8ca2c28f33c0
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Since Portainer requires a later Python environment, we’ll want to be sure that the correct version is installed. Python is a prerequisite to the installation. The following command output has been truncated for length:
yum install -y libffi libffi-devel openssl-devel python3 python3-pip python3-devel
Last metadata expiration check: 0:13:58 ago on Mon 21 Aug 2023 03:43:32 PM GMT.
Package libffi-3.1-24.el8.x86_64 is already installed.
Package openssl-devel-1:1.1.1k-9.el8_7.x86_64 is already installed.
Package python36-3.6.8-38.module+el8.5.0+20329+5c5719bc.x86_64 is already installed.
Package python3-pip-9.0.3-22.el8.noarch is already installed.
Dependencies resolved.
============================================================================================================
Package Arch Version Repository Size
============================================================================================================
Installing:
Complete!
To install Python, we use PIP, which is the standard package manager for Python. PIP allows you to manage and install all packages that aren’t typically part of the standard Python library. Installing Python is an underlying requirement for the Portainer installation.
You’ll want to exit out of root to install this version of Python:
[opc@portainer2 ~]$ pip install –upgrade –ignore-installed pip setuptools
Defaulting to user installation because normal site-packages is not writeable
Collecting pip
Downloading pip-21.3.1-py3-none-any.whl (1.7 MB)
|████████████████████████████████| 1.7 MB 38.3 MB/s
Collecting setuptools
Downloading setuptools-59.6.0-py3-none-any.whl (952 kB)
|████████████████████████████████| 952 kB 78.6 MB/s
Installing collected packages: setuptools, pip
Successfully installed pip-21.3.1 setuptools-59.6.0
You’ll want to be root again here to install and update yum packages. Yum requires root privileges to execute, so you’ll want to sudo or su to root.
After we’ve updated the Python installation, we need to install and update the Python library requirements for Docker and Portainer:
[opc@portainer2 ~]$ sudo su –
Last login: Mon Aug 21 15:33:33 GMT 2023 on pts/0
[root@portainer2 ~]# yum install -y libffi libffi-devel openssl-devel python3 python3-pip python3-devel
You’ll want to exit out of root here to install docker-compose, using Python pip to execute. Python pip is the standard for installing any Python package and is the go-to method for installing those packages in a secure manner:
[root@portainer2 ~]# exit
logout
[opc@portainer2 ~]$ pip3 install docker-compose