-
Notifications
You must be signed in to change notification settings - Fork 55
Installing Clear Containers on Clear Linux
Contents
Clear Containers 2.0 provides an Open Containers Initiative (OCI) compatible 'runtime' and is installable into Docker 1.12.0 and later, where OCI runtime support is available.
You will need to have a Clear Linux installation before commencing this procedure, although Clear Containers do not depend on Clear Linux as a host and can be run on top of other distributions. See Installing Clear Linux for more details.
The following steps install and configure Clear Containers and Docker into an existing Clear Linux distribution. You will require Clear Linux version 9890 or above.
Again, please note that Clear Containers can run on top of other distributions. Here, Clear Linux is used as one example of a distribution Clear Containers can run on. This document does not cover installing Clear Containers on other distributions.
After this installation you will be able to launch Docker container payloads using either the default Docker (runc) Linux Container runtime or the Clear Containers QEMU/KVM hypervisor based runtime (cc-oci-runtime) which makes use of an optimised QEMU called QEMU-lite.
You will need root privileges in order to run a number of the following commands. It is recommended you run these commands from a user account with sudo rights.
If your user does not already have sudo rights, you should add your user to wheel group whilst logged in as root:
# usermod -G wheel -a <USERNAME>
This change will take effect once you have logged out as root and logged back in as <USERNAME>.
And you will also need to add your user or group to the /etc/sudoers file, for example:
# visudo #and add the line: %wheel ALL=(ALL) ALL
You can now log out of root, log in as your <USERNAME> and continue by using sudo.
Before you try to install and run Clear Containers it is prudent to check that your machine (hardware) is compatible. The easiest way to do this is to download and run the Clear Containers check config script:
$ curl -O https://download.clearlinux.org/current/clear-linux-check-config.sh $ chmod +x clear-linux-check-config.sh $ ./clear-linux-check-config.sh container
This command will print a list of test results. All items should return a 'SUCCESS' status - but you can ignore the 'Nested KVM support' item if it fails - this just means you cannot run Clear Containers under another hypervisor such as KVM, but can still run Clear Containers directly on top of native Clear Linux or any other distribution.
The more recent your version of Clear Linux the better Clear Containers will perform, and the general recommendation is that you ensure that you are on the latest version of Clear Linux, or at least version 9890.
To check which version of Clear Linux you are on, and what the latest available is, from within Clear Linux run:
$ sudo swupd update -s
To update your Clear Linux installation to the latest execute:
$ sudo swupd update
$ sudo swupd bundle-add containers-basic
To enable your user to access both Docker and KVM you will need to add them to the relevant groups on the machine:
$ sudo usermod -G kvm,docker -a <USERNAME>
For these new group memberships to take effect, log out and log back in again as <USERNAME>.
Docker on Clear Linux provides 2 service files to start the daemon, and only one will be enabled.
- docker.service (
runc) - docker-cor.service (
cc-oci-runtime)
If you are running Clear Linux on baremetal or on a VM with Nested Virtualization activated the service docker-cor will be launched and default runtime will be cc-oci-runtime.
If you are running Clear Linux on a VM without Nested Virtualization the service docker will be launched and default runtime will be runc.
After you install bundle containers-basic you'll need to start docker(s) services (don't worry only one of these will start and will do the checks for you)
$ sudo systemctl start docker $ sudo systemctl start docker-cor
To check which one of these are activated just run:
$ sudo systemctl status docker or $ sudo systemctl status docker-cor
Note: In the next reboot the docker daemon will start automatically.
Before we dive into using Clear Containers it is prudent to do a final sanity check to ensure that relevant Docker parts have installed and are executing correctly:
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES $ docker network ls NETWORK ID NAME DRIVER SCOPE 028f36f79ca5 bridge bridge local 8a22faead310 host host local 960c24b9d9de none null local $ docker pull busybox Using default tag: latest latest: Pulling from library/busybox 8ddc19f16526: Pull complete Digest: sha256:a59906e33509d14c036c8678d687bd4eec81ed7c4b8ce907b888c607f6a1e0e6 Status: Downloaded newer image for busybox:latest $ docker run -it busybox sh [ 0.063356] systemd[1]: Failed to initialise default hostname / # uname -a Linux f0098e68456f 4.5.0-49.container #1 SMP Mon Aug 8 20:46:42 UTC 2016 x86_64 GNU/Linux / # exit
In the final step above it can be seen that we are running a Clear Container in a hypervisor, as the Linux kernel version 4.5.0-49.container is different from the kernel being used by the underlying host system.
You now have Docker installed with Clear Containers enabled as the default OCI runtime. You can now try out Clear Containers.