How to install Docker EE in RHEL7

How to install Docker EE in RHEL7

Will see How to install Docker EE in RHEL7 in this post. We have other steps as well on our blog to install the Docker in Linux.

It’s a container virtualization technology and more efficient in the deploy an application.

We have two option to install the Docker EE in RedHat Linux.

  1. Yum Repository: Create/ Enable YUM Repository and install using that. this is the recommended one to install/ upgrade a package in Linux.
  2. RPM: We have to download and install manually. This will be useful to install when the system doesn’t have internet access.

Requirement:

RHEL 7.1 or Higher Operating System.

overlay2 or device-mapper storage driver(direct-lvm mode for production environment)

Yum repository.

Disable SELinux in IBM Power Systems before install/ Upgrade

Enabling YUM Repository for Docker EE Installation:

Browse “https://store.docker.com/my-content” and login. You should at least registered for the trail.

Once logged in, Click “Setup” to get the URL to enable the repository.

Copy the URL from “Copy and paste this URL to download your Edition:” and save it for later use.

You will use this URL to create the variable called “DOCKERURL“.

Use the below command to remove existing docker repo.

[root@localhost ~]# rm /etc/yum.repos.d/docker*.repo

Save the copied URL in the environmental variable(DOCKERURL). Replace with URL where “<DOCKER-URL>” is mentioned in below command.

#export DOCKERURL="<DOCKER-EE-URL>"

Than now store the variable(DOCKERURL) in yum variable /etc/yum/vars

[root@localhost ~]# sudo -E sh -c 'echo "$DOCKERURL/rhel" > /etc/yum/vars/dockerurl'

Now store the OS version in /etc/yum/vars/dockerosversion:

[root@localhost ~]# sh -c 'echo "7.3" > /etc/yum/vars/dockerosversion'

Then install the required packages yum-utils, device-mapper-persistent-data and lvm2

[root@localhost ~]# yum -y install yum-utils device-mapper-persistent-data lvm2

Now will enable extras RHEL repository and This will ensure the access to container-selinux which is package required by “Docker-EE” and the below command will be used in all Architecture except IBM Power Systems.

[root@localhost ~]# yum-config-manager --enable rhel-7-server-extras-rpms
Loaded plugins: product-id

For IBM Power System use the below command:

#yum-config-manager --enable extras
#subscription-manager repos --enable=rhel-7-for-power-le-extras-rpms
#yum makecache fast
#yum -y install container-selinux

Add the Docker EE repository using below command.

[root@localhost ~]# yum-config-manager --add-repo "$DOCKERURL/rhel/docker-ee.repo"

Installing Docker EE in RedHat Linux:

Now using the docker repository will install the Docker-EE by executing below command.

[root@localhost ~]# yum install docker-ee

Note: If the above command failed for “container-selinux” dependency. Then we should install the container-selinux and below two are dependency packages for container-selinux

policycoreutils.2.5-11.el7 Click here to download

policycoreutils-python (This will be available in your OS packages list)

Now again try to install the docker-ee using yum.

Start the docker using systemctl.

[root@localhost ~]# systemctl start docker

Now we completed docker-ee installation.

To verify Docker-EE installed correctly, use the hello-world image. This will download a test image and run it in a container. Will give you the information.

[root@localhost ~]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
9bb5a5d4561a: Pull complete
Digest: sha256:f5233545e43561214ca4891fd1157e1c3c563316ed8e237750d59bde73361e77
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/

 

So, Finally we completed the Docker installation.

Refernce: docs.docker.com

About Python

About Python:

Python language created by Guido van Rossum.

Features of Python

Built on c  routines

Easy to use and debug

Portable

Object oriented

Interface with other languages

compiled and Interpreted language

Open and free

 

Download link:        www.python.org

To know python version use below command

python -v

Note: Any line starts with # will commented and not used by script while executing.

Will create a script file with .py extension and should use python command to run the python script.

Example:     

python first.py

Installing Puppet in RHEL7/ Cent OS 7

Will see Installing Puppet in RHEL7/ Cent OS 7

Now a days all the administration tasks are rapidly moving to automation and its reducing manpower,cost and time. Its mandatory to learn the anyone of the scripting and anyone of automation tool for system administrators at this situation.  Automating tasks in server end is very critical and most important one.  There are lots of tools available for automation. Here we are going to see about puppet.

What is puppet?

Its a open source tool and developed by puppet labs for Linux/Unix/Mac and Windows machines. Puppet is written in Ruby language and its mostly used for automating jobs in server and automating the jobs from server to clients.

Features:

To avoid duplication of work.

Powerful framework

Mature tool

System administrator tasks simplify.

To make speed and repeated changes automatically.

To maintain system consistency and integrity

Very easy to manage vm, cloud and physical machines.

Enabling EPEL repository and dependencies for installation:

System time should be set as accurately on server, which is going to act as master chef server. So, set the time in your server.

Make sure that both the master and agent server should resolev the hostnames. So, make an entry in /etc/hosts file.

once time fixed will enable EPEL repository by using below command.

RHEL7/ Cent OS 7:

[root@server init.d]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-releas e-latest-7.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.yXngEr: Header V3 RSA/SHA256 Signature, key ID 352c64e 5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
 1:epel-release-7-10 ################################# [100%]

List the EPEL Repository Packages :

[root@server init.d]# yum --disablerepo=* --enablerepo=epel list

Now to have puppet ready setup, have to use apache with passanger. To get that, download and place the repo file in /etc/yum.repos.d/

[root@server init.d]# curl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo

To setup puppet master/node now we need to enable the puppet lab repository and dependencies and run it on both master and agent servers.

[root@server init.d]# rpm -ivh https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Retrieving https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
Preparing... ################################# [100%]
 package puppetlabs-release-22.0-2.noarch is already installed

 

Installing Puppet:

Use the below command to install Puppet server. This will install init script (/etc/init.d/puppetmaster) to run a test-quality puppet master server.

[root@server ~]# yum install puppet-server

Installed:
 puppet-server.noarch 0:3.8.7-1.el7

Dependency Installed:
 facter.x86_64 1:2.4.6-1.el7 hiera.noarch 0:1.3.4-1.el7 libselinux-ruby.x86_64 0:2.5-6.el7 libyaml.x86_64 0:0.1.4-11.el7_0
 puppet.noarch 0:3.8.7-1.el7 ruby.x86_64 0:2.0.0.648-29.el7 ruby-augeas.x86_64 0:0.4.1-3.el7 ruby-irb.noarch 0:2.0.0.648-29.el7
 ruby-libs.x86_64 0:2.0.0.648-29.el7 ruby-shadow.x86_64 1:2.2.0-2.el7 rubygem-bigdecimal.x86_64 0:1.2.0-29.el7 rubygem-io-console.x86_64 0:0.4.2-29.el7
 rubygem-json.x86_64 0:1.7.7-29.el7 rubygem-psych.x86_64 0:2.0.0-29.el7 rubygem-rdoc.noarch 0:4.0.0-29.el7 rubygems.noarch 0:2.0.14.1-29.el7

Complete!

Now we need to configure the puppet master/agent architecture.  in our case this node going to work as master server. So, edit /etc/puppet/puppet.conf file and change the dns_alt_names.

[root@server ~]# vi /etc/puppet/puppet.conf
[main]
 dns_alt_names=server,server.lbcdomain.com
 certname=server.lbcdomain.com

Save and exit from the file.

Run the below command to create puppet master certificate:

[root@server ~]# puppet master --verbose --no-daemonize

Once received “Notice: Starting Puppet master version 3.8.7” press ctrl+c to kill the process.

Now will configure Web server:

Puppet comes with basic web server. In production basically will not use this web server. Before managing nodes by puppet master server, will configure web server first.

[root@server ~]# yum -y install httpd httpd-devel mod_ssl ruby-devel rubygems gcc gcc-c++ pygpgme curl

Now install passenger and apache module:

[root@server ~]# yum install -y mod_passenger

create parent, public and tmp  directories for the application. Copy the ext/rack/config.ru from the puppet source code into the parent directory and set ownership as puppet to the directory.

[root@server ~]# mkdir -p /usr/share/puppet/rack/puppetmasterd
[root@server ~]# mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
[root@server ~]# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
[root@server ~]# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru

Create configuration file to add virtual host for puppet.

[root@server ~]# vi /etc/httpd/conf.d/puppetmaster.conf

make the below entries in virtual host file.

[root@server ~]# vi /etc/httpd/conf.d/puppetmaster.conf
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120

Listen 8140

<VirtualHost *:8140>
        SSLEngine on
        SSLProtocol             ALL -SSLv2 -SSLv3
        SSLCipherSuite          EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
        SSLHonorCipherOrder     on

        SSLCertificateFile      /var/lib/puppet/ssl/certs/server.lbcdomain.com.pem
        SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/server.lbcdomain.com.pem
        SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
        SSLCACertificateFile   /var/lib/puppet/ssl/ca/ca_crt.pem
        # If Apache complains about invalid signatures on the CRL, you can try disabling
        # CRL checking by commenting the next line, but this is not recommended.
        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
        # Apache 2.4 introduces the SSLCARevocationCheck directive and sets it to none
        # which effectively disables CRL checking; if you are using Apache 2.4+ you must
        # specify 'SSLCARevocationCheck chain' to actually use the CRL.
        # SSLCARevocationCheck chain
        SSLVerifyClient optional
        SSLVerifyDepth  1
        # The `ExportCertData` option is needed for agent certificate expiration warnings
        SSLOptions +StdEnvVars +ExportCertData

        # This header needs to be set if using a loadbalancer or proxy
        RequestHeader unset X-Forwarded-For

        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

         DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>  

Now restart the apache service.

[root@server ~]# systemctl restart httpd

Enable apache and disable puppet to autostart while booting.

[root@server ~]# systemctl disable puppet.service
[root@server ~]# systemctl enable httpd.service

Now enable puppet listening port in firewall:

Port: 8140

[root@server ~]# firewall-cmd --zone=public --add-port=8140/tcp --permanent
[root@server ~]# firewall-cmd --reload

 

Now install puppet on Node machines:

before starting puppet agent installation have to configure yum repository same like master server.

Command to install puppet:

[root@client ~]# yum -y install puppet

Make master puppet server details in puppet configuration file like below.

[root@node ~]# vi /etc/puppet/puppet.conf

[agent]
server = server.lbcdomain.com

Now start puppet service in node machine and enable it to start automatically while booting in this run level.

[root@client ~]# systemctl start puppet
[root@client ~]# systemctl enable puppet

Now signin puppet agent node machine certificate in puppet master server:

Agent node will request certificate on first time they attempt to run.

Login and execute the below command in master puppet server.

[root@server ~]# puppet cert list

"node.lbcdomain.com" (SHA256) D4:88:EC:C5:0A:F7:5D:4E:32:C5:B3:61:E0:51:7B:0C:CD:B3:49:9E:68:0B:E7:5D:75:19:1D:0B:92:8A:E7:C1

Run the below command to sign the cert sign

[root@server ~]# puppet cert sign node.lbcdomain.com

Notice: Signed certificate request for node.lbcdomain.com
Notice: Removing file Puppet::SSL::CertificateRequest node.lbcdomain.com at '/var/lib/puppet/ssl/ca/requests/node.lbcdomain.com.pem'

Run below command in puppet agent node machine to verify the certificate.

[root@client ~]# puppet agent -t

Info: Caching certificate for node.lbcdomain.com
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for node.lbcdomain.com
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node.lbcdomain.com
Info: Applying configuration version '1445401911'
Info: Creating state file /var/lib/puppet/state/state.yaml
Notice: Finished catalog run in 0.09 seconds

Finally we completed puppet master and agent configuration successfully.

 

Docker installation in RHEL7/ Cent OS 7

We are going to see Docker installation in RHEL7/ Cent OS 7.

Docker packages are available for RedHat Servers and RHEL Atomic Host editions alone not for other workstations or other variants of RHEL.

In this installation method internet is mandatory.

Docker installation using native docker script is straight forward method. Using “curl”  will install the docker.  Before installing docker, first check curl  package is installed on your system.

#curl –version

[root@localhost ~]# curl --version
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.21 Basic ECC zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets
 Installing Docker using curl command
 
  Use the below command to install the docker.
 
#curl -SSL https://get.docker.com/ | sh
 
Now will enable the docker permanently in this runlevel and will start docker.
Command to enable the docker in this runlevel
#systemctl enable docker
 
 
 
Command to start the docker
#systemctl start docker
 
 
command to check the docker status
#systemctl status docker
 
 
Command to restart the docker
#systemctl restart docker
 
 
 
 
Docker has been installed and now will check the docker installation here.
#docker run hello-world
 
 



Will list the new containers with below command

#docker ps -a


Failed to start docker.service: Unit not found / Installation of docker in RHEL7.x / CentOS 7.x

Failed to start docker.service: Unit not found / Installation of  docker in RHEL7.x / CentOS 7.x

Will see how to fix Failed to start docker.service: Unit not found / Installation of docker in RHEL7.x / CentOS 7.x.

Docker is open source and it will help us to deploy applications over the Linux containers.
Docker CLI command line tool will help to manage the lifecycle management of  image based containers.

Linux container will enable fast application deployment, simplest testing, troubleshooting and maintenance.

Check for the installed docker details and remove the docker which is already installed.

Again install docker using below command:

#curl -fsSL https://get.docker.com/ | sh



Enable the docker service permanently in this runlevel

Start the docker service

Now docker has been installed started successfully.

To check docker installed correctly or not issue the below command

Chef server installation on linux

We are going to see Chef server installation on linux

Configuration options in Chef:

 

1. Standalone
2. High Availability
3. Tiered

Requirements:

1. Machine with RedHat server operating system with FQDN.
2. Mail agent which will help chef server to send notification.
3. Should know to work with cron jobs to schedule jobs

We are going to see Standalone chef server in this post.

In this method will use single machine for chef server installation.
1. Download “chef-server-core-<ver>” and kept under /tmp directory on a server which will run the server.
2. Install the package as root user using below commands.

#rpm -ivh chef-server-core-xxx.rpm

It will take some minutes to install it.

Execute the following server to start all services.

#chef-server-ctl reconfigure

Now we should create a user to manage the chef server

#chef-server-ctl user-create <username> <firstname> <lastname> <email> ‘Password’ –filename /path/uname.pem

Now we should create organization

 

#chef-server-ctl org-create short_name ‘full_organization_name’ –association_user user_name –filename ORGANIZATION-validator.pem

Download and install additional packages:
We can use Chef management console to manage the data bags, attributes, run-lists, roles, environments, and cookbooks from a web user interface.

Run below commands on chef server.

#chef-server-ctl install chef-manage
#chef-server-ctl reconfigure
#chef-manage-ctl reconfigure

We can use Chef push jobs to execute the jobs

Run the below commands on chef server.

#chef-server-ctl install opscode-push-jobs-server
#chef-server-ctl reconfigure
#opscode-push-jobs-server-ctl reconfigure

Use reporting will keep track while every client run on full infra.

Run the below commands on chef server:

#chef-server-ctl install opscode-reporting
#chef-server-ctl reconfigure
#opscode-reporting-ctl reconfigure

Update purchase for nodes:

While using more than 25 nodes, configuration should be updated by us for license.
for that, need to edit chef-server.rb file. follow the below steps to edit

#mkdir /etc/opscode && sudo touch /etc/opscode/chef-server.rb

open new chef-server.rb file
#vi /etc/opscode/chef-server.rb

append the below line on that file

#license[‘nodes’] = N (number of licensed nodes you have purchased)


save and exit from the file using :wq


run below command to update the modified changes on chef server

#chef-server-ctl reconfigure