Skip to content

Install docker.md

Latest commit

 

History

History
23 lines (18 loc) · 2.8 KB

Install docker.md

File metadata and controls

23 lines (18 loc) · 2.8 KB

Install Docker

en es

We will install Docker as our container engine with IPv6 support; optionally we will install Nvidia drivers and "Nvidia Container Toolkit"; and we will configure SELinux to secure Docker.

Steps

  1. Run: ./scripts/docker_setup.sh admin. Adds the Docker repository, installs it, enables the service, and adds the admin user to the docker group.
  2. Open https://simpledns.plus/private-ipv6 and write down the Combined/CID and remove the last block. For example fda6:80d8:cf96:a065::/64 becomes fda6:80d8:cf96::/64.
  3. Edit the script: nano ./scripts/selinux_setup.sh.
  4. Replace the fixed-cidr-v6 value with the CIDR you just generated through the website. Save and exit with Ctrl + X, Y, Enter.
  5. Run: ./scripts/selinux_setup.sh. Enables SELinux in Docker; restarts the Docker service for the changes to take effect; enables the flag that allows containers to manage the network and use the GPU; and installs the SELinux policies. These are required for some containers to be able to access Samba files and interact with WireGuard and for rsync to be able to back up the apps.
  6. Optional: If you have a relatively modern Nvidia card, run: ./scripts/nvidia_setup.sh. Adds "RPM Fusion" and Nvidia repositories to install the driver and "Nvidia Container Toolkit" for Docker. It also registers the "Akmods" key in the Secure Boot chain. It is necessary to reboot and repeat the key enrollment process as we did with ZFS. After rebooting and logging in, don't forget to assume root with sudo -i. One optimization you can do is to modify the Nvidia Runtime configuration with: nano /etc/nvidia-container-runtime/config.toml and uncomment the line no-cgroups = false. Press Ctrl + S to save and Ctrl + X to exit nano.
  7. Run: ./scripts/create_portainer_folder.sh to generate the container directory on the SSD.
  8. Run: ./scripts/run_portainer.sh. This runs a Portainer Community Edition container and will listen on port 9443.
  9. Configure Portainer from the browser.
    1. Access Portainer through https://server.lan:9443. If you get a security alert, you can accept the risk since Portainer uses a self-signed SSL certificate.
    2. Set a random password and create user admin. Bitwarden is recommended again for this.
    3. Navigate to "Environments" > "local" and change "Public IP" with the server's hostname server.lan.

Configure sharesIndexCreate shared networks stack