Install Mirantis Container Runtime for SLES¶
Warning
Mirantis Container Runtime (MCR) is not supported on OpenSUSE.
You can install Mirantis Container Runtime (MCR) either through the use of a repository, or by downloading and installing RPM packages.
Install and upgrade MCR from a repository¶
Mirantis recommends that you install MCR from our Docker repository using Zypper, SUSE Linux Enterprise’s package manager. This method provides a level of automation with the MCR dependencies installation and updates automation.
Note
It is not necessary to uninstall older versions of Docker or Mirantis Container Runtime prior to upgrading as package conflicts are resolved automatically by Zypper.
Set up the repository¶
You only need to set the repository up once. After doing so, you can install MCR from the repo and repeatedly upgrade the software as necessary.
Add the repository to Zypper:
sudo zypper addrepo --refresh 'https://repos.mirantis.com/sles/$releasever_major/$basearch/<update-channel>' mirantis
Note
The
$releasever_major
andja$basearchmmy
are repo variables that must be passed verbatim to the :command:`zypper`command without being expanded by your shell.The final path segment of the repo URL is the update channel, which determines which MCR releases will be available for installation and upgrade. The value for the latest MCR 25.0.x patch is
stable-25.0
and the value for the latest MCR 25.0.x patch with the FIPS-mode variant isstable-25.0/fips
.
Import the GPG key from the repository:
sudo rpm --import https://repos.mirantis.com/sles/gpg
Install from the repository¶
Run the following command to install MCR from the repository:
sudo zypper install docker-ee
If you are prompted to accept the GPG key, verify first that the key has the
fingerprint 77FE DA13 1A83 1D29 A418 D3E899E5 FF2E 7668 2BC9
.
Upgrade from the repository¶
Run zypper update to keep your MCR installation up to date with the latest MCR release that is available in the update channel you selected during the repository setup.
Install and upgrade MCR from a package¶
If for some reason you cannot use the repository MCR install method, you can
perform manual installation with the .rpm
package files for
your release. Be aware, though, that you will need to download new packages
each time you want to upgrade MCR.
Download the official Mirantis GPG key.
Download the SLES packages, the links for which are available in the MCR release notes.
Import the official Mirantis GPG key:
sudo rpm --import path/to/mirantis/gpg
Install MCR.
sudo zypper install path/to/downloaded/packages/*.rpm
Upgrade from a package¶
Download the newer
.rpm
packages for your SLES version.Upgrade MCR.
sudo zypper install path/to/downloaded/packages/*.rpm
Initial setup¶
The Docker service is not started automatically at MCR installation. The
docker
group is created, but without any users added to the group.
Configure Docker to start at boot up and start Docker.
sudo systemctl enable --now docker.service
Run the
hello-world
image to verify that MCR is correctly installed. This command downloads a test image, runs it in a container, prints an informational message, and exits:sudo docker run hello-world
Important
Use sudo
to run docker
commands. For information on how to allow
non-privileged users to run docker commands, refer to the official Docker
documentation Manage Docker as a non-root user.
Uninstall Mirantis Container Runtime¶
Uninstall the Mirantis Container Runtime package:
sudo zypper remove docker-ee
Delete all images, containers, and volumes, as these are not automatically removed from your host:
sudo rm -rf /var/lib/docker
Delete all other Docker-related resources:
sudo rm -rf /run/docker /var/run/docker /etc/docker
Manually delete any edited configuration files.
At start up, Docker creates a DOCKER iptables chain. The SUSE firewall may block access to this chain, however, which can prevent you from running containers with published ports. In such cases, errors may present, such as:
WARNING: IPv4 forwarding is disabled. Networking will not work.
docker: Error response from daemon: driver failed programming external
connectivity on endpoint adoring_ptolemy
(0bb5fa80bc476f8a0d343973929bb3b7c039fc6d7cd30817e837bc2a511fce97):
(iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)).
If such errors do present, adjust the start-up script order to make it so that the firewall starts before Docker starts, and so that Docker stops before the firewall stops. For more information, refer to the official SLES systemd daemon documentation.
Miratis recommends that you use the overlay2
storage driver, which is the
default for all new MCR installations. This applies even when
/var/lib/docker
is on a btrfs
filesystem.
MCR provides the btrfs
storage driver for purposes of compatibility with
existing deployments. MCR automatically uses the btrfs
storage driver
if it detects the presence of existing images in /var/lib/docker
that
were stored with the btrfs
driver.