photonos-prep.md

Image for Prep Photon OS for Photon Platform

Change password to never expire

chage –I -1 –m 0 –M 99999 –E -1 root

Update repository sources

tdnf update

tdnf upgrade

Add photon dev repo

vi /etc/yum.repos.d/photon-dev.repo

[photon-dev]
name=VMware Photon Linux Dev(x86_64)
baseurl=https://dl.bintray.com/vmware/photon_dev_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY
gpgcheck=1
enabled=1
skip_if_unavailable=True

tdnf update

Install common tools

tdnf install -y wget git tar gawk tcpdump netcat sshpass nfs-utils

Reboot

reboot

Update docker

tdnf erase -y docker

curl -L'#' https://get.docker.com/builds/Linux/x86_64/docker-17.03.1-ce.tgz | tar --strip-components=1 -C /usr/bin -xzf - 

groupadd -r docker

echo '[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket
Requires=docker.socket

[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// -s overlay2 
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target
' > /etc/systemd/system/docker.service

echo '[Unit]
Description=Docker Socket for the API
PartOf=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
' > /etc/systemd/system/docker.socket

Set docker service to automatically start and start the service

systemctl enable docker

systemctl start docker

Download and install docker-volume-vsphere driver

vSphere Docker Volume Service

docker plugin install --alias vsphere store/vmware/docker-volume-vsphere:0.12

Old Way

#wget https://github.com/vmware/docker-volume-vsphere/releases/download/0.12/docker-volume-vsphere-0.12.3f64805-1.x86_64.rpm

#rpm -Uvh docker-volume-vsphere-0.12.3f64805-1.x86_64.rpm

Set docker-volume-vsphere service to automatically start and start the service

systemctl enable docker-volume-vsphere

systemctl start docker-volume-vsphere

Import authorized keys

vi .ssh/authorized_keys

Check ipv6 forwarding

sysctl -p
sysctl net.ipv6.conf.all.forwarding=1
sysctl net.ipv6.bindv6only=0

Erase machine-id

echo \"\" > /etc/machine-id

Reset cloud-init

rm -rf /var/lib/cloud/*

Enable docker to listen on all IP addresses and permit on iptables

vi /etc/default/docker
DOCKER_OPTS="-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock"

Firewall rules

vi /etc/systemd/scripts/iptables

#Enable docker connections
iptables -A INPUT -p tcp --dport 2375 -j ACCEPT

#Enable icmp echo replies
iptables -A INPUT  -p icmp  -j ACCEPT

#Docker Datacenter ports
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 2376 -j ACCEPT
iptables -A INPUT -p tcp --dport 2377 -j ACCEPT
iptables -A INPUT -p tcp --dport 4789 -j ACCEPT
iptables -A INPUT -p tcp --dport 7946 -j ACCEPT
iptables -A INPUT -p tcp --dport 12376 -j ACCEPT
iptables -A INPUT -p tcp --dport 12379 -j ACCEPT
iptables -A INPUT -p tcp --dport 12380 -j ACCEPT
iptables -A INPUT -p tcp --dport 12381 -j ACCEPT
iptables -A INPUT -p tcp --dport 12382 -j ACCEPT
iptables -A INPUT -p tcp --dport 12383 -j ACCEPT
iptables -A INPUT -p tcp --dport 12384 -j ACCEPT
iptables -A INPUT -p tcp --dport 12385 -j ACCEPT
iptables -A INPUT -p tcp --dport 12386 -j ACCEPT
iptables -A INPUT -p tcp --dport 12387 -j ACCEPT

Install docker-compose

curl -L https://github.com/docker/compose/releases/download/1.11.2/docker-compose-`uname -s`-`uname -m` > /tmp/docker-compose

chmod +x /tmp/docker-compose

mv /tmp/docker-compose /usr/local/bin/docker-machine