Configure TAS server hosts

Configure the Docker engine on all the TAS servers — Management, Application, and Datastore servers.

Before you begin

Copy PEM and generated SSL certificates to TAS servers

Procedure

Deploy the docker_unmount.sh script to /etc/docker folder:

Create /etc/docker:
Copy
```
mkdir -p /etc/docker
```

Deploy docker_unmount.sh:

Copy

echo "cat /proc/mounts | grep 'mapper/docker' | awk '{print \$2}' \
| xargs -r umount" > /etc/docker/docker_unmount.sh

Change permissions:
Copy
```
chmod 755 /etc/docker/docker_unmount.sh
```

Create a configuration file for the Docker service:
Copy
```
vi /etc/sysconfig/docker 
```
Add the following content to the configuration file (insecure Docker registry):
Copy
```
OPTIONS="--dns=<dns_ip> --insecure-registry=<fqdn_docker_registry>:5000 \
--bip=172.17.0.1/16 --selinux-enabled" 
```
All parameters for OPTIONS must be defined in a single line.

where:
- <fqdn_docker_registry> is the FQDN of the TAS Management server.
Add the log rotation options for the Alarm Monitor:
1. Run:
  Copy
```
vi /etc/logrotate.d/prometheus
```
2. Add the following content to the file:
  Copy
```
/<data_folder>/log/prometheus/*.log {
daily
rotate 14
missingok
notifempty
compress
delaycompress
copytruncate
}
```
  where:
  - <data_folder> is the folder defined for data storage, and is by default opt/app/data.
Add the log rotation options for the Alarm Manager:
1. Run:
  Copy
```
vi /etc/logrotate.d/alertmanager
```
2. Add the following content to the file:
  Copy
```
/<data_folder>/log/alertmanager/*.log {
daily
rotate 14
missingok
notifempty
compress
delaycompress
copytruncate
}
```
  where:
  - <data_folder> is the folder defined for data storage, and is by default opt/app/data.
Add the log rotation options for the Alarms and Monitoring Agent:
1. Run:
  Copy
```
vi /etc/logrotate.d/cadvisor_exporter
```
2. Add the following content to the file:
  Copy
```
/<data_folder>/log/cadvisor_exporter/*.log {
daily
rotate 14
missingok
notifempty
compress
delaycompress
copytruncate
}
```
  where:
  - <data_folder> is the folder defined for data storage, and is by default opt/app/data.
Run:
Copy
```
sysctl -q -w vm.max_map_count=262144
```
Open the /etc/sysctl.conf file, and add the following line:
Copy
```
vm.max_map_count=262144
```

Deploy the Docker service file:

Create directory for the Docker service:
Copy
```
mkdir /etc/systemd/system/docker.service.d
```

Set permissions for the Docker service:

Copy

chmod g+rx /etc/systemd/system/docker.service.d

Open the override.conf file:

Copy

vi /etc/systemd/system/docker.service.d/override.conf

Add the following content to the file:

Copy

[Service]
ExecStartPre=/usr/bin/bash /etc/docker/docker_unmount.sh
EnvironmentFile=-/etc/sysconfig/docker
ExecStart=
ExecStart=/usr/bin/dockerd $OPTIONS
ExecStartPost=/usr/bin/chown root:docker /var/lib/docker/overlay2

Clear all existing logs, if any:

Copy

truncate -s 0 /var/lib/docker/containers/*/*-json.log

Configure the storage driver and log rotation for the Docker-engine service:
1. If the daemon.json file does not exist, create the file in /etc/docker.
2. Add the following lines to the file:
  Copy
```
{            
  "storage-driver": "overlay2",
  "log-driver": "json-file",
  "log-opts":         
       { 
       "max-size": "10m",
       "max-file": "3"
     }    
}            
```
Validate the status of the Docker-engine service:
Copy
```
systemctl daemon-reload
systemctl enable docker
systemctl start docker
systemctl status docker
```
Example of expected output:

docker.service - Docker Application Container Engine

Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)

Drop-In: /etc/systemd/system/docker.service.d

└─override.conf

Active: active (running) since Tue 2016-11-22 18:17:35 IST; 4s ago

Configure additional required permissions for the Docker-engine service:

Copy

chmod 654  /var/lib/docker/overlay2
chown root:docker /var/lib/docker/image
chmod 750  /var/lib/docker/image
chmod 750 /var/lib/docker/image/overlay2
chown root:docker /var/lib/docker/image/overlay2
chown root:docker  /var/lib/docker/image/overlay2/layerdb
chmod 750  /var/lib/docker/image/overlay2/layerdb

Relogin with SSH to the TAS server you are configuring:
Copy
```
ssh tas_inst@<fqdn_tas_server>
```
where:
- <fqdn_tas_server> is the FQDN of the TAS server that you are configuring.
Validate that the daemon is using the overlay2 storage driver:
Copy
```
docker info
```
Example of expected output:

Containers: 0

Running: 0

Paused: 0

Stopped: 0

Images: 0

Server Version: 17.06.1-ce

Storage Driver: overlay2

Pool Name: docker-202:1-8413957-pool

...
Verify that docker is configured correctly:
Copy
```
docker ps
```
Example of expected output:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Repeat step 1 through step 17 for each of the TAS servers in your deployment.
On the Management server only, do the following:
1. Generate the certificate:
  Copy
```
ssh-keygen -t rsa
```
2. In answer to the prompts, click Enter, as required.
3. Copy the key to the TAS Management server and to all the other TAS servers, using the target's server's FQDN.
  Copy
```
ssh-copy-id tas_inst@<target_server_fqdn>
```
  where:
  - <target_server_fqdn> is the FQDN of the TAS server to which you are copying the key.
Do the following:
1. Copy ca.pem to /etc/pki/ca-trust/source/anchors:
  Copy
```
cp /home/tas_inst/.docker/ca.pem /etc/pki/ca-trust/source/anchors
```
2. Update the CA trust:
  Copy
```
/usr/bin/update-ca-trust
```

Restart the Docker engine:

Copy

systemctl daemon-reload
systemctl restart docker

Repeat step 19 and step 20 on each of the TAS Application and TAS Datastore servers in your deployment.

What to do next

Unmount and delete RPM ISO file