Post

Install docker using the convenience script

How to install docker on a Linux machine using the convenience script instead of the usual manual process

Contents

YouTube video

Overview

  • In the past, every time I needed to install docker on a new Linux server, I’d go to the official documentation page and follow the steps for my specific distro, which is usually Debian. There are several installation methods, and I’d normally go with the apt repository one.
  • This means setting up the repo, adding the GPG key, installing docker, etc.
    • Not difficult, but you still have to go through the documentation to find the right commands and after installing docker a few times, it gets kinda tedious.
  • In the official documentation, there’s also a method at the end that reads Use a convenience script, which is what will be covered in this guide.
  • This guide applies if you’ll install Docker Engine on a linux server, using one of the supported distros.

This is not a guide to install Docker desktop on either Linux, Windows or Mac.

What distro am I using?

  • I’m using Debian, but these commands should work for any debian based distro, like the most popular one Ubuntu

All in one script

  • I created this script that does the following:
    • 1 - Make sure docker is NOT already installed
    • 2 - Check you have sudo permissions
    • 3 - Show you the versions and ask you which one you want to install
      • This is useful if for example you want to install a specific docker version so that it matches the rest of your docker hosts in your swarm cluster
    • 4 - Add your user to the docker group so you can run docker commands without sudo
    • 5 - Execute the docker convenience script
  • If you want to understand better what the script does, go inspect it in github
1
bash -c "$(curl -sSL https://raw.githubusercontent.com/linkarzu/scripts-public/master/debian/docker/10-convenience-script.sh)"

Configure sudo access

Follow this section if you don’t want to be typing your sudo password

  • If you can run the command below, without being asked for your password, that means you have sudo permissions
1
sudo apt-get update
  • I have to log in as root to do be able to add my user to the sudoers file
    • Remember that I’m on Debian, may be different for your distro
1
2
3
4
5
# Saving the name of my current user to a temp file because will need it
whoami > /tmp/current_user

# Log in as root
su -
  • If you already have the packages below installed, and run the install commands again, the packages will just be updated, so no worries
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# Update package lists and install common Linux tools
apt-get update
apt-get install -y vim curl wget git htop net-tools sudo

# Create a sudoers file for the current user in the correct directory
# This command allows you to enter sudo commands without being asked for the password
# The name of the file doesnt have to match the user, but its good for consistency
my_current_user=$(cat /tmp/current_user)
echo "$my_current_user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$my_current_user

# Set the file permissions to 440 for security
chmod 440 /etc/sudoers.d/$my_current_user

# Cleanup the temporary file
rm /tmp/current_user

# Exit the root shell and go back to our regular user
exit
  • Here’s the contents of the file
1
sudo cat /etc/sudoers.d/$(whoami)
  • Now my user can run sudo commands without being asked for the password
1
sudo apt-get update

In case you want to remove what we just did, just delete the file we created

1
sudo rm /etc/sudoers.d/krishna

Convenience script step by step

  • This section and all the following ones, explain what the script above does
    • If you already installed docker above, don’t run the following commands again
  • Go to get.docker.com
  • There you will see detailed instructions on how to install docker, but below are summarized steps taken from the script. I’ll be installing it on a newly deployed Debian 11.7 server
  • First, download the script
    • Inspect it if needed and make any necessary changes (I.E, install a specific version)
    • If you don’t make any changes it will install the latest stable version
      • -f (–fail) - If HTTP response is 4XX or higher it will exit with a non-zero status
      • -s (–silent) - mutes the progress meter and error messages
      • -S (–show-error) - despite -s show errors if it fails
      • -L (–location) - follows HTTP 3XX redirects, in case the URL redirects to another one
      • -o instructs curl to write the output to a file instead of printing it
1
curl -fsSL https://get.docker.com -o install-docker.sh

  • (Optional) Run the script with –dry-run
    • A dry run means it won’t install yet, so you can see what the script will do (see code example below)
1
sh install-docker.sh --dry-run
1
2
3
4
5
6
7
8
9
10
11
12
13
krishna.@.linkarzu-docker~
[24/02/11 04:58:02]
❯ sh install-docker.sh --dry-run

# Executing docker install script, commit: e5543d473431b782227f8908005543bb4389b8de
apt-get update -qq >/dev/null
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq apt-transport-https ca-certificates curl >/dev/null
install -m 0755 -d /etc/apt/keyrings
curl -fsSL "https://download.docker.com/linux/debian/gpg" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list
apt-get update -qq >/dev/null
DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin >/dev/null
  • Run the script to start the installation (make sure to run it as sudo/root)
    • At the end of the installation, you will see the version installed, and also an important note, see the exmaple code below
1
sudo sh install-docker.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
Client: Docker Engine - Community
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:52:17 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.4
  Git commit:       659604f
  Built:            Thu May 25 21:52:17 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

================================================================================

To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:

    dockerd-rootless-setuptool.sh install

Visit https://docs.docker.com/go/rootless/ to learn about rootless mode.


To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/

WARNING: Access to the remote API on a privileged Docker daemon is equivalent
         to root access on the host. Refer to the 'Docker daemon attack surface'
         documentation for details: https://docs.docker.com/go/attack-surface/

================================================================================
  • If you’re planning on using this docker host in a Swarm cluster do not run the docker daemon in rootless mode.
  • I did and it was a nightmare trying to figure out why my node wasn’t able to join the cluster. Instead of doing that, I’ll add my user to the docker group as seen below
  • The docker group grants root-level privileges to the user.
  • For details on how this impacts security in your system, see Docker Daemon Attack Surface

Run docker commands without sudo

  • Notice that you cannot run docker commands without sudo
1
docker ps
1
2
krishna@docker4:~$ docker ps
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix /var/run/docker.sock: connect: permission denied
  • You need to create the docker group and add your user to it so that you don’t have to run docker commands with sudo
    • Notice that for my distro, the docker group automatically got created
    • But if it doesn’t, create it with sudo addgroup docker or sudo groupadd docker (depending on your distro)
1
cat /etc/group | grep docker
1
2
krishna@docker4:~$ cat /etc/group | grep docker
docker:x:998:
  • Add your current user to the docker group
1
sudo usermod -aG docker $(whoami)
  • Exit your shell and log in again
1
exit
  • You will now be able to run docker commands without sudo
    • If you see the headers below, it means you’re good
1
docker ps
1
2
krishna@docker4:~$ docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
  • And that’s it, with a minimum of 3 commands that you can copy and paste from this guide, you’ll have docker up and running without having to do sudo.
    • You don’t even need to come back to the guide again in the future, all of the steps are listed in https://get.docker.com/

What’s next?


Timeline

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
0:00 - What is the convenience script
0:47 - Not docker desktop, but instead to install docker on Linux
0:58 - Deploy new VM
1:41 - Distro I am using
1:55 - OPTION1 All in one script
2:57 - Install specific docker version
4:50 - RECOMMENDATION switch between tmux sessions 5:05
5:00 - RECOMMENDATION tmux 5:26
5:50 - Install latest docker version
6:00 - Revert VM snapshot
7:15 - Cannot run script if docker installed
7:30 - Configure sudo access
8:37 - OPTION2 run convenience script step by step
9:11 - RECOMMENDATION install windows 11 over the network 9:24
9:39 - outro
This post is licensed under CC BY 4.0 by the author.