doc refresh: Linux postinstall instructions (#15969)

Signed-off-by: David Karlsson <david.karlsson@docker.com>
2022-10-26 11:08:21 +02:00 · 2022-10-26 11:08:21 +02:00 · bc8fde23b9
parent 7bcae35984
commit bc8fde23b9
10 changed files with 456 additions and 423 deletions
--- a/.github/vale/Docker/SentenceLength.yml
+++ b/.github/vale/Docker/SentenceLength.yml
@ -3,5 +3,5 @@ message: "Write short, concise sentences. (<=30 words)"
 scope: sentence
 link: https://docs.docker.com/contribute/checklist/
 level: warning
-max: 30
+max: 31
 token: \b(\w+)\b
--- a/.github/vale/Vocab/Technology/accept.txt
+++ b/.github/vale/Vocab/Technology/accept.txt
@ -1,5 +1,8 @@
 APIs?
 DHCP
 DNS
 Ethernet
 GRUB
 Git
 GPG
 HTTP
@ -7,6 +10,7 @@ IPs?
 IPv[46]
 IPvlan
 MAC
 RPM
 SDKs?
 SSO
 TCP
@ -14,6 +18,8 @@ UDP
 Unix
 VLAN
 VM
 [Ll]oopback
 [Nn]ameserver
 [Nn]amespace
 cgroup
 config
@ -21,6 +27,7 @@ containerd
 deserialization
 deserialize
 filepath
 firewalld
 glibc
 goroutine
 hostname
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@ -1415,10 +1415,10 @@ manuals:
  section:
  - path: /engine/
    title: Overview
-  - path: /engine/install/
+  - sectiontitle: Install
    title: Install
  - sectiontitle: Installation per distro
    section:
    - path: /engine/install/
      title: Installation Overview
    - path: /engine/install/centos/
      title: Install on CentOS
    - path: /engine/install/debian/
@ -1433,8 +1433,10 @@ manuals:
      title: Install on Ubuntu
    - path: /engine/install/binaries/
      title: Install binaries
-  - path: /engine/install/linux-postinstall/
+    - path: /engine/install/linux-postinstall/
-    title: Optional post-installation steps
+      title: Post-installation steps
    - path: /engine/install/troubleshoot/
      title: Troubleshoot installation
  - path: /engine/deprecated/
    title: Deprecated features
  - path: /engine/context/working-with-contexts/
--- a/config/containers/resource_constraints.md
+++ b/config/containers/resource_constraints.md
@ -23,8 +23,9 @@ the following:
 WARNING: No swap limit support
 ```
-Consult your operating system's documentation for enabling them.
+Consult your operating system's documentation for enabling them. See also the
-[Learn more](../../engine/install/linux-postinstall.md#your-kernel-does-not-support-cgroup-swap-limit-capabilities).
+[Docker Engine troubleshooting guide](../../engine/install/troubleshoot.md#kernel-cgroup-swap-limit-capabilities)
 for more information.
 ## Memory
--- a/config/daemon/index.md
+++ b/config/daemon/index.md
@ -40,7 +40,7 @@ the machine reboots.
 The command to start Docker depends on your operating system. Check the correct
 page under [Install Docker](../../engine/install/index.md). To configure Docker
 to start automatically at system boot, see
-[Configure Docker to start on boot](../../engine/install/linux-postinstall.md#configure-docker-to-start-on-boot).
+[Configure Docker to start on boot](../../engine/install/linux-postinstall.md#configure-docker-to-start-on-boot-with-systemd).
 ## Start the daemon manually
--- a/config/daemon/systemd.md
+++ b/config/daemon/systemd.md
@ -26,7 +26,7 @@ $ sudo systemctl start docker
 ### Start automatically at system boot
 If you want Docker to start at boot, see
-[Configure Docker to start on boot](../../engine/install/linux-postinstall.md#configure-docker-to-start-on-boot).
+[Configure Docker to start on boot](../../engine/install/linux-postinstall.md#configure-docker-to-start-on-boot-with-systemd).
 ## Custom Docker daemon options
--- a/engine/install/index.md
+++ b/engine/install/index.md
@ -1,5 +1,5 @@
 ---
-title: Install Docker Engine
+title: Docker Engine installation overview
 description: Lists the installation methods
 keywords: docker, installation, install, Docker Engine, Docker Engine, docker editions, stable, edge
 redirect_from:
--- a/engine/install/linux-postinstall.md
+++ b/engine/install/linux-postinstall.md
@ -1,178 +1,183 @@
 ---
 description: Optional post-installation steps for Linux
-keywords: Docker, Docker documentation, requirements, apt, installation, ubuntu, install, uninstall, upgrade, update
+keywords: >
  Docker, Docker documentation, requirements, apt, installation, ubuntu,
  install, uninstall, upgrade, update
 title: Post-installation steps for Linux
 redirect_from:
- /engine/installation/linux/docker-ee/linux-postinstall/
+  - /engine/installation/linux/docker-ee/linux-postinstall/
- /engine/installation/linux/linux-postinstall/
+  - /engine/installation/linux/linux-postinstall/
- /install/linux/linux-postinstall/
+  - /install/linux/linux-postinstall/
 ---
-This section contains optional procedures for configuring Linux hosts to work
+These optional post-installation procedures shows you how to configure your
-better with Docker.
+Linux host machine to work better with Docker.
 ## Manage Docker as a non-root user
-The Docker daemon binds to a Unix socket instead of a TCP port. By default
+The Docker daemon binds to a Unix socket, not a TCP port. By default it's the
-that Unix socket is owned by the user `root` and other users can only access it
+`root` user that owns the Unix socket, and other users can only access it using
-using `sudo`. The Docker daemon always runs as the `root` user.
+`sudo`. The Docker daemon always runs as the `root` user.
 If you don't want to preface the `docker` command with `sudo`, create a Unix
 group called `docker` and add users to it. When the Docker daemon starts, it
-creates a Unix socket accessible by members of the `docker` group.
+creates a Unix socket accessible by members of the `docker` group. On some Linux
 distributions, the system automatically creates this group when installing
 Docker Engine using a package manager. In that case, there is no need for you to
 manually create the group.
-> Warning
+<!-- prettier-ignore -->
 > **Warning**
 >
-> The `docker` group grants privileges equivalent to the `root`
+> The `docker` group grants root-level privileges to the user. For
-> user. For details on how this impacts security in your system, see
+> details on how this impacts security in your system, see
-> [*Docker Daemon Attack Surface*](../security/index.md#docker-daemon-attack-surface).
+> [Docker Daemon Attack Surface](../security/index.md#docker-daemon-attack-surface).
 {: .warning}
-> **Note**:
+> **Note**
 >
 > To run Docker without root privileges, see
 > [Run the Docker daemon as a non-root user (Rootless mode)](../security/rootless.md).
 To create the `docker` group and add your user:
-1.  Create the `docker` group.
+1. Create the `docker` group.
-    ```console
+   ```console
-    $ sudo groupadd docker
+   $ sudo groupadd docker
-    ```
+   ```
-2.  Add your user to the `docker` group.
+2. Add your user to the `docker` group.
-    ```console
+   ```console
-    $ sudo usermod -aG docker $USER
+   $ sudo usermod -aG docker $USER
-    ```
+   ```
-3.  Log out and log back in so that your group membership is re-evaluated.
+3. Log out and log back in so that your group membership is re-evaluated.
-    If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect.
+   > If you're running Linux in a virtual machine, it may be necessary to
-    
+   > restart the virtual machine for changes to take effect.
    On a desktop Linux environment such as X Windows, log out of your session completely and then log back in.
    On Linux, you can also run the following command to activate the changes to groups:
    ```console 
    $ newgrp docker 
    ```
-4.  Verify that you can run `docker` commands without `sudo`.
+   You can also run the following command to activate the changes to groups:
-    ```console
+   ```console
-    $ docker run hello-world
+   $ newgrp docker
-    ```
+   ```
-    This command downloads a test image and runs it in a container. When the
+4. Verify that you can run `docker` commands without `sudo`.
    container runs, it prints a message and exits.
-    If you initially ran Docker CLI commands using `sudo` before adding
+   ```console
-    your user to the `docker` group, you may see the following error,
+   $ docker run hello-world
-    which indicates that your `~/.docker/` directory was created with
+   ```
    incorrect permissions due to the `sudo` commands.
-    ```none
+   This command downloads a test image and runs it in a container. When the
-    WARNING: Error loading config file: /home/user/.docker/config.json -
+   container runs, it prints a message and exits.
    stat /home/user/.docker/config.json: permission denied
    ```
-    To fix this problem, either remove the `~/.docker/` directory
+   If you initially ran Docker CLI commands using `sudo` before adding your user
-    (it is recreated automatically, but any custom settings
+   to the `docker` group, you may see the following error:
    are lost), or change its ownership and permissions using the
    following commands:
-    ```console
+   ```none
-    $ sudo chown "$USER":"$USER" /home/"$USER"/.docker -R
+   WARNING: Error loading config file: /home/user/.docker/config.json -
-    $ sudo chmod g+rwx "$HOME/.docker" -R
+   stat /home/user/.docker/config.json: permission denied
-    ```
+   ```
-## Configure Docker to start on boot
+   This error indicates that the permission settings for the `~/.docker/`
   directory are incorrect, due to having used the `sudo` command earlier.
-Most current Linux distributions (RHEL, CentOS, Fedora, Debian, Ubuntu 16.04 and
+   To fix this problem, either remove the `~/.docker/` directory (it's recreated
-higher) use [`systemd`](../../config/daemon/systemd.md) to manage which services
+   automatically, but any custom settings are lost), or change its ownership and
-start when the system boots. On Debian and Ubuntu, the Docker service is configured
+   permissions using the following commands:
-to start on boot by default. To automatically start Docker and Containerd on boot
+
-for other distros, use the commands below:
+   ```console
   $ sudo chown "$USER":"$USER" /home/"$USER"/.docker -R
   $ sudo chmod g+rwx "$HOME/.docker" -R
   ```
 ## Configure Docker to start on boot with systemd
 Many modern Linux distributions use [systemd](../../config/daemon/systemd.md) to
 manage which services start when the system boots. On Debian and Ubuntu, the
 Docker service starts on boot by default. To automatically start Docker and
 containerd on boot for other Linux distributions using systemd, run the
 following commands:
 ```console
 $ sudo systemctl enable docker.service
 $ sudo systemctl enable containerd.service
 ```
-To disable this behavior, use `disable` instead.
+To stop this behavior, use `disable` instead.
 ```console
 $ sudo systemctl disable docker.service
 $ sudo systemctl disable containerd.service
 ```
-If you need to add an HTTP Proxy, set a different directory or partition for the
+If you need to add an HTTP proxy, set a different directory or partition for the
 Docker runtime files, or make other customizations, see
 [customize your systemd Docker daemon options](../../config/daemon/systemd.md).
 ## Use a different storage engine
 For information about the different storage engines, see
 [Storage drivers](../../storage/storagedriver/index.md).
 The default storage engine and the list of supported storage engines depend on
 your host's Linux distribution and available kernel drivers.
 ## Configure default logging driver
-Docker provides the [capability](../../config/containers/logging/index.md) to
+Docker provides [logging drivers](../../config/containers/logging/index.md) for
-collect and view log data from all containers running on a host via a series of
+collecting and viewing log data from all containers running on a host. The
-logging drivers. The default logging driver, `json-file`, writes log data to
+default logging driver, `json-file`, writes log data to JSON-formatted files on
-JSON-formatted files on the host filesystem. Over time, these log files expand
+the host filesystem. Over time, these log files expand in size, leading to
-in size, leading to potential exhaustion of disk resources.
+potential exhaustion of disk resources.
-To alleviate such issues, either configure the `json-file` logging driver to
+To avoid issues with overusing disk for log data, consider one of the following
-enable [log rotation](../../config/containers/logging/json-file.md), use an
+options:
-[alternative logging driver](../../config/containers/logging/configure.md#configure-the-default-logging-driver)
+
-such as the ["local" logging driver](../../config/containers/logging/local.md)
+- Configure the `json-file` logging driver to turn on
-that performs log rotation by default, or use a logging driver that sends
+  [log rotation](../../config/containers/logging/json-file.md)
-logs to a remote logging aggregator.
+- Use an
  [alternative logging driver](../../config/containers/logging/configure.md#configure-the-default-logging-driver)
  such as the ["local" logging driver](../../config/containers/logging/local.md)
  that performs log rotation by default
 - Use a logging driver that sends logs to a remote logging aggregator.
 ## Configure where the Docker daemon listens for connections
-By default, the Docker daemon listens for connections on a UNIX socket to accept
+By default, the Docker daemon listens for connections on a Unix socket to accept
-requests from local clients. It is possible to allow Docker to accept requests
+requests from local clients. It's possible to allow Docker to accept requests
 from remote hosts by configuring it to listen on an IP address and port as well
-as the UNIX socket. For more detailed information on this configuration option
+as the Unix socket. For more detailed information on this configuration option,
-take a look at "Bind Docker to another host/port or a unix socket" section of
+refer to the
-the [Docker CLI Reference](/engine/reference/commandline/dockerd/) article. 
+[dockerd CLI reference](/engine/reference/commandline/dockerd/#bind-docker-to-another-hostport-or-a-unix-socket).
 <!-- prettier-ignore -->
 > Secure your connection
-> 
+>
-> Before configuring Docker to accept connections from remote hosts it is critically important that you
+> Before configuring Docker to accept connections from remote hosts it's
-> understand the security implications of opening docker to the network. If steps are not taken to secure the connection, 
+> critically important that you understand the security implications of opening
-> it is possible for remote non-root users to gain root access on the host. For more information on how to use TLS 
+> Docker to the network. If steps aren't taken to secure the connection, it's
-> certificates to secure this connection, check this article on 
+> possible for remote non-root users to gain root access on the host. For more
-> [how to protect the Docker daemon socket](../security/protect-access.md).
+> information on how to use TLS certificates to secure this connection, check
 > [Protect the Docker daemon socket](../security/protect-access.md).
 {: .warning}
-Configuring Docker to accept remote connections can be done with the `docker.service`
+You can configure Docker to accept remote connections. This can be done using
-systemd unit file for Linux distributions using systemd, such as recent versions
+the `docker.service` systemd unit file for Linux distributions using systemd. Or
-of RedHat, CentOS, Ubuntu and SLES, or with the `daemon.json` file which is
+you can use the `daemon.json` file, if your distribution doesn't use systemd.
 recommended for Linux distributions that do not use systemd.
-> systemd vs daemon.json
+> systemd vs `daemon.json`
-> 
+>
-> Configuring Docker to listen for connections using both the `systemd` unit file and the `daemon.json` 
+> Configuring Docker to listen for connections using both the systemd unit file
-> file causes a conflict that prevents Docker from starting.
+> and the `daemon.json` file causes a conflict that prevents Docker from
 > starting.
-### Configuring remote access with `systemd` unit file
+### Configuring remote access with systemd unit file
-1.  Use the command `sudo systemctl edit docker.service` to open an override file for `docker.service` in a text editor.
+1. Use the command `sudo systemctl edit docker.service` to open an override file
   for `docker.service` in a text editor.
-2.  Add or modify the following lines, substituting your own values.
+2. Add or modify the following lines, substituting your own values.
-    ```systemd
+   ```systemd
-    [Service]
+   [Service]
-    ExecStart=
+   ExecStart=
-    ExecStart=/usr/bin/dockerd -H fd:// -H tcp://127.0.0.1:2375
+   ExecStart=/usr/bin/dockerd -H fd:// -H tcp://127.0.0.1:2375
-    ```
+   ```
 3. Save the file.
@ -180,323 +185,49 @@ recommended for Linux distributions that do not use systemd.
   ```console
    $ sudo systemctl daemon-reload
-    ```
+   ```
-5.  Restart Docker.
+5. Restart Docker.
-    ```console
+   ```console
-    $ sudo systemctl restart docker.service
+   $ sudo systemctl restart docker.service
-    ```
+   ```
-6.  Check to see whether the change was honored by reviewing the output of `netstat` to confirm `dockerd` is listening on the configured port.
+6. Verify that the change has gone through.
   ```console
   $ sudo netstat -lntp | grep dockerd
   tcp        0      0 127.0.0.1:2375          0.0.0.0:*               LISTEN      3758/dockerd
   ```
    ```console
    $ sudo netstat -lntp | grep dockerd
    tcp        0      0 127.0.0.1:2375          0.0.0.0:*               LISTEN      3758/dockerd
    ``` 
 ### Configuring remote access with `daemon.json`
-1.  Set the `hosts` array in the `/etc/docker/daemon.json` to connect to the UNIX socket and an IP address, as follows:
+1. Set the `hosts` array in the `/etc/docker/daemon.json` to connect to the UNIX
   socket and an IP address, as follows:
-    ```json
+   ```json
-    {
+   {
-      "hosts": ["unix:///var/run/docker.sock", "tcp://127.0.0.1:2375"]
+     "hosts": ["unix:///var/run/docker.sock", "tcp://127.0.0.1:2375"]
-    }
+   }
-    ```
+   ```
-2.  Restart Docker. 
+2. Restart Docker.
-3.  Check to see whether the change was honored by reviewing the output of `netstat` to confirm `dockerd` is listening on the configured port.
+3. Verify that the change has gone through.
   ```console
   $ sudo netstat -lntp | grep dockerd
   tcp        0      0 127.0.0.1:2375          0.0.0.0:*               LISTEN      3758/dockerd
   ```
    ```console
    $ sudo netstat -lntp | grep dockerd
    tcp        0      0 127.0.0.1:2375          0.0.0.0:*               LISTEN      3758/dockerd
    ``` 
 ## Enable IPv6 on the Docker daemon
 To enable IPv6 on the Docker daemon, see
 [Enable IPv6 support](../../config/daemon/ipv6.md).
 ## Troubleshooting
 ### Kernel compatibility
 Docker cannot run correctly if your kernel is older than version 3.10 or if it
 is missing some modules. To check kernel compatibility, you can download and
 run the [`check-config.sh`](https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh)
 script.
 ```console
 $ curl https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh > check-config.sh
 $ bash ./check-config.sh
 ```
 The script only works on Linux, not macOS.
 ### `Cannot connect to the Docker daemon`
 If you see an error such as the following, your Docker client may be configured
 to connect to a Docker daemon on a different host, and that host may not be
 reachable.
 ```none
 Cannot connect to the Docker daemon. Is 'docker daemon' running on this host?
 ```
 To see which host your client is configured to connect to, check the value of
 the `DOCKER_HOST` variable in your environment.
 ```console
 $ env | grep DOCKER_HOST
 ```
 If this command returns a value, the Docker client is set to connect to a
 Docker daemon running on that host. If it is unset, the Docker client is set to
 connect to the Docker daemon running on the local host. If it is set in error,
 use the following command to unset it:
 ```console
 $ unset DOCKER_HOST
 ```
 You may need to edit your environment in files such as `~/.bashrc` or
 `~/.profile` to prevent the `DOCKER_HOST` variable from being set
 erroneously.
 If `DOCKER_HOST` is set as intended, verify that the Docker daemon is running
 on the remote host and that a firewall or network outage is not preventing you
 from connecting.
 ### IP forwarding problems
 If you manually configure your network using `systemd-network` with `systemd`
 version 219 or higher, Docker containers may not be able to access your network.
 Beginning with `systemd` version 220, the forwarding setting for a given network
 (`net.ipv4.conf.<interface>.forwarding`) defaults to *off*. This setting
 prevents IP forwarding. It also conflicts with Docker's behavior of enabling
 the `net.ipv4.conf.all.forwarding` setting within containers.
 To work around this on RHEL, CentOS, or Fedora, edit the `<interface>.network`
 file in `/usr/lib/systemd/network/` on your Docker host
 (ex: `/usr/lib/systemd/network/80-container-host0.network`) and add the
 following block within the `[Network]` section.
 ```systemd
 [Network]
 ...
 IPForward=kernel
 # OR
 IPForward=true
 ```
 This configuration allows IP forwarding from the container as expected.
 ### `DNS resolver found in resolv.conf and containers can't use it`
 Linux systems which use a GUI often have a network manager running, which uses a
 `dnsmasq` instance running on a loopback address such as `127.0.0.1` or
 `127.0.1.1` to cache DNS requests, and adds this entry to
 `/etc/resolv.conf`. The `dnsmasq` service speeds up
 DNS look-ups and also provides DHCP services. This configuration does not work
 within a Docker container which has its own network namespace, because
 the Docker container resolves loopback addresses such as `127.0.0.1` to
 **itself**, and it is very unlikely to be running a DNS server on its own
 loopback address.
 If Docker detects that no DNS server referenced in `/etc/resolv.conf` is a fully
 functional DNS server, the following warning occurs and Docker uses the public
 DNS servers provided by Google at `8.8.8.8` and `8.8.4.4` for DNS resolution.
 ```none
 WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containers
 can't use it. Using default external servers : [8.8.8.8 8.8.4.4]
 ```
 If you see this warning, first check to see if you use `dnsmasq`:
 ```console
 $ ps aux |grep dnsmasq
 ```
 If your container needs to resolve hosts which are internal to your network, the
 public nameservers are not adequate. You have two choices:
 - You can specify a DNS server for Docker to use, **or**
 - You can disable `dnsmasq` in NetworkManager. If you do this, NetworkManager
  adds your true DNS nameserver to `/etc/resolv.conf`, but you lose the
  possible benefits of `dnsmasq`.
 **You only need to use one of these methods.**
 ### Specify DNS servers for Docker
 The default location of the configuration file is `/etc/docker/daemon.json`. You
 can change the location of the configuration file using the `--config-file`
 daemon flag. The documentation below assumes the configuration file is located
 at `/etc/docker/daemon.json`.
 1.  Create or edit the Docker daemon configuration file, which defaults to
    `/etc/docker/daemon.json` file, which controls the Docker daemon
    configuration.
    ```console
    $ sudo nano /etc/docker/daemon.json
    ```
 2.  Add a `dns` key with one or more IP addresses as values. If the file has
    existing contents, you only need to add or edit the `dns` line.
    ```json
    {
      "dns": ["8.8.8.8", "8.8.4.4"]
    }
    ```
    If your internal DNS server cannot resolve public IP addresses, include at
    least one DNS server which can, so that you can connect to Docker Hub and so
    that your containers can resolve internet domain names.
    Save and close the file.
 3.  Restart the Docker daemon.
    ```console
    $ sudo service docker restart
    ```
 4.  Verify that Docker can resolve external IP addresses by trying to pull an
    image:
    ```console
    $ docker pull hello-world
    ```
 5.  If necessary, verify that Docker containers can resolve an internal hostname
    by pinging it.
    ```console
    $ docker run --rm -it alpine ping -c4 <my_internal_host>
    PING google.com (192.168.1.2): 56 data bytes
    64 bytes from 192.168.1.2: seq=0 ttl=41 time=7.597 ms
    64 bytes from 192.168.1.2: seq=1 ttl=41 time=7.635 ms
    64 bytes from 192.168.1.2: seq=2 ttl=41 time=7.660 ms
    64 bytes from 192.168.1.2: seq=3 ttl=41 time=7.677 ms
    ```
 #### Disable `dnsmasq`
 ##### Ubuntu
 If you prefer not to change the Docker daemon's configuration to use a specific
 IP address, follow these instructions to disable `dnsmasq` in NetworkManager.
 1.  Edit the `/etc/NetworkManager/NetworkManager.conf` file.
 2.  Comment out the `dns=dnsmasq` line by adding a `#` character to the beginning
    of the line.
    ```none
    # dns=dnsmasq
    ```
    Save and close the file.
 3.  Restart both NetworkManager and Docker. As an alternative, you can reboot
    your system.
    ```console
    $ sudo systemctl restart network-manager
    $ sudo systemctl restart docker
    ```
 ##### RHEL, CentOS, or Fedora
 To disable `dnsmasq` on RHEL, CentOS, or Fedora:
 1.  Disable the `dnsmasq` service:
    ```console
    $ sudo systemctl stop dnsmasq
    $ sudo systemctl disable dnsmasq
    ```
 2.  Configure the DNS servers manually using the
    [Red Hat documentation](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html){: target="_blank" rel="noopener" class="_"}.
 ### Allow access to the remote API through a firewall
 If you run a firewall on the same host as you run Docker and you want to access
 the Docker Remote API from another host and remote access is enabled, you need
 to configure your firewall to allow incoming connections on the Docker port,
 which defaults to `2376` if TLS encrypted transport is enabled or `2375`
 otherwise.
 Two common firewall daemons are
 [UFW (Uncomplicated Firewall)](https://help.ubuntu.com/community/UFW) (often
 used for Ubuntu systems) and [firewalld](https://firewalld.org) (often used
 for RPM-based systems). Consult the documentation for your OS and firewall, but
 the following information might help you get started. These options are fairly
 permissive and you may want to use a different configuration that locks your
 system down more.
 - **UFW**: Set `DEFAULT_FORWARD_POLICY="ACCEPT"` in your configuration.
 - **firewalld**: Add rules similar to the following to your policy (one for
  incoming requests and one for outgoing requests). Be sure the interface names
  and chain names are correct.
  ```xml
  <direct>
    [ <rule ipv="ipv6" table="filter" chain="FORWARD_direct" priority="0"> -i zt0 -j ACCEPT </rule> ]
    [ <rule ipv="ipv6" table="filter" chain="FORWARD_direct" priority="0"> -o zt0 -j ACCEPT </rule> ]
  </direct>
  ```
 ### `Your kernel does not support cgroup swap limit capabilities`
 On Ubuntu or Debian hosts, You may see messages similar to the following when
 working with an image.
 ```none
 WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.
 ```
 This warning does not occur on RPM-based systems, which enable these
 capabilities by default.
 If you don't need these capabilities, you can ignore the warning. You can enable
 these capabilities on Ubuntu or Debian by following these instructions. Memory
 and swap accounting incur an overhead of about 1% of the total available memory
 and a 10% overall performance degradation, even if Docker is not running.
 1.  Log into the Ubuntu or Debian host as a user with `sudo` privileges.
 2.  Edit the `/etc/default/grub` file. Add or edit the `GRUB_CMDLINE_LINUX` line
    to add the following two key-value pairs:
    ```none
    GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
    ```
    Save and close the file.
 3.  Update GRUB.
    ```console
    $ sudo update-grub
    ```
    If your GRUB configuration file has incorrect syntax, an error occurs.
    In this case, repeat steps 2 and 3.
    The changes take effect when the system is rebooted.
 ## Next steps
- Take a look at the [Get started](../../get-started/index.md) training modules to learn  how to build an image and run it as a containerized application.
+- Take a look at the [Get started](../../get-started/index.md) training modules
- Review the topics in [Develop with Docker](../../develop/index.md) to learn how to build new applications using Docker.
+  to learn how to build an image and run it as a containerized application.
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn
  how to build new applications using Docker.
--- a/engine/install/troubleshoot.md
+++ b/engine/install/troubleshoot.md
@ -0,0 +1,293 @@
 ---
 title: Troubleshoot Docker Engine
 description:
  Diagnose and resolve error messages related to the Docker Engine installation
 keywords: Docker Engine, troubleshooting, error, Linux
 ---
 This page contains instructions for troubleshooting and diagnosing the Docker
 Engine installation.
 ## Kernel compatibility
 Docker can't run correctly if your kernel is older than version 3.10, or if it's
 missing kernel modules. To check kernel compatibility, you can download and run
 the
 [`check-config.sh`](https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh)
 script.
 ```console
 $ curl https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh > check-config.sh
 $ bash ./check-config.sh
 ```
 The script only works on Linux.
 ## Unable to connect to the Docker daemon
 ```none
 Cannot connect to the Docker daemon. Is 'docker daemon' running on this host?
 ```
 This error may indicate:
 - The Docker daemon isn't running on your system. Start the daemon and try
  running the command again.
 - Your Docker client is attempting to connect to a Docker daemon on a different
  host, and that host is unreachable.
 To see which host your client is connecting to, check the value of the
 `DOCKER_HOST` variable in your environment.
 ```console
 $ env | grep DOCKER_HOST
 ```
 If this command returns a value, the Docker client is set to connect to a Docker
 daemon running on that host. If it's unset, the Docker client is set to connect
 to the Docker daemon running on the local host. If it's set in error, use the
 following command to unset it:
 ```console
 $ unset DOCKER_HOST
 ```
 You may need to edit your environment in files such as `~/.bashrc` or
 `~/.profile` to prevent the `DOCKER_HOST` variable from being set erroneously.
 If `DOCKER_HOST` is set as intended, verify that the Docker daemon is running on
 the remote host and that a firewall or network outage isn't preventing you from
 connecting.
 ## IP forwarding problems
 If you manually configure your network using `systemd-network` with systemd
 version 219 or later, Docker containers may not be able to access your network.
 Beginning with systemd version 220, the forwarding setting for a given network
 (`net.ipv4.conf.<interface>.forwarding`) defaults to off. This setting prevents
 IP forwarding. It also conflicts with Docker's behavior of enabling the
 `net.ipv4.conf.all.forwarding` setting within containers.
 To work around this on RHEL, CentOS, or Fedora, edit the `<interface>.network`
 file in `/usr/lib/systemd/network/` on your Docker host, for example,
 `/usr/lib/systemd/network/80-container-host0.network`.
 Add the following block within the `[Network]` section.
 ```systemd
 [Network]
 ...
 IPForward=kernel
 # OR
 IPForward=true
 ```
 This configuration allows IP forwarding from the container as expected.
 ## DNS resolver issues
 ```console
 DNS resolver found in resolv.conf and containers can't use it
 ```
 Linux desktop environments often have a network manager program running, that
 uses `dnsmasq` to cache DNS requests by adding them to `/etc/resolv.conf`. The
 `dnsmasq` instance runs on a loopback address such as `127.0.0.1` or
 `127.0.1.1`. It speeds up DNS look-ups and provides DHCP services. Such a
 configuration doesn't work within a Docker container. The Docker container uses
 its own network namespace, and resolves loopback addresses such as `127.0.0.1`
 to itself, and it's unlikely to be running a DNS server on its own loopback
 address.
 If Docker detects that no DNS server referenced in `/etc/resolv.conf` is a fully
 functional DNS server, the following warning occurs:
 ```none
 WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containers
 can't use it. Using default external servers : [8.8.8.8 8.8.4.4]
 ```
 If you see this warning, first check to see if you use `dnsmasq`:
 ```console
 $ ps aux | grep dnsmasq
 ```
 If your container needs to resolve hosts which are internal to your network, the
 public nameservers aren't adequate. You have two choices:
 - Specify DNS servers for Docker to use.
 - Turn off `dnsmasq`.
  Turning off `dnsmasq` adds the IP addresses of actual DNS nameserver to
  `/etc/resolv.conf`, and you lose the benefits of `dnsmasq`.
 You only need to use one of these methods.
 ## Specify DNS servers for Docker
 The default location of the configuration file is `/etc/docker/daemon.json`. You
 can change the location of the configuration file using the `--config-file`
 daemon flag. The following instruction assumes that the location of the
 configuration file is `/etc/docker/daemon.json`.
 1. Create or edit the Docker daemon configuration file, which defaults to
   `/etc/docker/daemon.json` file, which controls the Docker daemon
   configuration.
   ```console
   $ sudo nano /etc/docker/daemon.json
   ```
 2. Add a `dns` key with one or more DNS server IP addresses as values.
   ```json
   {
     "dns": ["8.8.8.8", "8.8.4.4"]
   }
   ```
   If the file has existing contents, you only need to add or edit the `dns`
   line. If your internal DNS server can't resolve public IP addresses, include
   at least one DNS server that can. Doing so allows you to connect to Docker
   Hub, and your containers to resolve internet domain names.
   Save and close the file.
 3. Restart the Docker daemon.
   ```console
   $ sudo service docker restart
   ```
 4. Verify that Docker can resolve external IP addresses by trying to pull an
   image:
   ```console
   $ docker pull hello-world
   ```
 5. If necessary, verify that Docker containers can resolve an internal hostname
   by pinging it.
   ```console
   $ docker run --rm -it alpine ping -c4 <my_internal_host>
   PING google.com (192.168.1.2): 56 data bytes
   64 bytes from 192.168.1.2: seq=0 ttl=41 time=7.597 ms
   64 bytes from 192.168.1.2: seq=1 ttl=41 time=7.635 ms
   64 bytes from 192.168.1.2: seq=2 ttl=41 time=7.660 ms
   64 bytes from 192.168.1.2: seq=3 ttl=41 time=7.677 ms
   ```
 ## Turn off `dnsmasq`
 ### Ubuntu
 If you prefer not to change the Docker daemon's configuration to use a specific
 IP address, follow these instructions to turn off `dnsmasq` in NetworkManager.
 1. Edit the `/etc/NetworkManager/NetworkManager.conf` file.
 2. Comment out the `dns=dnsmasq` line by adding a `#` character to the beginning
   of the line.
   ```none
   # dns=dnsmasq
   ```
   Save and close the file.
 3. Restart both NetworkManager and Docker. As an alternative, you can reboot
   your system.
   ```console
   $ sudo systemctl restart network-manager
   $ sudo systemctl restart docker
   ```
 ### RHEL, CentOS, or Fedora
 To turn off `dnsmasq` on RHEL, CentOS, or Fedora:
 1. Turn off the `dnsmasq` service:
   ```console
   $ sudo systemctl stop dnsmasq
   $ sudo systemctl disable dnsmasq
   ```
 2. Configure the DNS servers manually using the
   [Red Hat documentation](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html){:
   target="_blank" rel="noopener" class="_"}.
 ## Allow access to the remote API through a firewall
 If you run a firewall on the same host as you run Docker, and you want to access
 the Docker Remote API from another remote host, you must configure your firewall
 to allow incoming connections on the Docker port. The default port is `2376` if
 you're using TLS encrypted transport, or `2375` otherwise.
 Two common firewall daemons are:
 - [Uncomplicated Firewall (UFW)](https://help.ubuntu.com/community/UFW), often
  used for Ubuntu systems.
 - [firewalld](https://firewalld.org), often used for RPM-based systems.
 Consult the documentation for your OS and firewall. The following information
 might help you get started. These settings used in this instruction are
 permissive, and you may want to use a different configuration that locks your
 system down more.
 - For UFW, set `DEFAULT_FORWARD_POLICY="ACCEPT"` in your configuration.
 - For firewalld, add rules similar to the following to your policy. One for
  incoming requests, and one for outgoing requests.
  ```xml
  <direct>
    [ <rule ipv="ipv6" table="filter" chain="FORWARD_direct" priority="0"> -i zt0 -j ACCEPT </rule> ]
    [ <rule ipv="ipv6" table="filter" chain="FORWARD_direct" priority="0"> -o zt0 -j ACCEPT </rule> ]
  </direct>
  ```
  Make sure that the interface names and chain names are correct.
 ## Kernel cgroup swap limit capabilities
 On Ubuntu or Debian hosts, you may see messages similar to the following when
 working with an image.
 ```none
 WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.
 ```
 If you don't need these capabilities, you can ignore the warning.
 You can turn on these capabilities on Ubuntu or Debian by following these
 instructions. Memory and swap accounting incur an overhead of about 1% of the
 total available memory and a 10% overall performance degradation, even when
 Docker isn't running.
 1. Log into the Ubuntu or Debian host as a user with `sudo` privileges.
 2. Edit the `/etc/default/grub` file. Add or edit the `GRUB_CMDLINE_LINUX` line
   to add the following two key-value pairs:
   ```none
   GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
   ```
   Save and close the file.
 3. Update the GRUB boot loader.
   ```console
   $ sudo update-grub
   ```
   An error occurs if your GRUB configuration file has incorrect syntax. In this
   case, repeat steps 2 and 3.
   The changes take effect when you reboot the system.
--- a/engine/reference/commandline/info.md
+++ b/engine/reference/commandline/info.md
@ -30,4 +30,3 @@ WARNING: No swap limit support
 You can ignore these warnings unless you actually need the ability to
 [limit these resources](../../../config/containers/resource_constraints.md), in which case you
 should consult your operating system's documentation for enabling them.
 [Learn more](../../install/linux-postinstall.md#your-kernel-does-not-support-cgroup-swap-limit-capabilities).