一、环境准备
1. sudo apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common
2. curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
3. sudo apt-key fingerprint 0EBFCD88
4. sudo add-apt-repository "deb [arch=arm64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
5. sudo apt-get update
二、安装CE版本(社区版) docker
sudo apt-get install docker-ce=5:18.09.6~3-0~debian-stretch docker-ce-cli=5:18.09.6~3-0~debian-stretch containerd.io --fix-missing
1. 安装出错:
Setting up docker-ce (5:18.09.6~3-0~debian-stretch) ...
update-alternatives: warning: forcing reinstallation of alternative /usr/bin/dockerd-ce because link group dockerd is broken
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.
invoke-rc.d: initscript docker, action "start" failed.
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Tue 2019-06-11 11:56:04 CST; 22ms ago
Docs: https://docs.docker.com
Process: 1880 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
Main PID: 1880 (code=exited, status=1/FAILURE)
CPU: 698ms
Jun 11 11:56:04 linaro-alip systemd[1]: Failed to start Docker Application Container Engine.
Jun 11 11:56:04 linaro-alip systemd[1]: docker.service: Failed with result 'exit-code'.
dpkg: error processing package docker-ce (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
docker-ce
E: Sub-process /usr/bin/dpkg returned an error code (1)
执行 “systemctl status docker.service”
linaro@linaro-alip:~$ systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2019-06-11 11:56:12 CST; 1min 27s ago
Docs: https://docs.docker.com
Process: 2024 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=1/FAILURE)
Main PID: 2024 (code=exited, status=1/FAILURE)
CPU: 961ms
Jun 11 11:56:10 linaro-alip systemd[1]: Failed to start Docker Application Container Engine.
Jun 11 11:56:10 linaro-alip systemd[1]: docker.service: Failed with result 'exit-code'.
Jun 11 11:56:12 linaro-alip systemd[1]: docker.service: Start request repeated too quickly.
Jun 11 11:56:12 linaro-alip systemd[1]: Failed to start Docker Application Container Engine.
Jun 11 11:56:12 linaro-alip systemd[1]: docker.service: Failed with result 'exit-code'
执行 “journalctl -xe | grep docker”
Jun 11 11:56:09 linaro-alip dockerd[2024]: time="2019-06-11T11:56:09.727466105+08:00" level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded." storage-driver=overlay2
Jun 11 11:56:09 linaro-alip dockerd[2024]: time="2019-06-11T11:56:09.741231993+08:00" level=error msg="AUFS was not found in /proc/filesystems" storage-driver=aufs
Jun 11 11:56:09 linaro-alip dockerd[2024]: time="2019-06-11T11:56:09.756003199+08:00" level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded." storage-driver=overlay
Jun 11 11:56:09 linaro-alip dockerd[2024]: time="2019-06-11T11:56:09.757108261+08:00" level=error msg="Failed to built-in GetDriver graph devicemapper /var/lib/docker"
Jun 11 11:56:09 linaro-alip dockerd[2024]: time="2019-06-11T11:56:09.765859516+08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Jun 11 11:56:09 linaro-alip dockerd[2024]: time="2019-06-11T11:56:09.767007160+08:00" level=warning msg="Your kernel does not support cgroup memory limit"
Jun 11 11:56:09 linaro-alip dockerd[2024]: time="2019-06-11T11:56:09.767247188+08:00" level=warning msg="Your kernel does not support cgroup rt period"
Jun 11 11:56:09 linaro-alip dockerd[2024]: time="2019-06-11T11:56:09.767358890+08:00" level=warning msg="Your kernel does not support cgroup rt runtime"
从log看出,应该是内核还没支持到AUFS等功能
三、
1. 下载AUFS源码包
git clone git://github.com/sfjro/aufs4-standalone.git
2. 阅读README,根据内核版本切换到对应分支
cd aufs4-standalone
git branch -a
git checkout origin/aufs4.4
切换到对应分支之后,会*.patch补丁文件。
3. 拷贝到kernel路径
cp aufs4-standalone/* kernel/
4. 进入到kernel路径,然后打补丁
patch -p1 < aufs4-base.patch
patch -p1 < aufs4-kbuild.patch
patch -p1 < aufs4-loopback.patch
patch -p1 < aufs4-mmap.patch
patch -p1 < aufs4-standalone.patch
patch -p1 < lockdep-debug.patch
patch -p1 < tmpfs-idr.patch
patch -p1 < vfs-ino.patch
注:如果打补丁失败,可以参照补丁文件的内容,手动去修改内核文件。如果编译出错,再根据错误信息修改。
5. ”.cong“配置文件检查
主要配置信息:
Generally Necessary:
- cgroup hierarchy: properly mounted [/sys/fs/cgroup]
- apparmor: enabled and tools installed
- CONFIG_NAMESPACES: enabled
- CONFIG_NET_NS: enabled
- CONFIG_PID_NS: enabled
- CONFIG_IPC_NS: enabled
- CONFIG_UTS_NS: enabled
- CONFIG_CGROUPS: enabled
- CONFIG_CGROUP_CPUACCT: enabled
- CONFIG_CGROUP_DEVICE: enabled
- CONFIG_CGROUP_FREEZER: enabled
- CONFIG_CGROUP_SCHED: enabled
- CONFIG_CPUSETS: enabled
- CONFIG_MEMCG: enabled
- CONFIG_KEYS: enabled
- CONFIG_VETH: enabled
- CONFIG_BRIDGE: enabled
- CONFIG_BRIDGE_NETFILTER: enabled
- CONFIG_NF_NAT_IPV4: enabled
- CONFIG_IP_NF_FILTER: enabled
- CONFIG_IP_NF_TARGET_MASQUERADE: enabled
- CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled
- CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled
- CONFIG_NETFILTER_XT_MATCH_IPVS: enabled
- CONFIG_IP_NF_NAT: enabled
- CONFIG_NF_NAT: enabled
- CONFIG_NF_NAT_NEEDED: enabled
- CONFIG_POSIX_MQUEUE: enabled
- CONFIG_DEVPTS_MULTIPLE_INSTANCES: enabled
也可以下载check-config.sh,然后执行"./check-config.sh" 或"./check-config.sh .config"检测内核配置是否完整。
check-config.sh
四、联网问题
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: TLS handshake timeout
解决方法是,进入/etc/docker,查看有没有 daemon.json。这是docker默认的配置文件。如果没有新建,如果有,则修改。
/etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
测试,执行“sudo docker run hello-world”
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(arm64v8)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
Done
参考:
1. Get Docker CE for Debian
2. RK3288 Docker 环境构建