原文参考
官网文档参考:
https://docs.docker.com/engine/install/binaries/#install-daemon-and-client-binaries-on-linux
官网二进制仓库:
https://download.docker.com/linux/static/stable/x86_64/
1. 手动下载安装bin包:
sudo mkdir -p /opt/apps && cd /opt/apps
curl -O https://download.docker.com/linux/static/stable/x86_64/docker-20.10.7.tgz
tar -xf docker-20.10.7.tgz
cd docker*
sudo ln -snf $(pwd)/docker /usr/bin/docker
sudo ln -snf $(pwd)/dockerd /usr/bin/dockerd
sudo ln -snf $(pwd)/docker-proxy /usr/bin/docker-proxy
sudo ln -snf $(pwd)/docker-init /usr/bin/docker-init
sudo ln -snf $(pwd)/containerd /usr/bin/containerd
sudo ln -snf $(pwd)/containerd-shim-runc-v2 /usr/bin/containerd-shim-runc-v2
sudo ln -snf $(pwd)/runc /usr/bin/runc
2. 手动配置系统服务:
docker.service
sudo cat</lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
EOF
containerd.service
sudo cat </lib/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
docker.socket (否则启动报错:Failed to start docker.service: Unit docker.socket not found.)
sudo cat </lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
2.1 创建docker用户
sudo groupadd docker
sudo useradd docker -g docker
2.2 自定义配置dockerd (可选,墙内推荐)
mkdir -p /etc/docker
sudo cat </etc/docker/daemon.json
{
"registry-mirrors": ["https://hjbu3ivg.mirror.aliyuncs.com"]
}
EOF
3. 启动测试
sudo systemctl daemon-reload
sudo systemctl start docker
sudo docker run hello-world
此命令下载测试映像并在容器中运行。当容器运行时,它会打印一条信息性消息并退出。
4. FAQ
4.1 启动docker错误1
Failed to start docker.service: Unit docker.service is masked.
或 Failed to start docker.service: Unit containerd.service is masked.
解决:
sudo systemctl unmask docker.service
sudo systemctl unmask docker.socket
或
sudo systemctl unmask containerd.service
sudo systemctl unmask containerd.socket
5. 其他 docker 常见故障排查参考:
生产环境用Docker?先搞定这8个常见故障:
https://mp.weixin.qq.com/s/2GNKmRJtBGHhUyVBRbRgeA
docker生产常见故障排查收集:https://blogs.wl4g.com/archives/405