Linux下如何安装docker详细介绍(联网、离线安装)
目录
-
- 前言
- 开启docker的内核流量转发
- 联网在线安装docker
- 启动docker
- 设置镜像加速器
- 查看docker版本
- 处理docker info告警信息
- 离线安装docker
- 开启docker的内核流量转发
- 开始离线安装docker
- 将docker做成系统服务,并设置开机自启
- 总结
- 安装docker-compose
前言
环境:centos7.9 docker version 20.10.9
本文讲解如何联网环境下和离线环境下安装docker,在旧版本中, docker 被称为docker或docker-engine,但在新版本中,docker 引擎包现在称为docker-ce。
官方文档:https://docs.docker.com/engine/install/centos/
开启docker的内核流量转发
开启内核流量转发,可以根据自己情况来配置,不是必须项。
[root@docker ~]# cat >>/etc/sysctl.d/docker.conf <
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
EOF
[root@docker ~]# sysctl -p /etc/sysctl.d/docker.conf #使内核生效,但是发现报错了
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
[root@docker ~]#
[root@nginx docker]# modprobe br_netfilter #执行下这条指令
[root@nginx docker]# sysctl -p /etc/sysctl.d/docker.conf #使内核生效,这下就没有报错了
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
[root@nginx docker]#
联网在线安装docker
[root@docker ~]# yum remove docker #先删除旧的版本
docker-ce \
docker-ce-cli \
docker-ce-rootless-extras \
docker-scan-plugin \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
Loaded plugins: fastestmirror, langpacks
No Match for argument: docker
No Match for argument: docker-client
No Match for argument: docker-client-latest
No Match for argument: docker-common
No Match for argument: docker-latest
No Match for argument: docker-latest-logrotate
No Match for argument: docker-logrotate
No Match for argument: docker-engine
No Packages marked for removal
[root@docker ~]# yum install -y yum-utils #安装yum-utils,主要提供yum-config-manager命令
[root@docker ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #下载并安装docker的仓库
Loaded plugins: fastestmirror, langpacks
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo #提示安装成功了
[root@docker ~]# yum list docker-ce --showduplicates | sort -r #查看可获取的docker版本
* updates: mirrors.ustc.edu.cn
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror, langpacks
Installed Packages
* extras: mirrors.ustc.edu.cn
* epel: hkg.mirror.rackspace.com
docker-ce.x86_64 3:20.10.9-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.9-3.el7 @docker-ce-stable
docker-ce.x86_64 3:20.10.8-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.7-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.6-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.5-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.4-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.3-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.2-3.el7 docker-ce-stable
docker-ce.x86_64 3:20.10.1-3.el7 docker-ce-stable
[root@docker ~]# yum install docker-ce docker-ce-cli containerd.io #直接安装最新的docker版本
[root@docker ~]# yum install docker-ce-20.10.9 docker-ce-cli-20.10.9 containerd.io #安装指定版本
启动docker
[root@docker ~]# systemctl start docker #启动docker
[root@docker ~]# systemctl status docker | grep running #查看运行状态
Active: active (running) since Wed 2022-01-26 00:28:53 CST; 1min 25s ago
[root@docker ~]#
[root@docker ~]# systemctl enable docker #设置开机自启
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@docker ~]#
设置镜像加速器
docker默认会从外国网站获取镜像,这样在网络不好的情况下镜像拉去得特别慢,所以设置docker从内网的镜像源拉取镜像。
[root@docker ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": [ #可以配置多个镜像下载地址
"https://b9pmyelo.mirror.aliyuncs.com", #设置镜像加速器,镜像下载地址(阿里云的镜像加速器)
"https://docker.mirrors.ustc.edu.cn" #第二个镜像下载地址
],
"exec-opts": ["native.cgroupdriver=systemd"], #修改cgroup为systemd,k8s中docker需要修改
"insecure-registries": ["192.168.118.143:1443"], #私有镜像仓库地址(没有私有仓库不需设置该参数)
"log-opts": { #docker日志相关的参数
"max-size": "300m",
"max-file":"5"
},
"data-root": "/var/lib/docker", #docker的主目录
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"live-restore": true #这个必须设为true
}
参数说明:
"registry-mirrors" # 镜像下载地址,这个就不用多说了,可以配置多个镜像下载地址
"exec-opts": ["native.cgroupdriver=systemd"] #将cgroupdriver设置为systemd
"insecure-registries": #这个定义的是私有镜像仓库harbor的仓库地址
"max-concurrent-downloads": 3 #docker拉取镜像并发下载的线程数
"max-concurrent-uploads": 5 #docker并发上传镜像的线程数
"data-root": "/var/lib/docker" #docker的主目录,默认是/var/lib/docker,在生产环境中建议设置ssd硬盘单独挂一个lvm逻辑卷
"live-restore": true #Docker 容器的自动重启是由 Docker 守护进程完成的。在较老版本 Docker 中,如果 docker 守护进程重启,容器会全
部挂掉。新版本 Docker 中,允许设置,当 docker 守护进程重启,容器不受影响。该场景比较多见,例如修改了 docker 的配置而需要重新加载
docker 守护进程,如果 docker 容器重启,业务会短暂中断,尤其是在生产环境这是不可接受的。所以这个设置很有必要。
具体设置方法有两种:第一种,编辑 /etc/docker/daemon.json,添加 "live-restore": true ,第二种,命令启用,dockerd --live-restore systemd。
"log-opts": {
"max-size": "300m",
"max-file":"5"
} #设置docker最大的日志限制,在/var/lib/docker/containers/2a201024b135073bd9d0037227501e09ce0cddeedd523f15f2651ab5ed436670有个log文件,这个文件就是容器
里面的默认控制台输出文件,容器没有很长时间没有重启过,也不进行切割该文件,则该文件会越来越来大, "max-size"表示这个文件最大多少,到达
指定大小会自动切割,"max-file"表示最多保留多少个文件。
[root@docker ~]# systemctl restart docker #重启docker
[root@docker ~]# docker info |tail -5 #检查加速器配置是否成功
127.0.0.0/8
Registry Mirrors:
https://b9pmyelo.mirror.aliyuncs.com/ #加速器配置成功,仓库已经是阿里云
Live Restore Enabled: true #变为true
查看docker版本
[root@docker ~]# which docker #查看docker命令路径
/usr/bin/docker
[root@docker ~]# docker -v #查看docker版本
Docker version 20.10.9, build c2ea9bc
[root@docker ~]#
处理docker info告警信息
[root@docker ~]# docker info | tail
WARNING: bridge-nf-call-iptables is disabled #有告警信息
WARNING: bridge-nf-call-ip6tables is disabled
[root@docker ~]# vim /etc/sysctl.conf #打开sysctl.conf文件,添加下面两句
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@docker ~]# sysctl -p #使配置生效,这时docker info就没有告警信息了
离线安装docker
下载离线安装包:https://download.docker.com/linux/static/stable/x86_64/docker-20.10.17.tgz ,这里就下载了最新稳定版,如果你的操作系统不同,那么可以进入到 https://download.docker.com/linux/static/stable 选择合适自己的版本。
开启docker的内核流量转发
开启内核流量转发,可以根据自己情况来配置,不是必须项。
[root@docker ~]# cat >>/etc/sysctl.d/docker.conf <
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
EOF
[root@docker ~]# sysctl -p /etc/sysctl.d/docker.conf #使内核生效,但是发现报错了
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
[root@docker ~]#
[root@nginx docker]# modprobe br_netfilter #执行下这条指令
[root@nginx docker]# sysctl -p /etc/sysctl.d/docker.conf #使内核生效,这下就没有报错了
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
[root@nginx docker]#
开始离线安装docker
上传我们下载好的 docker-20.10.17.tgz 到服务器上,开始安装docker,如下所示:
[root@docker ~]# tar -xf docker-20.10.17.tgz #解压包,默认解压为一个docker目录
[root@docker ~]# ll
total 63472
-rw-------. 1 root root 1318 Jul 4 2021 anaconda-ks.cfg
drwxrwxr-x 2 root root 169 Jun 7 07:03 docker
-rw-r--r-- 1 root root 64988857 Jul 23 17:11 docker-20.10.17.tgz
[root@docker ~]# cd docker #进入docker目录
[root@docker docker]# ll #查看docker目录,里面都是一些可执行文件
total 204048
-rwxr-xr-x 1 nginx nginx 39838504 Jun 7 07:03 containerd
-rwxr-xr-x 1 nginx nginx 7585792 Jun 7 07:03 containerd-shim
-rwxr-xr-x 1 nginx nginx 9859072 Jun 7 07:03 containerd-shim-runc-v2
-rwxr-xr-x 1 nginx nginx 23834624 Jun 7 07:03 ctr
-rwxr-xr-x 1 nginx nginx 50511896 Jun 7 07:03 docker
-rwxr-xr-x 1 nginx nginx 60261480 Jun 7 07:03 dockerd
-rwxr-xr-x 1 nginx nginx 704520 Jun 7 07:03 docker-init
-rwxr-xr-x 1 nginx nginx 2559454 Jun 7 07:03 docker-proxy
-rwxr-xr-x 1 nginx nginx 13774272 Jun 7 07:03 runc
[root@docker docker]# cp * /usr/bin/ #将docker的可执行文件复制到/usr/bin/下
[root@docker ~]#
将docker做成系统服务,并设置开机自启
#创建一个docker.service文件,并放到/usr/lib/systemd/system/目录下
[root@nginx /]# vim /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target #注意:这里删除了Requires=docker.socket containerd.service 这一条,不然会启动失败
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd #注意:这里删除了-H fd:// --containerd=/run/containerd/containerd.sock这行不然会启动失败
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
[root@nginx /]#
[root@nginx /]# systemctl daemon-reload #让系统重新加载
[root@nginx /]# systemctl start docker #启动docker
[root@nginx /]# systemctl status docker #查看docker的状态,已经是启动状态了
â— docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2022-07-23 18:36:46 CST; 5s ago
Docs: https://docs.docker.com
Main PID: 4050 (dockerd)
Tasks: 20
Memory: 40.1M
CGroup: /system.slice/docker.service
├─4050 /usr/bin/dockerd
└─4059 containerd --config /var/run/docker/containerd/containerd.toml --log-level info
Jul 23 18:36:46 nginx dockerd[4050]: time="2022-07-23T06:36:46.316184326-04:00" level=info msg="ccResolverWrapper:
[root@nginx /]#
#至此。docker离线安装已经完成,可以参照上面的步骤设置镜像加速器以及设置docker开启自启。
总结
#设置docker内核流量转发
[root@docker ~]# cat >>/etc/sysctl.d/docker.conf <
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
EOF
#保证虚拟机能连外网,因为要从网络下载docker的yum仓库
#先删除旧版本的docker
[root@docker ~]# yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
[root@docker ~]# yum install -y yum-utils #安装yum-utils,主要提供yum-config-manager命令
[root@docker ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #下载并安装docker的镜像仓库
[root@docker ~]# yum list docker-ce --showduplicates | sort -r #查看可获取的docker版本
[root@docker ~]# yum install docker-ce docker-ce-cli containerd.io #可直接安装最新的docker版本
[root@docker ~]# yum install docker-ce-20.10.9 docker-ce-cli-20.10.9 containerd.io #或者安装指定版本
[root@docker ~]# systemctl start docker #启动docker
[root@docker ~]# systemctl status docker | grep running #查看运行状态
[root@docker ~]# systemctl enable docker #设置开机自启
[root@docker ~]# docker -v #查看docker版本
[root@docker ~]# cat /etc/docker/daemon.json #设置镜像加速器(没有这个文件则手动创建)
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
[root@docker ~]# systemctl restart docker #重启docker
#离线安装
#下载 https://download.docker.com/linux/static/stable/x86_64/docker-20.10.17.tgz 离线安装包
[root@docker ~]# tar -xf docker-20.10.17.tgz #解压包,默认解压为一个docker目录
[root@docker ~]# cp docker/* /usr/bin/ #将docker目录的可执行文件复制到/usr/bin/下
[root@nginx /]# vim /usr/lib/systemd/system/docker.service #创建一个docker.service文件,并放到/usr/lib/systemd/system/目录下
[root@nginx /]# systemctl daemon-reload #让系统重新加载
[root@nginx /]# systemctl start docker #启动docker
[root@nginx /]# systemctl status docker #查看docker的状态
[root@docker ~]# cat /etc/docker/daemon.json #设置镜像加速器(没有这个文件则手动创建)
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"]
}
[root@docker ~]# systemctl restart docker #重启docker
安装docker-compose
docker-compose 是用于定义和运行多容器 Docker 应用程序的一个工具。通过 Compose,您可以使用 YML 文件来配置应用程序需要的所有服务。然后,使用一个命令,就可以从 YML 文件配置中创建并启动所有服务。可以理解为docker-compose就是容器编排工具。当然,目前最流行的容器编排工具是k8s。
#docker-compose的安装很简单,直接下载二进制可执行文件即可
curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose #在线下载v1.18.0
curl -SL https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose #在线下载v2.12.2
[root@docker ~]# chmod a+x /usr/local/bin/docker-compose #授权
[root@docker ~]# docker-compose -v #查看版本
docker-compose version v2.12.2 , build 5dsandd
#官网下载不了,也可以直接yum安装,yum安装的版本可能不是最新的
yum install docker-compose -y #yum安装
docker-compose -v #查看版本
docker-compose version 1.18.0, build 8dd22a9