Docker 24.0.5 部署

Docker 24.0.5 部署

  • 文档资料
  • 介质路径
  • 环境要求
  • 内核升级
    • 1. 查看 Linux 当前使用的内核版本
    • 2. 查看系统内所有内核版本
    • 3. 下载新 Linux 内核介质
    • 4. 安装新 Linux 内核
    • 5. 复查系统内核中是否已包含新内核版本
    • 6. 指定开机所使用的默认内核版本
    • 7. 重启系统,使配置生效
    • 8. 复查系统内核版本是否已更新
  • 部署依赖服务
    • 1. 查看系统是否已安装 device-mapper-persistent-data、lvm2 和 iptables 服务
    • 2. 安装 device-mapper-persistent-data、lvm2 和 iptables 服务
    • 3. 复查系统是否已安装 device-mapper-persistent-data、lvm2 和 iptables 服务
  • 基于 YUM 源部署 Docker
    • 1. 查看当前 YUM 源是否包含 Docker 介质
    • 2. 部署 Docker YUM 源
    • 3. 复查 YUM 源是否包含 Docker 介质
    • 4. 卸载原始所安装的 Docker 服务
    • 5. 安装最新版本的 Dokcer 服务
    • 6. 启动 Docker 服务
    • 7. 设置 Docker 服务开机自启
    • 8. 查看 Docker 服务状态
    • 9. 查看 Docker 服务版本
  • 基于源码部署 Docker
    • 1. 下载 Docker 源码包
    • 2. 存放源码包
    • 3. 创建 docker 组
    • 4. 创建配置文件 docker.service
    • 5. 创建配置文件 docker.socket
    • 6. 创建配置文件 containerd.service
    • 7. 刷新系统配置
    • 8. 重启 Containerd 服务
    • 9. 重启 Containerd 服务
    • 10. 查看 Docker 服务状态
    • 11. 查看 Docker 服务版本
  • 优化 Docker 服务
    • 1. 申请阿里云加速器
    • 2. 创建配置文件路径
    • 3. 创建配置文件 daemon.json
    • 4. 配置 daemon.json
  • 附录
    • 1. daemon.json 完整样例

文档资料

  • Docker 文档:https://docs.docker.com/engine/install/centos
  • 阿里云文档:https://developer.aliyun.com/mirror/docker-ce
  • 阿里云加速器申请文档:https://help.aliyun.com/zh/acr/user-guide/accelerate-the-pulls-of-docker-official-images
  • daemon.json 配置介绍:https://docs.docker.com/config/daemon
  • daemon.json 配置样例:https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file

介质路径

  • 官方 Docker 介质下载地址:https://download.docker.com
  • 阿里云 Docker 介质下载地址:https://mirrors.aliyun.com/docker-ce
  • 官方 Linux 内核介质下载地址:https://elrepo.org/linux/kernel/el7/x86_64/RPMS

环境要求

  • Linux 内核版本须大于 3.10.x
  • 依赖 device-mapper-persistent-data 和 lvm2 服务

内核升级

1. 查看 Linux 当前使用的内核版本

uname -rs

# 输出结果
Linux 3.10.0-1160.el7.x86_64

2. 查看系统内所有内核版本

grep "menuentry 'CentOS Linux" /boot/grub2/grub.cfg

# 输出结果
menuentry 'CentOS Linux (3.10.0-1160.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.el7.x86_64-advanced-b3625020-9611-4b9c-bbdb-ba8201ff237f' {
menuentry 'CentOS Linux (0-rescue-70c3d478368e4e1f9fb2ac2a0347721c) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-0-rescue-70c3d478368e4e1f9fb2ac2a0347721c-advanced-b3625020-9611-4b9c-bbdb-ba8201ff237f' {

3. 下载新 Linux 内核介质

wget https://elrepo.org/linux/kernel/el7/x86_64/RPMS/kernel-lt-5.4.253-1.el7.elrepo.x86_64.rpm

4. 安装新 Linux 内核

rpm -ivh kernel-lt-5.4.253-1.el7.elrepo.x86_64.rpm

5. 复查系统内核中是否已包含新内核版本

grep "menuentry 'CentOS Linux" /boot/grub2/grub.cfg

# 输出结果
# 已增加新安装的 Linux 内核 5.4.253
menuentry 'CentOS Linux (5.4.253-1.el7.elrepo.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.el7.x86_64-advanced-b3625020-9611-4b9c-bbdb-ba8201ff237f' {
menuentry 'CentOS Linux (3.10.0-1160.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.el7.x86_64-advanced-b3625020-9611-4b9c-bbdb-ba8201ff237f' {
menuentry 'CentOS Linux (0-rescue-70c3d478368e4e1f9fb2ac2a0347721c) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-0-rescue-70c3d478368e4e1f9fb2ac2a0347721c-advanced-b3625020-9611-4b9c-bbdb-ba8201ff237f' {

6. 指定开机所使用的默认内核版本

# 获取新内核版本名称
grub2-set-default '$(grep "menuentry 'CentOS Linux (5.4.253" /boot/grub2/grub.cfg | awk -F "'" '{print $2}')'

# 输出结果
CentOS Linux (5.4.253-1.el7.elrepo.x86_64) 7 (Core)

# 指定系统默认加载内核版本为 5.4.253
grub2-set-default 'CentOS Linux (5.4.253-1.el7.elrepo.x86_64) 7 (Core)'

7. 重启系统,使配置生效

reboot

8. 复查系统内核版本是否已更新

uname -rs

# 输出结果
# 已更新为 5.4.253
Linux 5.4.253-1.el7.elrepo.x86_64

部署依赖服务

1. 查看系统是否已安装 device-mapper-persistent-data、lvm2 和 iptables 服务

yum list installed | grep -E "device-mapper-persistent-data|lvm2|iptables"

# 输出结果
# 输出结果为空,表示未安装

2. 安装 device-mapper-persistent-data、lvm2 和 iptables 服务

yum install device-mapper-persistent-data lvm2 iptables -y

3. 复查系统是否已安装 device-mapper-persistent-data、lvm2 和 iptables 服务

yum list installed | grep -E "device-mapper-persistent-data|lvm2|iptables"

# 输出结果
# 有输出结果,表示已安装 device-mapper-persistent-data、lvm2 和 iptables 服务
device-mapper-persistent-data.x86_64 0.8.5-3.el7_9.2                @updates
iptables.x86_64                      1.4.21-35.el7                  @anaconda
lvm2.x86_64                          7:2.02.187-6.el7_9.5           @updates
lvm2-libs.x86_64                     7:2.02.187-6.el7_9.5           @updates

基于 YUM 源部署 Docker

1. 查看当前 YUM 源是否包含 Docker 介质

yum list docker-ce --showduplicates | sort -r

# 输出结果
# 输出为空,表示无 docker-ce 介质,无法直接通过 yum 命令安装

2. 部署 Docker YUM 源

# 获取阿里云的 Docker YUM 源的配置文件
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /data/medium/docker/docker-ce-aliyun.repo

# 将配置文件移至 YUM 服务的配置路径
mv /data/medium/docker/docker-ce-aliyun.repo /etc/yum.repos.d/

# 刷新 YUM 源
yum clean all && yum makecache 

3. 复查 YUM 源是否包含 Docker 介质

yum list docker-ce --showduplicates | sort -r

# 输出结果
# 所有能够安装的版本都会进行罗列
docker-ce.x86_64            3:24.0.6-1.el7                     docker-ce-stable
docker-ce.x86_64            3:24.0.5-1.el7                     docker-ce-stable
docker-ce.x86_64            3:24.0.5-1.el7                     @docker-ce-stable
docker-ce.x86_64            3:24.0.4-1.el7                     docker-ce-stable
docker-ce.x86_64            3:24.0.3-1.el7                     docker-ce-stable
docker-ce.x86_64            3:24.0.2-1.el7                     docker-ce-stable
docker-ce.x86_64            3:24.0.1-1.el7                     docker-ce-stable
docker-ce.x86_64            3:24.0.0-1.el7                     docker-ce-stable
docker-ce.x86_64            3:23.0.6-1.el7                     docker-ce-stable
docker-ce.x86_64            3:23.0.5-1.el7                     docker-ce-stable
docker-ce.x86_64            3:23.0.4-1.el7                     docker-ce-stable
docker-ce.x86_64            3:23.0.3-1.el7                     docker-ce-stable
docker-ce.x86_64            3:23.0.2-1.el7                     docker-ce-stable
docker-ce.x86_64            3:23.0.1-1.el7                     docker-ce-stable
docker-ce.x86_64            3:23.0.0-1.el7                     docker-ce-stable

4. 卸载原始所安装的 Docker 服务

yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine -y

5. 安装最新版本的 Dokcer 服务

yum install docker-ce -y

6. 启动 Docker 服务

systemctl restart docker

7. 设置 Docker 服务开机自启

systemctl enable docker

8. 查看 Docker 服务状态

systemctl status docker

# 输出结果
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2023-11-13 13:01:07 CST; 2 weeks 2 days ago
     Docs: https://docs.docker.com
Main PID: 1446 (dockerd)
    Tasks: 67
   Memory: 111.7M
   CGroup: /system.slice/docker.service
           └─1446 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

9. 查看 Docker 服务版本

docker version
 
# 输出结果
Client: Docker Engine - Community
 Version:           24.0.5
 API version:       1.43
 Go version:        go1.20.6
 Git commit:        ced0996
 Built:             Fri Jul 21 20:39:02 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
Engine:
  Version:          24.0.5
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.6
  Git commit:       a61e2b4
  Built:            Fri Jul 21 20:38:05 2023
  OS/Arch:          linux/amd64
  Experimental:     false
containerd:
  Version:          1.6.22
  GitCommit:        8165feabfdfe38c65b599c4993d227328c231fca
runc:
  Version:          1.1.8
  GitCommit:        v1.1.8-0-g82f18fe
docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

基于源码部署 Docker

1. 下载 Docker 源码包

wget https://download.docker.com/linux/static/stable/x86_64/docker-24.0.6.tgz

2. 存放源码包

# 解压 Docker 源码压缩包
tar -xf docker-24.0.6.tgz

# 将源码配置移至指定路径
mv ./docker/* /usr/bin/

3. 创建 docker 组

groupadd docker

4. 创建配置文件 docker.service

cat > /etc/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service time-set.target
Wants=network-online.target containerd.service
Requires=docker.socket

[Service]
Type=notify

# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.

StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.

StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.

LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.

TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers

Delegate=yes

# kill only the docker process, not all processes in the cgroup

KillMode=process
OOMScoreAdjust=-500

[Install]
WantedBy=multi-user.target
EOF

5. 创建配置文件 docker.socket

cat > /etc/systemd/system/docker.socket << EOF
[Unit]
Description=Docker Socket for the API

[Socket]
# If /var/run is not implemented as a symlink to /run, you may need to
# specify ListenStream=/var/run/docker.sock instead.

ListenStream=/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
EOF

6. 创建配置文件 containerd.service

cat > /etc/systemd/system/containerd.service << EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.

LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this version.

TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target
EOF

7. 刷新系统配置

systemctl daemon-reload

8. 重启 Containerd 服务

systemctl restart containerd.service && systemctl enable containerd.service

9. 重启 Containerd 服务

systemctl restart docker.service && systemctl enable docker.service

10. 查看 Docker 服务状态

systemctl status docker

# 输出结果
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2023-11-13 13:01:07 CST; 2 weeks 2 days ago
     Docs: https://docs.docker.com
Main PID: 1446 (dockerd)
    Tasks: 67
   Memory: 111.7M
   CGroup: /system.slice/docker.service
           └─1446 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

11. 查看 Docker 服务版本

docker version

# 输出结果
Client: Docker Engine - Community
 Version:           24.0.5
 API version:       1.43
 Go version:        go1.20.6
 Git commit:        ced0996
 Built:             Fri Jul 21 20:39:02 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
Engine:
  Version:          24.0.5
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.6
  Git commit:       a61e2b4
  Built:            Fri Jul 21 20:38:05 2023
  OS/Arch:          linux/amd64
  Experimental:     false
containerd:
  Version:          1.6.22
  GitCommit:        8165feabfdfe38c65b599c4993d227328c231fca
runc:
  Version:          1.1.8
  GitCommit:        v1.1.8-0-g82f18fe
docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

优化 Docker 服务

1. 申请阿里云加速器

​通过 阿里云加速器申请文档,完成阿里云加速器

2. 创建配置文件路径

mkdir -p /data/service/docker/data

3. 创建配置文件 daemon.json

touch /etc/docker/daemon.json

4. 配置 daemon.json

{
  /*
   * 启动调试模式
   * 获取更加详细的日志信息
   */
  "debug": ture,

  // 在 Docker 守护进程意外终止或重新启动期间,尽量保持容器的活动状态
  "live-restore": true,

  // 添加 Docker 镜像加速器
  "registry-mirrors": [" https://sw7fzj1e.mirror.aliyuncs.com "],

  /*
   * 调整 Docker 根目录
   * 默认目录为 /var/lib/docker
   * 此目录需要与配置文件所在目录保持一致
   */ 
  "data-root": "/data/service/docker/data",

  // 调整 Docker 日志配置
  "log-driver": "json-file",
  "log-opts": {

    // max-file: 日志文件的上限个数
    "max-size": "100m",

    // max-size: 单个日志文件的上限大小
    "max-file": "5",
  },

  /* 指定 Docker 容器的默认网段
   * 默认为 172.17.0.0/16
   * 默认网段不可与宿主机 IP 地址在同一网段
   */ 
  "default-address-pools": [
    {
      // bashe: 地址池网段
      "base": "172.16.0.1/24",

      // size: 地址池中可分配的地址数量。24 表示 255 个可用地址
      "size": 24
    }
  ]
}

附录

1. daemon.json 完整样例

{
  "allow-nondistributable-artifacts": [],
  "api-cors-header": "",
  "authorization-plugins": [],
  "bip": "",
  "bridge": "",
  "cgroup-parent": "",
  "containerd": "/run/containerd/containerd.sock",
  "containerd-namespace": "docker",
  "containerd-plugin-namespace": "docker-plugins",
  "data-root": "",
  "debug": true,
  "default-address-pools": [
    {
      "base": "172.30.0.0/16",
      "size": 24
    },
    {
      "base": "172.31.0.0/16",
      "size": 24
    }
  ],
  "default-cgroupns-mode": "private",
  "default-gateway": "",
  "default-gateway-v6": "",
  "default-runtime": "runc",
  "default-shm-size": "64M",
  "default-ulimits": {
    "nofile": {
      "Hard": 64000,
      "Name": "nofile",
      "Soft": 64000
    }
  },
  "dns": [],
  "dns-opts": [],
  "dns-search": [],
  "exec-opts": [],
  "exec-root": "",
  "experimental": false,
  "features": {},
  "fixed-cidr": "",
  "fixed-cidr-v6": "",
  "group": "",
  "hosts": [],
  "icc": false,
  "init": false,
  "init-path": "/usr/libexec/docker-init",
  "insecure-registries": [],
  "ip": "0.0.0.0",
  "ip-forward": false,
  "ip-masq": false,
  "iptables": false,
  "ip6tables": false,
  "ipv6": false,
  "labels": [],
  "live-restore": true,
  "log-driver": "json-file",
  "log-level": "",
  "log-opts": {
    "cache-disabled": "false",
    "cache-max-file": "5",
    "cache-max-size": "20m",
    "cache-compress": "true",
    "env": "os,customer",
    "labels": "somelabel",
    "max-file": "5",
    "max-size": "10m"
  },
  "max-concurrent-downloads": 3,
  "max-concurrent-uploads": 5,
  "max-download-attempts": 5,
  "mtu": 0,
  "no-new-privileges": false,
  "node-generic-resources": [
    "NVIDIA-GPU=UUID1",
    "NVIDIA-GPU=UUID2"
  ],
  "oom-score-adjust": -500,
  "pidfile": "",
  "raw-logs": false,
  "registry-mirrors": [],
  "runtimes": {
    "cc-runtime": {
      "path": "/usr/bin/cc-runtime"
    },
    "custom": {
      "path": "/usr/local/bin/my-runc-replacement",
      "runtimeArgs": [
        "--debug"
      ]
    }
  },
  "seccomp-profile": "",
  "selinux-enabled": false,
  "shutdown-timeout": 15,
  "storage-driver": "",
  "storage-opts": [],
  "swarm-default-advertise-addr": "",
  "tls": true,
  "tlscacert": "",
  "tlscert": "",
  "tlskey": "",
  "tlsverify": true,
  "userland-proxy": false,
  "userland-proxy-path": "/usr/libexec/docker-proxy",
  "userns-remap": ""
}

你可能感兴趣的:(Kubernetes,docker,容器,运维)