Write by lyc at 2021-3-2
1.二进制安装 docker-20.10.4
docker 二进制包下载
Docker目前分为两个版本:EE版本(企业版本)、CE版本(社区版本)。我们一般都是使用CE社区版。
二进制安装的优势就是:支持离线、快速部署、跨平台(CentOS/Ubuntu之间通用)
安装
1 2 3 4
| $ cd /usr/local/src $ wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.4.tgz $ tar xvf docker-20.10.4.tgz $ mv docker/* /usr/bin
|
修改docker家目录
docker家目录默认是在 /var/lib/docker
,为了防止镜像、容器等把服务器的 /
根占满,我们把其 link软链接到挂载盘。
1 2
| $ mkdir -p /data/docker_data/docker $ ln -s /data/docker_data/docker /var/lib
|
2.systemd 管理docker
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
| $ cat > /etc/systemd/system/docker.service << EOF [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target
[Service] Type=notify ExecStart=/usr/bin/dockerd ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TimeoutStartSec=0 Delegate=yes KillMode=process Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s
[Install] WantedBy=multi-user.target EOF
|
3.配置阿里云镜像源加速器
1 2 3 4 5 6
| $ mkdir -p /etc/docker $ cat > /etc/docker/daemon.json << EOF { "registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"] } EOF
|
4.启动并设置开机启动
1 2 3
| $ systemctl daemon-reload $ systemctl start docker $ systemctl enable docker
|
5.验证
docker -v
1 2
| $ docker -v Docker version 20.10.4, build d3cb89e
|
docker version
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
| $ docker version Client: Docker Engine - Community Version: 20.10.4 API version: 1.41 Go version: go1.13.15 Git commit: d3cb89e Built: Thu Feb 25 07:01:39 2021 OS/Arch: linux/amd64 Context: default Experimental: true
Server: Docker Engine - Community Engine: Version: 20.10.4 API version: 1.41 (minimum version 1.12) Go version: go1.13.15 Git commit: 363e9a8 Built: Thu Feb 25 07:05:55 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.4.3 GitCommit: 269548fa27e0089a8b8278fc4fc781d7f65a939b runc: Version: 1.0.0-rc93 GitCommit: 12644e614e25b05da6fd08a38ffa0cfe1903fdec docker-init: Version: 0.19.0 GitCommit: de40ad0
|
docker info
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
| $ docker info Client: Context: default Debug Mode: false
Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 20.10.4 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: 269548fa27e0089a8b8278fc4fc781d7f65a939b runc version: 12644e614e25b05da6fd08a38ffa0cfe1903fdec init version: de40ad0 Security Options: seccomp Profile: default Kernel Version: 4.19.0-9.el7.ucloud.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.716GiB Name: 10-19-10-132 ID: WGFP:E2MN:PMUS:JPVI:ILJT:SQUU:3AIB:HXZ6:W6OD:HVPJ:T3AT:3PNR Docker Root Dir: /data/docker_data/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: https://b9pmyelo.mirror.aliyuncs.com/ Live Restore Enabled: false Product License: Community Engine
WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
|
6.执行docker info出现警告
WARNING: bridge-nf-call-iptables is disabled解决
1 2 3
| .... WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled
|
添加内核参数
1 2 3 4 5
| $ vim /etc/sysctl.conf net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1
$ sysctl -p
|