Skip to content

Latest commit

 

History

History
172 lines (137 loc) · 4.46 KB

docker-install.md

File metadata and controls

172 lines (137 loc) · 4.46 KB

study_docker

0.卸载旧版本

yum remove -y docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine

1.安装Docker

第一步:使用国内Docker源

cd /etc/yum.repos.d/
wget -O docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

#或
yum -y install yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum install -y yum-utils \
device-mapper-persistent-data \
lvm2

第二步:Docker安装:

yum install -y docker-ce

第三步:启动后台进程:

#启动docker服务
systemctl restart docker

#设置docker服务开启自启
systemctl enable docker

#Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

#查看是否成功设置docker服务开启自启
systemctl list-unit-files|grep docker

docker.service                                enabled

#关闭docker服务开启自启
systemctl disable docker

#Removed symlink /etc/systemd/system/multi-user.target.wants/docker.service.

2.脚本安装Docker

#2.1、Docker官方安装脚本
curl -sSL https://get.docker.com/ | sh

#这个脚本会添加docker.repo仓库并且安装Docker

#2.2、阿里云的安装脚本
curl -sSL http://acs-public-mirror.oss-cn-hangzhou.aliyuncs.com/docker-engine/internet | sh -

#2.3、DaoCloud 的安装脚本
curl -sSL https://get.daocloud.io/docker | sh

3.Docker服务文件

# Docker从1.13版本开始调整了默认的防火墙规则,禁用了iptables filter表中FOWARD链,这样会引起Kubernetes集群中跨Node的Pod无法通信,执行下面命令
#注意,有变量的地方需要使用转义符号

cat > /usr/lib/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --exec-opt native.cgroupdriver=systemd
ExecReload=/bin/kill -s HUP \$MAINPID
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

3.1、配置docker加速器

mkdir -p /data0/docker-data

cat > /etc/docker/daemon.json << \EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "data-root": "/data0/docker-data",
  "registry-mirrors" : [
    "https://ot2k4d59.mirror.aliyuncs.com/"
  ],
  "insecure-registries": ["reg.hub.com"]
}
EOF

或者
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io

3.2、重新加载docker的配置文件

systemctl daemon-reload
systemctl restart docker

3.3、内核参数配置

#编辑文件
vim /etc/sysctl.conf

net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

#然后执行
sysctl -p

#查看docker信息是否生效
docker info

4.通过测试镜像运行一个容器来验证Docker是否安装正确

docker run hello-world