centos离线部署docker
有些内部环境需要离线部署,以下做一些备忘。
环境:centos7.9
准备文件:
- docker-20.10.9.tgz,下载地址 https://download.docker.com/linux/static/stable/x86_64/
- docker.service,内容见下文
- daemon.json,内容见下文
- install.sh,内容见下文
- docker-compose-linux-x86_64,按需,有需要docker-compose则安装,下载地址https://github.com/docker/compose/releases
以上5个文件都放在同一个目录下
注意:由于此次服务器挂载盘在 /data,所以把docker的存储目录放在 /data/docker 下,可以按需修改 install.sh 和 daemon.json
1.创建docker.service
通过 vi docker.service,将以下内容拷贝进去
[Unit]Description=Docker Application Container EngineDocumentation=https://docs.docker.comAfter=network-online.target firewalld.serviceWants=network-online.target[Service]Type=notify# the default is not to use systemd for cgroups because the delegate issues still# exists and systemd currently does not support the cgroup feature set required# for containers run by dockerExecStart=/usr/bin/dockerdExecReload=/bin/kill -s HUP $MAINPID# Having non-zero Limit*s causes performance problems due to accounting overhead# in the kernel. We recommend using cgroups to do container-local accounting.LimitNOFILE=infinityLimitNPROC=infinityLimitCORE=infinity# Uncomment TasksMax if your systemd version supports it.# Only systemd 226 and above support this version.#TasksMax=infinityTimeoutStartSec=0# set delegate yes so that systemd does not reset the cgroups of docker containersDelegate=yes# kill only the docker process, not all processes in the cgroupKillMode=process# restart the docker process if it exits prematurelyRestart=on-failureStartLimitBurst=3StartLimitInterval=60s[Install]WantedBy=multi-user.target2.创建 daemon.json
通过 vi daemon.json ,将以下内容拷贝进去
{"iptables":false,"data-root":"/data/docker","storage-driver":"overlay2","log-level":"INFO","log-driver":"json-file","log-opts": {"max-size": "100m","max-file":"5"},"registry-mirrors":["http://hub-mirror.c.163.com"]
}
3.创建 install.sh
通过 install.sh ,将以下内容拷贝进去
# install.sh
#!/bin/sh
echo '创建docker group'
groupadd docker
gpasswd -a root docker
# 还可以创建普通用户 lin 然后加入, useradd lin ; gpasswd -a lin docker
echo 'docker开始安装...'
echo '解压tar包...'
tar -xvf ./docker-20.10.9.tgz
chown root:docker docker/*
echo '将docker目录移到/usr/bin目录下...'
mv docker/* /usr/bin/
echo '将docker.service 移到/etc/systemd/system/ 目录...'
cp -f ./docker.service /etc/systemd/system
echo '添加文件权限...'
chmod +x /etc/systemd/system/docker.serviceecho '创建docker root...'
# 这个目录根据自己修改,相应修改daemon.json的root属性
mkdir /data/docker
echo '创建docker daemon.json ...'
mkdir /etc/docker
cp daemon.js /etc/docker/
echo '重新加载配置文件...'
systemctl daemon-reload
echo '设置开机自启...'
systemctl enable docker.service
echo '启动docker...'
systemctl start docker
if ! docker -v; then
echo "docker 安装失败..."
exit -1
fi
echo 'docker安装成功...'
echo '防火墙添加 masquerade'
# daemon.json 配置了iptables: false,所以增加masquerade,让容器可以访问外部
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --reload# 按需安装docker-compose,不需要则不执行
echo '安装docker-compose...'
mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
echo '添加 docker-compose 执行权限...'
chmod +x /usr/local/bin/docker-compose
if ! docker-compose -v; then
echo "docker-compose 安装失败..."
exit -1
fi
echo 'docker-compose 安装成功...'
4.执行:
可以对着 install.sh 命令逐步执行,也可以直接执行install.sh,sh +x install
注意:以上执行都是用户root下,,如果是普通用户,则需加sudo,且有root权限
以此备忘!