前言
官方提供免安装的二进制程序包,解压后就能用。
PS1: docker基于iptables做路由转发,所以亲测debian11上需要先安装iptables(apt install -y iptables)
docker安装步骤
- 官网下载安装包。
- 解压安装包,将安装包内的二进制程序解压到
/usr/local/bin目录。 - 建立
docker的数据存放目录:
mkdir -p /home/data/docker
- 创建docker的service文件(
/usr/lib/systemd/system/docker.service):
[Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/local/bin/dockerd --data-root /home/data/docker ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process # restart the docker process if it exits prematurely Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target
- 使配置生效
systemctl daemon-reload systemctl start docker systemctl enable docker
- 验证
docker info
docker-compose安装步骤
- 官网下载二进制程序包
- 重命名为
docker-compose,并移到/usr/local/bin - 验证
docker-compose --version
配置docker的daemon.json
- vim /etc/docker/daemon.json(检查格式:
cat /etc/docker/daemon.json | python -m json.tool)
{ "exec-opts": [ "native.cgroupdriver=systemd" ], "log-driver": "json-file", "log-level": "warn", "log-opts": { "max-size": "100m" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ], "registry-mirrors": [ "https://sral7lkb.mirror.aliyuncs.com" ], "ip-forward": true, "ip-masq": false, "iptables": false, "ipv6": false, "live-restore": true, "selinux-enabled": false, "bip": "172.17.200.1/24", "data-root": "/home/data/docker" }
官方完全示例
{ "allow-nondistributable-artifacts": [], "api-cors-header": "", "authorization-plugins": [], "bip": "", "bridge": "", "cgroup-parent": "", "containerd": "/run/containerd/containerd.sock", "containerd-namespace": "docker", "containerd-plugin-namespace": "docker-plugins", "data-root": "", "debug": true, "default-address-pools": [ { "base": "172.30.0.0/16", "size": 24 }, { "base": "172.31.0.0/16", "size": 24 } ], "default-cgroupns-mode": "private", "default-gateway": "", "default-gateway-v6": "", "default-runtime": "runc", "default-shm-size": "64M", "default-ulimits": { "nofile": { "Hard": 64000, "Name": "nofile", "Soft": 64000 } }, "dns": [], "dns-opts": [], "dns-search": [], "exec-opts": [], "exec-root": "", "experimental": false, "features": {}, "fixed-cidr": "", "fixed-cidr-v6": "", "group": "", "hosts": [], "proxies": { "http-proxy": "http://proxy.example.com:80", "https-proxy": "https://proxy.example.com:443", "no-proxy": "*.test.example.com,.example.org", }, "icc": false, "init": false, "init-path": "/usr/libexec/docker-init", "insecure-registries": [], "ip": "0.0.0.0", "ip-forward": false, "ip-masq": false, "iptables": false, "ip6tables": false, "ipv6": false, "labels": [], "live-restore": true, "log-driver": "json-file", "log-level": "", "log-opts": { "cache-disabled": "false", "cache-max-file": "5", "cache-max-size": "20m", "cache-compress": "true", "env": "os,customer", "labels": "somelabel", "max-file": "5", "max-size": "10m" }, "max-concurrent-downloads": 3, "max-concurrent-uploads": 5, "max-download-attempts": 5, "mtu": 0, "no-new-privileges": false, "node-generic-resources": [ "NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2" ], "oom-score-adjust": 0, "pidfile": "", "raw-logs": false, "registry-mirrors": [], "runtimes": { "cc-runtime": { "path": "/usr/bin/cc-runtime" }, "custom": { "path": "/usr/local/bin/my-runc-replacement", "runtimeArgs": [ "--debug" ] } }, "seccomp-profile": "", "selinux-enabled": false, "shutdown-timeout": 15, "storage-driver": "", "storage-opts": [], "swarm-default-advertise-addr": "", "tls": true, "tlscacert": "", "tlscert": "", "tlskey": "", "tlsverify": true, "userland-proxy": false, "userland-proxy-path": "/usr/libexec/docker-proxy", "userns-remap": "" }
补充
- 普通用户如需使用二进制方式安装的docker,可参考以下步骤。假设普通用户的用户名为admin
# 1. 创建docker用户组 groupadd docker # 2. 将admin用户加到docker用户组 usermod admin -a -G docker # 3. 重启docker systemctl restart docker # 4. admin用户执行docker命令进行测试
