更正docker/install-binary

2024-11-08 10:47:28 +08:00 · 2024-11-08 10:47:28 +08:00 · c2e53705b2
commit c2e53705b2
parent ddccdb2418
1 changed files with 19 additions and 96 deletions
--- a/docs/src/docker/install-binary.md
+++ b/docs/src/docker/install-binary.md
@ -4,7 +4,9 @@

 ## 说明

-本文在Debian12系统上直接通过二进制包安装docker服务，适用于离线场景。
+本文在Debian12系统上直接通过二进制安装docker（包括docker compose和docker buildx），适用于离线场景。
+
+本文操作过程都是在root用户下完成的。

 ## 系统依赖

@ -37,15 +39,7 @@ curl -L -O https://github.com/docker/buildx/releases/download/v0.18.0/buildx-v0.

 ```sh
 tar zxvf docker-27.3.1.tgz
-sudo cp docker/* /usr/bin/
-```
-
-### 创建用户组
-
-```sh
-sudo groupadd docker
-sudo usermod -aG docker $USER
-newgrp docker
+cp docker/* /usr/local/bin/
 ```

 ### 注册系统服务
@ -59,20 +53,6 @@ vim /usr/lib/systemd/system/containerd.service
 内容如下：

 ```sh
-# Copyright The containerd Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 [Unit]
 Description=containerd container runtime
 Documentation=https://containerd.io
@ -80,7 +60,7 @@ After=network.target local-fs.target

 [Service]
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/bin/containerd
+ExecStart=/usr/local/bin/containerd

 Type=notify
 Delegate=yes
@ -101,30 +81,6 @@ OOMScoreAdjust=-999
 WantedBy=multi-user.target
 ```

-#### docker.socket
-
-```sh
-vim /usr/lib/systemd/system/docker.socket
-```
-
-内容
-
-```sh
-[Unit]
-Description=Docker Socket for the API
-
-[Socket]
-# If /var/run is not implemented as a symlink to /run, you may need to
-# specify ListenStream=/var/run/docker.sock instead.
-ListenStream=/run/docker.sock
-SocketMode=0660
-SocketUser=root
-SocketGroup=docker
-
-[Install]
-WantedBy=sockets.target
-```
-
 #### docker.service

 ```sh
@ -134,52 +90,18 @@ vim /usr/lib/systemd/system/docker.service
 内容

 ```sh
-[Unit]
-Description=Docker Application Container Engine
-Documentation=https://docs.docker.com
-After=network-online.target docker.socket firewalld.service containerd.service time-set.target
-Wants=network-online.target containerd.service
-Requires=docker.socket
+[Unit]  
+Description=Docker Application Container Engine  
+Documentation=https://docs.docker.com  
+After=network.target containerd.service  
+Wants=containerd.service  

-[Service]
-Type=notify
-# the default is not to use systemd for cgroups because the delegate issues still
-# exists and systemd currently does not support the cgroup feature set required
-# for containers run by docker
-ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
-ExecReload=/bin/kill -s HUP $MAINPID
-TimeoutStartSec=0
-RestartSec=2
-Restart=always
+[Service]  
+ExecStart=/usr/local/bin/dockerd  
+Restart=always  
+RestartSec=5  

-# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
-# Both the old, and new location are accepted by systemd 229 and up, so using the old location
-# to make them work for either version of systemd.
-StartLimitBurst=3
-
-# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
-# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
-# this option work for either version of systemd.
-StartLimitInterval=60s
-
-# Having non-zero Limit*s causes performance problems due to accounting overhead
-# in the kernel. We recommend using cgroups to do container-local accounting.
-LimitNOFILE=infinity
-LimitNPROC=infinity
-LimitCORE=infinity
-
-# Comment TasksMax if your systemd version does not support it.
-# Only systemd 226 and above support this option.
-TasksMax=infinity
-
-# set delegate yes so that systemd does not reset the cgroups of docker containers
-Delegate=yes
-
-# kill only the docker process, not all processes in the cgroup
-KillMode=process
-OOMScoreAdjust=-500
-
-[Install]
+[Install]  
 WantedBy=multi-user.target
 ```

@ -195,7 +117,8 @@ systemctl enable --now docker
 截至本文发布时，docker compose的最新版本是2.30.1，以下命令适用于amd64平台，其他平台请到<https://github.com/docker/compose/releases>去找对应的二进制包。

 ```sh
-cp docker-compose-linux-x86_64 /usr/local/lib/docker/cli-plugins/docker-compose
+mkdir -p /usr/local/lib/docker/cli-plugins
+cp docker-compose-linux-x86_64 \/usr/local/lib/docker/cli-plugins/docker-compose
 chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
 ```

@ -213,8 +136,8 @@ docker buildx install

 ```sh
 modprobe br_netfilter
-sudo bash -c 'echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1" > /etc/sysctl.d/bridge.conf && modprobe br_netfilter'
-sudo sysctl -p /etc/sysctl.d/bridge.conf
+bash -c 'echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1" > /etc/sysctl.d/bridge.conf && modprobe br_netfilter'
+sysctl -p /etc/sysctl.d/bridge.conf
 systemctl restart docker
 ```