wandoubaba/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

更正docker/install-binary

Browse Source
This commit is contained in:
wandoubaba 2024-11-08 10:47:28 +08:00
parent ddccdb2418
commit c2e53705b2
1 changed files with 19 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
docs/src/docker/install-binary.md
View File

@ -4,7 +4,9 @@
## 说明 ## 说明
本文在Debian12系统上直接通过二进制包安装docker服务适用于离线场景。 本文在Debian12系统上直接通过二进制安装docker包括docker compose和docker buildx适用于离线场景。
本文操作过程都是在root用户下完成的。
## 系统依赖 ## 系统依赖
@ -37,15 +39,7 @@ curl -L -O https://github.com/docker/buildx/releases/download/v0.18.0/buildx-v0.
```sh ```sh
tar zxvf docker-27.3.1.tgz tar zxvf docker-27.3.1.tgz
sudo cp docker/* /usr/bin/ cp docker/* /usr/local/bin/
```
### 创建用户组
```sh
sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker
``` ```
### 注册系统服务 ### 注册系统服务
@ -59,20 +53,6 @@ vim /usr/lib/systemd/system/containerd.service
内容如下: 内容如下:
```sh ```sh
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit] [Unit]
Description=containerd container runtime Description=containerd container runtime
Documentation=https://containerd.io Documentation=https://containerd.io
@ -80,7 +60,7 @@ After=network.target local-fs.target
[Service] [Service]
ExecStartPre=-/sbin/modprobe overlay ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd ExecStart=/usr/local/bin/containerd
Type=notify Type=notify
Delegate=yes Delegate=yes
@ -101,30 +81,6 @@ OOMScoreAdjust=-999
WantedBy=multi-user.target WantedBy=multi-user.target
``` ```
#### docker.socket
```sh
vim /usr/lib/systemd/system/docker.socket
```
内容
```sh
[Unit]
Description=Docker Socket for the API
[Socket]
# If /var/run is not implemented as a symlink to /run, you may need to
# specify ListenStream=/var/run/docker.sock instead.
ListenStream=/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
```
#### docker.service #### docker.service
```sh ```sh
@ -137,47 +93,13 @@ vim /usr/lib/systemd/system/docker.service
[Unit] [Unit]
Description=Docker Application Container Engine Description=Docker Application Container Engine
Documentation=https://docs.docker.com Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service time-set.target After=network.target containerd.service
Wants=network-online.target containerd.service Wants=containerd.service
Requires=docker.socket
[Service] [Service]
Type=notify ExecStart=/usr/local/bin/dockerd
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always Restart=always
RestartSec=5
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
@ -195,7 +117,8 @@ systemctl enable --now docker
截至本文发布时docker compose的最新版本是2.30.1以下命令适用于amd64平台其他平台请到<https://github.com/docker/compose/releases>去找对应的二进制包。 截至本文发布时docker compose的最新版本是2.30.1以下命令适用于amd64平台其他平台请到<https://github.com/docker/compose/releases>去找对应的二进制包。
```sh ```sh
cp docker-compose-linux-x86_64 /usr/local/lib/docker/cli-plugins/docker-compose mkdir -p /usr/local/lib/docker/cli-plugins
cp docker-compose-linux-x86_64 \/usr/local/lib/docker/cli-plugins/docker-compose
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
``` ```
@ -213,8 +136,8 @@ docker buildx install
```sh ```sh
modprobe br_netfilter modprobe br_netfilter
sudo bash -c 'echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1" > /etc/sysctl.d/bridge.conf && modprobe br_netfilter' bash -c 'echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1" > /etc/sysctl.d/bridge.conf && modprobe br_netfilter'
sudo sysctl -p /etc/sysctl.d/bridge.conf sysctl -p /etc/sysctl.d/bridge.conf
systemctl restart docker systemctl restart docker
``` ```