docker 二进制部署普通用户启动

groupadd docker

gpasswd  -a cbf docker

/etc/systemd/system

docker.service

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

[Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target   [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process # restart the docker process if it exits prematurely Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s   [Install] WantedBy=multi-user.target

 docker.socket

?

1 2 3 4 5 6 7 8 9 10 11 12

[Unit] Description=Docker Socket for the API PartOf=docker.service   [Socket] ListenStream=/var/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker   [Install] WantedBy=sockets.target

 配置普通用户使用systemctl 命令

vi /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy

?

1 2 3 4 5

<defaults>            <allow_any>yes</allow_any>           <allow_inactive>yes</allow_inactive>            <allow_active>yes</allow_active>  </defaults>

 全部替换yes

systemctl restart polkit

systemctl  enable docker.service

systemctl  start docker.service