Debian 11 安装 Docker Engine

Debian 11 安装 Docker Engine

卸载旧版本(如果已安装)

sudo apt remove docker docker-engine docker.io containerd runc

安装方法

1. 使用仓库安装

   • 更新 apt 包索引

   sudo apt update
   

   • 安装允许 apt 通过 HPPTS 使用仓库的依赖包

   sudo apt install ca-certificates curl gnupg lsb-release
   

   • 添加 Docker 的官方 GPG 密钥

   curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
   

   • 配置仓库 添加Docker软件源

   echo \
   "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
   $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
   

   官方地址是国外的 国内访问太慢 建议换成国内的镜像地址 比如阿里的
   把地址 https://download.docker.com/linux/debian
   替换成 https://mirrors.aliyun.com/docker-ce/linux/debian

   echo \
   "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://mirrors.aliyun.com/docker-ce/linux/debian \
   $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
   

   • 更新 apt 包索引

   sudo apt update
   

   • 安装最新版本的 Docker Engine,containerd,Docker Compose

   sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin
   

2. 使用 .deb 包手动安装(离线安装)

   官方下载地址太慢 https://download.docker.com/linux/debian/dists
   使用阿里镜像地址 https://mirrors.aliyun.com/docker-ce/linux/debian/dists/
   选择版本 Debian 11 bullseye
   再选 pool
   再选稳定版 stable
   再选 CPU 架构 amd64
   下载相应的版本 例如:

    curl -O https://mirrors.aliyun.com/docker-ce/linux/debian/dists/bullseye/pool/stable/amd64/docker-ce_20.10.16~3-0~debian-bullseye_amd64.deb
   
    curl -O https://mirrors.aliyun.com/docker-ce/linux/debian/dists/bullseye/pool/stable/amd64/docker-ce-cli_20.10.16~3-0~debian-bullseye_amd64.deb
   
    curl -O https://mirrors.aliyun.com/docker-ce/linux/debian/dists/bullseye/pool/stable/amd64/containerd.io_1.6.4-1_amd64.deb
   
    curl -O https://mirrors.aliyun.com/docker-ce/linux/debian/dists/bullseye/pool/stable/amd64/docker-compose-plugin_2.5.0~debian-bullseye_amd64.deb
   

   安装本地包

    sudo dpkg -i docker-ce_20.10.16~3-0~debian-bullseye_amd64.deb \
    docker-ce-cli_20.10.16~3-0~debian-bullseye_amd64.deb \
    docker-compose-plugin_2.5.0~debian-bullseye_amd64.deb \
    containerd.io_1.6.4-1_amd64.deb
   

验证安装

• 运行 hello-world 镜像

  sudo docker run hello-world
  

  打印以下内容 表示安装成功 Hello from Docker!

    Unable to find image 'hello-world:latest' locally
    latest: Pulling from library/hello-world
    2db29710123e: Pull complete
    Digest: sha256:80f31da1ac7b312ba29d65080fddf797dd76acfb870e677f390d5acba9741b17
    Status: Downloaded newer image for hello-world:latest
  
    Hello from Docker!
    This message shows that your installation appears to be working correctly.
  
    To generate this message, Docker took the following steps:
    1. The Docker client contacted the Docker daemon.
    2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
        (amd64)
    3. The Docker daemon created a new container from that image which runs the
        executable that produces the output you are currently reading.
    4. The Docker daemon streamed that output to the Docker client, which sent it
        to your terminal.
  
    To try something more ambitious, you can run an Ubuntu container with:
    $ docker run -it ubuntu bash
  
    Share images, automate workflows, and more with a free Docker ID:
    https://hub.docker.com/
  
    For more examples and ideas, visit:
    https://docs.docker.com/get-started/
  

• 如果提示无法连接到 Docker 守护进程 启动服务后再运行 hello-world 镜像

  docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
  See 'docker run --help'.
  

• 查看 docker,containerd 服务状态 dead

sudo systemctl status docker

● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: inactive (dead)
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com

• 启动服务

sudo systemctl start docker

• 再查看服务状态是 running

sudo systemctl status docker

● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-05-14 16:02:45 CST; 2s ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 4157 (dockerd)
      Tasks: 9
     Memory: 32.6M
        CPU: 125ms
     CGroup: /system.slice/docker.service
             └─4157 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

以非 root 用户身份管理 Docker

Docker 守护进程绑定到 Unix 套接字而不是 TCP 端口。默认情况下，Unix 套接字归 root 用户所有，其他用户只能使用 sudo. Docker 守护程序始终以 root 用户身份运行。
如果您不想在 docker 命令前加上 sudo，请创建一个名为 Unix 组 docker 并将用户添加到其中。当 Docker 守护进程启动时，它会创建一个可供 docker 组成员访问的 Unix 套接字。
docker 组授予与 root 用户等效的权限。

不加 sudo 会提示拒绝访问 permission denied

docker run hello-world

docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.

• 创建 docker 组(可跳过)
  安装 docker 后会自动创建 docker 组 但未向其中添加任何用户 需要使用 sudo 来运行 docker 命令

sudo groupadd docker

• 将 xx 用户添加到 docker 组中

sudo usermod -aG docker xx

• 切换用户当前登录所在组(或注销重新登录) 验证不使用 sudo 时是否可以使用 docker 命令

newgrp docker

Docker Hub 镜像加速

国内从 DockerHub 拉取镜像太慢 可以使用加速器提升获取 Docker 官方镜像的速度
未加速 52 秒

time docker pull debian

Using default tag: latest
latest: Pulling from library/debian
67e8aa6c8bbc: Pull complete
Digest: sha256:6137c67e2009e881526386c42ba99b3657e4f92f546814a33d35b14e60579777
Status: Downloaded newer image for debian:latest
docker.io/library/debian:latest

real    0m51.981s
user    0m0.009s
sys     0m0.046s

配置加速器 以阿里云为例

1. 登录阿里云
2. 进入控制台
3. 搜索 容器镜像服务
4. 镜像工具
5. 镜像加速器 查看个人专属加速器地址(每个人的地址都不一样) 并按说明配置镜像加速器

sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://***.mirror.aliyuncs.com"]
}
EOF

sudo systemctl daemon-reload

sudo systemctl restart docker

删除镜像再次拉取 20 秒

time docker pull debian

Using default tag: latest
latest: Pulling from library/debian
0e29546d541c: Pull complete
Digest: sha256:2906804d2a64e8a13a434a1a127fe3f6a28bf7cf3696be4223b06276f32f1f2d
Status: Downloaded newer image for debian:latest
docker.io/library/debian:latest

real    0m19.556s
user    0m0.004s
sys     0m0.017s

docker 命令 tab 自动补全

示例 docker run h 按 tab 会自动补全后面的 ello-world
示例 docker r 按 2 下 tab 会自动打印匹配的选项 rename restart rm rmi run

如果不能自动补全 需要安装 bash 自动补全工具 bash-completion

sudo apt install bash-completion

docker compose 命令行补全需要安装脚本

sudo curl \
    -L https://raw.githubusercontent.com/docker/compose/v2.5.0/contrib/completion/bash/docker-compose \
    -o /etc/bash_completion.d/docker-compose

如果提示

curl: (7) Failed to connect to raw.githubusercontent.com port 443: 拒绝连接

一般是 DNS 问题 无法解析域名 一般手动配置 DNS 即可解决
修改/etc/resolv.conf 修改 DNS 为阿里 DNS 223.5.5.5 或者 114.114.114.114 等等

sudo vim /etc/resolv.conf

nameserver 223.5.5.5

可惜还是404 截止 2022.05.15 还没有解决？https://github.com/docker/compose/issues/8550

参考资料

1. https://docs.docker.com/engine/install/debian/
2. https://docs.docker.com/engine/install/linux-postinstall/
3. https://docs.docker.com/compose/completion/