离线安装docker

!/bin/bash

url=https://download.docker.com/linux/static/stable/x86_64

url=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/static/stable/x86_64
docker_version=$1

prerun(){
modprobe br_netfilter
echo 1 >/proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 >/proc/sys/net/bridge/bridge-nf-call-ip6tables
cat <<EOF | sudo tee /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
}

get_docker(){
[ -d "/opt/docker-${docker_version:-20.10.9}" ] || mkdir /opt/docker-${docker_version:-20.10.9}

cd /opt/docker-${docker_version:-20.10.9} &&\
if [ ! -f docker-${docker_version:-20.10.9}.tgz ];then
    curl -SsL -O  ${url}/docker-${docker_version:-20.10.9}.tgz
fi
#
tar xf docker-${docker_version:-20.10.9}.tgz && \
/usr/bin/mv /opt/docker-${docker_version:-20.10.9}/docker/* /usr/bin/

}

systemctlfile_docker(){

cat >/usr/lib/systemd/system/docker.socket<<EOF
[Unit]
Description=Docker Socket for the API

[Socket]

If /var/run is not implemented as a symlink to /run, you may need to

specify ListenStream=/var/run/docker.sock instead.

ListenStream=/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
EOF

cat >/usr/lib/systemd/system/containerd.service<<EOF

Copyright The containerd Authors.

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5

Having non-zero Limit*s causes performance problems due to accounting overhead

in the kernel. We recommend using cgroups to do container-local accounting.

LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity

Comment TasksMax if your systemd version does not supports it.

Only systemd 226 and above support this version.

TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target
EOF

cat >/usr/lib/systemd/system/docker.service<<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service

[Service]
Type=notify

the default is not to use systemd for cgroups because the delegate issues still

exists and systemd currently does not support the cgroup feature set required

for containers run by docker

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.

Both the old, and new location are accepted by systemd 229 and up, so using the old location

to make them work for either version of systemd.

StartLimitBurst=3

Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.

Both the old, and new name are accepted by systemd 230 and up, so using the old name to make

this option work for either version of systemd.

StartLimitInterval=60s

Having non-zero Limit*s causes performance problems due to accounting overhead

in the kernel. We recommend using cgroups to do container-local accounting.

LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

Comment TasksMax if your systemd version does not support it.

Only systemd 226 and above support this option.

TasksMax=infinity

set delegate yes so that systemd does not reset the cgroups of docker containers

Delegate=yes

kill only the docker process, not all processes in the cgroup

KillMode=process
OOMScoreAdjust=-500

[Install]
WantedBy=multi-user.target
EOF
}

start_docker(){
systemctl daemon-reload
systemctl enable docker --now
docker info
}

main(){
prerun
echo "download docker binary file ..."
getent group docker || groupadd docker
get_docker
echo "config docker systemd file ..."
systemctlfile_docker
start_docker
}

main