极客时间运维进阶训练营第一周作业----使用linux系统安装docker
使用yum/apt安装
ubuntu自带的源里面有docke.io,这个是Debian团队维护的docker,我们用官方团队维护的docker-ce。
打开阿里云的docker-ce镜像站(https://developer.aliyun.com/mirror/docker-ce),页面上有centos和ubuntu的安装命令,根据自己的系统复制粘贴即可。
使用源码安装
源码包下载地址(https://download.docker.com/linux/static/stable/x86_64/)
这里我使用的是张士杰老师提供的安装脚本,解压后得到以下文件
先来看一下安装脚本
root@docker2:/usr/local/src/docker# cat docker-install.sh
#!/bin/bash
DIR=`pwd`
PACKAGE_NAME="docker-20.10.19.tgz" \\这里是安装包的名称,如果更新了新的版本需要下载好源码包后修改这各变量的值
DOCKER_FILE=${DIR}/${PACKAGE_NAME}
#read -p "请输入使用docker server的普通用户名称,默认为docker:" USERNAME \\创建一个用户,在这里输入一个用户名
if test -z ${USERNAME};then
USERNAME=docker
fi
ubuntu_install_docker(){ \\定义ubuntu系统安装docker的函数
grep "Ubuntu" /etc/issue &> /dev/null \\检查是否为ubuntu系统
if [ $? -eq 0 ];then
/bin/echo "当前系统是`cat /etc/issue`,即将开始系统初始化、配置docker-compose与安装docker" && sleep 1
\cp ${DIR}/limits.conf /etc/security/limits.conf \\优化limit参数
\cp ${DIR}/sysctl.conf /etc/sysctl.conf \\优化内核参数
/bin/tar xvf ${DOCKER_FILE} \\解压docker源码包
\cp docker/* /usr/bin \\将解压出来的文件复制到/usr/bin目录中
mkdir /etc/docker && \cp daemon.json /etc/docker \\将docker的配置文件放到docker的配置文件目录(/etc/docker)中
\cp containerd.service /lib/systemd/system/containerd.service \\containerd服务的文件,启动container服务需要这个文件
\cp docker.service /lib/systemd/system/docker.service \\docker服务,启动docker服务需要这个文件
\cp docker.socket /lib/systemd/system/docker.socket \\docker套接字文件
\cp ${DIR}/docker-compose-Linux-x86_64_1.28.6 /usr/bin/docker-compose
groupadd docker && useradd docker -r -m -s /sbin/nologin -g docker \\新建docker用户
id -u ${USERNAME} &> /dev/null
if [ $? -ne 0 ];then
groupadd -r ${USERNAME}
useradd -r -m -s /bin/bash -g ${USERNAME} ${USERNAME}
usermod ${USERNAME} -G docker
else
usermod ${USERNAME} -G docker
fi
install_success_info \\如果以上步骤执行没问题的话会输出docker安装成功的信息,启动docker及相关服务并将其设为开机自启动
fi
}
centos_install_docker(){
grep "Kernel" /etc/issue &> /dev/null
if [ $? -eq 0 ];then
/bin/echo "当前系统是`cat /etc/redhat-release`,即将开始系统初始化、配置docker-compose与安装docker" && sleep 1
systemctl stop firewalld && systemctl disable firewalld && echo "防火墙已关闭" && sleep 1
systemctl stop NetworkManager && systemctl disable NetworkManager && echo "NetworkManager" && sleep 1
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux && setenforce 0 && echo "selinux 已关闭" && sleep 1
\cp ${DIR}/limits.conf /etc/security/limits.conf
\cp ${DIR}/sysctl.conf /etc/sysctl.conf
/bin/tar xvf ${DOCKER_FILE}
\cp docker/* /usr/bin
mkdir /etc/docker && \cp daemon.json /etc/docker
\cp containerd.service /lib/systemd/system/containerd.service
\cp docker.service /lib/systemd/system/docker.service
\cp docker.socket /lib/systemd/system/docker.socket
\cp ${DIR}/docker-compose-Linux-x86_64_1.28.6 /usr/bin/docker-compose
groupadd docker && useradd docker -s /sbin/nologin -g docker
id -u ${USERNAME} &> /dev/null
if [ $? -ne 0 ];then
useradd ${USERNAME}
usermod ${USERNAME} -G docker
else
usermod ${USERNAME} -G docker
fi
install_success_info
fi
}
install_success_info(){
/bin/echo "正在启动docker server并设置为开机自启动!"
systemctl enable containerd.service && systemctl restart containerd.service
systemctl enable docker.service && systemctl restart docker.service
systemctl enable docker.socket && systemctl restart docker.socket
sleep 0.5 && /bin/echo "docker server安装完成,欢迎进入docker世界!" && sleep 1
}
main(){
centos_install_docker
ubuntu_install_docker
}
main
再看一下脚本中用到的几个文件
root@docker2:/usr/local/src/docker# cat /etc/docker/daemon.json
{
"graph": "/var/lib/docker", \\设置容器存放路径
"storage-driver": "overlay2", \\设置使用的存储引擎
"insecure-registries": ["harbor.magedu.com","harbor.myserver.com","172.31.7.105"], \\设置镜像仓库
"registry-mirrors": ["https://9916w1ow.mirror.aliyuncs.com"], \\设置镜像仓库加速地址
"exec-opts": ["native.cgroupdriver=systemd"], \\设置Cgroup Driver,docker默认使用的是cgroupfs,kubernets推荐使用systemd。
"live-restore": false, \\是否开启活动重启(重启docker-daemon不管不容器)
"log-opts": { \\配置日志选项,这里配置的意思是单个日志文件100M切割一次,保留5个日志文件
"max-file": "5",
"max-size": "100m"
}
}
root@docker2:/usr/local/src/docker# cat /etc/security/limits.conf \\limit参数优化,根据实际情况配置 * soft core unlimited * hard core unlimited * soft nproc 1000000 * hard nproc 1000000 * soft nofile 1000000 * hard nofile 1000000 * soft memlock 32000 * hard memlock 32000 * soft msgqueue 8192000 * hard msgqueue 8192000
root@docker2:/usr/local/src/docker# cat /etc/sysctl.conf \\内核参数优化 net.ipv4.ip_forward=1 \\这个一定要打开 vm.max_map_count=262144 kernel.pid_max=4194303 fs.file-max=1000000 net.ipv4.tcp_max_tw_buckets=6000 net.netfilter.nf_conntrack_max=2097152 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 vm.swappiness=0
root@docker2:/usr/local/src/docker# cat docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com BindsTo=containerd.service After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process [Install] WantedBy=multi-user.target
root@docker2:/usr/local/src/docker# cat containerd.service [Unit] Description=containerd container runtime Documentation=https://containerd.io After=network.target local-fs.target [Service] ExecStartPre=-/sbin/modprobe overlay ExecStart=/usr/bin/containerd Type=notify Delegate=yes KillMode=process Restart=always # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNPROC=infinity LimitCORE=infinity LimitNOFILE=1048576 # Comment TasksMax if your systemd version does not supports it. # Only systemd 226 and above support this version. TasksMax=infinity [Install] WantedBy=multi-user.target
root@docker2:/usr/local/src/docker# cat docker.socket
[Unit]
Description=Docker Socket for the API
PartOf=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
root@docker2:/usr/local/src/docker# cat docker.socket
[Unit]
Description=Docker Socket for the API
PartOf=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
最后验证一下docker的安装和配置
Client:
Context: default
Debug Mode: false
Server:
Containers: 0\\当前主机运行的容器总数
Running: 0\\有几个容器是正在运行的
Paused: 0\\有几个容器是暂停的
Stopped: 0\\有几个容器是停止的
Images: 0\\当前服务器的镜像数
Server Version: 20.10.19\\服务端版本
Storage Driver: overlay2\\当前使用的存储引擎
Backing Filesystem: extfs\\后端文件系统,即服务器的磁盘文件系统
Supports d_type: true\\是否支持d_type
Native Overlay Diff: true\\是否支持差异数据存储
userxattr: false\\是否在挂载文件系统启用对扩展用户属性的支持(如文件的 mime 类型、字符集或编码)
Logging Driver: json-file\\日志类型
Cgroup Driver: systemd\\Cgroups类型,19.03及之前为Cgroups
Cgroup Version: 2\\Cgroup 版本
Plugins:\\插件
Volume: local\\支持的卷插件
Network: bridge host ipvlan macvlan null overlay\\ overlay跨主机通信
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog\\日志类型
Swarm: inactive\\是否支持swarm
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux\\已安装的容器运行时
Default Runtime: runc\\默认使用的容器运行时
Init Binary: docker-init\\初始化容器的守护进程,即pid为1的进程
containerd version: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6\\版本
runc version: v1.1.4-0-g5fd4c4d1\\ runc版本
init version: de40ad0\\init版本
Security Options:\\安全选项
apparmor\\安全模块, https://docs.docker.com/engine/security/apparmor/
seccomp\\审计(操作),https://docs.docker.com/engine/security/seccomp/
Profile: default\\默认的配置文件
cgroupns
Kernel Version: 5.15.0-52-generic\\宿主机内核版本
Operating System: Ubuntu 22.04.1 LTS\\宿主机操作系统
OSType: linux\\宿主机操作系统类型
Architecture: x86_64\\宿主机架构
CPUs: 2\\宿主机CPU数量
Total Memory: 3.799GiB\\宿主机总内存
Name: docker2\\宿主机hostname
ID: IPFH:QO4K:CR4K:2S5J:5WZO:AFYO:USCO:J672:BD4X:SOEI:4XXX:BUMS\\宿主机ID
Docker Root Dir: /var/lib/docker\\宿主机数据保存目录
Debug Mode: false\\client端是否开启debug
Registry: https://index.docker.io/v1/\\镜像仓库
Labels:\\其他标签
Experimental: false\\是否测试版
Insecure Registries:\\非安全的镜像仓库
172.31.7.105
harbor.magedu.com
harbor.myserver.com
127.0.0.0/8
Registry Mirrors:
https://9916w1ow.mirror.aliyuncs.com/
Live Restore Enabled: false\\是否开启活动重启(重启docker-daemon不关闭容器)
Product License: Community Engine
