解压部署

下载地址

https://download.docker.com/linux/static/stable/x86_64/

1
2
tar zxf docker-20.10.8.tgz
mv docker/* /usr/bin/

编辑docker配置文件

1
2
3
4
5
6
7
8
mkdir /etc/docker
cat > /etc/docker/daemon.json << EOF
{
"data-root": "/opt/docker",
"log-driver": "json-file",
"log-opts": {"max-size":"20m", "max-file":"3"}
}
EOF
1
2
3
4
registry-mirrors: 镜像加速器
insecure-registries: 私有仓库地址		
log-driver: 日志文件类型
log-opts: 日志文件存储方式(大小以及个数)

内核参数配置

1
2
3
4
5
6
7
8
vim /etc/sysctl.conf
# 加入如下
net.ipv4.ip_forward=1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1

sysctl -p

配置启动文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
cat > /usr/lib/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
# ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375
ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock
ExecReload=/bin/kill -s HUP
LimitNOFILE=65535
LimitNPROC=65535
LimitCORE=65535
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target
EOF

启动docker

1
2
3
4
5
6
systemctl daemon-reload
systemctl restart docker
systemctl enable docker

# 验证
docker info

关于Docker-compose

1
2
mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
chmod + /usr/bin/docker-compose

模版

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
version: "3"
services:
  srv_name:
    container_name: con_name
    image: docker.io/images
    restart: always
    # hostname: hostname
    network_mode: host
    # user: root
    # privileged: true
    ports:
      - 8080:8080
    volumes:
      - /etc/localtime:/etc/localtime
    # env_file:
    #  - ./.env
    environment:
      TZ: Asia/Shanghai
      JAVA_OPTS: "-Xms2048m -Xmx2048m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    sysctls:
      - net.core.somaxconn=4096
    command: "ping www.baidu.com"
    deploy:
      resources:
        limits:
           memory: 4G
        reservations:
           memory: 1G
    shm_size: '2gb' 
    logging:
      driver: "json-file"
      options:
        max-size: "20m"
        max-file: "5"
    networks:
      - BR1
networks:
  BR1:

解决镜像无法下载

  • 临时方案, 也可以自己搭建反代
1
在下载地址前加docker.m.daocloud.io/
1
docker run -it --rm --name alpine-test alpine:latest /bin/sh

普通用户启动docker

用户加入到docker分组

  • 以loan用户为例

创建用户

1
useradd loan

创建docker分组

1
groupadd docker

loan用户加入docker分组

1
usermod -G docker loan

修改systemd配置文件

  • 这一步可以让loan用户通过systemd启动docker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
vim /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy
修改部分60行左右
 59                 <defaults>
 60                         <allow_any>auth_admin</allow_any>
 61                         <allow_inactive>auth_admin</allow_inactive>
 62                         <allow_active>auth_admin_keep</allow_active>
 63                 </defaults>
 
 修改如下
  59                 <defaults>
 60                         <allow_any>yes</allow_any>
 61                         <allow_inactive>yes</allow_inactive>
 62                         <allow_active>yes</allow_active>
 63                 </defaults>