CentOS 7 中安装配置Docker
1. 通过下载 Binary 包安装 docker
在 CentOS 中,由于相关组件比较齐全,可直接下载 docker 的发布包直接启动,可以从下面的网页中找到下载链接:
https://docs.docker.com/install/linux/docker-ce/binaries/ https://download.docker.com/linux/static/stable/x86_64/
下载:
# curl -#O https://download.docker.com/linux/static/stable/`uname -m`/docker-17.12.1-ce.tgz
解压并 Copy 到/usr/bin/:
# tar xzvf docker-17.12.1-ce.tgz
# cp docker/* /usr/bin/
其他机器不用重复下载,sftp 到第一台机器直接 copy 过来:
#sftp [email protected]:/root/download/
sftp> get docker/*
sftp> exit
直接运行 dockerd
测试一下看能否成功启动 docker daemon: 
接下来需要把 dockerd 配置成系统服务自动启动。
参照官方文档:https://docs.docker.com/config/daemon/systemd/#manually-create-the-systemd-unit-files 从 https://github.com/moby/moby/tree/master/contrib/init/systemd 把 docker.service 和 docker.socket 下载到/etc/systemd/system/目录
# curl -o /etc/systemd/system/docker.service https://raw.githubusercontent.com/moby/moby/master/contrib/init/systemd/docker.service
# curl -o /etc/systemd/system/docker.socket https://raw.githubusercontent.com/moby/moby/master/contrib/init/systemd/docker.socket
# systemctl daemon-reload
# systemctl enable docker
然后通过# systemctl start docker 启动 docker 服务,如果在启动过程中遇到如下错误:
- Unit docker.socket has begun starting up.
3月 22 00:47:07 centos02 systemd[1148]: Failed to chown socket at step GROUP: No such process
3月 22 00:47:07 centos02 systemd[1]: docker.socket control process exited, code=exited status=216
3月 22 00:47:07 centos02 systemd[1]: Failed to listen on Docker Socket for the API.
-- Subject: Unit docker.socket has failed
请检查/etc/systemd/system/docker.socket 文件中配置的 SockerGroup 对应的组是否存在,如果不存在则通过# groupadd 添加后再启动 docker 服务��,从 github 上下载的 docker.socket 中配置的 SockerGroup 是 docker,需要先添加该 group:
# groupadd docker
然后再启动 docker 服务,启动成功:
docker 服务启动后,通过#docker version 查询 client 与 server 端版本信息:
其它自定义的 docker daemon 启动参数及环境变量可参考官方文档:https://docs.docker.com/config/daemon/systemd/, 通过 systemd drop-in 和 /etc/docker/daemon.json 配置。
2. 通过 yum repo 安装 docker
手动下载 binary 包的安装方式略显繁琐,通过 yum 安装的方式就会自动化和简单很多��:
a) 添加 yum repo
# tee /etc/yum.repos.d/docker.repo <<-'EOF'
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
EOF
b) 安装 docker
# yum install docker-engine
c) 启动 docker 服务并开机自动启动
# systemctl start docker
# systemctl enable docker
3. bridge-nf-call-iptables 问题
运行 docker info, 查看是否有提示 bridge-nf-call-iptables is disabled 和 bridge-nf-call-ip6tables is disabled 的 WARNNING:
# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 17.12.1-ce
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 9b55aab90508bd389d7654c4baf173a981477d55
runc version: 9f9c96235cc97674e935002fc3d78361b696a69e
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-862.2.3.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 991.7MiB
Name: centos01
ID: KL2R:7F52:M5SV:T3U7:GL3Y:UU6F:KGE2:DM3Y:STSY:MLEZ:XXEL:EWG3
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
通过添加以下配置解决:
# tee -a /etc/sysctl.conf <<-'EOF'
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
EOF
# sysctl -p
详细参见:关于 bridge-nf-call-iptables 的设计问题
3. 为 docker daemon 配置代理
有时候 docker 环境会运行在一个代理或防火墙内部,为了让 docker daemon 从外网 pull 镜像,就需要给 docker daemon 配置代理。有两种配置方式:
a) 通过 Service Drop-In 文件
例如我的代理地址为http://192.168.1.3:1080/:
# mkdir -p /etc/systemd/system/docker.service.d/
# tee /etc/systemd/system/docker.service.d/http-proxy.conf <<-'EOF'
[Service]
Environment="HTTP_PROXY=http://192.168.1.3:1080/" "HTTPS_PROXY=http://192.168.1.3:1080/" "NO_PROXY=192.168.1.1,192.168.1.3,192.168.1.11,192.168.1.12,192.168.1.13,192.168.1.14,192.168.1.99,127.0.0.1,localhost"
EOF
# systemctl daemon-reload
# systemctl restart docker
b) 修改/etc/systemd/system/docker.service 文件,在[Service]配置节添加 Environment:
[Service]
Environment="HTTP_PROXY=http://192.168.1.3:1080/" "HTTPS_PROXY=http://192.168.1.3:1080/" "NO_PROXY=192.168.1.1,192.168.1.3,192.168.1.11,192.168.1.12,192.168.1.13,192.168.1.14,192.168.1.99,127.0.0.1,localhost"
如果代理服务器需要认证,则配置格式为:http://username:[email protected]:1080/, 如果 username 或 password 中有特殊字符,则必须进行 encode。 如#要改成%23
c) 验证
# systemctl show --property Environment docker
Environment=HTTP_PROXY=http://192.168.1.3:1080/ HTTPS_PROXY=http://192.168.1.3:1080/ NO_PROXY=192.168.1.1,192.168.1.3,192.168.1.11,192.168.1.12,192.168.1.13,192.168.1.14,192.168.1.99,127.0.0.1,localhost
如果你的代理服务器是 HTTPS 的,有自己的 HTTPS 证书,那就更麻烦一些,你需要:
- 安装 ca-certificates 包
- 下载该 HTTPS 证书的 PEM 格式��,保存到指定目录(CentOS 是放在/etc/pki/ca-trust/source/anchors/, Ubuntu 是放在/usr/local/share/ca-certificates/)
- 执行命令刷新信任证书(CentOS 中执行 update-ca-trust, Ubuntu 中执行 update-ca-certificates)
详见:
4.其它配置参数
docker 服务还有很多其它参数可以通过 Drop-In, docker.service 或/etc/docker/daemon.json 进行配置,如添加一个本地镜像库,可以通过几种方式进行配置 :
a) 修改 docker.service 文件,在 dockerd 后面添加一个或多个--insecure-registry 192.168.1.3:10000
b) 修改/etc/docker/daemon.json,添加 insecure-registries 配置
{
"insecure-registries": ["192.168.1.3:10000"]
}
更新配置参数请参见:
https://docs.docker.com/engine/reference/commandline/dockerd/#daemon
https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
附:安装 docker-compose
# curl -L https://github.com/docker/compose/releases/download/1.21.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/bin/docker-compose
# chmod +x /usr/bin/docker-compose
# docker-compose --version
docker-compose version 1.21.0, build 5920eb0
最新 Community 19.3.2 的安装方法
# yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
# yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
# yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
# yum list docker-ce --showduplicates | sort -r
# yum install docker-ce docker-ce-cli containerd.io
