二进制安装docker
1.二进制安装
[root@centos7 opt]#pwd
/opt
[root@centos7 opt]#tar xvf docker-20.10.7.tgz
[root@centos7 opt]#cp docker/* /usr/bin/
2.containerd.service:
[root@centos7 docker]#cat /lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
[root@centos7 docker]#systemctl enable containerd &systemctl start containerd &systemctl status containerd
[1] 18266
[2] 18267
● centos7.9.huizhi.com
State: running
Jobs: 0 queued
Failed: 0 units
Since: 一 2022-08-29 16:57:10 CST; 16h ago
CGroup: /
├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
├─user.slice
│ └─user-0.slice
│ ├─session-24.scope
│ │ ├─17295 sshd: root@pts/0
│ │ ├─17300 -bash
│ │ ├─18266 systemctl enable containerd
│ │ ├─18267 systemctl start containerd
│ │ ├─18268 systemctl status
│ │ ├─18269 /usr/bin/systemd-tty-ask-password-agent --watch
│ │ ├─18270 /usr/bin/pkttyagent --notify-fd 5 --fallback
│ │ ├─18271 less
│ │ └─18272 /usr/bin/pkttyagent --notify-fd 5 --fallback
│ └─session-1.scope
│ ├─ 669 login -- root
│ └─1223 -bash
└─system.slice
├─autodeploy.service
│ └─938 /usr/java/jdk1.8.0_25/bin/java -jar -Dserver.port=7788 -Dspring.config.location=/usr/aav/application.yml /usr/aav/AAV.jar
├─rsyslog.service
│ └─925 /usr/sbin/rsyslogd -n
├─nginx.service
│ ├─968 nginx: master process /usr/local/nginx/sbin/ngin
│ └─969 nginx: worker process
├─tuned.service
│ └─923 /usr/bin/python2 -Es /usr/sbin/tuned -l -P
├─sshd.service
│ └─922 /usr/sbin/sshd -D
├─mysqld.service
│ └─1157 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
├─redis.service
│ └─970 /usr/redis6/bin/redis-server 127.0.0.1:6379
├─crond.service
lines 1-39Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
│ └─662 /usr/sbin/crond -n
├─systemd-logind.service
│ └─660 /usr/lib/systemd/systemd-logind
├─NetworkManager.service
│ └─659 /usr/sbin/NetworkManager --no-daemon
[1]- 完成 systemctl enable containerd
[2]+ 完成 systemctl start containerd
[root@centos7 docker]#
3.docker.service:
[root@centos7 docker]#groupadd docker
[root@centos7 docker]#cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
[root@centos7 docker]#systemctl enable docker.service &systemctl start docker.service &systemctl status docker.service
4.docker.socket
[root@centos7 docker]#vim /lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
[root@centos7 docker]#systemctl enable docker.socket &systemctl start docker.socket &systemctl status docker.socket
[root@centos7 docker]#vim /var/log/messages
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.525401860+08:00" level=info msg="loading plugin \"io.containerd.grpc.v1.snapshots\"..." type=io.containerd.grpc.v1
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.525497356+08:00" level=info msg="loading plugin \"io.containerd.grpc.v1.tasks\"..." type=io.containerd.grpc.v1
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.525537758+08:00" level=info msg="loading plugin \"io.containerd.grpc.v1.version\"..." type=io.containerd.grpc.v1
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.525568774+08:00" level=info msg="loading plugin \"io.containerd.grpc.v1.cri\"..." type=io.containerd.grpc.v1
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.525850175+08:00" level=info msg="Start cri plugin with config {PluginConfig:{ContainerdConfig:{Snapshotter:overlayfs DefaultRuntimeName:runc DefaultRuntime:{Type: Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:<nil> PrivilegedWithoutHostDevices:false BaseRuntimeSpec:} UntrustedWorkloadRuntime:{Type: Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:<nil> PrivilegedWithoutHostDevices:false BaseRuntimeSpec:} Runtimes:map[runc:{Type:io.containerd.runc.v2 Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:0xc000378e70 PrivilegedWithoutHostDevices:false BaseRuntimeSpec:}] NoPivot:false DisableSnapshotAnnotations:true DiscardUnpackedLayers:false} CniConfig:{NetworkPluginBinDir:/opt/cni/bin NetworkPluginConfDir:/etc/cni/net.d NetworkPluginMaxConfNum:1 NetworkPluginConfTemplate:} Registry:{Mirrors:map[docker.io:{Endpoints:[https://registry-1.docker.io]}] Configs:map[] Auths:map[] Headers:map[]} ImageDecryption:{KeyModel:} DisableTCPService:true StreamServerAddress:127.0.0.1 StreamServerPort:0 StreamIdleTimeout:4h0m0s EnableSelinux:false SelinuxCategoryRange:1024 SandboxImage:k8s.gcr.io/pause:3.2 StatsCollectPeriod:10 SystemdCgroup:false EnableTLSStreaming:false X509KeyPairStreaming:{TLSCertFile: TLSKeyFile:} MaxContainerLogLineSize:16384 DisableCgroup:false DisableApparmor:false RestrictOOMScoreAdj:false MaxConcurrentDownloads:3 DisableProcMount:false UnsetSeccompProfile: TolerateMissingHugetlbController:true DisableHugetlbController:true IgnoreImageDefinedVolumes:false} ContainerdRootDir:/var/lib/containerd ContainerdEndpoint:/run/containerd/containerd.sock RootDir:/var/lib/containerd/io.containerd.grpc.v1.cri StateDir:/run/containerd/io.containerd.grpc.v1.cri}"
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.526006295+08:00" level=info msg="Connect containerd service"
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.526207907+08:00" level=info msg="Get image filesystem path \"/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs\""
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.557832065+08:00" level=error msg="failed to load cni during init, please check CRI plugin status before setting up network for pods" error="cni config load failed: no network config found in /etc/cni/net.d: cni plugin not initialized: failed to load cni config"
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.557924382+08:00" level=info msg="loading plugin \"io.containerd.grpc.v1.introspection\"..." type=io.containerd.grpc.v1
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558395545+08:00" level=info msg="Start subscribing containerd event"
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558497432+08:00" level=info msg="Start recovering state"
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558604679+08:00" level=info msg="Start event monitor"
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558620822+08:00" level=info msg="Start snapshots syncer"
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558630591+08:00" level=info msg="Start cni network conf syncer"
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558636935+08:00" level=info msg="Start streaming server"
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.559598224+08:00" level=info msg=serving... address=/run/containerd/containerd.sock.ttrpc
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.559732301+08:00" level=info msg=serving... address=/run/containerd/containerd.sock
Aug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.560614623+08:00" level=info msg="containerd successfully booted in 0.149650s"
Aug 30 09:46:53 centos7 systemd: Started containerd container runtime.
Aug 30 09:59:10 centos7 systemd: Reloading.
Aug 30 10:01:01 centos7 systemd: Started Session 25 of user root.
Aug 30 10:01:59 centos7 systemd: Reloading.
Aug 30 10:08:30 centos7 systemd: Reloading.
Aug 30 10:08:31 centos7 systemd: Starting Docker Socket for the API.
Aug 30 10:08:31 centos7 systemd: Listening on Docker Socket for the API.
Aug 30 10:08:42 centos7 systemd: Closed Docker Socket for the API.
Aug 30 10:08:42 centos7 systemd: Stopping Docker Socket for the API.
Aug 30 10:08:42 centos7 systemd: Starting Docker Socket for the API.
Aug 30 10:08:42 centos7 systemd: Listening on Docker Socket for the API.
5.测试
[root@centos7 opt]#docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.7
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.952GiB
Name: centos7.9.huizhi.com
ID: 7IT7:OOLW:FGPK:6CWP:EIVM:TZRM:WHVW:ILGJ:FTVW:NQRE:WOUD:GPUN
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
执行docker info出现如下警告
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
解决办法:
[root@centos7 opt]#vi /etc/sysctl.conf
添加以下内容
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
最后再执行(root)
[root@centos7 opt]#sysctl -p
[root@centos7 opt]#docker info
[root@centos7 opt]#docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.7
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.952GiB
Name: centos7.9.huizhi.com
ID: 7IT7:OOLW:FGPK:6CWP:EIVM:TZRM:WHVW:ILGJ:FTVW:NQRE:WOUD:GPUN
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
[root@centos7 opt]#docker version
Client:
Version: 20.10.7
API version: 1.41
Go version: go1.13.15
Git commit: f0df350
Built: Wed Jun 2 11:51:04 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: b0f5bc3
Built: Wed Jun 2 11:55:29 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.4.6
GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc:
Version: 1.0.0-rc95
GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
docker-init:
Version: 0.19.0
GitCommit: de40ad0
0 Comments