docker的离线安装
一、离线yum源安装
参考:https://xyz.uscwifi.xyz/post/docker-duo-jie-duan-gou-jian-chi-xian-yum-yuan-xiu-gai/
二、二进制文件安装
下载地址:
https://download.docker.com/linux/static/stable/x86_64/
https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/
参考:https://docs.docker.com/install/linux/docker-ce/binaries/
docker github提供的service文件和socket文件:https://github.com/moby/moby/tree/master/contrib/init/systemd(使用默认这两个文件需要手动创建docker组)
参考脚本:
[root@k8s-master1 shell]# cat docker.sh
#!/bin/sh
command_exists() {
command -v "$@" > /dev/null 2>&1
}
if ! command_exists docker; then
set -x
tar --strip-components=1 -xvzf ../docker/docker.tgz -C /usr/bin
cp ../conf/docker.service /usr/lib/systemd/system/docker.service
systemctl enable docker.service
systemctl restart docker.service
storage=${1:-/var/docker/lib}
harbor_ip=${2:-127.0.0.1}
mkdir -p $storage
cat > /etc/docker/daemon.json << eof
{
"registry-mirrors": [
"http://373a6594.m.daocloud.io"
],
"insecure-registries":
["$harbor_ip"],
"graph":"${storage}"
}
eof
systemctl restart docker.service
docker version
fi
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
sysctl -w net.ipv4.ip_forward=1
systemctl stop firewalld && systemctl disable firewalld
三、二进制安装测试
# wget https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/docker-19.03.5.tgz -O
[root@k8s-node2 docker]# tree -C .
.
├── docker-19.03.5.tgz
├── docker.service
└── docker.sh
# 安装脚本
[root@k8s-node2 docker]# cat docker.sh
#!/bin/sh
FILE_NAME=docker-19.03.5.tgz
command_exists() {
command -v "$@" > /dev/null 2>&1
}
if ! command_exists docker; then
set -x
tar --strip-components=1 -xvzf ./${FILE_NAME} -C /usr/bin
cp ./docker.service /usr/lib/systemd/system/docker.service
systemctl daemon-reload
systemctl enable docker.service
systemctl restart docker.service
storage=${1:-/var/docker/lib}
harbor_ip=${2:-127.0.0.1}
mkdir -p $storage
cat > /etc/docker/daemon.json << eof
{
"registry-mirrors": [
"http://373a6594.m.daocloud.io"
],
"insecure-registries":
["$harbor_ip"],
"graph":"${storage}"
}
eof
systemctl restart docker.service
docker version
fi
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl --system
sysctl -w net.ipv4.ip_forward=1
systemctl stop firewalld && systemctl disable firewalld
# service文件
[root@k8s-node2 docker]# cat docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
# 安装
[root@k8s-node2 docker]# bash docker.sh
# 测试
[root@k8s-node2 docker]# docker run --rm hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:4fe721ccc2e8dc7362278a29dc660d833570ec2682f4e4194f4ee23e415e1064
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
补充:
docker在安装时会将FORWARD默认规则置为DROP,看了马哥的k8s教程,kubeasz的教程,都是修改docker.service文件,将FORWARD链规则置为ACCEPT。并加上我之间在安装了docker的机器部署kvm,发现虚拟机一直拿不到IP,都是FORWARD惹的祸,于是,建议修改,上面的service没有体现,下面将方法贴出来
