0%

Dokcer-CE & Docker Compose 安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/sh

# 下载Compose二进制
curl -L https://github.com/docker/compose/releases/download/1.28.4/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose



# 安装 Docker 程序
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum makecache fast
yum -y install docker-ce

# 如果在 CentOS8 上面提示 containerd.io 版本不匹配请尝试手动安装 containerd.io
dnf install https://download.docker.com/linux/centos/8/x86_64/stable/Packages/containerd.io-1.4.3-3.1.el8.x86_64.rpm


# 添加 Docker 镜像服务器
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": [
"https://ustc-edu-cn.mirror.aliyuncs.com/",
"https://hub-mirror.c.163.com/"
]
}
EOF



# 开启TSL远程连接
# 准备证书请参阅 https://6xyun.cn/article/94
# 生成证书之后上传到 /etc/docker/ 目录下
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": [
"https://ustc-edu-cn.mirror.aliyuncs.com/",
"https://hub-mirror.c.163.com/"
],
"hosts":["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"],
"tlsverify":true,
"tlscacert":"/etc/docker/ca.crt",
"tlscert":"/etc/docker/server.crt",
"tlskey":"/etc/docker/server.key"
}
EOF

# 测试证书配置
docker --tlsverify --tlscacert=/etc/docker/ca.crt --tlscert=/etc/docker/server.crt --tlskey=/etc/docker/server.key -H tcp://127.0.0.1:2376 version

# 如果修改后服务无法启动, 首先检查 JSON 格式,
# 然后就是去掉 service 里面的 -H fd://,
# 这个和上面的 JSON 冲突, 修改后再重启即可
sed -i "s? -H fd://??" /usr/lib/systemd/system/docker.service



# 设置自启 & 重新启动服务
systemctl enable docker
systemctl daemon-reload
systemctl restart docker

# 删除没有 tag 的镜像
docker images --all | grep none | awk '{print $3 }' | xargs docker rmi
echo > /var/log/wtmp
echo > /var/log/btmp

# 开启防火墙 NAT 转发(在 CentOS8 上 Docker会出现服务之间无法通信)
# https://github.com/docker/for-linux/issues/957
firewall-cmd --add-masquerade --permanent
firewall-cmd --reload

引用

  • 本文作者: 6x
  • 本文链接: https://6xyun.cn/article/90
  • 版权声明: 本博客所有文章除特别声明外,均采用 BY-NC-ND 许可协议。转载请注明出处!