用二进制文件安装Docker
wandoubaba / 2024-11-08
说明
本文在Debian12系统上直接通过二进制安装docker(包括docker compose和docker buildx),适用于离线场景。
本文操作过程都是在root用户下完成的。
系统依赖
- 64位环境
- Linux kernel版本3.10以上
- iptables版本1.4以上
- git版本1.7以上
- ps
- xz-utils版本4.9以上
- 正确的cgroupfs层次结构
准备二进制文件
先在可以连接互联网的环境下载安装包(截至文本发布时,docker的最新版本是27.3.1)
sh
# docker、containerd等
curl -L -O https://download.docker.com/linux/static/stable/x86_64/docker-27.3.1.tgz
# docker compose
curl -L -O https://github.com/docker/compose/releases/download/v2.30.1/docker-compose-linux-x86_64
# docker buildx
curl -L -O https://github.com/docker/buildx/releases/download/v0.18.0/buildx-v0.18.0.linux-amd64然后以各种各样的方式把二进制安装包复制到目标环境中。
安装过程
复制docker文件
sh
tar zxvf docker-27.3.1.tgz
cp docker/* /usr/local/bin/注册系统服务
containerd.service
sh
vim /etc/systemd/system/containerd.service内容如下:
sh
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.targetdocker.service
sh
vim /etc/systemd/system/docker.service内容
sh
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target containerd.service
Wants=containerd.service
[Service]
# 启动 Docker 之前尝试加载overlay模块
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/dockerd
# 服务类型
Type=notify
# 允许 Docker 处理自己的 cgroup
Delegate=yes
# 结束方式
KillMode=process
# 总是重启 Docker,以确保它在崩溃时自动重启
Restart=always
# 重启间隔
RestartSec=5
# 此项用于定义 Docker 进程可以创建的最大进程数
LimitNPROC=infinity
# 核心转储限制
LimitCORE=infinity
# 打开的文件描述符限制
LimitNOFILE=1048576 # 可以设置为更高的值以支持更多的并发连接
# 最大任务数限制
TasksMax=infinity
# OOM得分调整
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target启动服务并设置开机自启
sh
systemctl enable --now containerd
systemctl enable --now docker安装docker compose
截至本文发布时,docker compose的最新版本是2.30.1,以下命令适用于amd64平台,其他平台请到https://github.com/docker/compose/releases去找对应的二进制包。
sh
mkdir -p /usr/local/lib/docker/cli-plugins
cp docker-compose-linux-x86_64 \/usr/local/lib/docker/cli-plugins/docker-compose
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose安装docker buildx
截至本文发布时,docker buildx的最新版本是0.18.0,以下命令适用于amd64平台,其他平台请到https://github.com/docker/buildx/releases对找对应的二进制包。
sh
cp buildx-v0.18.0.linux-amd64 /usr/local/lib/docker/cli-plugins/docker-buildx
chmod +x /usr/local/lib/docker/cli-plugins/docker-buildx
docker buildx install配置网络
sh
echo "br_netfilter" | sudo tee /etc/modules-load.d/br_netfilter.conf
bash -c 'echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1" > /etc/sysctl.d/bridge.conf && modprobe br_netfilter'
vim /etc/systemd/system/sysctl-bridge.servicesysctl-bridge.service的文件内容:
sh
[Unit]
Description=Apply sysctl settings for bridge netfilter
Before=docker.service
WantedBy=multi-user.target
[Service]
Type=oneshot
ExecStart=/sbin/sysctl -p /etc/sysctl.d/bridge.conf
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target让配置生效:
sh
systemctl enable --now sysctl-bridge.service
sysctl -p /etc/sysctl.d/bridge.conf
systemctl restart docker配置镜像仓库地址
纯离线环境又没有私有仓库的话,这一步做不做没什么区别。
sh
mkdir /etc/docker
vim /etc/docker/daemon.json文件内容:
json
{
"registry-mirrors": [
"https://registry.docker-cn.com",
"https://docker.mirrors.ustc.edu.cn",
"https://dockerhub.azk8s.cn",
"http://hub-mirror.c.163.com"
]
}生效
sh
systemctl daemon-reload
systemctl restart docker结果确认
执行docker info后应该可以看到下面的结果:
sh
Client:
Version: 27.3.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.18.0
Path: /usr/local/lib/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.30.1
Path: /usr/local/lib/docker/cli-plugins/docker-compose
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 27.3.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
runc version: v1.1.14-0-g2c9f560
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.1.0-23-amd64
Operating System: Debian GNU/Linux 12 (bookworm)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.698GiB
Name: ten01
ID: f3c00e60-7eee-4b53-97a6-b1937701c3b1
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://registry.docker-cn.com/
https://docker.mirrors.ustc.edu.cn/
https://dockerhub.azk8s.cn/
http://hub-mirror.c.163.com/
Live Restore Enabled: false
Product License: Community Engine