在CentOS 8上安装Docker CE
发表于:2024-10-28 作者:千家信息网编辑
千家信息网最后更新 2024年10月28日,更新系统# docker 官方还没8的yum源如果使用7的源安装也可以不过会有报错,当然可以忽略报错。这里使用二进制安装# 开启PowerToolssed -i "s/enabled=0/enable
千家信息网最后更新 2024年10月28日在CentOS 8上安装Docker CE
更新系统
# docker 官方还没8的yum源如果使用7的源安装也可以不过会有报错,当然可以忽略报错。这里使用二进制安装# 开启PowerToolssed -i "s/enabled=0/enabled=1/" /etc/yum.repos.d/CentOS-PowerTools.repodnf update -ydnf install -y lvm2 device-mapper-persistent-data dnf-utils# 关闭SELinuxsetenforce 0sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
创建docker组
groupadd docker
下载docker二进制包
wget https://download.docker.com/linux/static/stable/x86_64/docker-19.03.5.tgz
解压二进制包
tar -xvf docker-19.03.5.tgzcp docker/* /usr/bin/
配置containerd
# 生成containerd 配置mkdir -p /etc/containerdcontainerd config default >/etc/containerd/config.toml# 生成启动文件cat > /usr/lib/systemd/system/containerd.service << EOF[Unit]Description=containerd container runtimeDocumentation=https://containerd.ioAfter=network.target[Service]ExecStartPre=-/sbin/modprobe overlayExecStart=/usr/bin/containerdKillMode=processDelegate=yesLimitNOFILE=1048576# Having non-zero Limit*s causes performance problems due to accounting overhead# in the kernel. We recommend using cgroups to do container-local accounting.LimitNPROC=infinityLimitCORE=infinityTasksMax=infinity[Install]WantedBy=multi-user.targetEOF
配置docker
# 创建docker 配置文件mkdir /etc/dockercat > /etc/docker/daemon.json << EOF{ "max-concurrent-downloads": 20, "data-root": "/apps/docker", "exec-root": "/apps/docker", "log-driver": "json-file", "bridge": "docker0", # 如果使用外部网络插件可以修改为"bridge": "none", "oom-score-adjust": -1000, "debug": false, "log-opts": { "max-size": "100M", "max-file": "10" }, "default-ulimits": { "nofile": { "Name": "nofile", "Hard": 1024000, "Soft": 1024000 }, "nproc": { "Name": "nproc", "Hard": 1024000, "Soft": 1024000 }, "core": { "Name": "core", "Hard": -1, "Soft": -1 } }}EOF# 创建docker sock 启动cat > /usr/lib/systemd/system/docker.socket << EOF[Unit]Description=Docker Socket for the APIPartOf=docker.service[Socket]ListenStream=/var/run/docker.sockSocketMode=0660SocketUser=rootSocketGroup=docker[Install]WantedBy=sockets.targetEOF# 创建docker 启动文件cat > /usr/lib/systemd/system/docker.service << EOF[Unit]Description=Docker Application Container EngineDocumentation=https://docs.docker.comBindsTo=containerd.serviceAfter=network-online.target firewalld.service containerd.serviceWants=network-online.targetRequires=docker.socket[Service]Type=notify# the default is not to use systemd for cgroups because the delegate issues still# exists and systemd currently does not support the cgroup feature set required# for containers run by dockerExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sockExecReload=/bin/kill -s HUP \$MAINPIDTimeoutSec=0RestartSec=2Restart=always# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.# Both the old, and new location are accepted by systemd 229 and up, so using the old location# to make them work for either version of systemd.StartLimitBurst=3# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make# this option work for either version of systemd.StartLimitInterval=60s# Having non-zero Limit*s causes performance problems due to accounting overhead# in the kernel. We recommend using cgroups to do container-local accounting.LimitNOFILE=infinityLimitNPROC=infinityLimitCORE=infinity# Comment TasksMax if your systemd version does not support it.# Only systemd 226 and above support this option.TasksMax=infinity# set delegate yes so that systemd does not reset the cgroups of docker containersDelegate=yes# kill only the docker process, not all processes in the cgroupKillMode=process[Install]WantedBy=multi-user.targetEOF# 刷新systemdsystemctl daemon-reload# 开机启动dockersystemctl enable docker.service# 启动dockersystemctl start docker.service
测试docker
# 查看docker及依赖插件状态[root@localhost ~]# systemctl status containerd.service● containerd.service - containerd container runtime Loaded: loaded (/usr/lib/systemd/system/containerd.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2019-11-26 10:50:43 CST; 2h 50min ago Docs: https://containerd.io Main PID: 2659 (containerd) Tasks: 21 Memory: 21.4M CGroup: /system.slice/containerd.service └─2659 /usr/bin/containerdNov 26 10:50:43 localhost.localdomain containerd[2659]: time="2019-11-26T10:50:43.449730600+08:00" level=info msg="Start snapshots syncer"Nov 26 10:50:43 localhost.localdomain containerd[2659]: time="2019-11-26T10:50:43.449755222+08:00" level=info msg="Start streaming server"[root@localhost ~]# systemctl status docker.socket● docker.socket - Docker Socket for the API Loaded: loaded (/usr/lib/systemd/system/docker.socket; disabled; vendor preset: disabled) Active: active (running) since Tue 2019-11-26 10:50:43 CST; 2h 50min ago Listen: /var/run/docker.sock (Stream) Tasks: 0 (limit: 204655) Memory: 24.0K CGroup: /system.slice/docker.socketNov 26 10:50:43 localhost.localdomain systemd[1]: Starting Docker Socket for the API.Nov 26 10:50:43 localhost.localdomain systemd[1]: Listening on Docker Socket for the API.[root@localhost ~]# systemctl status docker.service● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2019-11-26 10:50:44 CST; 2h 50min ago Docs: https://docs.docker.com Main PID: 2660 (dockerd) Tasks: 24 Memory: 76.0M CGroup: /system.slice/docker.service └─2660 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sockNov 26 10:50:44 localhost.localdomain systemd[1]: Started Docker Application Container Engine.Nov 26 10:52:41 localhost.localdomain dockerd[2660]: time="2019-11-26T10:52:41.060293930+08:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"# 查看docker版本号[root@localhost ~]# docker versionClient: Docker Engine - Community Version: 19.03.5 API version: 1.40 Go version: go1.12.12 Git commit: 633a0ea838 Built: Wed Nov 13 07:22:05 2019 OS/Arch: linux/amd64 Experimental: falseServer: Docker Engine - Community Engine: Version: 19.03.5 API version: 1.40 (minimum version 1.12) Go version: go1.12.12 Git commit: 633a0ea838 Built: Wed Nov 13 07:28:45 2019 OS/Arch: linux/amd64 Experimental: false containerd: Version: v1.2.10 GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339 runc: Version: 1.0.0-rc8+dev GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 docker-init: Version: 0.18.0 GitCommit: fec3683 # 查看docker info [root@localhost ~]# docker infoClient: Debug Mode: falseServer: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 2 Server Version: 19.03.5 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 4.18.0-80.11.2.el8_0.x86_64 Operating System: CentOS Linux 8 (Core) OSType: linux Architecture: x86_64 CPUs: 12 Total Memory: 31.25GiB Name: localhost.localdomain ID: BEN6:67IU:RIDY:42JB:T7AO:G465:OFBY:CLXV:AVWY:XIDG:SRJK:C2VZ Docker Root Dir: /apps/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false Product License: Community Engine# 测试容器是否能成功启动docker run --rm hello-world[root@localhost ~]# docker run --rm hello-worldHello from Docker!This message shows that your installation appears to be working correctly.To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal.To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bashShare images, automate workflows, and more with a free Docker ID: https://hub.docker.com/For more examples and ideas, visit: https://docs.docker.com/get-started/ # 测试网络是否联通 docker run --rm -ti juestnow/net-tools [root@localhost ~]# docker run --rm -ti juestnow/net-tools/ # route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0/ # ping www.qq.comPING www.qq.com (14.18.175.154): 56 data bytes64 bytes from 14.18.175.154: seq=0 ttl=52 time=13.685 ms64 bytes from 14.18.175.154: seq=1 ttl=52 time=7.925 ms^C--- www.qq.com ping statistics ---2 packets transmitted, 2 packets received, 0% packet lossround-trip min/avg/max = 7.925/10.805/13.685 ms/ # dig www.qq.com; <<>> DiG 9.14.8 <<>> www.qq.com;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4470;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;www.qq.com. IN A;; ANSWER SECTION:www.qq.com. 260 IN CNAME public.sparta.mig.tencent-cloud.net.public.sparta.mig.tencent-cloud.net. 152 IN A 113.96.232.215;; Query time: 10 msec;; SERVER: 192.168.1.169#53(192.168.1.169);; WHEN: Tue Nov 26 05:43:57 UTC 2019;; MSG SIZE rcvd: 138# 能正常上网
安装docker-compose
curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-composechmod +x /usr/local/bin/docker-compose
配置
二进制
测试
文件
生成
成功
官方
容器
插件
版本
状态
系统
网络
更新
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
湖北企业软件开发价钱是多少
濮阳县优质课数据库
万方数据库查看原文
读取手机文件数据库的软件
乌海市零基础app软件开发培训
双鸭山开放式服务器机柜
xls服务器
某软件开发企业适用税率
网络安全方面招聘套路
机构编制实名制数据库结构名录
万方数据库官网免费查重
惠山区智能软件开发定制价格
穿越火线怎么提升服务器人数
员工、合作伙伴数据库
联通公司网络安全自查报告
天津医疗软件开发
网络安全制度咨询公司
中央网络安全和信息...
联想服务器ts150管理口
双电源服务器同时供电
阜阳系统软件开发多少钱
如何创建一个数据库的连接
网络安全咨询服务项目
网络技术的利弊英文作文
魔兽世界无尽风暴服务器怎么样
如何发送数据库
软件开发者研究报告
服务器负载均衡装置
网络安全专业适合出国读博吗
企业者 数据库连接失败