接上篇 《记一次centos挂载ceph存储的坑》 服务器重做了centos7.5版本的操作系统,剩下就是ref="/12234.html">安装docker,考虑yum安装耗时较长,我一般都是直接安装二进制版本docker包,下面我们看下如何离线部署docker
安装步骤 国际惯例,看说明书选版本说明书传送门:https://docs.docker.com/engine/install/binaries/
里面有一项比较重要的说明:
不过我们已经升级了centos7.5, 看了一下内核版本
uname -r 3.10.0-862.el7.x86_64看着没有什么问题,docker二进制包下载地址:https://download.docker.com/linux/static/stable/x86_64/ ,挑来挑去,准备装前个版本最后的stable版本:docker-19.03.9.tgz,这个版本我们用的也比较多
安装步骤解压压缩包
建个目录,我的是/home/docker,把压缩文件放在目录里,执行 tar zxvf docker-19.03.9.tgz
生成docker服务文件
cat > /etc/systemd/system/docker.service <<"EOF" [Unit] Description=Docker Application Container Engine Documentation=http://docs.docker.io [Service] Environment="PATH=http://www.likecs.com/home/docker/docker:/bin:/sbin:/usr/bin:/usr/sbin" ExecStart=http://www.likecs.com/home/docker/docker/dockerd --log-level=error -H unix:///var/run/docker.sock ExecReload=http://www.likecs.com/bin/kill -s HUP $MAINPID Restart=on-failure RestartSec=5 LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target EOF生成docker配置文件
sudo iptables -P FORWARD ACCEPT mkdir -p /etc/docker/ cat > /etc/docker/docker-daemon.json <<EOF { "insecure-registries":["192.xx.xx.8:5000","registry.xxx.com"], "registry-mirrors": ["https://jk4bb75a.mirror.aliyuncs.com", "https://docker.mirrors.ustc.edu.cn"], "max-concurrent-downloads": 20 } EOF启动docker
systemctl stop firewalld && systemctl disable firewalld /usr/sbin/iptables -F && /usr/sbin/iptables -X && /usr/sbin/iptables -F -t nat && /usr/sbin/iptables -X -t nat /usr/sbin/iptables -P FORWARD ACCEPT systemctl daemon-reload && systemctl enable docker && systemctl restart docker for intf in /sys/devices/virtual/net/docker0/brif/*; do echo 1 > $intf/hairpin_mode; done export PATH=http://www.likecs.com/home/docker/docker/:$PATHPS: export PATH=http://www.likecs.com/home/docker/docker/:$PATH 可以写到/etc/profile文件中
确认docker是否正常
systemctl status docker.service 查看docker状态,确保是running。
如果有问题,修改service文件,然后重启
systemctl daemon-reload && systemctl restart docker.service一切看起来是十分的完美,国际惯例,没病走两步,运行hello-world试下:
docker run hello-world docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown. ERRO[0000] error waiting for container: context canceledFirst WTF!
OCI runtime create failed 问题定位与解决 官网文档里搜一把传送门:https://docs.docker.com/
随便点开几个看了一下,系统版本不一样,但是说的都是一个事,操作系统内核版本和docker版本不对应,升级内核或降低版本,不是说好的 3.10 内核版本是可以的吗?都正常启动了
降版本至docker-18.09.9,仍然失败下载docker-18.09.9.tgz,解压覆盖docker文件夹,直接重启即可
一切看起来是十分的完美,没病走两步,运行hello-world试下:
Double WTF!
降版本至docker-18.06.3下载docker-18.06.3-ce.tgz,解压覆盖docker文件夹,直接重启即可
docker run --rm hello-world Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/令人亲切的hello-world终于出来了
总结