一、下载安装包:
地址:https://download.docker.com/linux/static/stable/x86_64/
这里本人选择安装docker-19.03.9.tgz
二、创建属组docker
groupadd docker 三、创建用户dock
useradd -m -d /data/dock dock 四、把用户dock加入docker组
gpasswd -a dock docker 五、编辑文件
[root@c78-mini-template system]# cat docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd --graph /data/dockerdata ExecReload=/bin/kill -s HUP $MAINPID # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process # restart the docker process if it exits prematurely Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target [root@c78-mini-template system]# cat docker.socket [Unit] Description=Docker Socket for the API [Socket] # If /var/run is not implemented as a symlink to /run, you may need to # specify ListenStream=/var/run/docker.sock instead. ListenStream=/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target 六、安装
[root@c78-mini-template dock]# tar zxvf docker-19.03.9.tgz [root@c78-mini-template dock]# cp docker/* /usr/bin 七、配置服务
把上述的docker.socket docker.service拷贝至/etc/systemd/system,docker数据路径可以在docker.service的ExecStart=/usr/bin/dockerd --graph /data/dockerdata修改
[root@c78-mini-template dock]# systemctl start docker [root@c78-mini-template dock]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service. 八、禁用SELINUX
如果不禁用或者不改为Permissive,会出现如下错误:
[root@c78-mini-template dock]# setenforce 1 [root@c78-mini-template dock]# docker run -d -p 80:80 hello-world 9220087e17b42af42c7c5f0eaa64fec00dc06c72db9bcede6431f1506474e417 docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown. [root@c78-mini-template dock]# setenforce 0 [root@c78-mini-template dock]# docker run -d -p 80:80 hello-world 572329f15045d8ee815d368b9c11b1e694e00f0d42b0d7d63f860b71056936e8 # 禁用 sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config 如果需要即时生效(重启后会按/etc/selinux/config):
setenforce 0 [root@c78-mini-template dock]# su - dock #非root也可以 上一次登录:三 7月 15 00:13:34 CST 2020pts/0 上 [dock@c78-mini-template ~]$ docker run -d -p 80:80 hello-world c1396f31886e57474fd392b83144d0d5d2addb4efef5c527a7d5199749a13034