Docker安装

本文最后更新于：2 年前

本地环境初始化

基础配置

yum install -y vim ntp rsync
yum install -y telnet bind-utils sysstat net-tools

grep -q 'www' /etc/security/limits.conf 
if [ $? -ne 0 ];then
tee -a /etc/security/limits.conf << EOF
root   -  nofile  40960
nginx  -  nofile  40960
apache -  nofile  40960
www    -  nofile  40960
service - nofile  40960
docker  - nofile  40960
EOF
fi

DNS

cat > /etc/resolv.conf << EOF
search openstacklocal
nameserver 10.0.1.136
nameserver 114.114.114.114
EOF

设置时区

1	`timedatectl set-timezone Asia/Shanghai`

加上本机 hosts 解析

1
2
3

host_name=`hostname`
host_ip=$(ip addr |grep inet | egrep -v 'inet6|docker|br-|127.0.0.1|lo:' | awk '/^[0-9]+: / {}; /inet.*global/ {print gensub(/(.*)\/(.*)/, "\\1", "g", $2)}' | head -n 1)
grep $host_name /etc/hosts || echo '' >> /etc/hosts && echo "${host_ip} ${host_name}" >> /etc/hosts

puppet配置

# rpm -qa | grep puppet-agent | xargs -I {} rpm -e {}

# cat /etc/redhat-release | grep -q "release 7"
# if [ $? -eq 0 ];then
#     # centos7
#     rsync -avz 10.0.1.133::webphp/puppet-agent-5.3.4-1.el7.x86_64.rpm /root/
#     rpm -ivh puppet-agent-5.3.4-1.el7.x86_64.rpm
# else
#     # centos6
#     rsync -avz 10.0.1.133::webphp/puppet-agent-5.3.4-1.el6.x86_64.rpm /root/
#     rpm -ivh puppet-agent-5.3.4-1.el6.x86_64.rpm
# fi

cat > /etc/puppetlabs/puppet/puppet.conf << EOF
[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig

server = ops-base.openstacklocal
runinterval = 300
show_diff = true
report = true

EOF

host_ip=$(ifconfig | grep inet | grep cast | awk '{print $2}' | awk -F: '{print $NF}' | head -1)
echo "$host_ip `hostname`" >> /etc/hosts

source /etc/profile.d/puppet-agent.sh

关闭防火墙和selinux

防火墙

1
2
3

firewall-cmd --state
systemctl stop firewalld.service
systemctl disable firewalld.service

selinux

1 2	`setenforce 0 sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config`

安装依赖包

1	`yum install -y yum-utils device-mapper-persistent-data lvm2 wget policycoreutils-python libseccomp container-selinux`

安装docker

1
2
3

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum -y install docker-ce-19.03.0

建立docker组和用户

1 2	`groupadd -g 666 docker; useradd docker -d /home/docker -g docker -u 666`

如果其他用户要运行 docker, 加入用户组

groupadd -g 500 www
useradd -u 500 -m -r -g www www
groupadd -g 551 service
useradd -u 551 -m -r -g service service
gpasswd -a www docker
gpasswd -a service docker

添加内核参数

tee -a /etc/sysctl.conf <<-EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
EOF

modprobe br_netfilter
sysctl -p

启动docker

systemctl restart docker

[ ! -d /root/.docker ] && mkdir /root/.docker
[ ! -d /home/docker/.docker ] && mkdir /home/docker/.docker
[ ! -d /home/www/.docker ] && mkdir /home/www/.docker
[ ! -d /home/service/.docker ] && mkdir /home/service/.docker

添加docker配置

cat > /root/.docker/config.json << EOF
{
    "auths": {
        "harbor.boss.com": {
            "auth": "YWRtaW46SGFyYm9yQDUwMGJvc3M="
        }
    },
    "HttpHeaders": {
        "User-Agent": "Docker-Client/19.03.4 (linux)"
    }
}
EOF

cat /root/.docker/config.json > /home/docker/.docker/config.json
cat /root/.docker/config.json > /home/service/.docker/config.json
cat /root/.docker/config.json > /home/www/.docker/config.json
chown -R docker.docker /home/docker/.docker
chown -R service.service /home/service/.docker
chown -R www.www /home/www/.docker

测试docker

1	`su docker -l -c 'docker run --rm harbor.boss.com/python37/helloword'`

设置开机启动

1	`systemctl enable docker && systemctl start docker && systemctl status docker`

centos

docker centos

wiki.js搭建自己的wiki 上一篇

Docker网络及docker-redis集群下一篇