背景描述
项目需要在研发环境虚拟机上安装docker部署应用。
所在的服务器是一个内网,无法访问到外网环境。
服务器OS版本是 麒麟V10 linux
安装docker
安装包下载
获取所需版本的docker binary包,官方链接https://download.docker.com/linux/static/stable/x86_64/.
我下载的是docker-26.1.4.tgz版本
解压压缩包,并把文件放在/usr/bin/
tar -zxvf docker-26.1.4.tgz
sudo cp docker/* /usr/bin/
新增用户组 docker。其他用户需要有docker的执行权限,只需将用户加入docker用户组即可
$ sudo groupadd docker
$ sudo usermod -aG docker $USER
编写docker.service文件,放到目录/etc/systemd/system
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
启动docker service,并设置开机自启动
$ sudo chmod +x /etc/systemd/system/docker.service
$ sudo systemctl daemon-reload
$ sudo systemctl start docker
$ sudo systemctl enable docker
验证
sudo systemctl status docker
使用docker ps命令报错
[appadmin@iomapp ~]$ docker ps
permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.45/containers/json": dial unix /var/run/docker.sock: connect: permission denied
检查是否将用户加入docker用户组,并且需要重新登录用户才能生效。
保存镜像进行打包,在另一台服务上使用
docker save -o nginx_latestx86.tar nginx:lastest
在另一台服务器上,docker加载tar包
docker load -i nginx_latestx86.tar
测试启动nginx镜像,但是启动后访问nginx无反应参考