文章目录
- 第一步:卸载原来的docker
- 第二步:下载docker安装包
- 第三步:进入到系统服务目录,创建docker服务文件
- 第四步:建立服务
- 第五步:编辑docker镜像资源代理
- 第六步:重启服务
- 第七步:检查docker是否启动成功
- 第八步:部署容器
- 第九步:放开18080端口,重启网络
- 第十步:重启服务器
- 第十一步:验证
- 结语:
麒麟系统如果安装docker不正确会导致容器无法正确访问或者映射到宿主机端口。但是有时候还存在不具备互联网网络环境、在线安装时没有资源、资源出错等问题,本文将介绍如何离线在麒麟系统上安装docker。
如果安装了docker先执行第一步卸载,否则跳过。
第一步:卸载原来的docker
bash
yum remove docker-*
第二步:下载docker安装包
访问这个网站,按照架构进入相应的目录,这台麒麟是arrch64架构。
https://download.docker.com/linux/static/stable
方法一:选择docker-26.1.4.tgz复制链接下载然后上传到麒麟系统中,解压并且移动解压出来的二进制文件到 /usr/bin 目录中。
bash
tar -zxvf docker-26.1.4.tgz
mv docker/* /usr/bin/
dockerd
方法二:使用wget下载到麒麟系统中,解压并且移动解压出来的二进制文件到 /usr/bin 目录中。
bash
wget https://download.docker.com/linux/static/stable/aarch64/docker-26.1.4.tgz
tar -zxvf docker-26.1.4.tgz
mv docker/* /usr/bin/
dockerd
第三步:进入到系统服务目录,创建docker服务文件
进入目录,创建docker.service文件
bash
cd /usr/lib/systemd/system
touch docker.service
使用 vim docker.service 配置服务内容为:
bash
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/dockerd $OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$INSECURE_REGISTRY
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
#============================================
cat > /etc/sysconfig/docker <<'EOF'
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--live-restore'
DOCKER_CERT_PATH=/etc/docker
# If you have a registry secured with https but do not have proper certs
# distributed, you can tell docker to not look for full authorization by
# adding the registry to the INSECURE_REGISTRY line and uncommenting it.
# INSECURE_REGISTRY='--insecure-registry'
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overridden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
EOF
#========================================================
cat > /etc/sysconfig/docker-storage <<'EOF'
# This file may be automatically generated by an installation program.
# By default, Docker uses a loopback-mounted sparse file in
# /var/lib/docker. The loopback makes it slower, and there are some
# restrictive defaults, such as 100GB max storage.
# If your installation did not set a custom storage for Docker, you
# may do it below.
# Example: Use a custom pair of raw logical volumes (one for metadata,
# one for data).
# DOCKER_STORAGE_OPTIONS = --storage-opt dm.metadatadev=/dev/mylogvol/my-docker-metadata --storage-opt dm.datadev=/dev/mylogvol/my-docker-data
DOCKER_STORAGE_OPTIONS=
EOF
#======================================================
cat > /etc/sysconfig/docker-network <<'EOF'
# /etc/sysconfig/docker-network
DOCKER_NETWORK_OPTIONS=
EOF
按下ESC输入:wq!保存退出
- 创建docker.socket,在当下目录中再创建一个文件docker.socket
bash
touch docker.socket
使用 vim docker.socket 配置服务内容为:
bash
[Unit]
Description=Docker Socket for the API
[Socket]
# If /var/run is not implemented as a symlink to /run, you may need to
# specify ListenStream=/var/run/docker.sock instead.
ListenStream=/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
按下ESC输入:wq!保存退出
第四步:建立服务
bash
ls /usr/lib/systemd/system/docker.service
第五步:编辑docker镜像资源代理
bash
sudo vim /etc/docker/daemon.json
配置内容
json
{
"builder": {
"gc": {
"defaultKeepStorage": "20GB",
"enabled": true
}
},
"experimental": false,
"registry-mirrors": [
"https://dockerproxy.com",
"https://mirror.baidubce.com",
"https://mirror.ccs.tencentyum.com",
"https://docker.m.daocloud.io",
"https://docker.nju.edu.cn",
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com",
"https://dockerhub.azk8s.cn",
"https://registry.cn-hangzhou.aliyuncs.com",
"https://dockerpull.com",
"https://docker.1panel.live",
"https://dockerproxy.cn",
"https://docker.hpcloud.cloud"
]
}
第六步:重启服务
bash
sudo systemctl daemon-reload
sudo systemctl start docker
sudo systemctl enable docker
第七步:检查docker是否启动成功
bash
systemctl status docker
第八步:部署容器
- 方法一:在线拉个镜像后启动一个容器,以onlyoffice为例
bash
docker pull onlyoffice/documentserver
docker run --name=onlyoffice-document-server -i -t -d -p 18080:80 --restart=always -e JWT_ENABLED=false onlyoffice/documentserver
- 方法二:也可用docker load 加载离线镜像后启动容器
bash
docker load onlyoffice-documentserver.tar
docker run --name=onlyoffice-document-server -i -t -d -p 18080:80 --restart=always -e JWT_ENABLED=false onlyoffice/documentserver
第九步:放开18080端口,重启网络
bash
sudo iptables -A INPUT -p tcp --dport 18080 -j ACCEPT
sudo service iptables save
sudo systemctl restart network
第十步:重启服务器
bash
reboot
第十一步:验证
结语:
通过上述一顿操作,麒麟系统就在离线情况下正确的安装了docker并正常的运行了onlyoffice容器。