systemctl stop firewalld
systemctl disable firewalld
编辑sysctl.conf文件,开启IPv4转发:echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
将SELinux设置为Permissive模式或直接关闭:setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
1.4 重启服务器以使SELinux配置生效(可选):scp dockers.zip user@server:/desired/destination
解压dockers.zip,移除原文件,设置解压文件权限:unzip dockers.zip && rm -rf dockers.zip && chmod 755 *
5.1 配置containerd的service文件创建并写入containerd.service文件:cat >/etc/systemd/system/containerd.service <<EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
cat >/etc/systemd/system/docker.service <<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containd.service
Wants=network-online.target
Requires=docker.socket containd.service
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
EOF
cat >/etc/systemd/system/docker.socket <<EOF
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
5.4 配置docker的daemon.json文件mkdir -p /etc/docker
cat >/etc/docker/daemon.json <<EOF
{
//使用systemd作为cgroup驱动,推荐与现代Linux发行版的默认设置一致
"exec-opts":["native.cgroupdriver=systemd"],
//配置镜像加速器,加速国内访问DockerHub的镜像拉取速度
"registry-mirrors":[
"https://docker.mirrors.ustc.edu.cn",//中国科学技术大学镜像源
"http://hub-mirror.c.163.com"//网易镜像源
],
//设置不安全的私有镜像仓库地址,适用于没有配置HTTPS的镜像仓库
"insecure-registries":["10.251.134.189"],
//设置最大并发下载数,提高镜像拉取的效率
"max-concurrent-downloads":10,
//配置日志驱动为json-file,便于查看容器运行日志
"log-driver":"json-file",
//设置日志的详细程度,"warn"表示仅记录警告及以上级别的日志
"log-level":"warn",
//配置日志选项:限制单个日志文件大小为10MB,最多保留3个文件
"log-opts":{
"max-size":"10m",
"max-file":"3"
},
//设置Docker数据存储路径,默认值为/var/lib/docker
"data-root":"/var/lib/docker"
}
EOF
6.1 启动containerd服务并设置开机自启systemctl enable --now containerd.service
6.3 启动Docker服务和Socket并设置开机自启systemctl enable --now docker.socketsystemctl enable --now docker.service
6.5 再次设置Docker服务开机自启(确保配置无误)systemctl status dockersystemctl status containerd