Install Docker CE 17.03.2 on Cen

在CentOS 6.6 内核2.6 上装Docker CE 17.03.2, 总算跑起来，主要有两点

1.需要升级kernel到3.10，如果需要overlay存储方式需要升到kernel4.4版本
2.Docker 二进制方式安装
3.cAdvisor选择v0.27.4版本

---

大体流程如下

0.check

uname -sr
Linux 2.6.32-504.el6.x86_64

cat /etc/issue
CentOS release 6.9 (Final)

wget https://raw.githubusercontent.com/moby/moby/master/contrib/check-config.sh
bash check-config.sh

modprobe nf_nat
modprobe iptable_nat

1. create docker group

sudo groupadd docker
sudo gpasswd -a root docker
sudo usermod -aG docker root
newgrp - docker

2. add cgroup into /etc/fstab

cat <<EOF >>/etc/fstab
none        /sys/fs/cgroup        cgroup        defaults    0    0
EOF

3. modify sysctl

cat <<EOF >>/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.ip_local_port_range=32768 65535
EOF

sysctl -p

4. update kernel to 3.10 with aufs patch

install aufs patch to avoid cgroup device bus error and iptables related issue

wget http://www.hop5.in/yum/el6/kernel-ml-aufs-3.10.5-3.el6.x86_64.rpm
wget  http://www.hop5.in/yum/el6/kernel-ml-aufs-devel-3.10.5-3.el6.x86_64.rpm
rpm -ivh kernel-ml-aufs-3.10.5-3.el6.x86_64.rpm
rpm -ivh kernel-ml-aufs-devel-3.10.5-3.el6.x86_64.rpm

5. update kernel to 4.4

wget https://mirrors.tuna.tsinghua.edu.cn/elrepo/kernel/el6/x86_64/RPMS/kernel-lt-4.4.151-1.el6.elrepo.x86_64.rpm
wget https://mirrors.tuna.tsinghua.edu.cn/elrepo/kernel/el6/x86_64/RPMS/kernel-lt-devel-4.4.151-1.el6.elrepo.x86_64.rpm
rpm -ivh kernel-lt-4.4.151-1.el6.elrepo.x86_64.rpm
rpm -ivh kernel-lt-devel-4.4.151-1.el6.elrepo.x86_64.rpm

or

wget https://mirrors.tuna.tsinghua.edu.cn/elrepo/kernel/el6/x86_64/RPMS/kernel-ml-4.18.4-1.el6.elrepo.x86_64.rpm
wget https://mirrors.tuna.tsinghua.edu.cn/elrepo/kernel/el6/x86_64/RPMS/kernel-ml-devel-4.18.4-1.el6.elrepo.x86_64.rpm
rpm -ivh kernel-ml-4.18.4-1.el6.elrepo.x86_64.rpm
rpm -ivh kernel-ml-devel-4.18.4-1.el6.elrepo.x86_64.rpm

6. switch kernel to 4.4 and reboot

sed -i 's/^default=1/default=0/'  /etc/grub.conf

7. install Docker CE 17.03.2

wget https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/docker-17.03.2-ce.tgz
tar -zxvf docker-17.03.2-ce.tgz
mv -f docker/* /usr/bin

8. create docker daemon settting /etc/docker/daemon.json

mkdir -p /etc/docker
cat <<EOF >/etc/docker/daemon.json
{
    "hosts": [
        "tcp://0.0.0.0:2375",
        "unix:///var/run/docker.sock"
     ],
    "debug": true,
    "log-driver": "json-file",
    "log-level": "false",
    "experimental": true,
    "metrics-addr": "0.0.0.0:1337",
    "selinux-enabled": false,
    "registry-mirrors": [
        "https://registry.docker-cn.com",
        "http://f631e5c5.m.daocloud.io"
    ],
    "insecure-registries":[
        "gcr.io",
        "quay.io",
        "registry.cn-hangzhou.aliyuncs.com",
        "10.194.11.253",
        "10.194.11.253:5000",
        "registry.dev.crfchina.com:5000"
    ],
    "exec-opts": [
        "native.cgroupdriver=cgroupfs"
    ],
    "graph": "/localdisk/docker/graph",
    "storage-driver": "overlay2",
    "storage-opts": [ "overlay2.override_kernel_check=true" ],
    "live-restore": false
}

EOF

9.create service docker

/etc/init.d/docker or /etc/rc.d/init.d/docker

cat <<EOF >/etc/init.d/docker
#!/bin/sh
#
#       /etc/rc.d/init.d/docker
#
#       Daemon for docker.com
#
# chkconfig:   2345 95 95
# description: Daemon for docker.com

### BEGIN INIT INFO
# Provides:       docker
# Required-Start: $network cgconfig
# Required-Stop:
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop:  0 1 6
# Short-Description: start and stop docker
# Description: Daemon for docker.com
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

prog="dockerd"
exec="/usr/bin/$prog"
pidfile="/var/run/$prog.pid"
lockfile="/var/lock/subsys/$prog"
logfile="/var/log/$prog.log"

[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
[ -e /etc/sysconfig/$prog-storage ] && . /etc/sysconfig/$prog-storage

prestart() {
    service cgconfig status > /dev/null

    if [[ $? != 0 ]]; then
        service cgconfig start
    fi

}

start() {
    if [ ! -x $exec ]; then
      if [ ! -e $exec ]; then
        echo "Docker executable $exec not found"
      else
        echo "You do not have permission to execute the Docker executable $exec"
      fi          
      exit 5
    fi

    check_for_cleanup

    if ! [ -f $pidfile ]; then
        prestart
        printf "Starting $prog:\t"
        echo "\n$(date)\n" >> $logfile
        $exec --pidfile=$pidfile &>> $logfile &
        pid=$!
        touch $lockfile
        # wait up to 10 seconds for the pidfile to exist.  see
        # https://github.com/docker/docker/issues/5359
        tries=0
        while [ ! -f $pidfile -a $tries -lt 10 ]; do
            sleep 1
            tries=$((tries + 1))
        done
        success
        echo
    else
        failure
        echo
        printf "$pidfile still exists...\n"
        exit 7
    fi
}

stop() {
    echo -n $"Stopping $prog: "
    killproc -p $pidfile -d 300 $prog
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    stop
    start
}

reload() {
    restart
}

force_reload() {
    restart
}

rh_status() {
    status -p $pidfile $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}


check_for_cleanup() {
    if [ -f ${pidfile} ]; then
        /bin/ps -fp $(cat ${pidfile}) > /dev/null || rm ${pidfile}
    fi
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
        restart
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
        exit 2
esac

exit $?

EOF

10. start and enable docker service

chmod a+x /etc/init.d/docker
chkconfig --add /etc/init.d/docker
chkconfig docker on

service docker start 
service docker status

---

以下步骤不是必须

11. start cAdvisor container

docker run --restart=always --volume=/:/rootfs:ro --volume=/var/run:/var/run:rw --volume=/sys:/sys:ro --volume=/var/lib/docker/:/var/lib/docker:ro --publish=4033:8080 --detach=true --name=cadvisor google/cadvisor:v0.27.4

12. install Python 2.7.13 and docker-compose

yum install -y openssl openssl-devel
wget --no-check-certificate https://www.python.org/ftp/python/2.7.13/Python-2.7.13.tgz
tar -zxvf Python-2.7.13.tgz
cd Python-2.7.13
./configure
make && make install


wget https://bootstrap.pypa.io/get-pip.py 
/usr/local/bin/python get-pip.py

pip install --upgrade pip -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host=mirrors.aliyun.com

pip install --upgrade docker-compose -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host=mirrors.aliyun.com

13. reference

http://www.cnblogs.com/cuizhipeng/p/4380653.html
http://seanlook.com/2014/10/26/docker-installed-centos6-successfully/

---

14.后续

依然会有cgroup的错误

[root@localhost Python-2.7.13]# /etc/init.d/cgconfig status
Stopped
[root@localhost Python-2.7.13]# /etc/init.d/cgconfig start
Starting cgconfig service: Error: cannot mount cpuset to /cgroup/cpuset: Device or resource busy
/sbin/cgconfigparser; error loading /etc/cgconfig.conf: Cgroup mounting failed
Failed to parse /etc/cgconfig.conf or /etc/cgconfig.d      [FAILED]
[root@localhost Python-2.7.13]# 

cgroup讲解

https://wiki.archlinux.org/index.php/cgroups

mkdir -p /cgroup/cpuacct /cgroup/memory /cgroup/devices /cgroup/freezer net_cls /cgroup/blkio


cat /etc/cgconfig.conf |tail|grep "="|awk '{print "mount -t cgroup -o",$1,$1,$NF}' | bash



/etc/init.d/cgconfig restart



/etc/init.d/docker restart 


sudo cgcreate -g memory,cpu,blkio,cpuset:userlimited
cgconfigparser -l /etc/cgconfig.conf