实际项目开发过程中,环境大多是全内网环境,无法连接互联网。这样docker就不能yum在线联网安装,所需要的镜像也不能在线pull下载,这时就需要进行离线安装docker及镜像。
1. 下载docker二进制安装文件
离线安装docker,需要下载docker的安装文件。
地址:https://download.docker.com/linux/static/stable/x86_64/
我下载的版本是[docker-19.03.9.tgz],文件不大,只有60M左右。
2. 离线docker安装
[root@node01 ~]#tar -xvf docker-19.03.9.tgz
[root@node01 ~]#cp docker/* /usr/bin/
# 将docker注册为service
[root@node01 ~]#vim /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --graph=/apps/data/docker
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
[root@node01 ~]#
# 编辑 /etc/sysctl.conf,添加三行
[root@node01 ~]#vim /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
[root@node01 ~]#sysctl -p
[root@node01 ~]#systemctl daemon-reload
[root@node01 ~]#systemstl start docker
# 设置开机启动
[root@node01 ~]#systemctl enable docker.service
# 验证安装是否成功
[root@node01 ~]#docker info
[root@node01 ~]#
2.1 安装脚本install.sh
#!/bin/sh
## Usage: sh install.sh docker-17.03.2-ce.tgz
echo '解压tar包...'
tar -xvf $1
echo '将docker目录移到/usr/bin目录下...'
cp docker/* /usr/bin/
echo '将docker.service 移到/etc/systemd/system/ 目录...'
cp docker.service /etc/systemd/system/
echo '添加文件权限...'
chmod +x /etc/systemd/system/docker.service
echo '重新加载配置文件...'
systemctl daemon-reload
echo '启动docker...'
systemctl start docker
echo '设置开机自启...'
systemctl enable docker.service
echo 'docker安装成功...'
docker -v
2.2 卸载脚本uninstall.sh
#!/bin/sh
echo '删除docker.service...'
rm -f /etc/systemd/system/docker.service
echo '删除docker文件...'
rm -rf /usr/bin/docker*
echo '重新加载配置文件'
systemctl daemon-reload
echo '卸载成功...'
3. 离线镜像文件导入
内网环境没法pull镜像,但是docker本身可以将已有的镜像导出成tar文件,并且可以再次导入到docker,利用这一点,可以实现离线镜像文件的下载。
# 将java 8的镜像导出成tar文件
[root@node01 ~]#docker save java:8 -o java.tar
# 镜像导入命令
[root@node01 ~]#docker load -i java.tar
4. 影响Docker的环境变量参数文件
/etc/docker/daemon.json
cat /etc/docker/daemon.json
{
"data-root": "/data/docker",
"exec-opts": ["native.cgroupdriver=cgroupfs"],
"registry-mirrors": [
"https://3v68smwd.mirror.aliyuncs.com",
"http://hub-mirror.c.163.com"
],
"insecure-registries": [""],
"max-concurrent-downloads": 10,
"live-restore": true,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "50m",
"max-file": "1"
},
"storage-driver": "overlay2"
}
/etc/systemd/system/docker.service.d/http-proxy.conf
cat http-proxy.conf
[Service]
Environment="HTTPS_PROXY=http://192.168.1.100:1080/" "HTTP_PROXY=http://192.168.1.100:1080/" "NO_PROXY=localhost,127.0.0.1"
网友评论