二进制安装docker

docker 有很多种安装方式：yum 源、rpm 包、便携脚本。这里介绍另一种方式，使用二进制压缩包安装。

Here we go!!!

（1）准备 Docker CE 二进制包
下载地址：https://download.docker.com/linux/static/stable/x86_64/

这里我们选择最新的：
docker-20.10.21.tgz 2022-10-25 20:57:32 62.9 MiB
下载命令：

wget -c https://download.docker.com/linux/static/stable/x86_64/docker-20.10.21.tgz
1
（2）解压
root用户操作：

tar -zxvf docker-20.10.21.tgz 
1
改变权限：

chown root:root docker/* 
1
解压后的文件如下：

[root@Node01 ~]# ll docker/*
-rwxr-xr-x. 1 root root 38995448 Oct 26 02:03 docker/containerd
-rwxr-xr-x. 1 root root  7446528 Oct 26 02:03 docker/containerd-shim
-rwxr-xr-x. 1 root root  9646080 Oct 26 02:03 docker/containerd-shim-runc-v2
-rwxr-xr-x. 1 root root 20750336 Oct 26 02:03 docker/ctr
-rwxr-xr-x. 1 root root 48047088 Oct 26 02:03 docker/docker
-rwxr-xr-x. 1 root root 57789848 Oct 26 02:03 docker/dockerd
-rwxr-xr-x. 1 root root   765808 Oct 26 02:03 docker/docker-init
-rwxr-xr-x. 1 root root  2555160 Oct 26 02:03 docker/docker-proxy
-rwxr-xr-x. 1 root root 13847864 Oct 26 02:03 docker/runc
1
2
3
4
5
6
7
8
9
10
（3）复制二进制文件
将解压后的二进制文件复制到目录“/usr/bin”下：

cp -p docker/* /usr/bin/ 
1
说明：参数-p保持原来的属性。

（4）创建用户组
执行以下命令创建用户组：

groupadd docker 
1
（5）检查命令是否生效
执行以下命令查看版本：

docker version 
1
参考结果：
Client:
Version: 20.10.21
API version: 1.41
Go version: go1.18.7
Git commit: baeda1f
Built: Tue Oct 25 17:56:30 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

（6）配置相关服务文件
参考文件：docker.socket、 containerd.service、 docker.service

6.1 docker.socket
tee /usr/lib/systemd/system/docker.socket <<EOF
[Unit]
Description=Docker Socket for the API

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
EOF
1
2
3
4
5
6
7
8
9
10
11
12
13
6.2 containerd.service
tee /usr/lib/systemd/system/containerd.service <<EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5

# Having non-zero Limit*s causes performance problems due to accounting overhead

# in the kernel. We recommend using cgroups to do container-local accounting.

LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity

# Comment TasksMax if your systemd version does not supports it.

# Only systemd 226 and above support this version.

TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target
EOF

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
6.3 docker.service
tee /usr/lib/systemd/system/docker.service <<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service

[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

StartLimitBurst=3

StartLimitInterval=60s

LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

TasksMax=infinity

Delegate=yes

KillMode=process
OOMScoreAdjust=-500

[Install]
WantedBy=multi-user.target
EOF

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
（7）启用 dockerd 服务：
启动 dockerd 服务进程。

systemctl enable docker.service 
1
查看状态：

 systemctl is-enabled docker.socket docker.service containerd.service 
1
分别是：disabled、enabled、disabled

启动：

systemctl start docker.service 
1
查看状态：

systemctl status docker.socket docker.service containerd.service 
1
一条命令搞定启用和运行：

systemctl enable --now docker.service 
1
（8）检验
查看进程：

ps aux | grep docker 
1
结果参考：

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 7497 0.3 0.9 1271336 36944 ? Ssl 08:05 0:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 7636 0.0 0.0 112812 984 pts/0 R+ 08:07 0:00 grep --color=auto docker

通过运行镜像“hello-world”来验证 Docker Engine 是否正确安装。

sudo docker run hello-world 
1
这个命令下载一个测试镜像，并在容器中运行它。当容器运行时，它打印出一条消息并退出。

运行结果：

Unable to find image ‘hello-world:latest’ locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:faa03e786c97f07ef34423fccceeec2398ec8a5759259f94d99078f264e9d7af
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:

The Docker client contacted the Docker daemon.
The Docker daemon pulled the “hello-world” image from the Docker Hub.
(amd64)
The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash