灬小肥狗灬
1
灬小肥狗之家灬

【原创】二进制方式离线安装docker

创建docker组并将普通用户alfd加入docker组

groupadd -g 980 docker
usermod -aG docker alfd

检查是否成功创建并添加

cat /etc/group | grep docker

解包离线docker二进制文件包,并将docker目录下的文件复制到/usr/bin/下

tar zxvf docker*.tgz
\cp -f docker/* /usr/bin/

在/etc/systemd/system下创建docker.service文件,并给该文件赋权0755

vi /etc/systemd/system/docker.service
chmod 0755 /etc/systemd/system/docker.service

在docker.service内写入内容

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
Group=docker
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --selinux-enabled=false
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

重载systemctl单元文件、设置开机自启并启动docker,并检查启动是否正常

RHEL7

systemctl daemon-reload
systemctl enable docker
systemctl start docker
systemctl status docker

RHEL8

systemctl daemon-reload
systemctl enable --now docker
systemctl status docker

切换到普通用户,验证能否使用docker

su - alfd
docker ps

踩坑1:二进制文件的SELiunx安全上下文

如果开启了SELinux,为确保二进制文件的安全上下文为unconfined_u:object_r:bin_t:s0而不是unconfined_u:object_r:default_t:s0,务必使用cp命令而不是mv命令,否则执行systemctl start docker.servie时会失败,同时执行journalctl -xe可以看到如下错误

docker.service: Failed at step EXEC spawning /usr/bin/dockerd: Permission denied

如果已经用mv移动了二进制文件,请重新执行第三步

小技巧

在本次实践中get的小技巧

将ls列出的文件从/usr/bin下删除

ls | xargs -I {} rm /usr/bin/{}

参考资料:

  1. linux – Failed at step EXEC spawning… Permission denied – Server Fault
  2. Linux xargs 命令 | 菜鸟教程

灬小肥狗灬

文章作者

发表回复

textsms
account_circle
email

8 − 4 =

灬小肥狗之家灬

【原创】二进制方式离线安装docker
创建docker组并将普通用户alfd加入docker组 groupadd -g 980 docker usermod -aG docker alfd 检查是否成功创建并添加 cat /etc/group | grep docker 解包离线docker二进制文件包,并将do…
扫描二维码继续阅读
2022-11-14