银河麒麟V10安装docker

1. 在线安装    

    最近在做的一个信创项目使用的操作系统是银河麒麟高级服务器V10，在安装docker时，会遇到下面的错误。

nothing provides fuse-overlayfs >= 0.7 needed by docker-ce-rootless-extras-20.10.0-3.el7.x86_64

        经过分析，以下依赖包是centos系统中的包，所以需要给kylinos创建一个合适的centos源。经过实验，Kylin Linux Advanced Server V10对centos 7的兼容性更好，所以本次以添加centos7源为例进行说明。

# 添加阿里云centos 7源
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# 添加阿里云docker源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 定义yum变量，原因是在麒麟服务器操作系统V10中，$releasever默认是10，而我们需要使用centos7的镜像源，如果不修正，yum会报40X错误。
echo "7" > /etc/yum/vars/centos_version
# 修改repo版本
sed -i 's/$releasever/$centos_version/g' /etc/yum.repos.d/docker-ce.repo
sed -i 's/$releasever/$centos_version/g' /etc/yum.repos.d/CentOS-Base.repo
# 刷新缓存
yum makecache

以上是以安装docker为例进行说明，在线安装其他软件的国产中，可能也会出现类似的情况，请根据实际情况调整。

2. 离线安装

离线安装包下载地址：Index of linux/static/stable/https://download.docker.com/linux/static/stable/

前往以上地址下载，相应架构（arm或x86）下所需要的docker版本，本次以docker-20.10.24版本为例。下载完成后，上传至服务器，解压后将docker目录下的二进制文件copy至/usr/bin/目录下。

经过实践验证，在银河麒麟V10 SP3版本中，操作系统自带的/usr/local/bin/runc 会与docker20.10.24版本中的runc 冲突 ，将其备份后删除，并用docker的runc将其替代即可。

tar -zxvf docker-20.10.24.tgz
cd docker
cp * /usr/bin/.

制作service启动文件：

vi /usr/lib/systemd/system/docker.service

以下为 docker.service的内容：

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
# Requires=docker.socket containerd.service

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500

[Install]
WantedBy=multi-user.target

3. 配置文件

mkdir -p /etc/docker

配置镜像加速、docker目录等配置：

cat >> /etc/docker/daemon.json << EOF
{
    "registry-mirrors": ["http://hub-mirror.c.163.com"],
    "data-root":"/data/docker"
}
EOF

注意：在云环境中安装docker时，还要根据实际情况调整docker默认网段，避免与宿主机网段相冲突导致的网络故障，通过以下配置调整：

    "default-address-pools": [
      {
        "base": "172.17.0.0/16",
        "size": 24
      }
    ]

4. 配置自启动

刷新daemon、设置自启动、检查版本信息：

systemctl daemon-reload
systemctl enable docker --now
docker info