目录
Ubuntu Docker 安装
使用官方安装脚本自动安装
安装命令如下:
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
也可以使用国内 daocloud 一键安装命令:
curl -sSL https://get.daocloud.io/docker | sh
手动安装
卸载旧版本:
$ sudo apt-get remove docker docker-engine docker.io containerd runc
更新 apt 包索引:
$ sudo apt-get update
安装 apt 依赖包,用于通过HTTPS来获取仓库:
$ sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
添加 Docker 的官方 GPG 密钥:
$ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 通过搜索指纹的后8个字符,验证您现在是否拥有带有指纹的密钥:
$ sudo apt-key fingerprint 0EBFCD88
pub rsa4096 2017-02-22 [SCEA]
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid [ 未知 ] Docker Release (CE deb) <docker@docker.com>
sub rsa4096 2017-02-22 [S]
使用以下指令设置稳定版仓库
$ sudo add-apt-repository \
"deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/ \
$(lsb_release -cs) \
stable"
安装 Docker Engine-Community
更新 apt 包索引
$ sudo apt-get update
安装最新版本的 Docker Engine-Community 和 containerd ,或者转到下一步安装特定版本:
$ sudo apt-get install docker-ce docker-ce-cli containerd.io
验证docker是否安装完成
$ docker --version
出现如下信息代表安装docker成功
Docker version 20.10.20, build 9fdeb9c```
运行hello-world看看是否docker可以运行镜像
$ docker run hello-world
出现以下信息代表运行hello-world镜像安装成功。
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:18a657d0cc1c7d0678a3fbea8b7eb4918bba25968d3e1b0adebfa71caddbc346
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
docker一键部署脚本
在linux环境创建一个脚本如:docker-install.sh,然后复制如下代码到脚本中:
#!/bin/sh
password=123456
dir=/usr/local/ca
service=10.10.20.133
port=2376
echo "开始创建docker"
echo "卸载旧版本docker"
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
cd /etc/yum.repos.d/
sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
echo "设置仓库"
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
echo "安装docker"
sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
echo "设置阿里云"
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
mkdir -p /etc/docker/
echo "hosts中添加服务]"
cat > /etc/docker/daemon.json <<-EOF
{
"registry-mirrors": ["https://t81qmnz6.mirror.aliyuncs.com"]
}
EOF
sudo sed -i 's|ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock|ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=$dir/ca.pem --tlscert=$dir/server-cert.pem --tlskey=$dir/server-key.pem -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock|g' /lib/systemd/system/docker.service
echo "启动docker"
systemctl daemon-reload
sudo systemctl start docker
echo "开始配置证书"
if [ ! -d "$dir" ];then
mkdir -p $dir
else
rm -rf $dir
mkdir -p $dir
fi
cd $dir
#1. 创建CA私钥和CA公钥
openssl genrsa -aes256 -passout pass:$password -out ca-key.pem 4096
openssl req -new -x509 -days 365 \
-subj "/C=CN/ST=LiaoNing/L=Shenyang/O=example/OU=Personal/CN=$service" \
-key ca-key.pem -passin pass:$password -sha256 -out ca.pem
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$service" -sha256 -new -key server-key.pem -out server.csr
echo subjectAltName = IP:$service,IP:0.0.0.0 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem \
-CAkey ca-key.pem -passin "pass:$password" \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf
openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -passin pass:$password \
-CAcreateserial -out cert.pem -extfile extfile-client.cnf
rm -f -v client.csr server.csr extfile.cnf extfile-client.cnf
chmod -v 0400 ca-key.pem key.pem server-key.pem
chmod -v 0444 ca.pem server-cert.pem cert.pem
rm -f /etc/docker/*.pem
cp server-*.pem /etc/docker/
cp ca.pem /etc/docker/
if [ -d "~/.docker" ];then
rm -rf ~/.docker
fi
mkdir -p ~/.docker
cp server-*.pem ~/.docker/
cp ca.pem ~/.docker/
export DOCKER_HOST=tcp://$service:$port DOCKER_TLS_VERIFY=1
systemctl enable docker
systemctl daemon-reload
systemctl restart docker
systemctl restart docker.service
echo "创建docker成功!"
sudo curl -L "https://github.com/docker/compose/releases/download/2.12.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
总结
至此安装docker完成。