Docker Installation Guide

Preparetion

Check your linux & kernel version (Require 3.10+)

1
2
lsb_release -a
uname -r

Install Docker by PackageManager

Fedora as example below.

1
2
3
4
5
6
7
8
9
10
# Refer: https://docs.docker.com/engine/install/fedora/
sudo dnf -y install dnf-plugins-core
sudo dnf config-manager \
--add-repo \
https://download.docker.com/linux/fedora/docker-ce.repo
sudo dnf install docker-ce docker-ce-cli containerd.io docker-compose-plugin

sudo systemctl enable docker
sudo systemctl start docker
# sudo docker run hello-world

Install Docker by Binary

Docker version as a variable⁠ as below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
DOCKER_VERSION="24.0.4"
wget https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz
tar -zxvf ./docker-${DOCKER_VERSION}.tgz
sudo chmod +x docker/*
sudo mv docker/* /usr/bin/ && rm -rf docker/

# as root
cat <<EOF | sudo tee /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target
EOF

sudo chmod +x /etc/systemd/system/docker.service
sudo systemctl daemon-reload && sudo systemctl start docker && sudo systemctl enable docker.service

CGroup Configuration

This is Optional, for kubernetes should always use systemd as cgroup-driver.

1
2
3
4
5
6
7
cat <<EOF | sudo tee /etc/docker/daemon.json
{
    "exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

Install Docker Compose

May already installed inside docker, check with command ‘docker compose -v’.

1
2
3
4
5
6
# Refer: https://docs.docker.com/compose/install/
DOCKER_COMPOSE_VERSION="v2.9.0"
curl -L "https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-$(uname -s)-$(uname -m)" -o ./docker-compose
chmod +x ./docker-compose
sudo mv docker-compose /usr/local/bin
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

Tips

Run as root-less

1
2
3
4
5
6
7
# docker 守护进程启动的时候,会默认赋予名字为 docker 的用户组读写 Unix socket 的权限。
# 因此只要创建 docker 用户组,并将当前用户加入到 docker 用户组中。
# 那么当前用户就有权限访问 Unix socket 了,进而也就可以执行 docker 相关命令。
sudo groupadd docker
sudo gpasswd -a $USER docker
newgrp docker
docker ps

Backup & Restore

1
2
3
4
5
6
7
# For Containers
docker export
docker import

# For Images
docker save ${image_id} -o xxx.tar <repo>:<tag>
docker load -i xxx.tar

Network Proxy

1
2
3
4
5
6
7
8
9
10
11
12
13
cat >> ~/.docker/config.json << EOF
{
    "proxies":
    {
        "default":
        {
            "httpProxy": "http://$host:$port",
            "httpsProxy": "http://$host:$port",
            "noProxy": "localhost,127.0.0.0/8"
        }
    }
}
EOF

Patch a Container

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 查看当前容器的配置
docker inspect [hash_of_the_container]
# 修改容器的重启策略
docker update --restart unless-stopped [hash_of_the_container]

# 支持修改的全部策略
Options:
--blkio-weight uint16        Block IO (relative weight), between 10 and 1000, or 0 to disable (default 0)
--cpu-period int             Limit CPU CFS (Completely Fair Scheduler) period
--cpu-quota int              Limit CPU CFS (Completely Fair Scheduler) quota
--cpu-rt-period int          Limit the CPU real-time period in microseconds
--cpu-rt-runtime int         Limit the CPU real-time runtime in microseconds
-c, --cpu-shares int             CPU shares (relative weight)
--cpus decimal               Number of CPUs
--cpuset-cpus string         CPUs in which to allow execution (0-3, 0,1)
--cpuset-mems string         MEMs in which to allow execution (0-3, 0,1)
--kernel-memory bytes        Kernel memory limit
-m, --memory bytes               Memory limit
--memory-reservation bytes   Memory soft limit
--memory-swap bytes          Swap limit equal to memory plus swap: '-1' to enable unlimited swap
--pids-limit int             Tune container pids limit (set -1 for unlimited)
--restart string             Restart policy to apply when a container exits

Issues

Installation with a exit code 203

Simply disable SELinux.

Resource temporarily unavailable

Tasks number reach the limit, fix it by change the limitation.

1
2
3
4
5
systemctl status docker | grep Tasks
# for example: Tasks 507 (limit: 512), almost reach, set unlimited below.
sudo systemctl set-property docker.service TasksMax=infinity
systemctl daemon-reload
systemctl restart docker
#Tech #Docker
Docker Installation Guide
https://tech.initialize.in/docker_2022/docker_2022_001_installation/
作者
Emmett Woo
发布于
2023年8月14日
许可协议