前言

openEuler上的docker版本比较低，使用上游社区的docker安装繁琐，于是有了这篇一键二进制安装docker环境脚本。

脚本内容

#!/bin/bash

checkCode() {
    if [ $? -eq 0 ]; then
        echo "返回状态码: $?, [$1]执行成功!"
    else
        echo "返回状态码: $?, [$1]执行异常, 请检查!"
        echo "程序已退出"
        exit
    fi
}

timeSleep() {
    sleep 1
}

installDocker() {
    dockerVersion="26.1.3"            # docker版本，如果需要安装其他版本，修改这里即可
    dockerPackage="/opt/docker"

    mkdir /opt/docker -p
    cd /opt/docker
    wget https://download.docker.com/linux/static/stable/x86_64/docker-${dockerVersion}.tgz

    # 关闭防火墙
    systemctl stop firewalld.service
    checkCode "防火墙关闭"
    systemctl disable firewalld.service

    # 关闭selinux
    # 临时关闭
    setenforce 0
    # 永久关闭
    selinuxConfig="/etc/selinux/config"
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' $selinuxConfig
    checkCode "SELinux关闭"

    # 更新yum源, 如果不想更新(太慢)可以注释掉下面的命令
    yum makecache && yum update -y

    echo "开始安装docker>>>"
    if [ ! -d $dockerPackage ]; then
        echo "$dockerVersion安装包不存在, 请检查"
        checkCode "Docker安装"
    fi

    cd $dockerPackage
    tar -xzvf docker-$dockerVersion.tgz
    cp docker/* /usr/local/bin/

# 生成docker.service文件
cat > /usr/lib/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/local/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP \$MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=65535                  # 这几个限制一定要加上，值可以自己定义
LimitNPROC=65535
LimitCORE=65535

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

# 生成docker.socket文件
cat > /usr/lib/systemd/system/docker.socket << EOF
[Unit]
Description=Docker Socket for the API
PartOf=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
EOF

# 生成containerd.service文件
cat > /usr/lib/systemd/system/containerd.service << EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/local/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity

[Install]
WantedBy=multi-user.target
EOF

    # 创建docker用户和组
    useradd docker
    groupadd docker
    usermod -aG docker docker

    echo "启动Docer>>>"
    systemctl start docker
    systemctl enable docker

    docker version
    checkCode "Docker安装"

    # 配置镜像加速, 阿里云已不可用，以后镜像加速只能用于他们自己的ecs服务器
    if [ ! -d /etc/docker/ ]; then
        mkdir -p /etc/docker
    fi

cat > /etc/docker/daemon.json << EOF
{
  "registry-mirrors": [
    "https://docker.m.daocloud.io",
        "https://registry.credclouds.com",
        "https://huecker.io",
        "https://dockerhub.timeweb.cloud",
        "https://noohub.ru"
  ]
}
EOF

    systemctl daemon-reload
    systemctl restart docker

# 下面的ens32为网卡名, 需要替换成自己的, 尤其是阿里云服务器, 如果不加，服务器重启后，docker运行的服务可能会出现问题
net-interface=$(ip route show default | awk '/default/ {print $5}')

cat >> /etc/sysctl.conf << EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.${interface}.forwarding = 1
EOF

timeSleep
modprobe br_netfilter && sysctl -p
systemctl status docker
}

installDocker