前言
接上篇 《記一次centos掛載ceph儲存的坑》 伺服器重做了centos7.5版本的作業系統,剩下就是安裝docker,考慮yum安裝耗時較長,我一般都是直接安裝二進位制版本docker包,下面我們看下如何離線部署docker
安裝步驟
國際慣例,看說明書選版本
說明書傳送門:https://docs.docker.com/engine/install/binaries/
裡面有一項比較重要的說明:
Version 3.10 or higher of the Linux kernel. The latest version of the kernel available for your platform is recommended.
不過我們已經升級了centos7.5, 看了一下核心版本
uname -r
3.10.0-862.el7.x86_64
看著沒有什麼問題,docker二進位制包下載地址:https://download.docker.com/linux/static/stable/x86_64/ ,挑來挑去,準備裝前個版本最後的stable版本:docker-19.03.9.tgz,這個版本我們用的也比較多
安裝步驟
解壓壓縮包
建個目錄,我的是/home/docker,把壓縮檔案放在目錄裡,執行 tar zxvf docker-19.03.9.tgz
生成docker服務檔案
cat > /etc/systemd/system/docker.service <<"EOF"
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io
[Service]
Environment="PATH=/home/docker/docker:/bin:/sbin:/usr/bin:/usr/sbin"
ExecStart=/home/docker/docker/dockerd --log-level=error -H unix:///var/run/docker.sock
ExecReload=/bin/kill -s HUP $MAINPID
Restart=on-failure
RestartSec=5
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
生成docker配置檔案
sudo iptables -P FORWARD ACCEPT
mkdir -p /etc/docker/
cat > /etc/docker/docker-daemon.json <<EOF
{
"insecure-registries":["192.xx.xx.8:5000","registry.xxx.com"],
"registry-mirrors": ["https://jk4bb75a.mirror.aliyuncs.com", "https://docker.mirrors.ustc.edu.cn"],
"max-concurrent-downloads": 20
}
EOF
啟動docker
systemctl stop firewalld && systemctl disable firewalld
/usr/sbin/iptables -F && /usr/sbin/iptables -X && /usr/sbin/iptables -F -t nat && /usr/sbin/iptables -X -t nat
/usr/sbin/iptables -P FORWARD ACCEPT
systemctl daemon-reload && systemctl enable docker && systemctl restart docker
for intf in /sys/devices/virtual/net/docker0/brif/*; do echo 1 > $intf/hairpin_mode; done
export PATH=/home/docker/docker/:$PATH
PS: export PATH=/home/docker/docker/:$PATH 可以寫到/etc/profile檔案中
確認docker是否正常
systemctl status docker.service 檢視docker狀態,確保是running。
如果有問題,修改service檔案,然後重啟
systemctl daemon-reload && systemctl restart docker.service
一切看起來是十分的完美,國際慣例,沒病走兩步,執行hello-world試下:
docker run hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:430: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown.
ERRO[0000] error waiting for container: context canceled
First WTF!
OCI runtime create failed 問題定位與解決
官網文件裡搜一把
隨便點開幾個看了一下,系統版本不一樣,但是說的都是一個事,作業系統核心版本和docker版本不對應,升級核心或降低版本,不是說好的 3.10 核心版本是可以的嗎?都正常啟動了
降版本至docker-18.09.9,仍然失敗
下載docker-18.09.9.tgz,解壓覆蓋docker資料夾,直接重啟即可
一切看起來是十分的完美,沒病走兩步,執行hello-world試下:
docker run hello-world
docker: Error response from daemon: OCI runtime create failed: container_linux.go:xxx: starting container process caused "process_linux.go:xxx: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown.
ERRO[0000] error waiting for container: context canceled
Double WTF!
降版本至docker-18.06.3
下載docker-18.06.3-ce.tgz,解壓覆蓋docker資料夾,直接重啟即可
docker run --rm hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
令人親切的hello-world終於出來了
總結
Centos7 的核心版本預設都是3.10系列,我這邊兩個3.10.0-862核心版本的系統安裝18.09和19.03都能正常啟動,但是就是無法正常執行容器,不升級核心只能安裝18.06版本,這邊還有一臺機器是centos7.7,核心版本是3.10.0-1062.18.1.el7.x86_6,是可以正常跑docker 19.03版本的,僅供參考,如果執行容器出現 OCI runtime create failed 優先考慮系統核心版本相容性問題,早期的Ubuntu安裝新版本的docker也有這樣的問題,一般也是將版本或升級核心解決