安装命令如下:
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
也可以使用国内 daocloud 一键安装命令:
curl -sSL https://get.daocloud.io/docker | sh
卸载旧版本:
$ sudo apt-get remove docker docker-engine docker.io containerd runc
更新 apt 包索引:
$ sudo apt-get update
安装 apt 依赖包,用于通过HTTPS来获取仓库:
$ sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
添加 Docker 的官方 GPG 密钥:
$ curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 通过搜索指纹的后8个字符,验证您现在是否拥有带有指纹的密钥:
$ sudo apt-key fingerprint 0EBFCD88
pub rsa4096 2017-02-22 [SCEA]
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid [ 未知 ] Docker Release (CE deb) <docker@docker.com>
sub rsa4096 2017-02-22 [S]
使用以下指令设置稳定版仓库
$ sudo add-apt-repository \
"deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/ \
$(lsb_release -cs) \
stable"
$ sudo apt-get update
$ sudo apt-get install docker-ce docker-ce-cli containerd.io
$ docker --version
出现如下信息代表安装docker成功
Docker version 20.10.20, build 9fdeb9c```
$ docker run hello-world
出现以下信息代表运行hello-world镜像安装成功。
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:18a657d0cc1c7d0678a3fbea8b7eb4918bba25968d3e1b0adebfa71caddbc346
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
在linux环境创建一个脚本如:docker-install.sh,然后复制如下代码到脚本中:
#!/bin/sh
password=123456
dir=/usr/local/ca
service=10.10.20.133
port=2376
echo "开始创建docker"
echo "卸载旧版本docker"
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
cd /etc/yum.repos.d/
sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
echo "设置仓库"
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
echo "安装docker"
sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
echo "设置阿里云"
sudo yum-config-manager \
--add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
mkdir -p /etc/docker/
echo "hosts中添加服务]"
cat > /etc/docker/daemon.json <<-EOF
{
"registry-mirrors": ["https://t81qmnz6.mirror.aliyuncs.com"]
}
EOF
sudo sed -i 's|ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock|ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=$dir/ca.pem --tlscert=$dir/server-cert.pem --tlskey=$dir/server-key.pem -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock|g' /lib/systemd/system/docker.service
echo "启动docker"
systemctl daemon-reload
sudo systemctl start docker
echo "开始配置证书"
if [ ! -d "$dir" ];then
mkdir -p $dir
else
rm -rf $dir
mkdir -p $dir
fi
cd $dir
#1. 创建CA私钥和CA公钥
openssl genrsa -aes256 -passout pass:$password -out ca-key.pem 4096
openssl req -new -x509 -days 365 \
-subj "/C=CN/ST=LiaoNing/L=Shenyang/O=example/OU=Personal/CN=$service" \
-key ca-key.pem -passin pass:$password -sha256 -out ca.pem
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$service" -sha256 -new -key server-key.pem -out server.csr
echo subjectAltName = IP:$service,IP:0.0.0.0 >> extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf
openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem \
-CAkey ca-key.pem -passin "pass:$password" \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf
openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
echo extendedKeyUsage = clientAuth > extfile-client.cnf
openssl x509 -req -days 365 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -passin pass:$password \
-CAcreateserial -out cert.pem -extfile extfile-client.cnf
rm -f -v client.csr server.csr extfile.cnf extfile-client.cnf
chmod -v 0400 ca-key.pem key.pem server-key.pem
chmod -v 0444 ca.pem server-cert.pem cert.pem
rm -f /etc/docker/*.pem
cp server-*.pem /etc/docker/
cp ca.pem /etc/docker/
if [ -d "~/.docker" ];then
rm -rf ~/.docker
fi
mkdir -p ~/.docker
cp server-*.pem ~/.docker/
cp ca.pem ~/.docker/
export DOCKER_HOST=tcp://$service:$port DOCKER_TLS_VERIFY=1
systemctl enable docker
systemctl daemon-reload
systemctl restart docker
systemctl restart docker.service
echo "创建docker成功!"
sudo curl -L "https://github.com/docker/compose/releases/download/2.12.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
至此安装docker完成。