软创互联

CentOS7.3 内网离线部署docker和容器(其他linux可参考)


#1

[TOC]

CentOS7.3服务器内网离线部署docker和容器

一、离线安装docker

1、获取yum仓库中的docker及其依赖包

1.1、获取docker的依赖包:

克隆一台相同环境的虚拟机,连上互联网,使用yum install docker命令,会提示需要的依赖包列表。CentOS7.3最小化安装环境会提示需要31个包:

yum install docker

正在安装: 
docker x86_64 2:1.13.1-84.git07f3374.el7.centos extras 16 M
为依赖而安装: 
PyYAML x86_64 3.10-11.el7 base 153 k
atomic-registries x86_64 1:1.22.1-26.gitb507039.el7.centos extras 35 k
container-selinux noarch 2:2.74-1.el7 extras 38 k
container-storage-setup noarch 0.11.0-2.git5eaf76c.el7 extras 35 k
containers-common x86_64 1:0.1.31-7.gitb0b750d.el7.centos extras 18 k
docker-client x86_64 2:1.13.1-84.git07f3374.el7.centos extras 3.8 M
docker-common x86_64 2:1.13.1-84.git07f3374.el7.centos extras 94 k
libseccomp x86_64 2.3.1-3.el7 base 56 k
libyaml x86_64 0.1.4-11.el7_0 base 55 k
oci-register-machine x86_64 1:0-6.git2b44233.el7 extras 1.1 M
oci-systemd-hook x86_64 1:0.1.18-2.git3efe246.el7 extras 34 k
oci-umount x86_64 2:2.3.4-2.git87f9237.el7 extras 32 k
python-backports x86_64 1.0-8.el7 base 5.8 k
python-backports-ssl_match_hostname noarch 3.5.0.1-1.el7 base 13 k
python-ipaddress noarch 1.0.16-2.el7 base 34 k
python-pytoml noarch 0.1.14-1.git7dea353.el7 extras 18 k
python-setuptools noarch 0.9.8-7.el7 base 397 k
subscription-manager-rhsm-certificates x86_64 1.21.10-3.el7.centos updates 207 k
yajl x86_64 2.0.4-4.el7 base 39 k
为依赖而更新: 
libselinux x86_64 2.5-14.1.el7 base 162 k
libselinux-python x86_64 2.5-14.1.el7 base 235 k
libselinux-utils x86_64 2.5-14.1.el7 base 151 k
libsemanage x86_64 2.5-14.el7 base 151 k
libsemanage-python x86_64 2.5-14.el7 base 113 k
libsepol x86_64 2.5-10.el7 base 297 k
policycoreutils x86_64 2.5-29.el7 base 916 k
policycoreutils-python x86_64 2.5-29.el7 base 456 k
selinux-policy noarch 3.13.1-229.el7_6.6 updates 483 k
selinux-policy-targeted noarch 3.13.1-229.el7_6.6 updates 6.9 M
setools-libs x86_64 3.3.8-4.el7 base 620 k

1.2、安装yumdownloader工具,用于下载依赖包:

yum install yumdownloader

1.3、新建一个目录rpmdir,并使用yumdownloader下载31个包及其依赖包:

yumdownloader --resolve --destdir=rpmdir docker \
PyYAML \
atomic-registries \
container-selinux \
container-storage-setup \
containers-common \
docker-client \
docker-common \
libseccomp \
libyaml \
oci-register-machine \
oci-systemd-hook \
oci-umount \
python-backports \
python-backports-ssl_match_hostname \
python-ipaddress \
python-pytoml \
python-setuptools \
subscription-manager-rhsm-certificates \
yajl \
libselinux \
libselinux-python \
libselinux-utils \
libsemanage \
libsemanage-python \
libsepol \
policycoreutils \
policycoreutils-python \
selinux-policy \
selinux-policy-targeted \
setools-libs ;

共计下载69个包

ls rpmdir/
atomic-registries-1.22.1-26.gitb507039.el7.centos.x86_64.rpm ncurses-base-5.9-14.20130511.el7_4.noarch.rpm
audit-2.8.4-4.el7.x86_64.rpm ncurses-libs-5.9-14.20130511.el7_4.i686.rpm
audit-libs-2.8.4-4.el7.i686.rpm ncurses-libs-5.9-14.20130511.el7_4.x86_64.rpm
audit-libs-2.8.4-4.el7.x86_64.rpm nspr-4.19.0-1.el7_5.x86_64.rpm
audit-libs-python-2.8.4-4.el7.x86_64.rpm nss-softokn-freebl-3.36.0-5.el7_5.i686.rpm
bzip2-libs-1.0.6-13.el7.i686.rpm nss-softokn-freebl-3.36.0-5.el7_5.x86_64.rpm
containers-common-0.1.31-7.gitb0b750d.el7.centos.x86_64.rpm nss-util-3.36.0-1.el7_5.x86_64.rpm
container-selinux-2.74-1.el7.noarch.rpm oci-register-machine-0-6.git2b44233.el7.x86_64.rpm
container-storage-setup-0.11.0-2.git5eaf76c.el7.noarch.rpm oci-systemd-hook-0.1.18-2.git3efe246.el7.x86_64.rpm
docker-1.13.1-84.git07f3374.el7.centos.x86_64.rpm oci-umount-2.3.4-2.git87f9237.el7.x86_64.rpm
docker-client-1.13.1-84.git07f3374.el7.centos.x86_64.rpm pcre-8.32-17.el7.i686.rpm
docker-common-1.13.1-84.git07f3374.el7.centos.x86_64.rpm pcre-8.32-17.el7.x86_64.rpm
glibc-2.17-260.el7.i686.rpm policycoreutils-2.5-29.el7.x86_64.rpm
glibc-2.17-260.el7.x86_64.rpm policycoreutils-python-2.5-29.el7.x86_64.rpm
glibc-common-2.17-260.el7.x86_64.rpm python-backports-1.0-8.el7.x86_64.rpm
libcap-ng-0.7.5-4.el7.i686.rpm python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch.rpm
libgcc-4.8.5-36.el7.i686.rpm python-ipaddress-1.0.16-2.el7.noarch.rpm
libgcc-4.8.5-36.el7.x86_64.rpm python-pytoml-0.1.14-1.git7dea353.el7.noarch.rpm
libseccomp-2.3.1-3.el7.i686.rpm python-setuptools-0.9.8-7.el7.noarch.rpm
libseccomp-2.3.1-3.el7.x86_64.rpm PyYAML-3.10-11.el7.x86_64.rpm
libselinux-2.5-14.1.el7.i686.rpm readline-6.2-10.el7.i686.rpm
libselinux-2.5-14.1.el7.x86_64.rpm readline-6.2-10.el7.x86_64.rpm
libselinux-python-2.5-14.1.el7.x86_64.rpm selinux-policy-3.13.1-229.el7_6.6.noarch.rpm
libselinux-utils-2.5-14.1.el7.x86_64.rpm selinux-policy-targeted-3.13.1-229.el7_6.6.noarch.rpm
libsemanage-2.5-14.el7.i686.rpm setools-libs-3.3.8-4.el7.i686.rpm
libsemanage-2.5-14.el7.x86_64.rpm setools-libs-3.3.8-4.el7.x86_64.rpm
libsemanage-python-2.5-14.el7.x86_64.rpm sqlite-3.7.17-8.el7.i686.rpm
libsepol-2.5-10.el7.i686.rpm subscription-manager-rhsm-certificates-1.21.10-3.el7.centos.x86_64.rpm
libsepol-2.5-10.el7.x86_64.rpm ustr-1.0.4-16.el7.i686.rpm
libstdc++-4.8.5-36.el7.i686.rpm xz-libs-5.2.2-1.el7.i686.rpm
libstdc++-4.8.5-36.el7.x86_64.rpm yajl-2.0.4-4.el7.i686.rpm
libxml2-2.9.1-6.el7_2.3.i686.rpm yajl-2.0.4-4.el7.x86_64.rpm
libyaml-0.1.4-11.el7_0.i686.rpm zlib-1.2.7-18.el7.i686.rpm
libyaml-0.1.4-11.el7_0.x86_64.rpm zlib-1.2.7-18.el7.x86_64.rpm
ncurses-5.9-14.20130511.el7_4.x86_64.rpm

1.4、将下载的安装包压缩打包,上传至需要安装docker的服务器

tar -zcf rpmdir.tgz rpmdir/
scp -P 22112 rpmdir.tgz user@192.168.33.44:/home/user

2、安装docker

登陆服务器并安装所有rpm包

tar -zxf rpmdir.tgz 
cd rpmdir
yum localinstall *

3、安装docker-compose

3.1、下载docker-compose:

打开链接https://github.com/docker/compose/releases,下载最新的docker-compose-Linux-x86_64

3.2、上传docker-compose:

通过scp拷贝docker-compose-Linux-x86_64到服务器,重新命名为docker-compose-Linux-x86_64_版本号,如:docker-compose-Linux-x86_64_1.23.2。

3.3、安装docker-compose:

登陆服务器,移动docker-compose-Linux-x86_64_1.23.2到/usr/local/bin/,并设置可执行权限:


mv docker-compose-Linux-x86_64_1.23.2 /usr/local/bin/
chmod +x /usr/local/bin/docker-compose-Linux-x86_64_1.23.2
ln -s /usr/local/bin/docker-compose-Linux-x86_64_1.23.2 /usr/local/bin/docker-compose

4、启动docker

4.1 启动docker会报错:

systemctl start docker
[container_package] # systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 五 2018-12-07 00:17:56 CST; 9s ago
Docs: http://docs.docker.com
Process: 9251 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 9251 (code=exited, status=1/FAILURE)

12月 07 00:17:55 v55-server systemd[1]: Starting Docker Application Container Engine...
12月 07 00:17:55 v55-server dockerd-current[9251]: time="2018-12-07T00:17:55.186834921+08:00" level=warning msg="could not change group /var/ru...t found"
12月 07 00:17:55 v55-server dockerd-current[9251]: time="2018-12-07T00:17:55.188657604+08:00" level=info msg="libcontainerd: new containerd pro...d: 9263"
12月 07 00:17:56 v55-server dockerd-current[9251]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kerne...d=false)
12月 07 00:17:56 v55-server systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
12月 07 00:17:56 v55-server systemd[1]: Failed to start Docker Application Container Engine.
12月 07 00:17:56 v55-server systemd[1]: Unit docker.service entered failed state.
12月 07 00:17:56 v55-server systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

“SELinux is not supported with the overlay2 graph driver on this kernel.”
这台机器的linux的内核中的SELinux不支持 overlay2 graph driver 。解决方法有两个,要么启动一个新内核,要么就在docker配置文件里面里禁用selinux。

4.2 修改/etc/sysconfig/docker

设置/etc/sysconfig/docker文件中的–selinux-enabled为--selinux-enabled=false

cat /etc/sysconfig/docker
# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
...
--------------------------------------------------------------------
# 然后可正常启动docker
systemctl start docker

二、离线安装docker镜像

1、在克隆的服务器上安装docker,并pull镜像。

2、导出各个需要的镜像,如mysql:

docker save mysql:5.6 > mysql_5.6.tar

3、上传镜像包到内网服务器后导入服务器:

docker load < mysql_5.6.tar
docker tag mysql mysql:5.6