diff --git a/Docker/Docs/Centos安装Docker.md b/Docker/Docs/Centos安装Docker.md deleted file mode 100644 index f3fc262..0000000 --- a/Docker/Docs/Centos安装Docker.md +++ /dev/null @@ -1,80 +0,0 @@ -> 本文作者:丁辉 - -# Docker网络安装 - -> 整体来说各系统安装方式都相差不大,那么咱们这里只举例 Centos 安装 Docker 形式 -> -> [官网安装文档](https://docs.docker.com/engine/install/) - -## 开始部署 - -1. 卸载就办 Docker - - ```bash - sudo yum remove docker \ - docker-client \ - docker-client-latest \ - docker-common \ - docker-latest \ - docker-latest-logrotate \ - docker-logrotate \ - docker-engine - ``` - -2. 设置存储库 - - ```bash - yum install -y yum-utils - ``` - - ```bash - yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo - ``` - - > 国内源 - > - > ```bash - > yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo - > ``` - -3. 安装最新版 - - ```bash - yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - ``` - - > 安装特定版本 - > - > - 查看版本库 - > - > ```bash - > yum list docker-ce --showduplicates | sort -r - > ``` - > - > - 安装 - > - > ```bash - > sudo yum install docker-ce- docker-ce-cli- containerd.io docker-buildx-plugin docker-compose-plugin - > ``` - -4. 启动 - - ```bash - systemctl enable docker - systemctl start docker - ``` - -## 卸载 Docker - -1. 卸载软件包 - - ```bash - yum remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras - ``` - -2. 清理文件 - - ```bash - rm -rf /var/lib/docker - rm -rf /var/lib/containerd - ``` diff --git a/Docker/Docs/DockerHub上传双架构镜像.md b/Docker/Docs/Docker使用文档/DockerHub上传双架构镜像.md similarity index 100% rename from Docker/Docs/DockerHub上传双架构镜像.md rename to Docker/Docs/Docker使用文档/DockerHub上传双架构镜像.md diff --git a/Docker/Docs/Docker上下文配置.md b/Docker/Docs/Docker使用文档/Docker上下文配置.md similarity index 100% rename from Docker/Docs/Docker上下文配置.md rename to Docker/Docs/Docker使用文档/Docker上下文配置.md diff --git a/Docker/Docs/Docker常用命令及参数.md b/Docker/Docs/Docker使用文档/Docker常用命令及参数.md similarity index 100% rename from Docker/Docs/Docker常用命令及参数.md rename to Docker/Docs/Docker使用文档/Docker常用命令及参数.md diff --git a/Docker/Docs/Docker常用配置文件配置.md b/Docker/Docs/Docker使用文档/Docker常用配置文件配置.md similarity index 100% rename from Docker/Docs/Docker常用配置文件配置.md rename to Docker/Docs/Docker使用文档/Docker常用配置文件配置.md diff --git a/Docker/Docs/Docker更改IP池.md b/Docker/Docs/Docker使用文档/Docker更改IP池.md similarity index 100% rename from Docker/Docs/Docker更改IP池.md rename to Docker/Docs/Docker使用文档/Docker更改IP池.md diff --git a/Docker/Docs/Docker构建镜像.md b/Docker/Docs/Docker使用文档/Docker构建镜像.md similarity index 100% rename from Docker/Docs/Docker构建镜像.md rename to Docker/Docs/Docker使用文档/Docker构建镜像.md diff --git a/Docker/Docs/Docker配合Mysql-Secrets使用.md b/Docker/Docs/Docker使用文档/Docker配合Mysql-Secrets使用.md similarity index 100% rename from Docker/Docs/Docker配合Mysql-Secrets使用.md rename to Docker/Docs/Docker使用文档/Docker配合Mysql-Secrets使用.md diff --git a/Docker/Docs/Docker配置2375端口.md b/Docker/Docs/Docker使用文档/Docker配置2375端口.md similarity index 100% rename from Docker/Docs/Docker配置2375端口.md rename to Docker/Docs/Docker使用文档/Docker配置2375端口.md diff --git a/Docker/Docs/Docker配置代理.md b/Docker/Docs/Docker使用文档/Docker配置代理.md similarity index 100% rename from Docker/Docs/Docker配置代理.md rename to Docker/Docs/Docker使用文档/Docker配置代理.md diff --git a/Docker/Docs/Docker配置守护进程.md b/Docker/Docs/Docker使用文档/Docker配置守护进程.md similarity index 100% rename from Docker/Docs/Docker配置守护进程.md rename to Docker/Docs/Docker使用文档/Docker配置守护进程.md diff --git a/Docker/Docs/Docker镜像批量打包.md b/Docker/Docs/Docker使用文档/Docker镜像批量打包.md similarity index 100% rename from Docker/Docs/Docker镜像批量打包.md rename to Docker/Docs/Docker使用文档/Docker镜像批量打包.md diff --git a/Docker/Docs/Docker集群.md b/Docker/Docs/Docker使用文档/Docker集群.md similarity index 100% rename from Docker/Docs/Docker集群.md rename to Docker/Docs/Docker使用文档/Docker集群.md diff --git a/Docker/Docs/Mysql容器纳入System管理.md b/Docker/Docs/Docker使用文档/Mysql容器纳入System管理.md similarity index 100% rename from Docker/Docs/Mysql容器纳入System管理.md rename to Docker/Docs/Docker使用文档/Mysql容器纳入System管理.md diff --git a/Docker/Docs/Bitnami部署Mysql主从.md b/Docker/Docs/Docker部署软件/Docker部署Bitnami-Mysql主从.md similarity index 97% rename from Docker/Docs/Bitnami部署Mysql主从.md rename to Docker/Docs/Docker部署软件/Docker部署Bitnami-Mysql主从.md index 94a7e58..d62ecb7 100644 --- a/Docker/Docs/Bitnami部署Mysql主从.md +++ b/Docker/Docs/Docker部署软件/Docker部署Bitnami-Mysql主从.md @@ -1,6 +1,6 @@ > 本文作者:丁辉 -# Bitnami部署Mysql主从 +# Docker部署Bitnami-Mysql主从 1. 创建持久化目录 diff --git a/Docker/Docs/Docker部署Caddy.md b/Docker/Docs/Docker部署软件/Docker部署Caddy.md similarity index 100% rename from Docker/Docs/Docker部署Caddy.md rename to Docker/Docs/Docker部署软件/Docker部署Caddy.md diff --git a/Docker/Docs/Docker-fio磁盘读写测试.md b/Docker/Docs/Docker部署软件/Docker部署Fio磁盘读写测试.md similarity index 99% rename from Docker/Docs/Docker-fio磁盘读写测试.md rename to Docker/Docs/Docker部署软件/Docker部署Fio磁盘读写测试.md index 1ff3a6b..d117b81 100644 --- a/Docker/Docs/Docker-fio磁盘读写测试.md +++ b/Docker/Docs/Docker部署软件/Docker部署Fio磁盘读写测试.md @@ -1,6 +1,6 @@ > 本文作者:丁辉 -# Docker-fio磁盘读写测试 +# Docker部署Fio磁盘读写测试 [官方文档](https://fio.readthedocs.io/en/latest/fio_doc.html) diff --git a/Docker/Docs/Docker部署Gitlab.md b/Docker/Docs/Docker部署软件/Docker部署Gitlab.md similarity index 100% rename from Docker/Docs/Docker部署Gitlab.md rename to Docker/Docs/Docker部署软件/Docker部署Gitlab.md diff --git a/Docker/Docs/Docker部署JumpServer.md b/Docker/Docs/Docker部署软件/Docker部署JumpServer.md similarity index 100% rename from Docker/Docs/Docker部署JumpServer.md rename to Docker/Docs/Docker部署软件/Docker部署JumpServer.md diff --git a/Docker/Docs/Docker快速部署LobeChat.md b/Docker/Docs/Docker部署软件/Docker部署LobeChat.md similarity index 96% rename from Docker/Docs/Docker快速部署LobeChat.md rename to Docker/Docs/Docker部署软件/Docker部署LobeChat.md index 6a132b4..f470265 100644 --- a/Docker/Docs/Docker快速部署LobeChat.md +++ b/Docker/Docs/Docker部署软件/Docker部署LobeChat.md @@ -1,6 +1,6 @@ > 本文作者:丁辉 -# Docker快速部署LobeChat +# Docker部署LobeChat [Github](https://github.com/lobehub/lobe-chat) [官方文档](https://lobehub.com/zh/features) [官方部署文档](https://lobehub.com/zh/docs/self-hosting/platform/docker) diff --git a/Docker/Docs/Docker部署Nacos.md b/Docker/Docs/Docker部署软件/Docker部署Nacos.md similarity index 100% rename from Docker/Docs/Docker部署Nacos.md rename to Docker/Docs/Docker部署软件/Docker部署Nacos.md diff --git a/Docker/Docs/Nginx配置文件读取变量.md b/Docker/Docs/Docker部署软件/Docker部署Nginx使用配置文件读取变量.md similarity index 95% rename from Docker/Docs/Nginx配置文件读取变量.md rename to Docker/Docs/Docker部署软件/Docker部署Nginx使用配置文件读取变量.md index 8ed9900..1688b28 100644 --- a/Docker/Docs/Nginx配置文件读取变量.md +++ b/Docker/Docs/Docker部署软件/Docker部署Nginx使用配置文件读取变量.md @@ -1,7 +1,7 @@ > 本文作者:丁辉 > -# Nginx配置文件读取变量 +# Docker部署Nginx使用配置文件读取变量 ## 方法一使用 Envsubst 渲染替换环境变量 diff --git a/Docker/Docs/Docker部署Node-exporter.md b/Docker/Docs/Docker部署软件/Docker部署Node-exporter.md similarity index 100% rename from Docker/Docs/Docker部署Node-exporter.md rename to Docker/Docs/Docker部署软件/Docker部署Node-exporter.md diff --git a/Docker/Docs/Docker部署Portainer.md b/Docker/Docs/Docker部署软件/Docker部署Portainer.md similarity index 100% rename from Docker/Docs/Docker部署Portainer.md rename to Docker/Docs/Docker部署软件/Docker部署Portainer.md diff --git a/Docker/Docs/Docker使用Tor实现匿名通信.md b/Docker/Docs/Docker部署软件/Docker部署Tor实现匿名通信.md similarity index 97% rename from Docker/Docs/Docker使用Tor实现匿名通信.md rename to Docker/Docs/Docker部署软件/Docker部署Tor实现匿名通信.md index 04e7851..e24eeef 100644 --- a/Docker/Docs/Docker使用Tor实现匿名通信.md +++ b/Docker/Docs/Docker部署软件/Docker部署Tor实现匿名通信.md @@ -1,6 +1,6 @@ > 本文作者:丁辉 -# Docker使用Tor实现匿名通信 +# Docker部署Tor实现匿名通信 ## 介绍 diff --git a/Docker/Docs/Docker部署Watchtower管理容器更新.md b/Docker/Docs/Docker部署软件/Docker部署Watchtower管理容器更新.md similarity index 100% rename from Docker/Docs/Docker部署Watchtower管理容器更新.md rename to Docker/Docs/Docker部署软件/Docker部署Watchtower管理容器更新.md diff --git a/Docker/Docs/安装文档/Centos安装Docker.md b/Docker/Docs/安装文档/Centos安装Docker.md new file mode 100644 index 0000000..a077808 --- /dev/null +++ b/Docker/Docs/安装文档/Centos安装Docker.md @@ -0,0 +1,126 @@ +> 本文作者:丁辉 + +# Centos安装Docker + +> 整体来说各系统安装方式都相差不大,那么咱们这里只举例 Centos 安装 Docker 形式 +> +> [官网安装文档](https://docs.docker.com/engine/install/) + +## 开始部署 + +1. 卸载就办 Docker + + ```bash + sudo yum remove docker \ + docker-client \ + docker-client-latest \ + docker-common \ + docker-latest \ + docker-latest-logrotate \ + docker-logrotate \ + docker-engine + ``` + +2. 安装必要依赖 + + ```bash + yum install -y yum-utils device-mapper-persistent-data lvm2 + ``` + + **参数解释** + + | 依赖包 | 作用 | 为什么需要 | + | :-------------------------------: | :-----------------------: | :-----------------------------------: | + | **yum-utils** | 添加和管理 yum 仓库 | 用于添加 Docker 官方仓库 | + | **device-mapper-persistent-data** | devicemapper 存储驱动依赖 | 保证 Docker 底层存储驱动正常运行 | + | **lvm2** | 提供逻辑卷管理工具 | devicemapper 依赖,提供底层块存储支持 | + +3. 设置存储库 + + - 官方源 + + ```bash + yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo + ``` + + - 国内源 + + ```bash + yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo + ``` + + - 清华 TUNA Docker 源 + + ```bash + cat > /etc/yum.repos.d/docker-ce.repo << 'EOF' + [docker-ce-stable] + name=Docker CE Stable - $basearch + baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/$releasever/$basearch/stable + enabled=1 + gpgcheck=1 + gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg + + [docker-ce-stable-debuginfo] + name=Docker CE Stable - Debuginfo $basearch + baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/$releasever/debug-$basearch/stable + enabled=0 + gpgcheck=1 + gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg + + [docker-ce-stable-source] + name=Docker CE Stable - Sources + baseurl=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/$releasever/source/stable + enabled=0 + gpgcheck=1 + gpgkey=https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/gpg + EOF + ``` + +4. 刷新 YUM 缓存 + + ```bash + yum clean all + yum makecache + ``` + +5. 安装最新版 + + ```bash + yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin + ``` + + > 安装特定版本 + > + > - 查看版本库 + > + > ```bash + > yum list docker-ce --showduplicates | sort -r + > ``` + > + > - 安装 + > + > ```bash + > sudo yum install docker-ce- docker-ce-cli- containerd.io docker-buildx-plugin docker-compose-plugin + > ``` + +6. 启动 + + ```bash + systemctl enable docker + systemctl start docker + ``` + +## 卸载 Docker + +1. 卸载软件包 + + ```bash + yum remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-ce-rootless-extras + ``` + +2. 清理文件 + + ```bash + rm -rf /var/lib/docker + rm -rf /var/lib/containerd + ``` diff --git a/Docker/Docs/Docker使用GPU.md b/Docker/Docs/安装文档/Docker配置GPU环境.md similarity index 98% rename from Docker/Docs/Docker使用GPU.md rename to Docker/Docs/安装文档/Docker配置GPU环境.md index 104523d..f4b8c55 100644 --- a/Docker/Docs/Docker使用GPU.md +++ b/Docker/Docs/安装文档/Docker配置GPU环境.md @@ -1,6 +1,6 @@ > 本文作者丁辉 -# GPU容器化基础环境准备 +# Docker配置GPU环境 ## Linux下载并安装GPU驱动(根据自身环境情况而定) diff --git a/Docker/Docs/OpeneUleros部署Docker.md b/Docker/Docs/安装文档/OpeneUleros安装Docker.md similarity index 95% rename from Docker/Docs/OpeneUleros部署Docker.md rename to Docker/Docs/安装文档/OpeneUleros安装Docker.md index 1a1c2a1..64ce495 100644 --- a/Docker/Docs/OpeneUleros部署Docker.md +++ b/Docker/Docs/安装文档/OpeneUleros安装Docker.md @@ -1,6 +1,6 @@ > 本文作者:丁辉 -# OpeneUleros部署Docker +# OpeneUleros安装Docker > OpeneUleros 为 dnf 包管理工具, 所以特意记录本次安装 diff --git a/Docker/Docs/安装文档/二进制安装Docker.md b/Docker/Docs/安装文档/二进制安装Docker.md new file mode 100644 index 0000000..55f141c --- /dev/null +++ b/Docker/Docs/安装文档/二进制安装Docker.md @@ -0,0 +1,48 @@ +> 本文作者:丁辉 + +# 二进制安装Docker + +[官方文档](https://docs.docker.com/engine/install/binaries/#install-daemon-and-client-binaries-on-linux) + +## 准备工作 + +- [二进制文件包下载](https://download.docker.com/linux/static/stable/) +- [docker.service下载](https://github.com/moby/moby/blob/master/contrib/init/systemd/docker.service)(此文件只做示例,因为二进制安装还是有些不同的) + +## 开始部署 + +1. 下载二进制文件(地址如上所示) + +2. 解压文件 + + ```bash + tar -zxvf docker-*.tgz + ``` + +3. 配置 Docker 环境 + + ```bash + cp ./docker/* /usr/bin/ + ``` + +4. 下载 docker.service 文件 + + ```bash + wget https://gitea.offends.cn/Offends/Kubernetes/raw/branch/main/Docker/Files/docker.service.old + ``` + + 将文件移动到指定位置 + + ```bash + cp ./docker.service.old /usr/lib/systemd/system/docker.service + ``` + +5. 启动程序 + + ```bash + systemctl daemon-reload + systemctl start docker + systemctl enable docker + ``` + + \ No newline at end of file diff --git a/Docker/Docs/安装文档/通过脚本安装Docker.md b/Docker/Docs/安装文档/通过脚本安装Docker.md new file mode 100644 index 0000000..c537ce1 --- /dev/null +++ b/Docker/Docs/安装文档/通过脚本安装Docker.md @@ -0,0 +1,45 @@ +> 本文作者:丁辉 + +# 通过脚本安装Docker + +## 官方脚本 + +- 官方源 + + ```bash + curl -fsSL https://get.docker.com | bash + ``` + +- 阿里源 + + ```bash + curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun + ``` + + +> 脚本下载: +> +> ```bash +> curl -fsSL https://get.docker.com -o get-docker.sh +> ``` + +## 第三方脚本(Rancher) + +- 官方源 + + ```bash + curl https://releases.rancher.com/install-docker/20.10.sh | sh + ``` + +- 阿里源 + + ```bash + curl -fsSL https://releases.rancher.com/install-docker/20.10.sh | sh -s -- --mirror Aliyun + ``` + + +> 脚本下载: +> +> ```bash +> curl -fsSL https://releases.rancher.com/install-docker/20.10.sh -o rancher-20.10.sh.sh +> ``` \ No newline at end of file diff --git a/Docker/Docs/脚本安装Docker.md b/Docker/Docs/脚本安装Docker.md deleted file mode 100644 index bb4d04b..0000000 --- a/Docker/Docs/脚本安装Docker.md +++ /dev/null @@ -1,17 +0,0 @@ -> 本文作者:丁辉 - -# 脚本安装Docker - -- 官方源 - - ```bash - curl -fsSL https://get.docker.com | bash - ``` - -- 阿里源 - - ```bash - curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun - ``` - - \ No newline at end of file diff --git a/Docker/Files/docker.service b/Docker/Files/docker.service index 0ca2830..4ac5e93 100644 --- a/Docker/Files/docker.service +++ b/Docker/Files/docker.service @@ -2,47 +2,47 @@ # 文件位置: /usr/lib/systemd/system/docker.service [Unit] -# 描述这个单元的作用是管理 Docker 应用容器引擎 +# 服务的描述信息 Description=Docker Application Container Engine -# 提供文档链接,指向 Docker 的官方文档 +# 指向 Docker 官方文档,便于 systemd 工具读取帮助信息 Documentation=https://docs.docker.com -# 指定单元的启动顺序和依赖关系[网卡,防火墙,时间同步] -After=network-online.target firewalld.service time-set.target -# 在启动时需要网络已启动 -Wants=network-online.target +# 在网络完全上线、DNS 可用、docker.socket、firewalld、containerd 等服务就绪后再启动 +After=network-online.target nss-lookup.target docker.socket firewalld.service containerd.service time-set.target +# 希望这些服务也在启动时被激活,但不是强制依赖 +Wants=network-online.target containerd.service +# Docker 服务依赖 docker.socket,否则无法启动 +Requires=docker.socket +# 在设定时间窗口内允许最多 3 次启动失败 +StartLimitBurst=3 +# 启动失败计数的时间窗口为 60 秒 +StartLimitIntervalSec=60 + [Service] -# 指定服务的类型为通知类型 +# Docker 使用 systemd 的通知机制汇报启动是否完成 Type=notify -# 指定 Docker 守护进程的启动命令和参数 -ExecStart=/usr/local/bin/dockerd -# 指定在执行重载时的命令 +# Docker 守护进程的启动命令,fd:// 表示让 systemd 管理 socket;指定 containerd 套接字路径 +ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock +# 重载配置时给主进程发送 HUP 信号 ExecReload=/bin/kill -s HUP $MAINPID -# 设置启动超时时间为 0,重启时间为 2 秒 +# 不限制启动超时时间,避免因系统繁忙造成 dockerd 启动失败 TimeoutStartSec=0 -# 用于指定服务重新启动之间的延迟时间 -RestartSec=100ms -# 当服务以非零(非成功)的退出状态结束时,Systemd 将自动尝试重新启动该服务 -Restart=on-failure -# 用于设置在 Systemd 尝试启动服务时允许的最大连续启动次数 -StartLimitBurst=3 -# 指定了在 StartLimitBurst 尝试次数内重新启动服务的时间间隔限制 -StartLimitInterval=60s -# 限制一个服务进程可以打开的文件描述符(File Descriptor)的数量 -LimitNOFILE=infinity -# 限制一个服务进程可以创建的子进程数量 +# 发生失败重启前等待 2 秒 +RestartSec=2 +# 无论因何原因退出都自动重启 +dRestart=always +# 设为无限以避免内核资源统计带来的性能开销 LimitNPROC=infinity -# 限制一个服务进程可以使用的核心转储(core dump)文件的大小 LimitCORE=infinity -# 限制一个单元内的任务数量(即线程和进程总数) +# 允许 Docker 创建任意数量的任务(需 systemd 226+) TasksMax=infinity -# 指定使用委托,让 systemd 不重置 docker 容器的 cgroups +# 允许 docker 自己管理其 cgroups,不受 systemd 重置影响 Delegate=yes -# 设置 KillMode 为 process,只杀死 Docker 进程,不影响 cgroup 中的其他进程 +# 杀进程时只杀主进程,不影响容器子进程 KillMode=process -# 设置 OOMScoreAdjust 为 -500,降低容器进程被 OOM 杀死的概率 -# OOMScoreAdjust=-500 +# 降低 Docker 在内存不足(OOM)时被内核优先杀掉的概率 +OOMScoreAdjust=-500 -# 安装目标为多用户模式 [Install] +# 让服务在多用户运行级别自动启动 WantedBy=multi-user.target \ No newline at end of file diff --git a/Docker/Files/docker.service.old b/Docker/Files/docker.service.old new file mode 100644 index 0000000..d495a47 --- /dev/null +++ b/Docker/Files/docker.service.old @@ -0,0 +1,48 @@ +# Github仓库示例地址: https://github.com/moby/moby/blob/master/contrib/init/systemd/docker.service +# 文件位置: /usr/lib/systemd/system/docker.service + +[Unit] +# 描述这个单元的作用是管理 Docker 应用容器引擎 +Description=Docker Application Container Engine +# 提供文档链接,指向 Docker 的官方文档 +Documentation=https://docs.docker.com +# 指定单元的启动顺序和依赖关系[网卡,防火墙,时间同步] +After=network-online.target firewalld.service time-set.target +# 在启动时需要网络已启动 +Wants=network-online.target + +[Service] +# 指定服务的类型为通知类型 +Type=notify +# 指定 Docker 守护进程的启动命令和参数 +ExecStart=/usr/bin/dockerd +# 指定在执行重载时的命令 +ExecReload=/bin/kill -s HUP $MAINPID +# 设置启动超时时间为 0,重启时间为 2 秒 +TimeoutStartSec=0 +# 用于指定服务重新启动之间的延迟时间 +RestartSec=100ms +# 当服务以非零(非成功)的退出状态结束时,Systemd 将自动尝试重新启动该服务 +Restart=on-failure +# 用于设置在 Systemd 尝试启动服务时允许的最大连续启动次数 +StartLimitBurst=3 +# 指定了在 StartLimitBurst 尝试次数内重新启动服务的时间间隔限制 +StartLimitInterval=60s +# 限制一个服务进程可以打开的文件描述符(File Descriptor)的数量 +LimitNOFILE=infinity +# 限制一个服务进程可以创建的子进程数量 +LimitNPROC=infinity +# 限制一个服务进程可以使用的核心转储(core dump)文件的大小 +LimitCORE=infinity +# 限制一个单元内的任务数量(即线程和进程总数) +TasksMax=infinity +# 指定使用委托,让 systemd 不重置 docker 容器的 cgroups +Delegate=yes +# 设置 KillMode 为 process,只杀死 Docker 进程,不影响 cgroup 中的其他进程 +KillMode=process +# 设置 OOMScoreAdjust 为 -500,降低容器进程被 OOM 杀死的概率 +# OOMScoreAdjust=-500 + +# 安装目标为多用户模式 +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/Docker/Files/get-docker.sh b/Docker/Files/get-docker.sh new file mode 100644 index 0000000..424c976 --- /dev/null +++ b/Docker/Files/get-docker.sh @@ -0,0 +1,720 @@ +#!/bin/sh +set -e +# Docker Engine for Linux installation script. +# +# This script is intended as a convenient way to configure docker's package +# repositories and to install Docker Engine, This script is not recommended +# for production environments. Before running this script, make yourself familiar +# with potential risks and limitations, and refer to the installation manual +# at https://docs.docker.com/engine/install/ for alternative installation methods. +# +# The script: +# +# - Requires `root` or `sudo` privileges to run. +# - Attempts to detect your Linux distribution and version and configure your +# package management system for you. +# - Doesn't allow you to customize most installation parameters. +# - Installs dependencies and recommendations without asking for confirmation. +# - Installs the latest stable release (by default) of Docker CLI, Docker Engine, +# Docker Buildx, Docker Compose, containerd, and runc. When using this script +# to provision a machine, this may result in unexpected major version upgrades +# of these packages. Always test upgrades in a test environment before +# deploying to your production systems. +# - Isn't designed to upgrade an existing Docker installation. When using the +# script to update an existing installation, dependencies may not be updated +# to the expected version, resulting in outdated versions. +# +# Source code is available at https://github.com/docker/docker-install/ +# +# Usage +# ============================================================================== +# +# To install the latest stable versions of Docker CLI, Docker Engine, and their +# dependencies: +# +# 1. download the script +# +# $ curl -fsSL https://get.docker.com -o install-docker.sh +# +# 2. verify the script's content +# +# $ cat install-docker.sh +# +# 3. run the script with --dry-run to verify the steps it executes +# +# $ sh install-docker.sh --dry-run +# +# 4. run the script either as root, or using sudo to perform the installation. +# +# $ sudo sh install-docker.sh +# +# Command-line options +# ============================================================================== +# +# --version +# Use the --version option to install a specific version, for example: +# +# $ sudo sh install-docker.sh --version 23.0 +# +# --channel +# +# Use the --channel option to install from an alternative installation channel. +# The following example installs the latest versions from the "test" channel, +# which includes pre-releases (alpha, beta, rc): +# +# $ sudo sh install-docker.sh --channel test +# +# Alternatively, use the script at https://test.docker.com, which uses the test +# channel as default. +# +# --mirror +# +# Use the --mirror option to install from a mirror supported by this script. +# Available mirrors are "Aliyun" (https://mirrors.aliyun.com/docker-ce), and +# "AzureChinaCloud" (https://mirror.azure.cn/docker-ce), for example: +# +# $ sudo sh install-docker.sh --mirror AzureChinaCloud +# +# --setup-repo +# +# Use the --setup-repo option to configure Docker's package repositories without +# installing Docker packages. This is useful when you want to add the repository +# but install packages separately: +# +# $ sudo sh install-docker.sh --setup-repo +# +# ============================================================================== + + +# Git commit from https://github.com/docker/docker-install when +# the script was uploaded (Should only be modified by upload job): +SCRIPT_COMMIT_SHA="${LOAD_SCRIPT_COMMIT_SHA}" + +# strip "v" prefix if present +VERSION="${VERSION#v}" + +# The channel to install from: +# * stable +# * test +DEFAULT_CHANNEL_VALUE="stable" +if [ -z "$CHANNEL" ]; then + CHANNEL=$DEFAULT_CHANNEL_VALUE +fi + +DEFAULT_DOWNLOAD_URL="https://download.docker.com" +if [ -z "$DOWNLOAD_URL" ]; then + DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL +fi + +DEFAULT_REPO_FILE="docker-ce.repo" +if [ -z "$REPO_FILE" ]; then + REPO_FILE="$DEFAULT_REPO_FILE" + # Automatically default to a staging repo fora + # a staging download url (download-stage.docker.com) + case "$DOWNLOAD_URL" in + *-stage*) REPO_FILE="docker-ce-staging.repo";; + esac +fi + +mirror='' +DRY_RUN=${DRY_RUN:-} +REPO_ONLY=${REPO_ONLY:-0} +while [ $# -gt 0 ]; do + case "$1" in + --channel) + CHANNEL="$2" + shift + ;; + --dry-run) + DRY_RUN=1 + ;; + --mirror) + mirror="$2" + shift + ;; + --version) + VERSION="${2#v}" + shift + ;; + --setup-repo) + REPO_ONLY=1 + shift + ;; + --*) + echo "Illegal option $1" + ;; + esac + shift $(( $# > 0 ? 1 : 0 )) +done + +case "$mirror" in + Aliyun) + DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce" + ;; + AzureChinaCloud) + DOWNLOAD_URL="https://mirror.azure.cn/docker-ce" + ;; + "") + ;; + *) + >&2 echo "unknown mirror '$mirror': use either 'Aliyun', or 'AzureChinaCloud'." + exit 1 + ;; +esac + +case "$CHANNEL" in + stable|test) + ;; + *) + >&2 echo "unknown CHANNEL '$CHANNEL': use either stable or test." + exit 1 + ;; +esac + +command_exists() { + command -v "$@" > /dev/null 2>&1 +} + +# version_gte checks if the version specified in $VERSION is at least the given +# SemVer (Maj.Minor[.Patch]), or CalVer (YY.MM) version.It returns 0 (success) +# if $VERSION is either unset (=latest) or newer or equal than the specified +# version, or returns 1 (fail) otherwise. +# +# examples: +# +# VERSION=23.0 +# version_gte 23.0 // 0 (success) +# version_gte 20.10 // 0 (success) +# version_gte 19.03 // 0 (success) +# version_gte 26.1 // 1 (fail) +version_gte() { + if [ -z "$VERSION" ]; then + return 0 + fi + version_compare "$VERSION" "$1" +} + +# version_compare compares two version strings (either SemVer (Major.Minor.Path), +# or CalVer (YY.MM) version strings. It returns 0 (success) if version A is newer +# or equal than version B, or 1 (fail) otherwise. Patch releases and pre-release +# (-alpha/-beta) are not taken into account +# +# examples: +# +# version_compare 23.0.0 20.10 // 0 (success) +# version_compare 23.0 20.10 // 0 (success) +# version_compare 20.10 19.03 // 0 (success) +# version_compare 20.10 20.10 // 0 (success) +# version_compare 19.03 20.10 // 1 (fail) +version_compare() ( + set +x + + yy_a="$(echo "$1" | cut -d'.' -f1)" + yy_b="$(echo "$2" | cut -d'.' -f1)" + if [ "$yy_a" -lt "$yy_b" ]; then + return 1 + fi + if [ "$yy_a" -gt "$yy_b" ]; then + return 0 + fi + mm_a="$(echo "$1" | cut -d'.' -f2)" + mm_b="$(echo "$2" | cut -d'.' -f2)" + + # trim leading zeros to accommodate CalVer + mm_a="${mm_a#0}" + mm_b="${mm_b#0}" + + if [ "${mm_a:-0}" -lt "${mm_b:-0}" ]; then + return 1 + fi + + return 0 +) + +is_dry_run() { + if [ -z "$DRY_RUN" ]; then + return 1 + else + return 0 + fi +} + +is_wsl() { + case "$(uname -r)" in + *microsoft* ) true ;; # WSL 2 + *Microsoft* ) true ;; # WSL 1 + * ) false;; + esac +} + +is_darwin() { + case "$(uname -s)" in + *darwin* ) true ;; + *Darwin* ) true ;; + * ) false;; + esac +} + +deprecation_notice() { + distro=$1 + distro_version=$2 + echo + printf "\033[91;1mDEPRECATION WARNING\033[0m\n" + printf " This Linux distribution (\033[1m%s %s\033[0m) reached end-of-life and is no longer supported by this script.\n" "$distro" "$distro_version" + echo " No updates or security fixes will be released for this distribution, and users are recommended" + echo " to upgrade to a currently maintained version of $distro." + echo + printf "Press \033[1mCtrl+C\033[0m now to abort this script, or wait for the installation to continue." + echo + sleep 10 +} + +get_distribution() { + lsb_dist="" + # Every system that we officially support has /etc/os-release + if [ -r /etc/os-release ]; then + lsb_dist="$(. /etc/os-release && echo "$ID")" + fi + # Returning an empty string here should be alright since the + # case statements don't act unless you provide an actual value + echo "$lsb_dist" +} + +echo_docker_as_nonroot() { + if is_dry_run; then + return + fi + if command_exists docker && [ -e /var/run/docker.sock ]; then + ( + set -x + $sh_c 'docker version' + ) || true + fi + + # intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output + echo + echo "================================================================================" + echo + if version_gte "20.10"; then + echo "To run Docker as a non-privileged user, consider setting up the" + echo "Docker daemon in rootless mode for your user:" + echo + echo " dockerd-rootless-setuptool.sh install" + echo + echo "Visit https://docs.docker.com/go/rootless/ to learn about rootless mode." + echo + fi + echo + echo "To run the Docker daemon as a fully privileged service, but granting non-root" + echo "users access, refer to https://docs.docker.com/go/daemon-access/" + echo + echo "WARNING: Access to the remote API on a privileged Docker daemon is equivalent" + echo " to root access on the host. Refer to the 'Docker daemon attack surface'" + echo " documentation for details: https://docs.docker.com/go/attack-surface/" + echo + echo "================================================================================" + echo +} + +# Check if this is a forked Linux distro +check_forked() { + + # Check for lsb_release command existence, it usually exists in forked distros + if command_exists lsb_release; then + # Check if the `-u` option is supported + set +e + lsb_release -a -u > /dev/null 2>&1 + lsb_release_exit_code=$? + set -e + + # Check if the command has exited successfully, it means we're in a forked distro + if [ "$lsb_release_exit_code" = "0" ]; then + # Print info about current distro + cat <<-EOF + You're using '$lsb_dist' version '$dist_version'. + EOF + + # Get the upstream release info + lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]') + dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]') + + # Print info about upstream distro + cat <<-EOF + Upstream release is '$lsb_dist' version '$dist_version'. + EOF + else + if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then + if [ "$lsb_dist" = "osmc" ]; then + # OSMC runs Raspbian + lsb_dist=raspbian + else + # We're Debian and don't even know it! + lsb_dist=debian + fi + dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" + case "$dist_version" in + 13) + dist_version="trixie" + ;; + 12) + dist_version="bookworm" + ;; + 11) + dist_version="bullseye" + ;; + 10) + dist_version="buster" + ;; + 9) + dist_version="stretch" + ;; + 8) + dist_version="jessie" + ;; + esac + fi + fi + fi +} + +do_install() { + echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA" + + if command_exists docker; then + cat >&2 <<-'EOF' + Warning: the "docker" command appears to already exist on this system. + + If you already have Docker installed, this script can cause trouble, which is + why we're displaying this warning and provide the opportunity to cancel the + installation. + + If you installed the current Docker package using this script and are using it + again to update Docker, you can ignore this message, but be aware that the + script resets any custom changes in the deb and rpm repo configuration + files to match the parameters passed to the script. + + You may press Ctrl+C now to abort this script. + EOF + ( set -x; sleep 20 ) + fi + + user="$(id -un 2>/dev/null || true)" + + sh_c='sh -c' + if [ "$user" != 'root' ]; then + if command_exists sudo; then + sh_c='sudo -E sh -c' + elif command_exists su; then + sh_c='su -c' + else + cat >&2 <<-'EOF' + Error: this installer needs the ability to run commands as root. + We are unable to find either "sudo" or "su" available to make this happen. + EOF + exit 1 + fi + fi + + if is_dry_run; then + sh_c="echo" + fi + + # perform some very rudimentary platform detection + lsb_dist=$( get_distribution ) + lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')" + + if is_wsl; then + echo + echo "WSL DETECTED: We recommend using Docker Desktop for Windows." + echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop/" + echo + cat >&2 <<-'EOF' + + You may press Ctrl+C now to abort this script. + EOF + ( set -x; sleep 20 ) + fi + + case "$lsb_dist" in + + ubuntu) + if command_exists lsb_release; then + dist_version="$(lsb_release --codename | cut -f2)" + fi + if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then + dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")" + fi + ;; + + debian|raspbian) + dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" + case "$dist_version" in + 13) + dist_version="trixie" + ;; + 12) + dist_version="bookworm" + ;; + 11) + dist_version="bullseye" + ;; + 10) + dist_version="buster" + ;; + 9) + dist_version="stretch" + ;; + 8) + dist_version="jessie" + ;; + esac + ;; + + centos|rhel) + if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then + dist_version="$(. /etc/os-release && echo "$VERSION_ID")" + fi + ;; + + *) + if command_exists lsb_release; then + dist_version="$(lsb_release --release | cut -f2)" + fi + if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then + dist_version="$(. /etc/os-release && echo "$VERSION_ID")" + fi + ;; + + esac + + # Check if this is a forked Linux distro + check_forked + + # Print deprecation warnings for distro versions that recently reached EOL, + # but may still be commonly used (especially LTS versions). + case "$lsb_dist.$dist_version" in + centos.8|centos.7|rhel.7) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + debian.buster|debian.stretch|debian.jessie) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + raspbian.buster|raspbian.stretch|raspbian.jessie) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + ubuntu.focal|ubuntu.bionic|ubuntu.xenial|ubuntu.trusty) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + ubuntu.oracular|ubuntu.mantic|ubuntu.lunar|ubuntu.kinetic|ubuntu.impish|ubuntu.hirsute|ubuntu.groovy|ubuntu.eoan|ubuntu.disco|ubuntu.cosmic) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + fedora.*) + if [ "$dist_version" -lt 41 ]; then + deprecation_notice "$lsb_dist" "$dist_version" + fi + ;; + esac + + # Run setup for each distro accordingly + case "$lsb_dist" in + ubuntu|debian|raspbian) + pre_reqs="ca-certificates curl" + apt_repo="deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL" + ( + if ! is_dry_run; then + set -x + fi + $sh_c 'apt-get -qq update >/dev/null' + $sh_c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq install $pre_reqs >/dev/null" + $sh_c 'install -m 0755 -d /etc/apt/keyrings' + $sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" -o /etc/apt/keyrings/docker.asc" + $sh_c "chmod a+r /etc/apt/keyrings/docker.asc" + $sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list" + $sh_c 'apt-get -qq update >/dev/null' + ) + + if [ "$REPO_ONLY" = "1" ]; then + exit 0 + fi + + pkg_version="" + if [ -n "$VERSION" ]; then + if is_dry_run; then + echo "# WARNING: VERSION pinning is not supported in DRY_RUN" + else + # Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel + pkg_pattern="$(echo "$VERSION" | sed 's/-ce-/~ce~.*/g' | sed 's/-/.*/g')" + search_command="apt-cache madison docker-ce | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3" + pkg_version="$($sh_c "$search_command")" + echo "INFO: Searching repository for VERSION '$VERSION'" + echo "INFO: $search_command" + if [ -z "$pkg_version" ]; then + echo + echo "ERROR: '$VERSION' not found amongst apt-cache madison results" + echo + exit 1 + fi + if version_gte "18.09"; then + search_command="apt-cache madison docker-ce-cli | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3" + echo "INFO: $search_command" + cli_pkg_version="=$($sh_c "$search_command")" + fi + pkg_version="=$pkg_version" + fi + fi + ( + pkgs="docker-ce${pkg_version%=}" + if version_gte "18.09"; then + # older versions didn't ship the cli and containerd as separate packages + pkgs="$pkgs docker-ce-cli${cli_pkg_version%=} containerd.io" + fi + if version_gte "20.10"; then + pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version" + fi + if version_gte "23.0"; then + pkgs="$pkgs docker-buildx-plugin" + fi + if version_gte "28.2"; then + pkgs="$pkgs docker-model-plugin" + fi + if ! is_dry_run; then + set -x + fi + $sh_c "DEBIAN_FRONTEND=noninteractive apt-get -y -qq install $pkgs >/dev/null" + ) + echo_docker_as_nonroot + exit 0 + ;; + centos|fedora|rhel) + if [ "$(uname -m)" = "s390x" ]; then + echo "Effective v27.5, please consult RHEL distro statement for s390x support." + exit 1 + fi + repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE" + ( + if ! is_dry_run; then + set -x + fi + if command_exists dnf5; then + $sh_c "dnf -y -q --setopt=install_weak_deps=False install dnf-plugins-core" + $sh_c "dnf5 config-manager addrepo --overwrite --save-filename=docker-ce.repo --from-repofile='$repo_file_url'" + + if [ "$CHANNEL" != "stable" ]; then + $sh_c "dnf5 config-manager setopt \"docker-ce-*.enabled=0\"" + $sh_c "dnf5 config-manager setopt \"docker-ce-$CHANNEL.enabled=1\"" + fi + $sh_c "dnf makecache" + elif command_exists dnf; then + $sh_c "dnf -y -q --setopt=install_weak_deps=False install dnf-plugins-core" + $sh_c "rm -f /etc/yum.repos.d/docker-ce.repo /etc/yum.repos.d/docker-ce-staging.repo" + $sh_c "dnf config-manager --add-repo $repo_file_url" + + if [ "$CHANNEL" != "stable" ]; then + $sh_c "dnf config-manager --set-disabled \"docker-ce-*\"" + $sh_c "dnf config-manager --set-enabled \"docker-ce-$CHANNEL\"" + fi + $sh_c "dnf makecache" + else + $sh_c "yum -y -q install yum-utils" + $sh_c "rm -f /etc/yum.repos.d/docker-ce.repo /etc/yum.repos.d/docker-ce-staging.repo" + $sh_c "yum-config-manager --add-repo $repo_file_url" + + if [ "$CHANNEL" != "stable" ]; then + $sh_c "yum-config-manager --disable \"docker-ce-*\"" + $sh_c "yum-config-manager --enable \"docker-ce-$CHANNEL\"" + fi + $sh_c "yum makecache" + fi + ) + + if [ "$REPO_ONLY" = "1" ]; then + exit 0 + fi + + pkg_version="" + if command_exists dnf; then + pkg_manager="dnf" + pkg_manager_flags="-y -q --best" + else + pkg_manager="yum" + pkg_manager_flags="-y -q" + fi + if [ -n "$VERSION" ]; then + if is_dry_run; then + echo "# WARNING: VERSION pinning is not supported in DRY_RUN" + else + if [ "$lsb_dist" = "fedora" ]; then + pkg_suffix="fc$dist_version" + else + pkg_suffix="el" + fi + pkg_pattern="$(echo "$VERSION" | sed 's/-ce-/\\\\.ce.*/g' | sed 's/-/.*/g').*$pkg_suffix" + search_command="$pkg_manager list --showduplicates docker-ce | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'" + pkg_version="$($sh_c "$search_command")" + echo "INFO: Searching repository for VERSION '$VERSION'" + echo "INFO: $search_command" + if [ -z "$pkg_version" ]; then + echo + echo "ERROR: '$VERSION' not found amongst $pkg_manager list results" + echo + exit 1 + fi + if version_gte "18.09"; then + # older versions don't support a cli package + search_command="$pkg_manager list --showduplicates docker-ce-cli | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'" + cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)" + fi + # Cut out the epoch and prefix with a '-' + pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)" + fi + fi + ( + pkgs="docker-ce$pkg_version" + if version_gte "18.09"; then + # older versions didn't ship the cli and containerd as separate packages + if [ -n "$cli_pkg_version" ]; then + pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io" + else + pkgs="$pkgs docker-ce-cli containerd.io" + fi + fi + if version_gte "20.10"; then + pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version" + fi + if version_gte "23.0"; then + pkgs="$pkgs docker-buildx-plugin docker-model-plugin" + fi + if ! is_dry_run; then + set -x + fi + $sh_c "$pkg_manager $pkg_manager_flags install $pkgs" + ) + echo_docker_as_nonroot + exit 0 + ;; + sles) + echo "Effective v27.5, please consult SLES distro statement for s390x support." + exit 1 + ;; + *) + if [ -z "$lsb_dist" ]; then + if is_darwin; then + echo + echo "ERROR: Unsupported operating system 'macOS'" + echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop" + echo + exit 1 + fi + fi + echo + echo "ERROR: Unsupported distribution '$lsb_dist'" + echo + exit 1 + ;; + esac + exit 1 +} + +# wrapped up in a function so that we have some protection against only getting +# half the file during "curl | sh" +do_install diff --git a/Docker/Files/rancher-20.10.sh b/Docker/Files/rancher-20.10.sh new file mode 100644 index 0000000..1215e4f --- /dev/null +++ b/Docker/Files/rancher-20.10.sh @@ -0,0 +1,708 @@ +#!/bin/sh +set -e +# Docker CE for Linux installation script +# +# See https://docs.docker.com/engine/install/ for the installation steps. +# +# This script is meant for quick & easy install via: +# $ curl -fsSL https://get.docker.com -o get-docker.sh +# $ sh get-docker.sh +# +# For test builds (ie. release candidates): +# $ curl -fsSL https://test.docker.com -o test-docker.sh +# $ sh test-docker.sh +# +# NOTE: Make sure to verify the contents of the script +# you downloaded matches the contents of install.sh +# located at https://github.com/docker/docker-install +# before executing. +# +# Git commit from https://github.com/docker/docker-install when +# the script was uploaded (Should only be modified by upload job): +SCRIPT_COMMIT_SHA="a8a6b338bdfedd7ddefb96fe3e7fe7d4036d945a" + +CHANNEL="stable" +DOWNLOAD_URL="https://download.docker.com" +REPO_FILE="docker-ce.repo" +VERSION="20.10.24" +DIND_TEST_WAIT=${DIND_TEST_WAIT:-3s} # Wait time until docker start at dind test env + +# Issue https://github.com/rancher/rancher/issues/29246 +adjust_repo_releasever() { + DOWNLOAD_URL="https://download.docker.com" + case $1 in + 7*) + releasever=7 + ;; + 8*) + releasever=8 + ;; + *) + # fedora, or unsupported + return + ;; + esac + + for channel in "stable" "test" "nightly"; do + $sh_c "$config_manager --setopt=docker-ce-${channel}.baseurl=${DOWNLOAD_URL}/linux/centos/${releasever}/\\\$basearch/${channel} --save"; + $sh_c "$config_manager --setopt=docker-ce-${channel}-debuginfo.baseurl=${DOWNLOAD_URL}/linux/centos/${releasever}/debug-\\\$basearch/${channel} --save"; + $sh_c "$config_manager --setopt=docker-ce-${channel}-source.baseurl=${DOWNLOAD_URL}/linux/centos/${releasever}/source/${channel} --save"; + done +} + +mirror='' +DRY_RUN=${DRY_RUN:-} +while [ $# -gt 0 ]; do + case "$1" in + --mirror) + mirror="$2" + shift + ;; + --dry-run) + DRY_RUN=1 + ;; + --*) + echo "Illegal option $1" + ;; + esac + shift $(( $# > 0 ? 1 : 0 )) +done + +case "$mirror" in + Aliyun) + DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce" + ;; + AzureChinaCloud) + DOWNLOAD_URL="https://mirror.azure.cn/docker-ce" + ;; +esac + +start_docker() { + if [ ! -z $DIND_TEST ]; then + # Starting dockerd manually due to dind env is not using systemd + dockerd & + sleep $DIND_TEST_WAIT + elif [ -d '/run/systemd/system' ] ; then + $sh_c 'systemctl start docker' + else + $sh_c 'service docker start' + fi +} + +command_exists() { + command -v "$@" > /dev/null 2>&1 +} + +# version_gte checks if the version specified in $VERSION is at least +# the given CalVer (YY.MM) version. returns 0 (success) if $VERSION is either +# unset (=latest) or newer or equal than the specified version. Returns 1 (fail) +# otherwise. +# +# examples: +# +# VERSION=20.10 +# version_gte 20.10 // 0 (success) +# version_gte 19.03 // 0 (success) +# version_gte 21.10 // 1 (fail) +version_gte() { + if [ -z "$VERSION" ]; then + return 0 + fi + eval calver_compare "$VERSION" "$1" +} + +# calver_compare compares two CalVer (YY.MM) version strings. returns 0 (success) +# if version A is newer or equal than version B, or 1 (fail) otherwise. Patch +# releases and pre-release (-alpha/-beta) are not taken into account +# +# examples: +# +# calver_compare 20.10 19.03 // 0 (success) +# calver_compare 20.10 20.10 // 0 (success) +# calver_compare 19.03 20.10 // 1 (fail) +calver_compare() ( + set +x + + yy_a="$(echo "$1" | cut -d'.' -f1)" + yy_b="$(echo "$2" | cut -d'.' -f1)" + if [ "$yy_a" -lt "$yy_b" ]; then + return 1 + fi + if [ "$yy_a" -gt "$yy_b" ]; then + return 0 + fi + mm_a="$(echo "$1" | cut -d'.' -f2)" + mm_b="$(echo "$2" | cut -d'.' -f2)" + if [ "${mm_a#0}" -lt "${mm_b#0}" ]; then + return 1 + fi + + return 0 +) + +is_dry_run() { + if [ -z "$DRY_RUN" ]; then + return 1 + else + return 0 + fi +} + +is_wsl() { + case "$(uname -r)" in + *microsoft* ) true ;; # WSL 2 + *Microsoft* ) true ;; # WSL 1 + * ) false;; + esac +} + +is_darwin() { + case "$(uname -s)" in + *darwin* ) true ;; + *Darwin* ) true ;; + * ) false;; + esac +} + +deprecation_notice() { + distro=$1 + distro_version=$2 + echo + printf "\033[91;1mDEPRECATION WARNING\033[0m\n" + printf " This Linux distribution (\033[1m%s %s\033[0m) reached end-of-life and is no longer supported by this script.\n" "$distro" "$distro_version" + echo " No updates or security fixes will be released for this distribution, and users are recommended" + echo " to upgrade to a currently maintained version of $distro." + echo + printf "Press \033[1mCtrl+C\033[0m now to abort this script, or wait for the installation to continue." + echo + sleep 10 +} + +get_distribution() { + lsb_dist="" + # Every system that we officially support has /etc/os-release + if [ -r /etc/os-release ]; then + lsb_dist="$(. /etc/os-release && echo "$ID")" + fi + # Returning an empty string here should be alright since the + # case statements don't act unless you provide an actual value + echo "$lsb_dist" +} + +echo_docker_as_nonroot() { + if is_dry_run; then + return + fi + if command_exists docker && [ -e /var/run/docker.sock ]; then + ( + set -x + $sh_c 'docker version' + ) || true + fi + + # intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output + echo + echo "================================================================================" + echo + if version_gte "20.10"; then + echo "To run Docker as a non-privileged user, consider setting up the" + echo "Docker daemon in rootless mode for your user:" + echo + echo " dockerd-rootless-setuptool.sh install" + echo + echo "Visit https://docs.docker.com/go/rootless/ to learn about rootless mode." + echo + fi + echo + echo "To run the Docker daemon as a fully privileged service, but granting non-root" + echo "users access, refer to https://docs.docker.com/go/daemon-access/" + echo + echo "WARNING: Access to the remote API on a privileged Docker daemon is equivalent" + echo " to root access on the host. Refer to the 'Docker daemon attack surface'" + echo " documentation for details: https://docs.docker.com/go/attack-surface/" + echo + echo "================================================================================" + echo +} + +# Check if this is a forked Linux distro +check_forked() { + + # Check for lsb_release command existence, it usually exists in forked distros + if command_exists lsb_release; then + # Check if the `-u` option is supported + set +e + lsb_release -a -u > /dev/null 2>&1 + lsb_release_exit_code=$? + set -e + + # Check if the command has exited successfully, it means we're in a forked distro + if [ "$lsb_release_exit_code" = "0" ]; then + # Print info about current distro + cat <<-EOF + You're using '$lsb_dist' version '$dist_version'. + EOF + + # Get the upstream release info + lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]') + dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]') + + # Print info about upstream distro + cat <<-EOF + Upstream release is '$lsb_dist' version '$dist_version'. + EOF + else + if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then + if [ "$lsb_dist" = "osmc" ]; then + # OSMC runs Raspbian + lsb_dist=raspbian + else + # We're Debian and don't even know it! + lsb_dist=debian + fi + dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" + case "$dist_version" in + 12) + dist_version="bookworm" + ;; + 11) + dist_version="bullseye" + ;; + 10) + dist_version="buster" + ;; + 9) + dist_version="stretch" + ;; + 8) + dist_version="jessie" + ;; + esac + fi + fi + fi +} + +do_install() { + echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA" + + if command_exists docker; then + cat >&2 <<-'EOF' + Warning: the "docker" command appears to already exist on this system. + + If you already have Docker installed, this script can cause trouble, which is + why we're displaying this warning and provide the opportunity to cancel the + installation. + + If you installed the current Docker package using this script and are using it + again to update Docker, you can safely ignore this message. + + You may press Ctrl+C now to abort this script. + EOF + ( set -x; sleep 20 ) + fi + + user="$(id -un 2>/dev/null || true)" + + sh_c='sh -c' + if [ "$user" != 'root' ]; then + if command_exists sudo; then + sh_c='sudo -E sh -c' + elif command_exists su; then + sh_c='su -c' + else + cat >&2 <<-'EOF' + Error: this installer needs the ability to run commands as root. + We are unable to find either "sudo" or "su" available to make this happen. + EOF + exit 1 + fi + fi + + if is_dry_run; then + sh_c="echo" + fi + + # perform some very rudimentary platform detection + lsb_dist=$( get_distribution ) + lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')" + + if is_wsl; then + echo + echo "WSL DETECTED: We recommend using Docker Desktop for Windows." + echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop" + echo + cat >&2 <<-'EOF' + + You may press Ctrl+C now to abort this script. + EOF + ( set -x; sleep 20 ) + fi + + case "$lsb_dist" in + + ubuntu) + if command_exists lsb_release; then + dist_version="$(lsb_release --codename | cut -f2)" + fi + if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then + dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")" + fi + ;; + + debian|raspbian) + dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" + case "$dist_version" in + 12) + dist_version="bookworm" + ;; + 11) + dist_version="bullseye" + ;; + 10) + dist_version="buster" + ;; + 9) + dist_version="stretch" + ;; + 8) + dist_version="jessie" + ;; + esac + ;; + + centos|rhel|sles|rocky) + if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then + dist_version="$(. /etc/os-release && echo "$VERSION_ID")" + fi + + ;; + + oracleserver|ol) + lsb_dist="ol" + # need to switch lsb_dist to match yum repo URL + dist_version="$(rpm -q --whatprovides redhat-release --queryformat "%{VERSION}\n" | sed 's/\/.*//' | sed 's/\..*//' | sed 's/Server*//')" + ;; + + *) + if command_exists lsb_release; then + dist_version="$(lsb_release --release | cut -f2)" + fi + if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then + dist_version="$(. /etc/os-release && echo "$VERSION_ID")" + fi + ;; + + esac + + # Check if this is a forked Linux distro + check_forked + + # Print deprecation warnings for distro versions that recently reached EOL, + # but may still be commonly used (especially LTS versions). + case "$lsb_dist.$dist_version" in + debian.stretch|debian.jessie) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + raspbian.stretch|raspbian.jessie) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + ubuntu.xenial|ubuntu.trusty) + deprecation_notice "$lsb_dist" "$dist_version" + ;; + fedora.*) + if [ "$dist_version" -lt 36 ]; then + deprecation_notice "$lsb_dist" "$dist_version" + fi + ;; + esac + + # Run setup for each distro accordingly + case "$lsb_dist" in + ubuntu|debian|raspbian) + pre_reqs="apt-transport-https ca-certificates curl" + if ! command -v gpg > /dev/null; then + pre_reqs="$pre_reqs gnupg" + fi + apt_repo="deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL" + ( + if ! is_dry_run; then + set -x + fi + $sh_c 'apt-get update -qq >/dev/null' + $sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null" + $sh_c 'mkdir -p /etc/apt/keyrings && chmod -R 0755 /etc/apt/keyrings' + $sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg" + $sh_c "chmod a+r /etc/apt/keyrings/docker.gpg" + $sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list" + $sh_c 'apt-get update -qq >/dev/null' + ) + pkg_version="" + if [ -n "$VERSION" ]; then + if is_dry_run; then + echo "# WARNING: VERSION pinning is not supported in DRY_RUN" + else + # Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel + pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g")" + search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3" + pkg_version="$($sh_c "$search_command")" + echo "INFO: Searching repository for VERSION '$VERSION'" + echo "INFO: $search_command" + if [ -z "$pkg_version" ]; then + echo + echo "ERROR: '$VERSION' not found amongst apt-cache madison results" + echo + exit 1 + fi + if version_gte "18.09"; then + search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3" + echo "INFO: $search_command" + cli_pkg_version="=$($sh_c "$search_command")" + fi + pkg_version="=$pkg_version" + fi + fi + ( + pkgs="docker-ce${pkg_version%=}" + if version_gte "18.09"; then + # older versions didn't ship the cli and containerd as separate packages + pkgs="$pkgs docker-ce-cli${cli_pkg_version%=} containerd.io" + fi + if version_gte "20.10"; then + pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version" + fi + if version_gte "23.0"; then + pkgs="$pkgs docker-buildx-plugin" + fi + if ! is_dry_run; then + set -x + fi + $sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pkgs >/dev/null" + start_docker + + ) + echo_docker_as_nonroot + exit 0 + ;; + centos|fedora|rhel|ol|rocky) + # set vault.centos.or repo as CentOS8 is now EOL + if [ "$lsb_dist" = "centos" ] && [ "$dist_version" -ge "8" ]; then + $sh_c "find /etc/yum.repos.d -type f -exec sed -i 's/mirrorlist=http:\/\/mirrorlist.centos.org/\#mirrorlist=http:\/\/mirrorlist.centos.org/g' {} \;" + $sh_c "find /etc/yum.repos.d -type f -exec sed -i 's/\#baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault.centos.org/g' {} \;" + $sh_c "dnf swap centos-linux-repos centos-stream-repos -y" + fi + if [ "$lsb_dist" = "fedora" ]; then + pkg_manager="dnf" + config_manager="dnf config-manager" + enable_channel_flag="--set-enabled" + disable_channel_flag="--set-disabled" + pre_reqs="dnf-plugins-core" + pkg_suffix="fc$dist_version" + else + pkg_manager="yum" + config_manager="yum-config-manager" + enable_channel_flag="--enable" + disable_channel_flag="--disable" + pre_reqs="yum-utils" + pkg_suffix="el" + fi + repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE" + if [ "$lsb_dist" = "ol" ] || [ "$lsb_dist" = "rocky" ] || [ "$lsb_dist" = "rhel" ]; then + repo_file_url="$DOWNLOAD_URL/linux/centos/$REPO_FILE" + fi + ( + if ! is_dry_run; then + set -x + fi + $sh_c "$pkg_manager install -y -q $pre_reqs" + $sh_c "$config_manager --add-repo $repo_file_url" + + if [ "$CHANNEL" != "stable" ]; then + $sh_c "$config_manager $disable_channel_flag docker-ce-*" + $sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL" + fi + if [ "$lsb_dist" = "rhel" ] || [ "$lsb_dist" = "ol" ]; then + adjust_repo_releasever "$dist_version" + # Add extra repo for version 7.x + if [[ "$dist_version" =~ "7." ]] || [ "$dist_version" == "7" ] ; then + if [ "$lsb_dist" = "rhel" ]; then + $sh_c "$config_manager $enable_channel_flag rhui-REGION-rhel-server-extras" + $sh_c "$config_manager $enable_channel_flag rhui-rhel-7-server-rhui-extras-rpms" + $sh_c "$config_manager $enable_channel_flag rhui-rhel-7-for-arm-64-extras-rhui-rpms" + $sh_c "$config_manager $enable_channel_flag rhel-7-server-rhui-extras-rpms" + $sh_c "$config_manager $enable_channel_flag rhel-7-server-extras-rpms" + else + $sh_c "$config_manager $enable_channel_flag ol7_addons" + # Adding OL7 developer repo if doesn't exist + if [ "$(yum repolist | grep yum.oracle.com_repo_OracleLinux_OL7_developer > /dev/null || echo add)" == "add" ]; then + $sh_c "$config_manager --add-repo https://yum.oracle.com/repo/OracleLinux/OL7/developer/x86_64" + fi + fi + fi + fi + $sh_c "$pkg_manager makecache" + ) + pkg_version="" + if [ -n "$VERSION" ]; then + if is_dry_run; then + echo "# WARNING: VERSION pinning is not supported in DRY_RUN" + else + pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix" + search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'" + pkg_version="$($sh_c "$search_command")" + echo "INFO: Searching repository for VERSION '$VERSION'" + echo "INFO: $search_command" + if [ -z "$pkg_version" ]; then + echo + echo "ERROR: '$VERSION' not found amongst $pkg_manager list results" + echo + exit 1 + fi + if version_gte "18.09"; then + # older versions don't support a cli package + search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'" + cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)" + fi + # Cut out the epoch and prefix with a '-' + pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)" + fi + fi + ( + pkgs="docker-ce$pkg_version" + if version_gte "18.09"; then + # older versions didn't ship the cli and containerd as separate packages + if [ -n "$cli_pkg_version" ]; then + pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io" + else + pkgs="$pkgs docker-ce-cli containerd.io" + fi + fi + if version_gte "20.10"; then + pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version" + fi + if version_gte "23.0"; then + pkgs="$pkgs docker-buildx-plugin" + fi + if ! is_dry_run; then + set -x + fi + $sh_c "$pkg_manager install -y -q $pkgs" + ) + echo_docker_as_nonroot + exit 0 + ;; + sles) + if [ "$(uname -m)" != "s390x" ]; then + echo "Packages for SLES are currently only available for s390x" + exit 1 + fi + if [ "$dist_version" = "15.3" ]; then + sles_version="SLE_15_SP3" + else + sles_version="SLE_15_SP2" + fi + opensuse_repo="https://download.opensuse.org/repositories/security:SELinux/$sles_version/security:SELinux.repo" + repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE" + pre_reqs="ca-certificates curl libseccomp2 awk" + ( + if ! is_dry_run; then + set -x + fi + $sh_c "zypper install -y $pre_reqs" + $sh_c "zypper addrepo $repo_file_url" + if ! is_dry_run; then + cat >&2 <<-'EOF' + WARNING!! + openSUSE repository (https://download.opensuse.org/repositories/security:SELinux) will be enabled now. + Do you wish to continue? + You may press Ctrl+C now to abort this script. + EOF + ( set -x; sleep 30 ) + fi + $sh_c "zypper addrepo $opensuse_repo" + $sh_c "zypper --gpg-auto-import-keys refresh" + $sh_c "zypper lr -d" + ) + pkg_version="" + if [ -n "$VERSION" ]; then + if is_dry_run; then + echo "# WARNING: VERSION pinning is not supported in DRY_RUN" + else + pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g")" + search_command="zypper search -s --match-exact 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'" + pkg_version="$($sh_c "$search_command")" + echo "INFO: Searching repository for VERSION '$VERSION'" + echo "INFO: $search_command" + if [ -z "$pkg_version" ]; then + echo + echo "ERROR: '$VERSION' not found amongst zypper list results" + echo + exit 1 + fi + search_command="zypper search -s --match-exact 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'" + # It's okay for cli_pkg_version to be blank, since older versions don't support a cli package + cli_pkg_version="$($sh_c "$search_command")" + pkg_version="-$pkg_version" + fi + fi + ( + pkgs="docker-ce$pkg_version" + if version_gte "18.09"; then + if [ -n "$cli_pkg_version" ]; then + # older versions didn't ship the cli and containerd as separate packages + pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io" + else + pkgs="$pkgs docker-ce-cli containerd.io" + fi + fi + if version_gte "20.10"; then + pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version" + fi + if version_gte "23.0"; then + pkgs="$pkgs docker-buildx-plugin" + fi + if ! is_dry_run; then + set -x + fi + $sh_c "zypper -q install -y $pkgs" + if ! command_exists iptables; then + $sh_c "$pkg_manager install -y -q iptables" + fi + start_docker + ) + echo_docker_as_nonroot + exit 0 + ;; + rancheros) + ( + set -x + $sh_c "sleep 3;ros engine list --update" + engine_version="$(sudo ros engine list | awk '{print $2}' | grep ${docker_version} | tail -n 1)" + if [ "$engine_version" != "" ]; then + $sh_c "ros engine switch -f $engine_version" + fi + ) + exit 0 + ;; + *) + if [ -z "$lsb_dist" ]; then + if is_darwin; then + echo + echo "ERROR: Unsupported operating system 'macOS'" + echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop" + echo + exit 1 + fi + fi + echo + echo "ERROR: Unsupported distribution '$lsb_dist'" + echo + exit 1 + ;; + esac + exit 1 +} + +# wrapped up in a function so that we have some protection against only getting +# half the file during "curl | sh" +do_install