更新时间:2022-09-03 21:58:25
docker 存储使用overlay
1、requirement 必须升级到7.2
centos 7.2
2、升级centos,安装docker
2.1 系统升级
1
2
|
sudo yum upgrade --assumeyes --tolerant
sudo yum update --assumeyes
|
2.2 确认内核
1
2
|
uname -r
3.10.0-327.10.1.el7.x86_64 |
2.3 启用overlay
1
2
3
|
$ sudo tee /etc/modules-load .d /overlay .conf <<- 'EOF'
overlay EOF |
2.4 重启系统
1
|
reboot |
2.5 确认 overlay启用
1
2
|
$ lsmod | grep overlay
overlay |
2.6 配置docker repo
1
2
3
4
5
6
7
8
|
$ sudo tee /etc/yum .repos.d /docker .repo <<- 'EOF'
[dockerrepo] name=Docker Repository baseurl=https: //yum .dockerproject.org /repo/main/centos/ $releasever/
enabled=1 gpgcheck=1 gpgkey=https: //yum .dockerproject.org /gpg
EOF |
2.7 配置docker 使用overlay
1
2
3
4
5
|
$ sudo mkdir -p /etc/systemd/system/docker .service.d && sudo tee /etc/systemd/system/docker .service.d /override .conf <<- EOF
[Service] ExecStart= ExecStart= /usr/bin/docker daemon --storage-driver=overlay -H fd: //
EOF |
2.8 安装docker engine,daemon和service
1
2
3
|
sudo yum install --assumeyes --tolerant docker-engine-1.9.1 docker-engine-selinux-1.9.1
sudo systemctl start docker
sudo systemctl enable docker
|
2.9 daemon修改,添加监听端口和label
1
2
|
vi /etc/systemd/system/docker .service.d /override .conf
/usr/bin/docker daemon --storage-driver=overlay -H unix: ///var/run/docker .sock -H 0.0.0.0:2375 --label environment= "production" --label service= "自己定义"
|
3 给daemon添加标签
3.1因为从centos7 开始,安装的docker-engine 没有 /etc/sysconfig/docker
手动创建个
1
2
|
vi /etc/sysconfig/docker
OPTIONS= "--storage-driver=overlay -H unix:///var/run/docker.sock -H 0.0.0.0:2375 --label environment=production --label role=proxy --label service=none"
|
3.2修改docker.service,添加配置文件路径和 $OPTIONS
1
|
cd /etc/systemd/system/multi-user .target.wants
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[Unit] Description=Docker Application Container Engine Documentation=https: //docs .docker.com
After=network.target docker.socket Requires=docker.socket [Service] Type=notify EnvironmentFile= /etc/sysconfig/docker
ExecStart= /usr/bin/docker daemon $OPTIONS -H fd: //
MountFlags=slave LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity [Install] WantedBy=multi-user.target |
3.3 因为override.conf 优先级较高,会覆盖docker.service配置,把override.conf 去掉
ps:可以考虑用tls通信,把2375换成2376,来避免因为监听端口,导致的提权漏洞
本文转自银狐博客51CTO博客,原文链接http://blog.51cto.com/foxhound/1773879如需转载请自行联系原作者
战狐