linux 非root安装docker,二进制方式安装docker(非root用户启动docker)
这里本人选择安装docker-19.03.9.tgz二、创建属组dockergroupadd docker三、创建用户dockuseradd -m -d /data/dock dock四、把用户dock加入docker组gpasswd -a dock docker五、编辑文件[root@c78-mini-template system]# cat docker.service[Unit]Descr
这里本人选择安装docker-19.03.9.tgz
二、创建属组docker
groupadd docker
三、创建用户dock
useradd -m -d /data/dock dock
四、把用户dock加入docker组
gpasswd -a dock docker
五、编辑文件
[root@c78-mini-template system]# cat docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --graph /data/dockerdata
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
[root@c78-mini-template system]# cat docker.socket
[Unit]
Description=Docker Socket for the API
[Socket]
# If /var/run is not implemented as a symlink to /run, you may need to
# specify ListenStream=/var/run/docker.sock instead.
ListenStream=/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
六、安装
[root@c78-mini-template dock]# tar zxvf docker-19.03.9.tgz
[root@c78-mini-template dock]# cp docker/* /usr/bin
七、配置服务
把上述的docker.socket docker.service拷贝至/etc/systemd/system,docker数据路径可以在docker.service的ExecStart=/usr/bin/dockerd --graph /data/dockerdata修改
[root@c78-mini-template dock]# systemctl start docker
[root@c78-mini-template dock]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.
八、禁用SELINUX
如果不禁用或者不改为Permissive,会出现如下错误:
[root@c78-mini-template dock]# setenforce 1
[root@c78-mini-template dock]# docker run -d -p 80:80 hello-world
9220087e17b42af42c7c5f0eaa64fec00dc06c72db9bcede6431f1506474e417
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"write /proc/self/attr/keycreate: permission denied\"": unknown.
[root@c78-mini-template dock]# setenforce 0
[root@c78-mini-template dock]# docker run -d -p 80:80 hello-world
572329f15045d8ee815d368b9c11b1e694e00f0d42b0d7d63f860b71056936e8
# 禁用
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
如果需要即时生效(重启后会按/etc/selinux/config):
setenforce 0
[root@c78-mini-template dock]# su - dock #非root也可以
上一次登录:三 7月 15 00:13:34 CST 2020pts/0 上
[dock@c78-mini-template ~]$ docker run -d -p 80:80 hello-world
c1396f31886e57474fd392b83144d0d5d2addb4efef5c527a7d5199749a13034
魔乐社区(Modelers.cn) 是一个中立、公益的人工智能社区,提供人工智能工具、模型、数据的托管、展示与应用协同服务,为人工智能开发及爱好者搭建开放的学习交流平台。社区通过理事会方式运作,由全产业链共同建设、共同运营、共同享有,推动国产AI生态繁荣发展。
更多推荐
0
0- 0
已为社区贡献7条内容
所有评论(0)