二进制方式安装docker（非root用户启动docker）

二进制方式安装docker（非root用户启动docker）

一、下载安装包：

地址：https://download.docker.com/linux/static/stable/x86_64/

这里本人选择安装docker-19.03.9.tgz

二、创建属组docker

groupadd docker

三、创建用户dock

useradd -m -d /data/dock dock

四、把用户dock加入docker组

gpasswd -a dock docker

五、编辑文件

[root@c78-mini-template system]# cat docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --graph /data/dockerdata
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

[root@c78-mini-template system]# cat docker.socket 
[Unit]
Description=Docker Socket for the API

[Socket]
# If /var/run is not implemented as a symlink to /run, you may need to
# specify ListenStream=/var/run/docker.sock instead.
ListenStream=/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

六、安装

[root@c78-mini-template dock]# tar zxvf docker-19.03.9.tgz
[root@c78-mini-template dock]# cp docker/* /usr/bin

七、配置服务

把上述的docker.socket docker.service拷贝至/etc/systemd/system，docker数据路径可以在docker.service的ExecStart=/usr/bin/dockerd --graph /data/dockerdata修改

[root@c78-mini-template dock]# systemctl start docker  
[root@c78-mini-template dock]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.

八、禁用SELINUX

如果不禁用或者不改为Permissive，会出现如下错误：

[root@c78-mini-template dock]# setenforce 1
[root@c78-mini-template dock]# docker run -d -p 80:80  hello-world
9220087e17b42af42c7c5f0eaa64fec00dc06c72db9bcede6431f1506474e417
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused "write /proc/self/attr/keycreate: permission denied"": unknown.
[root@c78-mini-template dock]# setenforce 0
[root@c78-mini-template dock]# docker run -d -p 80:80  hello-world
572329f15045d8ee815d368b9c11b1e694e00f0d42b0d7d63f860b71056936e8

# 禁用
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config

如果需要即时生效(重启后会按/etc/selinux/config)：

setenforce 0

[root@c78-mini-template dock]# su - dock  #非root也可以
上一次登录：三 7月 15 00:13:34 CST 2020pts/0 上
[dock@c78-mini-template ~]$  docker run -d -p 80:80  hello-world
c1396f31886e57474fd392b83144d0d5d2addb4efef5c527a7d5199749a13034