更新系统

# docker 官方还没8的yum源如果使用7的源安装也可以不过会有报错，当然可以忽略报错。这里使用二进制安装
# 开启PowerTools
sed -i "s/enabled=0/enabled=1/" /etc/yum.repos.d/CentOS-PowerTools.repo
dnf update -y
dnf install -y lvm2 device-mapper-persistent-data dnf-utils
# 关闭SELinux
setenforce 0
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config 

创建docker组

groupadd docker

下载docker二进制包

wget https://download.docker.com/linux/static/stable/x86_64/docker-19.03.5.tgz

解压二进制包

tar -xvf docker-19.03.5.tgz
cp docker/* /usr/bin/

配置containerd

# 生成containerd 配置
mkdir -p /etc/containerd
containerd config default >/etc/containerd/config.toml
# 生成启动文件
cat > /usr/lib/systemd/system/containerd.service << EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
KillMode=process
Delegate=yes
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity

[Install]
WantedBy=multi-user.target
EOF

配置docker

# 创建docker 配置文件
mkdir /etc/docker
cat > /etc/docker/daemon.json << EOF
{
    "max-concurrent-downloads": 20,
    "data-root": "/apps/docker",
    "exec-root": "/apps/docker",
    "log-driver": "json-file",
    "bridge": "docker0",  # 如果使用外部网络插件可以修改为"bridge": "none",
    "oom-score-adjust": -1000,
    "debug": false,
    "log-opts": {
        "max-size": "100M",
        "max-file": "10"
    },
    "default-ulimits": {
        "nofile": {
            "Name": "nofile",
            "Hard": 1024000,
            "Soft": 1024000
        },
        "nproc": {
            "Name": "nproc",
            "Hard": 1024000,
            "Soft": 1024000
        },
       "core": {
            "Name": "core",
            "Hard": -1,
            "Soft": -1    
      }

    }
}
EOF
# 创建docker sock 启动
cat > /usr/lib/systemd/system/docker.socket << EOF
[Unit]
Description=Docker Socket for the API
PartOf=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
EOF
# 创建docker 启动文件
cat > /usr/lib/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP \$MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target
EOF
# 刷新systemd
systemctl daemon-reload
# 开机启动docker
systemctl enable  docker.service
# 启动docker
systemctl start  docker.service 

测试docker

# 查看docker及依赖插件状态
[root@localhost ~]# systemctl status containerd.service
● containerd.service - containerd container runtime
   Loaded: loaded (/usr/lib/systemd/system/containerd.service; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-11-26 10:50:43 CST; 2h 50min ago
     Docs: https://containerd.io
 Main PID: 2659 (containerd)
    Tasks: 21
   Memory: 21.4M
   CGroup: /system.slice/containerd.service
           └─2659 /usr/bin/containerd

Nov 26 10:50:43 localhost.localdomain containerd[2659]: time="2019-11-26T10:50:43.449730600+08:00" level=info msg="Start snapshots syncer"
Nov 26 10:50:43 localhost.localdomain containerd[2659]: time="2019-11-26T10:50:43.449755222+08:00" level=info msg="Start streaming server"
[root@localhost ~]# systemctl status docker.socket
● docker.socket - Docker Socket for the API
   Loaded: loaded (/usr/lib/systemd/system/docker.socket; disabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-11-26 10:50:43 CST; 2h 50min ago
   Listen: /var/run/docker.sock (Stream)
    Tasks: 0 (limit: 204655)
   Memory: 24.0K
   CGroup: /system.slice/docker.socket

Nov 26 10:50:43 localhost.localdomain systemd[1]: Starting Docker Socket for the API.
Nov 26 10:50:43 localhost.localdomain systemd[1]: Listening on Docker Socket for the API.
[root@localhost ~]# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-11-26 10:50:44 CST; 2h 50min ago
     Docs: https://docs.docker.com
 Main PID: 2660 (dockerd)
    Tasks: 24
   Memory: 76.0M
   CGroup: /system.slice/docker.service
           └─2660 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Nov 26 10:50:44 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Nov 26 10:52:41 localhost.localdomain dockerd[2660]: time="2019-11-26T10:52:41.060293930+08:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
# 查看docker版本号
[root@localhost ~]# docker  version
Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea838
 Built:             Wed Nov 13 07:22:05 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.5
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.12
  Git commit:       633a0ea838
  Built:            Wed Nov 13 07:28:45 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683
    # 查看docker info
    [root@localhost ~]# docker  info
Client:
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 2
 Server Version: 19.03.5
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 4.18.0-80.11.2.el8_0.x86_64
 Operating System: CentOS Linux 8 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 12
 Total Memory: 31.25GiB
 Name: localhost.localdomain
 ID: BEN6:67IU:RIDY:42JB:T7AO:G465:OFBY:CLXV:AVWY:XIDG:SRJK:C2VZ
 Docker Root Dir: /apps/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine
# 测试容器是否能成功启动
docker run --rm hello-world
[root@localhost ~]# docker run --rm hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/
 # 测试网络是否联通
 docker run --rm -ti  juestnow/net-tools
 [root@localhost ~]# docker run --rm -ti  juestnow/net-tools
/ # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.17.0.1      0.0.0.0         UG    0      0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
/ # ping www.qq.com
PING www.qq.com (14.18.175.154): 56 data bytes
64 bytes from 14.18.175.154: seq=0 ttl=52 time=13.685 ms
64 bytes from 14.18.175.154: seq=1 ttl=52 time=7.925 ms
^C
--- www.qq.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 7.925/10.805/13.685 ms
/ # dig www.qq.com

; <<>> DiG 9.14.8 <<>> www.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4470
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.qq.com.                    IN      A

;; ANSWER SECTION:
www.qq.com.             260     IN      CNAME   public.sparta.mig.tencent-cloud.net.
public.sparta.mig.tencent-cloud.net. 152 IN A   113.96.232.215

;; Query time: 10 msec
;; SERVER: 192.168.1.169#53(192.168.1.169)
;; WHEN: Tue Nov 26 05:43:57 UTC 2019
;; MSG SIZE  rcvd: 138
# 能正常上网

安装docker-compose

curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose