Debian12 Docker 27.4.1部署与配置

GPU那些事儿
385 阅读4分钟

在Debian 12中部署Docker27.4.1并锁定版本,配置docker代理、镜像加速。

前期准备

  • 本文档涉及到的外部文件,可从百度网盘下载:
Debian12 Docker 27.4.1部署与配置
链接: https://pan.baidu.com/s/1yoMDcYuq0TG3HmMdznicOg?pwd=xng4
提取码: xng4`

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens33
# iface ens33 inet dhcp
iface ens33 inet static
address         192.168.152.4/24
network         192.168.152.0
broadcast       192.168.152.255
gateway         192.168.152.2
  • 重启网络服务:
rz@debase:~$ sudo systemctl restart networking.service
[sudo] password for rz:
rz@debase:~$ sudo systemctl status networking.service
● networking.service - Raise network interfaces
     Loaded: loaded (/lib/systemd/system/networking.service; enabled; preset: en>
     Active: active (exited) since Thu 2024-12-26 14:20:01 CST; 5s ago
       Docs: man:interfaces(5)
    Process: 3338 ExecStart=/sbin/ifup -a --read-environment (code=exited, statu>
    Process: 3359 ExecStart=/bin/sh -c if [ -f /run/network/restart-hotplug ]; t>
   Main PID: 3359 (code=exited, status=0/SUCCESS)
        CPU: 79ms

Dec 26 14:20:01 docker systemd[1]: Starting networking.service - Raise network i>
Dec 26 14:20:01 docker systemd[1]: Finished networking.service - Raise network i>

若配置的静态IP地址与当前IP地址不一致时,重启network服务(networking.service)时,已经登录的SSH用户会掉线。重新使用新静态IP地址进行登录即可。

rz@debase:~$ sudo hostnamectl set-hostname docker --static
  • 修改/etc/hosts,内容如下:
127.0.0.1       localhost
127.0.1.1       docker
192.168.152.4   docker.rz

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
  • 重新登录,使主机名生效。
  • 使用ping命令,验证主机名与域名:
rz@docker:~$ ping docker
PING docker (127.0.1.1) 56(84) bytes of data.
64 bytes from docker (127.0.1.1): icmp_seq=1 ttl=64 time=0.070 ms
^C
--- docker ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.070/0.070/0.070/0.000 ms
rz@docker:~$ ping docker.rz
PING docker.rz (192.168.152.4) 56(84) bytes of data.
64 bytes from docker.rz (192.168.152.4): icmp_seq=1 ttl=64 time=0.068 ms
^C
--- docker.rz ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.068/0.068/0.068/0.000 ms

使用Ctrl+C中止ping命令。

docker-ce部署

  • 准备独立的文件夹docker-ce,用于存储docker.asc
rz@docker:~$ cd
rz@docker:~$ mkdir docker-ce
rz@docker:~$ cd docker-ce
rz@docker:~/docker-ce$
  • 下载Docker官方GPG key
rz@docker:~/docker-ce$ curl -fsSL https://download.docker.com/linux/debian/gpg -o docker.asc
rz@docker:~/docker-ce$ ll
total 4
-rw-r--r-- 1 rz rz 3817 Dec 26 14:24 docker.asc

若无法直接访问https://download.docker.com/linux/debian/gpg,可以从其他渠道下载或拷贝至docker-ce文件夹内。

  • 添加Docker官方GPG key
rz@docker:~/docker-ce$ sudo cp docker.asc /etc/apt/keyrings/docker.asc
rz@docker:~/docker-ce$ sudo chmod a+r /etc/apt/keyrings/docker.asc
  • 创建/etc/apt/sources.list.d/docker.list文件,内容如下:
deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/debian bookworm stable

此处使用清华镜像站。

  • 安装依赖
rz@docker:~/docker-ce$ sudo apt-get update
rz@docker:~/docker-ce$ sudo apt-get install ca-certificates curl
  • 安装docker-ce指定版本27.4.1
rz@docker:~/docker-ce$ sudo apt-cache madison docker-ce | awk '{ print $3 }'
5:27.4.1-1~debian.12~bookworm
5:27.4.0-1~debian.12~bookworm
5:27.3.1-1~debian.12~bookworm
5:27.3.0-1~debian.12~bookworm
5:27.2.1-1~debian.12~bookworm
5:27.2.0-1~debian.12~bookworm
...
rz@docker:~/docker-ce$ VERSION_STRING=5:27.4.1-1~debian.12~bookworm
rz@docker:~/docker-ce$ sudo apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-buildx-plugin docker-compose-plugin
  • 配置普通用户运行docker命令权限:
rz@docker:~/docker-ce$ sudo usermod -aG docker $USER
rz@docker:~/docker-ce$ newgrp docker
  • 锁定Docker版本,以防止随系统的apt upgrade命令更新:
rz@docker:~/docker-ce$ sudo apt-mark hold docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
docker-ce set on hold.
docker-ce-cli set on hold.
containerd.io set on hold.
docker-buildx-plugin set on hold.
docker-compose-plugin set on hold.
rz@docker:~/docker-ce$ apt-mark showhold
containerd.io
docker-buildx-plugin
docker-ce
docker-ce-cli
docker-compose-plugin
rz@docker:~/docker-ce$ dpkg -l | grep docker
hi  docker-buildx-plugin          0.19.3-1~debian.12~bookworm    amd64        Docker Buildx cli plugin.
hi  docker-ce                     5:27.4.1-1~debian.12~bookworm  amd64        Docker: the open-source application container engine
hi  docker-ce-cli                 5:27.4.1-1~debian.12~bookworm  amd64        Docker CLI: the open-source application container engine
ii  docker-ce-rootless-extras     5:27.4.1-1~debian.12~bookworm  amd64        Rootless support for Docker.
hi  docker-compose-plugin         2.32.1-1~debian.12~bookworm    amd64        Docker Compose (V2) plugin for the Docker CLI.
rz@docker:~/docker-ce$ dpkg -l | grep containerd
hi  containerd.io                 1.7.24-1                       amd64        An open and reliable container runtime

如果未来需要更新Docker版本,可以使用apt-mark unhold命令来解除对软件包的锁定。

Docker代理(默认跳过/选)

  • 配置Docker代理,用于科学上网直接从官网下载对应镜像。通过systemctl控制的服务使用代理服务器进行网络连接,则需要在特定服务的目录下,创建对应的配置文件。创建/etc/systemd/system/docker.service.d/proxy.conf文件,内容如下:
[Service]
Environment="HTTP_PROXY=http://192.168.152.1:7890/"
Environment="HTTPS_PROXY=http://192.168.152.1:7890/"
Environment="NO_PROXY=localhost,127.0.0.0/8,192.168.152.0/24"

Docker官网中的配置daemon.json方式,以及在bash中设置环境,均不适用于Docker代理。 可对/etc/systemd/system/docker.service.d/proxy.conf配置文件按行进行注释(在每行前加#),以启动或停止代理。 默认情况下,不开始Docker代理。

  • 重新加载Docker配置,重启Docker,以使服务生效:
rz@docker:~$ sudo systemctl daemon-reload
rz@docker:~$ sudo systemctl restart docker.service
  • 因为大部分场景下,不需要代理服务器,可以直接将/etc/systemd/system/docker.service.d/proxy.conf内容全部注释:
#[Service]
#Environment="HTTP_PROXY=http://192.168.152.1:7890/"
#Environment="HTTPS_PROXY=http://192.168.152.1:7890/"
#Environment="NO_PROXY=localhost,127.0.0.0/8,192.168.152.0/24"

镜像加速

  • 配置Docker镜像加速器,编辑文件/etc/docker/daemon.json,内容如下:
{
  "registry-mirrors": [
          "https://docker.m.daocloud.io",
          "https://docker.1panel.live",
          "https://hub.rat.dev",
          "https://docker.cnproxy.top",
          "https://dhub.kubesre.xyz"
  ]
}
  • 使用docker pull hello-world命令逐一测试各加速器,2024-11-09时间结果如下:
加速器地址结果
"docker.m.daocloud.io"OK
"docker.1panel.live"OK
"hub.rat.dev"OK
"docker.cnproxy.top"OK
"dhub.kubesre.xyz"OK
"docker.chenby.cn"Failed
"dockerproxy.com"Failed
"dockerproxy.cn"Failed
"mirror.baidubce.com"Failed
"docker.nju.edu.cn"Failed
"mirror.iscas.ac.cn"Failed
  • 加载镜像加速器配置,重启docker引擎:
rz@docker:~/docker-ce$ sudo systemctl daemon-reload
rz@docker:~/docker-ce$ sudo systemctl restart docker
rz@docker:~/docker-ce$ systemctl status docker
● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; preset: enable>
     Active: active (running) since Thu 2024-12-26 14:41:11 CST; 17s ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 11690 (dockerd)
      Tasks: 9
     Memory: 25.3M
        CPU: 447ms
     CGroup: /system.slice/docker.service
             └─11690 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/cont>

每次修改完/etc/docker/daemon.json文件之后,需要加载配置、重启docker引擎(服务)。同时,通过systemctl status docker查看docker引擎状态,若发现引擎处于非running状态,应该是/ect/docker/daemon.json文件编写有误造成的,需要排查。修改后再重复前述步骤。

  • 测试镜像加速:
rz@docker:~/docker-ce$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete
Digest: sha256:5b3cc85e16e3058003c13b7821318369dad01dac3dbb877aac3c28182255c724
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

Hello from Docker!表明,docker可以成功拉取hello-world镜像并运行。

  • 推荐国内公开镜像网站:
网站网址
渡渡鸟镜像同步站docker.aityp.com
Docker Hub Container Image Libraryhubgw.docker.com/
AtomHub 可信镜像仓库平台 · OpenAtom Foundationhub.atomgit.com/
  • 拍摄快照,快照名称为Docker安装完成,以方便后续使用。
avatar
文章
阅读
粉丝