Docker системные требования linux

Post-installation steps for Linux

Estimated reading time: 15 minutes

This section contains optional procedures for configuring Linux hosts to work better with Docker.

Manage Docker as a non-root user

The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo . The Docker daemon always runs as the root user.

If you don’t want to preface the docker command with sudo , create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.

The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.

To create the docker group and add your user:

Create the docker group.

Add your user to the docker group.

Log out and log back in so that your group membership is re-evaluated.

If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect.

On a desktop Linux environment such as X Windows, log out of your session completely and then log back in.

On Linux, you can also run the following command to activate the changes to groups:

Verify that you can run docker commands without sudo .

This command downloads a test image and runs it in a container. When the container runs, it prints a message and exits.

If you initially ran Docker CLI commands using sudo before adding your user to the docker group, you may see the following error, which indicates that your

/.docker/ directory was created with incorrect permissions due to the sudo commands.

To fix this problem, either remove the

/.docker/ directory (it is recreated automatically, but any custom settings are lost), or change its ownership and permissions using the following commands:

Configure Docker to start on boot

Most current Linux distributions (RHEL, CentOS, Fedora, Debian, Ubuntu 16.04 and higher) use systemd to manage which services start when the system boots. On Debian and Ubuntu, the Docker service is configured to start on boot by default. To automatically start Docker and Containerd on boot for other distros, use the commands below:

To disable this behavior, use disable instead.

If you need to add an HTTP Proxy, set a different directory or partition for the Docker runtime files, or make other customizations, see customize your systemd Docker daemon options.

Use a different storage engine

For information about the different storage engines, see Storage drivers. The default storage engine and the list of supported storage engines depend on your host’s Linux distribution and available kernel drivers.

Configure default logging driver

Docker provides the capability to collect and view log data from all containers running on a host via a series of logging drivers. The default logging driver, json-file , writes log data to JSON-formatted files on the host filesystem. Over time, these log files expand in size, leading to potential exhaustion of disk resources.

To alleviate such issues, either configure the json-file logging driver to enable log rotation, use an alternative logging driver such as the “local” logging driver that performs log rotation by default, or use a logging driver that sends logs to a remote logging aggregator.

Configure where the Docker daemon listens for connections

By default, the Docker daemon listens for connections on a UNIX socket to accept requests from local clients. It is possible to allow Docker to accept requests from remote hosts by configuring it to listen on an IP address and port as well as the UNIX socket. For more detailed information on this configuration option take a look at “Bind Docker to another host/port or a unix socket” section of the Docker CLI Reference article.

Before configuring Docker to accept connections from remote hosts it is critically important that you understand the security implications of opening docker to the network. If steps are not taken to secure the connection, it is possible for remote non-root users to gain root access on the host. For more information on how to use TLS certificates to secure this connection, check this article on how to protect the Docker daemon socket.

Configuring Docker to accept remote connections can be done with the docker.service systemd unit file for Linux distributions using systemd, such as recent versions of RedHat, CentOS, Ubuntu and SLES, or with the daemon.json file which is recommended for Linux distributions that do not use systemd.

Configuring Docker to listen for connections using both the systemd unit file and the daemon.json file causes a conflict that prevents Docker from starting.

Configuring remote access with systemd unit file

Use the command sudo systemctl edit docker.service to open an override file for docker.service in a text editor.

Add or modify the following lines, substituting your own values.

Источник

Install Docker Engine

Estimated reading time: 6 minutes

Supported platforms

Docker Engine is available on a variety of Linux platforms, macOS and Windows 10 through Docker Desktop, and as a static binary installation. Find your preferred operating system below.

Desktop

Platform	x86_64 / amd64	arm64 (Apple Silicon)
Docker Desktop for Mac (macOS)
Docker Desktop for Windows		В

Server

Docker provides .deb and .rpm packages from the following Linux distributions and architectures:

Platform	x86_64 / amd64	arm64 / aarch64	arm (32-bit)	s390x
CentOS			В	В
Debian				В
Fedora			В	В
Raspbian	В	В		В
RHEL	В	В	В
SLES	В	В	В
Ubuntu
Binaries				В

Other Linux distributions

While the instructions below may work, Docker does not test or verify installation on derivatives.

• Users of Debian derivatives such as “BunsenLabs Linux”, “Kali Linux” or “LMDE” (Debian-based Mint) should follow the installation instructions for Debian, substituting the version of their distro for the corresponding Debian release. Refer to the documentation of your distro to find which Debian release corresponds with your derivative version.
• Likewise, users of Ubuntu derivatives such as “Kubuntu”, “Lubuntu” or “Xubuntu” should follow the installation instructions for Ubuntu, substituting the version of their distro for the corresponding Ubuntu release. Refer to the documentation of your distro to find which Ubuntu release corresponds with your derivative version.
• Some Linux distributions are providing a package of Docker Engine through their package repositories. These packages are built and maintained by the Linux distribution’s package maintainers and may have differences in configuration or built from modified source code. Docker is not involved in releasing these packages and bugs or issues involving these packages should be reported in your Linux distribution’s issue tracker.

Docker provides binaries for manual installation of Docker Engine. These binaries are statically linked and can be used on any Linux distribution.

Release channels

Docker Engine has three types of update channels, stable, test, and nightly:

• The Stable channel gives you latest releases for general availability.
• The Test channel gives pre-releases that are ready for testing before general availability (GA).
• The Nightly channel gives you latest builds of work in progress for the next major release.

Stable

Year-month releases are made from a release branch diverged from the master branch. The branch is created with format . , for example 20.10 . The year-month name indicates the earliest possible calendar month to expect the release to be generally available. All further patch releases are performed from that branch. For example, once v20.10.0 is released, all subsequent patch releases are built from the 20.10 branch.

In preparation for a new year-month release, a branch is created from the master branch with format YY.mm when the milestones desired by Docker for the release have achieved feature-complete. Pre-releases such as betas and release candidates are conducted from their respective release branches. Patch releases and the corresponding pre-releases are performed from within the corresponding release branch.

Nightly

Nightly builds give you the latest builds of work in progress for the next major release. They are created once per day from the master branch with the version format:

where the time is the commit time in UTC and the final suffix is the prefix of the commit hash, for example 0.0.0-20180720214833-f61e0f7 .

These builds allow for testing from the latest code on the master branch. No qualifications or guarantees are made for the nightly builds.

Support

Docker Engine releases of a year-month branch are supported with patches as needed for one month after the next year-month general availability release.

This means bug reports and backports to release branches are assessed until the end-of-life date.

After the year-month branch has reached end-of-life, the branch may be deleted from the repository.

Backporting

Backports to the Docker products are prioritized by the Docker company. A Docker employee or repository maintainer will endeavour to ensure sensible bugfixes make it into active releases.

If there are important fixes that ought to be considered for backport to active release branches, be sure to highlight this in the PR description or by adding a comment to the PR.

Upgrade path

Patch releases are always backward compatible with its year-month version.

Licensing

Docker is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Reporting security issues

The Docker maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!

Please DO NOT file a public issue; instead send your report privately to security@docker.com.

Security reports are greatly appreciated, and Docker will publicly thank you for it.

Get started

After setting up Docker, you can learn the basics with Getting started with Docker.

Источник

Установка Docker на Linux

Мы рассмотрим процесс установки Docker на системы семейства Linux — а именно, CentOS, Fedora и Ubuntu.

Ubuntu

Docker на Ubuntu ставится, относительно, просто.

Обновляем список пакетов:

Устанавливаем докер командой:

apt-get install docker docker.io

Разрешаем автозапуск докера и стартуем его:

systemctl enable docker

systemctl start docker

CentOS 8

dnf install wget

Скачиваем конфигурационный файл для репозитория докер:

wget -P /etc/yum.repos.d/ https://download.docker.com/linux/centos/docker-ce.repo

Теперь устанавливаем docker:

dnf install docker-ce docker-ce-cli

И разрешаем автозапуск сервиса и стартуем его:

systemctl enable docker —now

CentOS 7

yum install wget

Скачиваем файл репозитория:

wget -P /etc/yum.repos.d/ https://download.docker.com/linux/centos/docker-ce.repo

yum install docker-ce docker-ce-cli containerd.io

Запускаем его и разрешаем автозапуск:

systemctl enable docker —now

Fedora

Устанавливаем плагин, дающий дополнительные инструменты при работе с пакетами:

yum install dnf-plugins-core

dnf config-manager —add-repo https://download.docker.com/linux/fedora/docker-ce.repo

dnf install docker-ce docker-ce-cli containerd.io

Запускаем его и разрешаем автозапуск:

systemctl enable docker —now

Проверка

Чтобы убедиться, что docker в рабочем состоянии, выполняем команду:

docker run hello-world

Сначала система обнаружит, что нужного образа нет и загрузит его:

Unable to find image ‘hello-world:latest’ locally
latest: Pulling from library/hello-world
b8dfde127a29: Already exists
Digest: sha256:308866a43596e83578c7dfa15e27a73011bdd402185a84c5cd7f32a88b501a24
Status: Downloaded newer image for hello-world:latest

После отобразит приветствие:

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker.

Docker работает корректно.

Установка Compose

Команда docker-compose позволяет развернуть многоконтейнерные Docker-приложения.

Для ее установка сначала переходим на страницу github.com/docker/compose/releases/latest и смотрим последнюю версию docker-compose. В моем случае, это была 1.29.2.

curl -L «https://github.com/docker/compose/releases/download/$COMVER/docker-compose-$(uname -s)-$(uname -m)» -o /usr/bin/docker-compose

* где 1.29.2 — последняя версия файла.

Даем права файлу на исполнение:

chmod +x /usr/bin/docker-compose

Запускаем docker-compose с выводом его версии:

Возможные проблемы

1. undefined symbol: seccomp_api_set

Сервис докера не запускается, а в логе можно увидеть следующий текст ошибки:

/usr/bin/containerd: symbol lookup error: /usr/bin/containerd: undefined symbol: seccomp_api_set

Причина: ошибка возникает, если установить свежую версию containerd на систему с необновленной библиотекой libseccomp.

Решение: обновляем libseccomp.

yum update libseccomp

apt-get —only-upgrade install libseccomp2

2. error initializing network controller list bridge addresses failed no available network

Сервис докера не запускается, а в логе можно увидеть следующий текст ошибки:

error initializing network controller list bridge addresses failed no available network

Причина: система не может создать docker-интерфейс.

Решение: создаем docker-интерфейс вручную. Устанавливаем утилиту для работы с bridge-интерфейсами.

yum install bridge-utils

apt-get install bridge-utils

brctl addbr docker0

Назначаем IP-адреса на созданный интерфейс:

ip addr add 192.168.84.1/24 dev docker0

* в нашем примере для docker мы задали адрес 192.168.84.1.

Источник