阿才的博客 首页时间线标签分类站点地图百度站点地图
Docker rootless模式运行容器
字数总计: 486|阅读时长: 2 分钟

背景

在没有root权限的节点部署并运行容器需要使用rootless来实现

环境信息

操作系统 内核版本
BigCloud Enterprise Linux For Euler 21.10 LTS 4.19.90-2107.6.0.0100.oe1.bclinux.x86_64

xxxxxxxxxx docker run -rm --net host -v /data/logs:/data/logs -e ENABLE_SYSTEM=true -e MAGIC_LOG_PATH=/data/logs -e REGION_TYPE=1 -e NODE_EXPORTER=node_exporter -e PROMETHEUS_URL=http://x.x.x.x:9090 -e ENABLE_PROMETHEUS_AUTH=true -e PROMETHEUS_USER=admin -e PROMETHEUS_PASS=admin \monitoring/prom_monitoring:v2.4shell

wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.24.tgz

下载rootless安装包,需要跟docker版本保持一致

wget https://download.docker.com/linux/static/stable/x86_64/docker-rootless-extras-20.10.24.tgz

安装docker

mkdir $HOME/data
tar xf docker-20.10.24.tgz -C $HOME/data/
mkdir $HOME/data/docker/bin
mv $HOME/data/docker/* $HOME/data/docker/bin/

安装rootless

tar xf docker-rootless-extras-20.10.24.tgz -C /tmp/
mv /tmp/docker-rootless-extras/* $HOME/data/docker/bin/

编辑$HOME/.bash_profile添加环境变量

cat >> $HOME/.bash_profile << 'EOF'
export DOCKER_HOME="$HOME/data/docker"
export PATH=$DOCKER_HOME/bin:$PATH
EOF
source $HOME/.bash_profile
bash

安装docker rootless,并将XDG_RUNTIME_DIR、DOCKER_HOST变量添加到.bash_profile环境变量

$ dockerd-rootless-setuptool.sh install
[INFO] systemd not detected, dockerd-rootless.sh needs to be started manually:

PATH=/home/apps/data/docker/bin:/sbin:/usr/sbin:$PATH dockerd-rootless.sh

[INFO] Creating CLI context "rootless"
Successfully created context "rootless"
[INFO] Use CLI context "rootless"
Current context is now "rootless"

[INFO] Make sure the following environment variables are set (or add them to ~/.bashrc):

# WARNING: systemd not found. You have to remove XDG_RUNTIME_DIR manually on every logout.
export XDG_RUNTIME_DIR=/home/apps/.docker/run
export PATH=/home/apps/data/docker/bin:$PATH
Some applications may require the following environment variable too:
export DOCKER_HOST=unix:///home/apps/.docker/run/docker.sock

安装fuse-overlayfs,让rootless使用fuse-overlayfs文件系统

wget https://github.com/containers/fuse-overlayfs/releases/download/v1.14/fuse-overlayfs-x86_64 fuse-overlayfs
mv fuse-overlayfs-x86_64 fuse-overlayfs
chmod 777 fuse-overlayfs
mv fuse-overlayfs $HOME/data/docker/bin

创建docker配置文件目录

mkdir -p $HOME/.config/docker
cat > $HOME/.config/docker/daemon.json << EOF
{
  "data-root": "$HOME/data/docker/docker-root",
  "storage-driver": "fuse-overlayfs",
  "log-driver": "json-file",
  "log-opts": {
      "max-size": "10m",
      "max-file": "3"
  }
}
EOF

启动docker

nohup dockerd-rootless.sh &
文章作者: 慕容峻才
文章链接: https://www.acaiblog.top/Docker-rootless模式运行容器/
版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 阿才的博客
Docker
微信打赏
支付宝打赏