centos 离线安装 docker & docker-compose

好久没写博客了，记录一次特别的部署需求吧

客户要求在暂时没法联网的centos服务器上部署项目，项目之前的开发和测试都是基于docker运行的，容器、镜像、代码都可以打包，但基础的docker环境还是要安装的。

首先 #下载docker-20.10.0包
https://download.docker.com/linux/static/stable/x86_64/docker-20.10.0.tgz

上传到服务器解压，解压后有这几个可执行文件，全部拷贝到 /usr/bin 目录，并且确保root有执行权限

另外这个版本的runc有一个高危漏洞，需要手动下载新的版本更新覆盖一下 Docker runc容器逃逸漏洞(CVE-2021-30465)
将 runc 升级到 1.0.0-rc95 及以上版本，下载地址：https://github.com/opencontainers/runc/releases/

#添加docker.service文件
vim /etc/systemd/system/docker.service
#按i插入模式,复制如下内容:

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
  
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
  
[Install]
WantedBy=multi-user.target

#添加文件可执行权限
chmod +x /etc/systemd/system/docker.service

#重新加载配置文件
systemctl daemon-reload

#启动Docker
systemctl start docker

#查看docker启动状态
systemctl status docker

#查看启动容器
docker ps

#设置开机自启动
systemctl enable docker.service

#查看docker开机启动状态 enabled:开启, disabled:关闭
systemctl is-enabled docker.service

安装docker-compose

到github 下载对应版本的可执行文件，也是上传拷贝到 /usr/bin目录下并授予root可执行的权限

https://github.com/docker/compose/releases/download/