环境说明

1、安装用户有sudo权限

2、本文讲docker组件安装，不是桌面程序安装

3、本文讲离线安装，不是在线安装

4、目标机器是内网机器，与外部网络不连通

下载

1、下载离线安装包，并上传到$HOME/basic-tool 目录
下载地址：Index of linux/static/stable/x86_64/

我下的这个：

https://download.docker.com/linux/static/stable/x86_64/docker-27.5.1.tgz

理由：rpm的安装起来反而麻烦，缺这个库缺那个库的

#  Docker 的扩展功能包（在离线安装包下载地址页面）
https://download.docker.com/linux/static/stable/x86_64/docker-rootless-extras-27.5.1.tgz
说明："rootless" 通常指的是不需要 root 权限就能运行 Docker 的特性

安装

1、解压

cd $HOME/basic-tool

tar -xvf docker-27.5.1.tgz

2、安装

sudo cp docker/* /usr/bin/

3、注册docker.service服务

# 用vi就行了，vim用的刚装的机器上都没这命令

vi /etc/systemd/system/docker.service

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd --selinux-enabled=false --insecure-registry=127.0.0.1
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target

4、添加镜像加速(此步可选)

sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF'
{
    "oom-score-adjust": -1000,
    "log-driver": "json-file",
    "log-opts": {
    "max-size": "20m",
    "max-file": "3"
    },
    "max-concurrent-downloads": 10,
    "max-concurrent-uploads": 10,
    "registry-mirrors": ["https://sto5ef1n.mirror.aliyuncs.com"],
    "storage-driver": "overlay2",
    "storage-opts": [
    "overlay2.override_kernel_check=true"
    ]
}
EOF

5、创建 Docker 组并添加（当前）用户

# 添加用户组 docker
sudo groupadd docker

# 添加用户
sudo usermod -aG docker $USER
# 等价于
# sudo usermod -aG docker xxx(当前用户名)

#更新用户组
newgrp docker    

6、启动 Docker 服务

sudo chmod 777 /etc/systemd/system/docker.service
sudo systemctl daemon-reload
sudo systemctl enable docker
sudo systemctl start docker

7、验证安装

systemctl status docker
docker -v
docker info

常见问题

1、执行docker命令时报权限错

[zhaoXXXXXX@GZXXX-PM153161 basic-tool]$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: 
Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": 
dial unix /var/run/docker.sock: connect: permission denied

解决：更新用户组

#更新用户组
newgrp docker 

2、启动docker守护进程报错

[zhao****@GZ****-PM153160 ~]$ sudo systemctl restart docker
Job for docker.service failed because the control process exited with error code.
See "systemctl status docker.service" and "journalctl -xe" for details.

解决：配置文件语法问题。删除解析不了的配置

查看报错详细日志（一般能看到提示了配置文件具体哪行的语法错，不同的版本支持的配置参数有差异）：

# 查看 docker 守护进程日志
journalctl -u docker.service

3、登陆（私有）镜像仓库报错

[zhao****@GZ****-PM153160 ~]$ docker login 10.130.***.106:30089
Username: admin
Password: 
Error response from daemon: Get "https://10.130.***.106:30089/v2/": tls: failed to verify certificate: x509: cannot validate certificate for 10.130.***.106 because it doesn't contain any IP SANs

解决：换成域名

[zhao***@GZ***-PM153160 ~]$ docker login harbor.***.com:30089
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /home/zhaozheng/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores

Login Succeeded

总结

      因大部分文章都不完整，不是少这步就是少那步，本文章是作者看了网上多个文章后取其精华并完善整理而来。作者此贴已亲测并验证通过，请放心参考！

附件

附件一：创建linux用户

# 创建用户组（上面有执行过）
# groupadd docker -g 200

# 创建 docker 用户  第一个docker是分组名，第二个docker是用户名
sudo useradd -g docker docker
sudo usermod -aG docker docker

# 修改 docker 用户密码
passwd docker   

附件二：将docker添加到sudo用户列表

# 没错这里就是vi和sudo两命令连在一起，中间没有空格
visudo

# 最后一行添加，保存即刻生效
docker ALL=(ALL) NOPASSWD:ALL

附件三：docker desktop下载

docker桌面程序下载地址
https://www.docker.com/

附件四：rpm相关包下载地址

本文不需要用

https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-26.1.4-1.el7.x86_64.rpm

https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.6.33-3.1.el7.x86_64.rpm

# policycoreutils-python安装（装docker-ce-selinux的依赖，本文不需要用）
policycoreutils-python-2.5-34.el7.x86_64.rpm

附件五：不采用rpm包的理由

rpm的安装起来缺这个库缺那个库的

[zhaoXXXXX@GZXXX-PM153161 basic-tool]$ sudo rpm -ivh containerd.io-1.6.33-3.1.el7.x86_64.rpm
warning: containerd.io-1.6.33-3.1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
error: Failed dependencies:
        container-selinux >= 2:2.74 is needed by containerd.io-1.6.33-3.1.el7.x86_64

[zhaoXXXXX@GZXXX-PM153161 basic-tool]$ sudo rpm -ivh docker-ce-20.10.24-3.el7.x86_64.rpm
warning: docker-ce-20.10.24-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
error: Failed dependencies:
        container-selinux >= 2:2.74 is needed by docker-ce-3:20.10.24-3.el7.x86_64
        containerd.io >= 1.4.1 is needed by docker-ce-3:20.10.24-3.el7.x86_64
        docker-ce-cli is needed by docker-ce-3:20.10.24-3.el7.x86_64
        docker-ce-rootless-extras is needed by docker-ce-3:20.10.24-3.el7.x86_64
        libcgroup is needed by docker-ce-3:20.10.24-3.el7.x86_64

[zhaoXXXXX@GZXXX-PM153161 basic-tool]$ sudo rpm -ivh docker-ce-rootless-extras-20.10.24-3.el7.x86_64.rpm
warning: docker-ce-rootless-extras-20.10.24-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
error: Failed dependencies:
        docker-ce is needed by docker-ce-rootless-extras-0:20.10.24-3.el7.x86_64
        fuse-overlayfs >= 0.7 is needed by docker-ce-rootless-extras-0:20.10.24-3.el7.x86_64
        slirp4netns >= 0.4 is needed by docker-ce-rootless-extras-0:20.10.24-3.el7.x86_64

[zhaoXXXXX@GZXXX-PM153161 basic-tool]$ sudo rpm -ivh policycoreutils-python-2.5-34.el7.x86_64.rpm
warning: policycoreutils-python-2.5-34.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
error: Failed dependencies:
        audit-libs-python >= 2.1.3-4 is needed by policycoreutils-python-2.5-34.el7.x86_64
        checkpolicy is needed by policycoreutils-python-2.5-34.el7.x86_64
        libapol.so.4()(64bit) is needed by policycoreutils-python-2.5-34.el7.x86_64
        libapol.so.4(VERS_4.0)(64bit) is needed by policycoreutils-python-2.5-34.el7.x86_64
        libcgroup is needed by policycoreutils-python-2.5-34.el7.x86_64
        libqpol.so.1()(64bit) is needed by policycoreutils-python-2.5-34.el7.x86_64
        libqpol.so.1(VERS_1.2)(64bit) is needed by policycoreutils-python-2.5-34.el7.x86_64
        libqpol.so.1(VERS_1.4)(64bit) is needed by policycoreutils-python-2.5-34.el7.x86_64
        libselinux-python is needed by policycoreutils-python-2.5-34.el7.x86_64
        libsemanage-python >= 2.5-14 is needed by policycoreutils-python-2.5-34.el7.x86_64
        policycoreutils = 2.5-34.el7 is needed by policycoreutils-python-2.5-34.el7.x86_64
        python-IPy is needed by policycoreutils-python-2.5-34.el7.x86_64
        setools-libs >= 3.3.8-4 is needed by policycoreutils-python-2.5-34.el7.x86_64

附件六：iptables对外开放5151端口

sudo iptables -I INPUT -p tcp --dport 5151 -j ACCEPT