Last active
January 22, 2020 16:10
-
-
Save 7error/a2f1415a54a95b385df00ffd397c866a to your computer and use it in GitHub Desktop.
Revisions
-
7error revised this gist
Jan 22, 2020 . 1 changed file with 5 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -50,6 +50,8 @@ user.max_user_namespaces=15000 vm.max_map_count=262144 EOF sysctl --system cat>/lib/systemd/system/docker.service<<EOF [Unit] @@ -65,6 +67,8 @@ Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker #ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT #ExecStopPost=/bin/bash -c '/sbin/iptables -D FORWARD -s 0.0.0.0/0 -j ACCEPT &> /dev/null || :' ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 @@ -151,7 +155,7 @@ cat>/etc/docker/daemon.json<<EOF "live-restore": true, "registry-mirrors": ["https://fz5yth0r.mirror.aliyuncs.com"], "max-concurrent-downloads": 20, "exec-opts": [""], "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" -
Jan 22, 2020 . 1 changed file with 11 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,10 @@ grep -e "^docker" /etc/group >& /dev/null if [ $? -ne 0 ] then groupadd docker fi #usermod -aG docker $USER #newgrp docker @@ -47,7 +51,7 @@ vm.max_map_count=262144 EOF cat>/lib/systemd/system/docker.service<<EOF [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com @@ -97,7 +101,7 @@ KillMode=process WantedBy=multi-user.target EOF cat>/lib/systemd/system/docker.socket<<EOF [Unit] Description=Docker Socket for the API PartOf=docker.service @@ -112,7 +116,7 @@ SocketGroup=docker WantedBy=sockets.target EOF cat>/lib/systemd/system/containerd.service<<EOF [Unit] Description=containerd container runtime Documentation=https://containerd.io @@ -158,4 +162,6 @@ cat>/etc/docker/daemon.json<<EOF "max-file": "10" } } EOF systemctl enable --now docker -
Jan 22, 2020 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,8 @@ groupadd docker #usermod -aG docker $USER #newgrp docker -
Jan 22, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,161 @@ groupadd docker usermod -aG docker your-user id -un mkdir -p /etc/systemd/system/docker.service.d mkdir -p /etc/docker/ mkdir -p /etc/cni/net.d mkdir -p /opt/cni/bin mkdir -p /var/lib/docker/ mkdir -p /var/lib/containerd/ mkdir -p /etc/containerd/ curl -sSLk -o /tmp/docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-19.03.5.tgz && tar xvf /tmp/docker.tgz -C /tmp && cp /tmp/docker/* /usr/bin/ && rm /tmp/docker.tgz && rm -rf /tmp/docker cat > /etc/sysctl.d/mysysctl.conf <<EOF fs.file-max = 1024000 fs.inotify.max_user_instances = 8192 fs.inotify.max_user_watches=89100 ### net.core.default_qdisc = fq net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.ip_forward=1 net.ipv4.tcp_congestion_control = bbr net.ipv4.tcp_max_orphans = 262144 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_tw_reuse = 0 #net.ipv4.tcp_tw_recycle = 0 #/proc/sys/net/ipv4/tcp_tw_recycle: No such file or directory net.ipv4.tcp_notsent_lowat = 16384 net.ipv4.tcp_slow_start_after_idle = 0 net.ipv4.tcp_fastopen = 3 net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 ### user.max_user_namespaces=15000 vm.max_map_count=262144 EOF cat>/var/lib/systemd/system/docker.service<<EOF [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com BindsTo=containerd.service After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process [Install] WantedBy=multi-user.target EOF cat>/var/lib/systemd/system/docker.socket<<EOF [Unit] Description=Docker Socket for the API PartOf=docker.service [Socket] ListenStream=/var/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target EOF cat>/var/lib/systemd/system/containerd.service<<EOF [Unit] Description=containerd container runtime Documentation=https://containerd.io After=network.target local-fs.target [Service] ExecStartPre=-/sbin/modprobe overlay ExecStart=/usr/bin/containerd Delegate=yes KillMode=process Restart=always # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNPROC=infinity LimitCORE=infinity LimitNOFILE=1048576 # Comment TasksMax if your systemd version does not supports it. # Only systemd 226 and above support this version. TasksMax=infinity [Install] WantedBy=multi-user.target EOF cat>/etc/docker/daemon.json<<EOF { "metrics-addr": "0.0.0.0:1337", "experimental": true, "insecure-registries": [], "live-restore": true, "registry-mirrors": ["https://fz5yth0r.mirror.aliyuncs.com"], "max-concurrent-downloads": 20, "exec-opts": ["native.cgroupdriver=systemd"], "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ], "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "10" } } EOF