7error/docker-install.sh

## docker-install.sh
grep -e "^docker" /etc/group >& /dev/null
if [ $? -ne 0 ]
then
    groupadd docker
fi


#usermod -aG docker $USER
#newgrp docker


mkdir -p /etc/systemd/system/docker.service.d
mkdir -p /etc/docker/
mkdir -p /etc/cni/net.d
mkdir -p /opt/cni/bin
mkdir -p /var/lib/docker/
mkdir -p /var/lib/containerd/
mkdir -p /etc/containerd/


curl -sSLk -o /tmp/docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-19.03.5.tgz && tar xvf /tmp/docker.tgz -C /tmp && cp /tmp/docker/* /usr/bin/ && rm /tmp/docker.tgz && rm -rf /tmp/docker


cat > /etc/sysctl.d/mysysctl.conf <<EOF
fs.file-max = 1024000
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches=89100
###
net.core.default_qdisc = fq
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.ip_forward=1
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 0
#net.ipv4.tcp_tw_recycle = 0
#/proc/sys/net/ipv4/tcp_tw_recycle: No such file or directory
net.ipv4.tcp_notsent_lowat = 16384
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_fastopen = 3
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
###
user.max_user_namespaces=15000
vm.max_map_count=262144
EOF

sysctl --system


cat>/lib/systemd/system/docker.service<<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
#ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
#ExecStopPost=/bin/bash -c '/sbin/iptables -D FORWARD -s 0.0.0.0/0 -j ACCEPT &> /dev/null || :'
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

cat>/lib/systemd/system/docker.socket<<EOF
[Unit]
Description=Docker Socket for the API
PartOf=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
EOF

cat>/lib/systemd/system/containerd.service<<EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd

Delegate=yes
KillMode=process
Restart=always
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity

[Install]
WantedBy=multi-user.target
EOF


cat>/etc/docker/daemon.json<<EOF
{
	"metrics-addr": "0.0.0.0:1337",
	"experimental": true,
	"insecure-registries": [],
	"live-restore": true,
	"registry-mirrors": ["https://fz5yth0r.mirror.aliyuncs.com"],
	"max-concurrent-downloads": 20,
	"exec-opts": [""],
	"storage-driver": "overlay2",
	"storage-opts": [
		"overlay2.override_kernel_check=true"
	],
	"log-driver": "json-file",
	"log-opts": {
		"max-size": "100m",
		"max-file": "10"
	}
}
EOF

systemctl enable --now docker
	grep -e "^docker" /etc/group >& /dev/null
	if [ $? -ne 0 ]
	then
	groupadd docker
	fi


	#usermod -aG docker $USER
	#newgrp docker



	mkdir -p /etc/systemd/system/docker.service.d
	mkdir -p /etc/docker/
	mkdir -p /etc/cni/net.d
	mkdir -p /opt/cni/bin
	mkdir -p /var/lib/docker/
	mkdir -p /var/lib/containerd/
	mkdir -p /etc/containerd/


	curl -sSLk -o /tmp/docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-19.03.5.tgz && tar xvf /tmp/docker.tgz -C /tmp && cp /tmp/docker/* /usr/bin/ && rm /tmp/docker.tgz && rm -rf /tmp/docker


	cat > /etc/sysctl.d/mysysctl.conf <<EOF
	fs.file-max = 1024000
	fs.inotify.max_user_instances = 8192
	fs.inotify.max_user_watches=89100
	###
	net.core.default_qdisc = fq
	net.core.netdev_max_backlog = 262144
	net.core.somaxconn = 262144
	net.ipv4.ip_forward=1
	net.ipv4.tcp_congestion_control = bbr
	net.ipv4.tcp_max_orphans = 262144
	net.ipv4.tcp_max_syn_backlog = 262144
	net.ipv4.tcp_synack_retries = 1
	net.ipv4.tcp_syn_retries = 1
	net.ipv4.tcp_timestamps = 0
	net.ipv4.tcp_tw_reuse = 0
	#net.ipv4.tcp_tw_recycle = 0
	#/proc/sys/net/ipv4/tcp_tw_recycle: No such file or directory
	net.ipv4.tcp_notsent_lowat = 16384
	net.ipv4.tcp_slow_start_after_idle = 0
	net.ipv4.tcp_fastopen = 3
	net.bridge.bridge-nf-call-ip6tables=1
	net.bridge.bridge-nf-call-iptables=1
	###
	user.max_user_namespaces=15000
	vm.max_map_count=262144
	EOF

	sysctl --system


	cat>/lib/systemd/system/docker.service<<EOF
	[Unit]
	Description=Docker Application Container Engine
	Documentation=https://docs.docker.com
	BindsTo=containerd.service
	After=network-online.target firewalld.service containerd.service
	Wants=network-online.target
	Requires=docker.socket

	[Service]
	Type=notify
	# the default is not to use systemd for cgroups because the delegate issues still
	# exists and systemd currently does not support the cgroup feature set required
	# for containers run by docker
	#ExecStartPost=/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT
	#ExecStopPost=/bin/bash -c '/sbin/iptables -D FORWARD -s 0.0.0.0/0 -j ACCEPT &> /dev/null \|\| :'
	ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
	ExecReload=/bin/kill -s HUP $MAINPID
	TimeoutSec=0
	RestartSec=2
	Restart=always

	# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
	# Both the old, and new location are accepted by systemd 229 and up, so using the old location
	# to make them work for either version of systemd.
	StartLimitBurst=3

	# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
	# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
	# this option work for either version of systemd.
	StartLimitInterval=60s

	# Having non-zero Limit*s causes performance problems due to accounting overhead
	# in the kernel. We recommend using cgroups to do container-local accounting.
	LimitNOFILE=infinity
	LimitNPROC=infinity
	LimitCORE=infinity

	# Comment TasksMax if your systemd version does not support it.
	# Only systemd 226 and above support this option.
	TasksMax=infinity

	# set delegate yes so that systemd does not reset the cgroups of docker containers
	Delegate=yes

	# kill only the docker process, not all processes in the cgroup
	KillMode=process

	[Install]
	WantedBy=multi-user.target
	EOF

	cat>/lib/systemd/system/docker.socket<<EOF
	[Unit]
	Description=Docker Socket for the API
	PartOf=docker.service

	[Socket]
	ListenStream=/var/run/docker.sock
	SocketMode=0660
	SocketUser=root
	SocketGroup=docker

	[Install]
	WantedBy=sockets.target
	EOF

	cat>/lib/systemd/system/containerd.service<<EOF
	[Unit]
	Description=containerd container runtime
	Documentation=https://containerd.io
	After=network.target local-fs.target

	[Service]
	ExecStartPre=-/sbin/modprobe overlay
	ExecStart=/usr/bin/containerd

	Delegate=yes
	KillMode=process
	Restart=always
	# Having non-zero Limit*s causes performance problems due to accounting overhead
	# in the kernel. We recommend using cgroups to do container-local accounting.
	LimitNPROC=infinity
	LimitCORE=infinity
	LimitNOFILE=1048576
	# Comment TasksMax if your systemd version does not supports it.
	# Only systemd 226 and above support this version.
	TasksMax=infinity

	[Install]
	WantedBy=multi-user.target
	EOF


	cat>/etc/docker/daemon.json<<EOF
	{
	"metrics-addr": "0.0.0.0:1337",
	"experimental": true,
	"insecure-registries": [],
	"live-restore": true,
	"registry-mirrors": ["https://fz5yth0r.mirror.aliyuncs.com"],
	"max-concurrent-downloads": 20,
	"exec-opts": [""],
	"storage-driver": "overlay2",
	"storage-opts": [
	"overlay2.override_kernel_check=true"
	],
	"log-driver": "json-file",
	"log-opts": {
	"max-size": "100m",
	"max-file": "10"
	}
	}
	EOF

	systemctl enable --now docker