openEuler22.03LTS系统升级docker至26.1.4以支持启用ip6tables功能
本文记录了openEuler22.03LTS将docker升级由18.09.0升级至26.1.4的过程(当前docker最新版本为27.5.1,生产环境为保障稳定性,选择升级到上一个大版本26的最新小版本)。
一、现有环境
1、系统版本
[root@localhost opt]# cat /etc/os-release
NAME="openEuler"
VERSION="22.03 LTS"
ID="openEuler"
VERSION_ID="22.03"
PRETTY_NAME="openEuler 22.03 LTS"
ANSI_COLOR="0;31"2、docker版本
[root@localhost opt]# docker --version
Docker version 18.09.0, build 4ca0e26二、升级准备
1、卸载现有版本
[root@localhost opt]# yum remove docker -y
Dependencies resolved.
=========================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================================================================================
Removing:
docker-engine x86_64 2:18.09.0-335.oe2203 @update 160 M
Transaction Summary
=========================================================================================================================================================================================================================================
Remove 1 Package
Freed space: 160 M
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: docker-engine-2:18.09.0-335.oe2203.x86_64 1/1
Removed /etc/systemd/system/multi-user.target.wants/docker.service.
Erasing : docker-engine-2:18.09.0-335.oe2203.x86_64 1/1
Running scriptlet: docker-engine-2:18.09.0-335.oe2203.x86_64 1/1
Verifying : docker-engine-2:18.09.0-335.oe2203.x86_64 1/1
Removed:
docker-engine-2:18.09.0-335.oe2203.x86_64
Complete!2、从docker官网下载目标软件包
下载链接:
docker-26.1.4官网下载
下载实作
[root@localhost opt]# wget https://download.docker.com/linux/static/stable/x86_64/docker-26.1.4.tgz
--2025-02-07 13:45:27-- https://download.docker.com/linux/static/stable/x86_64/docker-26.1.4.tgz
正在解析主机 download.docker.com (download.docker.com)... 3.170.229.46, 3.170.229.96, 3.170.229.111, ...
正在连接 download.docker.com (download.docker.com)|3.170.229.46|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:73759281 (70M) [application/x-tar]
正在保存至: “docker-26.1.4.tgz”
docker-26.1.4.tgz 100%[=====================================================================================================================================>] 70.34M 245KB/s 用时 4m 41s
2025-02-07 13:50:09 (256 KB/s) - 已保存 “docker-26.1.4.tgz” [73759281/73759281])
[root@localhost opt]# ll
..
-rw-r--r--. 1 root root 71M 6月 18 2024 docker-26.1.4.tgz三、升级软件
1、解压软件包
[root@localhost opt]# tar -xzvf docker-26.1.4.tgz
docker/
docker/docker-init
docker/docker-proxy
docker/docker
docker/containerd-shim-runc-v2
docker/runc
docker/ctr
docker/dockerd
docker/containerd
[root@localhost opt]# ll docker
总用量 190M
-rwxr-xr-x. 1 AAAA AAAA 38M 6月 5 2024 containerd
-rwxr-xr-x. 1 AAAA AAAA 12M 6月 5 2024 containerd-shim-runc-v2
-rwxr-xr-x. 1 AAAA AAAA 19M 6月 5 2024 ctr
-rwxr-xr-x. 1 AAAA AAAA 37M 6月 5 2024 docker
-rwxr-xr-x. 1 AAAA AAAA 68M 6月 5 2024 dockerd
-rwxr-xr-x. 1 AAAA AAAA 692K 6月 5 2024 docker-init
-rwxr-xr-x. 1 AAAA AAAA 1.9M 6月 5 2024 docker-proxy
-rwxr-xr-x. 1 AAAA AAAA 15M 6月 5 2024 runc2、复制文件到/usr/bin目录
[root@localhost opt]# cp docker/* /usr/bin3、编写service文件
[root@localhost opt]# vi docker.service
...
[root@localhost opt]# cat docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Environment="HTTP_PROXY=http://192.168.80.1:50691"
Environment="HTTPS_PROXY=http://192.168.80.1:50691"
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/dockerd $OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$INSECURE_REGISTRY
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target4、将service文件复制到相应文件夹
[root@localhost opt]# chmod 644 docker.service
[root@localhost opt]# cp docker.service /usr/lib/systemd/system/docker.service5、启动服务
[root@localhost opt]# systemctl daemon-reload
[root@localhost opt]# systemctl start docker
[root@localhost opt]# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.6、验证版本
[root@localhost opt]# docker --version
Docker version 26.1.4, build 5650f9b
[root@localhost opt]# docker version
Client:
Version: 26.1.4
API version: 1.45
Go version: go1.21.11
Git commit: 5650f9b
Built: Wed Jun 5 11:27:57 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 26.1.4
API version: 1.45 (minimum version 1.24)
Go version: go1.21.11
Git commit: de5c9cf
Built: Wed Jun 5 11:29:25 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.7.18
GitCommit: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0升级成功。
四、验证启用ip6tables功能
本次升级旨在解决openEuler22.03LTS原生docker不支持ip6tables的问题,,(docker engine 的版本从20.10.2及以上才开始支持ip6tables,这里ip6tables是指由docker自动配置 IPv6 的防火墙规则。)
低版本docker引擎配置启用ip6tables,会出现以下报错日志无法启动
....systemd[1]: Starting Docker Application Container Engine...
...dockerd[5597]: unable to configure the Docker daemon with file /etc/docker/daemon.jso>
...systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
...systemd[1]: docker.service: Failed with result 'exit-code'.
...: Failed to start Docker Application Container Engine.
...: Starting Docker Application Container Engine...
测试配置启用ip6tables并重启服务
[root@localhost opt]# vi /etc/docker/daemon.json
[root@localhost opt]# cat /etc/docker/daemon.json
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64",
"experimental":true,
"ip6tables": true
}
[root@localhost opt]# systemctl restart docker正常通过。
