Compare commits
10 Commits
ff4794e5c7
...
14728853aa
| Author | SHA1 | Date | |
|---|---|---|---|
|
14728853aa | ||
|
|
0692b1aec1 | ||
|
|
664ad9b993 | ||
|
|
948c4cc762 | ||
|
|
9d5c4c90d1 | ||
|
|
36e5154be0 | ||
|
|
da19176e27 | ||
|
|
3cd77a4ae9 | ||
|
|
1b2945a001 | ||
|
|
8d49d85064 |
77
docker/README.md
Normal file
77
docker/README.md
Normal file
@@ -0,0 +1,77 @@
|
||||
## install docker
|
||||
|
||||
使用官方源安装(国内直接访问较慢)
|
||||
|
||||
curl -fsSL https://get.docker.com | bash
|
||||
使用阿里源安装
|
||||
|
||||
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
|
||||
使用中国区Azure源安装
|
||||
|
||||
curl -fsSL https://get.docker.com | bash -s docker --mirror AzureChinaCloud
|
||||
自启动Docker
|
||||
|
||||
systemctl enable --now docker
|
||||
一键安装最新版Docker Compose:
|
||||
|
||||
```shell
|
||||
COMPOSE_VERSION=`git ls-remote https://github.com/docker/compose | grep refs/tags | grep -oP "[0-9]+\.[0-9][0-9]+\.[0-9]+$" | sort --version-sort | tail -n 1`
|
||||
sh -c "curl -L https://github.com/docker/compose/releases/download/v${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose"
|
||||
chmod +x /usr/local/bin/docker-compose
|
||||
```
|
||||
|
||||
## nvidia-docker
|
||||
|
||||
sudo chown -R root:docker /data/docker
|
||||
sudo chmod -R 770 /data/docker
|
||||
|
||||
|
||||
```shell
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y curl gnupg lsb-release
|
||||
|
||||
curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg \
|
||||
&& curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
|
||||
sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | \
|
||||
sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list
|
||||
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y nvidia-container-toolkit
|
||||
sudo nvidia-ctk runtime configure --runtime=docker
|
||||
sudo systemctl restart docker
|
||||
echo "NVIDIA Docker 已安装。"
|
||||
```
|
||||
|
||||
## 更改镜像目录
|
||||
|
||||
vim /etc/docker/daemon.json
|
||||
|
||||
{
|
||||
"data-root": "/data/docker"
|
||||
}
|
||||
|
||||
## 换源
|
||||
|
||||
https://www.kelen.cc/dry/docker-hub-mirror
|
||||
|
||||
添加换源的mirror:
|
||||
|
||||
```json
|
||||
{
|
||||
"data-root": "/data/docker",
|
||||
"features": {
|
||||
"buildkit": true
|
||||
},
|
||||
"registry-mirrors": [
|
||||
"https://hub.rat.dev",
|
||||
"https://dockerhub.icu",
|
||||
"https://docker.unsee.tech"
|
||||
],
|
||||
"runtimes": {
|
||||
"nvidia": {
|
||||
"args": [],
|
||||
"path": "nvidia-container-runtime"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
@@ -47,4 +47,117 @@ sudo ctr --namespace=k8s.io images ls -q
|
||||
Rootful mode: /etc/nerdctl/nerdctl.toml
|
||||
Rootless mode: ~/.config/nerdctl/nerdctl.toml
|
||||
|
||||
需要安装RootlessKit和slirp4netns,并且设置Nerdctl使用这些工具。参照 [Rootless模式文档](https://github.com/containerd/nerdctl/blob/main/docs/rootless.md) 进行配置。
|
||||
需要安装RootlessKit和slirp4netns,并且设置Nerdctl使用这些工具。参照 [Rootless模式文档](https://github.com/containerd/nerdctl/blob/main/docs/rootless.md) 进行配置。
|
||||
|
||||
## 构建镜像时候没有使用缓存的原因
|
||||
|
||||
[参考 nerdctl build](https://github.com/containerd/nerdctl/blob/main/docs/build.md)
|
||||
|
||||
BuildKit 的两种工作模式:
|
||||
|
||||
containerd worker:允许 BuildKit 使用 containerd 管理的本地镜像缓存,也就是说 nerdctl 构建的镜像能够用作基础镜像。
|
||||
OCI worker:不使用 containerd 管理的镜像缓存,这意味着无法访问由 nerdctl 构建的镜像,因为它们被 containerd 所管理。因此,若使用 OCI worker,BuildKit 只能直接从镜像仓库拉取镜像,无法利用本地缓存。
|
||||
|
||||
默认情况下,如果没有特别设置,BuildKit 很可能使用 OCI worker,因此无法使用 containerd 管理的镜像。
|
||||
若要确保 BuildKit 使用 containerd worker,需要配置 /etc/buildkit/buildkitd.toml (/etc/buildkit/buildkit.toml) 文件,将 [worker.containerd] 设置为 enabled = true 并指定 namespace 为 "default"(或你指定的 namespace)。
|
||||
|
||||
sudo systemctl status buildkit
|
||||
|
||||
sudo systemctl enable --now buildkit
|
||||
|
||||
编辑文件`/etc/buildkit/buildkit.toml`
|
||||
|
||||
```shell
|
||||
[worker.oci]
|
||||
# 关闭OCI
|
||||
enabled = false
|
||||
|
||||
[worker.containerd]
|
||||
enabled = true
|
||||
# namespace should be "k8s.io" for Kubernetes (including Rancher Desktop)
|
||||
namespace = "buildkit" # 修改为'k8s.io' 可以从这里进行缓存镜像。
|
||||
platforms = [ "linux/amd64", "linux/arm64" ]
|
||||
gc = true
|
||||
# gckeepstorage sets storage limit for default gc profile, in MB.
|
||||
gckeepstorage = 9000
|
||||
|
||||
# registry configures a new Docker register used for cache import or output.
|
||||
[registry."docker.io"]
|
||||
# mirror configuration to handle path in case a mirror registry requires a /project path rather than just a host:port
|
||||
mirrors = ["https://upnuemce.mirror.aliyuncs.com", "core.harbor.domain/proxy.docker.io"]
|
||||
http = true
|
||||
insecure = true
|
||||
#ca=["/etc/config/myca.pem"]
|
||||
#[[registry."docker.io".keypair]]
|
||||
#key="/etc/config/key.pem"
|
||||
#cert="/etc/config/cert.pem"
|
||||
```
|
||||
|
||||
https://docker.unsee.tech https://dockerhub.icu
|
||||
|
||||
sudo systemctl restart buildkit
|
||||
|
||||
## root 用户创建 buildkit.service
|
||||
|
||||
```shell
|
||||
echo "配置 buildkitd 服务..."
|
||||
|
||||
# 创建 buildkitd 配置文件目录
|
||||
sudo mkdir -p /etc/buildkit
|
||||
# https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
|
||||
sudo tee /etc/buildkit/buildkit.toml > /dev/null <<EOT
|
||||
[worker.oci]
|
||||
enabled = false
|
||||
|
||||
[worker.containerd]
|
||||
enabled = true
|
||||
# namespace should be "k8s.io" for Kubernetes (including Rancher Desktop)
|
||||
namespace = "buildkit"
|
||||
platforms = [ "linux/amd64", "linux/arm64" ]
|
||||
gc = true
|
||||
# gckeepstorage sets storage limit for default gc profile, in MB.
|
||||
gckeepstorage = 9000
|
||||
|
||||
# registry configures a new Docker register used for cache import or output.
|
||||
[registry."docker.io"]
|
||||
# mirror configuration to handle path in case a mirror registry requires a /project path rather than just a host:port
|
||||
mirrors = ["https://upnuemce.mirror.aliyuncs.com", "core.harbor.domain/proxy.docker.io"]
|
||||
http = true
|
||||
insecure = true
|
||||
#ca=["/etc/config/myca.pem"]
|
||||
#[[registry."docker.io".keypair]]
|
||||
#key="/etc/config/key.pem"
|
||||
#cert="/etc/config/cert.pem"
|
||||
EOT
|
||||
|
||||
sudo tee /etc/systemd/system/buildkit.service > /dev/null <<EOT
|
||||
[Unit]
|
||||
Description=BuildKit Daemon
|
||||
Documentation=https://github.com/moby/buildkit
|
||||
Requires=buildkit.socket
|
||||
After=network.target buildkit.socket
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
ExecStart=/usr/local/bin/buildkitd --config /etc/buildkit/buildkit.toml --addr fd://
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
StartLimitInterval=0
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOT
|
||||
|
||||
sudo tee /etc/systemd/system/buildkit.socket > /dev/null <<EOT
|
||||
[Unit]
|
||||
Description=BuildKit
|
||||
Documentation=https://github.com/moby/buildkit
|
||||
|
||||
[Socket]
|
||||
ListenStream=%t/buildkit/buildkitd.sock
|
||||
SocketMode=0660
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
EOT
|
||||
```
|
||||
@@ -2,7 +2,6 @@
|
||||
|
||||
# setup_buildkit_config_rootless.sh
|
||||
# 说明:此脚本用于配置 BuildKit 的 rootless 模式配置文件。
|
||||
# 官方文档和配置选项请参考:https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md
|
||||
|
||||
# 获取当前执行脚本的用户
|
||||
CURRENT_USER=$(whoami)
|
||||
@@ -11,6 +10,7 @@ echo "当前用户:$CURRENT_USER"
|
||||
# BuildKit 配置文件路径
|
||||
CONFIG_DIR="$HOME/.config/buildkit"
|
||||
CONFIG_FILE="$CONFIG_DIR/buildkit.toml"
|
||||
CONFIG_FILE_D="$CONFIG_DIR/buildkitd.toml" # 新增 buildkitd.toml 文件路径
|
||||
|
||||
# 镜像源配置
|
||||
declare -A mirrors
|
||||
@@ -31,8 +31,8 @@ mirrors=(
|
||||
# 创建配置目录
|
||||
mkdir -p "$CONFIG_DIR"
|
||||
|
||||
# 生成 BuildKit 配置文件
|
||||
echo "生成 BuildKit 配置文件..."
|
||||
# 生成 BuildKit 配置文件 buildkit.toml
|
||||
echo "生成 BuildKit 配置文件 buildkit.toml..."
|
||||
cat > "$CONFIG_FILE" <<EOF
|
||||
[worker.oci]
|
||||
enabled = false
|
||||
@@ -49,6 +49,10 @@ cat > "$CONFIG_FILE" <<EOF
|
||||
# 注册表配置,包含多个镜像加速器
|
||||
EOF
|
||||
|
||||
# 生成 BuildKit 配置文件 buildkitd.toml (复制 buildkit.toml 内容)
|
||||
cp "$CONFIG_FILE" "$CONFIG_FILE_D"
|
||||
echo "生成 BuildKit 配置文件 buildkitd.toml..."
|
||||
|
||||
# 添加镜像源到配置文件
|
||||
echo "配置镜像加速器..."
|
||||
for registry in "${!mirrors[@]}"; do
|
||||
@@ -62,6 +66,9 @@ for registry in "${!mirrors[@]}"; do
|
||||
EOF
|
||||
done
|
||||
|
||||
# 将同样的镜像源配置追加到 buildkitd.toml
|
||||
cat "$CONFIG_FILE" > "$CONFIG_FILE_D"
|
||||
|
||||
# 设置 /run/containerd/containerd.sock 权限
|
||||
echo "配置 containerd.sock 的权限..."
|
||||
|
||||
@@ -87,5 +94,5 @@ sudo systemctl restart buildkit
|
||||
echo "完成。请重新登录会话以应用对组的更改,使 $CURRENT_USER 可以使用 /run/containerd/containerd.sock。"
|
||||
|
||||
# 输出完成信息
|
||||
echo "BuildKit 配置文件已生成: $CONFIG_FILE"
|
||||
echo "BuildKit 配置文件已生成: $CONFIG_FILE 和 $CONFIG_FILE_D"
|
||||
echo "镜像配置已设置完成,详细选项请参考官方文档:https://github.com/moby/buildkit/blob/master/docs/buildkitd.toml.md"
|
||||
|
||||
@@ -69,7 +69,7 @@ fi
|
||||
# 配置镜像源的主机和路径
|
||||
declare -A mirrors
|
||||
mirrors=(
|
||||
["docker.io"]="https://docker.io https://docker.unsee.tech https://dockerhub.icu"
|
||||
["docker.io"]="https://docker.io https://docker.unsee.tech https://dockerhub.icu https://upnuemce.mirror.aliyuncs.com"
|
||||
["registry.k8s.io"]="https://registry.k8s.io https://k8s.m.daocloud.io"
|
||||
["docker.elastic.co"]="https://docker.elastic.co https://elastic.m.daocloud.io"
|
||||
["gcr.io"]="https://gcr.io https://gcr.m.daocloud.io"
|
||||
@@ -106,9 +106,19 @@ done
|
||||
nerdctl --namespace k8s.io image prune -a --force
|
||||
nerdctl --namespace default image prune -a --force
|
||||
|
||||
# 重启 containerd 服务
|
||||
echo "重启 containerd 服务..."
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user restart containerd
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl restart containerd
|
||||
|
||||
# 测试配置是否生效
|
||||
echo '测试配置是否生效...'
|
||||
if ctr --namespace=default image pull --hosts-dir "$CONFIG_PATH" docker.io/library/alpine:latest; then
|
||||
# nerdctl --namespace=default pull docker.io/bioconductor/cuda:devel
|
||||
# nerdctl --namespace=default pull docker.io/bioconductor/cuda:devel-R-devel
|
||||
# nerdctl --namespace=default --hosts-dir="$HOME/.config/containerd/certs.d" pull docker.io/ollama/ollama:latest
|
||||
if nerdctl --namespace=default --hosts-dir="$CONFIG_PATH" pull docker.io/library/alpine:latest; then
|
||||
echo "镜像加速配置成功!"
|
||||
else
|
||||
echo "镜像加速配置失败,请检查配置。"
|
||||
|
||||
49
nerdctl/setup_nerdctl_config_rootless.sh
Executable file
49
nerdctl/setup_nerdctl_config_rootless.sh
Executable file
@@ -0,0 +1,49 @@
|
||||
#!/bin/bash
|
||||
|
||||
# setup_nerdctl_config.sh
|
||||
# 说明:此脚本用于配置 nerdctl 的 rootless 模式配置文件 ~/.config/nerdctl/nerdctl.toml。
|
||||
# 该配置文件包含 nerdctl 的基础配置,如调试模式、socket 地址、命名空间等。
|
||||
|
||||
# 获取当前用户
|
||||
CURRENT_USER=$(whoami)
|
||||
echo "当前用户:$CURRENT_USER"
|
||||
|
||||
# 配置文件路径
|
||||
CONFIG_DIR="$HOME/.config/nerdctl"
|
||||
CONFIG_FILE="$CONFIG_DIR/nerdctl.toml"
|
||||
|
||||
# 创建配置目录
|
||||
mkdir -p "$CONFIG_DIR"
|
||||
|
||||
# 生成 nerdctl 配置文件
|
||||
echo "生成 nerdctl 配置文件..."
|
||||
cat > "$CONFIG_FILE" <<EOF
|
||||
debug = false
|
||||
address = "unix:///run/containerd/containerd.sock"
|
||||
namespace = "buildkit"
|
||||
snapshotter = "overlayfs"
|
||||
cgroup_manager = "cgroupfs"
|
||||
hosts_dir = ["$HOME/.config/containerd/certs.d"]
|
||||
experimental = true
|
||||
EOF
|
||||
|
||||
# 确保 /run/containerd/containerd.sock 权限正确
|
||||
echo "配置 containerd.sock 的权限..."
|
||||
sudo groupadd -f containerd # 创建 containerd 组(如果不存在)
|
||||
sudo usermod -aG containerd "$CURRENT_USER" # 将当前用户添加到 containerd 组
|
||||
sudo chgrp containerd /run/containerd/containerd.sock
|
||||
sudo chmod 660 /run/containerd/containerd.sock
|
||||
|
||||
# 重启相关服务
|
||||
echo "重启相关服务以应用新配置..."
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user restart nerdctl
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl restart containerd
|
||||
|
||||
# 提示用户重新登录以应用对组的更改
|
||||
echo "完成。请重新登录会话以应用对 containerd 组的更改,使 $CURRENT_USER 可以使用 /run/containerd/containerd.sock。"
|
||||
|
||||
# 输出完成信息
|
||||
echo "nerdctl 配置文件已生成: $CONFIG_FILE"
|
||||
echo "相关服务已重启,详细配置选项请参考官方文档:https://github.com/containerd/nerdctl/blob/main/docs/config.md"
|
||||
81
nerdctl/setup_nvidia_docker_containerd_rootless.sh
Executable file
81
nerdctl/setup_nvidia_docker_containerd_rootless.sh
Executable file
@@ -0,0 +1,81 @@
|
||||
#!/bin/bash
|
||||
|
||||
# 获取当前执行脚本的用户
|
||||
CURRENT_USER=$(whoami)
|
||||
echo "当前用户:$CURRENT_USER"
|
||||
|
||||
# 安装 NVIDIA Docker 工具包
|
||||
install_nvidia_docker() {
|
||||
echo "正在安装 NVIDIA Docker..."
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y curl gnupg lsb-release
|
||||
|
||||
# 配置 NVIDIA Docker 源
|
||||
if ! grep -q "^deb .\+nvidia-container-toolkit" /etc/apt/sources.list /etc/apt/sources.list.d/*; then
|
||||
curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg \
|
||||
&& curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
|
||||
sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | \
|
||||
sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list
|
||||
else
|
||||
echo "NVIDIA Docker 源已经配置,跳过此步骤。"
|
||||
fi
|
||||
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y nvidia-container-toolkit
|
||||
}
|
||||
|
||||
# 配置 NVIDIA Container Toolkit
|
||||
configure_nvidia_ctk() {
|
||||
echo "正在配置 NVIDIA Container Toolkit..."
|
||||
|
||||
# 创建 Rootless 模式下的 containerd 配置目录
|
||||
mkdir -p "$HOME/.config/containerd"
|
||||
|
||||
# 配置 nvidia-ctk 到 Rootless 模式下的 config.toml
|
||||
nvidia-ctk runtime configure --runtime=containerd --config="$HOME/.config/containerd/config.toml"
|
||||
|
||||
# 确保 /etc/nvidia-container-runtime/config.toml 存在,并配置为默认 runtime
|
||||
if [ ! -f /etc/nvidia-container-runtime/config.toml ]; then
|
||||
sudo nvidia-ctk config --set default-runtime --config=/etc/nvidia-container-runtime/config.toml
|
||||
fi
|
||||
|
||||
# 配置 NVIDIA 共享库路径,确保加载 GPU 驱动
|
||||
echo "/usr/lib/x86_64-linux-gnu" | sudo tee /etc/ld.so.conf.d/nvidia.conf
|
||||
sudo ldconfig
|
||||
|
||||
# 添加 nvidia-container-cli 到 PATH
|
||||
if ! echo "$PATH" | grep -q "/usr/bin"; then
|
||||
echo 'export PATH=$PATH:/usr/bin' >> ~/.profile
|
||||
source ~/.profile
|
||||
fi
|
||||
}
|
||||
|
||||
# 启用 cgroup v2 支持和权限调整
|
||||
configure_cgroup_v2() {
|
||||
echo "配置 cgroup v2 支持..."
|
||||
sudo chmod -R 755 /sys/fs/cgroup
|
||||
sudo chown -R $(whoami) /sys/fs/cgroup
|
||||
|
||||
# 创建并设置 /etc/cni/tuning/allowlist.conf 文件
|
||||
sudo mkdir -p /etc/cni/tuning
|
||||
sudo touch /etc/cni/tuning/allowlist.conf
|
||||
sudo chmod 644 /etc/cni/tuning/allowlist.conf
|
||||
sudo chown -R $(whoami) /etc/cni
|
||||
}
|
||||
|
||||
# 重启 containerd 服务
|
||||
restart_containerd() {
|
||||
echo "重启 containerd 服务..."
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user restart containerd
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl restart containerd
|
||||
}
|
||||
|
||||
# 执行所有步骤
|
||||
install_nvidia_docker
|
||||
configure_nvidia_ctk
|
||||
configure_cgroup_v2
|
||||
restart_containerd
|
||||
|
||||
echo "所有步骤已完成,NVIDIA Docker 和 containerd 配置已更新。"
|
||||
Reference in New Issue
Block a user