87 lines
2.3 KiB
Bash
Executable File
87 lines
2.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -ex
|
|
|
|
[[ $(uname) = Linux ]] || exit 1
|
|
[[ $USER = root ]] || exit 1
|
|
|
|
apt-get update
|
|
apt-get install -y \
|
|
apt-transport-https \
|
|
ca-certificates \
|
|
curl \
|
|
software-properties-common \
|
|
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
|
|
|
|
add-apt-repository \
|
|
"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
|
|
|
apt-get update
|
|
apt-get install -y docker-ce
|
|
|
|
cat > /lib/systemd/system/docker.service <<EOF
|
|
[Unit]
|
|
Description=Docker Application Container Engine
|
|
Documentation=https://docs.docker.com
|
|
BindsTo=containerd.service
|
|
After=network-online.target firewalld.service
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=notify
|
|
# the default is not to use systemd for cgroups because the delegate issues still
|
|
# exists and systemd currently does not support the cgroup feature set required
|
|
# for containers run by docker
|
|
ExecStart=/usr/bin/dockerd -H unix://
|
|
ExecReload=/bin/kill -s HUP '$MAINPID'
|
|
TimeoutSec=0
|
|
RestartSec=2
|
|
Restart=always
|
|
|
|
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
|
|
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
|
|
# to make them work for either version of systemd.
|
|
StartLimitBurst=3
|
|
|
|
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
|
|
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
|
|
# this option work for either version of systemd.
|
|
StartLimitInterval=60s
|
|
|
|
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
|
# in the kernel. We recommend using cgroups to do container-local accounting.
|
|
LimitNOFILE=infinity
|
|
LimitNPROC=infinity
|
|
LimitCORE=infinity
|
|
|
|
# Comment TasksMax if your systemd version does not support it.
|
|
# Only systemd 226 and above support this option.
|
|
TasksMax=infinity
|
|
|
|
# set delegate yes so that systemd does not reset the cgroups of docker containers
|
|
Delegate=yes
|
|
|
|
# kill only the docker process, not all processes in the cgroup
|
|
KillMode=process
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
cat > /etc/docker/daemon.json <<EOF
|
|
{
|
|
"ipv6": true,
|
|
"fixed-cidr-v6": "2001:db8:1::/64"
|
|
}
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable --now /lib/systemd/system/docker.service
|
|
|
|
# Grant the solana user access to docker
|
|
if id solana; then
|
|
addgroup solana docker
|
|
fi
|
|
|
|
docker run hello-world
|