docker配置文件说明
新版本的docker中,已废弃/etc/sysconfig/docker这种配置方式,转而采用/etc/docker/daemon.json来配置
下面简单列一下daemon.json的配置项与说明:
{
"api-cors-header": "",
"authorization-plugins": [],
"bip": "",
"bridge": "",
"cgroup-parent": "",
"cluster-store": "",
"cluster-store-opts": {},
"cluster-advertise": "",
"debug": true, #启用debug的模式,启用后,可以看到很多的启动信息。默认 false
"default-gateway": "",
"default-gateway-v6": "",
"default-runtime": "runc",
"default-ulimits": {},
"disable-legacy-registry": false,
"dns": ["192.168.80.1"], // 设定容器DNS的地址,在容器的 /etc/resolv.conf 文件中可查看。
"dns-opts": [], // 参考:Docker的启动参数
"dns-search": [], // 参考:Docker的启动参数
"exec-opts": [],
"exec-root": "",
"fixed-cidr": "",
"fixed-cidr-v6": "",
"graph": "/var/lib/docker", #已废弃,使用data-root代替
"data-root": "/var/lib/docker", #Docker运行时使用的根路径,根路径下的内容稍后介绍,
默认/var/lib/docker
"group": "", #Unix套接字的属组,仅指/var/run/docker.sock
"hosts": [], #设置容器hosts
"icc": false,
"insecure-registries": [],
"ip": "0.0.0.0",
"iptables": false,
"ipv6": false,
"ip-forward": false, // 参考:Docker的启动参数
"ip-masq": false,
"labels": ["nodeName=node-121"], //参考:Docker的启动参数
"live-restore": true,
"log-driver": "",
"log-level": "",
"log-opts": {},
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"mtu": 0,
"oom-score-adjust": -500,
"pidfile": "", #Docker守护进程的PID文件
"raw-logs": false,
"registry-mirrors": ["xxxx"], #镜像加速的地址,增加后在 docker info 中可查看。
"runtimes": {
"runc": {
"path": "runc"
},
"custom": {
"path": "/usr/local/bin/my-runc-replacement",
"runtimeArgs": [
"--debug"
]
}
},
"selinux-enabled": false, #参考:Docker的启动参数
"storage-driver": "",
"storage-opts": [],
"swarm-default-advertise-addr": "",
"tls": true, #参考:Docker的启动参数
"tlscacert": "", #参考:Docker的启动参数
"tlscert": "", #参考:Docker的启动参数
"tlskey": "", #参考:Docker的启动参数
"tlsverify": true, #参考:Docker的启动参数
"userland-proxy": false,
"userns-remap": ""
}docker systemd启动说明
systemd配置文件示例:
# /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd://
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
# 解决目录被其它的容器挂载使用,导致已经退出的容器无法被删除的问题
MountFlags=slave
[Install]
WantedBy=multi-user.target