Skip to content
My docker setup scripts
Shell Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
setup-devtools
setup-router
LICENSE
README.md
arch.devtools.Dockerfile
arch.router.Dockerfile
build-nftables.sh
build-podman.sh
centos7.devtools.Dockerfile
centos7.install-devtools.sh
centos8.devtools.Dockerfile
centos8.install-devtools.sh
centos8.router.Dockerfile
cleanup.devtools.sh
debian.devtools.Dockerfile
debian.install-devtools.sh
debian10.router.raw.Dockerfile
replace-source.sh
setup.sshd.sh
ubuntu.devtools.Dockerfile
ubuntu.install-devtools.sh

README.md

docker setup script

ENV:

  • SETUP_INSTALL_PROXY="http proxy"
  • SETUP_INSTALL_PREFIX
  • SETUP_WORK_DIR

启动命令备注

# 带systemd
podman run docker run -d --systemd true IMAGE /sbin/init
## systemd expects to have /run, /run/lock and /tmp on tmpfs
## It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal
## docker run -d --cap-add=SYS_ADMIN -v /sys/fs/cgroup:/sys/fs/cgroup IMAGE /sbin/init
## Mount list come from setupSystemd@libpod/container_internal_linux.go on https://github.com/containers/libpod
docker build --tag router-base -f debian10.router.raw.Dockerfile
docker run -d --name router --cap-add=SYS_ADMIN                                             \
        --mount type=tmpfs,target=/run,tmpfs-mode=1777,tmpfs-size=67108864                  \
        --mount type=tmpfs,target=/run/lock,tmpfs-mode=1777,tmpfs-size=67108864             \
        --mount type=tmpfs,target=/tmp,tmpfs-mode=1777                                      \
        --mount type=tmpfs,target=/var/log/journal,tmpfs-mode=1777                          \
        --mount type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup                       \
        IMAGE /sbin/init
        # --mount type=bind,source=/sys/fs/cgroup/systemd,target=/sys/fs/cgroup/systemd

# 路由
podman build --tag router-base -f debian10.router.raw.Dockerfile
podman run -d --name router --systemd true                                                  \
       --mount type=bind,source=/home/router,target=/home/router                            \
       --mount type=bind,source=/opt/nftables,target=/opt/nftables,ro=true                  \
       --cap-add=NET_ADMIN --network=host router-base /sbin/init

podman run -d --name router --systemd true                                                  \
       --mount type=bind,source=/home/router,target=/home/router                            \
       --cap-add=NET_ADMIN --network=host router-base /lib/systemd/systemd

# @see https://docs.docker.com/engine/reference/builder/#entrypoint for detail about CMD and ENTRYPOINT

# 查看当前内核所有可用的模块
find /lib/modules/$(uname -r) -type f -name '*.ko*' | xargs basename -a | sort | uniq

# 查看已安装的内核所有可用的模块
find /lib/modules/ -type f -name '*.ko*' | awk '{if (match($0, /^\/lib\/modules\/([^\/]+).*\/([^\/]+)\.ko(\.[^\/\.]+)?$/, m)) {print m[1] " : " m[2];}}' | sort | uniq

# 查看和管理当前内核加载的模块信息
insmod/modprobe # 加载
rmmod           # 卸载
lsmod           # 查看系统中所有已经被加载了的所有的模块以及模块间的依赖关系
modinfo         # 获得模块的信息
cat /proc/modules  # 能够显示模块大小、在内核空间中的地址
cat /proc/devices  # 只显示驱动的主设备号,且是分类显示
ls /sys/modules    # 下面存在对应的驱动的目录,目录下包含驱动的分段信息等等。  

配置firewalld

apt/dnf/yum install firewalld;
systemctl enable firewalld;
systemctl start firewalld;
vim /etc/firewalld/firewalld.conf ; # using FirewallBackend=nftables
firewall-cmd --permanent --add-service=dhcp;
firewall-cmd --permanent --add-service=dhcpv6;
firewall-cmd --permanent --add-service=dhcpv6-client;
firewall-cmd --permanent --add-service=dns;
firewall-cmd --permanent --add-service=ssh;
# firewall-cmd --permanent --add-service=custom services;
# firewall-cmd --permanent --add-port=custom tcp port/tcp;
# firewall-cmd --permanent --add-port=custom udp port/udp;
firewall-cmd --reload ;
firewall-cmd --list-all ;

文档地址备注

更新内核备注

## CentOS - add elrepo from http://elrepo.org/tiki/tiki-index.php
yum/dnf --enablerepo=elrepo-kernel install kernel-ml kernel-ml-core kernel-ml-modules kernel-ml-devel kernel-ml-modules-extra

if [[ "x$NEED_KERNEL_TOOLS" != "x" ]] || [[ "x$NEED_REBUILD_GLIBC" != "x" ]]; then
    yum/dnf remove -y kernel-headers kernel-tools kernel-tools-libs ;
    yum/dnf --enablerepo=elrepo-kernel install -y kernel-ml-tools kernel-ml-tools-libs ;
fi
if [[ "x$NEED_REBUILD_GLIBC" != "x" ]]; then
    yum/dnf remove -y kernel-headers ;
    yum/dnf --enablerepo=elrepo-kernel install -y kernel-ml-headers ;
    # install gcc again
    yum/dnf install -y gcc gcc-c++ libtool ;
    yum/dnf --enablerepo=elrepo-kernel update -y;
fi

### Update boot order - CentOS/RHEL 8 only
for KERNEL_PATH in /boot/vmlinuz-* ; do 
    printf "============ %s ============\n%s\n" "$KERNEL_PATH" "$(grubby --info=$KERNEL_PATH)";
done
grubby --make-default ;
echo "Current boot -> Kernel: $(grubby --default-kernel), Index: $(grubby --default-index)" ;

### Update boot order - CentOS/RHEL 7 only
awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg ;
SELECT_KERNEL_INDEXS=($(awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg | grep -n '[(]\s*[4-9]\.' | cut -d: -f 1));
if [ ${#SELECT_KERNEL_INDEXS} -gt 0 ]; then
    ((SELECT_KERNEL_INDEX=${SELECT_KERNEL_INDEXS[0]}-1));
    grub2-set-default $SELECT_KERNEL_INDEX ;
    echo "Now, you can reboot to use kernel $(awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg | grep '[(]\s*[4-9]\.' | head -n 1) ";
    echo -e "Please to rerun this script if you want to update componments in this system, or use \\033[33;1myum --enablerepo=elrepo-kernel update -y\\033[0m to update system";
else
    echo -e "\\033[31;1mError: kernel 4.X or upper not found.\\033[0m";
fi

## Ubuntu - download from https://kernel.ubuntu.com/~kernel-ppa/mainline/ or run scripts below
apt search "linux-image-" | awk '$0 ~ /linux-image-[0-9\.-]+-generic/ {print $0}' ;
apt install linux-image-<VERSION>-generic

## Debian
apt search linux-image;
apt install linux-image-<VERSION>

Docker备注

yum/apt install -y docker-cednf install -y podman

# 手动设置docker需要的网桥
sudo brctl addbr docker0
sudo ip addr add 192.168.10.1/24 dev docker0
sudo ip link set dev docker0 up
ip addr show docker0

# 代理必须在启动脚本加环境变量
HTTP_PROXY=$http_proxy
HTTPS_PROXY=$https_proxy
NO_PROXY=$no_proxy

# /etc/docker/daemon.json 里可配不用验证证书的服务和存储位置
{
    "graph": "/data/docker-data",
    "storage-driver": "overlay",
    "insecure-registries" : [ "docker.io" ]
}
You can’t perform that action at this time.