87 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			87 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env bash
 | |
| set -ex
 | |
| 
 | |
| [[ $(uname) = Linux ]] || exit 1
 | |
| [[ $USER = root ]] || exit 1
 | |
| 
 | |
| apt-get update
 | |
| apt-get install -y \
 | |
|   apt-transport-https \
 | |
|   ca-certificates \
 | |
|   curl \
 | |
|   software-properties-common \
 | |
| 
 | |
| curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
 | |
| 
 | |
| add-apt-repository \
 | |
|   "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
 | |
| 
 | |
| apt-get update
 | |
| apt-get install -y docker-ce
 | |
| 
 | |
| cat > /lib/systemd/system/docker.service <<EOF
 | |
| [Unit]
 | |
| Description=Docker Application Container Engine
 | |
| Documentation=https://docs.docker.com
 | |
| BindsTo=containerd.service
 | |
| After=network-online.target firewalld.service
 | |
| Wants=network-online.target
 | |
| 
 | |
| [Service]
 | |
| Type=notify
 | |
| # the default is not to use systemd for cgroups because the delegate issues still
 | |
| # exists and systemd currently does not support the cgroup feature set required
 | |
| # for containers run by docker
 | |
| ExecStart=/usr/bin/dockerd -H unix://
 | |
| ExecReload=/bin/kill -s HUP '$MAINPID'
 | |
| TimeoutSec=0
 | |
| RestartSec=2
 | |
| Restart=always
 | |
| 
 | |
| # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
 | |
| # Both the old, and new location are accepted by systemd 229 and up, so using the old location
 | |
| # to make them work for either version of systemd.
 | |
| StartLimitBurst=3
 | |
| 
 | |
| # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
 | |
| # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
 | |
| # this option work for either version of systemd.
 | |
| StartLimitInterval=60s
 | |
| 
 | |
| # Having non-zero Limit*s causes performance problems due to accounting overhead
 | |
| # in the kernel. We recommend using cgroups to do container-local accounting.
 | |
| LimitNOFILE=infinity
 | |
| LimitNPROC=infinity
 | |
| LimitCORE=infinity
 | |
| 
 | |
| # Comment TasksMax if your systemd version does not support it.
 | |
| # Only systemd 226 and above support this option.
 | |
| TasksMax=infinity
 | |
| 
 | |
| # set delegate yes so that systemd does not reset the cgroups of docker containers
 | |
| Delegate=yes
 | |
| 
 | |
| # kill only the docker process, not all processes in the cgroup
 | |
| KillMode=process
 | |
| 
 | |
| [Install]
 | |
| WantedBy=multi-user.target
 | |
| EOF
 | |
| 
 | |
| cat > /etc/docker/daemon.json <<EOF
 | |
| {
 | |
|   "ipv6": true,
 | |
|   "fixed-cidr-v6": "2001:db8:1::/64"
 | |
| }
 | |
| EOF
 | |
| 
 | |
| systemctl daemon-reload
 | |
| systemctl enable --now /lib/systemd/system/docker.service
 | |
| 
 | |
| # Grant the solana user access to docker
 | |
| if id solana; then
 | |
|   addgroup solana docker
 | |
| fi
 | |
| 
 | |
| docker run hello-world
 |