#!/bin/sh
set -e
SCRIPT_COMMIT_SHA="a8a6b338bdfedd7ddefb96fe3e7fe7d4036d945a"CHANNEL="stable"DOWNLOAD_URL="https://download.docker.com"REPO_FILE="docker-ce.repo"VERSION="24.0.9"DIND_TEST_WAIT=${DIND_TEST_WAIT:-3s}# Wait time until docker start at dind test env# Issue https://github.com/rancher/rancher/issues/29246adjust_repo_releasever(){DOWNLOAD_URL="https://download.docker.com"case$1 in
7*)releasever=7;; 8*)releasever=8;; *)# fedora, or unsupportedreturn;;esacfor channel in "stable""test""nightly";do$sh_c"$config_manager --setopt=docker-ce-${channel}.baseurl=${DOWNLOAD_URL}/linux/centos/${releasever}/\\\$basearch/${channel} --save"$sh_c"$config_manager --setopt=docker-ce-${channel}-debuginfo.baseurl=${DOWNLOAD_URL}/linux/centos/${releasever}/debug-\\\$basearch/${channel} --save"$sh_c"$config_manager --setopt=docker-ce-${channel}-source.baseurl=${DOWNLOAD_URL}/linux/centos/${releasever}/source/${channel} --save"done}mirror=''DRY_RUN=${DRY_RUN:-}while[$# -gt 0];docase"$1" in
--mirror)mirror="$2"shift;; --dry-run)DRY_RUN=1;; --*)echo"Illegal option $1";;esacshift$(($# > 0 ? 1 : 0))donecase"$mirror" in
Aliyun)DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce";;AzureChinaCloud)DOWNLOAD_URL="https://mirror.azure.cn/docker-ce";;esacstart_docker(){if[ ! -z "$DIND_TEST"];then# Starting dockerd manually due to dind env is not using systemd dockerd & sleep "$DIND_TEST_WAIT"elif[ -d '/run/systemd/system'];then$sh_c'systemctl start docker'else$sh_c'service docker start'fi}command_exists(){command -v "$@" >/dev/null 2>&1}# version_gte checks if the version specified in $VERSION is at least# the given CalVer (YY.MM) version. returns 0 (success) if $VERSION is either# unset (=latest) or newer or equal than the specified version. Returns 1 (fail)# otherwise.## examples:## VERSION=20.10# version_gte 20.10 // 0 (success)# version_gte 19.03 // 0 (success)# version_gte 21.10 // 1 (fail)version_gte(){if[ -z "$VERSION"];thenreturn0fieval calver_compare "$VERSION""$1"}# calver_compare compares two CalVer (YY.MM) version strings. returns 0 (success)# if version A is newer or equal than version B, or 1 (fail) otherwise. Patch# releases and pre-release (-alpha/-beta) are not taken into account## examples:## calver_compare 20.10 19.03 // 0 (success)# calver_compare 20.10 20.10 // 0 (success)# calver_compare 19.03 20.10 // 1 (fail)calver_compare()(set +x
yy_a="$(echo"$1"| cut -d'.' -f1)"yy_b="$(echo"$2"| cut -d'.' -f1)"if["$yy_a" -lt "$yy_b"];thenreturn1fiif["$yy_a" -gt "$yy_b"];thenreturn0fimm_a="$(echo"$1"| cut -d'.' -f2)"mm_b="$(echo"$2"| cut -d'.' -f2)"if["${mm_a#0}" -lt "${mm_b#0}"];thenreturn1fireturn0)is_dry_run(){if[ -z "$DRY_RUN"];thenreturn1elsereturn0fi}is_wsl(){case"$(uname -r)" in
*microsoft*)true;;# WSL 2 *Microsoft*)true;;# WSL 1 *)false;;esac}is_darwin(){case"$(uname -s)" in
*darwin*)true;; *Darwin*)true;; *)false;;esac}deprecation_notice(){distro=$1distro_version=$2echoprintf"\033[91;1mDEPRECATION WARNING\033[0m\n"printf" This Linux distribution (\033[1m%s %s\033[0m) reached end-of-life and is no longer supported by this script.\n""$distro""$distro_version"echo" No updates or security fixes will be released for this distribution, and users are recommended"echo" to upgrade to a currently maintained version of $distro."echoprintf"Press \033[1mCtrl+C\033[0m now to abort this script, or wait for the installation to continue."echo sleep 10}get_distribution(){lsb_dist=""# Every system that we officially support has /etc/os-releaseif[ -r /etc/os-release ];thenlsb_dist="$(. /etc/os-release &&echo"$ID")"fi# Returning an empty string here should be alright since the# case statements don't act unless you provide an actual valueecho"$lsb_dist"}echo_docker_as_nonroot(){if is_dry_run;thenreturnfiif command_exists docker &&[ -e /var/run/docker.sock ];then(set -x
$sh_c'docker version')||truefi# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the outputechoecho"================================================================================"echoif version_gte "20.10";thenecho"To run Docker as a non-privileged user, consider setting up the"echo"Docker daemon in rootless mode for your user:"echoecho" dockerd-rootless-setuptool.sh install"echoecho"Visit https://docs.docker.com/go/rootless/ to learn about rootless mode."echofiechoecho"To run the Docker daemon as a fully privileged service, but granting non-root"echo"users access, refer to https://docs.docker.com/go/daemon-access/"echoecho"WARNING: Access to the remote API on a privileged Docker daemon is equivalent"echo" to root access on the host. Refer to the 'Docker daemon attack surface'"echo" documentation for details: https://docs.docker.com/go/attack-surface/"echoecho"================================================================================"echo}# Check if this is a forked Linux distrocheck_forked(){# Check for lsb_release command existence, it usually exists in forked distrosif command_exists lsb_release;then# Check if the `-u` option is supportedset +e
lsb_release -a -u >/dev/null 2>&1lsb_release_exit_code=$?set -e
# Check if the command has exited successfully, it means we're in a forked distroif["$lsb_release_exit_code"="0"];then# Print info about current distro cat <<-EOF
You're using '$lsb_dist' version '$dist_version'.
EOF# Get the upstream release infolsb_dist=$(lsb_release -a -u 2>&1| tr '[:upper:]''[:lower:]'| grep -E 'id'| cut -d ':' -f 2| tr -d '[:space:]')dist_version=$(lsb_release -a -u 2>&1| tr '[:upper:]''[:lower:]'| grep -E 'codename'| cut -d ':' -f 2| tr -d '[:space:]')# Print info about upstream distro cat <<-EOF
Upstream release is '$lsb_dist' version '$dist_version'.
EOFelseif[ -r /etc/debian_version ]&&["$lsb_dist" !="ubuntu"]&&["$lsb_dist" !="raspbian"];thenif["$lsb_dist"="osmc"];then# OSMC runs Raspbianlsb_dist=raspbian
else# We're Debian and don't even know it!lsb_dist=debian
fidist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"case"$dist_version" in
12)dist_version="bookworm";; 11)dist_version="bullseye";; 10)dist_version="buster";; 9)dist_version="stretch";; 8)dist_version="jessie";;esacfififi}do_install(){echo"# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"if command_exists docker;then cat >&2<<-'EOF'
Warning: the "docker" command appears to already exist on this system.
If you already have Docker installed, this script can cause trouble, which is
why we're displaying this warning and provide the opportunity to cancel the
installation.
If you installed the current Docker package using this script and are using it
again to update Docker, you can safely ignore this message.
You may press Ctrl+C now to abort this script.
EOF(set -x
sleep 20)fiuser="$(id -un 2>/dev/null ||true)"sh_c='sh -c'if["$user" !='root'];thenif command_exists sudo;thensh_c='sudo -E sh -c'elif command_exists su;thensh_c='su -c'else cat >&2<<-'EOF'
Error: this installer needs the ability to run commands as root.
We are unable to find either "sudo" or "su" available to make this happen.
EOFexit1fifiif is_dry_run;thensh_c="echo"fi# perform some very rudimentary platform detectionlsb_dist=$(get_distribution)lsb_dist="$(echo"$lsb_dist"| tr '[:upper:]''[:lower:]')"if is_wsl;thenechoecho"WSL DETECTED: We recommend using Docker Desktop for Windows."echo"Please get Docker Desktop from https://www.docker.com/products/docker-desktop"echo cat >&2<<-'EOF'
You may press Ctrl+C now to abort this script.
EOF(set -x
sleep 20)ficase"$lsb_dist" in
ubuntu)if command_exists lsb_release;thendist_version="$(lsb_release --codename | cut -f2)"fiif[ -z "$dist_version"]&&[ -r /etc/lsb-release ];thendist_version="$(. /etc/lsb-release &&echo"$DISTRIB_CODENAME")"fi;; debian | raspbian)dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"case"$dist_version" in
12)dist_version="bookworm";; 11)dist_version="bullseye";; 10)dist_version="buster";; 9)dist_version="stretch";; 8)dist_version="jessie";;esac;; centos | rhel | sles | rocky)if[ -z "$dist_version"]&&[ -r /etc/os-release ];thendist_version="$(. /etc/os-release &&echo"$VERSION_ID")"fi;; oracleserver | ol)lsb_dist="ol"# need to switch lsb_dist to match yum repo URLdist_version="$(rpm -q --whatprovides redhat-release --queryformat "%{VERSION}\n"| sed 's/\/.*//'| sed 's/\..*//'| sed 's/Server*//')";; *)if command_exists lsb_release;thendist_version="$(lsb_release --release | cut -f2)"fiif[ -z "$dist_version"]&&[ -r /etc/os-release ];thendist_version="$(. /etc/os-release &&echo"$VERSION_ID")"fi;;esac# Check if this is a forked Linux distro check_forked
# Print deprecation warnings for distro versions that recently reached EOL,# but may still be commonly used (especially LTS versions).case"$lsb_dist.$dist_version" in
debian.stretch | debian.jessie) deprecation_notice "$lsb_dist""$dist_version";; raspbian.stretch | raspbian.jessie) deprecation_notice "$lsb_dist""$dist_version";; ubuntu.xenial | ubuntu.trusty) deprecation_notice "$lsb_dist""$dist_version";; fedora.*)if["$dist_version" -lt 36];then deprecation_notice "$lsb_dist""$dist_version"fi;;esac# Run setup for each distro accordinglycase"$lsb_dist" in
ubuntu | debian | raspbian)pre_reqs="apt-transport-https ca-certificates curl"if ! command -v gpg >/dev/null;thenpre_reqs="$pre_reqs gnupg"fiapt_repo="deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] $DOWNLOAD_URL/linux/$lsb_dist$dist_version$CHANNEL"(if ! is_dry_run;thenset -x
fi$sh_c'apt-get update -qq >/dev/null'$sh_c"DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"$sh_c'mkdir -p /etc/apt/keyrings && chmod -R 0755 /etc/apt/keyrings'$sh_c"curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg"$sh_c"chmod a+r /etc/apt/keyrings/docker.gpg"$sh_c"echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"$sh_c'apt-get update -qq >/dev/null')pkg_version=""if[ -n "$VERSION"];thenif is_dry_run;thenecho"# WARNING: VERSION pinning is not supported in DRY_RUN"else# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channelpkg_pattern="$(echo"$VERSION"| sed "s/-ce-/~ce~.*/g"| sed "s/-/.*/g")"search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"pkg_version="$($sh_c"$search_command")"echo"INFO: Searching repository for VERSION '$VERSION'"echo"INFO: $search_command"if[ -z "$pkg_version"];thenechoecho"ERROR: '$VERSION' not found amongst apt-cache madison results"echoexit1fiif version_gte "18.09";thensearch_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"echo"INFO: $search_command"cli_pkg_version="=$($sh_c"$search_command")"fipkg_version="=$pkg_version"fifi(pkgs="docker-ce${pkg_version%=}"if version_gte "18.09";then# older versions didn't ship the cli and containerd as separate packagespkgs="$pkgs docker-ce-cli${cli_pkg_version%=} containerd.io"fiif version_gte "20.10";thenpkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"fiif version_gte "23.0";thenpkgs="$pkgs docker-buildx-plugin"fiif ! is_dry_run;thenset -x
fi$sh_c"DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pkgs >/dev/null" start_docker
) echo_docker_as_nonroot
exit0;; centos | fedora | rhel | ol | rocky)# set vault.centos.or repo as CentOS8 is now EOLif["$lsb_dist"="centos"]&&["$dist_version" -ge "8"];then$sh_c"find /etc/yum.repos.d -type f -exec sed -i 's/mirrorlist=http:\/\/mirrorlist.centos.org/\#mirrorlist=http:\/\/mirrorlist.centos.org/g' {} \;"$sh_c"find /etc/yum.repos.d -type f -exec sed -i 's/\#baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/vault.centos.org/g' {} \;"$sh_c"dnf swap centos-linux-repos centos-stream-repos -y"fiif["$lsb_dist"="fedora"];thenpkg_manager="dnf"config_manager="dnf config-manager"enable_channel_flag="--set-enabled"disable_channel_flag="--set-disabled"pre_reqs="dnf-plugins-core"pkg_suffix="fc$dist_version"elsepkg_manager="yum"config_manager="yum-config-manager"enable_channel_flag="--enable"disable_channel_flag="--disable"pre_reqs="yum-utils"pkg_suffix="el"firepo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"if["$lsb_dist"="ol"]||["$lsb_dist"="rocky"]||["$lsb_dist"="rhel"];thenrepo_file_url="$DOWNLOAD_URL/linux/centos/$REPO_FILE"fi(if ! is_dry_run;thenset -x
fi$sh_c"$pkg_manager install -y -q $pre_reqs"$sh_c"$config_manager --add-repo $repo_file_url"if["$CHANNEL" !="stable"];then$sh_c"$config_manager$disable_channel_flag docker-ce-*"$sh_c"$config_manager$enable_channel_flag docker-ce-$CHANNEL"fiif["$lsb_dist"="rhel"]||["$lsb_dist"="ol"];then adjust_repo_releasever "$dist_version"# Add extra repo for version 7.xif[["$dist_version"=~ "7."]]||["$dist_version"=="7"];thenif["$lsb_dist"="rhel"];then$sh_c"$config_manager$enable_channel_flag rhui-REGION-rhel-server-extras"$sh_c"$config_manager$enable_channel_flag rhui-rhel-7-server-rhui-extras-rpms"$sh_c"$config_manager$enable_channel_flag rhui-rhel-7-for-arm-64-extras-rhui-rpms"$sh_c"$config_manager$enable_channel_flag rhel-7-server-rhui-extras-rpms"$sh_c"$config_manager$enable_channel_flag rhel-7-server-extras-rpms"else$sh_c"$config_manager$enable_channel_flag ol7_addons"# Adding OL7 developer repo if doesn't existif["$(yum repolist | grep yum.oracle.com_repo_OracleLinux_OL7_developer >/dev/null ||echo add)"=="add"];then$sh_c"$config_manager --add-repo https://yum.oracle.com/repo/OracleLinux/OL7/developer/x86_64"fifififi$sh_c"$pkg_manager makecache")pkg_version=""if[ -n "$VERSION"];thenif is_dry_run;thenecho"# WARNING: VERSION pinning is not supported in DRY_RUN"elsepkg_pattern="$(echo"$VERSION"| sed "s/-ce-/\\\\.ce.*/g"| sed "s/-/.*/g").*$pkg_suffix"search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"pkg_version="$($sh_c"$search_command")"echo"INFO: Searching repository for VERSION '$VERSION'"echo"INFO: $search_command"if[ -z "$pkg_version"];thenechoecho"ERROR: '$VERSION' not found amongst $pkg_manager list results"echoexit1fiif version_gte "18.09";then# older versions don't support a cli packagesearch_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"cli_pkg_version="$($sh_c"$search_command"| cut -d':' -f 2)"fi# Cut out the epoch and prefix with a '-'pkg_version="-$(echo"$pkg_version"| cut -d':' -f 2)"fifi(pkgs="docker-ce$pkg_version"if version_gte "18.09";then# older versions didn't ship the cli and containerd as separate packagesif[ -n "$cli_pkg_version"];thenpkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"elsepkgs="$pkgs docker-ce-cli containerd.io"fifiif version_gte "20.10";thenpkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"fiif version_gte "23.0";thenpkgs="$pkgs docker-buildx-plugin"fiif ! is_dry_run;thenset -x
fi$sh_c"$pkg_manager install -y -q $pkgs") echo_docker_as_nonroot
exit0;; sles)if["$(uname -m)" !="s390x"];thenecho"Packages for SLES are currently only available for s390x"exit1fiif["$dist_version"="15.3"];thensles_version="SLE_15_SP3"elsesles_version="SLE_15_SP2"fiopensuse_repo="https://download.opensuse.org/repositories/security:SELinux/$sles_version/security:SELinux.repo"repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"pre_reqs="ca-certificates curl libseccomp2 awk"(if ! is_dry_run;thenset -x
fi$sh_c"zypper install -y $pre_reqs"$sh_c"zypper addrepo $repo_file_url"if ! is_dry_run;then cat >&2<<-'EOF'
WARNING!!
openSUSE repository (https://download.opensuse.org/repositories/security:SELinux) will be enabled now.
Do you wish to continue?
You may press Ctrl+C now to abort this script.
EOF(set -x
sleep 30)fi$sh_c"zypper addrepo $opensuse_repo"$sh_c"zypper --gpg-auto-import-keys refresh"$sh_c"zypper lr -d")pkg_version=""if[ -n "$VERSION"];thenif is_dry_run;thenecho"# WARNING: VERSION pinning is not supported in DRY_RUN"elsepkg_pattern="$(echo"$VERSION"| sed "s/-ce-/\\\\.ce.*/g"| sed "s/-/.*/g")"search_command="zypper search -s --match-exact 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"pkg_version="$($sh_c"$search_command")"echo"INFO: Searching repository for VERSION '$VERSION'"echo"INFO: $search_command"if[ -z "$pkg_version"];thenechoecho"ERROR: '$VERSION' not found amongst zypper list results"echoexit1fisearch_command="zypper search -s --match-exact 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"# It's okay for cli_pkg_version to be blank, since older versions don't support a cli packagecli_pkg_version="$($sh_c"$search_command")"pkg_version="-$pkg_version"fifi(pkgs="docker-ce$pkg_version"if version_gte "18.09";thenif[ -n "$cli_pkg_version"];then# older versions didn't ship the cli and containerd as separate packagespkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"elsepkgs="$pkgs docker-ce-cli containerd.io"fifiif version_gte "20.10";thenpkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"fiif version_gte "23.0";thenpkgs="$pkgs docker-buildx-plugin"fiif ! is_dry_run;thenset -x
fi$sh_c"zypper -q install -y $pkgs"if ! command_exists iptables;then$sh_c"$pkg_manager install -y -q iptables"fi start_docker
) echo_docker_as_nonroot
exit0;; rancheros)(set -x
$sh_c"sleep 3;ros engine list --update"engine_version="$(sudo ros engine list | awk '{print $2}'| grep "${docker_version}"| tail -n 1)"if["$engine_version" !=""];then$sh_c"ros engine switch -f $engine_version"fi)exit0;; *)if[ -z "$lsb_dist"];thenif is_darwin;thenechoecho"ERROR: Unsupported operating system 'macOS'"echo"Please get Docker Desktop from https://www.docker.com/products/docker-desktop"echoexit1fifiechoecho"ERROR: Unsupported distribution '$lsb_dist'"echoexit1;;esacexit1}# wrapped up in a function so that we have some protection against only getting# half the file during "curl | sh"do_install
为了防止安装后自动升级覆盖了docker,Ubuntu可以使用sudo apt-mark hold docker-ce docker-ce-cli docker-ce-rootless-extras锁定版本,其他发行版也有类似的命令。
tryao