폐쇄망 EC2에 Docker 설치하기

docker를 사용하려면 기본적으로 외부망(인터넷이 되는 환경)이 되는 환경이어야 하는데 폐쇄망에서 docker를 설치해야 하는 경우도 있다. 이럴 경우 어떻게 docker를 어떻게 설치하는지 알아보자. 

wget http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
wget http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/fuse3-libs-3.6.1-4.el7.x86_64.rpm
wget http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm
wget http://mirror.centos.org/centos-7/7/extras/x86_64/Packages/slirp4netns-0.4.3-4.el7_8.x86_64.rpm

wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.6.21-3.1.el7.x86_64.rpm
wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-compose-plugin-2.18.1-1.el7.x86_64.rpm
wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-buildx-plugin-0.10.5-1.el7.x86_64.rpm
wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-cli-24.0.1-1.el7.x86_64.rpm
wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-rootless-extras-24.0.2-1.el7.x86_64.rpm
wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-24.0.1-1.el7.x86_64.rpm

이제 S3를 통해 EC2로 옮긴다

$ aws s3 cp s3://aipin-bucket/docker-installer.zip /root
download: s3://aipin-bucket/docker-installer.zip to ./docker-installer.zip

$ unzip docker-installer.zip -d /root
Archive:  docker-installer.zip
   creating: /root/docker-installer/
  inflating: /root/docker-installer/docker-ce-cli-24.0.1-1.el7.x86_64.rpm
  inflating: /root/docker-installer/docker-ce-rootless-extras-24.0.2-1.el7.x86_64.rpm
  inflating: /root/docker-installer/docker-ce-24.0.1-1.el7.x86_64.rpm
  inflating: /root/docker-installer/docker-compose-plugin-2.18.1-1.el7.x86_64.rpm
  inflating: /root/docker-installer/slirp4netns-0.4.3-4.el7_8.x86_64.rpm
  inflating: /root/docker-installer/fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm
  inflating: /root/docker-installer/container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
  inflating: /root/docker-installer/docker-buildx-plugin-0.10.5-1.el7.x86_64.rpm
  inflating: /root/docker-installer/fuse3-libs-3.6.1-4.el7.x86_64.rpm
  inflating: /root/docker-installer/containerd.io-1.6.21-3.1.el7.x86_64.rpm

yum이 필요하니 설치

$ aws s3 cp s3://aipin-bucket/CentOS-7-x86_64-Everything-2009.iso /root
download: s3://aipin-bucket/CentOS-7-x86_64-Everything-2009.iso to ./CentOS-7-x86_64-Everything-2009.iso
$ cd /etc/yum.repos.d
$ ll
$ mkdir backup
$ mv *.repo backup/
$ cd backup
$ ll
$ vi local_repository

[Cento OS7 Repository]
name=CentOS Local Repository
baseurl=file:///root/local_repo/CentOS-7/
gpgcheck=0
enabled=1

$ yum clean all
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
There are no enabled repos.
 Run "yum repolist all" to see the repos you have.
 To enable Red Hat Subscription Management repositories:
     subscription-manager repos --enable <repo>
 To enable custom repositories:
     yum-config-manager --enable <repo>
$ yum repolist
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
repolist: 0

https://pkgs.org/ 여기서 필요한 패키지를 다운로드 한다.

S3를 통해 S3로 옮긴다.

$ aws s3 cp s3://aipin-bucket/createrepo_c-0.12.2-2.amzn2.0.2.x86_64.rpm /root
$ rpm -ivh createrepo_c-0.12.2-2.amzn2.0.2.x86_64.rpm

• -i 옵션은 설치를 의미합니다.
• -v 옵션은 상세 출력을 의미합니다.
• -h 옵션은 진행 상태를 해시 마크로 표시합니다.

에러가 났다.

$ rpm -ivh createrepo_c-0.12.2-2.amzn2.0.2.x86_64.rpm
error: Failed dependencies:
createrepo_c-libs = 0.12.2-2.amzn2.0.2 is needed by createrepo_c-0.12.2-2.amzn2.0.2.x86_64
libcreaterepo_c.so.0()(64bit) is needed by createrepo_c-0.12.2-2.amzn2.0.2.x86_64

의존성 문제를 해결하기 위해 필요한 패키지를 함께 설치해야 합니다. 이 경우에는 createrepo_c-libs와 libcreaterepo_c.so.0 라이브러리를 포함하는 패키지를 함께 설치해야 합니다.

마찬가지로 rpm 파일을 다운로드 후 s3 통해 EC2에 추가하였다.

$ rpm -ivh createrepo_c-libs-0.12.2-2.amzn2.0.2.x86_64.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:createrepo_c-libs-0.12.2-2.amzn2.################################# [100%]

$ rpm -ivh createrepo_c-0.12.2-2.amzn2.0.2.x86_64.rpm
Preparing...                          ################################# [100%]
package createrepo_c-0.12.2-2.amzn2.0.2.x86_64 is already installed

yum-utils 설치

$ aws s3 cp s3://aipin-bucket/yum-utils-1.1.31-45.amzn2.0.1.noarch.rpm/root
download: s3://aipin-bucket/yum-utils-1.1.31-45.amzn2.0.1.noarch.rpm to ./yum-utils-1.1.31-45.amzn2.0.1.noarch.rpm
$ rpm -ivh yum-utils-1.1.31-45.amzn2.0.1.noarch.rpm

다 때려치우고 amzn2extra-docker를 사용하여 Docker를 설치하겠다.

1. amzn2extra 리포지토리 활성화

$ sudo amazon-linux-extras install docker

하지만 에러가 났다

sudo amazon-linux-extras install docker
Installing docker
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Cleaning repos: amzn2-core amzn2extra-docker amzn2extra-epel amzn2extra-postgresql10 epel
              : nexusrepo
12 metadata files removed
0 sqlite files removed
0 metadata files removed
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
amzn2-core                                                         | 3.6 kB  00:00:00
amzn2extra-docker                                                  | 2.9 kB  00:00:00
amzn2extra-epel                                                    | 3.0 kB  00:00:00
amzn2extra-postgresql10                                            | 2.9 kB  00:00:00


 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=<repoid> ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable <repoid>
        or
            subscription-manager repos --disable=<repoid>

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

Cannot retrieve metalink for repository: epel/x86_64. Please verify its path and try again
Installation failed. Check that you have permissions to install.

현재 문제는 epel 리포지토리가 활성화되어 있지만 해당 리포지토리에 접근할 수 없어서 발생하는 것이다.

일시적으로 epel 리보지토리를 비활성화하고 진행하곘다.

$ sudo yum --disablerepo=epel install docker

잘 설치되었다.

2. Docker 서비스 시작 및 자동 시작 설정

Docker가 설치된 후, Docker 데몬을 시작하고 시스템 부팅 시 자동으로 시작되도록 설정해야 한다.

$ sudo systemctl start docker
$ sudo systemctl enable docker

3. Docker 버전 확인

$ docker --version
Docker version 25.0.3, build 4debf41

4. 현재 사용자에게 Docker 권한 부여

기본적으로 Docker 명령어는 루트 사용자 권한이 필요하다.
그러나 일반 사용자로 Docker를 사용하려면 해당 사용자를 docker 그룹에 추가해야 한다.

sudo usermod -aG docker $USER

이 명령어를 실행한 후, 변경 사항을 적용하려면 로그아웃했다가 다시 로그인해야 한다.

5. Docker 설치 확인

docker run hello-world

references:
https://dev-luna-archive.tistory.com/36
https://oingdaddy.tistory.com/134
https://velog.io/@hognod/Docker-Install-Offline
https://finai.tistory.com/2