在WSL2的Ubuntu中安装和使用Docker/Podman

在WSL2的Ubuntu中安装和使用Docker/Podman

0. 目的

当网络环境良好（例如在公司，能直接访问Google等）时， Docker/Podman 安装和使用不是问题。

当网络环境不佳（例如在家里），要把 WSL2 的 Ubuntu 安装好 Docker， 并顺利拉取 Docker/Podman 镜像， 并且运行的镜像实例也需要把网络问题搞定，我踩了5个坑， 记录如下。

我使用 WSL2， Ubuntu22.04。

1. 第一个坑：Docker Desktop 的 “诱惑”

Docker 官方文档太乱，两句话说清楚的非要写两百句， 动不动就让你安装 Docker Desktop。 装了有什么好处呢？ 除了潜在的 “商业用途， 交钱”，我没看到任何用处。

2. 第二个坑：艰难的获取 docker 安装脚本

不要和我提 ubuntu， centos， fedora 每个发行版的安装方式有差异。 docker 官方你老早就提供了一键安装脚本，为啥不放明显位置让我们使用呢？

网络如果 OK， 就这么一句话，完事儿了：

curl -fsSL https://get.docker.com/ | sh

然而网络不好，https://get.docker.com/ 从 WSL 里访问不到。 直接从 Windows 浏览器访问，发现就是一段脚本。 拷过来:

点击展开/折叠

#!/bin/sh
set -e
# Docker Engine for Linux installation script.
#
# This script is intended as a convenient way to configure docker's package
# repositories and to install Docker Engine, This script is not recommended
# for production environments. Before running this script, make yourself familiar
# with potential risks and limitations, and refer to the installation manual
# at https://docs.docker.com/engine/install/ for alternative installation methods.
#
# The script:
#
# - Requires `root` or `sudo` privileges to run.
# - Attempts to detect your Linux distribution and version and configure your
#   package management system for you.
# - Doesn't allow you to customize most installation parameters.
# - Installs dependencies and recommendations without asking for confirmation.
# - Installs the latest stable release (by default) of Docker CLI, Docker Engine,
#   Docker Buildx, Docker Compose, containerd, and runc. When using this script
#   to provision a machine, this may result in unexpected major version upgrades
#   of these packages. Always test upgrades in a test environment before
#   deploying to your production systems.
# - Isn't designed to upgrade an existing Docker installation. When using the
#   script to update an existing installation, dependencies may not be updated
#   to the expected version, resulting in outdated versions.
#
# Source code is available at https://github.com/docker/docker-install/
#
# Usage
# ==============================================================================
#
# To install the latest stable versions of Docker CLI, Docker Engine, and their
# dependencies:
#
# 1. download the script
#
#   $ curl -fsSL https://get.docker.com -o install-docker.sh
#
# 2. verify the script's content
#
#   $ cat install-docker.sh
#
# 3. run the script with --dry-run to verify the steps it executes
#
#   $ sh install-docker.sh --dry-run
#
# 4. run the script either as root, or using sudo to perform the installation.
#
#   $ sudo sh install-docker.sh
#
# Command-line options
# ==============================================================================
#
# --version <VERSION>
# Use the --version option to install a specific version, for example:
#
#   $ sudo sh install-docker.sh --version 23.0
#
# --channel <stable|test>
#
# Use the --channel option to install from an alternative installation channel.
# The following example installs the latest versions from the "test" channel,
# which includes pre-releases (alpha, beta, rc):
#
#   $ sudo sh install-docker.sh --channel test
#
# Alternatively, use the script at https://test.docker.com, which uses the test
# channel as default.
#
# --mirror <Aliyun|AzureChinaCloud>
#
# Use the --mirror option to install from a mirror supported by this script.
# Available mirrors are "Aliyun" (https://mirrors.aliyun.com/docker-ce), and
# "AzureChinaCloud" (https://mirror.azure.cn/docker-ce), for example:
#
#   $ sudo sh install-docker.sh --mirror AzureChinaCloud
#
# ==============================================================================# Git commit from https://github.com/docker/docker-install when
# the script was uploaded (Should only be modified by upload job):
SCRIPT_COMMIT_SHA="6d9743e9656cc56f699a64800b098d5ea5a60020"# strip "v" prefix if present
VERSION="${VERSION#v}"# The channel to install from:
#   * stable
#   * test
#   * edge (deprecated)
#   * nightly (deprecated)
DEFAULT_CHANNEL_VALUE="stable"
if [ -z "$CHANNEL" ]; thenCHANNEL=$DEFAULT_CHANNEL_VALUE
fiDEFAULT_DOWNLOAD_URL="https://download.docker.com"
if [ -z "$DOWNLOAD_URL" ]; thenDOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
fiDEFAULT_REPO_FILE="docker-ce.repo"
if [ -z "$REPO_FILE" ]; thenREPO_FILE="$DEFAULT_REPO_FILE"
fimirror=''
DRY_RUN=${DRY_RUN:-}
while [ $# -gt 0 ]; docase "$1" in--channel)CHANNEL="$2"shift;;--dry-run)DRY_RUN=1;;--mirror)mirror="$2"shift;;--version)VERSION="${2#v}"shift;;--*)echo "Illegal option $1";;esacshift $(( $# > 0 ? 1 : 0 ))
donecase "$mirror" inAliyun)DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce";;AzureChinaCloud)DOWNLOAD_URL="https://mirror.azure.cn/docker-ce";;"");;*)>&2 echo "unknown mirror '$mirror': use either 'Aliyun', or 'AzureChinaCloud'."exit 1;;
esaccase "$CHANNEL" instable|test);;edge|nightly)>&2 echo "DEPRECATED: the $CHANNEL channel has been deprecated and is no longer supported by this script."exit 1;;*)>&2 echo "unknown CHANNEL '$CHANNEL': use either stable or test."exit 1;;
esaccommand_exists() {command -v "$@" > /dev/null 2>&1
}# version_gte checks if the version specified in $VERSION is at least the given
# SemVer (Maj.Minor[.Patch]), or CalVer (YY.MM) version.It returns 0 (success)
# if $VERSION is either unset (=latest) or newer or equal than the specified
# version, or returns 1 (fail) otherwise.
#
# examples:
#
# VERSION=23.0
# version_gte 23.0  // 0 (success)
# version_gte 20.10 // 0 (success)
# version_gte 19.03 // 0 (success)
# version_gte 21.10 // 1 (fail)
version_gte() {if [ -z "$VERSION" ]; thenreturn 0fieval version_compare "$VERSION" "$1"
}# version_compare compares two version strings (either SemVer (Major.Minor.Path),
# or CalVer (YY.MM) version strings. It returns 0 (success) if version A is newer
# or equal than version B, or 1 (fail) otherwise. Patch releases and pre-release
# (-alpha/-beta) are not taken into account
#
# examples:
#
# version_compare 23.0.0 20.10 // 0 (success)
# version_compare 23.0 20.10   // 0 (success)
# version_compare 20.10 19.03  // 0 (success)
# version_compare 20.10 20.10  // 0 (success)
# version_compare 19.03 20.10  // 1 (fail)
version_compare() (set +xyy_a="$(echo "$1" | cut -d'.' -f1)"yy_b="$(echo "$2" | cut -d'.' -f1)"if [ "$yy_a" -lt "$yy_b" ]; thenreturn 1fiif [ "$yy_a" -gt "$yy_b" ]; thenreturn 0fimm_a="$(echo "$1" | cut -d'.' -f2)"mm_b="$(echo "$2" | cut -d'.' -f2)"# trim leading zeros to accommodate CalVermm_a="${mm_a#0}"mm_b="${mm_b#0}"if [ "${mm_a:-0}" -lt "${mm_b:-0}" ]; thenreturn 1fireturn 0
)is_dry_run() {if [ -z "$DRY_RUN" ]; thenreturn 1elsereturn 0fi
}is_wsl() {case "$(uname -r)" in*microsoft* ) true ;; # WSL 2*Microsoft* ) true ;; # WSL 1* ) false;;esac
}is_darwin() {case "$(uname -s)" in*darwin* ) true ;;*Darwin* ) true ;;* ) false;;esac
}deprecation_notice() {distro=$1distro_version=$2echoprintf "\033[91;1mDEPRECATION WARNING\033[0m\n"printf "    This Linux distribution (\033[1m%s %s\033[0m) reached end-of-life and is no longer supported by this script.\n" "$distro" "$distro_version"echo   "    No updates or security fixes will be released for this distribution, and users are recommended"echo   "    to upgrade to a currently maintained version of $distro."echoprintf   "Press \033[1mCtrl+C\033[0m now to abort this script, or wait for the installation to continue."echosleep 10
}get_distribution() {lsb_dist=""# Every system that we officially support has /etc/os-releaseif [ -r /etc/os-release ]; thenlsb_dist="$(. /etc/os-release && echo "$ID")"fi# Returning an empty string here should be alright since the# case statements don't act unless you provide an actual valueecho "$lsb_dist"
}echo_docker_as_nonroot() {if is_dry_run; thenreturnfiif command_exists docker && [ -e /var/run/docker.sock ]; then(set -x$sh_c 'docker version') || truefi# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the outputechoecho "================================================================================"echoif version_gte "20.10"; thenecho "To run Docker as a non-privileged user, consider setting up the"echo "Docker daemon in rootless mode for your user:"echoecho "    dockerd-rootless-setuptool.sh install"echoecho "Visit https://docs.docker.com/go/rootless/ to learn about rootless mode."echofiechoecho "To run the Docker daemon as a fully privileged service, but granting non-root"echo "users access, refer to https://docs.docker.com/go/daemon-access/"echoecho "WARNING: Access to the remote API on a privileged Docker daemon is equivalent"echo "         to root access on the host. Refer to the 'Docker daemon attack surface'"echo "         documentation for details: https://docs.docker.com/go/attack-surface/"echoecho "================================================================================"echo
}# Check if this is a forked Linux distro
check_forked() {# Check for lsb_release command existence, it usually exists in forked distrosif command_exists lsb_release; then# Check if the `-u` option is supportedset +elsb_release -a -u > /dev/null 2>&1lsb_release_exit_code=$?set -e# Check if the command has exited successfully, it means we're in a forked distroif [ "$lsb_release_exit_code" = "0" ]; then# Print info about current distrocat <<-EOFYou're using '$lsb_dist' version '$dist_version'.EOF# Get the upstream release infolsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')# Print info about upstream distrocat <<-EOFUpstream release is '$lsb_dist' version '$dist_version'.EOFelseif [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; thenif [ "$lsb_dist" = "osmc" ]; then# OSMC runs Raspbianlsb_dist=raspbianelse# We're Debian and don't even know it!lsb_dist=debianfidist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"case "$dist_version" in12)dist_version="bookworm";;11)dist_version="bullseye";;10)dist_version="buster";;9)dist_version="stretch";;8)dist_version="jessie";;esacfififi
}do_install() {echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"if command_exists docker; thencat >&2 <<-'EOF'Warning: the "docker" command appears to already exist on this system.If you already have Docker installed, this script can cause trouble, which iswhy we're displaying this warning and provide the opportunity to cancel theinstallation.If you installed the current Docker package using this script and are using itagain to update Docker, you can safely ignore this message.You may press Ctrl+C now to abort this script.EOF( set -x; sleep 20 )fiuser="$(id -un 2>/dev/null || true)"sh_c='sh -c'if [ "$user" != 'root' ]; thenif command_exists sudo; thensh_c='sudo -E sh -c'elif command_exists su; thensh_c='su -c'elsecat >&2 <<-'EOF'Error: this installer needs the ability to run commands as root.We are unable to find either "sudo" or "su" available to make this happen.EOFexit 1fifiif is_dry_run; thensh_c="echo"fi# perform some very rudimentary platform detectionlsb_dist=$( get_distribution )lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"if is_wsl; thenechoecho "WSL DETECTED: We recommend using Docker Desktop for Windows."echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop/"echocat >&2 <<-'EOF'You may press Ctrl+C now to abort this script.EOF( set -x; sleep 20 )ficase "$lsb_dist" inubuntu)if command_exists lsb_release; thendist_version="$(lsb_release --codename | cut -f2)"fiif [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; thendist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"fi;;debian|raspbian)dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"case "$dist_version" in12)dist_version="bookworm";;11)dist_version="bullseye";;10)dist_version="buster";;9)dist_version="stretch";;8)dist_version="jessie";;esac;;centos|rhel)if [ -z "$dist_version" ] && [ -r /etc/os-release ]; thendist_version="$(. /etc/os-release && echo "$VERSION_ID")"fi;;*)if command_exists lsb_release; thendist_version="$(lsb_release --release | cut -f2)"fiif [ -z "$dist_version" ] && [ -r /etc/os-release ]; thendist_version="$(. /etc/os-release && echo "$VERSION_ID")"fi;;esac# Check if this is a forked Linux distrocheck_forked# Print deprecation warnings for distro versions that recently reached EOL,# but may still be commonly used (especially LTS versions).case "$lsb_dist.$dist_version" indebian.stretch|debian.jessie)deprecation_notice "$lsb_dist" "$dist_version";;raspbian.stretch|raspbian.jessie)deprecation_notice "$lsb_dist" "$dist_version";;ubuntu.xenial|ubuntu.trusty)deprecation_notice "$lsb_dist" "$dist_version";;ubuntu.lunar|ubuntu.kinetic|ubuntu.impish|ubuntu.hirsute|ubuntu.groovy|ubuntu.eoan|ubuntu.disco|ubuntu.cosmic)deprecation_notice "$lsb_dist" "$dist_version";;fedora.*)if [ "$dist_version" -lt 36 ]; thendeprecation_notice "$lsb_dist" "$dist_version"fi;;esac# Run setup for each distro accordinglycase "$lsb_dist" inubuntu|debian|raspbian)pre_reqs="apt-transport-https ca-certificates curl"apt_repo="deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"(if ! is_dry_run; thenset -xfi$sh_c 'apt-get update -qq >/dev/null'$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"$sh_c 'install -m 0755 -d /etc/apt/keyrings'$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" -o /etc/apt/keyrings/docker.asc"$sh_c "chmod a+r /etc/apt/keyrings/docker.asc"$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"$sh_c 'apt-get update -qq >/dev/null')pkg_version=""if [ -n "$VERSION" ]; thenif is_dry_run; thenecho "# WARNING: VERSION pinning is not supported in DRY_RUN"else# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channelpkg_pattern="$(echo "$VERSION" | sed 's/-ce-/~ce~.*/g' | sed 's/-/.*/g')"search_command="apt-cache madison docker-ce | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"pkg_version="$($sh_c "$search_command")"echo "INFO: Searching repository for VERSION '$VERSION'"echo "INFO: $search_command"if [ -z "$pkg_version" ]; thenechoecho "ERROR: '$VERSION' not found amongst apt-cache madison results"echoexit 1fiif version_gte "18.09"; thensearch_command="apt-cache madison docker-ce-cli | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"echo "INFO: $search_command"cli_pkg_version="=$($sh_c "$search_command")"fipkg_version="=$pkg_version"fifi(pkgs="docker-ce${pkg_version%=}"if version_gte "18.09"; then# older versions didn't ship the cli and containerd as separate packagespkgs="$pkgs docker-ce-cli${cli_pkg_version%=} containerd.io"fiif version_gte "20.10"; thenpkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"fiif version_gte "23.0"; thenpkgs="$pkgs docker-buildx-plugin"fiif ! is_dry_run; thenset -xfi$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pkgs >/dev/null")echo_docker_as_nonrootexit 0;;centos|fedora|rhel)if [ "$(uname -m)" != "s390x" ] && [ "$lsb_dist" = "rhel" ]; thenecho "Packages for RHEL are currently only available for s390x."exit 1fiif command_exists dnf; thenpkg_manager="dnf"pkg_manager_flags="--best"config_manager="dnf config-manager"enable_channel_flag="--set-enabled"disable_channel_flag="--set-disabled"pre_reqs="dnf-plugins-core"elsepkg_manager="yum"pkg_manager_flags=""config_manager="yum-config-manager"enable_channel_flag="--enable"disable_channel_flag="--disable"pre_reqs="yum-utils"fiif [ "$lsb_dist" = "fedora" ]; thenpkg_suffix="fc$dist_version"elsepkg_suffix="el"firepo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"(if ! is_dry_run; thenset -xfi$sh_c "$pkg_manager $pkg_manager_flags install -y -q $pre_reqs"$sh_c "$config_manager --add-repo $repo_file_url"if [ "$CHANNEL" != "stable" ]; then$sh_c "$config_manager $disable_channel_flag 'docker-ce-*'"$sh_c "$config_manager $enable_channel_flag 'docker-ce-$CHANNEL'"fi$sh_c "$pkg_manager makecache")pkg_version=""if [ -n "$VERSION" ]; thenif is_dry_run; thenecho "# WARNING: VERSION pinning is not supported in DRY_RUN"elsepkg_pattern="$(echo "$VERSION" | sed 's/-ce-/\\\\.ce.*/g' | sed 's/-/.*/g').*$pkg_suffix"search_command="$pkg_manager list --showduplicates docker-ce | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"pkg_version="$($sh_c "$search_command")"echo "INFO: Searching repository for VERSION '$VERSION'"echo "INFO: $search_command"if [ -z "$pkg_version" ]; thenechoecho "ERROR: '$VERSION' not found amongst $pkg_manager list results"echoexit 1fiif version_gte "18.09"; then# older versions don't support a cli packagesearch_command="$pkg_manager list --showduplicates docker-ce-cli | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"fi# Cut out the epoch and prefix with a '-'pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"fifi(pkgs="docker-ce$pkg_version"if version_gte "18.09"; then# older versions didn't ship the cli and containerd as separate packagesif [ -n "$cli_pkg_version" ]; thenpkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"elsepkgs="$pkgs docker-ce-cli containerd.io"fifiif version_gte "20.10"; thenpkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"fiif version_gte "23.0"; thenpkgs="$pkgs docker-buildx-plugin"fiif ! is_dry_run; thenset -xfi$sh_c "$pkg_manager $pkg_manager_flags install -y -q $pkgs")echo_docker_as_nonrootexit 0;;sles)if [ "$(uname -m)" != "s390x" ]; thenecho "Packages for SLES are currently only available for s390x"exit 1firepo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"pre_reqs="ca-certificates curl libseccomp2 awk"(if ! is_dry_run; thenset -xfi$sh_c "zypper install -y $pre_reqs"$sh_c "zypper addrepo $repo_file_url"if ! is_dry_run; thencat >&2 <<-'EOF'WARNING!!openSUSE repository (https://download.opensuse.org/repositories/security:/SELinux) will be enabled now.Do you wish to continue?You may press Ctrl+C now to abort this script.EOF( set -x; sleep 30 )fiopensuse_repo="https://download.opensuse.org/repositories/security:/SELinux/openSUSE_Factory/security:SELinux.repo"$sh_c "zypper addrepo $opensuse_repo"$sh_c "zypper --gpg-auto-import-keys refresh"$sh_c "zypper lr -d")pkg_version=""if [ -n "$VERSION" ]; thenif is_dry_run; thenecho "# WARNING: VERSION pinning is not supported in DRY_RUN"elsepkg_pattern="$(echo "$VERSION" | sed 's/-ce-/\\\\.ce.*/g' | sed 's/-/.*/g')"search_command="zypper search -s --match-exact 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"pkg_version="$($sh_c "$search_command")"echo "INFO: Searching repository for VERSION '$VERSION'"echo "INFO: $search_command"if [ -z "$pkg_version" ]; thenechoecho "ERROR: '$VERSION' not found amongst zypper list results"echoexit 1fisearch_command="zypper search -s --match-exact 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"# It's okay for cli_pkg_version to be blank, since older versions don't support a cli packagecli_pkg_version="$($sh_c "$search_command")"pkg_version="-$pkg_version"fifi(pkgs="docker-ce$pkg_version"if version_gte "18.09"; thenif [ -n "$cli_pkg_version" ]; then# older versions didn't ship the cli and containerd as separate packagespkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"elsepkgs="$pkgs docker-ce-cli containerd.io"fifiif version_gte "20.10"; thenpkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"fiif version_gte "23.0"; thenpkgs="$pkgs docker-buildx-plugin"fiif ! is_dry_run; thenset -xfi$sh_c "zypper -q install -y $pkgs")echo_docker_as_nonrootexit 0;;*)if [ -z "$lsb_dist" ]; thenif is_darwin; thenechoecho "ERROR: Unsupported operating system 'macOS'"echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"echoexit 1fifiechoecho "ERROR: Unsupported distribution '$lsb_dist'"echoexit 1;;esacexit 1
}# wrapped up in a function so that we have some protection against only getting
# half the file during "curl | sh"
do_install

下载保存为 get-docker.sh, 放到 WSL 的目录中。

3. 第三个坑：执行脚本会卡住

正常人肯定是这样执行的：

sudo sh ./get-docker.sh

但是 get-docker.sh 里引用的 URL， 你还是访问不了。

必须换一个 DOWNLOAD_URL 来执行：

export DOWNLOAD_URL="https://mirrors.tuna.tsinghua.edu.cn/docker-ce"
sudo sh ./get-docker.sh

既然能换 URL， 咱能不能在网页加一个选项， 自动生成下载正确的脚本， 就像 mirrors.zju.edu.cn 那样的？

（ref: https://mirror.tuna.tsinghua.edu.cn/help/docker-ce/)

P.S. 在尝试排查 docker 网络问题时， 也顺带安装了 podman:

sudo apt-get -y install podman

4. 第四个坑： 安装 docker 后， hello-world 镜像拉取不下来

正常人安装 docker 后， 安装官方文档，拉取最简单的镜像试验下能否使用， 应该说5秒之内能搞定：

docker pull hello-world

然而我们错了， 等了1分钟可能都没动静。

这时候各种瞎试开始了，可能2小时都没搞定。 我的 Windows 是默认安装后几乎没配置的， WSL 是默认安装后没有配置过（配置常规ubuntu共有的不算）， 我的 Docker 也是一样的。 怎么默认的就不行呢？

实际上，前面三个坑，都没有本质上解决 WSL 里面的问题： 网络不通畅。 正确解决思路， 是从整体做一次配置， 让任何命令行都能网络通畅， 而不是什么 “手动下载”， “改国内 mirror”。。。

4.1 有效的配置1: .wslconfig

创建 C:/Users/<用户名>/.wslconfig 文件，填入:

[experimental]
autoMemoryReclaim=gradual
networkingMode=mirrored
dnsTunneling=true
firewall=true
autoProxy=true

这解决了当你在 host 开启代理后进入 WSL 时的提示:

PS C:\Users\zz> wsl
wsl: 检测到 localhost 代理配置，但未镜像到 WSL。NAT 模式下的 WSL 不支持 localhost 代理。

4.2 有效的配置2: /etc/wsl.conf

sudo vim /etc/wsl.conf, 填入内容:

[boot]
systemd=true[network]
generateResolvConf = false

这解决的是， 先前修改了/etc/resolv.conf 时， 只有第一次 nameserver 的行，是正常的， 增加的两行的 IP 地址被提示为红色， 意思是配置无效:

# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 127.0.0.42
nameserver 114.114.114.114
nameserver 8.8.8.8

4.3 有效的设定4: /etc/resolv.conf

DNS servers
nameserver 114.114.114.114
nameserver 8.8.8.8

4.4 有效的设定3: 在 host 开启代理

不管是哪种代理。 总之， 由于 ~/.wslconfig 的配置， 现在里外用同样的网络了。

4.5 有效的设定4: 重启 WSL

在 PowerShell 里执行

wsl --shutdown
wsl

4.6 podman镜像： 和镜像无法拉取没关系

修改了 vim /etc/containers/registries.conf， 填入了 (验证了，非必要）

unqualified-search-registries = ["docker.io", "registry.cn-hangzhou.aliyuncs.com"]

4.7 重新安装 docker： 放弃

由于这一小节的网络配通， 让 podman 能拉取镜像， 一度让我尝试重新安装 docker。 然而 docker 的安装脚本还是太冗长了， 而 podman 的常规命令又和 docker 是兼容的，并且 apt 官方提供了 podman 包， 那就不折腾 docker 了。

5. 第五个坑：podman开启的镜像提示说代理不通

当第四步拉取了镜像， 人们很容易觉得万事大吉了。 在开启镜像后， 例如 ubuntu20.04, 第一步是apt更新，然后打算安装 gcc 等开发工具， 于是执行：

podman run -it -v $(pwd):/mnt ubuntu:20.04 /bin/bash

此时遇到网络问题：

Could not connect to 127.0.0.1:59133 (127.0.0.1). - connect (111: Connection refused)

也尝试了换 podman 镜像实例(ubuntu20.04) 里的 apt 源， 报错没变化。

尝试了临时关掉 HTTP_PROXY, HTTPS_PROXY 环境变量后再开启 podman 镜像实例，无效。

尝试了关闭 host 的代理， 无效。

解决办法: 尝试使用不同的网络模式启动容器, 例如指定 --network host 参数

podman run --network host -it -v $(pwd):/mnt ubuntu:20.04 /bin/bash

References

https://mirror.tuna.tsinghua.edu.cn/help/docker-ce/

https://docs.docker.com/engine/install/ubuntu/

https://zhuanlan.zhihu.com/p/670958325