1、Docker的安装
Docker是有两个类别一个CE(社区版)和EE(企业版),Docker支持在多种操作系统上运行,比如可以在ubuntu、centos、Debian、Mac和Windows等等其他的操作系统上运行。安装方式有包安装和二进制安装。
1.1、yum安装Docker
#可以先检查一下主机之前是否有安装过Docker
[root@Centos7 ~]# rpm -q docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
package docker is not installed
package docker-client is not installed
package docker-client-latest is not installed
package docker-common is not installed
package docker-latest is not installed
package docker-latest-logrotate is not installed
package docker-logrotate is not installed
package docker-engine is not installed
#安装一下相关的依赖包
[root@Centos7 ~]# yum -y install yum-utils device-mapper-persistent-data lvm2
#添加yum源
[root@Centos7 ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@Centos7 ~]# sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo #修改成清华大学镜像源
#安装Docker
[root@Centos7 ~]# yum makecache fast
[root@Centos7 ~]# yum list docker-ce --showduplicates
[root@Centos7 ~]# yum -y install docker-ce-20.10.10 docker-ce-cli-20.10.10
#启动Docker并查看信息
[root@Centos7 ~]# systemctl enable --now docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@Centos7 ~]# docker version
Client: Docker Engine - Community
Version: 20.10.10
API version: 1.41
Go version: go1.16.9
Git commit: b485636
Built: Mon Oct 25 07:44:50 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.10
API version: 1.41 (minimum version 1.12)
Go version: go1.16.9
Git commit: e2f740d
Built: Mon Oct 25 07:43:13 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@Centos7 ~]# docker --version
Docker version 20.10.10, build b485636
[root@Centos7 ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: v1.1.2-0-ga916309
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.777GiB
Name: Centos7.stars.org
ID: P4J6:HMLH:H37C:TQLA:AIDT:W5VG:B4WN:Y65O:QQZV:GSSN:T3UE:C7PO
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
出现上面内容表示安装的Docker是正常可以使用的,可以继续后面的其他操作。
1.2、apt安装Docker
#可以先检查一下主机之前是否有安装过Docker
root@node1:~# dpkg -l docker docker-engine docker.io containerd runc、
dpkg-query: no packages found matching docker
dpkg-query: no packages found matching docker-engine
dpkg-query: no packages found matching docker.io
dpkg-query: no packages found matching containerd
dpkg-query: no packages found matching runc
#安装一下相关的依赖包
root@node1:~# apt -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common
#下载信任Docker的GPG公钥
root@node1:~# curl -fsSL https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
OK
#添加软件仓库
root@node1:~# add-apt-repository "deb [arch=amd64] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
#安装Docker
root@node1:~# apt update
root@node1:~# apt-cache madison docker-ce
root@node1:~# apt -y install docker-ce=5:20.10.10~3-0~ubuntu-bionic docker-ce-cli=5:20.10.10~3-0~ubuntu-bionic containerd.io
#启动Docker并查看信息
apt下载的服务一般都会开启开机自启动
root@node1:~# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-07-27 14:46:45 CST; 10min ago
Docs: https://docs.docker.com
Main PID: 16445 (dockerd)
Tasks: 8
CGroup: /system.slice/docker.service
└─16445 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Jul 27 14:46:44 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:44.825711873+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jul 27 14:46:44 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:44.904630028+08:00" level=warning msg="Your kernel does not support swap memory limit"
Jul 27 14:46:44 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:44.904669238+08:00" level=warning msg="Your kernel does not support CPU realtime scheduler"
Jul 27 14:46:44 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:44.904772191+08:00" level=info msg="Loading containers: start."
Jul 27 14:46:45 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:45.152412092+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be use
Jul 27 14:46:45 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:45.344112209+08:00" level=info msg="Loading containers: done."
Jul 27 14:46:45 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:45.378441193+08:00" level=info msg="Docker daemon" commit=e2f740d graphdriver(s)=overlay2 version=20.10.10
Jul 27 14:46:45 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:45.378516613+08:00" level=info msg="Daemon has completed initialization"
Jul 27 14:46:45 node1.stars.org systemd[1]: Started Docker Application Container Engine.
Jul 27 14:46:45 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:45.434278216+08:00" level=info msg="API listen on /var/run/docker.sock"
root@node1:~# docker version
Client: Docker Engine - Community
Version: 20.10.10
API version: 1.41
Go version: go1.16.9
Git commit: b485636
Built: Mon Oct 25 07:42:57 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.10
API version: 1.41 (minimum version 1.12)
Go version: go1.16.9
Git commit: e2f740d
Built: Mon Oct 25 07:41:06 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
root@node1:~# docker --version
Docker version 20.10.10, build b485636
root@node1:~# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: v1.1.2-0-ga916309
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-188-generic
Operating System: Ubuntu 18.04.6 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.827GiB
Name: node1.stars.org
ID: SIK3:NIQE:PLKF:EG4U:7OZV:4SQL:C2H7:5TIU:K5XZ:IV4V:WPK4:IA47
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
1.3、二进制安装Docker
1.3.1、下载二进制包
Docker的二进制包可以通过国内的镜像站点去下载,前面我使用包安装的时候用的的是清华大学的镜像源地址:https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/static/stable/x86_64/ ,这里选择使用的版本是20.10.10
root@node2:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.6 LTS
Release: 18.04
Codename: bionic
root@node2:~# cd /usr/local/src/
root@node2:/usr/local/src# wget https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/static/stable/x86_64/docker-20.10.10.tgz
--2022-07-27 16:24:23-- https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/static/stable/x86_64/docker-20.10.10.tgz
Resolving mirrors.tuna.tsinghua.edu.cn (mirrors.tuna.tsinghua.edu.cn)... 101.6.15.130, 2402:f000:1:400::2
Connecting to mirrors.tuna.tsinghua.edu.cn (mirrors.tuna.tsinghua.edu.cn)|101.6.15.130|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 63356741 (60M) [application/octet-stream]
Saving to: ‘docker-20.10.10.tgz’
docker-20.10.10.tgz 100%[===================================================================================================================>] 60.42M 367KB/s in 3m 39s
2022-07-27 16:28:03 (282 KB/s) - ‘docker-20.10.10.tgz’ saved [63356741/63356741]
1.3.2、解压二进制包并拷贝可执行程序文件
root@node2:/usr/local/src# ls
docker-20.10.10.tgz
root@node2:/usr/local/src# tar xf docker-20.10.10.tgz
root@node2:/usr/local/src# ls
docker docker-20.10.10.tgz
root@node2:/usr/local/src# ls docker
containerd containerd-shim containerd-shim-runc-v2 ctr docker dockerd docker-init docker-proxy runc
root@node2:/usr/local/src# ./docker/docker version
Client:
Version: 20.10.10
API version: 1.41
Go version: go1.16.9
Git commit: b485636
Built: Mon Oct 25 07:39:56 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
root@node2:/usr/local/src# cp docker/* /usr/bin/
1.3.3、准备Docker服务相关的文件
docker服务的相关文件包括containerd.service、docker.socket和docker.service文件
创建containerd.service文件并启动containerd服务
root@node2:~# vim /lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
[Install]
WantedBy=multi-user.target
root@node2:~# systemctl enable --now containerd
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
root@node2:~# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/lib/systemd/system/containerd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-07-27 17:29:11 CST; 22s ago
Docs: https://containerd.io
Process: 14942 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 14952 (containerd)
Tasks: 9
CGroup: /system.slice/containerd.service
└─14952 /usr/bin/containerd
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621362222+08:00" level=info msg=serving... address=/run/containerd/containerd.sock.ttrpc
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621476185+08:00" level=info msg="Start subscribing containerd event"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621571156+08:00" level=info msg="Start recovering state"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621704294+08:00" level=info msg="Start event monitor"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621756124+08:00" level=info msg="Start snapshots syncer"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621813391+08:00" level=info msg="Start cni network conf syncer"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621870873+08:00" level=info msg="Start streaming server"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621777504+08:00" level=info msg=serving... address=/run/containerd/containerd.sock
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.622024316+08:00" level=info msg="containerd successfully booted in 0.060558s"
Jul 27 17:29:11 node2.stars.org systemd[1]: Started containerd container runtime.
创建docker.socket文件
root@node2:~# vim /lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API
PartOf=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
创建docker组
root@node2:~# groupadd docker
创建docker.service文件并启动服务
root@node2:~# vim /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
启动docker.socket和docker.service服务
root@node2:~# systemctl enable --now docker.socket docker.service
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
root@node2:~# systemctl status docker.socket docker.service
● docker.socket - Docker Socket for the API
Loaded: loaded (/lib/systemd/system/docker.socket; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-07-27 18:40:15 CST; 35s ago
Listen: /var/run/docker.sock (Stream)
Tasks: 0 (limit: 4625)
CGroup: /system.slice/docker.socket
Jul 27 18:40:15 node2.stars.org systemd[1]: Starting Docker Socket for the API.
Jul 27 18:40:15 node2.stars.org systemd[1]: Listening on Docker Socket for the API.
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-07-27 18:40:16 CST; 34s ago
Docs: https://docs.docker.com
Main PID: 15138 (dockerd)
Tasks: 8
CGroup: /system.slice/docker.service
└─15138 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Jul 27 18:40:15 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:15.978726982+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.044259016+08:00" level=warning msg="Your kernel does not support swap memory limit"
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.044476156+08:00" level=warning msg="Your kernel does not support CPU realtime scheduler"
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.044733262+08:00" level=info msg="Loading containers: start."
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.286163418+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be use
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.500169134+08:00" level=info msg="Loading containers: done."
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.545133315+08:00" level=info msg="Docker daemon" commit=e2f740d graphdriver(s)=overlay2 version=20.10.10
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.545230795+08:00" level=info msg="Daemon has completed initialization"
Jul 27 18:40:16 node2.stars.org systemd[1]: Started Docker Application Container Engine.
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.599105516+08:00" level=info msg="API listen on /var/run/docker.sock"
验证docker版本和信息
root@node2:~# docker --version
Docker version 20.10.10, build b485636
root@node2:~# docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2d
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-188-generic
Operating System: Ubuntu 18.04.6 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.827GiB
Name: node2.stars.org
ID: M5MJ:Y7VM:ZB6V:HKLB:UZBM:LKF3:5RKX:3WB3:7QZL:HRQJ:QW2O:Z5L7
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No swap limit support
1.4、解决不支持swap限制警告
root@node2:~# vim /etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 cgroup_enable=memory swapaccount=1"
root@node2:~# update-grub #更新一下grub
root@node2:~# reboot #需要重启才能生效
root@node2:~# docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2d
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-189-generic
Operating System: Ubuntu 18.04.6 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.827GiB
Name: node2.stars.org
ID: M5MJ:Y7VM:ZB6V:HKLB:UZBM:LKF3:5RKX:3WB3:7QZL:HRQJ:QW2O:Z5L7
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
1.5、docker的存储引擎
目前docker的默认存储引擎是overlay2,不同的存储引擎需要相应的系统支持,如需要磁盘分区的时候传递d-type文件分成功能,即需要传递内核参数开启格式化磁盘的时候的指定功能。
存储驱动类型:
AUFS(AnotherUnionFS)是一种 Union FS,是文件级的存储驱动,所谓UnionFS就是把不同物理位置的目录合并mount到同一个目录中。简单来说就是支持将不同目录挂载到同一个虚拟文件系统下的文件系统。这种文件系统可以一层一层地叠加修改文件。无论底下有多少层都是只读的,只有最上层的文件系统是可写的。当需要修改一个文件时,AUFS创建该文件的一个副本,使用CoW将文件从只读层复制到可写层进行修改,结果也保存在可写层。在 Docker中,底下的只读层就是image,可写层就是Container,是Docker 18.06及更早版本的首选存储驱动程序,在内核3.13上运行Ubuntu 14.04时不支持overlay2.
Overlay:一种Union FS文件系统,Linux内核3.18后支持。
overlay2: Overlay的升级版,到目前为止,所有Linux发行版推荐使用的存储类型。
devicemapper:是CentOS和RHEL的推荐存储驱动程序,因为之前的内核版本不支持overlay2,但是当前较新版本的CentOS和RHEL现在已经支持overlay2,因此推荐使用overlay2.
ZFS(Sun-2005)/btrfs(Oracle-2007):、目前没有广泛使用。
vfs:用于测试环境,适用于无法使用copy-on-write文件系统的情况。此存储驱动程序的性能很差,通常不建议用于生产。
Docker官方推荐首选存储引擎是overlay2,devicemapper存在使用空间方面的一些限制,虽然可以通过后期配置解决,但是官方还是推荐使用overlay2,以下是网上查到的部分资料:
https://www.cnblogs.com/youruncloud/p/5736718.html
1.6、Docker镜像加速配置
国内的下载国外的镜像有时候会很慢,因此我们可以更改docker的配置文件来添加一个加速器,这样的话就可以通过加速器来实现加速下载镜像的目的。
获取加速器的地址是可以使用阿里云的加速地址:https://cr.console.aliyun.com/ 事先是要有一个阿里云的账号登陆后才可以操作,在左侧的菜单栏中的镜像工具有一个镜像加速器,这样就可以看到加速地址和怎么配置的。
root@node2:~# ls /etc/docker/
key.json
root@node2:~# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://c51gf9he.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://c51gf9he.mirror.aliyuncs.com"]
}
root@node2:~# systemctl daemon-reload
root@node2:~# systemctl restart docker
2、Docker基础命令的使用
2.1、镜像管理相关命令
2.1.1、搜索镜像
root@node2:~# docker search centos:7.2.1511 #可以指定版本号
root@node2:~# docker search centos #不指定版本号的话默认是latest
2.1.2、下载镜像
下载镜像是使用的docker pull命令,完整的命令可以是docker pull 仓库服务器名:端口/项目名称/镜像名称:tag(版本号),如果不指定的话就像docker pull 镜像名称这样的话是会默认从Docker官方拉取该镜像的latest版本。
root@node2:~# docker pull hello-world
root@node2:~# docker pull alpine
root@node2:~# docker pull nginx
root@node2:~# docker pull ubuntu:18.04
2.1.3、查看本地镜像
下载完的镜像会比下载的时候要大,因为下载完成后会解压。
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
hello-world latest feb5d9fea6a5 10 months ago 13.3kB
REPOSITORY #镜像所属的仓库名称
TAG #镜像版本号(标识符),默认为latest
IMAGE ID #镜像的唯一ID标识
CREATED #镜像创建时间
SIZE #镜像大小
2.1.4、镜像的导入与导出
这里我们可以把本地有的镜像导出为压缩文件,然后在拷贝到已安装docker服务的服务器上进行镜像导入并使用。
镜像导出:
root@node2:~# mkdir -p /data/docker_images
root@node2:~# docker save hello-world -o /data/docker_images/hello-world.tar.gz
root@node2:~# ls /data/docker_images/
hello-world.tar.gz
镜像导入:
root@node2:~# scp /data/docker_images/hello-world.tar.gz 10.0.0.100:
The authenticity of host '10.0.0.100 (10.0.0.100)' can't be established.
ECDSA key fingerprint is SHA256:25BV/hzFV7jjTI1m7XqTHESnjyiUHeCQfMn/t/fUAPs.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.100' (ECDSA) to the list of known hosts.
root@10.0.0.100's password:
hello-world.tar.gz 100% 24KB 24.9MB/s 00:00
root@node1:~# ls
hello-world.tar.gz
root@node1:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
root@node1:~# docker load < hello-world.tar.gz
e07ee1baac5f: Loading layer [==================================================>] 14.85kB/14.85kB
Loaded image: hello-world:latest
root@node1:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 10 months ago 13.3kB
2.1.5、删除镜像
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
hello-world latest feb5d9fea6a5 10 months ago 13.3kB
root@node2:~# docker rmi hello-world:latest
Untagged: hello-world:latest
Untagged: hello-world@sha256:2498fce14358aa50ead0cc6c19990fc6ff866ce72aeb5546e1d59caac3d0d60f
Deleted: sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412
Deleted: sha256:e07ee1baac5fae6a26f30cabfe54a36d3402f96afda318fe0a96cec4ca393359
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
2.2、容器管理的相关命令
2.2.1、创建容器并进入
创建容器时可以使用镜像ID或镜像名:TAG的方式来指定使用哪个本地镜像创建容器。
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
root@node2:~# docker run -it 5a214d77f5d7 bash
root@0d48b67a5e46:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@0d48b67a5e46:/# exit
exit
root@node2:~# docker run -it ubuntu:18.04 bash
root@df218d52a86f:/# exit
exit
docker run 后面加的选项-i表示以交互式的方式运行容器,-t表示为容器分配一个伪终端,通常这两个选项是要同时使用的,再在后面加上bash或者/bin/bash(有些容器是没有bash的只能使用sh)直接进入容器。
使用docker run -it创建的容器,如果执行exit,就会退出容器也会随之关闭,要想退出后容器仍保持运行,可执行Ctrl+p+q命令。
2.2.2、查看容器
docker ps命令可以查看当前正在运行的容器有哪些,docker ps -a命令可查看所有的容器,包括正在运行的和已经关闭的容器。
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@node2:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
df218d52a86f ubuntu:18.04 "bash" 22 minutes ago Exited (0) 22 minutes ago boring_kare
0d48b67a5e46 5a214d77f5d7 "bash" 23 minutes ago Exited (0) 23 minutes ago great_diffie
2.2.3、删除容器
删除容器要用到docker rm命令,选项部分主要是-f(强制删除)、-l(删除容器间的链接)和-v(删除容器相关的卷)三个。
root@node2:~# docker run -it ubuntu:18.04 bash
root@1884b2f4d81e:/# root@node2:~#
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1884b2f4d81e ubuntu:18.04 "bash" 36 seconds ago Up 36 seconds funny_dirac
root@node2:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1884b2f4d81e ubuntu:18.04 "bash" 52 seconds ago Up 52 seconds funny_dirac
df218d52a86f ubuntu:18.04 "bash" 3 hours ago Exited (0) 3 hours ago boring_kare
0d48b67a5e46 5a214d77f5d7 "bash" 3 hours ago Exited (0) 3 hours ago great_diffie
root@node2:~# docker rm df218d52a86f 0d48b67a5e46 #docker rm可以直接删除已经退出的容器也就是停止的容器
df218d52a86f
0d48b67a5e46
root@node2:~# docker rm 1884b2f4d81e #直接使用docker rm删除正在运行的容器会报错的,需要删除的话要加上-f选项强制删除
Error response from daemon: You cannot remove a running container 1884b2f4d81e45f4caa3dbd8d41ecae20f4d3a33ead9f3568859b0d0be590ddf. Stop the container before attempting removal or force remove
root@node2:~# docker rm -f 1884b2f4d81e
1884b2f4d81e
root@node2:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2.2.4、端口映射
在docker创建容器时是还可以端口映射的,端口映射也包括随机端口映射和指定端口映射这两种。
随机端口映射:
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
root@node2:~# docker run -P nginx:latest
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/07/28 10:10:30 [notice] 1#1: using the "epoll" event method
2022/07/28 10:10:30 [notice] 1#1: nginx/1.21.5
2022/07/28 10:10:30 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2022/07/28 10:10:30 [notice] 1#1: OS: Linux 4.15.0-189-generic
2022/07/28 10:10:30 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/07/28 10:10:30 [notice] 1#1: start worker processes
2022/07/28 10:10:30 [notice] 1#1: start worker process 32
2022/07/28 10:10:30 [notice] 1#1: start worker process 33
指定端口映射:
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
root@node2:~# docker run -p 80:80 -d nginx:latest
7246a8f0474e53f23410f820009ee3db44376f9107b77be6dad2a49301465108
root@node2:~# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 4719 root 4u IPv4 78641 0t0 TCP *:http (LISTEN)
docker-pr 4724 root 4u IPv6 78646 0t0 TCP *:http (LISTEN)
2.2.5、查看容器已经映射的端口
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7246a8f0474e nginx:latest "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp gracious_noyce
root@node2:~# docker port 7246a8f0474e
80/tcp -> 0.0.0.0:80
80/tcp -> :::80
2.2.6、自定义容器名称
root@node2:~# docker run -d --name nginx_v1 nginx #这里镜像后面不加tag的话默认是latest
d4e3ee2c843583d2e59c02a342dd5e2e2dbff1f2178e49c18f48d44343a333a3
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d4e3ee2c8435 nginx "/docker-entrypoint.…" 56 seconds ago Up 55 seconds 80/tcp nginx_v1
7246a8f0474e nginx:latest "/docker-entrypoint.…" 9 minutes ago Up 9 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp gracious_noyce
2.2.7、容器的启动和关闭
root@node2:~# docker run -d -p 9999:80 --name nginx_v2 nginx
5ddfe68f4fe5a7722a636fc5138afc5eb66e5df3d0ad8629a163e9490510cae5
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 10 seconds ago Up 9 seconds 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
root@node2:~# docker stop nginx_v2 #当stop容器后页面也就随着访问不了了
nginx_v2
root@node2:~# docker start nginx_v2 #当start时页面有可以正常访问了
2.2.8、单次运行一个容器
容器退出后自动删除,docker创建容器时加上--rm选项就可以实现。
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
root@node2:~# docker run -it --name test-nginx --rm ubuntu:18.04
root@019c672129fa:/# exit
exit
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@node2:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 13 minutes ago Exited (0) 11 minutes ago nginx_v2
2.2.9、传递运行的命令
容器是需要有一个前台运行的进程才能保持容器的运行,可以通过传递运行参数是一种方式另外也可以在构建镜像的时候指定容器启动时运行的前台命令。
root@node2:~# docker run -d ubuntu:18.04 /usr/bin/tail -f '/etc/hosts'
0e12f74263058b4d5f3da34da9cb6d902bb0e40a462c54ed0546620b2f11ce7c
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" 8 seconds ago Up 7 seconds cool_dirac
2.2.10、进入正在运行的容器
进入正在运行的容器可以使用attach、exec和nsenter命令,还可以使用脚本的方式进入。
2.2.10.1、attach命令
使用attach命令进入容器的话类似于vnc,操作会在各个容器的页面显示,所有使用此方式进入容器的操作都是同步显示的,而且使用exit后容器也会被关闭,这个方法不推荐使用。
2.2.10.2、exec命令
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" 53 minutes ago Up 53 minutes cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 16 hours ago Up 46 minutes 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
root@node2:~# docker exec -it cool_dirac bash
root@0e12f7426305:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@0e12f7426305:/# exit
exit
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" 54 minutes ago Up 54 minutes cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 16 hours ago Up 46 minutes 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
2.2.10.3、nsenter命令
nsenter命令是需要通过PID来进入到容器内部的,不过可以使用docker inspect -f "{{.State.Pid}}" 容器名称或容器ID来获取某个容器的PID。不过要使用nsenter命令是还要安装一下util-linux包
root@node2:~# apt -y install util-linux
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" About an hour ago Up About an hour cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 16 hours ago Up About an hour 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
root@node2:~# docker inspect -f "{{.State.Pid}}" cool_dirac
2650
#使用nsenter命令时,使用-t指定PID,-m是进入mount命名空间,-u是进入uts命名空间,-i是进入ipc命名空间,-p是进入pid命名空间,使用这个命令通过PID进入容器的话退出后的容器也不会被删除。
root@node2:~# nsenter -t 2650 -m -u -i -n -p
root@0e12f7426305:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@0e12f7426305:/# exit
logout
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" About an hour ago Up About an hour cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 16 hours ago Up About an hour 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
2.2.10.4、脚本的方式进入
使用脚本方式的话也就是调用nsenter命令来进入容器的
root@node2:~# vim docker-in.sh
#!/bin/bash
#
docker_in() {
NAME_ID=$1
PID=$(docker inspect -f "{{.State.Pid}}" ${NAME_ID})
nsenter -t ${PID} -m -u -i -p /bin/bash
}
docker_in $1
root@node2:~# chmod a+x docker-in.sh
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" 2 hours ago Up 2 hours cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 17 hours ago Up 2 hours 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
root@node2:~# ./docker-in.sh cool_dirac
root@0e12f7426305:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@0e12f7426305:/# exit
exit
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" 2 hours ago Up 2 hours cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 17 hours ago Up 2 hours 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
2.2.11、批量关闭或删除容器
root@node2:~# docker stop `docker ps -aq` #批量正常关闭正在运行的所有容器
root@node2:~# docker kill `docker ps -aq` #批量强制关闭正在运行的所有容器
root@node2:~# docker rm -f `docker ps -aq -f status=exited` #批量删除已经退出的容器
root@node2:~# docker rm -f `docker ps -aq` #批量删除所有容器
2.2.12、指定容器的DNS
容器的DNS默认是使用宿主机的,如果想要指定容器的DNS,要么在宿主机上将DNS配置好,要么就将参数配置在docker容器启动脚本中,使用参数指定的话是要使用到--dns选项的。
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3f6de98df3d1 ubuntu:18.04 "/usr/bin/tail -f /e…" 3 seconds ago Up 2 seconds zg-test1
root@node2:~# ./docker-in.sh zg-test1
root@3f6de98df3d1:/# cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 114.114.114.114
nameserver 8.8.8.8
root@3f6de98df3d1:/# exit
exit
root@node2:~# docker run -it --rm --dns 180.76.76.76 --name zg-test2 ubuntu:18.04 bash
root@5854bc11dd73:/# cat /etc/resolv.conf
nameserver 180.76.76.76
root@5854bc11dd73:/# exit
exit