1、Docker的安裝
Docker是有兩個類别一個CE(社群版)和EE(企業版),Docker支援在多種作業系統上運作,比如可以在ubuntu、centos、Debian、Mac和Windows等等其他的作業系統上運作。安裝方式有包安裝和二進制安裝。
1.1、yum安裝Docker
#可以先檢查一下主機之前是否有安裝過Docker
[root@Centos7 ~]# rpm -q docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
package docker is not installed
package docker-client is not installed
package docker-client-latest is not installed
package docker-common is not installed
package docker-latest is not installed
package docker-latest-logrotate is not installed
package docker-logrotate is not installed
package docker-engine is not installed
#安裝一下相關的依賴包
[root@Centos7 ~]# yum -y install yum-utils device-mapper-persistent-data lvm2
#添加yum源
[root@Centos7 ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@Centos7 ~]# sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo #修改成清華大學鏡像源
#安裝Docker
[root@Centos7 ~]# yum makecache fast
[root@Centos7 ~]# yum list docker-ce --showduplicates
[root@Centos7 ~]# yum -y install docker-ce-20.10.10 docker-ce-cli-20.10.10
#啟動Docker并檢視資訊
[root@Centos7 ~]# systemctl enable --now docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@Centos7 ~]# docker version
Client: Docker Engine - Community
Version: 20.10.10
API version: 1.41
Go version: go1.16.9
Git commit: b485636
Built: Mon Oct 25 07:44:50 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.10
API version: 1.41 (minimum version 1.12)
Go version: go1.16.9
Git commit: e2f740d
Built: Mon Oct 25 07:43:13 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@Centos7 ~]# docker --version
Docker version 20.10.10, build b485636
[root@Centos7 ~]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: v1.1.2-0-ga916309
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.777GiB
Name: Centos7.stars.org
ID: P4J6:HMLH:H37C:TQLA:AIDT:W5VG:B4WN:Y65O:QQZV:GSSN:T3UE:C7PO
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
出現上面内容表示安裝的Docker是正常可以使用的,可以繼續後面的其他操作。
1.2、apt安裝Docker
#可以先檢查一下主機之前是否有安裝過Docker
root@node1:~# dpkg -l docker docker-engine docker.io containerd runc、
dpkg-query: no packages found matching docker
dpkg-query: no packages found matching docker-engine
dpkg-query: no packages found matching docker.io
dpkg-query: no packages found matching containerd
dpkg-query: no packages found matching runc
#安裝一下相關的依賴包
root@node1:~# apt -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common
#下載下傳信任Docker的GPG公鑰
root@node1:~# curl -fsSL https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
OK
#添加軟體倉庫
root@node1:~# add-apt-repository "deb [arch=amd64] https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
#安裝Docker
root@node1:~# apt update
root@node1:~# apt-cache madison docker-ce
root@node1:~# apt -y install docker-ce=5:20.10.10~3-0~ubuntu-bionic docker-ce-cli=5:20.10.10~3-0~ubuntu-bionic containerd.io
#啟動Docker并檢視資訊
apt下載下傳的服務一般都會開啟開機自啟動
root@node1:~# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-07-27 14:46:45 CST; 10min ago
Docs: https://docs.docker.com
Main PID: 16445 (dockerd)
Tasks: 8
CGroup: /system.slice/docker.service
└─16445 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Jul 27 14:46:44 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:44.825711873+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jul 27 14:46:44 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:44.904630028+08:00" level=warning msg="Your kernel does not support swap memory limit"
Jul 27 14:46:44 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:44.904669238+08:00" level=warning msg="Your kernel does not support CPU realtime scheduler"
Jul 27 14:46:44 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:44.904772191+08:00" level=info msg="Loading containers: start."
Jul 27 14:46:45 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:45.152412092+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be use
Jul 27 14:46:45 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:45.344112209+08:00" level=info msg="Loading containers: done."
Jul 27 14:46:45 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:45.378441193+08:00" level=info msg="Docker daemon" commit=e2f740d graphdriver(s)=overlay2 version=20.10.10
Jul 27 14:46:45 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:45.378516613+08:00" level=info msg="Daemon has completed initialization"
Jul 27 14:46:45 node1.stars.org systemd[1]: Started Docker Application Container Engine.
Jul 27 14:46:45 node1.stars.org dockerd[16445]: time="2022-07-27T14:46:45.434278216+08:00" level=info msg="API listen on /var/run/docker.sock"
root@node1:~# docker version
Client: Docker Engine - Community
Version: 20.10.10
API version: 1.41
Go version: go1.16.9
Git commit: b485636
Built: Mon Oct 25 07:42:57 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.10
API version: 1.41 (minimum version 1.12)
Go version: go1.16.9
Git commit: e2f740d
Built: Mon Oct 25 07:41:06 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
root@node1:~# docker --version
Docker version 20.10.10, build b485636
root@node1:~# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.6.3-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: v1.1.2-0-ga916309
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-188-generic
Operating System: Ubuntu 18.04.6 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.827GiB
Name: node1.stars.org
ID: SIK3:NIQE:PLKF:EG4U:7OZV:4SQL:C2H7:5TIU:K5XZ:IV4V:WPK4:IA47
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
1.3、二進制安裝Docker
1.3.1、下載下傳二進制包
Docker的二進制包可以通過國内的鏡像站點去下載下傳,前面我使用包安裝的時候用的的是清華大學的鏡像源位址:https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/static/stable/x86_64/ ,這裡選擇使用的版本是20.10.10
root@node2:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.6 LTS
Release: 18.04
Codename: bionic
root@node2:~# cd /usr/local/src/
root@node2:/usr/local/src# wget https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/static/stable/x86_64/docker-20.10.10.tgz
--2022-07-27 16:24:23-- https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/static/stable/x86_64/docker-20.10.10.tgz
Resolving mirrors.tuna.tsinghua.edu.cn (mirrors.tuna.tsinghua.edu.cn)... 101.6.15.130, 2402:f000:1:400::2
Connecting to mirrors.tuna.tsinghua.edu.cn (mirrors.tuna.tsinghua.edu.cn)|101.6.15.130|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 63356741 (60M) [application/octet-stream]
Saving to: ‘docker-20.10.10.tgz’
docker-20.10.10.tgz 100%[===================================================================================================================>] 60.42M 367KB/s in 3m 39s
2022-07-27 16:28:03 (282 KB/s) - ‘docker-20.10.10.tgz’ saved [63356741/63356741]
1.3.2、解壓二進制包并拷貝可執行程式檔案
root@node2:/usr/local/src# ls
docker-20.10.10.tgz
root@node2:/usr/local/src# tar xf docker-20.10.10.tgz
root@node2:/usr/local/src# ls
docker docker-20.10.10.tgz
root@node2:/usr/local/src# ls docker
containerd containerd-shim containerd-shim-runc-v2 ctr docker dockerd docker-init docker-proxy runc
root@node2:/usr/local/src# ./docker/docker version
Client:
Version: 20.10.10
API version: 1.41
Go version: go1.16.9
Git commit: b485636
Built: Mon Oct 25 07:39:56 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
root@node2:/usr/local/src# cp docker/* /usr/bin/
1.3.3、準備Docker服務相關的檔案
docker服務的相關檔案包括containerd.service、docker.socket和docker.service檔案
建立containerd.service檔案并啟動containerd服務
root@node2:~# vim /lib/systemd/system/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
[Install]
WantedBy=multi-user.target
root@node2:~# systemctl enable --now containerd
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
root@node2:~# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/lib/systemd/system/containerd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-07-27 17:29:11 CST; 22s ago
Docs: https://containerd.io
Process: 14942 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 14952 (containerd)
Tasks: 9
CGroup: /system.slice/containerd.service
└─14952 /usr/bin/containerd
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621362222+08:00" level=info msg=serving... address=/run/containerd/containerd.sock.ttrpc
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621476185+08:00" level=info msg="Start subscribing containerd event"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621571156+08:00" level=info msg="Start recovering state"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621704294+08:00" level=info msg="Start event monitor"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621756124+08:00" level=info msg="Start snapshots syncer"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621813391+08:00" level=info msg="Start cni network conf syncer"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621870873+08:00" level=info msg="Start streaming server"
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.621777504+08:00" level=info msg=serving... address=/run/containerd/containerd.sock
Jul 27 17:29:11 node2.stars.org containerd[14952]: time="2022-07-27T17:29:11.622024316+08:00" level=info msg="containerd successfully booted in 0.060558s"
Jul 27 17:29:11 node2.stars.org systemd[1]: Started containerd container runtime.
建立docker.socket檔案
root@node2:~# vim /lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API
PartOf=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
建立docker組
root@node2:~# groupadd docker
建立docker.service檔案并啟動服務
root@node2:~# vim /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
啟動docker.socket和docker.service服務
root@node2:~# systemctl enable --now docker.socket docker.service
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
root@node2:~# systemctl status docker.socket docker.service
● docker.socket - Docker Socket for the API
Loaded: loaded (/lib/systemd/system/docker.socket; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-07-27 18:40:15 CST; 35s ago
Listen: /var/run/docker.sock (Stream)
Tasks: 0 (limit: 4625)
CGroup: /system.slice/docker.socket
Jul 27 18:40:15 node2.stars.org systemd[1]: Starting Docker Socket for the API.
Jul 27 18:40:15 node2.stars.org systemd[1]: Listening on Docker Socket for the API.
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-07-27 18:40:16 CST; 34s ago
Docs: https://docs.docker.com
Main PID: 15138 (dockerd)
Tasks: 8
CGroup: /system.slice/docker.service
└─15138 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Jul 27 18:40:15 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:15.978726982+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.044259016+08:00" level=warning msg="Your kernel does not support swap memory limit"
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.044476156+08:00" level=warning msg="Your kernel does not support CPU realtime scheduler"
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.044733262+08:00" level=info msg="Loading containers: start."
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.286163418+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be use
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.500169134+08:00" level=info msg="Loading containers: done."
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.545133315+08:00" level=info msg="Docker daemon" commit=e2f740d graphdriver(s)=overlay2 version=20.10.10
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.545230795+08:00" level=info msg="Daemon has completed initialization"
Jul 27 18:40:16 node2.stars.org systemd[1]: Started Docker Application Container Engine.
Jul 27 18:40:16 node2.stars.org dockerd[15138]: time="2022-07-27T18:40:16.599105516+08:00" level=info msg="API listen on /var/run/docker.sock"
驗證docker版本和資訊
root@node2:~# docker --version
Docker version 20.10.10, build b485636
root@node2:~# docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2d
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-188-generic
Operating System: Ubuntu 18.04.6 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.827GiB
Name: node2.stars.org
ID: M5MJ:Y7VM:ZB6V:HKLB:UZBM:LKF3:5RKX:3WB3:7QZL:HRQJ:QW2O:Z5L7
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No swap limit support
1.4、解決不支援swap限制警告
root@node2:~# vim /etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT=""
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 cgroup_enable=memory swapaccount=1"
root@node2:~# update-grub #更新一下grub
root@node2:~# reboot #需要重新開機才能生效
root@node2:~# docker info
Client:
Context: default
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.10
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2d
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-189-generic
Operating System: Ubuntu 18.04.6 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.827GiB
Name: node2.stars.org
ID: M5MJ:Y7VM:ZB6V:HKLB:UZBM:LKF3:5RKX:3WB3:7QZL:HRQJ:QW2O:Z5L7
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
1.5、docker的存儲引擎
目前docker的預設存儲引擎是overlay2,不同的存儲引擎需要相應的系統支援,如需要磁盤分區的時候傳遞d-type檔案分成功能,即需要傳遞核心參數開啟格式化磁盤的時候的指定功能。
存儲驅動類型:
AUFS(AnotherUnionFS)是一種 Union FS,是檔案級的存儲驅動,所謂UnionFS就是把不同實體位置的目錄合并mount到同一個目錄中。簡單來說就是支援将不同目錄挂載到同一個虛拟檔案系統下的檔案系統。這種檔案系統可以一層一層地疊加修改檔案。無論底下有多少層都是隻讀的,隻有最上層的檔案系統是可寫的。當需要修改一個檔案時,AUFS建立該檔案的一個副本,使用CoW将檔案從隻讀層複制到可寫層進行修改,結果也儲存在可寫層。在 Docker中,底下的隻讀層就是image,可寫層就是Container,是Docker 18.06及更早版本的首選存儲驅動程式,在核心3.13上運作Ubuntu 14.04時不支援overlay2.
Overlay:一種Union FS檔案系統,Linux核心3.18後支援。
overlay2: Overlay的更新版,到目前為止,所有Linux發行版推薦使用的存儲類型。
devicemapper:是CentOS和RHEL的推薦存儲驅動程式,因為之前的核心版本不支援overlay2,但是目前較新版本的CentOS和RHEL現在已經支援overlay2,是以推薦使用overlay2.
ZFS(Sun-2005)/btrfs(Oracle-2007):、目前沒有廣泛使用。
vfs:用于測試環境,适用于無法使用copy-on-write檔案系統的情況。此存儲驅動程式的性能很差,通常不建議用于生産。
Docker官方推薦首選存儲引擎是overlay2,devicemapper存在使用空間方面的一些限制,雖然可以通過後期配置解決,但是官方還是推薦使用overlay2,以下是網上查到的部分資料:
https://www.cnblogs.com/youruncloud/p/5736718.html
1.6、Docker鏡像加速配置
國内的下載下傳國外的鏡像有時候會很慢,是以我們可以更改docker的配置檔案來添加一個加速器,這樣的話就可以通過加速器來實作加速下載下傳鏡像的目的。
擷取加速器的位址是可以使用阿裡雲的加速位址:https://cr.console.aliyun.com/ 事先是要有一個阿裡雲的賬号登陸後才可以操作,在左側的菜單欄中的鏡像工具有一個鏡像加速器,這樣就可以看到加速位址和怎麼配置的。
root@node2:~# ls /etc/docker/
key.json
root@node2:~# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://c51gf9he.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://c51gf9he.mirror.aliyuncs.com"]
}
root@node2:~# systemctl daemon-reload
root@node2:~# systemctl restart docker
2、Docker基礎指令的使用
2.1、鏡像管理相關指令
2.1.1、搜尋鏡像
root@node2:~# docker search centos:7.2.1511 #可以指定版本号
root@node2:~# docker search centos #不指定版本号的話預設是latest
2.1.2、下載下傳鏡像
下載下傳鏡像是使用的docker pull指令,完整的指令可以是docker pull 倉庫伺服器名:端口/項目名稱/鏡像名稱:tag(版本号),如果不指定的話就像docker pull 鏡像名稱這樣的話是會預設從Docker官方拉取該鏡像的latest版本。
root@node2:~# docker pull hello-world
root@node2:~# docker pull alpine
root@node2:~# docker pull nginx
root@node2:~# docker pull ubuntu:18.04
2.1.3、檢視本地鏡像
下載下傳完的鏡像會比下載下傳的時候要大,因為下載下傳完成後會解壓。
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
hello-world latest feb5d9fea6a5 10 months ago 13.3kB
REPOSITORY #鏡像所屬的倉庫名稱
TAG #鏡像版本号(辨別符),預設為latest
IMAGE ID #鏡像的唯一ID辨別
CREATED #鏡像建立時間
SIZE #鏡像大小
2.1.4、鏡像的導入與導出
這裡我們可以把本地有的鏡像導出為壓縮檔案,然後在拷貝到已安裝docker服務的伺服器上進行鏡像導入并使用。
鏡像導出:
root@node2:~# mkdir -p /data/docker_images
root@node2:~# docker save hello-world -o /data/docker_images/hello-world.tar.gz
root@node2:~# ls /data/docker_images/
hello-world.tar.gz
鏡像導入:
root@node2:~# scp /data/docker_images/hello-world.tar.gz 10.0.0.100:
The authenticity of host '10.0.0.100 (10.0.0.100)' can't be established.
ECDSA key fingerprint is SHA256:25BV/hzFV7jjTI1m7XqTHESnjyiUHeCQfMn/t/fUAPs.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.100' (ECDSA) to the list of known hosts.
[email protected]'s password:
hello-world.tar.gz 100% 24KB 24.9MB/s 00:00
root@node1:~# ls
hello-world.tar.gz
root@node1:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
root@node1:~# docker load < hello-world.tar.gz
e07ee1baac5f: Loading layer [==================================================>] 14.85kB/14.85kB
Loaded image: hello-world:latest
root@node1:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 10 months ago 13.3kB
2.1.5、删除鏡像
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
hello-world latest feb5d9fea6a5 10 months ago 13.3kB
root@node2:~# docker rmi hello-world:latest
Untagged: hello-world:latest
Untagged: hello-world@sha256:2498fce14358aa50ead0cc6c19990fc6ff866ce72aeb5546e1d59caac3d0d60f
Deleted: sha256:feb5d9fea6a5e9606aa995e879d862b825965ba48de054caab5ef356dc6b3412
Deleted: sha256:e07ee1baac5fae6a26f30cabfe54a36d3402f96afda318fe0a96cec4ca393359
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
2.2、容器管理的相關指令
2.2.1、建立容器并進入
建立容器時可以使用鏡像ID或鏡像名:TAG的方式來指定使用哪個本地鏡像建立容器。
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
root@node2:~# docker run -it 5a214d77f5d7 bash
root@0d48b67a5e46:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@0d48b67a5e46:/# exit
exit
root@node2:~# docker run -it ubuntu:18.04 bash
root@df218d52a86f:/# exit
exit
docker run 後面加的選項-i表示以互動式的方式運作容器,-t表示為容器配置設定一個僞終端,通常這兩個選項是要同時使用的,再在後面加上bash或者/bin/bash(有些容器是沒有bash的隻能使用sh)直接進入容器。
使用docker run -it建立的容器,如果執行exit,就會退出容器也會随之關閉,要想退出後容器仍保持運作,可執行Ctrl+p+q指令。
2.2.2、檢視容器
docker ps指令可以檢視目前正在運作的容器有哪些,docker ps -a指令可檢視所有的容器,包括正在運作的和已經關閉的容器。
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@node2:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
df218d52a86f ubuntu:18.04 "bash" 22 minutes ago Exited (0) 22 minutes ago boring_kare
0d48b67a5e46 5a214d77f5d7 "bash" 23 minutes ago Exited (0) 23 minutes ago great_diffie
2.2.3、删除容器
删除容器要用到docker rm指令,選項部分主要是-f(強制删除)、-l(删除容器間的連結)和-v(删除容器相關的卷)三個。
root@node2:~# docker run -it ubuntu:18.04 bash
root@1884b2f4d81e:/# root@node2:~#
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1884b2f4d81e ubuntu:18.04 "bash" 36 seconds ago Up 36 seconds funny_dirac
root@node2:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1884b2f4d81e ubuntu:18.04 "bash" 52 seconds ago Up 52 seconds funny_dirac
df218d52a86f ubuntu:18.04 "bash" 3 hours ago Exited (0) 3 hours ago boring_kare
0d48b67a5e46 5a214d77f5d7 "bash" 3 hours ago Exited (0) 3 hours ago great_diffie
root@node2:~# docker rm df218d52a86f 0d48b67a5e46 #docker rm可以直接删除已經退出的容器也就是停止的容器
df218d52a86f
0d48b67a5e46
root@node2:~# docker rm 1884b2f4d81e #直接使用docker rm删除正在運作的容器會報錯的,需要删除的話要加上-f選項強制删除
Error response from daemon: You cannot remove a running container 1884b2f4d81e45f4caa3dbd8d41ecae20f4d3a33ead9f3568859b0d0be590ddf. Stop the container before attempting removal or force remove
root@node2:~# docker rm -f 1884b2f4d81e
1884b2f4d81e
root@node2:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2.2.4、端口映射
在docker建立容器時是還可以端口映射的,端口映射也包括随機端口映射和指定端口映射這兩種。
随機端口映射:
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
root@node2:~# docker run -P nginx:latest
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2022/07/28 10:10:30 [notice] 1#1: using the "epoll" event method
2022/07/28 10:10:30 [notice] 1#1: nginx/1.21.5
2022/07/28 10:10:30 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2022/07/28 10:10:30 [notice] 1#1: OS: Linux 4.15.0-189-generic
2022/07/28 10:10:30 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2022/07/28 10:10:30 [notice] 1#1: start worker processes
2022/07/28 10:10:30 [notice] 1#1: start worker process 32
2022/07/28 10:10:30 [notice] 1#1: start worker process 33
指定端口映射:
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
root@node2:~# docker run -p 80:80 -d nginx:latest
7246a8f0474e53f23410f820009ee3db44376f9107b77be6dad2a49301465108
root@node2:~# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 4719 root 4u IPv4 78641 0t0 TCP *:http (LISTEN)
docker-pr 4724 root 4u IPv6 78646 0t0 TCP *:http (LISTEN)
2.2.5、檢視容器已經映射的端口
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7246a8f0474e nginx:latest "/docker-entrypoint.…" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp gracious_noyce
root@node2:~# docker port 7246a8f0474e
80/tcp -> 0.0.0.0:80
80/tcp -> :::80
2.2.6、自定義容器名稱
root@node2:~# docker run -d --name nginx_v1 nginx #這裡鏡像後面不加tag的話預設是latest
d4e3ee2c843583d2e59c02a342dd5e2e2dbff1f2178e49c18f48d44343a333a3
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d4e3ee2c8435 nginx "/docker-entrypoint.…" 56 seconds ago Up 55 seconds 80/tcp nginx_v1
7246a8f0474e nginx:latest "/docker-entrypoint.…" 9 minutes ago Up 9 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp gracious_noyce
2.2.7、容器的啟動和關閉
root@node2:~# docker run -d -p 9999:80 --name nginx_v2 nginx
5ddfe68f4fe5a7722a636fc5138afc5eb66e5df3d0ad8629a163e9490510cae5
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 10 seconds ago Up 9 seconds 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
root@node2:~# docker stop nginx_v2 #當stop容器後頁面也就随着通路不了了
nginx_v2
root@node2:~# docker start nginx_v2 #當start時頁面有可以正常通路了
2.2.8、單次運作一個容器
容器退出後自動删除,docker建立容器時加上--rm選項就可以實作。
root@node2:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 605c77e624dd 7 months ago 141MB
alpine latest c059bfaa849c 8 months ago 5.59MB
ubuntu 18.04 5a214d77f5d7 10 months ago 63.1MB
root@node2:~# docker run -it --name test-nginx --rm ubuntu:18.04
root@019c672129fa:/# exit
exit
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
root@node2:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 13 minutes ago Exited (0) 11 minutes ago nginx_v2
2.2.9、傳遞運作的指令
容器是需要有一個前台運作的程序才能保持容器的運作,可以通過傳遞運作參數是一種方式另外也可以在建構鏡像的時候指定容器啟動時運作的前台指令。
root@node2:~# docker run -d ubuntu:18.04 /usr/bin/tail -f '/etc/hosts'
0e12f74263058b4d5f3da34da9cb6d902bb0e40a462c54ed0546620b2f11ce7c
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" 8 seconds ago Up 7 seconds cool_dirac
2.2.10、進入正在運作的容器
進入正在運作的容器可以使用attach、exec和nsenter指令,還可以使用腳本的方式進入。
2.2.10.1、attach指令
使用attach指令進入容器的話類似于vnc,操作會在各個容器的頁面顯示,所有使用此方式進入容器的操作都是同步顯示的,而且使用exit後容器也會被關閉,這個方法不推薦使用。
2.2.10.2、exec指令
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" 53 minutes ago Up 53 minutes cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 16 hours ago Up 46 minutes 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
root@node2:~# docker exec -it cool_dirac bash
root@0e12f7426305:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@0e12f7426305:/# exit
exit
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" 54 minutes ago Up 54 minutes cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 16 hours ago Up 46 minutes 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
2.2.10.3、nsenter指令
root@node2:~# apt -y install util-linux
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" About an hour ago Up About an hour cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 16 hours ago Up About an hour 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
root@node2:~# docker inspect -f "{{.State.Pid}}" cool_dirac
2650
#使用nsenter指令時,使用-t指定PID,-m是進入mount命名空間,-u是進入uts命名空間,-i是進入ipc命名空間,-p是進入pid命名空間,使用這個指令通過PID進入容器的話退出後的容器也不會被删除。
root@node2:~# nsenter -t 2650 -m -u -i -n -p
root@0e12f7426305:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@0e12f7426305:/# exit
logout
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" About an hour ago Up About an hour cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 16 hours ago Up About an hour 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
2.2.10.4、腳本的方式進入
root@node2:~# vim docker-in.sh
#!/bin/bash
#
docker_in() {
NAME_ID=$1
PID=$(docker inspect -f "{{.State.Pid}}" ${NAME_ID})
nsenter -t ${PID} -m -u -i -p /bin/bash
}
docker_in $1
root@node2:~# chmod a+x docker-in.sh
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" 2 hours ago Up 2 hours cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 17 hours ago Up 2 hours 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
root@node2:~# ./docker-in.sh cool_dirac
root@0e12f7426305:/# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@0e12f7426305:/# exit
exit
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0e12f7426305 ubuntu:18.04 "/usr/bin/tail -f /e…" 2 hours ago Up 2 hours cool_dirac
5ddfe68f4fe5 nginx "/docker-entrypoint.…" 17 hours ago Up 2 hours 0.0.0.0:9999->80/tcp, :::9999->80/tcp nginx_v2
2.2.11、批量關閉或删除容器
root@node2:~# docker stop `docker ps -aq` #批量正常關閉正在運作的所有容器
root@node2:~# docker kill `docker ps -aq` #批量強制關閉正在運作的所有容器
root@node2:~# docker rm -f `docker ps -aq -f status=exited` #批量删除已經退出的容器
root@node2:~# docker rm -f `docker ps -aq` #批量删除所有容器
2.2.12、指定容器的DNS
root@node2:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3f6de98df3d1 ubuntu:18.04 "/usr/bin/tail -f /e…" 3 seconds ago Up 2 seconds zg-test1
root@node2:~# ./docker-in.sh zg-test1
root@3f6de98df3d1:/# cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 114.114.114.114
nameserver 8.8.8.8
root@3f6de98df3d1:/# exit
exit
root@node2:~# docker run -it --rm --dns 180.76.76.76 --name zg-test2 ubuntu:18.04 bash
root@5854bc11dd73:/# cat /etc/resolv.conf
nameserver 180.76.76.76
root@5854bc11dd73:/# exit
exit