Docker-部署实施

安装部署

安装方式

• 在线安装docker
• 离线安装docker
• 脚本式安装docker

安装实施详细过程

yum方式

配置epel源

yum -y install epel-release

安装依赖工具包

yum -y install yum-utils container-selinux device-mapper-persistent-data lvm2

安装docker

# 添加配置镜像源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# 查看 docker-ce 源中的docker镜像
yum list docker-ce --show-duplicates

# 3. 安装最新版本 docker-ce
yum -y install docker-ce docker-ce-cli containerd.io

# 配置yum源
### docker yum源使用阿里云镜像 https://mirrors.aliyun.com/docker-ce/linux/
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

cat > /etc/yum.repos.d/docker-ce.repo <<-'EOF'
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
EOF

cat > /etc/yum.repos.d/aliyun.repo <<-'EOF'
[base]
name=CentOS-7 - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/os/$basearch/
        http://mirrors.aliyuncs.com/centos/7/os/$basearch/
        http://mirrors.cloud.aliyuncs.com/centos/7/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
[extras]
name=CentOS7 - Extras
baseurl=https://mirrors.aliyun.com/centos/7/extras/$basearch/
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
priority=1
EOF

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum makecache fast
sudo yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.74-1.el7.noarch.rpm
sudo yum install -y docker-ce

# -- 单独安装container-selinux。这个安装包更新挺频繁的，如果链接失效，需要前往http://mirror.centos.org/centos/7/extras/x86_64/Packages/查找最近打包的安装包。


# 安装
### 安装依赖 
yum -y install container-selinux

### 查看可用版本
yum list docker-ce --show-duplicates
### 安装最新版本
yum -y install docker-ce

# 添加用户组docker
sudo usermod -aG docker albin
or
sudo groupadd docker     #添加docker用户组
sudo gpasswd -a $USER docker     #将登陆用户加入到docker用户组中
newgrp docker     #更新用户组
docker ps    #测试docker命令是否可以使用sudo正常使用

# 启动docker
systemctl enable docker
systemctl start docker

apt-get方式

https://docs.docker.com/engine/install/ubuntu/

离线安装

# 下载软件
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/docker-19.03.13.tgz -o /tmp/docker-19.03.13.tgz

wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.1.tgz
or
wget http://get.docker.io/builds/Linux/x86_64/docker-lastest.tgz

# 解压
tar -xvf docker-20.10.1.tgz
-- 将解压出来的docker文件内容移动到 /usr/bin/ 目录下
cp docker/* /usr/bin/
-- 注册编辑docker服务
vi /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
  
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
  
[Install]
WantedBy=multi-user.target


-- 重新加载配置文件
systemctl daemon-reload 
-- 启动
systemctl start docker.service
systemctl enable docker

脚本式安装

curl https://get.docker.io|sh
or
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh

配置

查看信息

docker version
docker info

修改默认存储路径

# 方法1. 配置 /etc/docker/daemon.json 文件
cat > /etc/docker/daemon.json <<-'EOF'
{
    "graph": "/ups/data/docker"
}
EOF

### 重启
systemctl restart docker.service

### 检查
[root@docker docker]# docker info|grep "Docker Root Dir"
  WARNING: You're not using the default seccomp profile
Docker Root Dir: /ups/data/docker
[root@docker docker]# 

# 方法2
mount -o bind /var/lib/docker /ups/data/docker

vi /etc/fstab
/ups/data/docker /var/lib/docker none bind 0 0 

docker设置国内镜像源（加速）

# 修改配置文件 /etc/docker/daemon.json
{
    "graph": "/ups/data/docker",
    "registry-mirrors": [ "https://hub-mirror.c.163.com", "https://docker.mirrors.ustc.edu.cn", "https://registry.docker-cn.com" ]
}

# 2. 重启docker
systemctl daemon-reload
systemctl restart docker

cgroup 改成 systemd

在使用K8S的环境中，需要将 docker和kubelet的启动方式从cgroupfs统一改为systemd。

# 修改配置文件 /etc/docker/daemon.json
{
    "exec-opts": ["native.cgroupdriver=systemd"]
}

整合配置

# vi /etc/docker/daemon.json
{
  "graph": "/ups/data/docker",     # docker工作目录
  "storage-driver": "overlay2",   # 存储驱动
  "insecure-registries": [ "registry.access.redhat.com" ],  # 不安全的仓库
  "registry-mirrors": [ "https://hub-mirror.c.163.com", "https://docker.mirrors.ustc.edu.cn", "https://registry.docker-cn.com" ],  # 加速镜像
  "bip": "172.6.244.1/24",   # docker的网络,尽量要与宿主机有个对照关系
  "exec-opts": ["native.cgroupdriver=systemd"],  # cgroup的类型
  "live-restore": true  # 让docker容器不依懒docker引擎的死与活
}

卸载docker

yum方式

yum list installed | grep docker
yum -y remove docker docker-common docker-client
rm -rf /var/lib/docker

安装docker可视化管理工具 dockerui

docker pull abh1nav/dockerui:latest

docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock abh1nav/dockerui

# 打开web
http://192.168.10.180:9000

docker pull uifd/ui-for-docker

安装 docker-compose

Docker Compose是用于在使用yaml文件格式定义的Docker上运行多容器应用程序的工具。 Compose文件用于定义构成应用程序的一个或多个容器的配置方式。拥有Compose文件后，可以使用一个命令创建并启动应用程序：docker-compose up。

软件地址

https://github.com/docker/compose/releases
 
-- install
sudo curl -L "https://github.com/docker/compose/releases/download/1.27.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/bin/docker-compose
sudo chmod +x /usr/bin/docker-compose

sudo docker-compose --version

-- upgrade
docker-compose migrate-to-labels

-- uninstall
sudo rm -f /usr/bin/docker-compose

-- 参考： https://docs.docker.com/compose/install/

docker-compose管理

切换到默认文件(docker-compose.yml)的目录并运行docker-compose命令进行管理一组docker服务。

语法

Define and run multi-container applications with Docker.

Usage:
  docker-compose [-f <arg>...] [options] [--] [COMMAND] [ARGS...]
  docker-compose -h|--help

Options:
  -f, --file FILE             Specify an alternate compose file
                              (default: docker-compose.yml)
  -p, --project-name NAME     Specify an alternate project name
                              (default: directory name)
  -c, --context NAME          Specify a context name
  --verbose                   Show more output
  --log-level LEVEL           Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
  --no-ansi                   Do not print ANSI control characters
  -v, --version               Print version and exit
  -H, --host HOST             Daemon socket to connect to

  --tls                       Use TLS; implied by --tlsverify
  --tlscacert CA_PATH         Trust certs signed only by this CA
  --tlscert CLIENT_CERT_PATH  Path to TLS certificate file
  --tlskey TLS_KEY_PATH       Path to TLS key file
  --tlsverify                 Use TLS and verify the remote
  --skip-hostname-check       Don't check the daemon's hostname against the
                              name specified in the client certificate
  --project-directory PATH    Specify an alternate working directory
                              (default: the path of the Compose file)
  --compatibility             If set, Compose will attempt to convert keys
                              in v3 files to their non-Swarm equivalent (DEPRECATED)
  --env-file PATH             Specify an alternate environment file

Commands:
  build              Build or rebuild services
  config             Validate and view the Compose file
  create             Create services
  down               Stop and remove containers, networks, images, and volumes
  events             Receive real time events from containers
  exec               Execute a command in a running container
  help               Get help on a command
  images             List images
  kill               Kill containers
  logs               View output from containers
  pause              Pause services
  port               Print the public port for a port binding
  ps                 List containers
  pull               Pull service images
  push               Push service images
  restart            Restart services
  rm                 Remove stopped containers
  run                Run a one-off command
  scale              Set number of containers for a service
  start              Start services
  stop               Stop services
  top                Display the running processes
  unpause            Unpause services
  up                 Create and start containers
  version            Show version information and quit

####### 启动服务

[root@progs tidb-docker-compose]# docker-compose up -h
Usage: up [options] [--scale SERVICE=NUM...] [--] [SERVICE...]

Options:
    -d, --detach               Detached mode: Run containers in the background,
                               print new container names. Incompatible with
                               --abort-on-container-exit.
    --no-color                 Produce monochrome output.
    --quiet-pull               Pull without printing progress information
    --no-deps                  Don't start linked services.
    --force-recreate           Recreate containers even if their configuration
                               and image haven't changed.
    --always-recreate-deps     Recreate dependent containers.
                               Incompatible with --no-recreate.
    --no-recreate              If containers already exist, don't recreate
                               them. Incompatible with --force-recreate and -V.
    --no-build                 Don't build an image, even if it's missing.
    --no-start                 Don't start the services after creating them.
    --build                    Build images before starting containers.
    --abort-on-container-exit  Stops all containers if any container was
                               stopped. Incompatible with -d.
    --attach-dependencies      Attach to dependent containers.
    -t, --timeout TIMEOUT      Use this timeout in seconds for container
                               shutdown when attached or when containers are
                               already running. (default: 10)
    -V, --renew-anon-volumes   Recreate anonymous volumes instead of retrieving
                               data from the previous containers.
    --remove-orphans           Remove containers for services not defined
                               in the Compose file.
    --exit-code-from SERVICE   Return the exit code of the selected service
                               container. Implies --abort-on-container-exit.
    --scale SERVICE=NUM        Scale SERVICE to NUM instances. Overrides the
                               `scale` setting in the Compose file if present.

附录

参考文档

docker-ce | 镜像站使用帮助 | 清华大学开源软件镜像站 | Tsinghua Open Source Mirror

# 如果之前安装过 docker，请先删掉

sudo yum remove docker docker-common docker-selinux docker-engine

# 2. 安装一些依赖

sudo yum install -y yum-utils device-mapper-persistent-data lvm2

# 3. 根据你的发行版下载repo文件: 
## CentOS/RHEL
wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo

# 4. 把软件仓库地址替换为 TUNA:

sudo sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo

# 5. 最后安装:

sudo yum makecache fast
sudo yum install docker-ce