centos环境下安装docker

目前Docker支持centos 7及以后版本。
本文中使用的是centos7系统。

安装所需的软件包

$ sudo yum install update
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2

设置稳定的仓库

官方源

$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

有时由于网络问题，无法访问官方源，也可以添加国内源：

$ sudo yum-config-manager 
    --add-repo 
    https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo

安装docker

$ sudo yum install docker-ce

安装过程中，也会将docker-ce-cli, containerd.io 作为依赖进行安装。

启动docker

sudo systemctl start docker

查看docker进程是否已经启动：

$ ps -ef| grep docker
root     12486     1  0 23:21 ?        00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
lanyang  12639 10783  0 23:21 pts/0    00:00:00 grep --color=auto docker

查看docker版本信息：

[lanyang@localhost ~]$ sudo docker version
Client: Docker Engine - Community
 Version:           19.03.5
 API version:       1.40
 Go version:        go1.12.12
 Git commit:        633a0ea
 Built:             Wed Nov 13 07:25:41 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.5
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.12
  Git commit:       633a0ea
  Built:            Wed Nov 13 07:24:18 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

测试

测试1

通过运行 hello-world 映像来验证是否正确安装了 Docker Engine-Community

[lanyang@localhost ~]$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Already exists 
Digest: sha256:9572f7cdcee8591948c2963463447a53466950b3fc15a247fcad1917ca215a2f
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

上面的输出，表示docker已经安装成功。

执行hello-world的过程如下：.

1. Docker client连接 Docker daemon， 将请求发送给Docker daemon。
2. Docker daemon 从Docker Hub拉取"hello-world"映像。
3. Docker daemon 使用拉取的映像，创建一个新的容器，在容器中执行可执行文件，并得到输出。
4. Docker daemon 将输出发给Docker client，Docker client再请输出发送到终端显示。

也就是说，
docker run会创建并启动一个新的容器，并在容器中执行命令。

测试2

安装并启动nginx:

[root@localhost lanyang]# docker run --detach --publish=80:80 --name=webserver nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
8ec398bc0356: Pull complete 
a53c868fbde7: Pull complete 
79daf9dd140d: Pull complete 
Digest: sha256:70821e443be75ea38bdf52a974fd2271babd5875b2b1964f05025981c75a6717
Status: Downloaded newer image for nginx:latest
6e63e3609cec782c2851240c7f90bd329f528516490a6c58829f1252331f2a8b

其中，
-d 或者 --detach表示在后台跑container，并打印container id。

-p 或者 --publish=80:80表示宿主机端口80映射到container 端口80。

--name表示容器名称，如果不指定，会随机生成一个。

nginx 是image映像名称。如果本地没有，会从远程仓库下载。

查看nginx是否启动成功：

[lanyang@localhost ~]$ ps -ef | grep docker
root      3848     1  0 10:38 ?        00:00:07 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root      9356  3848  0 13:44 ?        00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.2 -container-port 80
root      9361  3847  0 13:44 ?        00:00:00 containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/6e63e3609cec782c2851240c7f90bd329f528516490a6c58829f1252331f2a8b -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
lanyang   9453  8394  0 13:44 pts/2    00:00:00 grep --color=auto docker

[lanyang@localhost ~]$ ps -ef | grep nginx
root      9376  9361  0 13:44 ?        00:00:00 nginx: master process nginx -g daemon off;
101       9408  9376  0 13:44 ?        00:00:00 nginx: worker process
lanyang   9461  8394  0 13:45 pts/2    00:00:00 grep --color=auto nginx
[lanyang@localhost ~]$ 

浏览器中打开页面：

查看所有正在运行的container, 可以使用 docker container ls或docker ps:

[lanyang@localhost ~]$ sudo docker container ls
[sudo] lanyang 的密码：
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
6e63e3609cec        nginx               "nginx -g 'daemon of…"   5 minutes ago       Up 5 minutes        0.0.0.0:80->80/tcp   webserver
[lanyang@localhost ~]$ 
[lanyang@localhost ~]$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/json: dial unix /var/run/docker.sock: connect: permission denied
[lanyang@localhost ~]$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
6e63e3609cec        nginx               "nginx -g 'daemon of…"   5 minutes ago       Up 5 minutes        0.0.0.0:80->80/tcp   webserver
[lanyang@localhost ~]$ 
[lanyang@localhost ~]$ 

在容器中执行命令, 可以使用docker exec：

[lanyang@localhost ~]$ docker exec -it webserver ls
bin   dev  home  lib64	mnt  proc  run	 srv  tmp  var
boot  etc  lib	 media	opt  root  sbin  sys  us

[lanyang@localhost ~]$ docker exec -it webserver bash
root@050a81998307:/# 
root@050a81998307:/# ls
bin  boot  dev	etc  home  lib	lib64  media  mnt  opt	proc  root  run  sbin  srv  sys  tmp  usr  var

其中，
-it 表示通过交互式终端连接到容器

webserver是容器的名称， ls是在容器中执行的命令。

停止container:

[lanyang@localhost ~]$ sudo docker container stop webserver
webserver

[lanyang@localhost ~]$ sudo docker container ls
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

查看所有container，包括已停止的container:

[lanyang@localhost ~]$ sudo docker container ls -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS               NAMES
6e63e3609cec        nginx               "nginx -g 'daemon of…"   18 minutes ago      Exited (0) 11 seconds ago                       webserver
4735d21ed463        hello-world         "/hello"                 2 hours ago         Exited (0) 2 hours ago                          optimistic_feistel

删除container:

[lanyang@localhost ~]$ sudo docker container rm webserver
webserver
[lanyang@localhost ~]$ sudo docker container ls -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                   PORTS               NAMES
4735d21ed463        hello-world         "/hello"            2 hours ago         Exited (0) 2 hours ago                       optimistic_feistel

查看image：

[lanyang@localhost ~]$ sudo docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nginx               latest              5ad3bd0e67a9        9 days ago          127MB
hello-world         latest              fce289e99eb9        13 months ago       1.84kB

删除image:

[lanyang@localhost ~]$ sudo docker image rm nginx
Untagged: nginx:latest
Untagged: nginx@sha256:70821e443be75ea38bdf52a974fd2271babd5875b2b1964f05025981c75a6717
Deleted: sha256:5ad3bd0e67a9c542210a21a3c72f56ef6387cf9b7f4c2506d2398d55a2593ed0
Deleted: sha256:b69e2ed46519bc33e7c887967e4f61a2ee53aef165b70f75e208937fb42e7b4c
Deleted: sha256:4cb7f732537bf0f65cd9f8f7b63bbe71abcf9d0df396f58621ef3be0b2487b27
Deleted: sha256:556c5fb0d91b726083a8ce42e2faaed99f11bc68d3f70e2c7bbce87e7e0b3e10
[lanyang@localhost ~]$ sudo docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
hello-world         latest              fce289e99eb9        13 months ago       1.84kB

为非root用户授权

docker安装后，默认会创建docker用户组，可以在
/etc/group中查看。如果没有，可以通过以下命令创建:

$ sudo groupadd docker

接着将当前用户加到docker用户组中:

$ sudo gpasswd -a${USER} docker
正在将用户“lanyang”加入到“docker”组中

最后重启docker服务，使之生效:

sudo systemctl retart docker

这样，执行Docker命令就不需要使用sudo权限了。

参考

Docker--从入门到实践
Docker菜鸟教程
Docker官网