一、操作系统版本要求
CentOS 7 要求系统为 64 位、系统内核版本为 3.10 以上。(最好用7)
CentOS-6.5 或更高的版本的 CentOS 上,要求系统为 64 位、系统内核版本为 2.6.32-431
或者更高版本。
1、查看系统内核版本
[root@master ~]# uname -r 3.10.0-1127.el7.x86_64 [root@master ~]# cat /etc/redhat-release CentOS Linux release 7.8.2003 (Core) [root@master ~]#
2、关闭系统防火墙与 Selinux
[root@master ~]# systemctl stop firewalld
[root@master ~]# systemctl status firewalld
[root@master ~]# getenforce
Enforcing
[root@master ~]# setenforce 0
[root@master ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@master ~]# reboot
3、装 Docker 的准备
1、删除机器自动docker软件包
[root@master ~]# yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
2、安装依赖包
[root@master ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
4、下载 Docker CE Yum 源 (社区版)和开机启动
[root@master ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
[root@master ~]# yum install wget net-tools vim -y
[root@docker ~]# yum search docker-ce
[root@docker ~]# yum install docker-ce-19.03.6 docker-ce-cli-19.03.6 containerd.io
[root@master ~]# systemctl start docker
[root@master ~]# systemctl enable docke
5、Docker 信息查询
Docker 是传统的 CS 架构分为 Docker Client 和 Docker Server
[root@master ~]# docker version Client: Docker Engine - Community Version: 19.03.6 API version: 1.40 Go version: go1.12.16 Git commit: 369ce74a3c Built: Thu Feb 13 01:29:29 2020 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 19.03.6 API version: 1.40 (minimum version 1.12) Go version: go1.12.16 Git commit: 369ce74a3c Built: Thu Feb 13 01:28:07 2020 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.2.10 GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339 runc: Version: 1.0.0-rc8+dev GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 docker-init: Version: 0.18.0 GitCommit: fec3683
6、查看 ip 地址
[root@master ~]# ip a
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:c2:45:a0:88 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:c2ff:fe45:a088/64 scope link valid_lft forever preferred_lft forever
7、Docker 状态信息查看
[root@master ~]# docker info Docker Root Dir: /var/lib/docker #默认数据存储目录 Registry Mirrors: https://registry.docker-cn.com/ #默认镜像加速器
8、修改 Docker 存储数据存储目录
# 修改ExecStart
[root@master ~]# vim /usr/lib/systemd/system/docker.service # ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecStart=/usr/bin/dockerd --graph=/data/docker -H fd:// --containerd=/run/containerd/containerd.sock
[root@master docker]# systemctl restart docker
Warning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.
[root@master docker]# systemctl daemon-reload
[root@master docker]# systemctl restart docker
[root@master docker]# ls /data/
docker
[root@master docker]# docker info
Docker Root Dir: /data/docke
9、添加阿里云镜像加速器
[root@master docker]# mkdir -p /etc/docker [root@master ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://plqjafsr.mirror.aliyuncs.com"]
}
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
[root@master ~]# docker info
Registry Mirrors:
https://plqjafsr.mirror.aliyuncs.com/
10、运行第一个 Docker 应用
[root@master ~]# docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 0e03bdcc26d7: Pull complete Digest: sha256:7f0a9f93b4aa3022c3a4c147a449bf11e0941a1fd0bf4a8e6c9408b2600777c5 Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal.
11、C/S 模式
Docker 客户端和服务端是使用 Socket 方式连接,主要有以下几种方式:
1、本地的 socket 文件 unix:///var/run/docker/sock (默认)
2、tcp://host:prot (演示)
3、fd://socketfd
1、未启动的状态, 说明 Docker 在默认情况下使用本地的 var/run/docker.sock 连接
[root@master ~]# systemctl stop docker [root@master ~]# docker info Client: Debug Mode: false Server: ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? errors pretty printing info
2、设置 Docker 远程使用 TCP 的连接方式,打开 sock 与 tcp 连接方式,并查看状态和地址端口监听
[root@master ~]# vim /usr/lib/systemd/system/docker.service
# ExecStart=/usr/bin/dockerd --graph=/data/docker -H fd:// --containerd=/run/containerd/containerd.sock ExecStart=/usr/bin/dockerd --graph=/data/docker -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock -H fd:// --containerd=/run/containerd/containerd.sock
[root@master ~]# systemctl restart docker
Warning: docker.service changed on disk. Run 'systemctl daemon-reload' to reload units.
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl restart docker
[root@master ~]# docker info
WARNING: API is accessible on http://0.0.0.0:2375 without encryption. #警告:API是可访问的http://0.0.0.0:2375未加密。
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surfac
[root@master ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since 日 2020-08-23 10:59:17 EDT; 5min ago
Docs: https://docs.docker.com
Main PID: 16304 (dockerd)
Tasks: 10
Memory: 43.7M
CGroup: /system.slice/docker.service
└─16304 /usr/bin/dockerd --graph=/data/docker -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock -H fd:// --containerd=/run/containerd/containerd.soc
# 查看监听端口
[root@master ~]# netstat -tnlup |grep 2375
tcp6 0 0 :::2375 :::* LISTEN 16304/docker
12、远程连接 Docker TCP 查看 Docker 信息
1、在另外一台安装 Docker 的宿主机连接(从 172.16.73.158 客户端远程到 172.16.73.157 服务端)172.16.73.158 需要安装 Docker 客户端
[root@node-1 ~]# docker -H 172.16.73.157:2375 info
Client:
Debug Mode: false
Server:
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 19.03.6
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1127.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.682GiB
Name: master
ID: JMG5:PS5E:YD7Z:6DI6:LJ3Q:NKMQ:JEM6:TCDC:4R5X:THJR:K437:R222
Docker Root Dir: /data/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://plqjafsr.mirror.aliyuncs.com/
Live Restore Enabled: false
2、远程连接查看 Docker Images
[root@node-1 ~]# docker -H 172.16.73.157:2375 images REPOSITORY TAG IMAGE ID CREATED SIZE hello-world latest bf756fb1ae65 7 months ago 13.3kB
# 查看远程Docker容器 [root@node-1 ~]# docker -H 172.16.73.157:2375 ps --all CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6b9ab6487ac0 hello-world "/hello" 58 minutes ago Exited (0) 58 minutes ago gallant_ride
# 远程启动容器 [root@node-1 ~]# docker -H 172.16.73.157:2375 start 6b9ab6487ac0 6b9ab6487ac0
13、Docker 应用程序运行条件
1、计算机硬件: CPU、内存、磁盘、显卡、网卡(物理机/虚拟机)。
2、支持运行 Docker 的操作系统 (NS、Cgroups、OverlayFS)。
3、安装 Docker 服务,并且能够正常运行。
4、需要可以运行在 Docker 里面的镜像, 镜像来自本地、docker hub、远程私有仓库。
5、在镜像加载需要运行的程序(最终目的)。
14、程序在容器中运行条件逻辑图
