这些天研究了下docker,在centos6.6上装了个docker1.7.1,在centos7.6上装了个docker18.09.0
两者还是有区别的。
1.配置docker国内镜像加速
Docker的1.7.1版本Docker配置文件在/etc/sysconfig/docker下,1.8或者1.10等更高版本在/etc/docker/daemon.json
docker 1.7配置如下
# /etc/sysconfig/docker # # Other arguments to pass to the docker daemon process # These will be parsed by the sysv initscript and appended # to the arguments list passed to docker -d other_args="--registry-mirror=https://yvaq2qqy.mirror.aliyuncs.com" #OPTIONS='--registry-mirror=https://yvaq2qqy.mirror.aliyuncs.com' DOCKER_CERT_PATH=/etc/docker # Resolves: rhbz#1176302 (docker issue #407) DOCKER_NOWARN_KERNEL_VERSION=1 # Location used for temporary files, such as those created by # # docker load and build operations. Default is /var/lib/docker/tmp # # Can be overriden by setting the following environment variable. # # DOCKER_TMPDIR=/var/tmp
之后service docker restart。并查看进程,发现已经改掉。
[root@localhost docker]# ps -ef|grep docker root 2746 1 0 06:25 pts/0 00:00:00 /usr/bin/docker -d --registry-mirror=https://yvaq2qqy.mirror.aliyuncs.com root 2790 1665 0 06:25 pts/0 00:00:00 grep docker
更高docker版本配置
 |
sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://yvaq2qqy.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker |
之后用docker info验证
[root@localhost docker]# docker info Containers: 2 Running: 0 Paused: 0 Stopped: 2 Images: 2 Server Version: 18.09.0 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39 runc version: 4fc53a81fb7c994640722ac585fa9ca548971871 init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-957.1.3.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 991.2MiB Name: localhost.localdomain ID: H3P2:25SP:CIQM:G5V5:VWFZ:2ENN:YGO5:JDAA:NSVJ:BEPY:EPZK:J4QE Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Registry Mirrors: #这个配置已生效 https://yvaq2qqy.mirror.aliyuncs.com/ Live Restore Enabled: false Product License: Community Engine
2.CentOS7中关闭firewall,并使用iptables管理防火墙
下载完镜像后,启动时候,竟然出现如下错误。
[root@localhost ~]# docker run -d -P training/webapp python app.py 29cd64c0c282439d8fd6883f29d6a3a23cbef00bd0256ffb9e81561562ed0f5b docker: Error response from daemon: driver failed programming external connectivity on endpoint laughing_austin
(e1b9e047d2e915fa77730e8d0e1c6c007a6034bcc782a441934b28ee91058256):
(COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -A DOCKER -p tcp -d 0/0 --dport 32787 -j DNAT --to-destination 172.17.0.2:5000 ! -i docker0'
failed: iptables: No chain/target/match by that name. ).
经研究下,是防火墙的缘故。
在使用Docker时,启用centos7默认的firewall,启动端口映射时,防火墙规则不生效。docker默认使用了iptables防火墙机制。所以需要关闭firewall使用iptables解决。
①关闭默认firewall防火墙
systemctl stop firewalld.service 关闭防火墙
systemctl disable firewalld.service 关闭开机启动
②开启iptables
yum install iptables (根据centOS7的版本和内核,有些版本已经装过,可以跳过此命令) yum install iptables-services service iptables restart chkconfig iptables on 或者 systemctl enable iptables.service 开机自启
③添加防火墙命令
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT 添加防火墙规则 iptables -L -n 查看防火墙的设置情况
上述步骤执行完成之后,docker运行该容器就能成功了。