zoukankan      html  css  js  c++  java

  • centos install docker setup centos7 安装docker

    centos7 安装docker

     1: 安装必要的一些系统工具
    sudo yum install -y yum-utils device-mapper-persistent-data lvm2
     2: 添加软件源信息
    sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    3: 更新并安装 Docker-CE
    sudo yum makecache fast
    sudo yum -y install docker-ce
     4: 开启Docker服务
    systemctl docker start
    docker info 查看信息
    [root@localhost system]# docker info
    Containers: 1
     Running: 0
     Paused: 0
     Stopped: 1
    Images: 1
    Server Version: 17.12.0-ce
    Storage Driver: devicemapper
     Pool Name: docker-259:1-2149612562-pool
     Pool Blocksize: 65.54kB
     Base Device Size: 10.74GB
     Backing Filesystem: xfs
     Udev Sync Supported: true
     Data file: /dev/loop0
     Metadata file: /dev/loop1
     Data loop file: /var/lib/docker/devicemapper/devicemapper/data
     Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
     Data Space Used: 19.73MB
     Data Space Total: 107.4GB
     Data Space Available: 107.4GB
     Metadata Space Used: 593.9kB
     Metadata Space Total: 2.147GB
     Metadata Space Available: 2.147GB
     Thin Pool Minimum Free Space: 10.74GB
     Deferred Removal Enabled: true
     Deferred Deletion Enabled: true
     Deferred Deleted Device Count: 0
     Library Version: 1.02.140-RHEL7 (2017-05-03)
    Logging Driver: json-file
    Cgroup Driver: cgroupfs
    Plugins:
     Volume: local
     Network: bridge host macvlan null overlay
     Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
    Swarm: inactive
    Runtimes: runc
    Default Runtime: runc
    Init Binary: docker-init
    containerd version: 89623f28b87a6004d4b785663257362d1658a729
    runc version: N/A (expected: b2567b37d7b75eb4cf325b77297b140ea686ce8f)
    init version: 949e6fa
    Security Options:
     seccomp
      Profile: default
    Kernel Version: 3.10.0-327.el7.x86_64
    Operating System: CentOS Linux 7 (Core)
    OSType: linux
    Architecture: x86_64
    CPUs: 24
    Total Memory: 125.7GiB
    Name: localhost.localdomain
    ID: ZWN2:HKKK:ZZLD:UXLN:MCRT:K2UA:5QE2:V3WQ:WSD3:YLXM:M5VI:7SDK
    Docker Root Dir: /var/lib/docker
    Debug Mode (client): false
    Debug Mode (server): false
    Registry: https://index.docker.io/v1/
    Labels:
    Experimental: false
    Insecure Registries:
     127.0.0.0/8

    WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use.
             Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
    WARNING: bridge-nf-call-iptables is disabled
    WARNING: bridge-nf-call-ip6tables is disabled

    第一个警告可以修改默认的存储方式来消除

    大意是用loopback的方式运行docker是强烈不建议的,后面也告诉了解决这个警告的办法,
    网上搜索的一些解决办法,大意也是docker daemon启动参数加入  
    DOCKER_STORAGE_OPTIONS="--storage-opt dm.no_warn_on_loop_devices=true"来规避警告。
    而实际这样无异于掩耳盗铃,从加入的参数的意思也能看出如此。事实上,根本的解决办法,
    要从docker 的不同的存储驱动说起。

目前docker支持的存储驱动类型,有aufs,Device mapper,btrfs,overlayfs和zfs,
    所有驱动都用到写时复制(CoW)的技术。而出现警告的原因,就是在centos系统上(默认不支持aufs),
    docker daemon启动时,找到的后端存储驱动只有device mapper类型,就会通过loopback的方式,创造100G的sparse文件,
    并将其作为device mapper的存储池,而所有容器都从该存储池中分配默认10G的存储空间使用
    (可以理解为通过dd命令创造一个稀疏文件,再把这个稀疏的文件当做块设备通过loopback挂载出来)。
    而loopback的方式,性能和稳定性都不是很好,所以才出现上述警告。因此解决的办法,
    也在使用device mapper存储时,避免使用loopback即可

     具体参考 http://www.cnblogs.com/sxwen/p/8304209.html


    消除警告
    WARNING: bridge-nf-call-iptables is disabled
    WARNING: bridge-nf-call-ip6tables is disabled

    [root@localhost system]# tee -a /etc/sysctl.conf <<-EOF
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    EOF

    使之生效

    [root@localhost system]# sysctl -p
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1

    docker info 警告已经消除


    镜像加速器

    aliyun 的镜像加速器 首先要注册自己的阿里云账户,aliyun 为每个账户设置了唯一的加速器


    网上有很多在 /etc/docker/daemon.json 中设置的,包括aliyun 文档也是这样设置,如果没有daemon.json 文件需要自己创建

    [root@localhost ~]# cat /etc/docker/daemon.json 
{
"registry-mirrors":["https://vaflkxbk.mirror.aliyuncs.com"]
}


    另外一种方式如下:

    1.复制/lib/systemd/system/docker.service 到/etc/systemd/system/ 目录下
    [root@localhost system]# cp -n /lib/systemd/system/docker.service /etc/systemd/system/
    2.修改ExecStart 该行如下

    sed -i 's|ExecStart=/usr/bin/dockerd|ExecStart=/usr/bin/dockerd --registry-mirror=https://vaflkxb*.mirror.aliyuncs.com|g' /etc/systemd/system/docker.service


    ExecStart=/usr/bin/dockerd --registry-mirror=https://vafl***.mirror.aliyuncs.com

    [root@localhost system]# cat /etc/systemd/system/docker.service
    [Unit]
    Description=Docker Application Container Engine
    Documentation=https://docs.docker.com
    After=network-online.target firewalld.service
    Wants=network-online.target

    [Service]
    Type=notify
    # the default is not to use systemd for cgroups because the delegate issues still
    # exists and systemd currently does not support the cgroup feature set required
    # for containers run by docker
    ExecStart=/usr/bin/dockerd --registry-mirror=https://vaflk***.mirror.aliyuncs.com
    ExecReload=/bin/kill -s HUP $MAINPID
    # Having non-zero Limit*s causes performance problems due to accounting overhead
    # in the kernel. We recommend using cgroups to do container-local accounting.
    LimitNOFILE=infinity
    LimitNPROC=infinity
    LimitCORE=infinity
    # Uncomment TasksMax if your systemd version supports it.
    # Only systemd 226 and above support this version.
    #TasksMax=infinity
    TimeoutStartSec=0
    # set delegate yes so that systemd does not reset the cgroups of docker containers
    Delegate=yes
    # kill only the docker process, not all processes in the cgroup
    KillMode=process
    # restart the docker process if it exits prematurely
    Restart=on-failure
    StartLimitBurst=3
    StartLimitInterval=60s

    [Install]
    WantedBy=multi-user.target

    3.重启服务
    [root@localhost system]# systemctl daemon-reload
    [root@localhost system]# systemctl restart docker
    [root@localhost system]#

    4. docker info 验证 registry 是否有aliyun
    5. pull mysql 数据库验证速度,比默认registry块好多倍

    [root@localhost system]# docker pull mysql
    Using default tag: latest
    latest: Pulling from library/mysql
    f49cf87b52c1: Pull complete
    78032de49d65: Pull complete
    837546b20bc4: Pull complete
    9b8316af6cc6: Pull complete
    1056cf29b9f1: Pull complete
    86f3913b029a: Pull complete
    f98eea8321ca: Pull complete
    3a8e3ebdeaf5: Pull complete
    4be06ac1c51e: Pull complete
    920c7ffb7747: Pull complete
    Digest: sha256:7cdb08f30a54d109ddded59525937592cb6852ff635a546626a8960d9ec34c30
    Status: Downloaded newer image for mysql:latest
    [root@localhost system]#
    [root@localhost system]#
    [root@localhost system]# docker image list
    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    mysql               latest              f008d8ff927d        33 hours ago        409MB
    hello-world         latest              f2a91732366c        8 weeks ago         1.85kB
    [root@localhost system]#
    [root@localhost system]#
    [root@localhost system]#
    [root@localhost system]#
  • 相关阅读:
    一套C#语言的日志控制系统
    unity自义定摇杆
    2014 西安邀请赛小结
    Poj 1112 Team Them Up!
    Poj 1112 Rebuilding Roads(树形DP+背包)
    USACO Cow Pedigrees
    Poj 2284 That Nice Euler Circuit
    LA 3942 Remember the Word
    HDU 3065 病毒侵袭持续中
    HDU 2896 病毒侵袭
  • 原文地址:https://www.cnblogs.com/sxwen/p/8303099.html
Copyright © 2011-2022 走看看