046、创建Docker Machine（2019-03-11 周一）

参考https://www.cnblogs.com/CloudMan6/p/7237420.html

 

对于Docker Machine来说，属于 Machine 就是运行docker daemon的主机。创建Machine 指的就是在host上安装和部署docker，

 

1、创建machine要求 能够通过ssh没密钥登录远程主机，过程略

 

[root@dm03 ~]# ssh-copy-id -i .ssh/id_rsa.pub 123.58.8.20

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@123.58.8.20's password:

 

Number of key(s) added: 1

 

Now try logging into the machine, with:   "ssh '123.58.8.20'"

and check to make sure that only the key(s) you wanted were added.

 

2、各host配置apt源，包括docker-ce源

 

scp /etc/apt/sources.list 123.58.8.20:/etc/apt/sources.list

 

3、各host修改防火墙，开启tcp 2376

 

ssh 123.58.8.20 'ufw allow 2376'

 

4、安装docker

 

[root@dm03 ~]# docker-machine create --driver generic --generic-ip-address 123.58.8.20 host1

Running pre-create checks...

Creating machine...

(host1) No SSH key specified. Assuming an existing key at the default location.    # ssh登录到远程主机

Waiting for machine to be running, this may take a few minutes...

Detecting operating system of created instance...

Waiting for SSH to be available...

Detecting the provisioner...

Provisioning with ubuntu(systemd)...    # 安装docker

Installing Docker...

Copying certs to the local machine directory...    # 拷贝证书

Copying certs to the remote machine...

Setting Docker configuration on the remote daemon...    # 配置docker

Checking connection to Docker...    # 启动docker

Docker is up and running!

To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env host1

 

[root@dm03 ~]# docker-machine ls

NAME    ACTIVE   DRIVER    STATE     URL                      SWARM   DOCKER     ERRORS

host1   -        generic   Running   tcp://123.58.8.20:2376           v18.09.3   

host2   -        generic   Running   tcp://123.58.8.75:2376           v18.09.3   

 

5、如果安装docker的时候报证书相关错误可以执行一下命令进行修复

 

docker-machine regenerate-certs host1

 

 

 

登录到一台docker host上可以看到主机名已经修改成了host2 ，且docker配置文件开启了远程连接，并启用了tls安全认证和加密

 

root@host2:~# hostname    

host2

root@host2:~# cat /etc/systemd/system/docker.service.d/10-machine.conf

[Service]

ExecStart=

ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --storage-driver overlay2 --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=generic

Environment=

root@host2:~#