摘要:下图是与其他虚拟技术的对比图。的目标是,基于这个目标,将你需要发布的应用组件及需要的环境配置都封装成一个镜像,然后基于镜像创建容器并启动运行。这样就可以达到组建级别的一次封装,多次运行。而默认情况下,属于用户,需要权限才能访问。
docker玩过很多次,但每次都是从零开始,所以这次而打算记录下来,方便后面查询。
docker的技术基础是LXC虚拟化技术,虚拟化技术有很多,有硬件层面和软件层面的,我在
2018年第13周-虚拟化技术理解大概有描述。其中LXC就是软件层面的虚拟化技术。其内存利用率很高,这是因为所有虚拟机(在docker里叫Container)都共享宿主的操作系统实例,,不存在由于运行多个操作系统实例所造成的性能损耗。下图是docker与其他虚拟技术的对比图。
Docker的目标是“Build, Ship and Run Any App, Anywhere”,基于这个目标,将你需要发布的应用组件及需要的环境配置都封装成一个image(镜像),然后基于镜像创建Container(容器)并启动运行。这样就可以达到组建级别的一次封装,多次运行。是不是跟JVM很像,一次编译,多处运行。
安装准备
卸载历史版本
历史本版的Docker可能被叫为docker或docker-engine. 如果它们有安装 ,卸载它以及它们的依赖. 命令如下:
$ sudo yum remove docker
docker-client
docker-client-latest
docker-common
docker-latest
docker-latest-logrotate
docker-logrotate
docker-selinux
docker-engine-selinux
docker-engine
/var/lib/docker/目录里的内容将被保留, 以及images, containers, volumes, 和networks将会被保留.
Docker CE包现在叫 docker-ce
安装Docker CE
你可以从很多地方安装Docker CE, 这取决于你的需求:
很多用户设置Docker的yum仓库, 然后安装docker, 这样容易安装和升级. 推荐此方法.
有些用户下载ROM包, 并手工安装和手工管理升级. 这种方法对于那些无法连上网的服务器是很有用的.
在测试和开发环境, 有些用户选择自动方便的脚本来安装docker.
从仓库安装
在安装Docker CE之前, 你需要设置Docker的yum仓库. 然后在安装.
设置仓库
安装需要的包. yum-utils提供yum-config-manager工具, devicemapper存储驱动则需要device-mapper-persistent-data和lvm2
$ sudo yum install -y yum-utils
device-mapper-persistent-data
lvm2
我centos7系统安装时选择的SOFTWARE SELECTION是Infrastuctue Server (Server for operating network infrastuctue Server)
[root@amd usb]# sudo yum install -y yum-utils
> device-mapper-persistent-data
> lvm2
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.lzu.edu.cn
* extras: mirrors.zju.edu.cn
* updates: mirrors.zju.edu.cn
Package yum-utils-1.1.31-46.el7_5.noarch already installed and latest version
Package device-mapper-persistent-data-0.7.3-3.el7.x86_64 already installed and latest version
Package 7:lvm2-2.02.177-4.el7.x86_64 already installed and latest version
Nothing to do
使用以下命令设置stable仓库, 就算你想安装edge或test仓库, 也还是得安装stable仓库.
sudo yum-config-manager
--add-repo
https://download.docker.com/linux/centos/docker-ce.repo
[root@amd usb]# sudo yum-config-manager
> --add-repo
> https://download.docker.com/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror, langpacks
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
可选: 启动edge和test仓库, 这些仓库都是包含在docker.repo文件, 只是默认是关闭的.
$ sudo yum-config-manager --enable docker-ce-edge
$ sudo yum-config-manager --enable docker-ce-test
通过yum-config-manager命令关闭edge和test仓库.
sudo yum-config-manager --disable docker-ce-edge
安装Docker CE
安装最新版本的Docker CE, 或者参考下一步可指定版本:
sudo yum install docker-ce
如果需要确认GPG key, 确认fingerprint是否匹配060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35, 匹配上了则确认
多个docker库的情况下
如果你有多个docker库启用了, 而且安装或升级时不指定版本, 那么yum install或yum update命令则总会安装尽可能高的版本, 这也许不符合你稳定的要求.
到此位置, docker已经安装, 但还未启动. Linux的docker group也创建了, 但没有users在这组里.
安装过程:
[root@amd ~]# sudo yum install docker-ce
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.lzu.edu.cn
* extras: mirrors.zju.edu.cn
* updates: mirrors.zju.edu.cn
base | 3.6 kB 00:00:00
docker-ce-stable | 2.9 kB 00:00:00
epel | 3.2 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/2): epel/x86_64/updateinfo | 935 kB 00:00:05
(2/2): epel/x86_64/primary | 3.6 MB 00:00:14
epel 12742/12742
Resolving Dependencies
--> Running transaction check
---> Package docker-ce.x86_64 0:18.06.1.ce-3.el7 will be installed
--> Processing Dependency: container-selinux >= 2.9 for package: docker-ce-18.06.1.ce-3.el7.x86_64
--> Processing Dependency: libcgroup for package: docker-ce-18.06.1.ce-3.el7.x86_64
--> Processing Dependency: libltdl.so.7()(64bit) for package: docker-ce-18.06.1.ce-3.el7.x86_64
--> Running transaction check
---> Package container-selinux.noarch 2:2.68-1.el7 will be installed
--> Processing Dependency: policycoreutils-python for package: 2:container-selinux-2.68-1.el7.noarch
---> Package libcgroup.x86_64 0:0.41-15.el7 will be installed
---> Package libtool-ltdl.x86_64 0:2.4.2-22.el7_3 will be installed
--> Running transaction check
---> Package policycoreutils-python.x86_64 0:2.5-22.el7 will be installed
--> Processing Dependency: setools-libs >= 3.3.8-2 for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-9 for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-22.el7.x86_64
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.8.1-3.el7_5.1 will be installed
---> Package checkpolicy.x86_64 0:2.5-6.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.5-11.el7 will be installed
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package setools-libs.x86_64 0:3.3.8-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================================================================================================================================================================
Package Arch Version Repository Size
=====================================================================================================================================================================================================================
Installing:
docker-ce x86_64 18.06.1.ce-3.el7 docker-ce-stable 41 M
Installing for dependencies:
audit-libs-python x86_64 2.8.1-3.el7_5.1 updates 75 k
checkpolicy x86_64 2.5-6.el7 base 294 k
container-selinux noarch 2:2.68-1.el7 extras 36 k
libcgroup x86_64 0.41-15.el7 base 65 k
libsemanage-python x86_64 2.5-11.el7 base 112 k
libtool-ltdl x86_64 2.4.2-22.el7_3 base 49 k
policycoreutils-python x86_64 2.5-22.el7 base 454 k
python-IPy noarch 0.75-6.el7 base 32 k
setools-libs x86_64 3.3.8-2.el7 base 619 k
Transaction Summary
=====================================================================================================================================================================================================================
Install 1 Package (+9 Dependent packages)
Total size: 42 M
Installed size: 46 M
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-18.06.1.ce-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Retrieving key from https://download.docker.com/linux/centos/gpg
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) "
Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
From : https://download.docker.com/linux/centos/gpg
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libcgroup-0.41-15.el7.x86_64 1/10
Installing : audit-libs-python-2.8.1-3.el7_5.1.x86_64 2/10
Installing : setools-libs-3.3.8-2.el7.x86_64 3/10
Installing : libtool-ltdl-2.4.2-22.el7_3.x86_64 4/10
Installing : python-IPy-0.75-6.el7.noarch 5/10
Installing : checkpolicy-2.5-6.el7.x86_64 6/10
Installing : libsemanage-python-2.5-11.el7.x86_64 7/10
Installing : policycoreutils-python-2.5-22.el7.x86_64 8/10
Installing : 2:container-selinux-2.68-1.el7.noarch 9/10
setsebool: SELinux is disabled.
Installing : docker-ce-18.06.1.ce-3.el7.x86_64 10/10
Verifying : libcgroup-0.41-15.el7.x86_64 1/10
Verifying : docker-ce-18.06.1.ce-3.el7.x86_64 2/10
Verifying : policycoreutils-python-2.5-22.el7.x86_64 3/10
Verifying : libsemanage-python-2.5-11.el7.x86_64 4/10
Verifying : 2:container-selinux-2.68-1.el7.noarch 5/10
Verifying : checkpolicy-2.5-6.el7.x86_64 6/10
Verifying : python-IPy-0.75-6.el7.noarch 7/10
Verifying : libtool-ltdl-2.4.2-22.el7_3.x86_64 8/10
Verifying : setools-libs-3.3.8-2.el7.x86_64 9/10
Verifying : audit-libs-python-2.8.1-3.el7_5.1.x86_64 10/10
Installed:
docker-ce.x86_64 0:18.06.1.ce-3.el7
Dependency Installed:
audit-libs-python.x86_64 0:2.8.1-3.el7_5.1 checkpolicy.x86_64 0:2.5-6.el7 container-selinux.noarch 2:2.68-1.el7 libcgroup.x86_64 0:0.41-15.el7 libsemanage-python.x86_64 0:2.5-11.el7
libtool-ltdl.x86_64 0:2.4.2-22.el7_3 policycoreutils-python.x86_64 0:2.5-22.el7 python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-2.el7
Complete!
指定版本安装Docker CE, 首先先列出仓库有哪些docker-ce版本, 然后在选择安装
a. 列出并排序有哪些版本在仓库里, 以下是例子, 从高级到低级.
[root@amd ~]# yum list docker-ce --showduplicates | sort -r
* updates: mirrors.zju.edu.cn
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror, langpacks
Installed Packages
* extras: mirrors.zju.edu.cn
docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.1.ce-3.el7 @docker-ce-stable
docker-ce.x86_64 18.06.0.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 18.03.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.3.ce-1.el7 docker-ce-stable
docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
* base: mirror.lzu.edu.cn
Available Packages
这列表内容取决于哪个仓库被启动, 并且指定了你CentOS版本(在这例子里是.el7)
b. 安装指定版本, 需指定全限定包名, 也就是包名(docker-ce)加版本字符串(第2列), 以横杠(-)隔开, 例如: docker-ce-18.03.0.ce
sudo yum install docker-ce-
Dokcer
到此位置, docker已经安装, 但还未启动. Linux的docker group也创建了, 但没有users在这组里.
启动Docker
$ sudo systemctl start docker
验证Docker是否安装正确, 我们运行个hello-world镜像
sudo docker run hello-world
此命令会下载一个test镜像, 然后运行在一个容器里, 当容器运行时, 它会输出信息, 然后退出.
Docker CE已经安装并且运行着, 你需要用sudo在运行Docker. 可以继续教程Linux postinstall 来运行没有权限的用户运行Docker命令.
升级Docker-CE
就在yum中直接选择新版本安装即可
docker操作
查询镜像
docker search centos
下载镜像
docker pull centos
本地镜像列表
docker images
启动centos并进入bash
docker run -ti centos /bin/bash
查看所有容器情况
docker ps -a
使用宿主的所有网络信息的启动docker
docker run -tid --name can_download --net host centos /bin/bash
创建bridge的网关
docker run -tid --name my-net-centos --network my-net centos /bin/bash
指定bridge的网关
连接后台运行的container
docker exec -it my-net-centos /bin/bash
宿主与container传输文件
docker cp jdk-8u172-linux-x64.tar.gz f858312b67c20f1ff5303ae8f8333133c8791d434ee30c0e3395ccfb6b345d4f:/root/jdk-8u172-linux-x64.tar.gz
TroubleShoot
管理权限
nescafe@nescafe-PC:~$ docker images
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.38/images/json: dial unix /var/run/docker.sock: connect: permission denied
原因
摘自docker mannual上的一段话
Manage Docker as a non-root user
The docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The docker daemon always runs as the root user.
If you don’t want to use sudo when you use the docker command, create a Unix group called docker and add users to it. When the docker daemon starts, it makes the ownership of the Unix socket read/writable by the docker group.
大概的意思就是:docker进程使用Unix Socket而不是TCP端口。而默认情况下,Unix socket属于root用户,需要root权限才能访问。
解决方法1
使用sudo获取管理员权限,运行docker命令
解决方法2
docker守护进程启动的时候,会默认赋予名字为docker的用户组读写Unix socket的权限,因此只要创建docker用户组,并将当前用户加入到docker用户组中,那么当前用户就有权限访问Unix socket了,进而也就可以执行docker相关命令
sudo groupadd docker #添加docker用户组
sudo gpasswd -a $USER docker #将登陆用户加入到docker用户组中
newgrp docker #更新用户组
docker ps #测试docker命令是否可以使用sudo正常使用
