[docker]通过阿里云源安装docker && flannel不通问题解决(try this guy out)

docker清理容器

# 容器停止后就自动删除:
docker run --rm centos /bin/echo "One";

# 杀死所有正在运行的容器:
docker kill $(docker ps -a -q)

# 删除所有未打标签的镜像:
docker rmi $(docker images -q -f dangling=true)

# 删除所有已经停止的容器:
docker rm $(docker ps -a -q)

# 显示镜像名字:tag
docker images --format "{{.Repository}}:{{.Tag}}"

alias tag='docker images --format "{{.Repository}}:{{.Tag}}"'



alias bb='docker run -it --rm busybox'
alias dp='docker ps -a'
alias dt='docker images --format "{{.Repository}}:{{.Tag}}"'
alias dc='docker rm $(docker ps -a -q)'
alias ds='docker stats'
alias kk='kubectl get pod --all-namespaces -o wide --show-labels'
alias ks='kubectl get svc --all-namespaces -o wide'
alias kss='kubectl get svc --all-namespaces -o wide --show-labels'
alias kd='kubectl get deploy --all-namespaces -o wide'
alias wk='watch kubectl get pod --all-namespaces -o wide --show-labels'
alias kv='kubectl get pv -o wide'
alias kvc='kubectl get pvc -o wide --all-namespaces --show-labels'
alias kbb='kubectl run -it --rm --restart=Never busybox --image=busybox sh'
alias kbbc='kubectl run -it --rm --restart=Never curl --image=appropriate/curl sh'
alias kd='kubectl get deployment --all-namespaces --show-labels'
alias kcm='kubectl get cm --all-namespaces -o wide'
alias kin='kubectl get ingress --all-namespaces -o wide'                          

自动补全

yum install bash-com* -y
wget https://raw.githubusercontent.com/lannyMa/scripts/master/docker
mv docker /etc/bash_completion.d/



$ wget https://get.docker.com/builds/Linux/x86_64/docker-17.04.0-ce.tgz
$ tar -xvf docker-17.04.0-ce.tgz
$ cp docker/docker* /root/local/bin
$ cp docker/completion/bash/docker /etc/bash_completion.d/

使用阿里云源安装新版docker-ce

安装步骤

参考:
https://mirrors.aliyun.com/help/docker-ce
https://yq.aliyun.com/articles/110806


yum install -y libnetfilter_conntrack-devel libmnl-devel conntrack-tools socat
echo "net.netfilter.nf_conntrack_acct=1" >> /etc/sysctl.conf
echo "net.netfilter.nf_conntrack_timestamp=1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf 

yum install -y yum-utils device-mapper-persistent-data lvm2
#如果docker-ce.repo内容为空,则参考下面附.
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 
sudo yum makecache fast
sudo yum install docker-ce -y
mkdir -p /etc/docker
cat >>/etc/docker/daemon.json<
systemctl daemon-reload
systemctl restart docker && systemctl enable docker

配置转发

sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv4.ip_forward=1 
echo 'iptables -P FORWARD ACCEPT' >> /etc/rc.local
iptables -P FORWARD ACCEPT
sysctl -p

docker pull busybox
echo "alias bb='docker run -it --rm busybox'"  >> /etc/bashrc
source  /etc/bashrc

sudo systemctl stop firewalld
sudo systemctl disable firewalld
sudo iptables -F && sudo iptables -X && sudo iptables -F -t nat && sudo iptables -X -t nat


iptables -t nat -L -n

ip netns ls显示

ln -s /var/run/docker/netns /var/run/netns

查看dockerd日志

journalctl -u docker -f

安装docker-compose

cd
yum install python-pip -y
mkdir ~/.pip
cat >pip.conf<

二进制安装docker-ce

下载:
https://download.docker.com/linux/static/stable/x86_64/

tar -xvf docker-17.04.0-ce.tgz
cp docker/docker* /user/local/bin
cp docker/completion/bash/docker /etc/bash_completion.d/

dockerd --log-level=error --bip=10.2.20.1/24 --mtu=1500 --ipmasq=true
$ cat docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io

[Service]
Environment="PATH=/root/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
EnvironmentFile=-/run/flannel/docker                                           ## 这里比较关键
ExecStart=/root/local/bin/dockerd --log-level=error $DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
Restart=on-failure
RestartSec=5
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target

flannel网络不通问题解决

两台机器间容器通过flannel网络无法互ping

  • 以往是这样解决的
systemctl stop firewalld && systemctl disable firewalld
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv4.ip_forward=1 
iptables -P FORWARD ACCEPT
sysctl -p

echo 'iptables -P FORWARD ACCEPT' >> /rc.local
  • 这样不好使,排查发现flannel动态生成的subnet.env参数和docker手动指定的不一样
    我重启了下所有机器,导致flannel启动后子网发生了变化,而docker启动加载的是之前手动给指定的之前的flannel的子网,因此导致不同.

下面详解了解下flannel如何和docker联动

1.下载flannel后,压缩包里有个生成docker启动参数(网络)的脚本

2.flannel启动会执行这个脚本(flannel的services实现),动态生成docker参数

/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
  • 创建 flanneld 的 systemd unit 文件
$ cat > flanneld.service << EOF
[Unit]
Description=Flanneld overlay address etcd agent
After=network.target
After=network-online.target
Wants=network-online.target
After=etcd.service
Before=docker.service

[Service]
Type=notify
ExecStart=/root/local/bin/flanneld
ExecStartPost=/root/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
Restart=on-failure

[Install]
WantedBy=multi-user.target
RequiredBy=docker.service
EOF

mk-docker-opts.sh 脚本将分配给 flanneld 的 Pod 子网网段信息写入到 /run/flannel/docker 文件中,后续 docker 启动时使用这个文件中参数值设置 docker0 网桥;
-iface 选项值指定 flanneld 和其它 Node 通信的接口,如果机器有内、外网,则最好指定为内网接口;

  • 创建docker启动脚本
$ cat docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.io

[Service]
Environment="PATH=/root/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
EnvironmentFile=-/run/flannel/docker
ExecStart=/root/local/bin/dockerd --log-level=error $DOCKER_NETWORK_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
Restart=on-failure
RestartSec=5
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target

flannel自动生成docker参数脚本

/usr/local/bin/mk-docker-opts.sh -k DOCKER_NETWORK_OPTIONS -d /run/flannel/docker
#!/bin/sh

usage() {
    echo "$0 [-f FLANNEL-ENV-FILE] [-d DOCKER-ENV-FILE] [-i] [-c] [-m] [-k COMBINED-KEY]

Generate Docker daemon options based on flannel env file
OPTIONS:
    -f  Path to flannel env file. Defaults to /run/flannel/subnet.env
    -d  Path to Docker env file to write to. Defaults to /run/docker_opts.env
    -i  Output each Docker option as individual var. e.g. DOCKER_OPT_MTU=1500
    -c  Output combined Docker options into DOCKER_OPTS var
    -k  Set the combined options key to this value (default DOCKER_OPTS=)
    -m  Do not output --ip-masq (useful for older Docker version)
" >&2

    exit 1
}

flannel_env="/run/flannel/subnet.env"
docker_env="/run/docker_opts.env"
combined_opts_key="DOCKER_OPTS"
indiv_opts=false
combined_opts=false
ipmasq=true

while getopts "f:d:icmk:?h" opt; do
    case $opt in
        f)
            flannel_env=$OPTARG
            ;;
        d)
            docker_env=$OPTARG
            ;;
        i)
            indiv_opts=true
            ;;
        c)
            combined_opts=true
            ;;
        m)
            ipmasq=false
            ;;
        k)
            combined_opts_key=$OPTARG
            ;;
        [\?h])
            usage
            ;;
    esac
done

if [ $indiv_opts = false ] && [ $combined_opts = false ]; then
    indiv_opts=true
    combined_opts=true
fi

if [ -f "$flannel_env" ]; then
    . $flannel_env
fi

if [ -n "$FLANNEL_SUBNET" ]; then
    DOCKER_OPT_BIP="--bip=$FLANNEL_SUBNET"
fi

if [ -n "$FLANNEL_MTU" ]; then
    DOCKER_OPT_MTU="--mtu=$FLANNEL_MTU"
fi

if [ -n "$FLANNEL_IPMASQ" ] && [ $ipmasq = true ] ; then
    if [ "$FLANNEL_IPMASQ" = true ] ; then
        DOCKER_OPT_IPMASQ="--ip-masq=false"
    elif [ "$FLANNEL_IPMASQ" = false ] ; then
        DOCKER_OPT_IPMASQ="--ip-masq=true"
    else
        echo "Invalid value of FLANNEL_IPMASQ: $FLANNEL_IPMASQ" >&2
        exit 1
    fi
fi

eval docker_opts="\$${combined_opts_key}"

if [ "$docker_opts" ]; then
    docker_opts="$docker_opts ";
fi

echo -n "" >$docker_env

for opt in $(set | grep "DOCKER_OPT_"); do

    OPT_NAME=$(echo $opt | awk -F "=" '{print $1;}');
    OPT_VALUE=$(eval echo "\$$OPT_NAME");

    if [ "$indiv_opts" = true ]; then
        echo "$OPT_NAME=\"$OPT_VALUE\"" >>$docker_env;
    fi

    docker_opts="$docker_opts $OPT_VALUE";

done

if [ "$combined_opts" = true ]; then
    echo "${combined_opts_key}=\"${docker_opts}\"" >>$docker_env
fi

把机器上所有image dump成文件,一键导出本地所有镜像

#!/bin/bash
image_list=`docker images --format "{{.Repository}}:{{.Tag}}"`
for image in $image_list;do
   file_name=`echo $image | sed "s#[/:]#_#g"`
   echo "Saveing image '$image' into '$file_name.tar.gz'"
   docker save -o "$file_name.tar" $image
   gzip $file_name.tar
done

# gzip把tar搞成了tar.gz, docker load -i tar.gz即可. 如果空间够,可以不gzip

docker json日志驱动滚动和清理参数

参考: https://docs.docker.com/engine/admin/logging/json-file/#usage
默认一个日志文件.不自动切割.
806469-20171217130734936-933486582.png

[docker]通过阿里云源安装docker && flannel不通问题解决(try this guy out)_第1张图片

dockerd前台启动

可以指定bridge启动(默认的docker0有nat)

dockerd -b=br0

可以启动后不让修改iptables

dockerd -b=br0 --iptables=false #默认修改的,iptables -t nat -L -n
$ dockerd --help

Usage:  dockerd COMMAND

A self-sufficient runtime for containers.

Options:
      --add-runtime runtime                     Register an additional OCI compatible runtime (default [])
      --allow-nondistributable-artifacts list   Allow push of nondistributable artifacts to registry
      --api-cors-header string                  Set CORS headers in the Engine API
      --authorization-plugin list               Authorization plugins to load
      --bip string                              Specify network bridge IP
  -b, --bridge string                           Attach containers to a network bridge
      --cgroup-parent string                    Set parent cgroup for all containers
      --cluster-advertise string                Address or interface name to advertise
      --cluster-store string                    URL of the distributed storage backend
      --cluster-store-opt map                   Set cluster store options (default map[])
      --config-file string                      Daemon configuration file (default "/etc/docker/daemon.json")
      --containerd string                       Path to containerd socket
      --cpu-rt-period int                       Limit the CPU real-time period in microseconds
      --cpu-rt-runtime int                      Limit the CPU real-time runtime in microseconds
      --data-root string                        Root directory of persistent Docker state (default "/var/lib/docker")
  -D, --debug                                   Enable debug mode
      --default-gateway ip                      Container default gateway IPv4 address
      --default-gateway-v6 ip                   Container default gateway IPv6 address
      --default-ipc-mode string                 Default mode for containers ipc ("shareable" | "private") (default "shareable")
      --default-runtime string                  Default OCI runtime for containers (default "runc")
      --default-shm-size bytes                  Default shm size for containers (default 64MiB)
      --default-ulimit ulimit                   Default ulimits for containers (default [])
      --disable-legacy-registry                 Disable contacting legacy registries (default true)
      --dns list                                DNS server to use
      --dns-opt list                            DNS options to use
      --dns-search list                         DNS search domains to use
      --exec-opt list                           Runtime execution options
      --exec-root string                        Root directory for execution state files (default "/var/run/docker")
      --experimental                            Enable experimental features
      --fixed-cidr string                       IPv4 subnet for fixed IPs
      --fixed-cidr-v6 string                    IPv6 subnet for fixed IPs
  -G, --group string                            Group for the unix socket (default "docker")
      --help                                    Print usage
  -H, --host list                               Daemon socket(s) to connect to
      --icc                                     Enable inter-container communication (default true)
      --init                                    Run an init in the container to forward signals and reap processes
      --init-path string                        Path to the docker-init binary
      --insecure-registry list                  Enable insecure registry communication
      --ip ip                                   Default IP when binding container ports (default 0.0.0.0)
      --ip-forward                              Enable net.ipv4.ip_forward (default true)
      --ip-masq                                 Enable IP masquerading (default true)
      --iptables                                Enable addition of iptables rules (default true)
      --ipv6                                    Enable IPv6 networking
      --label list                              Set key=value labels to the daemon
      --live-restore                            Enable live restore of docker when containers are still running
      --log-driver string                       Default driver for container logs (default "json-file")
  -l, --log-level string                        Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
      --log-opt map                             Default log driver options for containers (default map[])
      --max-concurrent-downloads int            Set the max concurrent downloads for each pull (default 3)
      --max-concurrent-uploads int              Set the max concurrent uploads for each push (default 5)
      --metrics-addr string                     Set default address and port to serve the metrics api on
      --mtu int                                 Set the containers network MTU
      --network-control-plane-mtu int           Network Control plane MTU (default 1500)
      --no-new-privileges                       Set no-new-privileges by default for new containers
      --node-generic-resources string           user defined resources (e.g. fpga=2;gpu={UUID1,UUID2,UUID3})
      --oom-score-adjust int                    Set the oom_score_adj for the daemon (default -500)
  -p, --pidfile string                          Path to use for daemon PID file (default "/var/run/docker.pid")
      --raw-logs                                Full timestamps without ANSI coloring
      --registry-mirror list                    Preferred Docker registry mirror
      --seccomp-profile string                  Path to seccomp profile
      --selinux-enabled                         Enable selinux support
      --shutdown-timeout int                    Set the default shutdown timeout (default 15)
  -s, --storage-driver string                   Storage driver to use
      --storage-opt list                        Storage driver options
      --swarm-default-advertise-addr string     Set default address or interface for swarm advertised address
      --tls                                     Use TLS; implied by --tlsverify
      --tlscacert string                        Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string                          Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string                           Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify                               Use TLS and verify the remote
      --userland-proxy                          Use userland proxy for loopback traffic (default true)
      --userland-proxy-path string              Path to the userland proxy binary
      --userns-remap string                     User/Group setting for user namespaces
  -v, --version                                 Print version information and quit

开启流数据统计

## 开启流数据包统计(packets和bytes)
echo "net.netfilter.nf_conntrack_acct=1" >> /etc/sysctl.conf

## 开启流持续时间统计(delta-time)
echo "net.netfilter.nf_conntrack_timestamp=1" >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf 

conntrack -L -o ktimestamp

让centos7镜像支持中文

806469-20171227145203347-1324515523.png

RUN  yum -y install kde-l10n-Chinese && \  
    yum -y reinstall glibc-common &&\  
    yum clean all  && \  
    localedef -c -f UTF-8 -i zh_CN zh_CN.utf8   
          
ENV LC_ALL "zh_CN.UTF-8"

docker选项配置参考

kubespray安装k8s集群时候,自动给docker配置的

[root@n1 ~]# ps -ef|grep docker
root      14289      1  2 23:18 ?        00:00:32 /usr/bin/dockerd --insecure-registry=10.233.0.0/18 --graph=/var/lib/docker --log-opt max-size=50m --log-opt max-file=5 --iptables=false --dns 10.233.0.3 --dns 114.114.114.114 --dns-search default.svc.cluster.local --dns-search svc.cluster.local --dns-opt ndots:2 --dns-opt timeout:2 --dns-opt attempts:2


[root@n1 ~]# cat /etc/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker-storage-setup.service
Wants=docker-storage-setup.service

[Service]
Type=notify
Environment=GOTRACEBACK=crash
ExecReload=/bin/kill -s HUP $MAINPID
Delegate=yes
KillMode=process
ExecStart=/usr/bin/dockerd \
          $DOCKER_OPTS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $DOCKER_DNS_OPTIONS \
          $INSECURE_REGISTRY
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=1min
Restart=on-abnormal

[Install]
WantedBy=multi-user.target


[root@n1 ~]# ll /etc/systemd/system/docker.service.d/
total 12
-rw-r--r-- 1 root root 234 Dec 27 23:18 docker-dns.conf
-rw-r--r-- 1 root root 158 Dec 27 23:18 docker-options.conf
-rw-r--r-- 1 root root 288 Dec 27 23:18 http-proxy.conf


[root@n1 ~]# cat /etc/systemd/system/docker.service.d/docker-options.conf 
[Service]
Environment="DOCKER_OPTS=--insecure-registry=10.233.0.0/18 --graph=/var/lib/docker  --log-opt max-size=50m --log-opt max-file=5 \
--iptables=false"


[root@n1 ~]# cat /etc/systemd/system/docker.service.d/docker-dns.conf 
[Service]
Environment="DOCKER_DNS_OPTIONS=\
    --dns 10.233.0.3 --dns 114.114.114.114  \
    --dns-search default.svc.cluster.local --dns-search svc.cluster.local  \
    --dns-opt ndots:2 --dns-opt timeout:2 --dns-opt attempts:2  \

[root@n1 ~]# cat /etc/systemd/system/docker.service.d/http-proxy.conf 
[Service]
Environment="HTTP_PROXY=http://192.168.1.88:1080/"  "NO_PROXY=192.168.2.14,node4,node4.cluster.local,192.168.2.15,node5,node5.cluster.local,192.168.2.11,node1,node1.cluster.local,192.168.2.12,node2,node2.cluster.local,192.168.2.13,node3,node3.cluster.local,127.0.0.1,localhost"

docker配置代理

参考:https://docs.docker.com/engine/admin/systemd/
修改docker的svc即可.

[Service]
Environment="HTTP_PROXY=http://[proxy-addr]:[proxy-port]/"

或者:
docker -H LOCAL_IP:1028 

测试(才700多K的东西):
docker pull gcr.io/google_containers/pause-amd64:3.0

docker多进程启动工具

与Supervisord类似的工具包括monit, daemontools和runit。
参考:
https://hub.docker.com/r/faisyl/alpine-runit/~/dockerfile/

docker加速器

image: registry.cn-shenzhen.aliyuncs.com/rancher_cn/heapster-grafana-amd64:v4.4.3
image:  registry.cn-hangzhou.aliyuncs.com/outman_google_containers/heapster-amd64:v1.4.0


vi /etc/docker/daemon.json
{
    "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}

[root@n1 influxdb]# cat /etc/docker/daemon.json 
{
    "registry-mirrors": ["https://registry.docker-cn.com"],
    "hosts": [
        "tcp://0.0.0.0:2375",
        "unix:///var/run/docker.sock"
    ]
}

设置insecure-registries

echo   '{ "insecure-registries":["registry-srv:5000"] }' >/etc/docker/daemon.json 

docker的dns和日志切割设置

/usr/bin/dockerd --insecure-registry=10.233.0.0/18 --graph=/var/lib/docker --log-opt max-size=50m --log-opt max-file=5 --iptables=false --dns 10.233.0.3 --dns 114.114.114.114 --dns-search default.svc.cluster.local --dns-search svc.cluster.local --dns-opt ndots:2 --dns-opt timeout:2 --dns-opt attempts:2

docker run -it --rm busybox
 / # cat /etc/resolv.conf 
search default.svc.cluster.local svc.cluster.local
nameserver 10.233.0.3
nameserver 114.114.114.114

docker-ce.repo阿里云

[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-edge]
name=Docker CE Edge - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

flannel mtu

FLANNEL_MTU = 1450 是 vxlan FLANNEL_MTU = 1500 是 host-gw

其他参考

“深入浅出”来解读Docker网络核心原理
[docker]通过阿里云源安装docker && flannel不通问题解决(try this guy out)_第2张图片
[docker]通过阿里云源安装docker && flannel不通问题解决(try this guy out)_第3张图片

Docker容器技术入门(二)

docker的2类存储资源

参考

- docker存储

docker提供了2种存储资源:
    镜像(由 storage driver 管理):
        1.基础镜像层
        2.可写层
     
        storage driver
            overlay2(devicemapper)
            autfs
            
    Data Volume:
        1.bind mount
            支持f/d
            ro/rw
            目的任意指定
        
            docker run -v的方式
        2.docker managed volume
                不支持ro
                /var/lib/docker/volumes/
        
            1.--volumes-from: 先启一个数据容器,后引用容器容器名
                data-packed volume container
            
                FROM busybox
                VOLUME ["/data1","/data2"]
                
                docker build . -t busybox1
                
                docker run -itd --name b1 busybox1
                    1.先在/var/lib/docker/volumes/创建目录
                    2.挂载到容器/data1 /data2(容器启动会自动创建这两个)

                docker run -itd --volumes-from b1 busybox

            2.docker create volume
                docker volume create hello
                docker run -d -v hello:/world busybox ls /world

其他参考
[docker]通过阿里云源安装docker && flannel不通问题解决(try this guy out)_第4张图片

devicemapper存储设置容量

[root@n1 ~]#  docker run -itd -v /data:/data --name b4 busybox
1ce96b5f4f135e1e98b33997b95e682efa6287ff744e1613aaacab2e159c353b
[root@n1 ~]# docker exec -it b4 sh
/ # df -h
Filesystem                Size      Used Available Use% Mounted on
overlay                  37.8G      1.8G     35.9G   5% /
tmpfs                   487.3M         0    487.3M   0% /dev
tmpfs                   487.3M         0    487.3M   0% /sys/fs/cgroup
/dev/sda3                37.8G      1.8G     35.9G   5% /data

今天复习了以下docker, 发现竟然有这玩意.
https://docs.docker.com/engine/reference/commandline/dockerd/#options-per-storage-driver
devicemapper存储设置
http://blog.51cto.com/welcomeweb/1696121

你可能感兴趣的:([docker]通过阿里云源安装docker && flannel不通问题解决(try this guy out))