Centos 7 安装docker

2.3.2  安装Docker 

在不同版本的RedHat中,安装过程略有不同。

2.在RHEL 7 中安装Docker 

RHEL 7 或更高的版本可以按照代码清单2-24 所示的指令来安装Docker

2、使用 root 权限登录 Centos。确保 yum 包更新到最新。

$ sudo yum update

3、卸载旧版本(如果安装过旧版本的话)

$ sudo yum remove docker  docker-common docker-selinux docker-engine


4、安装需要的软件包, yum-util 提供yum-config-manager功能,另外两个是devicemapper驱动依赖的

$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2


5、 安装docker 

yum install -y docker

需要创建docker用户和组


6、启动并加入开机启动

[root@docker ~]# systemctl   start docker
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.



7.关闭防火墙和selinux
[root@docker ~]# systemctl stop firewalld
[root@docker ~]# systemctl disable firewalld
[root@docker ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

5月 21 01:00:22 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
5月 21 01:00:31 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
5月 21 01:01:53 docker systemd[1]: Stopping firewalld - dynamic firewall daemon...
5月 21 01:01:54 docker systemd[1]: Stopped firewalld - dynamic firewall daemon.

[root@docker ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=disabled


$ sudo systemctl start docker

切记,请勿将docker设置为开启启动
$ sudo systemctl enable docker


[root@docker ~]# systemctl start docker
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
[root@docker ~]# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 五 2019-05-24 14:23:44 CST; 6s ago
     Docs: http://docs.docker.com
  Process: 9266 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
 Main PID: 9266 (code=exited, status=1/FAILURE)

5月 24 14:23:43 docker systemd[1]: Starting Docker Application Container Engine...
5月 24 14:23:43 docker dockerd-current[9266]: time="2019-05-24T14:23:43.428004876+08:00" level=info msg="libcontainerd: new containerd process, pid: 9272"
5月 24 14:23:44 docker dockerd-current[9266]: time="2019-05-24T14:23:44.439665367+08:00" level=warning msg="overlay2: the backing xfs filesystem is formatted without d_type support, which...
5月 24 14:23:44 docker dockerd-current[9266]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either boot into a newer kernel or...abled=false)
5月 24 14:23:44 docker systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
5月 24 14:23:44 docker systemd[1]: Failed to start Docker Application Container Engine.
5月 24 14:23:44 docker systemd[1]: Unit docker.service entered failed state.
5月 24 14:23:44 docker systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

重新编辑docker配置文件:
vi /etc/sysconfig/docker
改为:--selinux-enabled=false

此时启动docker成功:
[root@docker ~]# systemctl start docker
[root@docker ~]# 



8、验证安装是否成功(有client和service两部分表示docker安装启动都成功了)

[root@docker ~]# docker version
Client:
 Version:         1.13.1
 API version:     1.26
 Package version: docker-1.13.1-96.gitb2f74b2.el7.centos.x86_64
 Go version:      go1.10.3
 Git commit:      b2f74b2/1.13.1
 Built:           Wed May  1 14:55:20 2019
 OS/Arch:         linux/amd64

Server:
 Version:         1.13.1
 API version:     1.26 (minimum version 1.12)
 Package version: docker-1.13.1-96.gitb2f74b2.el7.centos.x86_64
 Go version:      go1.10.3
 Git commit:      b2f74b2/1.13.1
 Built:           Wed May  1 14:55:20 2019
 OS/Arch:         linux/amd64
 Experimental:    false
 
 

启动docker守护进程:

安装完Docker后,需要确认Docker的守护进程是否运行。Docker以root权限运行它的守护进程,

来处理普通用户无法完成的操作(如挂载文件系统).

docker 程序是Docker守护进程的客户端程序,同样也需要以root身份运行。

用户可以使用dockert daemon命令控制Dockert守护进程 

在Docker1.8之前,Docker守护进程是通过-d标志来控制的,而没有docker daemon子命令


[root@docker ~]# docker daemon
Command "daemon" is deprecated, and will be removed in Docker 1.16. Please run `dockerd` directly.
Error starting daemon: pid file found, ensure docker is not running or delete /var/run/docker.pid


[root@docker ~]# ls -ltr /var/run/docker.sock 
srw-rw----. 1 root docker 0 5月  24 14:26 /var/run/docker.sock

当Dockert软件包安装完毕后,默认会立即启动Docker守护进程。 守护进程监听/var/run/docker.sock

这个unix 套接字文件,来获取来自客户端的Docker请求。

如果系统中存在为docker的用户组的话,Docker则会将套接字文件的所有者设置为该用户组。

这样,docker用户组的所有用户都可以直接运行Docker,而无需再使用sudo命令了。

2.9.1 配置Docker守护进程 :

运行Docker守护进程时,可以用-H标志调整守护进程绑定监听接口的方式 

可以使用-H 标志指定不同的网络接口和端口配置。例如,要想绑定到网络接口,命令如下:


[root@docker ~]# docker daemon -H tcp://0.0.0.0:2375
Command "daemon" is deprecated, and will be removed in Docker 1.16. Please run `dockerd` directly.
WARN[0000] [!] DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING [!] 
INFO[0000] libcontainerd: previous instance of containerd still alive (9665) 
WARN[0000] overlay2: the backing xfs filesystem is formatted without d_type support, which leads to incorrect behavior. Reformat the filesystem with ftype=1 to enable d_type support. Running without d_type support will no longer be supported in Docker 1.16. 
INFO[0000] [graphdriver] using prior storage driver: overlay2 
Error starting daemon: error while opening volume store metadata database: timeout







[root@docker ~]# service docker status
Redirecting to /bin/systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since 五 2019-05-24 15:30:37 CST; 6min ago
     Docs: http://docs.docker.com
 Main PID: 9847 (dockerd-current)
   CGroup: /system.slice/docker.service
           ├─9847 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland...
           └─9853 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libc...

5月 24 15:30:37 docker dockerd-current[9847]: time="2019-05-24T15:30:37.119214374+08:00" level=warning msg="Your kernel does not support pids limit capabilities or the cgroup ... discarded."
5月 24 15:30:37 docker dockerd-current[9847]: time="2019-05-24T15:30:37.119351649+08:00" level=info msg="Loading containers: start."
5月 24 15:30:37 docker dockerd-current[9847]: time="2019-05-24T15:30:37.130414374+08:00" level=info msg="Firewalld running: false"
5月 24 15:30:37 docker dockerd-current[9847]: time="2019-05-24T15:30:37.226258298+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16.... IP address"
5月 24 15:30:37 docker dockerd-current[9847]: time="2019-05-24T15:30:37.255639925+08:00" level=info msg="Loading containers: done."
5月 24 15:30:37 docker dockerd-current[9847]: time="2019-05-24T15:30:37.260041931+08:00" level=warning msg="Not using native diff for overlay2, this may cause degraded perform...ater to fix"
5月 24 15:30:37 docker dockerd-current[9847]: time="2019-05-24T15:30:37.269865431+08:00" level=info msg="Daemon has completed initialization"
5月 24 15:30:37 docker dockerd-current[9847]: time="2019-05-24T15:30:37.269907853+08:00" level=info msg="Docker daemon" commit="b2f74b2/1.13.1" graphdriver=overlay2 version=1.13.1
5月 24 15:30:37 docker systemd[1]: Started Docker Application Container Engine.
5月 24 15:30:37 docker dockerd-current[9847]: time="2019-05-24T15:30:37.280950017+08:00" level=info msg="API listen on /var/run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.
[root@docker ~]# ps -ef | grep 9847
root      9847     1  0 15:30 ?        00:00:00 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json --selinux-enabled=false --log-driver=journald --signature-verification=false --storage-driver overlay2
root      9853  9847  0 15:30 ?        00:00:00 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc --runtime-args --systemd-cgroup=true
root      9961  2112  0 15:37 pts/0    00:00:00 grep --color=auto 9847
[root@docker ~]# docker^C
[root@docker ~]# ps -A | grep -i docker
 9847 ?        00:00:00 dockerd-current
 9853 ?        00:00:00 docker-containe
 
 
 

 Main PID: 9847 (dockerd-current)   docker进程
 
 9853进程是

dockerd 守护进程,是以root身份启动的。

有一个子进程 docker-containe,这个子进程是多线程工作

docker的远程访问
默认情况下,Docker守护进程会生成一个socket(/var/run/docker.sock)文件来进行本地进程通信,而不会监听任何端口,

因此只能在本地使用docker客户端或者使用Docker API进行操作。如果想在其他主机上操作Docker主机,


就需要让Docker守护进程监听一个端口,这样才能实现远程通信。

修改docker守护进程启动选项

​	-H	tcp://host:port

​	unix:///path/to/sockt			//默认守护进程配置

​	fd://* or fd://socktfd

[root@docker /]# docker daemon -H tcp://0.0.0.0:2375
Command "daemon" is deprecated, and will be removed in Docker 1.16. Please run `dockerd` directly.
Error starting daemon: pid file found, ensure docker is not running or delete /var/run/docker.pid

docker daemon -H tcp://0.0.0.0:2375 -H 

编辑/usr/lib/systemd/system/docker.service,配置远程访问。主要是在[Service]这个部分,添加下列参数:


[root@docker /]# cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service
Requires=docker-cleanup.timer

[Service]
Type=notify
NotifyAccess=main
EnvironmentFile=-/run/containers/registries.conf
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current \
          --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
          --default-runtime=docker-runc \
          --exec-opt native.cgroupdriver=systemd \
          --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
          --init-path=/usr/libexec/docker/docker-init-current \
          --seccomp-profile=/etc/docker/seccomp.json \
          -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock \
          $OPTIONS \
          $DOCKER_STORAGE_OPTIONS \
          $DOCKER_NETWORK_OPTIONS \
          $ADD_REGISTRY \
          $BLOCK_REGISTRY \
          $INSECURE_REGISTRY \
	  $REGISTRIES
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
KillMode=process

[Install]
WantedBy=multi-user.target

[root@docker /]# systemctl daemon-reload
[root@docker /]# systemctl restart docker
[root@docker /]# 


[root@docker /]# netstat -na | grep 2375
tcp6       0      0 :::2375                 :::*                    LISTEN     
[root@docker /]# 

 

你可能感兴趣的:(docker)