Docker Remote API配置与使用
Docker Remote API配置与使用
Docker 常见端口
| 端口 | 作用 |
|---|---|
| 2375 | 未加密的docker socket,远程root无密码访问主机 |
| 2376 | tls加密套接字,很可能这是您的CI服务器4243端口作为https 443端口的修改 |
| 2377 | 群集模式套接字,适用于群集管理器,不适用于docker客户端 |
| 5000 | docker注册服务 |
| 4789/7946 | 覆盖网络 |
Docker Remote API开启
-
“unix:///var/run/docker.sock”:unix socket,本地客户端将通过这个来连接 Docker Daemon
-
“tcp://0.0.0.0:2375”:tcp socket,表示允许任何远程客户端通过 2375 端口连接 Docker Daemon
-
/usr/lib/systemd/system/docker.service,配置远程访问:
-H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
# 主要是在[Service]这个部分
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# 重启
systemctl daemon-reload
systemctl restart docker
- 修改
daemon.json的配置
# 修改/etc/docker/daemon.json
{
"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
}
# 使用这种方式,需要去掉/usr/lib/systemd/system/docker.service中关于 -H的选项,否则会报错
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock
- 查看开启后的端口监听状态
[root@VM-0-3-centos ~]# ss -tunlp | grep docker
tcp LISTEN 0 128 [::]:2375 [::]:* users:(("dockerd",pid=2974,fd=9))
Docker Remote API使用
Docker 客户端使用
- -H为连接目标主机docker服务
- 查看docker版本
[root@VM-0-3-centos ~]# docker -H tcp://0.0.0.0:2375 version
Client:
Version: 20.10.16
API version: 1.41
Go version: go1.17.10
Git commit: aa7e414
Built: Thu May 12 09:14:28 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:03:33 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
- 查看镜像包
[root@VM-0-3-centos ~]# docker -H tcp://0.0.0.0:2375 image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
centos 7 eeb6ee3f44bd 19 months ago 204MB
busybox 1.28 8c811b4aec35 4 years ago 1.15MB
Docker Remote API使用
官方提供API链接:https://docs.docker.com/engine/api/
Docker Remote API是一个取代远程命令行界面(rcli)的REST API。本文中,我们将使用命令行工具cURL来处理url相关操作。cURL可以发送请求、获取以及发送数据、检索信息
- 容器列表 获取所有容器的清单:GET /containers/json
- 创建新容器。命令如下:POST /containers/create
- 监控容器。使用容器id获取该容器底层信息:GET /containers/(id)/json
- 进程列表。获取容器内进程的清单:GET /containers/(id)/top
- 容器日志。获取容器的标准输出和错误日志:GET /containers/(id)/logs
- 导出容器。导出容器内容:GET /containers/(id)/export
- 启动容器。如下:POST /containers/(id)/start
- 停止容器。命令如下:POST /containers/(id)/stop
- 重启容器,如下:POST /containers/(id)/restart
- 终止容器:POST /containers/(id)/kill
# 获取容器信息
[root@VM-0-3-centos ~]# curl localhost:2375/containers/json
[{"Id":"1f91c52e2e09ec95cf0b0b00cc4c2e0b7cc61abe310dabf8d04d8d16dc69062d","Names":["/busy_visvesvaraya"],"Image":"busybox","ImageID":"sha256:7cfbbec8963d8f13e6c70416d6592e1cc10f47a348131290a55d43c3acab3fb9","Command":"sleep 10000","Created":1681625640,"Ports":[],"Labels":{},"State":"running","Status":"Up 2 seconds","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"b5c5f41568a8ba0385567dfa4e36d100c8341766a28c5dee56b56886521d2b2f","EndpointID":"b81b5b01ba1aa52961b18de8071783e1c3b6d57fbed9cc9380fa2ef0ab117dcf","Gateway":"172.18.0.1","IPAddress":"172.18.0.4","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:12:00:04","DriverOpts":null}}},"Mounts":[]},{"Id":"5f3af0db7d04a007993ac661b50dca3275037a9575c63b374e4837336eba3f48","Names":["/trusting_liskov"],"Image":"busybox","ImageID":"sha256:7cfbbec8963d8f13e6c70416d6592e1cc10f47a348131290a55d43c3acab3fb9","Command":"sleep 10000","Created":1681625639,"Ports":[],"Labels":{},"State":"running","Status":"Up 3 seconds","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"b5c5f41568a8ba0385567dfa4e36d100c8341766a28c5dee56b56886521d2b2f","EndpointID":"a8f618d7b5b7ef0bb09ad05cc8b04b806fc72d7f274e7d63d71ae4f06695faf4","Gateway":"172.18.0.1","IPAddress":"172.18.0.3","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:12:00:03","DriverOpts":null}}},"Mounts":[]},{"Id":"4d0b96d44e2acc067c7b32c45a20afc5f5dceade8afb2097f6cf41666296da7e","Names":["/bold_einstein"],"Image":"busybox","ImageID":"sha256:7cfbbec8963d8f13e6c70416d6592e1cc10f47a348131290a55d43c3acab3fb9","Command":"sleep 10000","Created":1681625637,"Ports":[],"Labels":{},"State":"running","Status":"Up 5 seconds","HostConfig":{"NetworkMode":"default"},"NetworkSettings":{"Networks":{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"b5c5f41568a8ba0385567dfa4e36d100c8341766a28c5dee56b56886521d2b2f","EndpointID":"91945b28dbfd8f7ac888024eba27d807fdc62fbd8926d1fc4ca6f63ed2c4903a","Gateway":"172.18.0.1","IPAddress":"172.18.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:12:00:02","DriverOpts":null}}},"Mounts":[]}]