第九章 Docker安裝及配置
第九章 Docker安裝及配置
1、Docker簡介
官網檢視
2、Docker安裝(CentOS)
2.1 系統要求OS requirements
To install Docker Engine, you need a maintained version of CentOS 7. Archived versions aren’t supported or tested.
安裝Docker引擎,需要CentOS 7穩定版本。不支援存檔版本
#檢視系統版本命令
#uname–a#檢視核心版本,應高於3.10
#cat/etc/redhat-release #檢視centos版本
The centos-extras repository must be enabled. This repository is enabled by default, but if you have disabled it, you need to re-enable it.
必須啟用centos-extras儲存庫。預設情況下,此儲存庫已啟用,但如果已禁用,則需要重新啟用它。
The overlay2 storage driver is recommended.
建議使用overlay2儲存驅動程式。
2.2 解除安裝舊版本Uninstall old versions
Older versions of Docker were called docker or docker-engine. If these are installed, uninstall them, along with associated dependencies.
舊版本的Docker稱為Docker或Docker引擎。如果已經安裝了,請解除安裝它們,包括相關的依賴項。
解除安裝指令如下,在命令列執行即可:
$ sudo yum remove docker \ docker-client \ docker-client-latest \ docker-common \ docker-latest \ docker-latest-logrotate \ docker-logrotate \ docker-engine
It’s OK if yum reports that none of these packages are installed.
如果報告這些軟體包都沒有安裝,那就沒問題了。
The contents of /var/lib/docker/, including images, containers, volumes, and networks, are preserved. The Docker Engine package is now called docker-ce.
/var/lib/docker/資料夾中的的內容將被保留(包括映象、容器、卷和網路)。Docker引擎包現在稱為Docker-ce。
2.3 安裝方法Installation methods
You can install Docker Engine in different ways, depending on your needs:
你可以根據自己的需求選擇不同的方式安裝Docker引擎
- Most users set up Docker’s repositories and install from them, for ease of installation and upgrade tasks. This is the recommended approach.多數使用者建立Docker的儲存庫並從中安裝,以便於安裝和升級任務。這是推薦的方法
- Some users download the RPM package and install it manually and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet.一些使用者下載RPM包並手動安裝,完全手動管理升級。這在一些情況下是有用的,比如在沒有網際網路接入的系統上安裝Docker。
- In testing and development environments, some users choose to use automated convenience scripts to install Docker.在測試和開發環境中,一些使用者選擇使用自動化的便利指令碼來安裝Docker
2.3.1 Install using the repository使用儲存庫安裝
Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.
首次在新主機上安裝Docker引擎,需要設定Docker儲存庫。之後,您可以從儲存庫安裝和更新Docker。
2.3.1.1 SET UP THE REPOSITORY設定儲存庫
Install the yum-utils package (which provides the yum-config-manager utility) and set up the stable repository.
安裝yum-utils包(它提供了yum-config-manager實用程式)並設定穩定的儲存庫。
#下載依賴軟體包
$ sudo yum install -y yum-utils
【注意】如果使用非root使用者可能出現以下錯誤
xxx is not in the sudoers file. This incident will be reported.
解決辦法:
首先使用root使用者修改vi/etc/sudoers檔案,找到如下所示的片段:
su root
vi /etc/sudoers
在root ALL=(ALL) ALL下新增(01node是使用者):
01node ALL=(ALL) ALL
再次使用01node使用者登入即可:
su 01node
#設定穩定的儲存庫
$ sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
2.3.1.2 INSTALL DOCKER ENGINE安裝Docker引擎
- Install the latest version of Docker Engine and containerd, or go to the next step to install a specific version:安裝最新版本的Docker引擎和容器,或轉到下一步安裝具體版本:
$ sudo yum install docker-ce docker-ce-cli containerd.io
執行過程中輸入兩個y
If prompted to accept the GPG key, verify that the fingerprint matches 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35, and if so, accept it.如果提示接受GPG 金鑰,請選是。
【注意】Got multiple Docker repositories?有多個Docker 倉庫嗎?
If you have multiple Docker repositories enabled, installing or updating without specifying a version in the yum install or yum update command always installs the highest possible version, which may not be appropriate for your stability needs.如果啟用了多個docker 容器,在yum install 或者yum update 命令下安裝或者更新沒有制定版本,會預設安裝現有的最高版本,這可能會影響你對穩定性的需求
Docker is installed but not started. The docker group is created, but no users are added to the group.Docker已安裝但尚未啟動。Docker組已建立,但沒有使用者新增到該組。
查詢docker安裝版本資訊:
#sudo docker version
2.To install a specific version of Docker Engine, list the available versions in the repo, then select and install:要安裝特定版本的Docker Engine,請在儲存庫中列出可用版本,然後選擇並安裝:
a)List and sort the versions available in your repo. This example sorts results by version number, highest to lowest, and is truncated:列出並排序您儲存庫中可用的版本。本示例按版本號(從高到低)對結果進行排序:
$ yum list docker-ce --showduplicates | sort -r
The list returned depends on which repositories are enabled, and is specific to your version of CentOS (indicated by the .el7 suffix in this example).返回的列表取決於啟用的儲存庫,並且特定於您的CentOS版本(在此示例中由.el7字尾指示)
b)Install a specific version by its fully qualified package name, which is the package name (docker-ce) plus the version string (2nd column) starting at the first colon (:), up to the first hyphen, separated by a hyphen (-). For example, docker-ce-18.09.1.通過其完整的軟體包名稱安裝特定版本,該軟體包名稱是軟體包名稱(docker-ce)加上版本字串(第二列),從第一個冒號(:)一直到第一個連字元,並用連字元(-)分隔。例如:docker-ce-18.09.1。
$ sudo yum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io
Docker is installed but not started. The docker group is created, but no users are added to the group.
3.Start Docker.啟動Docker
$ sudo systemctl start docker
此時通過命令sudo docker version可以檢視到:
Verify that Docker Engine is installed correctly by running the hello-world image.
通過執行hello-world鏡像來驗證Docker Engine是否已正確安裝。
$ sudo docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.
此命令下載測試影象並在容器中執行它。容器執行時,它會列印參考訊息並退出。
上述執行過程解釋:
Unable to find image 'hello-world:latest' locally
判斷本地沒有'hello-world:latest'映象
latest: Pulling from library/hello-world
去官方倉庫拉取該映象
1b930d010525: Pull complete
Digest: sha256:f9dfddf63636d84ef479d645ab5885156ae030f611a56f3a7ac7f2fdd86d7e4e
Status: Downloaded newer image for hello-world:latest
拉取映象成功
接下來啟動該容器,該容器展示了下面的內容資訊,也標誌著docker安裝完成
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.(amd64)
3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
通過命令dockerimagels可以看到倉庫裡面已經有了helloworld映象:
通過命令docker container ls –a可以看到helloworld容器已經存在
Docker Engine is installed and running. You need to use sudo to run Docker commands. Continue to Linux postinstall to allow non-privileged users to run Docker commands and for other optional configuration steps.
Docker Engine已安裝並正在執行。您需要使用sudo執行Docker命令。 繼續進行Linux後續安裝,以允許非特權使用者執行Docker命令以及其他可選配置步驟。
2.3.1.3 UPGRADE DOCKER ENGINE更新Docker引擎
To upgrade Docker Engine, follow the installation instructions, choosing the new version you want to install.要升級Docker Engine,請按照安裝說明進行操作,選擇要安裝的新版本。
2.3.2 Install from a package
If you cannot use Docker’s repository to install Docker, you can download the .rpm file for your release and install it manually. You need to download a new file each time you want to upgrade Docker Engine.
1、Go to https://download.docker.com/linux/centos/ and choose your version of CentOS. Then browse to x86_64/stable/Packages/ and download the .rpm file for the Docker version you want to install.
Note: To install a nightly or test (pre-release) package, change the word stable in the above URL to nightly or test. Learn about nightly and test channels.
2、Install Docker Engine, changing the path below to the path where you downloaded the Docker package.
$ sudo yum install /path/to/package.rpm
Docker is installed but not started. The docker group is created, but no users are added to the group.
3、Start Docker.
$ sudo systemctl start docker
4、Verify that Docker Engine is installed correctly by running the hello-world image.
$ sudo docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.
Docker Engine is installed and running. You need to use sudo to run Docker commands. Continue to Post-installation steps for Linux to allow non-privileged users to run Docker commands and for other optional configuration steps.
UPGRADE DOCKER ENGINE
To upgrade Docker Engine, download the newer package file and repeat the installation procedure, using yum -y upgrade instead of yum -y install, and pointing to the new file.
2.3.3 Install using the convenience script
Docker provides convenience scripts at get.docker.com and test.docker.com for installing edge and testing versions of Docker Engine - Community into development environments quickly and non-interactively. The source code for the scripts is in the docker-install repository. Using these scripts is not recommended for production environments, and you should understand the potential risks before you use them:
The scripts require root or sudo privileges to run. Therefore, you should carefully examine and audit the scripts before running them.
- The scripts attempt to detect your Linux distribution and version and configure your package management system for you. In addition, the scripts do not allow you to customize any installation parameters. This may lead to an unsupported configuration, either from Docker’s point of view or from your own organization’s guidelines and standards.
- The scripts install all dependencies and recommendations of the package manager without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine.
- The script does not provide options to specify which version of Docker to install, and installs the latest version that is released in the “edge” channel.
- Do not use the convenience script if Docker has already been installed on the host machine using another mechanism.
- This example uses the script at get.docker.com to install the latest release of Docker Engine - Community on Linux. To install the latest testing version, use test.docker.com instead. In each of the commands below, replace each occurrence of get with test.
Warning:
Always examine scripts downloaded from the internet before running them locally.
$ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
<output truncated>
If you would like to use Docker as a non-root user, you should now consider adding your user to the “docker” group with something like:
sudo usermod -aG docker your-user
Remember to log out and back in for this to take effect!
Warning:
Adding a user to the “docker” group grants them the ability to run containers which can be used to obtain root privileges on the Docker host. Refer to Docker Daemon Attack Surface for more information.
Docker Engine - Community is installed. It starts automatically on DEB-based distributions. On RPM-based distributions, you need to start it manually using the appropriate systemctl or service command. As the message indicates, non-root users can’t run Docker commands by default.
Note:
To install Docker without root privileges, see Run the Docker daemon as a non-root user (Rootless mode).
Rootless mode is currently available as an experimental feature.
UPGRADE DOCKER AFTER USING THE CONVENIENCE SCRIPT
If you installed Docker using the convenience script, you should upgrade Docker using your package manager directly. There is no advantage to re-running the convenience script, and it can cause issues if it attempts to re-add repositories which have already been added to the host machine.
2.4 解除安裝Docker引擎Uninstall Docker Engine
1、Uninstall the Docker Engine, CLI, and Containerd packages:
$ sudo yum remove docker-ce docker-ce-cli containerd.io
2、Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:
$ sudo rm -rf /var/lib/docker
You must delete any edited configuration files manually.
3、Linux的安裝後步驟Post-installation steps for Linux
This section contains optional procedures for configuring Linux hosts to work better with Docker.
該配置過程時可選的,能讓linux主機更好地與Docker容器配合使用
3.1 使用非root使用者管理DockerManage Docker as a non-root user
The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The Docker daemon always runs as the root user.
Docker守護程式繫結到Unix套接字而不是TCP埠。 預設情況下,Unix套接字是由root使用者擁有的,其他使用者只能使用sudo訪問它。 Docker守護程式始終以root使用者身份執行。
If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.
如果您不想以sudo作為docker命令的開頭,請建立一個名為docker的Unix組並將使用者新增到其中。 Docker守護程式啟動時,它將建立一個可由Docker組成員訪問的Unix套接字。
Warning
The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.
Docker組授予與root使用者同等的權利。 有關這如何影響系統安全性的詳細資訊,請參閱Docker Daemon Attack Surface。
Note:
To run Docker without root privileges, see Run the Docker daemon as a non-root user (Rootless mode).
Rootless mode is currently available as an experimental feature.
要在非root許可權的情況下執行Docker,請參閱以非root使用者身份執行Docker守護程式(Rootless mode)。
Rootless mode目前可作為實驗功能。
To create the docker group and add your user:
新增Docker組和你的使用者
1、Create the docker group.
其實在安裝Docker時已經預設建立了docker組,通過vim/etc/group命令拉到最底下可以看到
如果沒有,可以通過命令建立組:
$ sudo groupadd docker
2、Add your user to the docker group.
$ sudo usermod -aG 01node $USER
3、Log out and log back in so that your group membership is re-evaluated.
登出並重新登入,以便重新評估您的組成員身份。
If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect.
如果在虛擬機器上進行測試,則可能需要重新啟動虛擬機器以使更改生效。
$ reboot
On a desktop Linux environment such as X Windows, log out of your session completely and then log back in.
在臺式機Linux環境(例如X Windows)上,完全登出會話,然後重新登入。
On Linux, you can also run the following command to activate the changes to groups:
在Linux上,您還可以執行以下命令來啟用對組的更改:
3.2 配置開機自啟動Configure Docker to start on boot
Most current Linux distributions (RHEL, CentOS, Fedora, Ubuntu 16.04 and higher) use systemd to manage which services start when the system boots.
當前大多數Linux發行版(RHEL,CentOS,Fedora,Ubuntu 16.04和更高版本)都使用systemd來管理系統啟動時啟動的服務。
3.2.1 system
使用systemd設定自啟動:
$ sudo systemctl enable docker
To disable this behavior, use disable instead.
$ sudo systemctl disable docker
3.3 配置映象源
檢視docker相關資訊,啟動docker:sudo systemctl start docker
$ docker info
儲存庫的地址為國外地址,拉取資料的時候會比較慢,所以我們來配置一個國內地址。
進入網站:silvanheheheh
https://promotion.aliyun.com/ntms/act/kubernetes.html
1. 安裝/升級Docker客戶端
已完成
2. 配置映象加速器
針對Docker客戶端版本大於 1.10.0 的使用者
您可以通過修改daemon配置檔案/etc/docker/daemon.json來使用加速器
#已存在不需要建立
mkdir -p /etc/docker
#建立daemon.json檔案並新增內容,使用root使用者會更方便
tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://65mjd02h.mirror.aliyuncs.com"] }
EOF
#載入daemon
systemctl daemon-reload
#重啟docker服務
systemctl restart docker
dockerinfo能看到多了一個倉庫源:
4、在Docker中安裝Hadoop
5、在Docker中安裝Spark
6、附docker基本命令
docker build -t friendlyhello . # Create image using this directory's Dockerfile
docker run -p 4000:80 friendlyhello # Run "friendlyhello" mapping port 4000 to 80
docker run -d -p 4000:80 friendlyhello # Same thing, but in detached mode
docker container ls # List all running containers
docker container ls -a # List all containers, even those not running
docker container stop <hash> # Gracefully stop the specified container
docker container kill <hash> # Force shutdown of the specified container
docker container rm <hash> # Remove specified container from this machine
docker container rm $(docker container ls -a -q) # Remove all containers
docker image ls -a # List all images on this machine
docker image rm <image id> # Remove specified image from this machine
docker image rm $(docker image ls -a -q) # Remove all images from this machine
docker login # Log in this CLI session using your Docker credentials
docker tag <image> username/repository:tag # Tag <image> for upload to registry
docker push username/repository:tag # Upload tagged image to registry
docker run username/repository:tag # Run image from a registry
$ sudo docker run hello-world