CentOS7.2 安装Docker

Docker 要求 CentOS 系统的内核版本高于 3.10 ，查看本页面的前提条件来验证你的CentOS 版本是否支持 Docker 。

通过 uname -r 命令查看你当前的内核版本

[root@localhost /]# uname -r
3.10.0-327.el7.x86_64

Docker 软件包和依赖包已经包含在默认的 CentOS-Extras 软件源里，安装命令如下:

yum -y install docker

启动docker:

[root@localhost /]# systemctl start docker
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.

查看具体错误信息：

[root@localhost /]# systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 五 2018-04-20 06:50:52 CST; 3min 57s ago
     Docs: http://docs.docker.com
  Process: 44005 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
 Main PID: 44005 (code=exited, status=1/FAILURE)

4月 20 06:50:50 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
4月 20 06:50:50 localhost.localdomain dockerd-current[44005]: time="2018-04-20T06:50:50.921964698+08:00" level=warning msg="could not ...ound"
4月 20 06:50:50 localhost.localdomain dockerd-current[44005]: time="2018-04-20T06:50:50.927241794+08:00" level=info msg="libcontainerd...4010"
4月 20 06:50:51 localhost.localdomain dockerd-current[44005]: time="2018-04-20T06:50:51.936045098+08:00" level=warning msg="overlay2: the b...
4月 20 06:50:52 localhost.localdomain dockerd-current[44005]: Error starting daemon: SELinux is not supported with the overlay2 graph ...alse)
4月 20 06:50:52 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
4月 20 06:50:52 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
4月 20 06:50:52 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
4月 20 06:50:52 localhost.localdomain systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

可以看出错误信息

Error starting daemon: SELinux is not supported with the overlay2 graph ...alse)
此linux的内核中的SELinux不支持 overlay2 graph driver ，解决方法有两个，要么启动一个新内核，要么就在docker里禁用selinux，--selinux-enabled=false

[root@localhost /]# vi /etc/sysconfig/docker

修改配置：

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
    DOCKER_CERT_PATH=/etc/docker
fi

# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# from the atomic-registries package.
#

在--selinux-enabled后面添加=false即可！

重新启动docker

[root@localhost /]# service docker start
Redirecting to /bin/systemctl start docker.service
[root@localhost /]# docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 1.13.1
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: false
 Native Overlay Diff: false
Logging Driver: journald
Cgroup Driver: systemd
Plugins: 
 Volume: local
 Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: docker-runc runc
Default Runtime: docker-runc
Init Binary: docker-init
containerd version:  (expected: aa8187dbd3b7ad67d8e5e3a15115d3eef43a7ed1)
runc version: N/A (expected: 9df8b306d01f59d3a8029be411de015b7304dd8f)
init version: N/A (expected: 949e6facb77383876aeff8a6944dde66b3089574)
Security Options:
 seccomp
  WARNING: You're not using the default seccomp profile
  Profile: /etc/docker/seccomp.json
Kernel Version: 3.10.0-327.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 1
Total Memory: 977.9 MiB
Name: localhost.localdomain
ID: 2QP3:PYDM:BLLS:P5QS:QGJN:N7GK:DAKV:ZWFG:FW54:FHS4:FCAN:6NR4
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Registries: docker.io (secure)

测试运行hello-world

[root@localhost /]# docker run hello-world
Unable to find image 'hello-world:latest' locally
Trying to pull repository docker.io/library/hello-world ...
latest: Pulling from docker.io/library/hello-world
/usr/bin/docker-current: Get https://registry-1.docker.io/v2/library/hello-world/manifests/sha256:d5c74e6f8efc7bdf42a5e22bd764400692cf82360d86b8c587a7584b03f51520: Get https://auth.docker.io/token?scope=repository%3Alibrary%2Fhello-world%3Apull&service=registry.docker.io: net/http: request canceled (Client.Timeout exceeded while awaiting headers).
See '/usr/bin/docker-current run --help'.
[root@localhost /]# docker run hello-world
Unable to find image 'hello-world:latest' locally
Trying to pull repository docker.io/library/hello-world ...
latest: Pulling from docker.io/library/hello-world
9bb5a5d4561a: Pull complete
Digest: sha256:f5233545e43561214ca4891fd1157e1c3c563316ed8e237750d59bde73361e77
Status: Downloaded newer image for docker.io/hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/

启动重启命令：

[hongdada@localhost home]$ systemctl stop docker.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: root
Password: 
==== AUTHENTICATION COMPLETE ===
[hongdada@localhost home]$ systemctl restart docker.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: root
Password: 
==== AUTHENTICATION COMPLETE ===
[hongdada@localhost home]$ systemctl status docker.service
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since 五 2018-04-20 08:11:34 CST; 12s ago
     Docs: http://docs.docker.com
 Main PID: 51878 (dockerd-current)
   CGroup: /system.slice/docker.service
           ├─51878 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-cu...
           └─51883 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-con...