docker部署
使用官方安装脚本自动安装
安装命令如下:
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
也可以使用国内 daocloud 一键安装命令:
curl -sSL https://get.daocloud.io/docker | sh
[root@mcw1 /application]$ curl -sSL https://get.daocloud.io/docker | sh # Executing docker install script, commit: 93d2499759296ac1f9c510605fef85052a2c32be + sh -c 'yum install -y -q yum-utils' Package yum-utils-1.1.31-54.el7_8.noarch already installed and latest version + sh -c 'yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo' Loaded plugins: fastestmirror adding repo from: https://download.docker.com/linux/centos/docker-ce.repo grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo repo saved to /etc/yum.repos.d/docker-ce.repo + '[' stable '!=' stable ']' + sh -c 'yum makecache' Loaded plugins: fastestmirror base | 3.6 kB 00:00:00 docker-ce-stable | 3.5 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/11): base/7/x86_64/other_db | 2.6 MB 00:00:03 (2/11): epel/x86_64/prestodelta | 447 B 00:00:00 (3/11): epel/x86_64/other_db | 3.3 MB 00:00:06 (4/11): extras/7/x86_64/filelists_db | 259 kB 00:00:00 (5/11): extras/7/x86_64/other_db | 145 kB 00:00:00 (6/11): base/7/x86_64/filelists_db | 7.2 MB 00:00:11 (7/11): updates/7/x86_64/other_db | 903 kB 00:00:02 (8/11): epel/x86_64/filelists_db | 12 MB 00:00:15 (9/11): updates/7/x86_64/filelists_db | 7.0 MB 00:00:08 (10/11): docker-ce-stable/7/x86_64/other_db | 122 kB 00:00:18 (11/11): docker-ce-stable/7/x86_64/filelists_db | 29 kB 00:00:25 Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Metadata Cache Created + '[' -n '' ']' + sh -c 'yum install -y -q docker-ce' No Presto metadata available for base No Presto metadata available for updates warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/docker-ce-20.10.12-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY Public key for docker-ce-20.10.12-3.el7.x86_64.rpm is not installed Importing GPG key 0x621E9F35: Userid : "Docker Release (CE rpm) <docker@docker.com>" Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35 From : https://download.docker.com/linux/centos/gpg setsebool: SELinux is disabled. + version_gte 20.10 + '[' -z '' ']' + return 0 + sh -c 'yum install -y -q docker-ce-rootless-extras' Package docker-ce-rootless-extras-20.10.12-3.el7.x86_64 already installed and latest version ================================================================================ To run Docker as a non-privileged user, consider setting up the Docker daemon in rootless mode for your user: dockerd-rootless-setuptool.sh install Visit https://docs.docker.com/go/rootless/ to learn about rootless mode. To run the Docker daemon as a fully privileged service, but granting non-root users access, refer to https://docs.docker.com/go/daemon-access/ WARNING: Access to the remote API on a privileged Docker daemon is equivalent to root access on the host. Refer to the 'Docker daemon attack surface' documentation for details: https://docs.docker.com/go/attack-surface/ ================================================================================
#!/bin/sh set -e # Docker CE for Linux installation script # # See https://docs.docker.com/engine/install/ for the installation steps. # # This script is meant for quick & easy install via: # $ curl -fsSL https://get.docker.com -o get-docker.sh # $ sh get-docker.sh # # For test builds (ie. release candidates): # $ curl -fsSL https://test.docker.com -o test-docker.sh # $ sh test-docker.sh # # NOTE: Make sure to verify the contents of the script # you downloaded matches the contents of install.sh # located at https://github.com/docker/docker-install # before executing. # # Git commit from https://github.com/docker/docker-install when # the script was uploaded (Should only be modified by upload job): SCRIPT_COMMIT_SHA="1d97565eca92bb523082b7d4f530c74104e05d35" # strip "v" prefix if present VERSION="${VERSION#v}" # The channel to install from: # * nightly # * test # * stable # * edge (deprecated) DEFAULT_CHANNEL_VALUE="stable" if [ -z "$CHANNEL" ]; then CHANNEL=$DEFAULT_CHANNEL_VALUE fi DEFAULT_DOWNLOAD_URL="https://download.docker.com" if [ -z "$DOWNLOAD_URL" ]; then DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL fi DEFAULT_REPO_FILE="docker-ce.repo" if [ -z "$REPO_FILE" ]; then REPO_FILE="$DEFAULT_REPO_FILE" fi mirror='' DRY_RUN=${DRY_RUN:-} while [ $# -gt 0 ]; do case "$1" in --mirror) mirror="$2" shift ;; --dry-run) DRY_RUN=1 ;; --*) echo "Illegal option $1" ;; esac shift $(( $# > 0 ? 1 : 0 )) done case "$mirror" in Aliyun) DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce" ;; AzureChinaCloud) DOWNLOAD_URL="https://mirror.azure.cn/docker-ce" ;; esac command_exists() { command -v "$@" > /dev/null 2>&1 } # version_gte checks if the version specified in $VERSION is at least # the given CalVer (YY.MM) version. returns 0 (success) if $VERSION is either # unset (=latest) or newer or equal than the specified version. Returns 1 (fail) # otherwise. # # examples: # # VERSION=20.10 # version_gte 20.10 // 0 (success) # version_gte 19.03 // 0 (success) # version_gte 21.10 // 1 (fail) version_gte() { if [ -z "$VERSION" ]; then return 0 fi eval calver_compare "$VERSION" "$1" } # calver_compare compares two CalVer (YY.MM) version strings. returns 0 (success) # if version A is newer or equal than version B, or 1 (fail) otherwise. Patch # releases and pre-release (-alpha/-beta) are not taken into account # # examples: # # calver_compare 20.10 19.03 // 0 (success) # calver_compare 20.10 20.10 // 0 (success) # calver_compare 19.03 20.10 // 1 (fail) calver_compare() ( set +x yy_a="$(echo "$1" | cut -d'.' -f1)" yy_b="$(echo "$2" | cut -d'.' -f1)" if [ "$yy_a" -lt "$yy_b" ]; then return 1 fi if [ "$yy_a" -gt "$yy_b" ]; then return 0 fi mm_a="$(echo "$1" | cut -d'.' -f2)" mm_b="$(echo "$2" | cut -d'.' -f2)" if [ "${mm_a#0}" -lt "${mm_b#0}" ]; then return 1 fi return 0 ) is_dry_run() { if [ -z "$DRY_RUN" ]; then return 1 else return 0 fi } is_wsl() { case "$(uname -r)" in *microsoft* ) true ;; # WSL 2 *Microsoft* ) true ;; # WSL 1 * ) false;; esac } is_darwin() { case "$(uname -s)" in *darwin* ) true ;; *Darwin* ) true ;; * ) false;; esac } deprecation_notice() { distro=$1 distro_version=$2 echo printf "\033[91;1mDEPRECATION WARNING\033[0m\n" printf " This Linux distribution (\033[1m%s %s\033[0m) reached end-of-life and is no longer supported by this script.\n" "$distro" "$distro_version" echo " No updates or security fixes will be released for this distribution, and users are recommended" echo " to upgrade to a currently maintained version of $distro." echo printf "Press \033[1mCtrl+C\033[0m now to abort this script, or wait for the installation to continue." echo sleep 10 } get_distribution() { lsb_dist="" # Every system that we officially support has /etc/os-release if [ -r /etc/os-release ]; then lsb_dist="$(. /etc/os-release && echo "$ID")" fi # Returning an empty string here should be alright since the # case statements don't act unless you provide an actual value echo "$lsb_dist" } echo_docker_as_nonroot() { if is_dry_run; then return fi if command_exists docker && [ -e /var/run/docker.sock ]; then ( set -x $sh_c 'docker version' ) || true fi # intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output echo echo "================================================================================" echo if version_gte "20.10"; then echo "To run Docker as a non-privileged user, consider setting up the" echo "Docker daemon in rootless mode for your user:" echo echo " dockerd-rootless-setuptool.sh install" echo echo "Visit https://docs.docker.com/go/rootless/ to learn about rootless mode." echo fi echo echo "To run the Docker daemon as a fully privileged service, but granting non-root" echo "users access, refer to https://docs.docker.com/go/daemon-access/" echo echo "WARNING: Access to the remote API on a privileged Docker daemon is equivalent" echo " to root access on the host. Refer to the 'Docker daemon attack surface'" echo " documentation for details: https://docs.docker.com/go/attack-surface/" echo echo "================================================================================" echo } # Check if this is a forked Linux distro check_forked() { # Check for lsb_release command existence, it usually exists in forked distros if command_exists lsb_release; then # Check if the `-u` option is supported set +e lsb_release -a -u > /dev/null 2>&1 lsb_release_exit_code=$? set -e # Check if the command has exited successfully, it means we're in a forked distro if [ "$lsb_release_exit_code" = "0" ]; then # Print info about current distro cat <<-EOF You're using '$lsb_dist' version '$dist_version'. EOF # Get the upstream release info lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]') dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]') # Print info about upstream distro cat <<-EOF Upstream release is '$lsb_dist' version '$dist_version'. EOF else if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then if [ "$lsb_dist" = "osmc" ]; then # OSMC runs Raspbian lsb_dist=raspbian else # We're Debian and don't even know it! lsb_dist=debian fi dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" case "$dist_version" in 11) dist_version="bullseye" ;; 10) dist_version="buster" ;; 9) dist_version="stretch" ;; 8) dist_version="jessie" ;; esac fi fi fi } do_install() { echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA" if command_exists docker; then cat >&2 <<-'EOF' Warning: the "docker" command appears to already exist on this system. If you already have Docker installed, this script can cause trouble, which is why we're displaying this warning and provide the opportunity to cancel the installation. If you installed the current Docker package using this script and are using it again to update Docker, you can safely ignore this message. You may press Ctrl+C now to abort this script. EOF ( set -x; sleep 20 ) fi user="$(id -un 2>/dev/null || true)" sh_c='sh -c' if [ "$user" != 'root' ]; then if command_exists sudo; then sh_c='sudo -E sh -c' elif command_exists su; then sh_c='su -c' else cat >&2 <<-'EOF' Error: this installer needs the ability to run commands as root. We are unable to find either "sudo" or "su" available to make this happen. EOF exit 1 fi fi if is_dry_run; then sh_c="echo" fi # perform some very rudimentary platform detection lsb_dist=$( get_distribution ) lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')" if is_wsl; then echo echo "WSL DETECTED: We recommend using Docker Desktop for Windows." echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop" echo cat >&2 <<-'EOF' You may press Ctrl+C now to abort this script. EOF ( set -x; sleep 20 ) fi case "$lsb_dist" in ubuntu) if command_exists lsb_release; then dist_version="$(lsb_release --codename | cut -f2)" fi if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")" fi ;; debian|raspbian) dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')" case "$dist_version" in 11) dist_version="bullseye" ;; 10) dist_version="buster" ;; 9) dist_version="stretch" ;; 8) dist_version="jessie" ;; esac ;; centos|rhel|sles) if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then dist_version="$(. /etc/os-release && echo "$VERSION_ID")" fi ;; *) if command_exists lsb_release; then dist_version="$(lsb_release --release | cut -f2)" fi if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then dist_version="$(. /etc/os-release && echo "$VERSION_ID")" fi ;; esac # Check if this is a forked Linux distro check_forked # Print deprecation warnings for distro versions that recently reached EOL, # but may still be commonly used (especially LTS versions). case "$lsb_dist.$dist_version" in debian.stretch|debian.jessie) deprecation_notice "$lsb_dist" "$dist_version" ;; raspbian.stretch|raspbian.jessie) deprecation_notice "$lsb_dist" "$dist_version" ;; ubuntu.xenial|ubuntu.trusty) deprecation_notice "$lsb_dist" "$dist_version" ;; fedora.*) if [ "$dist_version" -lt 33 ]; then deprecation_notice "$lsb_dist" "$dist_version" fi ;; esac # Run setup for each distro accordingly case "$lsb_dist" in ubuntu|debian|raspbian) pre_reqs="apt-transport-https ca-certificates curl" if ! command -v gpg > /dev/null; then pre_reqs="$pre_reqs gnupg" fi apt_repo="deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL" ( if ! is_dry_run; then set -x fi $sh_c 'apt-get update -qq >/dev/null' $sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null" $sh_c 'mkdir -p /etc/apt/keyrings && chmod -R 0755 /etc/apt/keyrings' $sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg" $sh_c "chmod a+r /etc/apt/keyrings/docker.gpg" $sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list" $sh_c 'apt-get update -qq >/dev/null' ) pkg_version="" if [ -n "$VERSION" ]; then if is_dry_run; then echo "# WARNING: VERSION pinning is not supported in DRY_RUN" else # Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g")" search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3" pkg_version="$($sh_c "$search_command")" echo "INFO: Searching repository for VERSION '$VERSION'" echo "INFO: $search_command" if [ -z "$pkg_version" ]; then echo echo "ERROR: '$VERSION' not found amongst apt-cache madison results" echo exit 1 fi if version_gte "18.09"; then search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3" echo "INFO: $search_command" cli_pkg_version="=$($sh_c "$search_command")" fi pkg_version="=$pkg_version" fi fi ( pkgs="docker-ce${pkg_version%=}" if version_gte "18.09"; then # older versions didn't ship the cli and containerd as separate packages pkgs="$pkgs docker-ce-cli${cli_pkg_version%=} containerd.io" fi if version_gte "20.10"; then pkgs="$pkgs docker-compose-plugin" fi if version_gte "20.10" && [ "$(uname -m)" = "x86_64" ]; then # also install the latest version of the "docker scan" cli-plugin (only supported on x86 currently) pkgs="$pkgs docker-scan-plugin" fi # TODO(thaJeztah) remove the $CHANNEL check once 22.06 and docker-buildx-plugin is published to the "stable" channel if [ "$CHANNEL" = "test" ] && version_gte "22.06"; then pkgs="$pkgs docker-buildx-plugin" fi if ! is_dry_run; then set -x fi $sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends $pkgs >/dev/null" if version_gte "20.10"; then # Install docker-ce-rootless-extras without "--no-install-recommends", so as to install slirp4netns when available $sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce-rootless-extras${pkg_version%=} >/dev/null" fi ) echo_docker_as_nonroot exit 0 ;; centos|fedora|rhel) if [ "$(uname -m)" != "s390x" ] && [ "$lsb_dist" = "rhel" ]; then echo "Packages for RHEL are currently only available for s390x." exit 1 fi if [ "$lsb_dist" = "fedora" ]; then pkg_manager="dnf" config_manager="dnf config-manager" enable_channel_flag="--set-enabled" disable_channel_flag="--set-disabled" pre_reqs="dnf-plugins-core" pkg_suffix="fc$dist_version" else pkg_manager="yum" config_manager="yum-config-manager" enable_channel_flag="--enable" disable_channel_flag="--disable" pre_reqs="yum-utils" pkg_suffix="el" fi repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE" ( if ! is_dry_run; then set -x fi $sh_c "$pkg_manager install -y -q $pre_reqs" $sh_c "$config_manager --add-repo $repo_file_url" if [ "$CHANNEL" != "stable" ]; then $sh_c "$config_manager $disable_channel_flag docker-ce-*" $sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL" fi $sh_c "$pkg_manager makecache" ) pkg_version="" if [ -n "$VERSION" ]; then if is_dry_run; then echo "# WARNING: VERSION pinning is not supported in DRY_RUN" else pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix" search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'" pkg_version="$($sh_c "$search_command")" echo "INFO: Searching repository for VERSION '$VERSION'" echo "INFO: $search_command" if [ -z "$pkg_version" ]; then echo echo "ERROR: '$VERSION' not found amongst $pkg_manager list results" echo exit 1 fi if version_gte "18.09"; then # older versions don't support a cli package search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'" cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)" fi # Cut out the epoch and prefix with a '-' pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)" fi fi ( pkgs="docker-ce$pkg_version" if version_gte "18.09"; then # older versions didn't ship the cli and containerd as separate packages if [ -n "$cli_pkg_version" ]; then pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io" else pkgs="$pkgs docker-ce-cli containerd.io" fi fi if version_gte "20.10" && [ "$(uname -m)" = "x86_64" ]; then # also install the latest version of the "docker scan" cli-plugin (only supported on x86 currently) pkgs="$pkgs docker-scan-plugin" fi if version_gte "20.10"; then pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version" fi # TODO(thaJeztah) remove the $CHANNEL check once 22.06 and docker-buildx-plugin is published to the "stable" channel if [ "$CHANNEL" = "test" ] && version_gte "22.06"; then pkgs="$pkgs docker-buildx-plugin" fi if ! is_dry_run; then set -x fi $sh_c "$pkg_manager install -y -q $pkgs" ) echo_docker_as_nonroot exit 0 ;; sles) if [ "$(uname -m)" != "s390x" ]; then echo "Packages for SLES are currently only available for s390x" exit 1 fi if [ "$dist_version" = "15.3" ]; then sles_version="SLE_15_SP3" else sles_minor_version="${dist_version##*.}" sles_version="15.$sles_minor_version" fi opensuse_repo="https://download.opensuse.org/repositories/security:SELinux/$sles_version/security:SELinux.repo" repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE" pre_reqs="ca-certificates curl libseccomp2 awk" ( if ! is_dry_run; then set -x fi $sh_c "zypper install -y $pre_reqs" $sh_c "zypper addrepo $repo_file_url" if ! is_dry_run; then cat >&2 <<-'EOF' WARNING!! openSUSE repository (https://download.opensuse.org/repositories/security:SELinux) will be enabled now. Do you wish to continue? You may press Ctrl+C now to abort this script. EOF ( set -x; sleep 30 ) fi $sh_c "zypper addrepo $opensuse_repo" $sh_c "zypper --gpg-auto-import-keys refresh" $sh_c "zypper lr -d" ) pkg_version="" if [ -n "$VERSION" ]; then if is_dry_run; then echo "# WARNING: VERSION pinning is not supported in DRY_RUN" else pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g")" search_command="zypper search -s --match-exact 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'" pkg_version="$($sh_c "$search_command")" echo "INFO: Searching repository for VERSION '$VERSION'" echo "INFO: $search_command" if [ -z "$pkg_version" ]; then echo echo "ERROR: '$VERSION' not found amongst zypper list results" echo exit 1 fi search_command="zypper search -s --match-exact 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'" # It's okay for cli_pkg_version to be blank, since older versions don't support a cli package cli_pkg_version="$($sh_c "$search_command")" pkg_version="-$pkg_version" search_command="zypper search -s --match-exact 'docker-ce-rootless-extras' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'" rootless_pkg_version="$($sh_c "$search_command")" rootless_pkg_version="-$rootless_pkg_version" fi fi ( pkgs="docker-ce$pkg_version" if version_gte "18.09"; then if [ -n "$cli_pkg_version" ]; then # older versions didn't ship the cli and containerd as separate packages pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io" else pkgs="$pkgs docker-ce-cli containerd.io" fi fi if version_gte "20.10"; then pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version" fi # TODO(thaJeztah) remove the $CHANNEL check once 22.06 and docker-buildx-plugin is published to the "stable" channel if [ "$CHANNEL" = "test" ] && version_gte "22.06"; then pkgs="$pkgs docker-buildx-plugin" fi if ! is_dry_run; then set -x fi $sh_c "zypper -q install -y $pkgs" ) echo_docker_as_nonroot exit 0 ;; *) if [ -z "$lsb_dist" ]; then if is_darwin; then echo echo "ERROR: Unsupported operating system 'macOS'" echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop" echo exit 1 fi fi echo echo "ERROR: Unsupported distribution '$lsb_dist'" echo exit 1 ;; esac exit 1 } # wrapped up in a function so that we have some protection against only getting # half the file during "curl | sh" do_install
[root@mcw1 /application]$ which docker #查看docker命令位置
/usr/bin/docker
[root@mcw1 /application]$ rpm -qa|grep docker #查看安装后的包
docker-ce-rootless-extras-20.10.12-3.el7.x86_64
docker-ce-cli-20.10.12-3.el7.x86_64
docker-ce-20.10.12-3.el7.x86_64
docker-scan-plugin-0.12.0-3.el7.x86_64
[root@mcw1 /application]$ rpm -ql docker-ce #查看包的安装位置
/usr/bin/docker-init
/usr/bin/docker-proxy
/usr/bin/dockerd
/usr/lib/systemd/system/docker.service
/usr/lib/systemd/system/docker.socket
[root@mcw1 /application]$ rpm -ql docker-ce-cli #查看包的安装位置
/usr/bin/docker
/usr/libexec/docker/cli-plugins/docker-app
/usr/libexec/docker/cli-plugins/docker-buildx
/usr/share/bash-completion/completions/docker
/usr/share/doc/docker-ce-cli-20.10.12
/usr/share/doc/docker-ce-cli-20.10.12/LICENSE
/usr/share/doc/docker-ce-cli-20.10.12/MAINTAINERS
/usr/share/doc/docker-ce-cli-20.10.12/NOTICE
/usr/share/doc/docker-ce-cli-20.10.12/README.md
/usr/share/fish/vendor_completions.d/docker.fish
/usr/share/man/man1/docker-attach.1.gz
/usr/share/man/man1/docker-build.1.gz
[root@mcw1 /application]$ docker #查看docker的帮助信息
Usage: docker [OPTIONS] COMMAND
A self-sufficient runtime for containers
Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit
Management Commands:
app* Docker App (Docker Inc., v0.9.1-beta3)
builder Manage builds
buildx* Docker Buildx (Docker Inc., v0.7.1-docker)
config Manage Docker configs
container Manage containers
context Manage contexts
image Manage images
manifest Manage Docker image manifests and manifest lists
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
scan* Docker Scan (Docker Inc., v0.12.0)
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
trust Manage trust on Docker images
volume Manage volumes
Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes
Run 'docker COMMAND --help' for more information on a command.
To get more help with docker, check out our guides at https://docs.docker.com/go/guides/
[root@mcw1 /application]$ ps -ef|grep docker #查看刚刚安装上docker的情况
root 6344 1370 0 07:45 pts/0 00:00:00 grep --color=auto docker
[root@mcw1 /application]$ systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: https://docs.docker.com
部署docker 全一点的笔记
curl -sSL https://get.daocloud.io/docker | sh
ystemctl status docker
systemctl start docker
ls /etc/docker
echo '{"registry-mirrors":["https://reg-mirror.qiniu.com/"]}' >>/etc/docker/daemon.json
systemctl daemon-reload
systemctl restart docker
ps -ef|grep docker
[root@mcw4 ~]$ curl -sSL https://get.daocloud.io/docker | sh # Executing docker install script, commit: 93d2499759296ac1f9c510605fef85052a2c32be + sh -c 'yum install -y -q yum-utils' To run the Docker daemon as a fully privileged service, but granting non-root users access, refer to https://docs.docker.com/go/daemon-access/ WARNING: Access to the remote API on a privileged Docker daemon is equivalent to root access on the host. Refer to the 'Docker daemon attack surface' documentation for details: https://docs.docker.com/go/attack-surface/ ================================================================================ [root@mcw4 ~]$ ps -ef|grep docker root 3312 2493 0 11:53 pts/0 00:00:00 grep --color=auto docker [root@mcw4 ~]$ vim /etc/ Display all 194 possibilities? (y or n) [root@mcw4 ~]$ vim /etc/docker/daemon.json [root@mcw4 ~]$ ls /etc/docker ls: cannot access /etc/docker: No such file or directory [root@mcw4 ~]$ rpm -qa|grep docker docker-ce-rootless-extras-20.10.12-3.el7.x86_64 docker-ce-20.10.12-3.el7.x86_64 docker-ce-cli-20.10.12-3.el7.x86_64 docker-scan-plugin-0.12.0-3.el7.x86_64 [root@mcw4 ~]$ [root@mcw4 ~]$ [root@mcw4 ~]$ systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://docs.docker.com [root@mcw4 ~]$ systemctl start docker [root@mcw4 ~]$ ls /etc/docker key.json [root@mcw4 ~]$ echo '{"registry-mirrors":["https://reg-mirror.qiniu.com/"]}' /etc/docker/daemon.json {"registry-mirrors":["https://reg-mirror.qiniu.com/"]} /etc/docker/daemon.json [root@mcw4 ~]$ echo '{"registry-mirrors":["https://reg-mirror.qiniu.com/"]}' >>/etc/docker/daemon.json [root@mcw4 ~]$ systemctl daemon-reload [root@mcw4 ~]$ systemctl restart docker [root@mcw4 ~]$ ps -ef|grep docker root 3649 1 0 11:59 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock root 3782 2493 0 11:59 pts/0 00:00:00 grep --color=auto docker [root@mcw4 ~]$
镜像加速器
加速器这里有:https://www.runoob.com/docker/docker-mirror-acceleration.html
Ubuntu16.04+、Debian8+、CentOS7
对于使用 systemd 的系统,请在 /etc/docker/daemon.json 中写入如下内容(如果文件不存在请新建该文件):
{"registry-mirrors":["https://hub-mirror.c.163.com/"]} #用这个吧,下面那个好像慢,回头验证是不是它的问题,像蜗牛,耽误我好长时间
{"registry-mirrors":["https://reg-mirror.qiniu.com/"]}
添加之后需要重新启动服务:
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
[root@mcw1 /application]$ docker run ubuntu:15.10 /bin/echo "Hello world"#运行docker容器,但是docker daemon还没起
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.
[root@mcw1 /application]$ systemctl start docker.service #启动docker服务,这就是docker daemon
[root@mcw1 /application]$ ps -ef|grep docker
root 6506 1 2 07:51 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 6660 1370 0 07:51 pts/0 00:00:00 grep --color=auto docker
/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock #这是容器服务进程吧,是不是可以直接用这个命令启动呢?
可以多用几个加速,一个不行换另一个加速
{"registry-mirrors":["https://reg-mirror.qiniu.com/","https://docker.mirrors.ustc.edu.cn/","https://hub-mirror.c.163.com/"]}
运行第一个容器
[root@mcw1 /application]$ docker run -d -p 8080 httpd #运行容器
Unable to find image 'httpd:latest' locally
latest: Pulling from library/httpd
a2abf6c4d29d: Pull complete
dcc4698797c8: Pull complete
41c22baa66ec: Pull complete
67283bbdd4a0: Pull complete
d982c879c57e: Pull complete
Digest: sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32
Status: Downloaded newer image for httpd:latest
106809b6c9df7f7675efc4515eae856324ebe3cc84742a560eb97fe52a76723e
ERRO[0044] error waiting for container: context canceled
[root@mcw1 /application]$
[root@mcw1 /application]$ docker ps #查看容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
106809b6c9df httpd "httpd-foreground" 2 minutes ago Up 2 minutes 80/tcp, 0.0.0.0:49153->8080/tcp, :::49153->8080/tcp friendly_dijkstra
刚刚弄错了:停掉容器重启
[root@mcw1 /application]$ docker run -d -p 80:80 httpd
c8b617d91943185a4239a817ab5f62267494531686a032db0ac28b3190765f5f
[root@mcw1 /application]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c8b617d91943 httpd "httpd-foreground" 11 seconds ago Up 8 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp sweet_curran
页面正常访问:
docker服务器
1、docker daemon
查看docker daemon 启动文件,启动文件中有执行启动的命令
[root@mcw1 /application]$ cat /usr/lib/systemd/system/docker.service|grep -i execstart
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
[root@mcw1 /application]$ ps -ef|grep docker
root 7025 1 0 08:24 ? 00:00:09 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
2、重启docker daemon
[root@mcw1 /application]$ systemctl daemon-reload
[root@mcw1 /application]$ systemctl restart docker.service
重启之后,之前运行的docker可能停掉
[root@mcw1 /application]$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c8b617d91943 httpd "httpd-foreground" 23 minutes ago Exited (0) 25 seconds ago sweet_curran
重新启动一下
[root@mcw1 /application]$ docker start c8b6
c8b6
[root@mcw1 /application]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c8b617d91943 httpd "httpd-foreground" 24 minutes ago Up 7 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp sweet_curran
启动容器之后,可以看到两个运行的docker-proxy服务,指向的容器ip和端口是一样的
[root@mcw1 /application]$ ps -ef|grep docker
root 7879 1 0 08:56 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 8031 7879 0 08:57 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.2 -container-port 80
root 8035 7879 0 08:57 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.17.0.2 -container-port 80
root 8225 1370 1 08:59 pts/0 00:00:00 grep --color=auto docker
3、修改docker允许远程客户端请求。-H与远程服务器通信,info子命令查看docker服务器信息
默认只能响应本地HOst客户端请求
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0#--containerd=/run/containerd/containerd.sock
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.soc #修改为这样也行
mcw1上未修改时,连不上服务端
mcw1访问:
[root@mcw1 /application]$ docker -H 127.0.0.1:2375 info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
scan: Docker Scan (Docker Inc., v0.12.0)
Server:
ERROR: Cannot connect to the Docker daemon at tcp://127.0.0.1:2375. Is the docker daemon running?
errors pretty printing info
mcw2访问mcw1
[root@mcw2 ~]# docker 10.0.0.131 info
docker: '10.0.0.131' is not a docker command.
See 'docker --help'
[root@mcw2 ~]# docker -H 10.0.0.131 info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
scan: Docker Scan (Docker Inc., v0.12.0)
Server:
ERROR: Cannot connect to the Docker daemon at tcp://10.0.0.131:2375. Is the docker daemon running?
errors pretty printing info
mcw1修改重启后
[root@mcw1 /application]$ vim /usr/lib/systemd/system/docker.service
[root@mcw1 /application]$ systemctl daemon-reload
[root@mcw1 /application]$ systemctl restart docker.service
[root@mcw1 /application]$
[root@mcw1 /application]$
[root@mcw1 /application]$ ps -ef|grep docker
root 8338 1 1 09:03 ? 00:00:00 /usr/bin/dockerd -H fd:// -H tcp://0.0.0.0#--containerd=/run/containerd/containerd.sock
root 8473 1370 0 09:04 pts/0 00:00:00 grep --color=auto docker
[root@mcw1 /application]$ grep -i execstart /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0#--containerd=/run/containerd/containerd.sock
修改后mcw1访问,有数据,有容器信息
root@mcw1 /application]$ docker -H 127.0.0.1 info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
scan: Docker Scan (Docker Inc., v0.12.0)
Server:
Containers: 2
Running: 0
Paused: 0
Stopped: 2
Images: 1
Server Version: 20.10.12
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux
Default Runtime: runc
Init Binary: docker-init
containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-693.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 976.3MiB
Name: mcw1
ID: XBZE:DN6Z:UQMS:2FCM:YSA4:XZFO:EPFV:LVET:UP3V:OJFK:WLGF:7Q64
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://hub-mirror.c.163.com/
Live Restore Enabled: false
WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/go/attack-surface/
修改后mcw2也能访问到
[root@mcw2 ~]# docker -H 10.0.0.131 info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
scan: Docker Scan (Docker Inc., v0.12.0)
Server:
Containers: 2
Running: 0
Paused: 0
Stopped: 2
Images: 1
Server Version: 20.10.12
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc version: v1.0.2-0-g52b36a2
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-693.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 976.3MiB
Name: mcw1
ID: XBZE:DN6Z:UQMS:2FCM:YSA4:XZFO:EPFV:LVET:UP3V:OJFK:WLGF:7Q64
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://hub-mirror.c.163.com/
Live Restore Enabled: false
WARNING: API is accessible on http://0.0.0.0:2375 without encryption.
Access to the remote API is equivalent to root access on the host. Refer
to the 'Docker daemon attack surface' section in the documentation for
more information: https://docs.docker.com/go/attack-surface/
[root@mcw2 ~]#
4、docker有很多子命令。除了用docker命令工具,还可以用rest api与服务端通信。用python调用
前提是要修改启动文件,支持远程连接docker服务端
pip install docker
from docker import APIClient c = APIClient(base_url='tcp://10.0.0.131:2375') print(c.version())
其它
查看运行的容器
[root@mcw1 /application]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c8b617d91943 httpd "httpd-foreground" 24 hours ago Up 16 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp sweet_curran
[root@mcw1 /application]$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c8b617d91943 httpd "httpd-foreground" 25 hours ago Up 16 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp sweet_curran
查看容器镜像
[root@mcw1 /application]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
httpd latest dabbfbe0c57b 3 days ago 144MB
查看docker 启动文件
[root@mcw1 ~/mcwdocker]$ cat /usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket containerd.service [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0 --containerd=/run/containerd/containerd.sock --insecure-registry 10.0.0.131:5000 ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process OOMScoreAdjust=-500 [Install] WantedBy=multi-user.target
