一 Docker 版本選擇
Docker之前沒有區分版本,但是2017年初推出(將docker更名為)新的項目Moby,github地址:https://github.com/moby/moby,Moby項目屬於Docker項目的全新上游Docker將是一個隸屬於Moby的子產品,而且之后的版本開始區分為CE版本(社區版本)和EE(企業收費版),CE社區版本和EE企業版本都是每個季度發布一個新版本,但是EE版本提供后期安全維護1年,而CE版本是4個月。
與kubernetes結合使用的時候,要安裝經過kubernetes官方測試通過的docker版本,避免出現不兼容等未知的及不可預估的問題發生,juberbetes測試過的docker版本可以在github查詢,具體如下:
https://github.com/kubernetes/kubernetes/blob/master/build/dependencies.yaml
二 Docker安裝
官方文檔: https://docs.docker.com/engine/install/
2.1 ubuntu安裝docker
2.1.1 安裝docker依賴
root@ubuntu:~# apt-get -y install apt-transport-https ca-certificates curl software-properties-common2.1.2 安裝GPG證書
root@ubuntu:~# curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
OK2.1.3 寫入軟件源信息
root@ubuntu:~# add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"2.1.4 查找docker-ce版本
點擊查看代碼
root@ubuntu:~# apt-cache madison docker-ce
docker-ce | 5:20.10.10~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.9~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.8~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.7~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.6~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.5~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.4~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.3~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.2~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.1~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:20.10.0~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.15~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.14~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.13~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.12~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.11~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.10~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.9~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.8~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.7~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.6~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.5~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.4~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.3~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.2~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.1~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:19.03.0~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.9~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.8~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.7~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.6~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.5~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.4~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.3~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.2~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.1~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.0~3-0~ubuntu-bionic | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.06.3~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.06.2~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.06.1~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.06.0~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.03.1~ce~3-0~ubuntu | http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 Packages2.1.5 安裝docker-ce
apt-get install docker-ce docker-ce-cli containerd.io點擊查看代碼
root@ubuntu:~# apt-get -y install docker-ce=5:19.03.15~3-0~ubuntu-bionic
After this operation, 391 MB of additional disk space will be used.
Get:1 http://mirrors.ucloud.cn/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]
Get:2 http://mirrors.ucloud.cn/ubuntu bionic/universe amd64 aufs-tools amd64 1:4.9+20170918-1ubuntu1 [104 kB]
Get:3 http://mirrors.ucloud.cn/ubuntu bionic/universe amd64 cgroupfs-mount all 1.4 [6,320 B]
Get:4 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 containerd.io amd64 1.4.11-1 [23.7 MB]
Get:5 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:20.10.10~3-0~ubuntu-bionic [38.8 MB]
Get:6 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:19.03.15~3-0~ubuntu-bionic [22.8 MB]
Get:7 http://mirrors.aliyun.com/docker-ce/linux/ubuntu bionic/stable amd64 docker-scan-plugin amd64 0.9.0~ubuntu-bionic [3,518 kB]
Selecting previously unselected package pigz.
(Reading database ... 77629 files and directories currently installed.)
Preparing to unpack .../0-pigz_2.4-1_amd64.deb ...
Unpacking pigz (2.4-1) ...
Selecting previously unselected package aufs-tools.
Preparing to unpack .../1-aufs-tools_1%3a4.9+20170918-1ubuntu1_amd64.deb ...
Unpacking aufs-tools (1:4.9+20170918-1ubuntu1) ...
Selecting previously unselected package cgroupfs-mount.
Preparing to unpack .../2-cgroupfs-mount_1.4_all.deb ...
Unpacking cgroupfs-mount (1.4) ...
Selecting previously unselected package containerd.io.
Preparing to unpack .../3-containerd.io_1.4.11-1_amd64.deb ...
Unpacking containerd.io (1.4.11-1) ...
Selecting previously unselected package docker-ce-cli.
Preparing to unpack .../4-docker-ce-cli_5%3a20.10.10~3-0~ubuntu-bionic_amd64.deb ...
Unpacking docker-ce-cli (5:20.10.10~3-0~ubuntu-bionic) ...
Selecting previously unselected package docker-ce.
Preparing to unpack .../5-docker-ce_5%3a19.03.15~3-0~ubuntu-bionic_amd64.deb ...
Unpacking docker-ce (5:19.03.15~3-0~ubuntu-bionic) ...
Selecting previously unselected package docker-scan-plugin.
Preparing to unpack .../6-docker-scan-plugin_0.9.0~ubuntu-bionic_amd64.deb ...
Unpacking docker-scan-plugin (0.9.0~ubuntu-bionic) ...
Setting up aufs-tools (1:4.9+20170918-1ubuntu1) ...
Setting up containerd.io (1.4.11-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
Setting up docker-scan-plugin (0.9.0~ubuntu-bionic) ...
Setting up cgroupfs-mount (1.4) ...
Setting up docker-ce-cli (5:20.10.10~3-0~ubuntu-bionic) ...
Setting up pigz (2.4-1) ...
Setting up docker-ce (5:19.03.15~3-0~ubuntu-bionic) ...
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Processing triggers for libc-bin (2.27-3ubuntu1.4) ...
Processing triggers for systemd (237-3ubuntu10.51) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for ureadahead (0.100.0-21) ...2.1.5 刪除docker-ce
root@ubuntu:~# apt-get purge docker-ce docker-ce-cli containerd.io
root@ubuntu:~# rm -rf /var/lib/docker
root@ubuntu:~# rm -rf /var/lib/containerd2.2 二進制安裝docker
2.2.1 創建docker組
root@ubuntu:~# groupadd docker2.2.2 下載docker二進制包
root@ubuntu:/opt# wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.9.tgz
root@ubuntu:/opt# tar xf docker-20.10.9.tgz
root@ubuntu:/opt# cp docker/* /usr/bin/2.2.3 准備containerd.service文件
root@ubuntu:/opt# cat /lib/systemd/system/containerd.service
# Copyright The containerd Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
2.2.4 准備docker.service
root@ubuntu:/opt# cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
2.2.5 准備docker.socket
root@ubuntu:/opt# cat /lib/systemd/system/docker.socket
[Unit]
Description=Docker Socket for the API
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
2.2.6 設置docker開機啟動
root@ubuntu:/opt# systemctl enable containerd.service Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
root@ubuntu:/opt# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
root@ubuntu:/opt# systemctl start docker
root@ubuntu:/opt# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-11-08 18:10:08 CST; 8min ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 926 (dockerd)
Tasks: 9
Memory: 72.5M
CGroup: /system.slice/docker.service
└─926 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
2.2.7 驗證docker信息
root@ubuntu:/opt# docker version Client: Version: 20.10.9 API version: 1.41 Go version: go1.16.8 Git commit: c2ea9bc Built: Mon Oct 4 16:03:22 2021 OS/Arch: linux/amd64 Context: default Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.9
API version: 1.41 (minimum version 1.12)
Go version: go1.16.8
Git commit: 79ea9d3
Built: Mon Oct 4 16:07:30 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.4.11
GitCommit: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
2.3 centos7安裝docker
2.3.1 刪除舊版本
[root@centos7.2 ~]# yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine2.3.2 安裝依賴
[root@centos7.2 ~]# yum install -y yum-utils device-mapper-persistent-data lvm22.3.3 設置源
[root@centos7.2 ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo2.3.4 更新並安裝docker-ce
[root@centos7.2 ~]# yum makecache fast
[root@centos7.2 ~]# yum -y install docker-ce三 查看docker相關信息
3.1 查看docker版本
點擊查看代碼
root@ubuntu:~# docker version Client: Docker Engine - Community Version: 20.10.10 API version: 1.40 Go version: go1.16.9 Git commit: b485636 Built: Mon Oct 25 07:42:57 2021 OS/Arch: linux/amd64 Context: default Experimental: true
Server: Docker Engine - Community
Engine:
Version: 19.03.15
API version: 1.40 (minimum version 1.12)
Go version: go1.13.15
Git commit: 99e3ed8919
Built: Sat Jan 30 03:15:20 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.11
GitCommit: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.18.0
GitCommit: fec3683
3.2 查看docker詳細信息
點擊查看代碼
root@ubuntu:~# docker info Client: Context: default Debug Mode: false Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.6.3-docker) scan: Docker Scan (Docker Inc., v0.9.0)Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.15
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc version: v1.0.2-0-g52b36a2
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-161-generic
Operating System: Ubuntu 18.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 985MiB
Name: ubuntu
ID: SCQL:4CVE:RNUG:KOSE:P3QB:I3WQ:5C5Z:VD6X:ESEQ:6NPV:TARW:KFOM
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
3.3 查看docker網卡信息
點擊查看代碼
root@ubuntu:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1452 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:87:29:22 brd ff:ff:ff:ff:ff:ff
inet 172.16.10.248/24 brd 172.16.10.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe87:2922/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:14:9a:a1:3e brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever3.4 docker 存儲引擎
3.4.1 docker 存儲引擎簡介
目前docker的默認存儲引擎為overlay2,不同的存儲引擎需要相應的系統支持,如需要磁盤分區的時候傳遞d-type文件分層功能,即需要傳遞內核參數開啟格式化磁盤的時候指定功能。
存儲驅動類型:
- AUFS(AnotherUnionFS)是一種Union FS,是文件級的存儲驅動。所謂Union FS就是吧不同物理位置的目錄合並mount到同一個目錄中。簡單來說就是支持將不同目錄掛載到同一個虛擬文件系統下的文件系統。這種文件系統可以一層一層地疊加修改文件。無論地下多少層都是只讀的,只有最上層的文件系統是可寫的,當需要修改一個文件時,AUFS創建該文件副本,使用COW將文件從只讀層復制到可寫層進行修改,結果也保存在可寫層。在Docker中,底下的只讀層就是image,可寫層就是container,是Docker 18.06及更早版本的首選存儲驅動程序.
- Overlay: 一種Union FS文件系統,Linux內核3.18后支持。
- overlay2:Overlay的升級版,到目前為止,所有linux發行版推薦使用的存儲類型。
- devicemapper:是centos和rhel的推薦存儲驅動程序,因為之前的內核版本不支持overlay2,但是當前較新版本的centos和rhel現在已經支持overlay2,因此推薦使用overlay2.
- ZFS/btrfs:目前沒有廣泛使用。
- vfs:用於測試環境,適用於無法使用copy-on-write文件系統的情況。此存儲驅動程序的性能很差,通常不建議用於生產。
3.4.2 修改docker存儲引擎
官方文檔:https://docs.docker.com/storage/storagedriver/overlayfs-driver/
如果docker數據目錄是一塊單獨的磁盤分區而且是xfs格式的,需要在格式化的時候加上參數-n ftype=1,否則后期在啟動容器的時候會報錯不支持d-type。
修改存儲引擎會導致所有容器丟失,所以先備份在修改。
root@ubuntu:~# vim /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -s overlay2 -H fd:// --containerd=/run/containerd/containerd.sock
root@ubuntu:~# systemctl daemon-relaod
root@ubuntu:~# systemctl restart docker
四 docker服務進程
4.1 查看宿主機進程樹
點擊查看代碼
root@ubuntu:~# pstree -p
systemd(1)─┬─ModemManager(1031)─┬─{ModemManager}(1058)
│ └─{ModemManager}(1062)
├─NetworkManager(1018)─┬─{NetworkManager}(1074)
│ └─{NetworkManager}(1077)
├─accounts-daemon(1029)─┬─{accounts-daemon}(1037)
│ └─{accounts-daemon}(1046)
├─agetty(1132)
├─atd(1024)
├─ceph-crash(1025)
├─chronyd(1103)
├─containerd(7510)─┬─containerd-shim(11079)─┬─sh(11106)
│ │ ├─{containerd-shim}(11080)
│ │ ├─{containerd-shim}(11081)
│ │ ├─{containerd-shim}(11082)
│ │ ├─{containerd-shim}(11083)
│ │ ├─{containerd-shim}(11084)
│ │ ├─{containerd-shim}(11085)
│ │ ├─{containerd-shim}(11086)
│ │ └─{containerd-shim}(11087)
│ ├─{containerd}(7514)
│ ├─{containerd}(7515)
│ ├─{containerd}(7516)
│ ├─{containerd}(7517)
│ ├─{containerd}(7529)
│ ├─{containerd}(7530)
│ ├─{containerd}(7546)
│ └─{containerd}(9800)
├─cron(1028)
├─dbus-daemon(988)
├─dockerd(9151)─┬─docker-proxy(11074)─┬─{docker-proxy}(11075)
│ │ ├─{docker-proxy}(11076)
│ │ ├─{docker-proxy}(11077)
│ │ └─{docker-proxy}(11078)
│ ├─{dockerd}(9171)
│ ├─{dockerd}(9172)
│ ├─{dockerd}(9173)
│ ├─{dockerd}(9174)
│ ├─{dockerd}(9180)
│ ├─{dockerd}(9181)
│ ├─{dockerd}(9204)
│ ├─{dockerd}(9682)
│ └─{dockerd}(9696)4.2 查看containerd進程關系
docker相關的四個進程
- dockerd:服務器程序,被client直接訪問,其父進程為宿主機的systemd守護進程。
- docker-proxy:每個進程docker-proxy實現對應一個需要網絡通信的容器,管理宿主機和容器之間端口映射,其父進程為dockerd,如果容器不需要網絡則不需啟動。
- containerd:被docker進程調用以實現與runc交互。
- containerd-shim:真正運行容器的載體,每個容器對應一個conntainerd-shim進程,其父進程為containerd
點擊查看代碼
root@ubuntu:~# ps -ef | grep containerd root 7510 1 0 13:14 ? 00:00:16 /usr/bin/containerd root 9151 1 0 14:07 ? 00:00:04 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock root 11079 7510 0 16:45 ? 00:00:00 containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/427f20a455226581ee9724fe01872ac1a91b9a2499c500b15c0ec20f9d433ec2 -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
root@ubuntu:~# ps -ef | grep docker-proxy
root 11074 9151 0 16:45 ? 00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.17.0.2 -container-port 9000
4.3 容器的創建與管理過程
- dockerd通過grpc和containerd模塊通信,dockerd由libcontainerd負責和containerd進行交換,dockerd和containerd通信socket文件:/var/run/containerd/containerd.sock。
- containerd在dockerd啟動時被啟動,然后containerd啟動grpc請求監聽,containerd處理grpc請求,根據請求做相應動作。
- 若是run,start或是exec容器,containerd拉起一個container-shim,並進行相應的操作。
- container-shim被拉起后,start/exec/create拉起runC進程,通過exit、control文件和containerd通信,通過父子進程關系和SIGCHLD監控容器中進程狀態。
- 在整個容器生命周期中,containerd通過epoll監控容器文件,監控容器事件。