第九章 Docker安裝及配置
1、Docker簡介
官網查看
2、Docker安裝(CentOS)
2.1 系統要求OS requirements
To install Docker Engine, you need a maintained version of CentOS 7. Archived versions aren’t supported or tested.
安裝Docker引擎,需要CentOS 7穩定版本。不支持存檔版本
#查看系統版本命令
#uname –a #查看內核版本,應高於3.10
#cat /etc/redhat-release #查看centos版本
The centos-extras repository must be enabled. This repository is enabled by default, but if you have disabled it, you need to re-enable it.
必須啟用centos-extras存儲庫。默認情況下,此存儲庫已啟用,但如果已禁用,則需要重新啟用它。
The overlay2 storage driver is recommended.
建議使用overlay2存儲驅動程序。
2.2 卸載舊版本Uninstall old versions
Older versions of Docker were called docker or docker-engine. If these are installed, uninstall them, along with associated dependencies.
舊版本的Docker稱為Docker或Docker引擎。如果已經安裝了,請卸載它們,包括相關的依賴項。
卸載指令如下,在命令行執行即可:
$ sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
It’s OK if yum reports that none of these packages are installed.
如果報告這些軟件包都沒有安裝,那就沒問題了。
The contents of /var/lib/docker/, including images, containers, volumes, and networks, are preserved. The Docker Engine package is now called docker-ce.
/var/lib/docker/文件夾中的的內容將被保留(包括鏡像、容器、卷和網絡)。Docker引擎包現在稱為Docker-ce。
2.3 安裝方法Installation methods
You can install Docker Engine in different ways, depending on your needs:
你可以根據自己的需求選擇不同的方式安裝Docker引擎
- Most users set up Docker’s repositories and install from them, for ease of installation and upgrade tasks. This is the recommended approach. 多數用戶建立Docker的存儲庫並從中安裝,以便於安裝和升級任務。這是推薦的方法
- Some users download the RPM package and install it manually and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet. 一些用戶下載RPM包並手動安裝,完全手動管理升級。這在一些情況下是有用的,比如在沒有互聯網接入的系統上安裝Docker。
- In testing and development environments, some users choose to use automated convenience scripts to install Docker. 在測試和開發環境中,一些用戶選擇使用自動化的便利腳本來安裝Docker
2.3.1 Install using the repository使用存儲庫安裝
Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.
首次在新主機上安裝Docker引擎,需要設置Docker存儲庫。之后,您可以從存儲庫安裝和更新Docker。
2.3.1.1 SET UP THE REPOSITORY設置存儲庫
Install the yum-utils package (which provides the yum-config-manager utility) and set up the stable repository.
安裝yum-utils包(它提供了yum-config-manager實用程序)並設置穩定的存儲庫。
#下載依賴軟件包
$ sudo yum install -y yum-utils
【注意】如果使用非root用戶可能出現以下錯誤
xxx is not in the sudoers file. This incident will be reported.
解決辦法:
首先使用root用戶修改vi /etc/sudoers文件,找到如下所示的片段:
su root
vi /etc/sudoers
在root ALL=(ALL) ALL下添加(01node是用戶):
01node ALL=(ALL) ALL
再次使用01node用戶登錄即可:
su 01node
#設置穩定的存儲庫
$ sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
2.3.1.2 INSTALL DOCKER ENGINE安裝Docker引擎
- Install the latest version of Docker Engine and containerd, or go to the next step to install a specific version: 安裝最新版本的Docker引擎和容器,或轉到下一步安裝具體版本:
$ sudo yum install docker-ce docker-ce-cli containerd.io
執行過程中輸入兩個y
If prompted to accept the GPG key, verify that the fingerprint matches 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35, and if so, accept it. 如果提示接受 GPG 密鑰,請選是。
【注意】Got multiple Docker repositories? 有多個 Docker 倉庫嗎?
If you have multiple Docker repositories enabled, installing or updating without specifying a version in the yum install or yum update command always installs the highest possible version, which may not be appropriate for your stability needs. 如果啟用了多個docker 容器,在yum install 或者yum update 命令下安裝或者更新沒有制定版本,會默認安裝現有的最高版本,這可能會影響你對穩定性的需求
Docker is installed but not started. The docker group is created, but no users are added to the group.Docker已安裝但尚未啟動。Docker組已創建,但沒有用戶添加到該組。
查詢docker安裝版本信息:
#sudo docker version
2.To install a specific version of Docker Engine, list the available versions in the repo, then select and install:要安裝特定版本的Docker Engine,請在存儲庫中列出可用版本,然后選擇並安裝:
a) List and sort the versions available in your repo. This example sorts results by version number, highest to lowest, and is truncated: 列出並排序您存儲庫中可用的版本。 本示例按版本號(從高到低)對結果進行排序:
$ yum list docker-ce --showduplicates | sort -r
The list returned depends on which repositories are enabled, and is specific to your version of CentOS (indicated by the .el7 suffix in this example).返回的列表取決於啟用的存儲庫,並且特定於您的CentOS版本(在此示例中由.el7后綴指示)
b) Install a specific version by its fully qualified package name, which is the package name (docker-ce) plus the version string (2nd column) starting at the first colon (:), up to the first hyphen, separated by a hyphen (-). For example, docker-ce-18.09.1. 通過其完整的軟件包名稱安裝特定版本,該軟件包名稱是軟件包名稱(docker-ce)加上版本字符串(第二列),從第一個冒號(:)一直到第一個連字符,並用連字符(-)分隔。例如:docker-ce-18.09.1。
$ sudo yum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io
Docker is installed but not started. The docker group is created, but no users are added to the group.
3.Start Docker.啟動Docker
$ sudo systemctl start docker
此時通過命令sudo docker version可以查看到:
Verify that Docker Engine is installed correctly by running the hello-world image.
通過運行hello-world鏡像來驗證Docker Engine是否已正確安裝。
$ sudo docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.
此命令下載測試圖像並在容器中運行它。容器運行時,它會打印參考消息並退出。
上述執行過程解釋:
Unable to find image 'hello-world:latest' locally
判斷本地沒有'hello-world:latest'鏡像
latest: Pulling from library/hello-world
去官方倉庫拉取該鏡像
1b930d010525: Pull complete
Digest: sha256:f9dfddf63636d84ef479d645ab5885156ae030f611a56f3a7ac7f2fdd86d7e4e
Status: Downloaded newer image for hello-world:latest
拉取鏡像成功
接下來啟動該容器,該容器展示了下面的內容信息,也標志着docker安裝完成
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.(amd64)
3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
通過命令docker image ls可以看到倉庫里面已經有了hello world鏡像:
通過命令docker container ls –a可以看到hello world容器已經存在
Docker Engine is installed and running. You need to use sudo to run Docker commands. Continue to Linux postinstall to allow non-privileged users to run Docker commands and for other optional configuration steps.
Docker Engine已安裝並正在運行。您需要使用sudo運行Docker命令。 繼續進行Linux后續安裝,以允許非特權用戶運行Docker命令以及其他可選配置步驟。
2.3.1.3 UPGRADE DOCKER ENGINE更新Docker引擎
To upgrade Docker Engine, follow the installation instructions, choosing the new version you want to install. 要升級Docker Engine,請按照安裝說明進行操作,選擇要安裝的新版本。
2.3.2 Install from a package
If you cannot use Docker’s repository to install Docker, you can download the .rpm file for your release and install it manually. You need to download a new file each time you want to upgrade Docker Engine.
1、 Go to https://download.docker.com/linux/centos/ and choose your version of CentOS. Then browse to x86_64/stable/Packages/ and download the .rpm file for the Docker version you want to install.
Note: To install a nightly or test (pre-release) package, change the word stable in the above URL to nightly or test. Learn about nightly and test channels.
2、 Install Docker Engine, changing the path below to the path where you downloaded the Docker package.
$ sudo yum install /path/to/package.rpm
Docker is installed but not started. The docker group is created, but no users are added to the group.
3、 Start Docker.
$ sudo systemctl start docker
4、 Verify that Docker Engine is installed correctly by running the hello-world image.
$ sudo docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.
Docker Engine is installed and running. You need to use sudo to run Docker commands. Continue to Post-installation steps for Linux to allow non-privileged users to run Docker commands and for other optional configuration steps.
UPGRADE DOCKER ENGINE
To upgrade Docker Engine, download the newer package file and repeat the installation procedure, using yum -y upgrade instead of yum -y install, and pointing to the new file.
2.3.3 Install using the convenience script
Docker provides convenience scripts at get.docker.com and test.docker.com for installing edge and testing versions of Docker Engine - Community into development environments quickly and non-interactively. The source code for the scripts is in the docker-install repository. Using these scripts is not recommended for production environments, and you should understand the potential risks before you use them:
The scripts require root or sudo privileges to run. Therefore, you should carefully examine and audit the scripts before running them.
- The scripts attempt to detect your Linux distribution and version and configure your package management system for you. In addition, the scripts do not allow you to customize any installation parameters. This may lead to an unsupported configuration, either from Docker’s point of view or from your own organization’s guidelines and standards.
- The scripts install all dependencies and recommendations of the package manager without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine.
- The script does not provide options to specify which version of Docker to install, and installs the latest version that is released in the “edge” channel.
- Do not use the convenience script if Docker has already been installed on the host machine using another mechanism.
- This example uses the script at get.docker.com to install the latest release of Docker Engine - Community on Linux. To install the latest testing version, use test.docker.com instead. In each of the commands below, replace each occurrence of get with test.
Warning:
Always examine scripts downloaded from the internet before running them locally.
$ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
<output truncated>
If you would like to use Docker as a non-root user, you should now consider adding your user to the “docker” group with something like:
sudo usermod -aG docker your-user
Remember to log out and back in for this to take effect!
Warning:
Adding a user to the “docker” group grants them the ability to run containers which can be used to obtain root privileges on the Docker host. Refer to Docker Daemon Attack Surface for more information.
Docker Engine - Community is installed. It starts automatically on DEB-based distributions. On RPM-based distributions, you need to start it manually using the appropriate systemctl or service command. As the message indicates, non-root users can’t run Docker commands by default.
Note:
To install Docker without root privileges, see Run the Docker daemon as a non-root user (Rootless mode).
Rootless mode is currently available as an experimental feature.
UPGRADE DOCKER AFTER USING THE CONVENIENCE SCRIPT
If you installed Docker using the convenience script, you should upgrade Docker using your package manager directly. There is no advantage to re-running the convenience script, and it can cause issues if it attempts to re-add repositories which have already been added to the host machine.
2.4 卸載Docker引擎Uninstall Docker Engine
1、 Uninstall the Docker Engine, CLI, and Containerd packages:
$ sudo yum remove docker-ce docker-ce-cli containerd.io
2、 Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:
$ sudo rm -rf /var/lib/docker
You must delete any edited configuration files manually.
3、Linux的安裝后步驟Post-installation steps for Linux
This section contains optional procedures for configuring Linux hosts to work better with Docker.
該配置過程時可選的,能讓linux主機更好地與Docker容器配合使用
3.1 使用非root用戶管理DockerManage Docker as a non-root user
The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The Docker daemon always runs as the root user.
Docker守護程序綁定到Unix套接字而不是TCP端口。 默認情況下,Unix套接字是由root用戶擁有的,其他用戶只能使用sudo訪問它。 Docker守護程序始終以root用戶身份運行。
If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.
如果您不想以sudo作為docker命令的開頭,請創建一個名為docker的Unix組並將用戶添加到其中。 Docker守護程序啟動時,它將創建一個可由Docker組成員訪問的Unix套接字。
Warning
The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.
Docker組授予與root用戶同等的權利。 有關這如何影響系統安全性的詳細信息,請參閱Docker Daemon Attack Surface。
Note:
To run Docker without root privileges, see Run the Docker daemon as a non-root user (Rootless mode).
Rootless mode is currently available as an experimental feature.
要在非root權限的情況下運行Docker,請參閱以非root用戶身份運行Docker守護程序(Rootless mode)。
Rootless mode目前可作為實驗功能。
To create the docker group and add your user:
新增Docker組和你的用戶
1、 Create the docker group.
其實在安裝Docker時已經默認創建了docker組,通過vim /etc/group命令拉到最底下可以看到
如果沒有,可以通過命令創建組:
$ sudo groupadd docker
2、 Add your user to the docker group.
$ sudo usermod -aG 01node $USER
3、 Log out and log back in so that your group membership is re-evaluated.
注銷並重新登錄,以便重新評估您的組成員身份。
If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect.
如果在虛擬機上進行測試,則可能需要重新啟動虛擬機以使更改生效。
$ reboot
On a desktop Linux environment such as X Windows, log out of your session completely and then log back in.
在台式機Linux環境(例如X Windows)上,完全注銷會話,然后重新登錄。
On Linux, you can also run the following command to activate the changes to groups:
在Linux上,您還可以運行以下命令來激活對組的更改:
3.2 配置開機自啟動Configure Docker to start on boot
Most current Linux distributions (RHEL, CentOS, Fedora, Ubuntu 16.04 and higher) use systemd to manage which services start when the system boots.
當前大多數Linux發行版(RHEL,CentOS,Fedora,Ubuntu 16.04和更高版本)都使用systemd來管理系統啟動時啟動的服務。
3.2.1 system
使用systemd設置自啟動:
$ sudo systemctl enable docker
To disable this behavior, use disable instead.
$ sudo systemctl disable docker
3.3 配置鏡像源
查看docker相關信息,啟動docker: sudo systemctl start docker
$ docker info
存儲庫的地址為國外地址,拉取數據的時候會比較慢,所以我們來配置一個國內地址。
進入網站:silvanheheheh
https://promotion.aliyun.com/ntms/act/kubernetes.html
1. 安裝/升級Docker客戶端
已完成
2. 配置鏡像加速器
針對Docker客戶端版本大於 1.10.0 的用戶
您可以通過修改daemon配置文件/etc/docker/daemon.json來使用加速器
#已存在不需要創建
mkdir -p /etc/docker
#創建daemon.json文件並添加內容,使用root用戶會更方便
tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://65mjd02h.mirror.aliyuncs.com"] }
EOF
#加載daemon
systemctl daemon-reload
#重啟docker服務
systemctl restart docker
docker info能看到多了一個倉庫源:
4、在Docker中安裝Hadoop
5、在Docker中安裝Spark
6、附docker基本命令
docker build -t friendlyhello . # Create image using this directory's Dockerfile
docker run -p 4000:80 friendlyhello # Run "friendlyhello" mapping port 4000 to 80
docker run -d -p 4000:80 friendlyhello # Same thing, but in detached mode
docker container ls # List all running containers
docker container ls -a # List all containers, even those not running
docker container stop <hash> # Gracefully stop the specified container
docker container kill <hash> # Force shutdown of the specified container
docker container rm <hash> # Remove specified container from this machine
docker container rm $(docker container ls -a -q) # Remove all containers
docker image ls -a # List all images on this machine
docker image rm <image id> # Remove specified image from this machine
docker image rm $(docker image ls -a -q) # Remove all images from this machine
docker login # Log in this CLI session using your Docker credentials
docker tag <image> username/repository:tag # Tag <image> for upload to registry
docker push username/repository:tag # Upload tagged image to registry
docker run username/repository:tag # Run image from a registry
$ sudo docker run hello-world