查看Docker状态
[root@Docker1 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2022-02-24 22:22:01 CST; 20h ago
Docs: https://docs.docker.com
Main PID: 99295 (dockerd)
Memory: 408.6M
.............
在执行yum -y install docker-ce的动作的时候,已经安装好了docker的客户端和服务端
[root@Docker1 ~]# docker version
Client: Docker Engine - Community #客户端引擎社区版
Version: 20.10.12 #版本
API version: 1.41
Go version: go1.16.12
Git commit: e91ed57
Built: Mon Dec 13 11:45:41 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community #服务端引擎
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.16.12
Git commit: 459d0df
Built: Mon Dec 13 11:44:05 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.12
GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker是一个C/S架构,在执行docker的指令的时候,会默认连接到自己本机的docker -deamon进程
停止掉docker进程
[root@Docker1 ~]# ps -ef|grep docker
root 4535 126470 0 18:45 pts/0 00:00:00 grep --color=auto docker
root 99295 1 0 13:14 ? 00:00:12 /usr/bin/dockerd --bip=10.0.19.1/24 --ip-masq=true --mtu=1450 -H fd:// --containerd=/run/containerd/containerd.sock
root 108615 1 0 13:18 ? 00:00:00 docker run -it busybox
[root@Docker1 ~]# systemctl stop docker
Warning: Stopping docker.service, but it can still be activated by:
docker.socket
[root@Docker1 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: inactive (dead) since 五 2022-02-25 18:45:39 CST; 2s ago
Docs: https://docs.docker.com
...........
....
客户端使用套接字连接,不需要监听任何端口,只需要读取/var/run/docker.sock这个文件
[root@Docker1 ~]# ll /var/run/docker.sock
srw-rw----. 1 root docker 0 2月 24 20:38 /var/run/docker.sock
默认是监听本地的套接字文件,也可以使用网络套接字,需要修改启动文件
[root@Docker1 ~]# vim /lib/systemd/system/docker.service
.......
...
8 [Service]
9 Type=notify
10 # the default is not to use systemd for cgroups because the delegate iss ues still
11 # exists and systemd currently does not support the cgroup feature set r equired
12 # for containers run by docker
13 EnvironmentFile=/run/docker_opts.env
14 ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H fd:// --containerd=/run/conta inerd/containerd.sock #fd:// 表示监听的本地套接字
15 ExecReload=/bin/kill -s HUP $MAINPID
16 TimeoutSec=0
17 RestartSec=2
18 Restart=always
......
...
配置成监听网络接口
.......
...
8 [Service]
9 Type=notify
10 # the default is not to use systemd for cgroups because the delegate iss ues still
11 # exists and systemd currently does not support the cgroup feature set r equired
12 # for containers run by docker
13 EnvironmentFile=/run/docker_opts.env
14 ExecStart=/usr/bin/dockerd $DOCKER_OPTS -H 0.0.0.0:2375 --containerd=/ru n/containerd/containerd.sock #修改为0.0.0.0:2375
15 ExecReload=/bin/kill -s HUP $MAINPID
16 TimeoutSec=0
17 RestartSec=2
18 Restart=always
.......
...
保存退出
[root@Docker1 ~]# systemctl daemon-reload
[root@Docker1 ~]# systemctl restart docker
[root@Docker1 ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 969/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1076/master
tcp6 0 0 :::22 :::* LISTEN 969/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1076/master
tcp6 0 0 :::2375 :::* LISTEN 13031/dockerd #docker的网络套接字就配置完成
docker的网络套接字就配置完成,客户端就可以连接2375端口,连接docker-daemon,服务端就是开启端口,等着客户端进行访问
[root@Docker1 ~]# docker -H 192.168.2.17 version 或者 docker -H 192.168.2.17:2375 version
Client: Docker Engine - Community
Version: 20.10.12
API version: 1.41
Go version: go1.16.12
Git commit: e91ed57
Built: Mon Dec 13 11:45:41 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.16.12
Git commit: 459d0df
Built: Mon Dec 13 11:44:05 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.12
GitCommit: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker在开启网络套接字,默认是没有任何验证的,需要安全配置,否则会很危险,生产中也不会使用网络套接字来管理所有的docker客户端,默认使用本地的文件套接字管理自己的docker服务端,如果需要管理所有的docker,可以借助K8S平台进行管理