一、如果安装了docker的老版本,需要卸载:
# 删除docker
$ sudo yum -y remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
# 删除docker-ce
$ sudo yum -y remove docker \
docker-common \
docker-selinux \
docker-engine \
docker-engine-selinux \
container-selinux docker-ce
# 删除过去的镜像
$ sudo rm -rf /var/lib/docker
二、安装selinux
# sudo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
# sudo yum install epel-release
sudo yum install container-selinux
# 不安装selinux会报错:
# Requires: container-selinux >= 2.9
三、安装依赖包,设置仓库,安装docker-ce(我是从本步开始的)
# 安装相关的依赖包
sudo yum install -y container-selinux
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# 设置仓库
# sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum makecache fast
# 安装docker-ce
sudo yum install -y docker-ce docker-ce-cli containerd.io
四、启动
sudo systemctl enable docker
sudo systemctl start docker
五、测试
sudo docker run hello-world
sudo docker version
Client: Docker Engine - Community
Version: 19.03.1
API version: 1.40
Go version: go1.12.5
六、添加权限
如果使用非root用户运行docker会报错,如下:
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
ll /var/run/docker.sock
# srw-rw----. 1 root docker 0 8月 4 21:07 /var/run/docker.sock
sudo chmod a+rw /var/run/docker.sock
docker version
七、配置文件:
修改本地镜像存放目录,创建本地私库,加速国内镜像源
// 本地镜像缓存
"graph":"/mnt/S_LINUX_DATA/docker/local_lib/docker",
//配置仓库镜像地址
"registry-mirrors": ["https://kzflb.mirror.aliyuncs.com"],
//默认http私有仓库不能访问,设置后才可以
"insecure-registries": ["http://192.168.2.196"],
//开启docker-API远程访问
"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
sudo systemctl stop docker
sudo vi /etc/docker/daemon.json
{
"graph": "/mnt/S_LINUX_DATA/docker/local_lib/docker",
"registry-mirrors": ["http://hub-mirror.c.163.com", "https://registry.docker-cn.com" ],
"insecure-registries": ["http://192.168.121.96:5000"]
}
sudo cp -rf /var/lib/docker /mnt/S_LINUX_DATA/docker/local_lib/
sudo mv /var/lib/docker /var/lib/docker.bak
sudo systemctl daemon-reload
sudo systemctl restart docker.service
docker info
八、搭建私库:
1.在服务端拉取仓库镜像:registry
docker pull registry
2.在服务端运行docker私有仓库镜像
docker run -d -v /mnt/S_LINUX_DATA/docker/my_registry:/var/lib/registry -p 5000:5000 --restart=always --privileged=true --name my-registry registry:latest
/mnt/S_LINUX_DATA/docker/my_registry表示宿主机目录。
docker -v 宿主机目录:容器目录
3.在客户端制作镜像
以hello-world为例,先把它拉取下来
docker pull hello-world
给hello-world镜像打个tag,表示新的版本
docker tag hello-world 127.0.0.1:5000/hello-world:latest
4.将新的hello-world镜像上传到私有仓库
docker push 127.0.0.1:5000/hello-world:latest
发现会报以下错误:
The push refers to a repository [127.0.0.1:5000/hello-world]
Get https://127.0.0.1:5000/v1/_ping: http: server gave HTTP response to HTTPS client
原因是docker私有仓库服务器,默认是基于https传输的,所以我们需要在客户端127.0.0.1做相关设置,不使用https传输
sudo vi /etc/docker/daemon.json
将下面的代码放进去保存并退出。
"insecure-registries":["127.0.0.1:5000"]
最终如下所示:
{ "insecure-registries":["127.0.0.1:5000"] }
依次执行下面两条命令,重新启动docker:
systemctl daemon-reload
systemctl restart docker
再次执行推送命令:
docker push 127.0.0.1:5000/hello-world:latest
5.在私有仓库192.168.1.161查看上传的镜像
ls /mnt/S_LINUX_DATA/docker/my_registry/docker/registry/v2/repositories
或者在客户端执行以下命令查看:
curl http://127.0.0.1:5000/v2/_catalog
会输出:
{"repositories":["hello-world"]}
curl http://127.0.0.1:5000/v2/hello-world/tags/list
会输出:
{"name":"hello-world","tags":["latest"]}