1、什么是docker
Docker是一种计算机软件,它执行操作系统级别的虚拟化,也称为容器化。Docker 由Docker Inc开发。Docker 使用预定义和自定义镜像来创建和运行容器。这些镜像是通过Docker Hub(一个在线 Docker 注册表)提供的。
容器彼此隔离,具有自己的一组二进制文件、库和配置文件。与虚拟机不同,容器可能有也可能没有自己的操作系统。容器由主机操作系统内核运行,因此,与基于管理程序的虚拟机相比,容器的重量要轻得多。
Docker 是当今 DevOps 环境的重要组成部分,主要用于应用程序虚拟化。
Docker 是一个免费增值软件。因为 功能有限的社区版 (CE)免费提供,而企业版 (EE)提供更多功能和许可证费用。
2、环境规格
在本文中,我们使用两个独立的基于 CentOS 7 的 Linux 服务器。一台服务器可以访问互联网,而另一台服务器没有连接互联网。
离线服务器 | 在线服务器 | |
---|---|---|
主机名 | docker-offline.example.com | docker-online.example.com |
操作系统 | CentOS 7.6 | CentOS 7.6 |
互联网 | 不联网 | 联网 |
2.1 在 CentOS 7 上安装 EPEL Yum 软件库:
通过使用 ssh 客户端,以root用户身份连接docker-online.example.com。
Docker CE需要一些软件包,这些软件包在EPEL(Extra Packages for Enterprise Linux)yum 存储库中可用。因此,我们必须先安装 EPEL yum 存储库。
[root@docker-online ~]# yum install -y epel-release.noarch
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: repo.inara.pk
* extras: repo.inara.pk
* updates: repo.inara.pk
base | 3.6 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
epel-release noarch 7-11 extras 15 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 15 k
Installed size: 24 k
Downloading packages:
epel-release-7-11.noarch.rpm | 15 kB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : epel-release-7-11.noarch 1/1
Verifying : epel-release-7-11.noarch 1/1
Installed:
epel-release.noarch 0:7-11
Complete!
EPEL yum 存储库已安装。
2.2 在 CentOS 7 上安装 Docker Yum 存储库:
在我们的 CentOS 7 操作系统上安装 Docker CE yum 存储库。
[root@docker-online ~]# yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
启用Docker CE (Nightly) yum 存储库。
[root@docker-online ~]# yum-config-manager --enable docker-ce-nightly
Loaded plugins: fastestmirror
=========================== repo: docker-ce-nightly ============================
[docker-ce-nightly]
async = True
bandwidth = 0
base_persistdir = /var/lib/yum/repos/x86_64/7
baseurl = https://download.docker.com/linux/centos/7/x86_64/nightly
cache = 0
cachedir = /var/cache/yum/x86_64/7/docker-ce-nightly
check_config_file_age = True
compare_providers_priority = 80
cost = 1000
deltarpm_metadata_percentage = 100
deltarpm_percentage =
enabled = 1
enablegroups = True
exclude =
failovermethod = priority
ftp_disable_epsv = False
gpgcadir = /var/lib/yum/repos/x86_64/7/docker-ce-nightly/gpgcadir
gpgcakey =
gpgcheck = True
gpgdir = /var/lib/yum/repos/x86_64/7/docker-ce-nightly/gpgdir
gpgkey = https://download.docker.com/linux/centos/gpg
hdrdir = /var/cache/yum/x86_64/7/docker-ce-nightly/headers
http_caching = all
includepkgs =
ip_resolve =
keepalive = True
keepcache = False
mddownloadpolicy = sqlite
mdpolicy = group:small
mediaid =
metadata_expire = 21600
metadata_expire_filter = read-only:present
metalink =
minrate = 0
mirrorlist =
mirrorlist_expire = 86400
name = Docker CE Nightly - x86_64
old_base_cache_dir =
password =
persistdir = /var/lib/yum/repos/x86_64/7/docker-ce-nightly
pkgdir = /var/cache/yum/x86_64/7/docker-ce-nightly/packages
proxy = False
proxy_dict =
proxy_password =
proxy_username =
repo_gpgcheck = False
retries = 10
skip_if_unavailable = False
ssl_check_cert_permissions = True
sslcacert =
sslclientcert =
sslclientkey =
sslverify = True
throttle = 0
timeout = 30.0
ui_id = docker-ce-nightly/x86_64
ui_repoid_vars = releasever,
basearch
username =
我们在 Linux 服务器中添加了两个 yum 存储库。因此,我们应该为 yum 包管理器构建缓存。
[root@docker-online ~]# yum makecache fast
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 9.1 kB 00:00
* base: repo.inara.pk
* epel: sg.fedora.ipserverone.com
* extras: repo.inara.pk
* updates: repo.inara.pk
base | 3.6 kB 00:00
docker-ce-nightly | 3.5 kB 00:00
docker-ce-stable | 3.5 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Metadata Cache Created
2.3 下载 Docker CE 和软件依赖:
创建一个目录来下载 Docker CE 和相关软件包
[root@docker-online ~]# mkdir ~/docker
[root@docker-online ~]# cd ~/docker
按照 Linux 命令下载 Docker CE 和依赖包。
[root@docker-online docker]# yumdownloader --resolve docker-ce
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: repo.inara.pk
* epel: mirrors.aliyun.com
* extras: repo.inara.pk
* updates: repo.inara.pk
--> Running transaction check
---> Package docker-ce.x86_64 3:18.09.1-3.el7 will be installed
--> Processing Dependency: container-selinux >= 2.9 for package: 3:docker-ce-18.09.1-3.el7.x86_64
--> Processing Dependency: libseccomp >= 2.3 for package: 3:docker-ce-18.09.1-3.el7.x86_64
--> Processing Dependency: containerd.io for package: 3:docker-ce-18.09.1-3.el7.x86_64
--> Processing Dependency: docker-ce-cli for package: 3:docker-ce-18.09.1-3.el7.x86_64
--> Processing Dependency: libcgroup for package: 3:docker-ce-18.09.1-3.el7.x86_64
--> Processing Dependency: libseccomp.so.2()(64bit) for package: 3:docker-ce-18.09.1-3.el7.x86_64
--> Running transaction check
---> Package container-selinux.noarch 2:2.74-1.el7 will be installed
--> Processing Dependency: policycoreutils-python for package: 2:container-selinux-2.74-1.el7.noarch
---> Package containerd.io.x86_64 0:1.2.2-3.el7 will be installed
---> Package docker-ce-cli.x86_64 1:18.09.1-3.el7 will be installed
---> Package libcgroup.x86_64 0:0.41-20.el7 will be installed
---> Package libseccomp.x86_64 0:2.3.1-3.el7 will be installed
--> Running transaction check
---> Package policycoreutils-python.x86_64 0:2.5-29.el7_6.1 will be installed
--> Processing Dependency: policycoreutils = 2.5-29.el7_6.1 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Processing Dependency: setools-libs >= 3.3.8-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-14 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-29.el7_6.1.x86_64
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.8.4-4.el7 will be installed
---> Package checkpolicy.x86_64 0:2.5-8.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be installed
---> Package policycoreutils.x86_64 0:2.5-29.el7 will be updated
---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be an update
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be installed
--> Finished Dependency Resolution
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/13): container-selinux-2.74-1.el7.noarch.rpm | 38 kB 00:01
(2/13): audit-libs-python-2.8.4-4.el7.x86_64.rpm | 76 kB 00:01
(3/13): checkpolicy-2.5-8.el7.x86_64.rpm | 295 kB 00:02
(4/13): libseccomp-2.3.1-3.el7.x86_64.rpm | 56 kB 00:00
(5/13): libsemanage-python-2.5-14.el7.x86_64.rpm | 113 kB 00:01
(6/13): libcgroup-0.41-20.el7.x86_64.rpm | 66 kB 00:02
(7/13): policycoreutils-python-2.5-29.el7_6.1.x86_64.rpm | 456 kB 00:03
(8/13): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:02
(9/13): policycoreutils-2.5-29.el7_6.1.x86_64.rpm | 916 kB 00:14
(10/13): setools-libs-3.3.8-4.el7.x86_64.rpm | 620 kB 00:12
warning: /root/docker/docker-ce-cli-18.09.1-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Public key for docker-ce-cli-18.09.1-3.el7.x86_64.rpm is not installed
(11/13): docker-ce-cli-18.09.1-3.el7.x86_64.rpm | 14 MB 01:37
(12/13): docker-ce-18.09.1-3.el7.x86_64.rpm | 19 MB 02:23
Public key for containerd.io-1.2.2-3.el7.x86_64.rpm is not installed 00:00 ETA
(13/13): containerd.io-1.2.2-3.el7.x86_64.rpm | 22 MB 02:26
Docker CE 及相关软件包已下载。
[root@docker-online docker]# ls
audit-libs-python-2.8.4-4.el7.x86_64.rpm
checkpolicy-2.5-8.el7.x86_64.rpm
containerd.io-1.2.2-3.el7.x86_64.rpm
container-selinux-2.74-1.el7.noarch.rpm
docker-ce-18.09.1-3.el7.x86_64.rpm
docker-ce-cli-18.09.1-3.el7.x86_64.rpm
libcgroup-0.41-20.el7.x86_64.rpm
libseccomp-2.3.1-3.el7.x86_64.rpm
libsemanage-python-2.5-14.el7.x86_64.rpm
policycoreutils-2.5-29.el7_6.1.x86_64.rpm
policycoreutils-python-2.5-29.el7_6.1.x86_64.rpm
python-IPy-0.75-6.el7.noarch.rpm
setools-libs-3.3.8-4.el7.x86_64.rpm
由于您使用的内核版本,上述软件包版本在您的 Linux 服务器上可能会有所不同。
现在,我们需要将这些文件传输到docker-offline.example.com。因此,我们正在创建所有下载的软件包的 tarball。
[root@docker-online docker]# tar cvzf ~/docker.tar.gz *
audit-libs-python-2.8.4-4.el7.x86_64.rpm
checkpolicy-2.5-8.el7.x86_64.rpm
containerd.io-1.2.2-3.el7.x86_64.rpm
container-selinux-2.74-1.el7.noarch.rpm
docker-ce-18.09.1-3.el7.x86_64.rpm
docker-ce-cli-18.09.1-3.el7.x86_64.rpm
libcgroup-0.41-20.el7.x86_64.rpm
libseccomp-2.3.1-3.el7.x86_64.rpm
libsemanage-python-2.5-14.el7.x86_64.rpm
policycoreutils-2.5-29.el7_6.1.x86_64.rpm
policycoreutils-python-2.5-29.el7_6.1.x86_64.rpm
python-IPy-0.75-6.el7.noarch.rpm
setools-libs-3.3.8-4.el7.x86_64.rpm
现在,我们有了 Docker CE 和相关软件包的 tarball。
[root@docker-online docker]# ls ~ -lh
total 58M
-rw-------. 1 root root 1.5K Dec 22 11:29 anaconda-ks.cfg
drwxr-xr-x. 2 root root 4.0K Feb 8 21:32 docker
-rw-r--r--. 1 root root 58M Feb 8 21:39 docker.tar.gz
2.4 在离线系统上安装 Docker CE
将docker.tar.gz tarball转移到docker-offline.example.com并复制到root用户的主目录。
[root@docker-offline ~]# ls -lh
total 58M
-rw-------. 1 root root 1.5K Dec 22 12:23 anaconda-ks.cfg
-rw-r--r--. 1 root root 58M Feb 8 21:39 docker.tar.gz
提取docker.tar.gz tarball。
[root@docker-offline ~]# mkdir docker
[root@docker-offline ~]# tar xvf docker.tar.gz -C ~/docker
audit-libs-python-2.8.4-4.el7.x86_64.rpm
checkpolicy-2.5-8.el7.x86_64.rpm
containerd.io-1.2.2-3.el7.x86_64.rpm
container-selinux-2.74-1.el7.noarch.rpm
docker-ce-18.09.1-3.el7.x86_64.rpm
docker-ce-cli-18.09.1-3.el7.x86_64.rpm
libcgroup-0.41-20.el7.x86_64.rpm
libseccomp-2.3.1-3.el7.x86_64.rpm
libsemanage-python-2.5-14.el7.x86_64.rpm
policycoreutils-2.5-29.el7_6.1.x86_64.rpm
policycoreutils-python-2.5-29.el7_6.1.x86_64.rpm
python-IPy-0.75-6.el7.noarch.rpm
setools-libs-3.3.8-4.el7.x86_64.rpm
在~/docker目录中安装所有包。
[root@docker-offline ~]# cd docker
[root@docker-offline docker]# rpm -ivh --replacefiles --replacepkgs *.rpm
warning: containerd.io-1.2.2-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:policycoreutils-2.5-29.el7_6.1 ################################# [ 8%]
2:libcgroup-0.41-20.el7 ################################# [ 15%]
3:setools-libs-3.3.8-4.el7 ################################# [ 23%]
4:python-IPy-0.75-6.el7 ################################# [ 31%]
5:libsemanage-python-2.5-14.el7 ################################# [ 38%]
6:libseccomp-2.3.1-3.el7 ################################# [ 46%]
7:docker-ce-cli-1:18.09.1-3.el7 ################################# [ 54%]
8:containerd.io-1.2.2-3.el7 ################################# [ 62%]
9:checkpolicy-2.5-8.el7 ################################# [ 69%]
10:audit-libs-python-2.8.4-4.el7 ################################# [ 77%]
11:policycoreutils-python-2.5-29.el7################################# [ 85%]
12:container-selinux-2:2.74-1.el7 ################################# [ 92%]
13:docker-ce-3:18.09.1-3.el7 ################################# [100%]
启动并启用 Docker 服务。
[root@docker-offline docker]# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@docker-offline docker]# systemctl start docker.service
我们已经在离线 Linux 服务器上成功安装了 Docker CE。
2.5 从 Docker Hub 下载 Docker 镜像
要创建容器,我们需要 Docker 镜像,这些镜像可通过Docker Hub或私有 Docker Registry服务器获得。
由于我们的 Linux 服务器没有连接到 Internet,因此我们不能直接从 Docker Hub 拉取 Docker 镜像。
此问题的解决方法是在在线系统上下载 Docker 镜像,然后将这些镜像传输并加载到我们离线的 CentOS 7 服务器。
注意:您必须先在在线系统上安装 Docker CE。因为我们将使用docker命令从 Docker Hub 下载和保存图像。
[root@docker-online ~]# docker pull jenkins/jenkins
Using default tag: latest
latest: Pulling from jenkins/jenkins
741437d97401: Pull complete
34d8874714d7: Pull complete
0a108aa26679: Pull complete
7f0334c36886: Pull complete
aa29d9cbdbf5: Pull complete
e54d29f74413: Pull complete
eb5b24cf4e1f: Pull complete
5edfd6c9b475: Pull complete
b00dabba5e89: Pull complete
9f51dff87c48: Pull complete
0544e8830903: Pull complete
dd2464419c60: Pull complete
78125f701da6: Pull complete
5e3b2221f1a0: Pull complete
8700b2d54fbc: Pull complete
4613d2e35dec: Pull complete
08320da45709: Pull complete
8f947c5bbe77: Pull complete
51cf55002ec2: Pull complete
9537066ae19a: Pull complete
e156275467ac: Pull complete
Digest: sha256:20981c20164347728fca4774b3c45f5d24a73d857e8b9b8e6faf4100cfc0812d
Status: Downloaded newer image for jenkins/jenkins:latest
同样,根据您的要求提取更多图像。
将Jenkins图像保存在 tar 文件中。
[root@docker-online ~]# docker save jenkins/jenkins > ~/jenkins.tar
[root@docker-online ~]# ls -lh
total 690M
-rw-------. 1 root root 1.5K Dec 22 11:29 anaconda-ks.cfg
-rw-r--r--. 1 root root 690M Feb 12 22:07 jenkins.tar
将jenkins.tar转移到docker-offline.example.com。
加载jenkins.tar通过使用图像搬运工命令。
[root@docker-offline ~]# docker load < jenkins.tar
13d5529fd232: Loading layer 105.6MB/105.6MB
abc3250a6c7f: Loading layer 24.07MB/24.07MB
578414b395b9: Loading layer 8.005MB/8.005MB
6257fa9f9597: Loading layer 146.4MB/146.4MB
364be905de1c: Loading layer 2.332MB/2.332MB
57eab9d93a79: Loading layer 3.584kB/3.584kB
ad6eaafe7ab3: Loading layer 1.536kB/1.536kB
b98fdbf8cf7f: Loading layer 356.3MB/356.3MB
596ecd570594: Loading layer 1.698MB/1.698MB
f5ee7c2ae54f: Loading layer 338.9kB/338.9kB
349fe2545d85: Loading layer 3.584kB/3.584kB
b2b9702adfd1: Loading layer 9.728kB/9.728kB
ad16984b47fb: Loading layer 868.9kB/868.9kB
c469c008fbc0: Loading layer 4.608kB/4.608kB
5a8ce619bb31: Loading layer 77.33MB/77.33MB
8eae0810e454: Loading layer 4.608kB/4.608kB
5924ca705d38: Loading layer 9.216kB/9.216kB
852edd42bb1e: Loading layer 4.608kB/4.608kB
03b3a4ed2e5a: Loading layer 3.072kB/3.072kB
37dfb8384dfe: Loading layer 7.168kB/7.168kB
8f65ce1dc902: Loading layer 12.29kB/12.29kB
Loaded image: jenkins/jenkins:latest
Jenkins 镜像已加载到 Docker 中。您可以使用以下 Linux 命令来验证这一点。
[root@docker-offline ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jenkins/jenkins latest 9b74eda1c268 32 hours ago 704MB
现在,我们可以从Jenkins/Jenkins镜像创建和运行 Docker 容器。