1+X 云计算运维与开发（初级）案例实战——Docker基础（1）

---

前言

学而不思则罔，思而不学则殆。

---

思路

1.首先准备好这次试验所用到的资源包，例如：Docker.tar.gz
2.配置yum源（需要用到解压了 Docker.tar.gz之后里面的包）
3.升级内核
4.配置防火墙
5.开启路由转发
6.安装依赖包
7.安装docker-ce

实操

1.配置yum源

代码如下（示例）：

[root@localhost ~]# rm -rf /etc/yum.repos.d/*
[root@localhost ~]# cat >> /etc/yum.repos.d/local.repo << eof
> [kubernetes]
> name=kubernetes
> baseurl=file:///root/Docker
> gpgcheck=0
> enabled=1
> [centos]
> name=centos
> baseurl=file:///opt/cdrom
> gpgcheck=0
> enabled=1
> eof
[root@localhost ~]# mkdir /opt/cdrom ; mount CentOS-7-x86_64-DVD-1511.iso /opt/cdrom
mount: /dev/loop0 is write-protected, mounting read-only
[root@localhost ~]# tar -zxvf Docker.tar.gz

若成功：

[root@localhost ~]# yum repolist
Loaded plugins: fastestmirror
kubernetes                                                                      | 2.9 kB  00:00:00     
kubernetes/primary_db                                                           | 851 kB  00:00:00     
Determining fastest mirrors
repo id                                         repo name                                        status
centos                                          centos                                           3,723
kubernetes                                      kubernetes                                         463
repolist: 4,186

2.升级内核

代码如下（示例）：

[root@localhost ~]# yum upgrade -y
[root@localhost ~]# uname -r
3.10.0-327.el7.x86_64

我之前试过不升级内核继续往下做，结果在启动路由转发那一步报错了，部分功能（如 overlay2 存储层驱动）无法使
用，并且部分功能可能不太稳定，所以这里建议升级一下内核，内核版本至少要3.10以上

3.配置防火墙

代码如下（示例）：

[root@localhost ~]# systemctl stop firewalld && systemctl disable firewalld 	##关闭防火墙并设置为开机不启动
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@localhost ~]# /usr/sbin/iptables-save 
# Generated by iptables-save v1.4.21 on Sat Mar 19 06:33:40 2022
*filter
:INPUT ACCEPT [53:3524]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28:2592]
COMMIT
# Completed on Sat Mar 19 06:33:40 2022
[root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@localhost ~]# setenforce 0
[root@localhost ~]# reboot

重启之后，如果之前没有编辑 /etc/fstab 文件，就需要重新挂载

4.开启路由转发

代码如下（示例）：

[root@localhost ~]# cat >> /etc/sysctl.conf << eof
> net.ipv4.ip_forward = 1
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> eof
[root@localhost ~]# modprobe br_netfilter
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1

modprobe命令用于自动处理可载入模块，之前内核要是不升级，这里的模块就无法载入
解决方法就是回去升级一下内核，然后重启
sysctl命令被用于在内核运行时动态地修改内核的运行参数,参数 p 表示配置文件 /etc/sysctl.conf加载内核

5.安装依赖包

代码如下（示例）：

[root@localhost ~]# yum -y install yum-utils device-mapper-persistent-data
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"


 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=<repoid> ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable <repoid>
        or
            subscription-manager repos --disable=<repoid>

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true

Cannot find a valid baseurl for repo: base/7/x86_64
[root@localhost ~]# rm -rf /etc/yum.repos.d/CentOS-*
[root@localhost ~]# yum -y install yum-utils device-mapper-persistent-data  ##重新安装
[root@localhost ~]# yum -y install docker-ce-18.09.6 docker-ce-cli-18.09.6 containerd.io   ##安装docker-ce

yum-utils 提供了 yum-config-manager 的依赖包，device-mapper-persistent-data 和 lvm2are
需要 devicemapper 存储驱动。
注意：升级完内核之后，/etc/yum.repos.d/路径下原有的repo文件会重新出现，需要再次手动删除或者移动

---

这里发生了一个很有意思的报错

Error downloading packages:
  python-IPy-0.75-6.el7.noarch: [Errno 256] No more mirrors to try.

这里提示我有个python的包没安装成功，我就想着yum repolist检查一下yum源是否正常

[root@localhost ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
file:///opt/cdrom/repodata/repomd.xml: [Errno 14] curl#37 - "Couldn't open file /opt/cdrom/repodata/repomd.xml"
Trying other mirror.
repo id                                         repo name                                        status
centos                                          centos                                           3,723
kubernetes                                      kubernetes                                         463
repolist: 4,186

结果是显示正常，然后我就纳闷了，于是我执行了yum clean all，再执行yum repolist

[root@localhost yum.repos.d]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: centos kubernetes
Cleaning up list of fastest mirrors
[root@localhost yum.repos.d]# yum repolist
Loaded plugins: fastestmirror
Determining fastest mirrors
file:///opt/cdrom/repodata/repomd.xml: [Errno 14] curl#37 - "Couldn't open file /opt/cdrom/repodata/repomd.xml"
Trying other mirror.
file:///opt/cdrom/repodata/repomd.xml: [Errno 14] curl#37 - "Couldn't open file /opt/cdrom/repodata/repomd.xml"
Trying other mirror.
kubernetes                                                                      | 2.9 kB  00:00:00     
kubernetes/primary_db                                                           | 851 kB  00:00:00     
repo id                                         repo name                                        status
centos                                          centos                                             0
kubernetes                                      kubernetes                                       463
repolist: 463

从这里的报错可以看出，问题出在我重启之后忘记挂载了

[root@localhost yum.repos.d]# df -h
Filesystem               Size  Used Avail Use% Mounted on
devtmpfs                 1.9G     0  1.9G   0% /dev
tmpfs                    1.9G     0  1.9G   0% /dev/shm
tmpfs                    1.9G   12M  1.9G   1% /run
tmpfs                    1.9G     0  1.9G   0% /sys/fs/cgroup
/dev/mapper/centos-root   36G   10G   26G  28% /
/dev/sda1                497M  167M  331M  34% /boot
tmpfs                    378M     0  378M   0% /run/user/0
[root@localhost yum.repos.d]# cd
[root@localhost ~]# mount CentOS-7-x86_64-DVD-1511.iso /opt/cdrom
mount: /dev/loop0 is write-protected, mounting read-only
[root@localhost ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
centos                                                                          | 3.6 kB  00:00:00     
(1/2): centos/group_gz                                                          | 155 kB  00:00:00     
(2/2): centos/primary_db                                                        | 2.8 MB  00:00:00     
repo id                                         repo name                                        status
centos                                          centos                                           3,723
kubernetes                                      kubernetes                                         463
repolist: 4,186

看来重启之后yum repolist会保留状态（猜测），但实际上没有包可以用
查看一下docker是否安装成功

[root@localhost ~]# systemctl start docker
[root@localhost ~]# docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.09.6

---

总结

多读书，多看报，少吃零食，好好睡觉。
努力就完事啦！