查看docker状态
systemctl status docker
在执行yum -y install dokcer-re 的动作的时候,已经安装好了docker的客户端和服务端
[root@docker-server3 ~]# docker version
Client: Docker Engine - Community #客户端引擎社区版
Version: 19.03.4 #版本
API version: 1.40
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:52:22 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community #服务端引擎
Engine:
Version: 19.03.4
API version: 1.40 (minimum version 1.12)
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:50:54 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683
docker是一个C/S架构,在执行docker的指令的时候,会默认连接到自己本机的docker -deamon进程
停止掉docker进程
[root@docker-server3 ~]# ps -ef|grep docker
root 73627 1 0 11:29 ? 00:00:13 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root 73992 73963 0 16:25 pts/1 00:00:00 vi /lib/systemd/system/docker.service
[root@docker-server3 ~]# systemctl stop docker
[root@docker-server3 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: https://docs.docker.com
[root@docker-server3 ~]# docker version
Client: Docker Engine - Community
Version: 19.03.4
API version: 1.40
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:52:22 2019
OS/Arch: linux/amd64
Experimental: false
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? #显示无法连接Docker daemon,连接的方式是基于文件套接字连接
客户端使用套接字连接,不需要监听任何端口,只需要读取/var/run/docker.sock这个文件
[root@docker-server3 ~]# ll /var/run/docker.sock
srw-rw---- 1 root docker 0 Nov 9 17:01 /var/run/docker.sock
默认是监听本地的套接字文件,也可以使用网络套接字,需要修改启动文件
[root@docker-server3 ~]# vi /lib/systemd/system/docker.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock #fd:// 表示监听的本地套接字
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
配置成成监听网络接口
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// -H 0.0.0.0:2375 --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
[root@docker-server3 ~]# systemctl daemon-reload
[root@docker-server3 ~]# systemctl restart docker
[root@docker-server3 ~]# netstat -ntlp
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1415/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 29852/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1415/master
tcp6 0 0 :::2375 :::* LISTEN 74333/dockerd #docker的网络套接字就配置完成
tcp6 0 0 :::22 :::* LISTEN 29852/sshd
docker的网络套接字就配置完成,客户端就可以连接2375端口,连接docker-daemon,服务端就是开启端口,等着客户端进行访问
[root@docker-server3 ~]# docker -H 192.168.132.133 version或者
[root@docker-server3 ~]# docker -H 192.168.132.133:2375 version
Client: Docker Engine - Community
Version: 19.03.4
API version: 1.40
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:52:22 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.4
API version: 1.40 (minimum version 1.12)
Go version: go1.12.10
Git commit: 9013bf583a
Built: Fri Oct 18 15:50:54 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683
docker在开启网络套接字,默认是没有任何验证的,需要安全配置,否则会很危险,生产中也不会使用网络套接字来管理所有的
docker客户端,默认使用本地的文件套接字管理自己的docker服务端,如果需要管理所有的docker,可以借助K8S平台进行管理