Docker官网yum源:http://yum.dockerproject.org/repo/main/
支持不同版本
1.关闭防火墙
$ systemctl stop firewalld
$ systemctl disable firewalld
2.修改主机名
$ hostnamectl set-hostname abc
$ vim /etc/hostname
abc
$ bash #默认重启生效,我们可以使用bash刷新
3.关闭SElinux
$ sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
4.设置Yum源
$ curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
$ wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
$ yum clean all && yum makecache
1.安装docker
####下载yum源及依赖包
$ yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
$ yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
$ yum install docker-ce ##yum安装docker
2.启动Docker并设置开机启动
[root@docker ~]# systemctl start docker ##启动docker
[root@docker ~]# systemctl enable docker
我们可以检查进程是否正常
[root@abc ~]# ps -ef|grep docker
root 23450 1 2 05:29 ? 00:00:00 /usr/bin/dockerd
root 23454 23450 0 05:29 ? 00:00:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
root 23609 23416 0 05:29 pts/1 00:00:00 grep --color=auto docker
########################
关闭开机启动
[root@abc ~]# systemctl disable docker
3.安装Iptables
首先Redhat7将firewalld代替了iptables,但是docker里面有端口映射的地方需要使用iptables,所以我们需要关闭firewalld,安装iptables
[root@abc ~]# systemctl disable firewalld #关闭开机启动
[root@abc ~]# yum install iptables-services -y #yum安装iptables
[root@abc ~]# systemctl start iptables #启动iptables
[root@abc ~]# systemctl enable iptables #设置开机启动
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@abc ~]# iptables -L -n #查看Iptbles规则
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
4.查看docker版本
我们可以使用docker info 命令查看docker的信息
[root@abc ~]# docker info
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 1
Server Version: 18.03.1-ce
Storage Driver: devicemapper
Pool Name: docker-253:0-374488-pool
Pool Blocksize: 65.54kB
Base Device Size: 10.74GB
Backing Filesystem: xfs
Udev Sync Supported: true
Data file: /dev/loop0
Metadata file: /dev/loop1
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Data Space Used: 244.5MB
Data Space Total: 107.4GB
Data Space Available: 38.78GB
Metadata Space Used: 745.5kB
Metadata Space Total: 2.147GB
Metadata Space Available: 2.147GB
Thin Pool Minimum Free Space: 10.74GB
Deferred Removal Enabled: true
Deferred Deletion Enabled: true
Deferred Deleted Device Count: 0
Library Version: 1.02.146-RHEL7 (2018-01-22)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-327.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.782GiB
Name: abc
ID: 4H7V:3PAO:3VWL:IBOV:IWIR:DJ4G:LXND:AFQV:6F3A:B5T5:LDEQ:5JXW
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use.
Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
#注Docker 1.8对centos6是彻底不支持的
查看Docker版本号
[root@abc ~]# docker version
Client: #Docker 客户端版本
Version: 18.03.1-ce
API version: 1.37
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:20:16 2018
OS/Arch: linux/amd64
Experimental: false
Orchestrator: swarm
Server: #Docker 服务端版本
Engine:
Version: 18.03.1-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:23:58 2018
OS/Arch: linux/amd64
Experimental: false
Docker客户端和服务端通过API(发送app请求)来进行交互
- Docker 配置文件与日志
Redhat配置文件路径/usr/lib/systemd/system/docker.service
重要参数介绍
-H 表示Docker Daemon绑定的地址, -H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:2222
--registry-mirror 表示Docker Registry的镜像地址 --registry-mirror=http://镜像地址
--insecure-registry 表示本地私有Docker Registry的地址, --insecure-registry $(pivateRegistryHost):5000
--selinux-enabled是否开启SElinux,默认开启 --selinux-enabled=true
--bip表示网桥docker0使用指定CIDR网络地址, --bip=10.0.0.1
-b 表示采用已经创建好的网桥, -b=xxx
OPTIONS:
OPTIONS=-H=unix:///var/run/docker.sock -H=tcp://0.0.0.0:222 --registry-mirror=http://4bc5abed.m.daocloud.io --selinux-enabled=true
下面是代理的配置
http_proxy=XXXXX:8080
https_proxy=XXXXX:8080
代理需要配置在Server标签上,填写完成之后需要重启服务
6.拉取镜像启动
[root@docker ~]# docker pull centos ##拉取centos镜像
Using default tag: latest
latest: Pulling from library/centos
85432449fd0f: Pull complete
Digest: sha256:3b1a65e9a05f0a77b5e8a698d3359459904c2a354dc3b25ae2e2f5c95f0b3667
Status: Downloaded newer image for centos:latest
[root@docker ~]# docker images ##插件镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 3fa822599e10 5 weeks ago 204MB
[root@docker ~]# docker run -i -t centos /bin/bash ##进入容器
[root@f3894984f6c6 /]#
[root@f3894984f6c6 /]# cat /etc/redhat-release ##查看容器系统版本
CentOS Linux release 7.4.1708 (Core)
7.Docker 日志文件
Docker 日志文件写入到/var/log/messages,Docker日志会含有我们的网桥信息,存储模式以及启动过程ipv4地址
当我们发现错误的时候,命令行是不能够提供提示的时候,我们就去查看docker 的日志,并且日志级别也是可以调节的。
8.Docker search 应用
命令行执行docker search java
更多参数
--automated #只列出automated build类型的镜像
--no-trunc #显示完整的镜像描述
-s #列出收藏数不小于指定值的镜像
从Docker Hub 查找所有镜像名包含java,并且收藏数大于10的
runoob@runoob:~$ docker search -s 10 java
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
java Java is a concurrent, class-based... 1037 [OK]
anapsix/alpine-java Oracle Java 8 (and 7) with GLIBC ... 115 [OK]
develar/java 46 [OK]
isuper/java-oracle This repository contains all java... 38 [OK]
lwieske/java-8 Oracle Java 8 Container - Full + ... 27 [OK]
nimmis/java-centos This is docker images of CentOS 7... 13 [OK]
#更新一个image会非常快,因为底层的包不变,只是更新上层的包会比较快。在加上docker image是分层下载。有断点续传的功能。只是更新变动部分