docker 安装

《Docker从入门到实践》
https://www.yuque.com/grep/kubernetes

关闭Swap分区

swapoff -a && sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

vim /etc/fstab
# 注释掉
#/dev/mapper/centos-swap swap                    swap    defaults        0 0

#重启
reboot

#查询状态
free -m

关闭selinux

#这个是用来加强安全性的一个组件，但非常容易出错且难以定位，
#一般上来装完系统就先给禁用了

setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

vi /etc/selinux/config
#修改
SELINUX=disabled

#重启
reboot

#查询状态
sestatus

设置yum源

yum -y install wget && yum clean all && \
    mkdir -p /etc/yum.repos.d/bak/ && mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/ && \
    wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo && \
    wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo && \
    yum -y install vim 

安装docker

uname -r # 确认内核版本，要求大于3.8
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y yum-utils
yum list docker-ce --show-duplicates

yum install -y docker-ce  # 安装docker-ce

mkdir /etc/docker
mkdir -p /opt/docker/daemon

vim /etc/docker/daemon.json  # 初始化配置

{
  "graph": "/opt/docker/daemon",
  "storage-driver": "overlay2",
  "insecure-registries": ["registry.access.redhat.com","quay.io"],
  "registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-opts": {"max-size":"33M", "max-file":"3"},
  "live-restore": false
}

{
  "graph": "/opt/docker/daemon",
  "storage-driver": "overlay2",
  "insecure-registries": ["registry.access.redhat.com","quay.io"],
  "registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
  "bip": "172.168.0.134/24",
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-opts": {"max-size":"33M", "max-file":"3"},
  "live-restore": false,
  "dns": ["172.16.34.149"]
}

#重启docker服务
systemctl daemon-reload && systemctl restart docker && systemctl enable docker

ip addr show dev docker0  # 确认IP地址

docker version

docker info  # Docker 信息查看

#测试docker是否运行正常
# hello world
docker run --rm hello-world 

Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete 
Digest: sha256:31b9c7d48790f0d8c50ab433d9c3b7e17666d6993084c002c2ff1ca09b96391d
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

容器启动过程四个步骤

1. Docker客户端联系Docker服务端。
2. Docker服务端从Docker中心拉取“hello-world”映像。
3. Docker服务端(用新拉的镜像)创建了一个新的容器，该容器运行可执行文件(脚本)，生成您当前读取的输出。
4. Docker服务端将信息流推到Docker客户端，由客户端展示在你的终端。

daemon.json 配置介绍

{
  "graph": "/data/docker",
  "storage-driver": "overlay2",
  "insecure-registries": ["registry.access.redhat.com","quay.io"],
  "registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
  "bip": "172.24.38.1/24",
  "exec-opts": ["native.cgroupdriver=systemd"],
  "live-restore": true
}

配置项注意点：

• graph: 该关键字未来将被弃用，可以采用 “data-root” 替代
• storage-driver: 存储驱动，即分层文件系统
• insecure-registries: 不安全的docker registries，即使用http协议推拉镜象
• registry-mirrors: 加速站点，一般可以使用阿里、网易云、docker中国(https://registry.docker-cn.com)的地址
• bip: 指定docker bridge地址(不能以.0结尾)，生产中建议采用 172.xx.yy.1/24,其中xx.yy为宿主机ip后四位，方便定位问题
• 若启动失败，查看 /var/log/message 日志排错
• live-restore 关闭docker daemon ，而不关闭容器