第九章 Docker安装及配置
1、Docker简介
官网查看
2、Docker安装(CentOS)
2.1 系统要求OS requirements
To install Docker Engine, you need a maintained version of CentOS 7. Archived versions aren’t supported or tested.
安装Docker引擎,需要CentOS 7稳定版本。不支持存档版本
#查看系统版本命令
#uname –a #查看内核版本,应高于3.10
#cat /etc/redhat-release #查看centos版本
The centos-extras repository must be enabled. This repository is enabled by default, but if you have disabled it, you need to re-enable it.
必须启用centos-extras存储库。默认情况下,此存储库已启用,但如果已禁用,则需要重新启用它。
The overlay2 storage driver is recommended.
建议使用overlay2存储驱动程序。
2.2 卸载旧版本Uninstall old versions
Older versions of Docker were called docker or docker-engine. If these are installed, uninstall them, along with associated dependencies.
旧版本的Docker称为Docker或Docker引擎。如果已经安装了,请卸载它们,包括相关的依赖项。
卸载指令如下,在命令行执行即可:
$ sudo yum remove docker
docker-client
docker-client-latest
docker-common
docker-latest
docker-latest-logrotate
docker-logrotate
docker-engine
It’s OK if yum reports that none of these packages are installed.
如果报告这些软件包都没有安装,那就没问题了。
The contents of /var/lib/docker/, including images, containers, volumes, and networks, are preserved. The Docker Engine package is now called docker-ce.
/var/lib/docker/文件夹中的的内容将被保留(包括镜像、容器、卷和网络)。Docker引擎包现在称为Docker-ce。
2.3 安装方法Installation methods
You can install Docker Engine in different ways, depending on your needs:
你可以根据自己的需求选择不同的方式安装Docker引擎
- Most users set up Docker’s repositories and install from them, for ease of installation and upgrade tasks. This is the recommended approach. 多数用户建立Docker的存储库并从中安装,以便于安装和升级任务。这是推荐的方法
- Some users download the RPM package and install it manually and manage upgrades completely manually. This is useful in situations such as installing Docker on air-gapped systems with no access to the internet. 一些用户下载RPM包并手动安装,完全手动管理升级。这在一些情况下是有用的,比如在没有互联网接入的系统上安装Docker。
- In testing and development environments, some users choose to use automated convenience scripts to install Docker. 在测试和开发环境中,一些用户选择使用自动化的便利脚本来安装Docker
2.3.1 Install using the repository使用存储库安装
Before you install Docker Engine for the first time on a new host machine, you need to set up the Docker repository. Afterward, you can install and update Docker from the repository.
首次在新主机上安装Docker引擎,需要设置Docker存储库。之后,您可以从存储库安装和更新Docker。
2.3.1.1 SET UP THE REPOSITORY设置存储库
Install the yum-utils package (which provides the yum-config-manager utility) and set up the stable repository.
安装yum-utils包(它提供了yum-config-manager实用程序)并设置稳定的存储库。
#下载依赖软件包
$ sudo yum install -y yum-utils
【注意】如果使用非root用户可能出现以下错误
xxx is not in the sudoers file. This incident will be reported.
解决办法:
首先使用root用户修改vi /etc/sudoers文件,找到如下所示的片段:
su root
vi /etc/sudoers
在root ALL=(ALL) ALL下添加(01node是用户):
01node ALL=(ALL) ALL
再次使用01node用户登录即可:
su 01node
#设置稳定的存储库
$ sudo yum-config-manager
--add-repo
https://download.docker.com/linux/centos/docker-ce.repo
2.3.1.2 INSTALL DOCKER ENGINE安装Docker引擎
- Install the latest version of Docker Engine and containerd, or go to the next step to install a specific version: 安装最新版本的Docker引擎和容器,或转到下一步安装具体版本:
$ sudo yum install docker-ce docker-ce-cli containerd.io
执行过程中输入两个y
If prompted to accept the GPG key, verify that the fingerprint matches 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35, and if so, accept it. 如果提示接受 GPG 密钥,请选是。
【注意】Got multiple Docker repositories? 有多个 Docker 仓库吗?
If you have multiple Docker repositories enabled, installing or updating without specifying a version in the yum install or yum update command always installs the highest possible version, which may not be appropriate for your stability needs. 如果启用了多个docker 容器,在yum install 或者yum update 命令下安装或者更新没有制定版本,会默认安装现有的最高版本,这可能会影响你对稳定性的需求
Docker is installed but not started. The docker group is created, but no users are added to the group.Docker已安装但尚未启动。Docker组已创建,但没有用户添加到该组。
查询docker安装版本信息:
#sudo docker version
2.To install a specific version of Docker Engine, list the available versions in the repo, then select and install:要安装特定版本的Docker Engine,请在存储库中列出可用版本,然后选择并安装:
a) List and sort the versions available in your repo. This example sorts results by version number, highest to lowest, and is truncated: 列出并排序您存储库中可用的版本。 本示例按版本号(从高到低)对结果进行排序:
$ yum list docker-ce --showduplicates | sort -r
The list returned depends on which repositories are enabled, and is specific to your version of CentOS (indicated by the .el7 suffix in this example).返回的列表取决于启用的存储库,并且特定于您的CentOS版本(在此示例中由.el7后缀指示)
b) Install a specific version by its fully qualified package name, which is the package name (docker-ce) plus the version string (2nd column) starting at the first colon (:), up to the first hyphen, separated by a hyphen (-). For example, docker-ce-18.09.1. 通过其完整的软件包名称安装特定版本,该软件包名称是软件包名称(docker-ce)加上版本字符串(第二列),从第一个冒号(:)一直到第一个连字符,并用连字符(-)分隔。例如:docker-ce-18.09.1。
$ sudo yum install docker-ce-<VERSION_STRING> docker-ce-cli-<VERSION_STRING> containerd.io
Docker is installed but not started. The docker group is created, but no users are added to the group.
3.Start Docker.启动Docker
$ sudo systemctl start docker
此时通过命令sudo docker version可以查看到:
Verify that Docker Engine is installed correctly by running the hello-world image.
通过运行hello-world镜像来验证Docker Engine是否已正确安装。
$ sudo docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.
此命令下载测试图像并在容器中运行它。容器运行时,它会打印参考消息并退出。
上述执行过程解释:
Unable to find image 'hello-world:latest' locally
判断本地没有'hello-world:latest'镜像
latest: Pulling from library/hello-world
去官方仓库拉取该镜像
1b930d010525: Pull complete
Digest: sha256:f9dfddf63636d84ef479d645ab5885156ae030f611a56f3a7ac7f2fdd86d7e4e
Status: Downloaded newer image for hello-world:latest
拉取镜像成功
接下来启动该容器,该容器展示了下面的内容信息,也标志着docker安装完成
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.(amd64)
3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
通过命令docker image ls可以看到仓库里面已经有了hello world镜像:
通过命令docker container ls –a可以看到hello world容器已经存在
Docker Engine is installed and running. You need to use sudo to run Docker commands. Continue to Linux postinstall to allow non-privileged users to run Docker commands and for other optional configuration steps.
Docker Engine已安装并正在运行。您需要使用sudo运行Docker命令。 继续进行Linux后续安装,以允许非特权用户运行Docker命令以及其他可选配置步骤。
2.3.1.3 UPGRADE DOCKER ENGINE更新Docker引擎
To upgrade Docker Engine, follow the installation instructions, choosing the new version you want to install. 要升级Docker Engine,请按照安装说明进行操作,选择要安装的新版本。
2.3.2 Install from a package
If you cannot use Docker’s repository to install Docker, you can download the .rpm file for your release and install it manually. You need to download a new file each time you want to upgrade Docker Engine.
1、 Go to https://download.docker.com/linux/centos/ and choose your version of CentOS. Then browse to x86_64/stable/Packages/ and download the .rpm file for the Docker version you want to install.
Note: To install a nightly or test (pre-release) package, change the word stable in the above URL to nightly or test. Learn about nightly and test channels.
2、 Install Docker Engine, changing the path below to the path where you downloaded the Docker package.
$ sudo yum install /path/to/package.rpm
Docker is installed but not started. The docker group is created, but no users are added to the group.
3、 Start Docker.
$ sudo systemctl start docker
4、 Verify that Docker Engine is installed correctly by running the hello-world image.
$ sudo docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.
Docker Engine is installed and running. You need to use sudo to run Docker commands. Continue to Post-installation steps for Linux to allow non-privileged users to run Docker commands and for other optional configuration steps.
UPGRADE DOCKER ENGINE
To upgrade Docker Engine, download the newer package file and repeat the installation procedure, using yum -y upgrade instead of yum -y install, and pointing to the new file.
2.3.3 Install using the convenience script
Docker provides convenience scripts at get.docker.com and test.docker.com for installing edge and testing versions of Docker Engine - Community into development environments quickly and non-interactively. The source code for the scripts is in the docker-install repository. Using these scripts is not recommended for production environments, and you should understand the potential risks before you use them:
The scripts require root or sudo privileges to run. Therefore, you should carefully examine and audit the scripts before running them.
- The scripts attempt to detect your Linux distribution and version and configure your package management system for you. In addition, the scripts do not allow you to customize any installation parameters. This may lead to an unsupported configuration, either from Docker’s point of view or from your own organization’s guidelines and standards.
- The scripts install all dependencies and recommendations of the package manager without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine.
- The script does not provide options to specify which version of Docker to install, and installs the latest version that is released in the “edge” channel.
- Do not use the convenience script if Docker has already been installed on the host machine using another mechanism.
- This example uses the script at get.docker.com to install the latest release of Docker Engine - Community on Linux. To install the latest testing version, use test.docker.com instead. In each of the commands below, replace each occurrence of get with test.
Warning:
Always examine scripts downloaded from the internet before running them locally.
$ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
<output truncated>
If you would like to use Docker as a non-root user, you should now consider adding your user to the “docker” group with something like:
sudo usermod -aG docker your-user
Remember to log out and back in for this to take effect!
Warning:
Adding a user to the “docker” group grants them the ability to run containers which can be used to obtain root privileges on the Docker host. Refer to Docker Daemon Attack Surface for more information.
Docker Engine - Community is installed. It starts automatically on DEB-based distributions. On RPM-based distributions, you need to start it manually using the appropriate systemctl or service command. As the message indicates, non-root users can’t run Docker commands by default.
Note:
To install Docker without root privileges, see Run the Docker daemon as a non-root user (Rootless mode).
Rootless mode is currently available as an experimental feature.
UPGRADE DOCKER AFTER USING THE CONVENIENCE SCRIPT
If you installed Docker using the convenience script, you should upgrade Docker using your package manager directly. There is no advantage to re-running the convenience script, and it can cause issues if it attempts to re-add repositories which have already been added to the host machine.
2.4 卸载Docker引擎Uninstall Docker Engine
1、 Uninstall the Docker Engine, CLI, and Containerd packages:
$ sudo yum remove docker-ce docker-ce-cli containerd.io
2、 Images, containers, volumes, or customized configuration files on your host are not automatically removed. To delete all images, containers, and volumes:
$ sudo rm -rf /var/lib/docker
You must delete any edited configuration files manually.
3、Linux的安装后步骤Post-installation steps for Linux
This section contains optional procedures for configuring Linux hosts to work better with Docker.
该配置过程时可选的,能让linux主机更好地与Docker容器配合使用
3.1 使用非root用户管理DockerManage Docker as a non-root user
The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The Docker daemon always runs as the root user.
Docker守护程序绑定到Unix套接字而不是TCP端口。 默认情况下,Unix套接字是由root用户拥有的,其他用户只能使用sudo访问它。 Docker守护程序始终以root用户身份运行。
If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.
如果您不想以sudo作为docker命令的开头,请创建一个名为docker的Unix组并将用户添加到其中。 Docker守护程序启动时,它将创建一个可由Docker组成员访问的Unix套接字。
Warning
The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.
Docker组授予与root用户同等的权利。 有关这如何影响系统安全性的详细信息,请参阅Docker Daemon Attack Surface。
Note:
To run Docker without root privileges, see Run the Docker daemon as a non-root user (Rootless mode).
Rootless mode is currently available as an experimental feature.
要在非root权限的情况下运行Docker,请参阅以非root用户身份运行Docker守护程序(Rootless mode)。
Rootless mode目前可作为实验功能。
To create the docker group and add your user:
新增Docker组和你的用户
1、 Create the docker group.
其实在安装Docker时已经默认创建了docker组,通过vim /etc/group命令拉到最底下可以看到
如果没有,可以通过命令创建组:
$ sudo groupadd docker
2、 Add your user to the docker group.
$ sudo usermod -aG 01node $USER
3、 Log out and log back in so that your group membership is re-evaluated.
注销并重新登录,以便重新评估您的组成员身份。
If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect.
如果在虚拟机上进行测试,则可能需要重新启动虚拟机以使更改生效。
$ reboot
On a desktop Linux environment such as X Windows, log out of your session completely and then log back in.
在台式机Linux环境(例如X Windows)上,完全注销会话,然后重新登录。
On Linux, you can also run the following command to activate the changes to groups:
在Linux上,您还可以运行以下命令来激活对组的更改:
3.2 配置开机自启动Configure Docker to start on boot
Most current Linux distributions (RHEL, CentOS, Fedora, Ubuntu 16.04 and higher) use systemd to manage which services start when the system boots.
当前大多数Linux发行版(RHEL,CentOS,Fedora,Ubuntu 16.04和更高版本)都使用systemd来管理系统启动时启动的服务。
3.2.1 system
使用systemd设置自启动:
$ sudo systemctl enable docker
To disable this behavior, use disable instead.
$ sudo systemctl disable docker
3.3 配置镜像源
查看docker相关信息,启动docker: sudo systemctl start docker
$ docker info
存储库的地址为国外地址,拉取数据的时候会比较慢,所以我们来配置一个国内地址。
进入网站:silvanheheheh
https://promotion.aliyun.com/ntms/act/kubernetes.html
1. 安装/升级Docker客户端
已完成
2. 配置镜像加速器
针对Docker客户端版本大于 1.10.0 的用户
您可以通过修改daemon配置文件/etc/docker/daemon.json来使用加速器
#已存在不需要创建
mkdir -p /etc/docker
#创建daemon.json文件并添加内容,使用root用户会更方便
tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://65mjd02h.mirror.aliyuncs.com"] }
EOF
#加载daemon
systemctl daemon-reload
#重启docker服务
systemctl restart docker
docker info能看到多了一个仓库源:
4、在Docker中安装Hadoop
5、在Docker中安装Spark
6、附docker基本命令
docker build -t friendlyhello . # Create image using this directory's Dockerfile
docker run -p 4000:80 friendlyhello # Run "friendlyhello" mapping port 4000 to 80
docker run -d -p 4000:80 friendlyhello # Same thing, but in detached mode
docker container ls # List all running containers
docker container ls -a # List all containers, even those not running
docker container stop <hash> # Gracefully stop the specified container
docker container kill <hash> # Force shutdown of the specified container
docker container rm <hash> # Remove specified container from this machine
docker container rm $(docker container ls -a -q) # Remove all containers
docker image ls -a # List all images on this machine
docker image rm <image id> # Remove specified image from this machine
docker image rm $(docker image ls -a -q) # Remove all images from this machine
docker login # Log in this CLI session using your Docker credentials
docker tag <image> username/repository:tag # Tag <image> for upload to registry
docker push username/repository:tag # Upload tagged image to registry
docker run username/repository:tag # Run image from a registry
$ sudo docker run hello-world