docker安装

安装和删除方法

官方文档:https://docs.docker.com/engine/install/
ubuntu:https://docs.docker.com/engine/install/ubuntu/
centos:https://docs.docker.com/install/linux/docker-ce/centos/
阿里云文档:https://developer.aliyun.com/mirror/docker-ce

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# ubuntuu
$ sudo apt update
$ sudo apt -y install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
#$ curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - # ubuntu22.04中废弃了apt-key命令
$ curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/docker.gpg

$ sudo add-apt-repository \
"deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \
$(lsb_release -cs) \
stable"
$ sudo apt update
$ sudo apt -y install docker-ce

# 以上是直接安装最新版本,推荐安装时指定版本
$ apt-cache madison docker-ce
$ sudo apt -y install docker-ce=<VERSION_STRING>

二进制安装:https://docs.docker.com/install/linux/docker-ce/binaries/
https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/

配置文件

docker-ce 配置文件:

1
/etc/docker/daemon.json

docker registry 配置文件:

1
2
3
4
# ubuntu,来自containerd.io软件包
/etc/containerd/config.toml
# centos
/etc/containers/registries.conf

docker 命令帮助

https://docs.docker.com/reference/

新版 docker 命令采用结构化格式,虽然老版命令依旧可以使用,但是还是推荐结构化的使用命令,更加规范有效的使用。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
$ docker help

Usage: docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Options:
--config string Location of client config files (default "/root/.docker")
-c, --context string Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set
with "docker context use")
-D, --debug Enable debug mode
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/root/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit

Management Commands:
app* Docker App (Docker Inc., v0.9.1-beta3)
builder Manage builds
buildx* Docker Buildx (Docker Inc., v0.9.1-docker)
config Manage Docker configs # 管理docker配置
container Manage containers # 管理容器
context Manage contexts
image Manage images # 管理镜像
manifest Manage Docker image manifests and manifest lists
network Manage networks # 管理网络
node Manage Swarm nodes # 管理Swarm节点
plugin Manage plugins # 管理插件
scan* Docker Scan (Docker Inc., v0.21.0)
secret Manage Docker secrets # 管理docker安全
service Manage services # 管理服务
stack Manage Docker stacks
swarm Manage Swarm # 管理Swarm集群
system Manage Docker # 管理docker系统
trust Manage trust on Docker images # 管理镜像信任
volume Manage volumes # 管理卷

Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

To get more help with docker, check out our guides at https://docs.docker.com/go/guides/

docker 相关信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
lujinkai@Z510:~$ sudo docker system info
Client:
Debug Mode: false #client 端是否开启 debug

Server:
Containers: 3 #当前主机运行的容器总数
Running: 0 #有几个容器是正在运行的
Paused: 0 #有几个容器是暂停的
Stopped: 3 #有几个容器是停止的
Images: 4 #当前服务器的镜像数
Server Version: 19.03.13 #服务端版本
Storage Driver: overlay2 #正在使用的存储引擎
Backing Filesystem: extfs #后端文件系统,即服务器的磁盘文件系统
Supports d_type: true #是否支持 d_type
Native Overlay Diff: true #是否支持差异数据存储
Logging Driver: json-file #日志类型
Cgroup Driver: cgroupfs #Cgroups 类型
Plugins: #插件
Volume: local #卷
Network: bridge host ipvlan macvlan null overlay # overlay 跨主机通信
#日志类型
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive #是否支持 swarm
Runtimes: runc #已安装的runtime
Default Runtime: runc #默认使用的容器runtime
Init Binary: docker-init #初始化容器的守护进程,即 pid 为 1 的进程
containerd version: 8fba4e9a7d01810a393d5d25a3621dc101981175 #版本
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd #runc 版本
init version: fec3683 #init 版本
Security Options: #安全选项
apparmor #安全模块,https://docs.docker.com/engine/security/apparmor/
seccomp #安全计算模块,即制容器操作,https://docs.docker.com/engine/security/seccomp/
Profile: default #默认的配置文件
Kernel Version: 5.4.0-53-generic #宿主机内核版本
Operating System: Ubuntu 20.04.1 LTS #宿主机操作系统
OSType: linux #宿主机操作系统类型
Architecture: x86_64 #宿主机架构
CPUs: 4 #宿主机 CPU 数量
Total Memory: 15.56GiB #宿主机总内存
Name: Z510 #宿主机 hostname
ID: 7FJX:7VKN:2YGG:VKRB:5KKA:DB7C:KNLC:UW2N:XH3E:EVEG:OSQJ:EEKV #宿主机 ID
Docker Root Dir: /var/lib/docker #宿主机关于docker数据的保存目录
Debug Mode: false #server 端是否开启 debug
Registry: https://index.docker.io/v1/ #仓库路径
Labels:
Experimental: false #是否测试版
Insecure Registries:
127.0.0.0/8 #非安全的镜像仓库
Registry Mirrors:
https://3417nt4m.mirror.aliyuncs.com/ #镜像仓库
Live Restore Enabled: false #是否开启活动重启 (重启docker-daemon 不关闭容器 )

WARNING: No swap limit support #系统警告信息 (没有开启 swap 资源限制 )

解决上述 SWAP 报警提示:

1
2
3
4
5
6
7
# vim /etc/default/grub
...
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 swapaccount=1" #修改此行
...

sudo update-grub
sudo reboot

docker0 网卡

在 docker 安装启动之后,默认会生成一个名称为 docker0 的网卡,默认 IP 地址为 172.17.0.1 的网卡

docker 存储引擎

docker 官方推荐首选存储引擎为 overlay2,需要磁盘分区支持 d-type 功能

docker 服务进程

docker 相关的四个进程:

  • dockerd:服务端程序,被 client 直接访问,父进程为宿主机的 systemd 守护进程
  • docker-proxy:每个进程 docker-proxy 实现对应一个需要网络通信的容器,管理宿主机和容器的之间端口映射,其父进程为 dockerd,如果容器不需要网络则无需启动
  • containerd:被 dockerd 进程调用以实现与 runc 交互
  • containerd-shim:真正运行容器的载体,每个容器对应一个 containerd-shim 进程,其父进程为 containerd

containerd-shim 命令

容器的创建与管理过程

  1. dockerd 通过 grpc 和 containerd 模块通信,由 libcontainerd 负责,通信的 socket:/run/containerd/containerd.sock
  2. containerd 在 dockerd 启动时被启动,然后 containerd 启动 grpc 请求监听,containerd 处理请求,根据请求作出相应动作
  3. run/start/exec 容器,containerd 拉起一个 container-shim,并进行相应的操作
  4. container-shim 被拉起后,start/exec/create 拉起 runc 进程,通过 exit、control 文件和 containerd 通信,通过父子进程关系和 sigchld 监控容器中进程状态
  5. 在整个容器生命周期中,container 通过 epoll 监控容器文件、事件

gRPC

gPRC 是谷歌开发的一款高性能、开源和通用的 RPC 框架,支持众多语言客户端

docker 服务管理

docker 服务基于 C/S 架构,可以实现基于本地和远程方式进行管理

范例:docker 服务添加标签

1
2
3
4
5
6
7
8
9
10
11
$ vim /lib/systemd/system/docker.service
# 修改如下行
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --label="name=docker1"
...


$ docker info
...
Labels:
name=docker1 #此处显示添加的标签
...