根據https://www.cnblogs.com/zyxnhr/p/11825331.html這個文章,已經可以正常安裝一個docker服務
查看Docker狀態
[root@docker-server3 ~]# systemctl status docker
● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2019-11-09 11:29:15 EST; 5h 4min ago Docs: https://docs.docker.com Main PID: 73627 (dockerd) Tasks: 13 Memory: 45.7M CGroup: /system.slice/docker.service └─73627 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
在執行yum -y install docker-ce的動作的時候,已經安裝好了docker的客戶端和服務端
[root@docker-server3 ~]# docker version
Client: Docker Engine - Community #客戶端引擎社區版 Version: 19.03.4 #版本 API version: 1.40 Go version: go1.12.10 Git commit: 9013bf583a Built: Fri Oct 18 15:52:22 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community #服務端引擎 Engine: Version: 19.03.4 API version: 1.40 (minimum version 1.12) Go version: go1.12.10 Git commit: 9013bf583a Built: Fri Oct 18 15:50:54 2019 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.2.10 GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339 runc: Version: 1.0.0-rc8+dev GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 docker-init: Version: 0.18.0 GitCommit: fec3683
docker是一個C/S架構,在執行docker的指令的時候,會默認連接到自己本機的docker -deamon進程
停止掉docker進程
[root@docker-server3 ~]# ps -ef|grep docker
root 73627 1 0 11:29 ? 00:00:13 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock root 73992 73963 0 16:25 pts/1 00:00:00 vi /lib/systemd/system/docker.service
[root@docker-server3 ~]# systemctl stop docker
[root@docker-server3 ~]# systemctl status docker
● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: https://docs.docker.com
[root@docker-server3 ~]# docker version
Client: Docker Engine - Community Version: 19.03.4 API version: 1.40 Go version: go1.12.10 Git commit: 9013bf583a Built: Fri Oct 18 15:52:22 2019 OS/Arch: linux/amd64 Experimental: false Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? #顯示無法連接Docker daemon,連接的方式是基於文件套接字連接
客戶端使用套接字連接,不需要監聽任何端口,只需要讀取/var/run/docker.sock這個文件
[root@docker-server3 ~]# ll /var/run/docker.sock
srw-rw---- 1 root docker 0 Nov 9 17:01 /var/run/docker.sock
默認是監聽本地的套接字文件,也可以使用網絡套接字,需要修改啓動文件
[root@docker-server3 ~]# vi /lib/systemd/system/docker.service
[Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock #fd:// 表示監聽的本地套接字 ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always
配置成成監聽網絡接口
[Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// -H 0.0.0.0:2375 --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always
[root@docker-server3 ~]# systemctl daemon-reload
[root@docker-server3 ~]# systemctl restart docker
[root@docker-server3 ~]# netstat -ntlp
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1415/master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 29852/sshd tcp6 0 0 ::1:25 :::* LISTEN 1415/master tcp6 0 0 :::2375 :::* LISTEN 74333/dockerd #docker的網絡套接字就配置完成 tcp6 0 0 :::22 :::* LISTEN 29852/sshd
docker的網絡套接字就配置完成,客戶端就可以連接2375端口,連接docker-daemon,服務端就是開啓端口,等着客戶端進行訪問
[root@docker-server3 ~]# docker -H 192.168.132.133 version或者
[root@docker-server3 ~]# docker -H 192.168.132.133:2375 version
Client: Docker Engine - Community Version: 19.03.4 API version: 1.40 Go version: go1.12.10 Git commit: 9013bf583a Built: Fri Oct 18 15:52:22 2019 OS/Arch: linux/amd64 Experimental: false Server: Docker Engine - Community Engine: Version: 19.03.4 API version: 1.40 (minimum version 1.12) Go version: go1.12.10 Git commit: 9013bf583a Built: Fri Oct 18 15:50:54 2019 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.2.10 GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339 runc: Version: 1.0.0-rc8+dev GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 docker-init: Version: 0.18.0 GitCommit: fec3683
docker在開啓網絡套接字,默認是沒有任何驗證的,需要安全配置,否則會很危險,生產中也不會使用網絡套接字來管理所有的docker客戶端,默認使用本地的文件套接字管理自己的docker服務端,如果需要管理所有的docker,可以藉助K8S平臺進行管理
博主聲明:本文的內容來源主要來自譽天教育晏威老師,由本人實驗完成操作驗證,需要的博友請聯繫譽天教育(http://www.yutianedu.com/),獲得官方同意或者晏老師(https://www.cnblogs.com/breezey/)本人同意即可轉載,謝謝!