pre-install

  • 默认kernel会缺省少以下模块:
 *   CONFIG_CGROUP_DEVICE:       is not set when it should be.
 *   CONFIG_MACVLAN:     is not set when it should be.
 *   CONFIG_VETH:        is not set when it should be.
 *   CONFIG_BRIDGE:      is not set when it should be.
 *   CONFIG_BRIDGE_NETFILTER:    is not set when it should be.
 *   CONFIG_MEMCG_SWAP: is required if you wish to limit swap usage of containers
 *   CONFIG_MEMCG_SWAP_ENABLED:  is not set when it should be.
 *   CONFIG_BLK_CGROUP:  is not set when it should be.
 *   CONFIG_CGROUP_PERF: is optional for container statistics gathering
 *   CONFIG_CFS_BANDWIDTH: is optional for container statistics gathering
 *   CONFIG_DM_THIN_PROVISIONING:        is not set when it should be.
 * Please check to make sure these options are set correctly.
 * Failure to do so may cause unexpected problems.

在gentoo wiki中还需要添加Device mapper debugging support

CONFIG_DM_DEBUG=y

post-install

 * To use Docker, the Docker daemon must be running as root. To automatically
 * start the Docker daemon at boot, add Docker to the default runlevel:
 *   rc-update add docker default
 * Similarly for systemd:
 *   systemctl enable docker.service
 * 
 * To use Docker as a non-root user, add yourself to the 'docker' group:
 *   usermod -aG docker youruser

problems

$ sudo systemctl start docker

$ docker run hello-world 
Error response from daemon: Cannot start container 32778af422673a6f371396cef23f6f5c705caef98cea5bf35bb2a91268f430b8: [8] System error: open /sys/fs/cgroup/cpu,cpuacct/init.scope/system.slice/docker-32778af422673a6f371396cef23f6f5c705caef98cea5bf35bb2a91268f430b8.scope/cpu.shares: no such file or directory

resolve

echo "app-emulation/docker ~amd64" >> /etc/portage/package.accept_keywords

docker command

remove containner

docker ps rm -f `docker ps -a -q`

interface

  • docker的CONTAINER是通过bridge和host交换数据,需要启动 IP Forwarding 
sysctl -w net.ipv4.ip_forward=1
  • 查看docker的container接口
kk@docker:~$ docker ps
CONTAINER ID        IMAGE                                    COMMAND                  CREATED             STATUS              PORTS                                                              NAMES
d68c05903388        monitoringartist/zabbix-3.0-xxl:latest   "/config/bootstrap.sh"   28 minutes ago      Up 28 minutes       0.0.0.0:80->80/tcp, 10052/tcp, 0.0.0.0:10051->10051/tcp, 162/udp   zabbix
65a787c692d2        monitoringartist/zabbix-db-mariadb       "/run.sh"                28 minutes ago      Up 28 minutes       3306/tcp                                                           zabbix-db

kk@docker:~$ brctl show
bridge name bridge id       STP enabled interfaces
docker0     8000.0242bfc6d6ad   no      veth34bf428
                                        vethbf3fe94
  • showmacs可以获取这个bridge的所有mac地址,host和container的mac不对应。
  • 对于host而言,is local 为no的就应该是container的地址
kk@docker:~$  brctl showmacs docker0 
port no mac addr                is local?       ageing timer
  1     02:42:ac:11:00:02       no                 0.56
  2     02:42:ac:11:00:03       no                 0.52
  2     b2:e8:8d:e9:fc:33       yes                0.00
  2     b2:e8:8d:e9:fc:33       yes                0.00
  1     ca:88:62:ce:07:05       yes                0.00
  1     ca:88:62:ce:07:05       yes                0.00
  • host的地址
kk@docker:~$ ip a 
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:bf:c6:d6:ad brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:bfff:fec6:d6ad/64 scope link 
       valid_lft forever preferred_lft forever

15: vethbf3fe94: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether ca:88:62:ce:07:05 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::c888:62ff:fece:705/64 scope link 
       valid_lft forever preferred_lft forever
17: veth34bf428: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether b2:e8:8d:e9:fc:33 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b0e8:8dff:fee9:fc33/64 scope link 
       valid_lft forever preferred_lft forever

container 1 的信息

kk@docker:~$ docker exec d68c05903388 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
16: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.3/16 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:acff:fe11:3/64 scope link 
       valid_lft forever preferred_lft forever

container 1 的信息

kk@docker:~$ docker exec 65a787c692d2 ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 0.0.0.0
        inet6 fe80::42:acff:fe11:2  prefixlen 64  scopeid 0x20<link>
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 48832  bytes 9524517 (9.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 31954  bytes 11141275 (10.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 148  bytes 12504 (12.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 148  bytes 12504 (12.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

error: The name “zabbix-db-storage” is already in use by container 1497afc43f4a.

To clear containers:
docker rm -f $(docker ps -a -q)

To clear images:
docker rmi -f $(docker images -a -q)

To clear volumes:
docker volume rm $(docker volume ls -q)

config default bridge (docker0) network

add /etc/docker/daemon.json as follows:

{
      "bip": "172.26.0.1/16"
}

###backup/restore docker image for deployment

backup

docker save myusername/myproject:latest | gzip -c > myproject_img_bak20141103.tgz

restore

gunzip -c myproject_img_bak20141103.tgz | docker load

centos7 user running docker

  • dockerroot group
sudo usermod -aG dockerroot `whoami`
  • create or change /etc/docker/daemon.json
{
        "live-restore": true,
        "group": "dockerroot"
}


+ restart docker and the **/var/run/docker.sock** should belong to **root:dockerroot**

sudo systemctl restart docker ls -lh /var/run/docker.sock


+ re-login user

---

出错提示:

docker: Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused “process_linux.go:275: applying cgroup configuration for process caused “open /sys/fs/cgroup/cpuset/docker/cpuset.cpus: no such file or directory””: unknown.


由于 cgroup v1版本, 所以需要systemd指定cgroup的版本

添加到 /etc/default/grub

cat » /etc/default/grub « EOF GRUB_CMDLINE_LINUX=”systemd.unified_cgroup_hierarchy=0” EOF mount -o remount,rw /boot grub-mkconfig -o /boot/grub/grub.cfg


验证 :

sudo /usr/share/docker/contrib/check-config.sh


---

### [docker pull](https://blog.csdn.net/qq_43519779/article/details/122443563)


大部分命令都可以使用 proxychains4 访问国外资源,但 docker 下载镜像的时候不行。于是就有了这篇文章。

mkdir -p /etc/systemd/system/docker.service.d cat > /etc/systemd/system/docker.service.d/https-proxy.conf « EOF [Service] Environment=”HTTPS_PROXY=socks5://127.0.0.1:1080” EOF