{"id":338,"date":"2023-11-26T20:46:01","date_gmt":"2023-11-26T12:46:01","guid":{"rendered":"http:\/\/8.141.4.74\/?p=338"},"modified":"2024-03-28T13:43:52","modified_gmt":"2024-03-28T05:43:52","slug":"%e4%ba%8c%e8%bf%9b%e5%88%b6%e5%ae%89%e8%a3%85docker","status":"publish","type":"post","link":"http:\/\/8.141.4.74\/?p=338","title":{"rendered":"\u4e8c\u8fdb\u5236\u5b89\u88c5docker"},"content":{"rendered":"

\u4e8c\u8fdb\u5236\u5b89\u88c5docker<\/h1>\n

1.\u4e8c\u8fdb\u5236\u5b89\u88c5<\/h2>\n
[root@centos7 opt]#pwd\n\/opt\n[root@centos7 opt]#tar xvf docker-20.10.7.tgz\n[root@centos7 opt]#cp docker\/* \/usr\/bin\/<\/code><\/pre>\n
2.containerd.service<\/strong>:<\/h2>\n
[root@centos7 docker]#cat \/lib\/systemd\/system\/containerd.service\n[Unit]\nDescription=containerd container runtime\nDocumentation=https:\/\/containerd.io\nAfter=network.target local-fs.target\n\n[Service]\nExecStartPre=-\/sbin\/modprobe overlay\nExecStart=\/usr\/bin\/containerd\n\nType=notify\nDelegate=yes\nKillMode=process\nRestart=always\nRestartSec=5\n# Having non-zero Limit*s causes performance problems due to accounting overhead\n# in the kernel. We recommend using cgroups to do container-local accounting.\nLimitNPROC=infinity\nLimitCORE=infinity\nLimitNOFILE=infinity\n# Comment TasksMax if your systemd version does not supports it.\n# Only systemd 226 and above support this version.\nTasksMax=infinity\nOOMScoreAdjust=-999\n\n[Install]\nWantedBy=multi-user.target\n\n[root@centos7 docker]#systemctl enable containerd &systemctl start containerd &systemctl status containerd\n[1] 18266\n[2] 18267\n\u25cf centos7.9.huizhi.com\n    State: running\n     Jobs: 0 queued\n   Failed: 0 units\n    Since: \u4e00 2022-08-29 16:57:10 CST; 16h ago\n   CGroup: \/\n           \u251c\u25001 \/usr\/lib\/systemd\/systemd --switched-root --system --deserialize 22\n           \u251c\u2500user.slice\n           \u2502 \u2514\u2500user-0.slice\n           \u2502   \u251c\u2500session-24.scope\n           \u2502   \u2502 \u251c\u250017295 sshd: root@pts\/0    \n           \u2502   \u2502 \u251c\u250017300 -bash\n           \u2502   \u2502 \u251c\u250018266 systemctl enable containerd\n           \u2502   \u2502 \u251c\u250018267 systemctl start containerd\n           \u2502   \u2502 \u251c\u250018268 systemctl status\n           \u2502   \u2502 \u251c\u250018269 \/usr\/bin\/systemd-tty-ask-password-agent --watch\n           \u2502   \u2502 \u251c\u250018270 \/usr\/bin\/pkttyagent --notify-fd 5 --fallback\n           \u2502   \u2502 \u251c\u250018271 less\n           \u2502   \u2502 \u2514\u250018272 \/usr\/bin\/pkttyagent --notify-fd 5 --fallback\n           \u2502   \u2514\u2500session-1.scope\n           \u2502     \u251c\u2500 669 login -- root     \n           \u2502     \u2514\u25001223 -bash\n           \u2514\u2500system.slice\n             \u251c\u2500autodeploy.service\n             \u2502 \u2514\u2500938 \/usr\/java\/jdk1.8.0_25\/bin\/java -jar -Dserver.port=7788 -Dspring.config.location=\/usr\/aav\/application.yml \/usr\/aav\/AAV.jar\n             \u251c\u2500rsyslog.service\n             \u2502 \u2514\u2500925 \/usr\/sbin\/rsyslogd -n\n             \u251c\u2500nginx.service\n             \u2502 \u251c\u2500968 nginx: master process \/usr\/local\/nginx\/sbin\/ngin\n             \u2502 \u2514\u2500969 nginx: worker process      \n             \u251c\u2500tuned.service\n             \u2502 \u2514\u2500923 \/usr\/bin\/python2 -Es \/usr\/sbin\/tuned -l -P\n             \u251c\u2500sshd.service\n             \u2502 \u2514\u2500922 \/usr\/sbin\/sshd -D\n             \u251c\u2500mysqld.service\n             \u2502 \u2514\u25001157 \/usr\/sbin\/mysqld --daemonize --pid-file=\/var\/run\/mysqld\/mysqld.pid\n             \u251c\u2500redis.service\n             \u2502 \u2514\u2500970 \/usr\/redis6\/bin\/redis-server 127.0.0.1:6379            \n             \u251c\u2500crond.service\nlines 1-39Created symlink from \/etc\/systemd\/system\/multi-user.target.wants\/containerd.service to \/usr\/lib\/systemd\/system\/containerd.service.\n             \u2502 \u2514\u2500662 \/usr\/sbin\/crond -n\n             \u251c\u2500systemd-logind.service\n             \u2502 \u2514\u2500660 \/usr\/lib\/systemd\/systemd-logind\n             \u251c\u2500NetworkManager.service\n             \u2502 \u2514\u2500659 \/usr\/sbin\/NetworkManager --no-daemon\n[1]-  \u5b8c\u6210                  systemctl enable containerd\n[2]+  \u5b8c\u6210                  systemctl start containerd\n[root@centos7 docker]#<\/code><\/pre>\n
3.docker.service:<\/strong><\/h2>\n
[root@centos7 docker]#groupadd docker\n[root@centos7 docker]#cat \/lib\/systemd\/system\/docker.service\n[Unit]\nDescription=Docker Application Container Engine\nDocumentation=https:\/\/docs.docker.com\nAfter=network-online.target docker.socket firewalld.service containerd.service\nWants=network-online.target\nRequires=docker.socket containerd.service\n\n[Service]\nType=notify\n# the default is not to use systemd for cgroups because the delegate issues still\n# exists and systemd currently does not support the cgroup feature set required\n# for containers run by docker\nExecStart=\/usr\/bin\/dockerd -H fd:\/\/ --containerd=\/run\/containerd\/containerd.sock\nExecReload=\/bin\/kill -s HUP $MAINPID\nTimeoutSec=0\nRestartSec=2\nRestart=always\n\n# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.\n# Both the old, and new location are accepted by systemd 229 and up, so using the old location\n# to make them work for either version of systemd.\nStartLimitBurst=3\n\n# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.\n# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make\n# this option work for either version of systemd.\nStartLimitInterval=60s\n\n# Having non-zero Limit*s causes performance problems due to accounting overhead\n# in the kernel. We recommend using cgroups to do container-local accounting.\nLimitNOFILE=infinity\nLimitNPROC=infinity\nLimitCORE=infinity\n\n# Comment TasksMax if your systemd version does not support it.\n# Only systemd 226 and above support this option.\nTasksMax=infinity\n\n# set delegate yes so that systemd does not reset the cgroups of docker containers\nDelegate=yes\n\n# kill only the docker process, not all processes in the cgroup\nKillMode=process\nOOMScoreAdjust=-500\n\n[Install]\nWantedBy=multi-user.target\n\n[root@centos7 docker]#systemctl enable docker.service &systemctl start docker.service &systemctl status docker.service\n<\/code><\/pre>\n
4.docker.socket<\/strong><\/h2>\n
[root@centos7 docker]#vim \/lib\/systemd\/system\/docker.socket\n[Unit]\nDescription=Docker Socket for the API\n\n[Socket]\nListenStream=\/var\/run\/docker.sock\nSocketMode=0660\nSocketUser=root\nSocketGroup=docker\n\n[Install]\nWantedBy=sockets.target\n\n[root@centos7 docker]#systemctl enable docker.socket &systemctl start docker.socket &systemctl status docker.socket\n\n[root@centos7 docker]#vim \/var\/log\/messages\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.525401860+08:00" level=info msg="loading plugin \\"io.containerd.grpc.v1.snapshots\\"..." type=io.containerd.grpc.v1\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.525497356+08:00" level=info msg="loading plugin \\"io.containerd.grpc.v1.tasks\\"..." type=io.containerd.grpc.v1\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.525537758+08:00" level=info msg="loading plugin \\"io.containerd.grpc.v1.version\\"..." type=io.containerd.grpc.v1\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.525568774+08:00" level=info msg="loading plugin \\"io.containerd.grpc.v1.cri\\"..." type=io.containerd.grpc.v1\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.525850175+08:00" level=info msg="Start cri plugin with config {PluginConfig:{ContainerdConfig:{Snapshotter:overlayfs DefaultRuntimeName:runc DefaultRuntime:{Type: Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:<nil> PrivilegedWithoutHostDevices:false BaseRuntimeSpec:} UntrustedWorkloadRuntime:{Type: Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:<nil> PrivilegedWithoutHostDevices:false BaseRuntimeSpec:} Runtimes:map[runc:{Type:io.containerd.runc.v2 Engine: PodAnnotations:[] ContainerAnnotations:[] Root: Options:0xc000378e70 PrivilegedWithoutHostDevices:false BaseRuntimeSpec:}] NoPivot:false DisableSnapshotAnnotations:true DiscardUnpackedLayers:false} CniConfig:{NetworkPluginBinDir:\/opt\/cni\/bin NetworkPluginConfDir:\/etc\/cni\/net.d NetworkPluginMaxConfNum:1 NetworkPluginConfTemplate:} Registry:{Mirrors:map[docker.io:{Endpoints:[https:\/\/registry-1.docker.io]}] Configs:map[] Auths:map[] Headers:map[]} ImageDecryption:{KeyModel:} DisableTCPService:true StreamServerAddress:127.0.0.1 StreamServerPort:0 StreamIdleTimeout:4h0m0s EnableSelinux:false SelinuxCategoryRange:1024 SandboxImage:k8s.gcr.io\/pause:3.2 StatsCollectPeriod:10 SystemdCgroup:false EnableTLSStreaming:false X509KeyPairStreaming:{TLSCertFile: TLSKeyFile:} MaxContainerLogLineSize:16384 DisableCgroup:false DisableApparmor:false RestrictOOMScoreAdj:false MaxConcurrentDownloads:3 DisableProcMount:false UnsetSeccompProfile: TolerateMissingHugetlbController:true DisableHugetlbController:true IgnoreImageDefinedVolumes:false} ContainerdRootDir:\/var\/lib\/containerd ContainerdEndpoint:\/run\/containerd\/containerd.sock RootDir:\/var\/lib\/containerd\/io.containerd.grpc.v1.cri StateDir:\/run\/containerd\/io.containerd.grpc.v1.cri}"\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.526006295+08:00" level=info msg="Connect containerd service"\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.526207907+08:00" level=info msg="Get image filesystem path \\"\/var\/lib\/containerd\/io.containerd.snapshotter.v1.overlayfs\\""\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.557832065+08:00" level=error msg="failed to load cni during init, please check CRI plugin status before setting up network for pods" error="cni config load failed: no network config found in \/etc\/cni\/net.d: cni plugin not initialized: failed to load cni config"\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.557924382+08:00" level=info msg="loading plugin \\"io.containerd.grpc.v1.introspection\\"..." type=io.containerd.grpc.v1\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558395545+08:00" level=info msg="Start subscribing containerd event"\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558497432+08:00" level=info msg="Start recovering state"\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558604679+08:00" level=info msg="Start event monitor"\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558620822+08:00" level=info msg="Start snapshots syncer"\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558630591+08:00" level=info msg="Start cni network conf syncer"\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.558636935+08:00" level=info msg="Start streaming server"\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.559598224+08:00" level=info msg=serving... address=\/run\/containerd\/containerd.sock.ttrpc\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.559732301+08:00" level=info msg=serving... address=\/run\/containerd\/containerd.sock\nAug 30 09:46:53 centos7 containerd: time="2022-08-30T09:46:53.560614623+08:00" level=info msg="containerd successfully booted in 0.149650s"\nAug 30 09:46:53 centos7 systemd: Started containerd container runtime.\nAug 30 09:59:10 centos7 systemd: Reloading.\nAug 30 10:01:01 centos7 systemd: Started Session 25 of user root.\nAug 30 10:01:59 centos7 systemd: Reloading.\nAug 30 10:08:30 centos7 systemd: Reloading.\nAug 30 10:08:31 centos7 systemd: Starting Docker Socket for the API.\nAug 30 10:08:31 centos7 systemd: Listening on Docker Socket for the API.\nAug 30 10:08:42 centos7 systemd: Closed Docker Socket for the API.\nAug 30 10:08:42 centos7 systemd: Stopping Docker Socket for the API.\nAug 30 10:08:42 centos7 systemd: Starting Docker Socket for the API.\nAug 30 10:08:42 centos7 systemd: Listening on Docker Socket for the API.\n<\/code><\/pre>\n
5.\u6d4b\u8bd5<\/strong><\/h2>\n
[root@centos7 opt]#docker info\nClient:\n Context:    default\n Debug Mode: false\n\nServer:\n Containers: 0\n  Running: 0\n  Paused: 0\n  Stopped: 0\n Images: 0\n Server Version: 20.10.7\n Storage Driver: overlay2\n  Backing Filesystem: extfs\n  Supports d_type: true\n  Native Overlay Diff: true\n  userxattr: false\n Logging Driver: json-file\n Cgroup Driver: cgroupfs\n Cgroup Version: 1\n Plugins:\n  Volume: local\n  Network: bridge host ipvlan macvlan null overlay\n  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog\n Swarm: inactive\n Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc\n Default Runtime: runc\n Init Binary: docker-init\n containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d\n runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7\n init version: de40ad0\n Security Options:\n  seccomp\n   Profile: default\n Kernel Version: 3.10.0-1160.el7.x86_64\n Operating System: CentOS Linux 7 (Core)\n OSType: linux\n Architecture: x86_64\n CPUs: 2\n Total Memory: 1.952GiB\n Name: centos7.9.huizhi.com\n ID: 7IT7:OOLW:FGPK:6CWP:EIVM:TZRM:WHVW:ILGJ:FTVW:NQRE:WOUD:GPUN\n Docker Root Dir: \/var\/lib\/docker\n Debug Mode: false\n Registry: https:\/\/index.docker.io\/v1\/\n Labels:\n Experimental: false\n Insecure Registries:\n  127.0.0.0\/8\n Live Restore Enabled: false\n Product License: Community Engine\n\nWARNING: bridge-nf-call-iptables is disabled\nWARNING: bridge-nf-call-ip6tables is disabled\n<\/code><\/pre>\n
\u6267\u884cdocker info\u51fa\u73b0\u5982\u4e0b\u8b66\u544a\n\nWARNING: bridge-nf-call-iptables is disabled\nWARNING: bridge-nf-call-ip6tables is disabled\n\n\u89e3\u51b3\u529e\u6cd5\uff1a\n[root@centos7 opt]#vi \/etc\/sysctl.conf\n\u6dfb\u52a0\u4ee5\u4e0b\u5185\u5bb9\n\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.bridge.bridge-nf-call-iptables = 1\n\n\u6700\u540e\u518d\u6267\u884c\uff08root\uff09\n\n[root@centos7 opt]#sysctl -p\n\n[root@centos7 opt]#docker info\n[root@centos7 opt]#docker info\nClient:\n Context:    default\n Debug Mode: false\n\nServer:\n Containers: 0\n  Running: 0\n  Paused: 0\n  Stopped: 0\n Images: 0\n Server Version: 20.10.7\n Storage Driver: overlay2\n  Backing Filesystem: extfs\n  Supports d_type: true\n  Native Overlay Diff: true\n  userxattr: false\n Logging Driver: json-file\n Cgroup Driver: cgroupfs\n Cgroup Version: 1\n Plugins:\n  Volume: local\n  Network: bridge host ipvlan macvlan null overlay\n  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog\n Swarm: inactive\n Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc\n Default Runtime: runc\n Init Binary: docker-init\n containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d\n runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7\n init version: de40ad0\n Security Options:\n  seccomp\n   Profile: default\n Kernel Version: 3.10.0-1160.el7.x86_64\n Operating System: CentOS Linux 7 (Core)\n OSType: linux\n Architecture: x86_64\n CPUs: 2\n Total Memory: 1.952GiB\n Name: centos7.9.huizhi.com\n ID: 7IT7:OOLW:FGPK:6CWP:EIVM:TZRM:WHVW:ILGJ:FTVW:NQRE:WOUD:GPUN\n Docker Root Dir: \/var\/lib\/docker\n Debug Mode: false\n Registry: https:\/\/index.docker.io\/v1\/\n Labels:\n Experimental: false\n Insecure Registries:\n  127.0.0.0\/8\n Live Restore Enabled: false\n Product License: Community Engine\n\n[root@centos7 opt]#docker version\nClient:\n Version:           20.10.7\n API version:       1.41\n Go version:        go1.13.15\n Git commit:        f0df350\n Built:             Wed Jun  2 11:51:04 2021\n OS\/Arch:           linux\/amd64\n Context:           default\n Experimental:      true\n\nServer: Docker Engine - Community\n Engine:\n  Version:          20.10.7\n  API version:      1.41 (minimum version 1.12)\n  Go version:       go1.13.15\n  Git commit:       b0f5bc3\n  Built:            Wed Jun  2 11:55:29 2021\n  OS\/Arch:          linux\/amd64\n  Experimental:     false\n containerd:\n  Version:          v1.4.6\n  GitCommit:        d71fcd7d8303cbf684402823e425e9dd2e99285d\n runc:\n  Version:          1.0.0-rc95\n  GitCommit:        b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7\n docker-init:\n  Version:          0.19.0\n  GitCommit:        de40ad0\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
\u4e8c\u8fdb\u5236\u5b89\u88c5docker 1.\u4e8c\u8fdb\u5236\u5b89\u88c5 [root@centos7 opt]#pwd \/opt [r […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28],"tags":[29],"views":291,"_links":{"self":[{"href":"http:\/\/8.141.4.74\/index.php?rest_route=\/wp\/v2\/posts\/338"}],"collection":[{"href":"http:\/\/8.141.4.74\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/8.141.4.74\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/8.141.4.74\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/8.141.4.74\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=338"}],"version-history":[{"count":1,"href":"http:\/\/8.141.4.74\/index.php?rest_route=\/wp\/v2\/posts\/338\/revisions"}],"predecessor-version":[{"id":339,"href":"http:\/\/8.141.4.74\/index.php?rest_route=\/wp\/v2\/posts\/338\/revisions\/339"}],"wp:attachment":[{"href":"http:\/\/8.141.4.74\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/8.141.4.74\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=338"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/8.141.4.74\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}