CentOS7构建docker-ce的过程详解
作者:歪果仨
使用CentOS 7.9系列的Linux操作系统,从CentOS系统基础配置开始,0到1快速构建docker应用,本文给大家分享CentOS7构建docker-ce的过程,感兴趣的朋友跟随小编一起看看吧
记录CentOS7构建docker-ce的过程
1. 使用CentOS 7.9
系列的Linux
操作系统
2. 从CentOS系统基础配置开始,0到1快速构建docker应用
CentOS 7.9基础配置
# 默认已初始化安装 CentOS 7.9 CPU: 4核 * 2 Memory: 16G Disk: 2块物理硬盘(sda,sdb) sda: 40GB(预装最小化Linux), sdb: 200GB Swap: 2GB docker应用的映射存储目录: /opt/mydocker # 后续完成如下配置 hostname: docker01.mysite.com ip: 10.0.0.210 gateway: 10.0.0.254 dns: 223.5.5.5 114.114.114.114 # swap改成12G, 关闭selinux, 开启firewalld
[root@localhost ~]# lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 8 # 8个逻辑处理器 On-line CPU(s) list: 0-7 Thread(s) per core: 1 Core(s) per socket: 4 # 每个插槽的CPU核心数 Socket(s): 2 # CPU插槽数量, 物理CPU数量 ... [root@localhost ~]# lsmem | grep Total Total online memory: 16G # 16G内存 Total offline memory: 0B [root@localhost ~]# lsscsi [0:0:0:0] disk VMware Virtual disk 2.0 /dev/sda [0:0:1:0] disk VMware Virtual disk 2.0 /dev/sdb [3:0:0:0] cd/dvd NECVMWar VMware SATA CD00 1.00 /dev/sr0 [root@localhost ~]# fdisk -l | grep -i 'disk /dev' Disk /dev/sdb: 214.7 GB, 214748364800 bytes, 419430400 sectors # sdb: 200GB Disk /dev/sda: 42.9 GB, 42949672960 bytes, 83886080 sectors # sda: 40GB Disk /dev/mapper/centos-root: 39.7 GB, 39720058880 bytes, 77578240 sectors Disk /dev/mapper/centos-swap: 2147 MB, 2147483648 bytes, 4194304 sectors
centos配置网络连接, sshd, hostname, yum包更新
### centos配置网络连接, sshd, yum包更新, ntp时间同步 vi /etc/sysconfig/network-scripts/ifcfg-ens192 BOOTPROTO=static ONBOOT=yes IPADDR=10.0.0.210 PREFIX=24 GATEWAY=10.0.0.254 DNS1=223.5.5.5 DNS2=114.114.114.114 # :x保存 systemctl restart network
vim /etc/ssh/sshd_config Port 22 PermitRootLogin yes PasswordAuthentication yes # :x保存 systemctl restart sshd
hostnamectl set-hostname docker01.mysite.com --static su # 切换root, 使hostname刷新 yum update -y # 可选更新所有包 # 安装一些基础常用的包 yum -y install vim tcpdump lsof zip unzip strace traceroute net-tools bind-utils bridge-utils whois wget ftp nc lrzsz sysstat telnet ntp yum -y install psmisc bc ntpdate dos2unix tree openldap-devel yum -y install epel-release # epel源 yum -y install jq # json格式化工具
# 配置HWCLOCK硬件层的ntp时间同步 [root@localhost ~]# vim /etc/sysconfig/ntpd # Command line options for ntpd OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid -g" SYNC_HWCLOCK=yes # :x保存 systemctl enable --now ntpd timedatectl set-timezone Asia/Shanghai [root@docker01 ~]# timedatectl Local time: Sat 2024-05-01 14:13:37 CST Universal time: Sat 2024-05-01 06:13:37 UTC RTC time: Sat 2024-05-01 06:13:38 Time zone: Asia/Shanghai (CST, +0800) # 东8区时区 NTP enabled: yes # ntp已启用 NTP synchronized: yes # ntp已同步 RTC in local TZ: no DST active: n/a
sdb硬盘配置lvm
以下操作均使用xshell的ssh连接centos
### sdb硬盘配置lvm ### lvdocker逻辑卷开机挂载到/opt/mydocker fdisk /dev/sdb # 对/dev/sdb进行磁盘操作 n # 添加新分区 p # 新建主分区 1 # 定义编号1 2048 # 定义扇区大小,默认2048 # 定义容量大小,默认100%FREE t # 更改分区的system id 8e # Linux LVM的system id w # 保存配置 partprobe # 重新识别磁盘 lsblk # 查看块设备信息 pvs # 查看已创建的物理卷信息列表 pvcreate /dev/sdb1 # 新建pv物理卷 vgcreate vgdocker /dev/sdb1 # 新建vg卷组, 用来存放lvm逻辑卷 vgs # 查看已创建的vg卷组 lvcreate -l 100%FREE -n lvdocker vgdocker # 创建lv逻辑卷 [root@docker01 ~]# lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert root centos -wi-ao---- 36.99g swap centos -wi-ao---- 2.00g lvdocker vgdocker -wi-a----- <200.00g [root@docker01 ~]# mkfs.ext4 /dev/mapper/vgdocker-lvdocker [root@docker01 ~]# blkid | grep docker /dev/mapper/vgdocker-lvdocker: UUID="2a2e3964-5b40-42e5-a813-9f3c12e17a13" TYPE="ext4" vim /etc/fstab # 在最后一行添加配置, 把lvdocker逻辑卷开机挂载到/opt/mydocker目录, 文件系统格式是ext4 # # /etc/fstab # Created by anaconda on Wed Jul 12 00:06:09 2023 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUID=e56d6e40-f244-4d46-b5fb-80365ad2cfc4 /boot xfs defaults 0 0 /dev/mapper/centos-swap swap swap defaults 0 0 UUID=2a2e3964-5b40-42e5-a813-9f3c12e17a13 /opt/mydocker ext4 defaults 0 0 # :x保存 mkdir -p /opt/mydocker # 新建/opt/mydocker目录 mount -a # 刷新所有挂载源 [root@docker01 ~]# mount | grep docker /dev/mapper/vgdocker-lvdocker on /opt/mydocker type ext4 (rw,relatime,seclabel,data=ordered)
部署docker之前, 优化centos的默认参数
### (可选)关闭selinux # setenforce 0 # sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config ### 优化centos基础配置, swap内存修改成 12G(centos虚拟机16G内存), swap内存使用权重60 swapoff -a dd if=/dev/zero of=/swap_12g bs=1024 count=12582912 chmod 600 /swap_12g mkswap /swap_12g swapon /swap_12g echo "vm.swappiness = 60" >> /etc/sysctl.conf sysctl -p [root@docker01 ~]# swapon NAME TYPE SIZE USED PRIO /swap_12g file 12G 0B -2 ### 禁用ipv6 sysctl -a 2>1 | grep disable_ipv6 # 跟下列参数不同则自定义该参数 cat <<EOF > /etc/sysctl.d/not-ipv6.conf net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 EOF ### 优化文件系统和网络性能 cat <<EOF > /etc/sysctl.d/fs.conf fs.file-max = 10000000 fs.inotify.max_user_instances = 8192 fs.inotify.max_user_watches = 524288 EOF cat <<EOF > /etc/sysctl.d/net.conf net.core.somaxconn = 1024 net.core.netdev_max_backlog = 5000 net.ipv4.tcp_max_syn_backlog = 1024 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 EOF sysctl -p /etc/sysctl.d/*.conf
docker底层原理
### docker底层原理 docker的生命周期有三部分组成:仓库(repository)+ 镜像(image)+ 容器(container) docker是利用Linux内核虚拟机化技术(LXC),提供轻量级的虚拟化,以便隔离进程和资源。LXC不是硬件的虚拟化,而是Linux内核的级别的虚拟机化,相对于传统的虚拟机,节省了很多硬件资源。 NameSpace LXC是利用内核namespace技术,进行进程隔离。其中pid, net, ipc, mnt, uts等namespace将 container 的进程, 网络, 消息, 文件系统和 hostname 隔离开。 Control Group LXC利用的宿主机共享的资源,虽然用namespace进行隔离,但是资源使用没有收到限制,这里就需要用到Control Group技术,对资源使用进行限制,设定优先级,资源控制等。 images: 镜像, 只读模板. 镜像的描述文件是Dockerfile Dockerfile: 镜像的描述文件 FROM 定义基础镜像 MAINTAINER 作者 RUN 运行Linux命令 ENV 环境变量 CMD 运行进程 ... container: 容器, 镜像的运行实例, 镜像 > 容器 获取镜像: docker pull nginx 从镜像仓库拉取 使用镜像创建容器, 分配文件系统, 挂载一个读写层(与宿主机实现数据交互),在读写层加载镜像 分配网络/网桥接口, 创建一个网络接口, 让容器和宿主机通信 容器获取IP地址 执行容器命令, 如/bin/bash 使用 -p 将docker容器端口映射到宿主机端口, 实现容器的端口通信 使用 -v 将docker容器目录映射到宿主机目录, 实现容器的文件系统关联 反馈容器启动结果 registry: 镜像仓库(也是一个容器) 官方镜像仓库地址: https://hub.docker.com/ 国内镜像仓库地址(阿里云镜像地址):https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装docker-ce社区版
### 安装docker依赖环境, 安装docker-ce社区版, 配置镜像加速 # step 1: 安装必要的一些系统工具 yum install -y yum-utils device-mapper-persistent-data lvm2 # Step 2: 添加软件源信息 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo sed -i 's/download.docker.com/mirrors.aliyun.com\/docker-ce/g' /etc/yum.repos.d/docker-ce.repo # Step 3: 更新并安装 Docker-CE yum makecache fast yum -y install docker-ce # 防火墙规则允许网络桥接、允许ipv4网络转发 cat <<EOF > /etc/sysctl.d/docker.conf net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 EOF modprobe br_netfilter # 先执行这行命令启动网桥过滤功能, 否则会报错/proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory sysctl -p /etc/sysctl.d/docker.conf # 配置镜像加速 阿里云镜像仓库、网易镜像仓库、中科大镜像仓库 mkdir -p /etc/docker vim /etc/docker/daemon.json { "registry-mirrors":[ "https://x9w5e7g4.mirror.aliyuncs.com", "https://hub-mirrors.c.163.com/", "https://Docker.mirrors.ustc.edu.cn/" ] } systemctl daemon-reload;systemctl enable --now docker [root@docker ~]# docker version # 查看docker版本, Docker Engine - Community 社区版 Client: Docker Engine - Community Version: 26.1.2 API version: 1.45 Go version: go1.21.10 Git commit: 211e74b Built: Wed May 8 14:01:02 2024 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 26.1.2 API version: 1.45 (minimum version 1.24) Go version: go1.21.10 Git commit: ef1912d Built: Wed May 8 13:59:55 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.31 GitCommit: e377cd56a71523140ca6ae87e30244719194a521 runc: Version: 1.1.12 GitCommit: v1.1.12-0-g51d5e94 docker-init: Version: 0.19.0 GitCommit: de40ad0
验证docker-ce是否正常运行
# 输出以下文本说明docker-ce正常运行且正常拉取镜像了 [root@docker01 ~]# docker run --rm hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 2db29710123e: Pull complete Digest: sha256:2498fce14358aa50ead0cc6c19990fc6ff866ce72aeb5546e1d59caac3d0d60f Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/
案例:部署nginx镜像
### 部署nginx镜像, nginx默认执行目录 /usr/share/nginx/html/ 映射到 /opt/mydocker/nginx/html/ 目录, 使用宿主机的8000端口访问nginx容器的80端口 ### 编写 /opt/mydocker/nginx/html/index.html 文件, docker 启动 nginx 容器, 验收代码项目 docker pull nginx docker run --name nginx8000 -p 8000:80 -v /opt/mydocker/nginx/html/:/usr/share/nginx/html/ -itd nginx # --name 自定义容器名称 # -p [宿主机端口]:[容器端口] 将容器的80端口映射到宿主机的8000端口 # -v [宿主机目录]:[容器目录] 将容器的/usr/share/nginx/html/目录映射到宿主机的/opt/mydocker/nginx/html/ 目录不存在的话会自动递归创建 # -d 在后台运行 # -it 交互式启动, 无前台进程的容器需要使用 -it 参数, 容器才会处于running状态, 例如 centos 镜像. # nginx容器自带前台进程, -it 参数可选可不选, 容器会保持running状态. # 添加index.html到nginx监听的站点 echo '<h1>welcome to my nginx server.</h1>' > /opt/mydocker/nginx/html/index.html # 修改firewall-cmd配置,放通8000端口的访问 [root@docker01 ~]# firewall-cmd --remove-service=dhcpv6-client --per [root@docker01 ~]# firewall-cmd --add-port=8000/tcp --per [root@docker01 ~]# firewall-cmd --reload [root@docker01 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: ssh # 仅保留sshd服务,取消dhcpv6-client服务 ports: 8000/tcp # 放通tcp的8000端口 protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
检查&验证
# 本地验证 [root@docker01 ~]# curl localhost:8000 <h1>welcome to my nginx server.</h1> [root@docker01 ~]# netstat -tnlp | grep 8000 tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 10681/docker-proxy
# 网络验证 PS C:\> curl http://10.0.0.210:8000 | ForEach-Object Content <h1>welcome to my nginx server.</h1>
参考来源
- Linux 网络调优:内核网络栈参数篇
- Linux内核 TCP/IP、Socket参数调优
- Install Docker Engine on CentOS
- Linux CentOS 7.9 如何安装Docker
- Docker 命令大全
到此这篇关于记录CentOS7构建docker-ce的过程的文章就介绍到这了,更多相关CentOS7构建docker-ce内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!