dockerd啓動配置
docker通訊方式選擇
- docker默認以sock文件方式提供接口,要開放tcp接口遠程調用,須要修改配置文件:
- The Docker daemon can listen for Docker Engine API requests via three different types of Socket: unix, tcp, and fd.參考:https://docs.docker.com/engine/reference/commandline/dockerd/
- You can configure the Docker daemon to listen to multiple sockets at the same time using multiple -H options:
# listen using the default unix socket, and on 2 specific IP addresses on this host.
$ sudo dockerd -H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2
配置文件daemon.json
$ dockerd -D --tls=true --tlscert=/var/docker/server.pem --tlskey=/var/docker/serverkey.pem -H tcp://192.168.59.3:2376
$ sudo nohup docker -d --log-level warn -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock > docker.log &
{
"debug": true,
"tls": true,
"tlscert": "/var/docker/server.pem",
"tlskey": "/var/docker/serverkey.pem",
"hosts": ["unix:///var/run/docker.sock","tcp://0.0.0.0:2375"]
}
--config string Location of client config files (default "/home/james/.docker")
docker --config
docker啓動方式
- 經過命令行啓動docker,可能須要sudo:you can start Docker manually using the dockerd command. You may need to use sudo, depending on your operating system configuration.
- 可能會有權限不足的問題,以下
$ docker ps
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
E0307 06:52:52.025652 53165 container_manager.go:492] list containers[[running]] error: Get http://unix.sock/containers/json?filters=%7B%22status%22%3A%5B%22running%22%5D%7D: dial unix /var/run/docker.sock: connect: permission denied.
- 查看發現/var/run/docker.sock應該是屬於docker用戶組的,若是是root:root就會有錯:
$ ll /var/run/docker.sock
srw-rw----. 1 root docker 0 Mar 6 17:22 /var/run/docker.sock
sudo gpasswd -a ${USER} docker
$ dockerd -h | grep sock
--containerd Path to containerd socket
-G, --group=docker Group for the unix socket
-H, --host=[] Daemon socket(s) to connect to
$ dockerd -G dockerroot --raw-logs
docker啓動問題
- 在系統上yum安裝了docker,手動啓動了dockerd守護進程,可是發現運行時刻不能啓動容器。有以下錯誤:msg="Create container failed with error: shim error: docker-runc not installed on system"
- 嘗試連接docker-runc-current文件,可是沒有解決問題。該方法參考:重裝docker後自己的容器啓動失敗
- 在stackoverflow上看的以下問題:docker-runc not installed on system ,其中提到dockerd的systemd啓動文件The service file located at /usr/lib/systemd/system/docker.service ,這應該是yum安裝的時候自動安裝的啓動文件。
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
- 使用systemctl來啓動docker,這應該是推薦的啓動方式:$ sudo systemctl start docker.service
- 啓動後,能夠啓動容器。可是自定義部分沒有使用daemon.json的配置。
- 故參考《docker日誌設置》裏一篇對damon.json的解析,在daemon.json裏添加以下配置,再手動啓動,便可解決問題。
$ cat /etc/docker/daemon.json
{
"log-level":"warn",
"hosts": ["unix:///var/run/docker.sock","tcp://0.0.0.0:2375"],
"runtimes": {
"docker-runc": {
"path": "/usr/libexec/docker/docker-runc-current"
}
},
"add-runtime": "docker-runc=/usr/libexec/docker/docker-runc-current",
"default-runtime": "docker-runc"
}
docker -d --log-level warn -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
docker啓動選項
- 選擇啓動使用的根目錄,默認是/var/lib/docker:
--data-root string Root directory of persistent Docker state (default "/var/lib/docker")
--pidfile string Path to use for daemon PID file (default "/var/run/docker.pid")
-H, --host list Daemon socket(s) to connect to (default [])
./dockerd --config-file daemon.json --raw-logs --log-level warn --data-root ./data/ --pidfile ./docker.pid -H tcp://0.0.0.0:2376 -H unix:///home/bin/docker/docker-17.12.1/docker/docker.sock
docker升級
- docker升級操做,先安裝新版docker
- 遷移鏡像
- 中止老版docker,刪除數據,容器和鏡像
- 啓動新版docker
- 容器原則上不存數據,故容器不須要遷移。僅須要遷移鏡像。這裏咱們的鏡像很少,一個個倒出倒入把。
- 運行發現命令行能夠運行容器,可是代碼報錯:
msg="Handler for POST /containers/create returned error: mkdir /mnt/resource/data/docker/overlay2/4e32760280d0f8a6beefb2823a5c0534a11234e80165feae6bd4e5e7c0076d4c-init/merged/dev/shm: invalid argument"
$ docker info
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 39
Server Version: 17.12.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
$ uname -r
3.10.0-327.13.1.el7.x86_64
{
"log-level": "warn",
"hosts": ["unix:///var/run/docker.sock","tcp://0.0.0.0:2375"],
"storage-driver": "devicemapper"
}
安裝docker
- 安裝docker能夠採用yum安裝,軟件包安裝,或者直接使用二進制可執行文件。可是直接使用二進制可執行文件可能會有各類依賴問題,yum安裝是最方便的方式。
yum安裝docker遇到的問題
- 原本覺得用yum安裝是萬無一失的,可是仍是出現瞭如下錯誤:容器能夠建立可是沒法運行,不映射端口能夠運行,映射端口就報錯。說找不到docker-proxy。yum安裝的也確實沒有docker-proxy
Failed in starting container: API error (404): driver failed programming external connectivity on endpoint 1.ac_18_0_yztest-c_0-0-2_13_0_151a31de3de2cead (ea11474a0a341c7500d931e72b7d5f207c1be2d1d51158444aa101122dfad2b7): exec: "docker-proxy": executable file not found in $PATH.
$ docker run -d -p 9000:9000 --restart always -v /var/run/docker.sock:/var/run/docker.sock -v /opt/portainer:/data portainer/portainer
4dc93965c584be10704ee5b0d0a1c14a1eabb1e2082a98095992065bd65dbf7b
/usr/bin/docker-current: Error response from daemon: driver failed programming external connectivity on endpoint sleepy_boyd (99fda3a8fba386e88ef362b8f8059ea3d55fa734b353d6e6cdba6c345e5b9a34): Bind for 0.0.0.0:9000 failed: port is already allocated.
- 經過將新版本的docker-proxy二進制文件放到/usr/bin目錄下,能夠解決網絡問題。