容器（七）建立 Machine【41】

（二）建立 Machine

​ 對於 Docker Machine 來講，術語 Machine 就是運行 docker daemon 的主機。「建立 Machine」 指的就是在 host 上安裝和部署 docker。先執行 docker-machine ls 查看一下當前的 machine：

root@cuiyongchao:/etc/bash_completion.d# docker-machine ls
NAME   ACTIVE   DRIVER   STATE   URL   SWARM   DOCKER   ERRORS
root@cuiyongchao:/etc/bash_completion.d#

如咱們所料，當前尚未 machine，接下來咱們建立第一個 machine： host1 - 10.0.0.21。

建立 machine 要求可以無密碼登陸遠程主機，因此須要先經過以下命令將 ssh key 拷貝到 10.0.0.21：

root@cuiyongchao:~# ssh-keygen -t rsa
root@cuiyongchao:~# ll .ssh/
total 16
drwx------  2 root root 4096 Nov  4 01:02 ./
drwx------ 10 root root 4096 Nov  4 00:56 ../
-rw-------  1 root root    0 Oct 19 02:44 authorized_keys
-rw-------  1 root root 1679 Nov  4 01:02 id_rsa
-rw-r--r--  1 root root  398 Nov  4 01:02 id_rsa.pub
root@cuiyongchao:~# ssh-copy-id 10.0.0.21

一切準備就緒，執行 docker-machine create 命令建立 host1：

docker-machine create --driver generic --generic-ip-address=10.0.0.21 host1

由於咱們是往普通的 Linux 中部署 docker，因此使用 generic driver，其餘 driver 能夠參考文檔 https://docs.docker.com/machine/drivers/。

--generic-ip-address 指定目標系統的 IP，並命名爲 host1。命令執行過程以下：

root@cuiyongchao:~# docker-machine create --driver generic --generic-ip-address=10.0.0.21 host1
Creating CA: /root/.docker/machine/certs/ca.pem
Creating client certificate: /root/.docker/machine/certs/cert.pem
Running pre-create checks...
Creating machine...
(host1) No SSH key specified. Assuming an existing key at the default location.
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env host1
root@cuiyongchao:~#

① 經過 ssh 登陸到遠程主機。
② 安裝 docker。
③ 拷貝證書。
④ 配置 docker daemon。
⑤ 啓動 docker。

再次執行 docker-machine ls ：

root@cuiyongchao:~# docker-machine ls
NAME    ACTIVE   DRIVER    STATE     URL                    SWARM   DOCKER      ERRORS
host1   -        generic   Running   tcp://10.0.0.21:2376           v19.03.13   
root@cuiyongchao:~#

已經能看到 host1 了。 咱們能夠登陸到 host1 查看 docker daemon 的具體配置 /etc/systemd/system/docker.service。

root@cuiyongchao:~# docker-machine ls
NAME    ACTIVE   DRIVER    STATE     URL                    SWARM   DOCKER      ERRORS
host1   -        generic   Running   tcp://10.0.0.21:2376           v19.03.13   
root@cuiyongchao:~#  docker-machine ip host1
10.0.0.21
root@cuiyongchao:~# docker-machine ssh host1
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-122-generic x86_64)

root@host1:~# cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker

ExecStart=/usr/bin/dockerd --insecure-registry 10.0.0.20:5000
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target
root@host1:~# 
root@host1:~# hostname
host1