docker学习(七)docker daemon

news2024/11/24 19:53:01

1.Docker 的CS模式

1.1.Docker 的C/S模式介绍

在 Docker Client 中来运行 Docker 的各种命令,这些命令会传送给在 Docker 的宿主机上运行的 Docker 守护进程。而 Docker 守护进程是负责实现 Docker 各种功能的。
在这里插入图片描述
如图所示,Docker 守护进程运行在宿主机上,也就是“C/S架构”的Server(服务)端,守护进程启动后,一直在后台运行,负责实现 Docker 的各种功能。Docker 的使用者要通过 Docker 的客户端,与守护进程进行交互,也就是 Docker 的命令行接口,与 Docker 守护进程进行通信。这个命令行接口,也就是在 Shell 中执行 Docker 命令时运行的二进制程序,它是 Docker 最主要的用户接口,用来从用户处接收 Docker 的命令,并且传递给守护进程;而守护进程将命令执行的结果返回给客户端,返显示在命令行接口中。

1.2.Docker 客户端与守护进程的通信方式

Docker 客户端与守护进程,实际上是通过 Socket 进行连接的。
Docker 提供了三种 Socket 连接的模式:

  • Unix 的端口模式
    unix:///var/run/docker.sock
  • TCP 协议的 host:port 模式
    tcp://host:port
  • fd 的 Socket 模式
    fd://socketfd

其中,Unix 的端口模式是 Docker 默认的客户端与守护进程的连接方式。我们也可以通过配置进行修改,来修改 Socket 连接方式。
在这里插入图片描述
用户可以通过命令行接口,或者自定义的应用,来与客户端进行连接。这个客户端可以是 Docker 提供的二进制程序( Shell 中运行的 Docker 命令),也可以是用户自定义的程序,而这个程序是通过调用Remote API来调用Docker的服务。而 Docker 客户端与 Docker 服务端是通过 Socket 进行连接,这种连接本身也就意味着,Docker 客户端与服务端既可以在同一台机器,也可以在不同机器上运行。也就是 Docker 客户端可以通过远程访问的方式,来访问 Docker 服务端。

2.Docker 守护进程的配置

2.1.Docker 守护进程的启停

启动、停止和重启 Docker 守护进程,需要使用到Linux的service命令,相关的操作如下:

sudo service docker start
sudo service docker stop
sudo service docker restart
# 等同于
sudo systemctl start docker
sudo systemctl stop docker
sudo systemctl restart docker

当修改了 Docker 启动配置时,就需要使用 service 命令来重新启动 Docker 服务,以使得修改的配置能够得到应用。

2.2.Docker 的启动选项

Docker 针对不同的应用场景,为守护进程提供了非常丰富的启动配置选项。而这种配置选项,是通过如下格式来运行的:

docker -d [OPTIONS]

其中 -d 是代表以“守护”的方式来运行Docker的程序,后面的“[OPTIONS]”就是守护进程的配置选项,Docker提供了非常丰富的配置选项,如下:
Docker守护进程相关:
与 Docker 守护进程相关的运行选项,它包含了 Docker 的目录、日志级别、进程id、写入文件的地址、debug 模式的开启以及 docker 运行时使用的驱动模式等等:

	-D, --debug=false:debug模式的开启
	-e, --exec-driver="native":docker运行时使用的驱动模式
	-g, --graph="/var/lib/docker":设置Docker运行时根目录
	--icc=true:设置启用内联容器的通信。
	-l,--log-level="info":docker的日志级别指定
	--label=[]:docker标签
	-p, --pidfile="/var/run/docker.pid":设置后台进程PID文件路径。

Docker服务器连接相关:

	-G, --group="docker":在后台运行模式下,赋予指定的Group到相应的unix socket上。注意,当此参数 --group 赋予空字符串时,将去除组信息
	-H, --host=[]:设置后台模式下指定socket绑定,可以绑定一个或多个 tcp://host:port, unix:///path/to/socket, fd://* 或 fd://socketfd。如:$ docker -H tcp://0.0.0.0:2375 ps 或者$ export DOCKER_HOST="tcp://0.0.0.0:2375"$ docker ps
	--tls=false:设置是否使用TLS
	--tlscacert="/home/sven/.docker/ca.pem":设置要在远程证书中使用的CA证书文件的路径
	--tlscert="/home/sven/.docker/cert.pem":设置证书文件路径
	--tlskey="/home/sven/.docker/key.pem":设置密匙文件路径
	--tlsverify=false:使用TLS远程证书,守护进程与客户端全部使用证书验证

Remote API相关:

	--api-enable-cors=false:设置是否允许远程API调用。

存储相关:

	-s, --storage-driver="":设置容器运行时使用指定的存储驱动,如,指定使用devicemapper,可以这样:docker -d -s devicemapper
	--selinux-enabled=false:设置启用selinux支持
	--storage-opt=[]:设置存储驱动的参数

Registry(仓库连接)相关:

	--insecure-registry=[]:使用私有证书搭建docker注册服务器时,设置docker注册服务器域名
	--registry-mirror=[]:设置docker registry 的镜像地址

网络设置相关:

	-b, --bridge="":使用事先创建的网桥接口。若设置为none,则不在容器内使用网络
	--bip="":使用CIDR标记法设置docker 的IP带宽。该选项不能与-b选项同时使用
	--fixed-cidr="":固定分配IPv4地址的带宽。该IP地址必须在-b选项设置的网桥网络或--bip设置的IP网段内
	--fixed-cidr-v6="":设置 IPv6子网
	--dns=[]:设置容器使用DNS服务器。例如: docker -d --dns 8.8.8.8
	--dns-search=[]:设置容器使用指定的DNS搜索域名。如: docker -d --dns-search example.com
	--ip=0.0.0.0:设置容器绑定IP时使用的默认IP地址
	--ip-forward=true:设置启动容器的 net.ipv4.ip_forward
	--ip-masq=true:为网桥上的IP地址开启IP伪装(masquerading)
	--iptables=true:设置启动Docker容器自定义的iptable规则
	--ipv6=false:设置是否使用ipv6子网
	--mtu=0:设置容器网络的MTU值,如果没有这个参数,选用默认 route MTU,如果没有默认route,就设置成常量值 1500

Docker官方网站:​https://docs.docker.com/reference/commandline/cli​

2.3.Docker 服务配置

Docker的启动配置文件:

  • 老版:
    在1.12版本后之前,由于不同操作系统不同的init初始化系统,Docker的初始化配置文件根据不同的系统放置在不同的位置,在Ubuntu 中的位置是:/etc/default/docker,在CentOS中的位置是:/etc/sysconfig/docker。
    “tcp”协议配置老版端口默认是2375
  • 新版:
    1.12版本后,用户可以自行创建 /etc/docker/daemon.json,该文件是 docker 进程的配置管理文件,里面几乎包含了所有 docker 命令行启动可以配置的参数,不管是哪个平台,不管是以何种方式启动,默认都会来这里读取配置。
    “tcp”协议配置新版端口默认是5678

为本地 Docker 服务添加一个“ labels 选项”:

[test@localhost ~]# sudo vim /etc/docker/daemon.json
# {} 不能有多个
{
	"labels" : ["nodeName=docker_server_1"]
}

“ labels 选项”可以定义一个key-value的值,而这个值可以在“docker info”命令中查看到。

# 重启docker
[test@localhost ~]$ sudo service docker restart
# 查看labels信息,nodeName=docker_server_1已添加
[test@localhost ~]$ sudo docker info 
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.4.2-docker)

Server:
 Containers: 5
  Running: 0
  Paused: 0
  Stopped: 5
 Images: 26
 Server Version: 20.10.0
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2806fc1057397dbaeefbea0e4e17bddfbd388f38
 runc version: v1.1.5-0-gf19387a
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1160.83.1.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 112
 Total Memory: 125.4GiB
 Name: localhost.localdomain
 ID: BQJU:EZOH:U5ZS:YI3X:EDS3:WA2Z:XB4C:3KPF:ZAXF:2ZFM:ZZLR:4LJE
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 # Labels信息已添加
 Labels:
  nodeName=docker_server_1
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 [test@localhost ~]$

3.Docker 的远程访问

3.1.Docker 远程访问概述

远程访问的时候,需要保证两台服务器的API版本一致,通过“docker version”版本信息查看指令。
默认情况下,Docker的守护进程使用的是“unix”模式来实现与客户端的通信。这里需要用“tcp”模式来进行网络交互。有两种方式配置:
首先,在 docker daemon 配置文件 /lib/systemd/system/docker.service 中的“ExecStart”选项后,添加“tcp”协议的配置。

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:5678

其次,是在/etc/docker/daemon.json文件中配置,需要修改 /lib/systemd/system/docker.service,去掉所有-H 参数:

[test@localhost ~]# sudo vim /etc/docker/daemon.json
{
	"hosts": ["tcp://0.0.0.0:5678", "unix:///var/run/docker.sock"]
}

Ps:目前笔者使用的 Docker 20.10.0-ce版本。

3.2.修改docker.service方式

查看 docker socket 模式:

# ps查看看不到“-H tcp://0.0.0.0:5678”信息
[test@localhost ~]$ ps -ef | grep docker 
root       7616      1  0 17:43 ?        00:00:01 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
# 使用curl链接,会被拒绝
[test@localhost ~]$ curl http://127.0.0.1:5678/info
curl: (7) Failed connect to 127.0.0.1:5678; 拒绝连接
[test@localhost ~]$ 

修改 /lib/systemd/system/docker.service 配置,添加ExecStart项:

[test@localhost ~]# sudo vim /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service multi-user.target
Wants=network-online.target
Requires=docker.socket containerd.service

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
# 默认版本
# ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
# 添加 -H tcp://0.0.0.0:5678
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:5678
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500

[Install]

添加完tcp之后,重启:

sudo systemctl daemon-reload
sudo service docker restart

再次查看 docker socket 模式,“tcp”已添加,并本机测试“tcp”:

[test@localhost ~]$ ps -ef | grep docker 
root      45102      1  3 17:54 ?        00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:5678
[test@localhost ~]$ curl http://127.0.0.1:5678/info
{"ID":"BQJU:EZOH:U5ZS:YI3X:EDS3:WA2Z:XB4C:3KPF:ZAXF:2ZFM:ZZLR:4LJE","Containers":5,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":5,"Images":26,"Driver":"overlay2","DriverStatus":[["Backing Filesystem","xfs"],["Supports d_type","true"],["Native Overlay Diff","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","ipvlan","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","local","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"KernelMemoryTCP":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":true,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":false,"NFd":23,"OomKillDisable":true,"NGoroutines":34,"SystemTime":"2023-06-30T17:58:32.0594699+08:00","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","CgroupVersion":"1","NEventsListener":0,"KernelVersion":"3.10.0-1160.83.1.el7.x86_64","OperatingSystem":"CentOS Linux 7 (Core)","OSVersion":"7","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":[],"AllowNondistributableArtifactsHostnames":[],"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":[],"Secure":true,"Official":true}},"Mirrors":[]},"NCPU":112,"MemTotal":134651682816,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"localhost.localdomain","Labels":["nodeName=docker_server_1"],"ExperimentalBuild":false,"ServerVersion":"20.10.0","Runtimes":{"io.containerd.runc.v2":{"path":"runc"},"io.containerd.runtime.v1.linux":{"path":"runc"},"runc":{"path":"runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"2806fc1057397dbaeefbea0e4e17bddfbd388f38","Expected":"2806fc1057397dbaeefbea0e4e17bddfbd388f38"},"RuncCommit":{"ID":"v1.1.5-0-gf19387a","Expected":"v1.1.5-0-gf19387a"},"InitCommit":{"ID":"de40ad0","Expected":"de40ad0"},"SecurityOptions":["name=seccomp,profile=default"],"Warnings":["WARNING: API is accessible on http://0.0.0.0:5678 without encryption.\n         Access to the remote API is equivalent to root access on the host. Refer\n         to the 'Docker daemon attack surface' section in the documentation for\n         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"]}
[test@localhost ~]$

异地(10.49.44.16)测试"tcp"(docker daemon 主机IP为:10.49.44.14):

[test@localhost ~]$ curl http://10.49.44.14:5678/info
{"ID":"BQJU:EZOH:U5ZS:YI3X:EDS3:WA2Z:XB4C:3KPF:ZAXF:2ZFM:ZZLR:4LJE","Containers":5,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":5,"Images":26,"Driver":"overlay2","DriverStatus":[["Backing Filesystem","xfs"],["Supports d_type","true"],["Native Overlay Diff","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","ipvlan","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","local","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"KernelMemoryTCP":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":true,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":false,"NFd":23,"OomKillDisable":true,"NGoroutines":34,"SystemTime":"2023-07-03T09:31:56.804561345+08:00","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","CgroupVersion":"1","NEventsListener":0,"KernelVersion":"3.10.0-1160.83.1.el7.x86_64","OperatingSystem":"CentOS Linux 7 (Core)","OSVersion":"7","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":[],"AllowNondistributableArtifactsHostnames":[],"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":[],"Secure":true,"Official":true}},"Mirrors":[]},"NCPU":112,"MemTotal":134651682816,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"localhost.localdomain","Labels":["nodeName=docker_server_1"],"ExperimentalBuild":false,"ServerVersion":"20.10.0","Runtimes":{"io.containerd.runc.v2":{"path":"runc"},"io.containerd.runtime.v1.linux":{"path":"runc"},"runc":{"path":"runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"2806fc1057397dbaeefbea0e4e17bddfbd388f38","Expected":"2806fc1057397dbaeefbea0e4e17bddfbd388f38"},"RuncCommit":{"ID":"v1.1.5-0-gf19387a","Expected":"v1.1.5-0-gf19387a"},"InitCommit":{"ID":"de40ad0","Expected":"de40ad0"},"SecurityOptions":["name=seccomp,profile=default"],"Warnings":["WARNING: API is accessible on http://0.0.0.0:5678 without encryption.\n         Access to the remote API is equivalent to root access on the host. Refer\n         to the 'Docker daemon attack surface' section in the documentation for\n         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"]}
[test@localhost ~]$ 

发现都是可以连通的。
此时我们可以尝试在 Docker 的查询指令中间添加“-H tcp://10.49.44.14:5678”来运行远程Docker指令:

[test@localhost ~]$ sudo docker -H tcp://10.49.44.14:5678 info
Client:
 Context:    default
 Debug Mode: false

Server:
 Containers: 5
  Running: 0
  Paused: 0
  Stopped: 5
 Images: 26
 Server Version: 20.10.0
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2806fc1057397dbaeefbea0e4e17bddfbd388f38
 runc version: v1.1.5-0-gf19387a
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1160.83.1.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 112
 Total Memory: 125.4GiB
 Name: localhost.localdomain
 ID: BQJU:EZOH:U5ZS:YI3X:EDS3:WA2Z:XB4C:3KPF:ZAXF:2ZFM:ZZLR:4LJE
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
  nodeName=docker_server_1
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: API is accessible on http://0.0.0.0:5678 without encryption.
         Access to the remote API is equivalent to root access on the host. Refer
         to the 'Docker daemon attack surface' section in the documentation for
         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
test@10.49.44.16:~$ 

这是因为此时在执行 Docker 命令时,会连接到 -H 指定的远程 Docker 服务器上。

3.3.修改daemon.json方式

修改 /lib/systemd/system/docker.service 配置ExecStart项,去掉所有-H 项,不然会与daemon.json产生冲突:

[test@localhost ~]$ sudo vim /lib/systemd/system/docker.service
......
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
# ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
# 添加 -H tcp 参数
# ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:5678
# 不添加 -H 参数
ExecStart=/usr/bin/dockerd
......

重启:

sudo systemctl daemon-reload
sudo service docker restart

查看 docker socket 模式:

# ps查看看不到“-H tcp://0.0.0.0:5678”信息
[test@localhost ~]$ ps -ef | grep docker 
root       7616      1  0 17:43 ?        00:00:01 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
# 使用curl链接,会被拒绝
[test@localhost ~]$ curl http://127.0.0.1:5678/info
curl: (7) Failed connect to 127.0.0.1:5678; 拒绝连接
[test@localhost ~]$ 

修改/etc/docker/daemon.json配置文件,添加hosts参数,然后重启服务:

[test@localhost ~]$ vim /etc/docker/daemon.json
{
        "labels" : ["nodeName=docker_server_1"],
        "hosts": ["tcp://0.0.0.0:5678", "unix:///var/run/docker.sock"],
        "dns" : [
                "114.114.114.114",
                "8.8.8.8"
        ]
},

ps -ef | grep docker看不到-H 信息,但是curl可以,异地也可以。

[test@localhost ~]$ ps -ef | grep docker
root      45289      1  4 10:24 ?        00:00:00 /usr/bin/dockerd
[test@localhost ~]$ curl http://127.0.0.1:5678/info
{"ID":"BQJU:EZOH:U5ZS:YI3X:EDS3:WA2Z:XB4C:3KPF:ZAXF:2ZFM:ZZLR:4LJE","Containers":6,"ContainersRunning":0,"ContainersPaused":0,"ContainersStopped":6,"Images":26,"Driver":"overlay2","DriverStatus":[["Backing Filesystem","xfs"],["Supports d_type","true"],["Native Overlay Diff","true"]],"Plugins":{"Volume":["local"],"Network":["bridge","host","ipvlan","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","local","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"KernelMemoryTCP":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":true,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":false,"NFd":24,"OomKillDisable":true,"NGoroutines":35,"SystemTime":"2023-07-03T10:25:10.152686291+08:00","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","CgroupVersion":"1","NEventsListener":0,"KernelVersion":"3.10.0-1160.83.1.el7.x86_64","OperatingSystem":"CentOS Linux 7 (Core)","OSVersion":"7","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":[],"AllowNondistributableArtifactsHostnames":[],"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"docker.io":{"Name":"docker.io","Mirrors":[],"Secure":true,"Official":true}},"Mirrors":[]},"NCPU":112,"MemTotal":134651682816,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"localhost.localdomain","Labels":["nodeName=docker_server_1"],"ExperimentalBuild":false,"ServerVersion":"20.10.0","Runtimes":{"io.containerd.runc.v2":{"path":"runc"},"io.containerd.runtime.v1.linux":{"path":"runc"},"runc":{"path":"runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"2806fc1057397dbaeefbea0e4e17bddfbd388f38","Expected":"2806fc1057397dbaeefbea0e4e17bddfbd388f38"},"RuncCommit":{"ID":"v1.1.5-0-gf19387a","Expected":"v1.1.5-0-gf19387a"},"InitCommit":{"ID":"de40ad0","Expected":"de40ad0"},"SecurityOptions":["name=seccomp,profile=default"],"Warnings":["WARNING: API is accessible on http://0.0.0.0:5678 without encryption.\n         Access to the remote API is equivalent to root access on the host. Refer\n         to the 'Docker daemon attack surface' section in the documentation for\n         more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"]}
[test@localhost ~]$

/lib/systemd/system/docker.service -H 与/etc/docker/daemon.json hosts[“”]不能同时配置,不然重启失败:

[test@localhost ~]$ sudo systemctl daemon-reload
[test@localhost ~]$ sudo service docker restart
Redirecting to /bin/systemctl restart docker.service
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
[test@localhost ~]$

3.4.docker -H方式

[test@localhost ~]$ sudo dockerd --debug   --tls=true   --tlscert=/var/docker/server.pem   --tlskey=/var/docker/serverkey.pem   --host tcp://127.0.0.1:5678
INFO[2023-07-03T10:50:36.985386294+08:00] Starting up                                  
failed to create API server: Could not load X509 key pair (cert: "/var/docker/server.pem", key: "/var/docker/serverkey.pem"): open /var/docker/server.pem: no such file or directory
[test@localhost ~]$ 

提示证书不存在。已经有3.2.和3.3两种方式了,这种方式以后在研究吧。
参考:https://blog.csdn.net/a1010256340/article/details/80106735

3.5.Docker 环境变量配置

如果我们需要频繁访问远程 Docker 指令,一直添加“-H”指令明显很繁琐,所以 Docker 客户端提供了一个环境变量来简化该操作。
首先我们使用 export 指令来设置环境变量:export DOCKER_HOST=“tcp://127.0.0.1:5678”。
设置完毕之后,我们运行 sudo docker info 命令,返回的信息也是远程服务器的。
如果我们使用完了远程的服务器,需要连接本机时,只需使用exoprt指令将“DOCKER_HOST”环境变量置空,即可恢复本机的Docker服务连接。此时我们再运行 info 命令,显示的就是我们本机的Docker信息了。

4.Docker 常用接口

curl http://10.49.44.14:5678/info // 相当于在本地 docker info访问
curl http://10.49.44.14:5678/containers/json // 返回活动的容器
curl http://10.49.44.14:5678/containers/json?all=1 // 返回所有容器
curl http://10.49.44.14:5678/images/json
在linux下,可以通过curl工具访问url,因为返回的是json串,非格式化的。可以结合python命令,转为格式化的json,让看起来比较清。如:
curl http://10.49.44.14:5678/images/json | python -mjson.tool

参考:
https://
blog.51cto.com/u_16012040/6130770
https://blog.51cto.com/u_16012040/6142527
https://blog.51cto.com/u_16012040/6142525
https://www.cnblogs.com/xiugeng/p/16323859.html
https://www.cnblogs.com/51kata/p/5267687.html

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/714469.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

超参数调试、Batch正则化和程序框架

1、归一化网络的激活函数(Normalizing activations in a network ) 规范化,方法如下,减去均值再除以标准偏差,为了使数值稳定, 通常将𝜀作为分母,以防𝜎 0的情况 &…

使用maven profile 实现一次打包多版本依赖的fat jar

基于一种特殊情况: 需要开发通用代码,但底层依赖的jar有不同版本,使用一次maven 命令编译来同时生成多个fat jar。 测试代码结构: log4j-v1/log4j-v2 有一个同名类被maintest引用。 maintest pom.xml如下 <?xml version="1.0" encoding="UTF-8"…

Docker的安装以及Docker私有仓库的搭建

Docker的安装 # 1、yum 包更新到最新 yum update # 2、安装需要的软件包&#xff0c; yum-util 提供yum-config-manager功能&#xff0c;另外两个是devicemapper驱动依赖的 yum install -y yum-utils device-mapper-persistent-data lvm2 # 3、 设置yum源 yum-config-manage…

基于QT设计的无人机地面站(摄像头录像拍摄)

一、功能需求 通过QT设计一款无人机地面站软件,需要包含基本的RTSP拉流功能,对接无人机平台的RTSP流。此外,需要完成拍照、录像、OSD叠加功能;完成按钮控制云台进行拍照、录像、变焦、指点运动等。在此基础上,完成对应的目标跟踪识别。 技术要求 (1)采用QT平台,设计W…

一、QT主界面简介和创建一个QT工程

QT从入门到实战学习笔记 一、QtCreator主界面简介1、欢迎界面2、编辑界面3、设计界面4、Debug界面5、帮助界面6、主界面左下角按钮 二、创建QT工程1、创建一个新的project2、模板选择3、项目介绍和位置4、定义所建的系统文件类型5、创建类信息&#xff08;Details&#xff09;6…

Redis【实战篇】---- 秒杀优化

Redis【实战篇】---- 秒杀优化 1. 秒杀优化-异步秒杀思路2. 秒杀优化-Redis完成秒杀资格判断3. 秒杀优化-基于阻塞队列完成秒杀优化 1. 秒杀优化-异步秒杀思路 我们来回顾一下下单流程 当用户发起请求&#xff0c;此时会请求nginx&#xff0c;nginx会访问到tomcat&#xff0c…

HNU-小学期工训-STC-B焊接质量分析报告

质量分析报告 焊接情况简单概述 同学们都按时按质量地完成了焊接工作&#xff0c;在测试过程中无短路问题 学习班焊接质量、报修等情况统计 焊接质量较好&#xff0c;焊锡基本圆润光滑&#xff0c;经测试无短路现象 报修情况统计&#xff1a; 测试情况统计 部分同学存在故…

Sqlite创建表、查看表

前面已经学习了Sqlite&#xff1b; 图解SQLite教程_bcbobo21cn的博客-CSDN博客 下面复习一下&#xff1b; 启动和创建数据库&#xff1b;.tables查看表&#xff0c;此时没有&#xff1b; 创建一个表并插入数据&#xff1b; 再创建一个表并插入数据&#xff1b;带小数点的数据…

如何防止数据泄露,保护企业内部文件的安全

现在全球数据泄露事件频发&#xff0c;而且很大一部分都是由于内部员工造成的数据外泄&#xff0c;对企业造成的损失和打击很大&#xff0c;企业一旦出现数据泄露问题&#xff0c;所遭受的不仅仅是经济损失&#xff0c;可能还会对企业的声誉造成负面影响&#xff0c;企业内部的…

简单的手机记事本怎么把英文翻译成中文?

手机记事本是人们常用的辅助工具之一&#xff0c;在使用手机记事本记录内容的时候&#xff0c;除了我们平时使用较多的中文之外&#xff0c;也有人会记录一些英文内容。想要将手机记事本中的英文内容翻译成中文内容应该如何操作呢&#xff1f;以iPhone手机端敬业签记事本软件为…

chatgpt赋能python:配置Python虚拟环境的好处和方法

配置Python虚拟环境的好处和方法 在Python的开发中&#xff0c;有时需要使用不同的库和不同的版本&#xff0c;如果不合理地安装这些库&#xff0c;可能会导致不必要的冲突和错误。此时&#xff0c;使用Python虚拟环境可以轻松地隔离项目之间的不同依赖和版本&#xff0c;避免…

【C#】并行编程实战:实现数据并行(4)

本章继续学习实现数据并行&#xff0c;本文主要介绍并行循环中的线程存储。这也是本章节的最后一篇。 本教程对应学习工程&#xff1a;魔术师Dix / HandsOnParallelProgramming GitCode 5、了解并行循环中的线程存储 默认情况下&#xff0c;所有并行循环都可以访问全局…

13.1 非线性变化的图像增强和补偿——滤波器对图像作增强提高视觉质量(matlab程序)

1.简述 图像的线性变换和非线性变换&#xff0c;逐像素运算就是对图像的没一个像素点的亮度值&#xff0c;通过一定的函数关系&#xff0c;转换到新的亮度值。这个转换可以由函数表示&#xff1a; s f ( r ) s f( r )sf(r) 其中r为原来的像素值&#xff0c;s为新的像素值&a…

关于visual studio 2010 及以上版本 引入boost库的最新解决方法

之前没有怎么用到boost库&#xff0c;出来实习需要去编译一些代码&#xff0c;需要引入boost第三方库&#xff0c;在这过程中&#xff0c;一直出现 LINK : fatal error LNK1104: 无法打开文件“libboost_filesystem-vc100-mt-gd-x3 错误&#xff0c; 但是也确实是跟其他教程学过…

BUUCTF [GXYCTF2019] CheckIn 1

BUUCTF:https://buuoj.cn/challenges 题目描述&#xff1a; 密文&#xff1a; dikqTCpfRjA8fUBIMD5GNDkwMjNARkUwI0BFTg解题思路&#xff1a; 1、观察密文&#xff0c;一眼Base64加密&#xff0c;使用在线工具Base64加解密&#xff0c;得到另一串密文。 v)*L*_F0<}H0>…

Apifox|API 文档和开发闭环初体验

Apifox是一款集文档、接口定义、数据模拟、自动化测试为一体的接口协作平台。 据功能介绍&#xff0c;基本总结Apifox Postman Swagger Mock JMeter 既然评的文章那么多&#xff0c;掀起了一阵子热度&#xff0c;究竟哪些功能&#xff1a; 用下来有哪些体会&#xff1a;…

Web3.0 应用开发:选择合适的框架和工具至关重要

随着 Web3.0 时代的到来&#xff0c;区块链技术的普及和应用让去中心化的应用开发变得更加可行。然而&#xff0c;要开发出高效、稳定和安全的 Web3.0 应用&#xff0c;选择合适的框架和工具至关重要。本文将介绍 Web3.0 应用开发的关键因素&#xff0c;帮助开发者做出明智的选…

【Vue+Django】Training Management Platform Axios并发请求 - 20230703

需求陈述 由于API是特定单位/特定类别/特定教学方式的数据&#xff0c;故汇总数据需要循环请求不同单位/不同类别/不同教学方式。 技术要点 1.axios并发请求 2.JS for循环 3.Vue数组中出现 ob :Observer无法取值问题的解决方法 4.将数据转化为数组 5.一次请求所有数据后&…

交安三类人员专职安全生产管理人员(c证)考试题库及答案(主观题)

本题库是根据最新考试大纲要求&#xff0c;结合近年来考试真题的重难点进行汇编整理组成的全真模拟试题&#xff0c;考生们可以进行专项训练&#xff0c;查漏补缺巩固知识点。本题库对热点考题和重难点题目都进行了仔细的整理和编辑&#xff0c;相信考生在经过了针对性的刷题练…

计算机由于找不到d3dx9_35.dll,无法启动软件游戏的三个修复方法

在打开游戏的时候&#xff0c;计算机提示由于找不到d3dx9_35.dll&#xff0c;无法正常启动运行。这个是为什么呢&#xff1f;d3dx9_35.dll是DirectX 9.0里面的一个动态连结库文件&#xff0c;它包含了Direct3D、DirectPlay几个组件的二进制文件&#xff0c;为软件提供了多媒体图…