Docker-安装

docker安装要求

• Docker CE支持64位版本CentOS 7
• 内核 >= 3.10

docker使用注意点

• 只有root和docker组的用户才可以访问Docker引擎的Unix socket
• 安全考虑，一般用普通用户加入docker用户组使用"usermod -G docker user"
• 确认/etc/group是否有docker组，没有则创建"groupadd docker"

在有外网的情况下使用yum安装

卸载旧版本

]$ sudo rpm -qa docker* #先查看是否安装，然后再卸载
]$ sudo yum remove docker #也可以直接运行此命令卸载
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotatte \
docker-logrotate \
docker-selinux \
docker-engine-selinu \
dokcer-engine

安装依赖包

]$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2

添加docker的yum源

]$ sudo yum-config-manager --add-repo \
https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
]$ sudo sed -i 's/download.docker.com/mirrors.ustc.edu.cn\/docker-ce/g' /etc/yum.repos.d/docker-ce.repo #使用国内源

安装docker-ce

]$ sudo yum makecache fast
]$ sudo yum install docker-ce -y

启动docker-ce

]$ sudo systemctl enable docker
]$ sudo systemctl start docker

在有外网的情况下使用脚本自动安装

在测试或开发环境中Docker官方为了简化安装流程，提供了一套便捷的安装脚本，CentOS系统上可以使用这套脚本安装，另外可以通过--mirror选项使用国内源进行安装

下载脚本安装

]$ curl -fsSL get.docker.com -o get-docker.sh
]$ sudo sh get-docker.sh --mirror Aliyun

启动docker-ce

]$ sudo systemctl enable docker
]$ sudo systemctl start docker

测试docker是否安装正确

]$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
...省略

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

输出以上信息说明安装成功

镜像加速

加速器地址

• 网易云加速器：https://hub-mirror.c.163.com
• 百度云加速器：https://mirror.baidubce.com

编辑/etc/docker/daemon.json文件(若不存在需新建)

echo -e "{\n \"registry-mirrors\": [ \"https://hub-mirror.c.163.com\",\"https://mirror.baidubce.com\"] \n}" > /etc/docker/daemon.json

检查加速器是否生效

]$ docker info
...省略
Registry Mirrors:
  https://hub-mirror.c.163.com/
  https://mirror.baidubce.com/
 ...省略
 有上面信息即配置成功

启动遇到的错误

1. 启动错误1：Error while creating filesystem xfs on device docker-8:3-102972296-base mkfs.xfs版本太低，更新：yum update xfsprogs

Mar 28 00:04:43 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:43.598408051+08:00" level=info msg="Starting up"
Mar 28 00:04:43 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:43.600650558+08:00" level=info msg="parsed scheme: \"unix\"" module=grpc
Mar 28 00:04:43 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:43.600665279+08:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Mar 28 00:04:43 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:43.600687607+08:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=
Mar 28 00:04:43 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:43.600697002+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Mar 28 00:04:43 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:43.605904749+08:00" level=info msg="parsed scheme: \"unix\"" module=grpc
Mar 28 00:04:43 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:43.605918992+08:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Mar 28 00:04:43 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:43.605931380+08:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=
Mar 28 00:04:43 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:43.605937417+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Mar 28 00:04:43 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:43.617199212+08:00" level=warning msg="Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use
Mar 28 00:04:44 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:44.026434810+08:00" level=info msg="Creating filesystem xfs on device docker-8:3-102972296-base, mkfs args: [-m crc=0,finobt=0 /dev/mapper/docker-8:3-1029722
Mar 28 00:04:44 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:44.028150070+08:00" level=info msg="Error while creating filesystem xfs on device docker-8:3-102972296-base: exit status 1" storage-driver=devicemapper
Mar 28 00:04:44 localhost.localdomain dockerd[15804]: time="2021-03-28T00:04:44.028169215+08:00" level=error msg="[graphdriver] prior storage driver devicemapper failed: exit status 1"
Mar 28 00:04:44 localhost.localdomain dockerd[15804]: failed to start daemon: error initializing graphdriver: exit status 1
Mar 28 00:04:44 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Mar 28 00:04:44 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.

2. 启动错误2：关闭防火墙后，启动正常

Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.353676471+08:00" level=info msg="Starting up"
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.356316209+08:00" level=info msg="parsed scheme: \"unix\"" module=grpc
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.356331851+08:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.356355606+08:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.356368901+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.360890299+08:00" level=info msg="parsed scheme: \"unix\"" module=grpc
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.360910461+08:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.360937384+08:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.360950330+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.438344454+08:00" level=warning msg="Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.451448783+08:00" level=warning msg="Base device already exists and has filesystem xfs on it. User specified filesystem  will be ignored." storage-driver=d
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.457425106+08:00" level=info msg="[graphdriver] using prior storage driver: devicemapper"
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.457445318+08:00" level=warning msg="[graphdriver] WARNING: the devicemapper storage-driver is deprecated, and will be removed in a future release"
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.464967636+08:00" level=warning msg="Unable to find pids cgroup in mounts"
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.465155371+08:00" level=info msg="Loading containers: start."
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: INVALID_TYPE: structure size mismatch 16 != 13
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -C FORWARD -j DOCKER-ISOLATION' failed: iptables v1.4.21: Couldn't load target `DOCKER-ISOLATION':No such file 
                                                      
                                                      Try `iptables -h' or 'iptables --help' for more information.
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables: No chain/target/match by that name.
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -D OUTPUT -m addrtype --dst-type LOCAL ! --dst 127.0.0.0/8 -j DOCKER' failed: iptables: No chain/target/match by t
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables: No chain/target/match by that name.
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -D OUTPUT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -n -L DOCKER' failed: iptables: No chain/target/match by that name.
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -n -L DOCKER' failed: iptables: No chain/target/match by that name.
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -n -L DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -n -L DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -C DOCKER-ISOLATION-STAGE-1 -j RETURN' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t filter -C DOCKER-ISOLATION-STAGE-2 -j RETURN' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.600902894+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -t nat -C DOCKER -i docker0 -j RETURN' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: COMMAND_FAILED: '/sbin/iptables -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 28 00:11:21 localhost.localdomain firewalld[875]: 2021-03-28 00:11:21 ERROR: INVALID_ZONE: docker
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: time="2021-03-28T00:11:21.625370875+08:00" level=warning msg="unmountAndDeactivate: open /var/lib/docker/devicemapper/mnt: no such file or directory" storage-driver=devicemapper
Mar 28 00:11:21 localhost.localdomain dockerd[16827]: failed to start daemon: Error initializing network controller: Error creating default "bridge" network: Failed to program NAT chain: INVALID_ZONE: docker

3. systemctl start docker启动成功，但是执行docker ps提示"Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?"

]# vim /usr/lib/systemd/system/docker.service
...
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
# ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock 注释此行
# 添加下面一行
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

]# systemctl daemon-reload
]# systemctl restart docker
]# docker ps #SUCCSE