1、搭建docker环境
yum install docker lxc libcgroup docker-io bridge-utils
vim /etc/docker/daemon.json
{
"log-level":"warn",
"runtimes": {
"docker-runc": {
"path": "/usr/libexec/docker/docker-runc-current"
}
},
"add-runtime": "docker-runc=/usr/libexec/docker/docker-runc-current",
"default-runtime": "docker-runc",
"insecure-registries":["127.0.0.1:5000”] #IP为本地仓库所在的IP
}
cd /usr/bin
ln -s docker-runc-current docker-runc
cd /usr/libexec/docker/
ln -s docker-runc-current docker-runc
启动docker 守护进程
nohup dockerd &
搭建一个本地仓库
docker run -d -p 5000:5000 -v /data/docker/images:/var/lib/registry --name registry --restart=always registry
-p 指定端口
-v 指定物理服务与docker环境的对应目录
—name 指定仓库名
—restart 重启容器
2、创建镜像
docker build —build-arg key=valoune -t tagname .
Dockerfile 编写
FROM image name
ENV 设置环境变量
RUN 运行脚本
VOLUME 设置逻辑卷
CMD 镜像启动时运行的脚本
4、docker跨主机的容器通信(Flannel)
主机1
停用防火墙
systemctl disable firewall.service
systemctl stop firewall.service
安装etcd
yum install etcd -y
cp /etc/etcd/etcd.conf /etc/etcd/etcd.conf.bak
编辑etcd.conf
#[Member]
#ETCD_CORS=""
ETCD_DATA_DIR="/var/lib/etcd/default.etcd” #数据存放位置
#ETCD_WAL_DIR=""
#ETCD_LISTEN_PEER_URLS="
http://localhost:2380”
ETCD_LISTEN_CLIENT_URLS="
http://0.0.0.0:2379,http://0.0.0.0:4001” #监听客户端地址
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
ETCD_NAME=master #节点名称
#ETCD_SNAPSHOT_COUNT="100000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_QUOTA_BACKEND_BYTES="0"
#ETCD_MAX_REQUEST_BYTES="1572864"
#ETCD_GRPC_KEEPALIVE_MIN_TIME="5s"
#ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s"
#ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"
#
#[Clustering]
#ETCD_INITIAL_ADVERTISE_PEER_URLS="
http://localhost:2380"
ETCD_ADVERTISE_CLIENT_URLS="
http://172.0.0.1:2379” #通知客户端地址
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_DISCOVERY_SRV=""
#ETCD_INITIAL_CLUSTER="default=
http://localhost:2380"
#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
#ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_STRICT_RECONFIG_CHECK="true"
#ETCD_ENABLE_V2="true"
#
#[Proxy]
#ETCD_PROXY="off"
#ETCD_PROXY_FAILURE_WAIT="5000"
#ETCD_PROXY_REFRESH_INTERVAL="30000"
#ETCD_PROXY_DIAL_TIMEOUT="1000"
#ETCD_PROXY_WRITE_TIMEOUT="5000"
#ETCD_PROXY_READ_TIMEOUT="0"
#
#[Security]
#ETCD_CERT_FILE=""
#ETCD_KEY_FILE=""
#ETCD_CLIENT_CERT_AUTH="false"
#ETCD_TRUSTED_CA_FILE=""
#ETCD_AUTO_TLS="false"
#ETCD_PEER_CERT_FILE=""
#ETCD_PEER_KEY_FILE=""
#ETCD_PEER_CLIENT_CERT_AUTH="false"
#ETCD_PEER_TRUSTED_CA_FILE=""
#ETCD_PEER_AUTO_TLS="false"
#
#[Logging]
#ETCD_DEBUG="false"
#ETCD_LOG_PACKAGE_LEVELS=""
#ETCD_LOG_OUTPUT="default"
#
#[Unsafe]
#ETCD_FORCE_NEW_CLUSTER="false"
#
#[Version]
#ETCD_VERSION="false"
#ETCD_AUTO_COMPACTION_RETENTION="0"
#
#[Profiling]
#ETCD_ENABLE_PPROF="false"
#ETCD_METRICS="basic"
#
#[Auth]
#ETCD_AUTH_TOKEN=“simple"
启动etcd
systemctl start etcd
验证是否成功
ps -ef|grep etcd
lsof -i:2379
etcdctl set testdir/testkey0 0
etcdctl get testdir/testkey0
etcdctl -C
http://172.0.0.1:2379 cluster-health
主机2 安装Flannel
安装覆盖网络Flannel
yum install flannel
cp /etc/sysconfig/flanneld /etc/sysconfig/flanneld.bak
vim /etc/sysconfig/flanneld
FLANNEL_ETCD_ENDPOINTS="
http://172.0.0.1:2379”
FLANNEL_ETCD_PREFIX="/atomic.io/network”
etcdctl mk /atomic.io/network/config '{ "Network": “172.31.1.0/22" }’
托管docker 的docker0
cd /usr/libexec/flannel
./mk-docker-opts.sh
source /run/flannel/subnet.env
docker daemon --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} &
容器之间网络互通
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -L -n