金山老师的笔记
介绍
利用docker提供的API访问docker 在远端操作容器的创建、部署、启动、停止等。
安装
安装Docker服务,此处不做过多介绍,参考上一个笔记。
开启远程访问
本次基于安装的Docker基本信息如下
shell
[root@localhost ~]# docker version
Client: Docker Engine - Community
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:55:49 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:54:13 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b63
docker-init:
Version: 0.19.0
GitCommit: de40ad0首先编辑docker的宿主机文件 /lib/systemd/system/docker.service
修改以ExecStart开头的行
ini
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock编辑后文件内容如下:
ini
[root@localhost ~]# cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target修改后保存文件,然后通知docker服务做出的修改
sh
systemctl daemon-reload重启docker服务
sh
service docker restart接下来测试一下看是否能连接到docker api。上面的2375就是对应端口
sh
[root@localhost ~]# curl http://192.168.3.8:2375/version
{"Platform":{"Name":"Docker Engine - Community"},"Components":[{"Name":"Engine","Version":"20.10.8","Details":{"ApiVersion":"1.41","Arch":"amd64","BuildTime":"2021-07-30T19:54:13.000000000+00:00","Experimental":"false","GitCommit":"75249d8","GoVersion":"go1.16.6","KernelVersion":"3.10.0-1160.el7.x86_64","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"containerd","Version":"1.4.9","Details":{"GitCommit":"e25210fe30a0a703442421b0f60afac609f950a3"}},{"Name":"runc","Version":"1.0.1","Details":{"GitCommit":"v1.0.1-0-g4144b63"}},{"Name":"docker-init","Version":"0.19.0","Details":{"GitCommit":"de40ad0"}}],"Version":"20.10.8","ApiVersion":"1.41","MinAPIVersion":"1.12","GitCommit":"75249d8","GoVersion":"go1.16.6","Os":"linux","Arch":"amd64","KernelVersion":"3.10.0-1160.el7.x86_64","BuildTime":"2021-07-30T19:54:13.000000000+00:00"}
[root@localhost ~]#此时本级可以访问,如果其他机器访问的话可能2375端口没有开放,需要在防火墙中打开添加2375端口tcp放行。
sh
#添加2375端口
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=2375/tcp
success
#防火墙重启
[root@localhost ~]# firewall-cmd --reload
success
#查看开放的端口
[root@localhost ~]# firewall-cmd --permanent --zone=public --list-ports
2375/tcp使用另外一个机器内网浏览器访问http://192.168.3.8:2375/version,此时 192.168.3.8是我的docker所在机器的ip地址
