13.docker部署 - 技术栈

文章目录

Docker部署
- 安装Docker
- - [ALL IN ONE 部署](#ALL IN ONE 部署)
  - C/S分离部署
  - - [docker server端配置](#docker server端配置)
    - [docker client端配置](#docker client端配置)
- Docker工作原理
总结

Docker部署

环境选择

容器需要管理工具、runtime 和操作系统，我们的选择如下：

管理工具 - Docker Engine，Docker 最流行使用最广泛。
runtime - runc，Docker 的默认 runtime
操作系统 - CentOS Stream8

安装操作系统

准备一台装有CentOS8系统的虚拟机，命名为docker，并配置静态IP 192.168.108.30，主机名改为docker

bash 复制代码

[root@localhost ~]# hostnamectl set-hostname docker
[root@localhost ~]# nmcli connection modify ens160 ipv4.method manual ipv4.addresses 192.168.108.30/24 ipv4.gateway 192.168.108.2 ipv4.dns 192.168.108.2 autoconnect yes
[root@localhost ~]# nmcli con up ens160

安装Docker

Docker 支持几乎所有的 Linux 发行版，也支持 Mac 和 Windows。各操作系统的安装方法可以访问：https://docs.docker.com/engine/installation/

卸载旧版本（可选）

bash 复制代码

[root@docker ~]# yum remove docker-ce

安装必要工具

安装命令可以在阿里云或者华为云网站镜像服务部分搜索docker查询安装教程

bash 复制代码

# devicemapper 存储驱动已经在 docker 18.09 版本中被废弃，所以在后续的安Docker装中无需安装devicemapper支持。
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 vim      
[root@localhost ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@localhost ~]# yum makecache

ALL IN ONE 部署

C/S部署在同一台机器（server和client）

bash 复制代码

[root@docker ~]# yum -y install docker-ce 
#启动Docker
[root@docker ~]# systemctl start docker
#设置Docker守护进程在系统启动时自动启动
[root@docker ~]# systemctl enable docker

验证安装

bash 复制代码

[root@docker ~]# docker --version
Docker version 26.1.3, build b72abbb

[root@docker ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2025-09-03 13:51:07 CST; 36s ago
     Docs: https://docs.docker.com
 Main PID: 1813 (dockerd)
    Tasks: 10
   Memory: 135.7M
   CGroup: /system.slice/docker.service
           └─1813 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

配置镜像加速器（阿里云）

阿里云官网：阿里云-计算，为了无法计算的价值

登陆
产品
容器
容器镜像服务ACR
管理控制台
镜像工具 -> 镜像加速器
选择自己使用的系统版本，参考造作文档

bash 复制代码

[root@docker ~]# sudo mkdir -p /etc/docker

[root@docker ~]# sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://3ojsoogx.mirror.aliyuncs.com"]
}
EOF

[root@docker ~]# sudo systemctl daemon-reload
[root@docker ~]# sudo systemctl restart docker

#检查镜像加速器配置
[root@docker ~]# docker info
Client: Docker Engine - Community
 Version:    26.1.3
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.14.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.27.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 26.1.3
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
 Kernel Version: 4.18.0-553.6.1.el8.x86_64
 Operating System: CentOS Stream 8
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 7.486GiB
 Name: docker
 ID: 96160847-9a97-40f4-997c-d12efaaef738
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  `https://3ojsoogx.mirror.aliyuncs.com/               <---看这
 Live Restore Enabled: false

配置镜像加速器（华为云）

华为云官网：行业AI先锋-华为云

登陆
产品
容器
容器镜像服务SWR
控制台
镜像资源 -> 镜像中心 -> 镜像加速器
选择自己使用的系统版本，参考造作文档

bash 复制代码

[root@docker ~]# vi /etc/docker/daemon.json
{
    "registry-mirrors": [ "https://910c20a65ff847f58b3893f2153f8612.mirror.swr.myhuaweicloud.com" ]
}
# 按"Esc"，输入:wq保存并退出。

#重启容器引擎
[root@docker ~]# systemctl restart docker

#确认配置结果
[root@docker ~]# docker info
Client: Docker Engine - Community
 Version:    26.1.3
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.14.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.27.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 26.1.3
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
 Kernel Version: 4.18.0-553.6.1.el8.x86_64
 Operating System: CentOS Stream 8
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 7.486GiB
 Name: docker
 ID: 96160847-9a97-40f4-997c-d12efaaef738
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  `https://910c20a65ff847f58b3893f2153f8612.mirror.swr.myhuaweicloud.com/   <---看这
 Live Restore Enabled: false

运行第一个容器

环境准备就绪，运行第一个容器进行测试

bash 复制代码

[root@docker ~]# docker run hello-world

其过程可以简单的描述为：

从本地查找hello-wrold镜像，没找到
从 Docker Hub 下载hello-world镜像。
启动hello-world容器。

清空刚才的实验环境：

bash 复制代码

[root@docker ~]# docker rm -f $(docker ps -aq)        #删除所有容器

[root@docker ~]# docker rmi -f hello-world           #删除镜像hello-world

测试没有问题，关机拍摄快照

运行第二个容器

bash 复制代码

[root@docker ~]# docker run -d -p 80:80 httpd
Unable to find image 'httpd:latest' locally
latest: Pulling from library/httpd
0e4bc2bd6656: Pull complete 
4742a9e996d1: Pull complete 
4f4fb700ef54: Pull complete 
87a14f083967: Pull complete 
9cd0271fa751: Pull complete 
5b4d5959fc75: Pull complete 
Digest: sha256:f9b88f3f093d925525ec272bbe28e72967ffe1a40da813fe84df9fcb2fad3f30
Status: Downloaded newer image for httpd:latest
dac28c76b4d7301331e5bf950e4fb2bdd17abafe80c17e630e72cafcc3b3ee5b

-d：后台运行

-p：绑定端口

其过程可以简单的描述为：

从 Docker Hub 下载 httpd 镜像。镜像中已经安装好了 Apache HTTP Server。
启动 httpd 容器，并将容器的 80 端口映射到 host 的 80 端口。

下面我们通过浏览器来测试我们的容器能否正常工作，在浏览器输入 http://[your host or IP]

可以访问容器的 http 服务了，第二个容器运行成功！我们轻轻松松就拥有了一个 WEB 服务器。

C/S分离部署

基于CentOS-Stream-8模板制作.pdf这个实验手册做出来的模板克隆两个虚拟机命名为docker_client和docker_server

docker server端配置

配置ip 192.168.108.30

配置hostname docker_server

bash 复制代码

[root@localhost ~]# hostnamectl set-hostname docker_server
[root@localhost ~]# nmcli connection modify ens160 ipv4.method manual ipv4.addresses 192.168.108.30/24 ipv4.gateway 192.168.108.2 ipv4.dns 192.168.108.2 autoconnect yes
[root@localhost ~]# nmcli con up ens160

安装必要软件

bash 复制代码

[root@docker_server ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 vim      
[root@localhost ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@docker_server ~]# yum makecache
[root@docker_server ~]# yum install -y docker-ce
[root@docker_server ~]# systemctl enable docker.service --now
[root@docker_server ~]# vi /etc/docker/daemon.json
{
    "registry-mirrors": [ "https://054b8ac70e8010d90f2ac00ef29e6580.mirror.swr.myhuaweicloud.com" ]
}
# 按"Esc"，输入:wq保存并退出。

#重启容器引擎
[root@docker_server ~]# systemctl restart docker

配置服务

bash 复制代码

[root@docker_server ~]# vim /usr/lib/systemd/system/docker.service
# 在ExecStart参数中最后添加 -H tcp://0.0.0.0:2375
# docker默认监听2375
[Service]
... ...
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:2375
... ...

[root@docker_server ~]# systemctl daemon-reload
[root@docker_server ~]# systemctl restart docker.service
[root@docker_server ~]# systemctl stop firewalld

验证

bash 复制代码

[root@docker_server ~]# yum install lsof

[root@docker_server ~]# lsof -i :2375
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
dockerd 5440 root    3u  IPv6  44991      0t0  TCP *:docker (LISTEN)

docker client端配置

配置ip 192.168.108.31

bash 复制代码

[root@localhost ~]# hostnamectl set-hostname docker_client
[root@localhost ~]# nmcli connection modify ens160 ipv4.method manual ipv4.addresses 192.168.108.31/24 ipv4.gateway 192.168.108.2 ipv4.dns 192.168.108.2 autoconnect yes
[root@localhost ~]# nmcli con up ens160

只安装docker客户端

bash 复制代码

[root@docker-client ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 vim      
[root@docker-client ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@docker-client ~]# yum makecache
[root@docker-client ~]# yum install -y docker-ce-cli

验证

bash 复制代码

[root@docker_client ~]# docker run hello-world          #client直接执行报错，没有装服务端
docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.

# client端连接server端执行命令
[root@docker-client ~]# docker -H 192.168.108.30 run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/
 
[root@docker-client ~]# docker -H 192.168.108.30 images 
REPOSITORY    TAG       IMAGE ID       CREATED         SIZE
hello-world   latest    d2c94e258dcb   17 months ago   13.3kB
#这里也可以切换到Server端查看现象

说明：client只做管理，image和container存储在server端。

Docker工作原理

还记得我们运行的第二个容器吗？现在通过它来体会一下 Docker 各个组件是如何协作的。

容器启动过程如下：

bash 复制代码

[root@docker ~]# docker run -d -p 80:80 httpd   ------1
Unable to find image 'httpd:latest' locally     ------2
latest: Pulling from library/httpd
0e4bc2bd6656: Pull complete                     ------3
4742a9e996d1: Pull complete 
4f4fb700ef54: Pull complete 
87a14f083967: Pull complete 
9cd0271fa751: Pull complete 
5b4d5959fc75: Pull complete 
Digest: sha256:f9b88f3f093d925525ec272bbe28e72967ffe1a40da813fe84df9fcb2fad3f30
Status: Downloaded newer image for httpd:latest ------4
dac28c76b4d7301331e5bf950e4fb2bdd17abafe80c17e630e72cafcc3b3ee5b ------5

docker 客户端执行 docker run命令
docker daemon （守护进程）发现本地没有httpd镜像
daemon 从 docker hub 上下载镜像
下载完成，镜像httpd 被保存在本地
docker daemon 启动容器

可以通过docker images查看本地的下载的镜像，比如刚才的httpd

bash 复制代码

[root@docker ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
httpd        latest    c00bfb4edfeb   7 days ago   117MB

通过docker ps或者docker container ls显示正在运行的容器

总结

这里接介绍完了两种docker部署的模式，一般我们实验室环境使用all in one 部署，更方便我们做实验进行学习，另外一种C/S分离部署可能运用在生产环境中，所以这里也提一下，扩展我们的知识面，后面我们可以正式进入docker的学习了