20260508 docker教案

docker教案

一、安装docker

1.1 环境选择

1.1.2 容器需要管理工具、runtime 和操作系统，我们的选择如下：

1. 管理工具 - Docker Engine，Docker 最流行使用最广泛。
2. runtime - runc，Docker 的默认 runtime
3. 操作系统 - CentOS Stream8

1.1.3 安装操作系统

基于 CentOS-Stream-8模板制作.pdf 这个实验手册做出来的模板克隆一个虚拟机命名为docker，并配置

静态IP 192.168.108.30，主机名改为docker

[root@localhost ~]# hostnamectl set-hostname docker
[root@localhost ~]# nmcli connection modify ens160 ipv4.method manual 
ipv4.addresses 192.168.108.30/24 ipv4.gateway 192.168.108.2 ipv4.dns 
192.168.108.2 autoconnect yes
[root@localhost ~]# nmcli con up ens160

1.2 安装 Docker

1.2.1 安装必要工具

# devicemapper 存储驱动已经在 docker 18.09 版本中被废弃，所以在后续的安Docker装中无需安装
devicemapper支持。
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 
vim      
[root@localhost ~]# yum-config-manager --add-repo 
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/dockerce.repo
[root@localhost
 ~]# yum makecache
Docker CE Stable - x86_64                                                         
                    57 kB/s |  66 kB     00:01
CentOS Stream 8 - BaseOS                                                         
                    8.3 kB/s | 3.9 kB     00:00
CentOS Stream 8 - AppStream                                                       
                   9.8 kB/s | 4.4 kB     00:00
Metadata cache created.

1.2.2 allinone部署

安装软件

[root@docker ~]# yum install -y docker-ce

1.2.3 配置服务

[root@docker ~]# systemctl enable docker.service --now

1.2.4 验证安装

查看docker版本

[root@docker ~]# docker --version
Docker version 26.1.3, build b72abbb

1.2.5 验证docker状态

[root@docker ~]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor 
preset: disabled)
   Active: active (running) since Wed 2025-09-03 13:51:07 CST; 36s ago
     Docs: https://docs.docker.com
 Main PID: 1813 (dockerd)
   Tasks: 10
   Memory: 135.7M
   CGroup: /system.slice/docker.service
           └─1813 /usr/bin/dockerd -H fd:// --
containerd=/run/containerd/containerd.sock

二、配置镜像加速器(华为云)

去华为云官网配置地址

#  WWW.huaweicloud.com 创建出来的自己的华为云镜像加速器
{
    "registry-mirrors": [ "https://019e0631343179d8a40e9fc7553ac824.mirror.swr.myhuaweicloud.com" ]
}
[root@docker ~ 14:19:08]# vim /etc/docker/daemon.json

[root@docker ~ 14:19:08]# cat /etc/docker/daemon.json 
{
    "registry-mirrors": [ "https://019e0631343179d8a40e9fc7553ac824.mirror.swr.myhuaweicloud.com" ]
}
# 按"Esc"，输入:wq保存并退出。
# 重启容器引擎
[root@docker ~ 14:16:50]# systemctl restart docker

# 确认配置结果
[root@docker ~ 14:16:55]# docker info
Client: Docker Engine - Community
 Version:    26.1.3
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.14.0
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.27.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 26.1.3
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8b3b7ca2e5ce38e8f31a34f35b2b68ceb8470d89
 runc version: v1.1.12-0-g51d5e94
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
 Kernel Version: 4.18.0-553.6.1.el8.x86_64
 Operating System: CentOS Stream 8
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 3.549GiB
 Name: docker
 ID: 34074b80-3e84-4358-a80b-b728b68c69f6
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  https://019e0631343179d8a40e9fc7553ac824.mirror.swr.myhuaweicloud.com/
 Live Restore Enabled: false

2.1 运行第一个容器

环境就绪，马上运行第一个容器，执行命令：

[root@docker ~ 14:17:00]# docker run hello-world
Unable to find image 'hello-world:latest' locally  # !!!!!!!!!!!!
latest: Pulling from library/hello-world
4f55086f7dd0: Pull complete   #### !!!!!!!!!!!!!!!!
Digest: sha256:f9078146db2e05e794366b1bfe584a14ea6317f44027d10ef7dad65279026885
Status: Downloaded newer image for hello-world:latest

Hello from Docker!   ##### !!!!!!!!!!!!!!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

2.2 其过程可以简单的描述为：

1. 从本地查找hello-wrold镜像，没找到
2. 从 Docker Hub 下载hello-world镜像。
3. 启动hello-world容器。

2.3 清空刚才的实验环境：

[root@docker ~ 14:22:16]# docker rm -f $(docker ps -aq)     
b239d988404f
199a04ded9b1    #删除所有容器

[root@docker ~ 14:26:10]# docker rmi -f hello-world
Untagged: hello-world:latest
Untagged: hello-world@sha256:f9078146db2e05e794366b1bfe584a14ea6317f44027d10ef7dad65279026885
Deleted: sha256:e2ac70e7319a02c5a477f5825259bd118b94e8b02c279c67afa63adab6d8685b
Deleted: sha256:897b3f2a7c1bc2f3d02432f7892fe31c6272c521ad4d70257df624504a3238b4  #删除镜像hello-world

2.4 此刻docker环境没有问题了，关机拍摄快照 !!!

三 、docker C/S分离部署

基于 CentOS-Stream-8模板制作.pdf 这个实验手册做出来的模板克隆虚拟机命名为docker_client和
docker_server

3.1 docker server端配置

配置ip 192.168.108.30
配置hostname docker_server

[root@localhost ~]# hostnamectl set-hostname docker_server
[root@localhost ~]# nmcli connection modify ens160 ipv4.method manual 
ipv4.addresses 192.168.108.30/24 ipv4.gateway 192.168.108.2 ipv4.dns 
192.168.108.2 autoconnect yes
[root@localhost ~]# nmcli con up ens160

3.1.1 安装软件

[root@docker_server ~ 15:04:46]# yum install -y yum-utils device-mapper-persistent-data lvm2 vim
Last metadata expiration check: 2:47:43 ago on Fri 08 May 2026 12:17:11 PM CST.
Package yum-utils-4.0.21-25.el8.noarch is already installed.
Package device-mapper-persistent-data-0.9.0-7.el8.x86_64 is already installed.
Package lvm2-8:2.03.14-14.el8.x86_64 is already installed.
Package vim-enhanced-2:8.0.1763-19.el8.4.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

[root@docker_server ~ 15:05:15]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@docker_server ~ 15:05:40]# yum makecache

[root@docker_server ~ 15:05:57]# yum install -y docker-ce
Last metadata expiration check: 0:00:14 ago on Fri 08 May 2026 03:05:56 PM CST.
Package docker-ce-3:26.1.3-1.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

[root@docker_server ~ 15:06:32]# systemctl enable docker.service --now
[root@docker_server ~ 15:07:16]# vim /etc/docker/daemon.json 
[root@docker_server ~ 15:07:30]# cat /etc/docker/daemon.json 
{
    "registry-mirrors": [ "https://019e0631343179d8a40e9fc7553ac824.mirror.swr.myhuaweicloud.com" ]
}
# 按"Esc"，输入:wq保存并退出。
#重启容器引擎
[root@docker_server ~ 15:07:49]# systemctl restart docker

3.1.2 配置服务

[root@docker_server ~ 15:08:40]# vim /usr/lib/systemd/system/docker.service
# 在ExecStart参数中最后添加 -H tcp://0.0.0.0:2375，docker默认监听2375
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock 
-H tcp://0.0.0.0:2375
[root@docker_server ~ 15:10:34]# systemctl daemon-reload
[root@docker_server ~ 15:10:47]# systemctl restart docker.service
[root@docker_server ~ 15:11:24]# systemctl stop firewalld

3.1.3 验证

[root@docker_server ~ 15:11:40]# yum install lsof
[root@docker_server ~ 15:12:07]# lsof -i :2375
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
dockerd 2244 root    3u  IPv6  39455      0t0  TCP *:docker (LISTEN)

3.2 docker_client端

配置ip 192.168.108.31

[root@localhost ~]# hostnamectl set-hostname docker_client
[root@localhost ~]# nmcli connection modify ens160 ipv4.method manual 
ipv4.addresses 192.168.108.31/24 ipv4.gateway 192.168.108.2 ipv4.dns 
192.168.108.2 autoconnect yes
[root@localhost ~]# nmcli con up ens160

3.1 只安装docker客户端

root@docker_client ~ 15:03:37]# yum install -y yum-utils device-mapper-persistent-data lvm2 vim
Last metadata expiration check: 2:56:01 ago on Fri 08 May 2026 12:17:11 PM CST.
Package yum-utils-4.0.21-25.el8.noarch is already installed.
Package device-mapper-persistent-data-0.9.0-7.el8.x86_64 is already installed.
Package lvm2-8:2.03.14-14.el8.x86_64 is already installed.
Package vim-enhanced-2:8.0.1763-19.el8.4.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@docker_client ~ 15:13:14]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@docker_client ~ 15:13:25]# yum makecache
[root@docker_client ~ 15:13:37]# yum install -y docker-ce-cli
Last metadata expiration check: 0:00:17 ago on Fri 08 May 2026 03:13:36 PM CST.
Package docker-ce-cli-1:26.1.3-1.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

3.2 验证

[root@docker_client ~ 15:13:54]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
4f55086f7dd0: Pull complete 
Digest: sha256:f9078146db2e05e794366b1bfe584a14ea6317f44027d10ef7dad65279026885
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/
 
# client端连接server端执行命令
[root@docker_client ~ 15:14:16]# docker -H 192.168.108.30 run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
4f55086f7dd0: Pull complete 
Digest: sha256:f9078146db2e05e794366b1bfe584a14ea6317f44027d10ef7dad65279026885
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

[root@docker_client ~ 15:15:01]# docker -H 192.168.108.30 images
REPOSITORY    TAG       IMAGE ID       CREATED       SIZE
hello-world   latest    e2ac70e7319a   6 weeks ago   10.1kB
#这里也可以切换到Server端查看现象

说明：client只做管理，image和container存储在server端。