Ubuntu16.04 64bits安装docker

最新推荐文章于 2024-11-12 17:17:04 发布

原创最新推荐文章于 2024-11-12 17:17:04 发布 · 1k 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#docker

docker 专栏收录该内容

1 篇文章

订阅专栏

本文详细介绍Docker在64位Ubuntu系统上的安装步骤、配置方法及常见问题解决技巧，包括设置Docker组、调整内存配置、配置UFW防火墙转发及DNS服务器等。

首先docker需要64bits的机器，32bits的无法安装。

安装最简单的方法是：sudo apt-get update　　 sudo apt-get install docker
但这样安装，以后升级可能会升级不了，因为ubuntu的下没有docker相关的源。

更新安装包信息, 确保 APT 使用 https 协议, 同时CA 证书已经被安装.

 $ sudo apt-get update
 $ sudo apt-get install apt-transport-https ca-certificates

添加新的GPGkey

$ sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

找到合适你的Ubuntu操作系统的键，这个键决定APT将搜索哪个包

用编辑器打开 /etc/apt/sources.list.d/docker.list添加下面这句，如果不存在docker.list新建一个再添加。

deb https://apt.dockerproject.org/repo ubuntu-xenial main

注意：docker没有为所有的架构提供包，Binary artifacts are built nightly,你可以从https://master.dockerproject.org. 处下载下来。在一个多架构的系统上安装docker，为键添加一个[arch=]条款。更多细节参考Debian Multiarch维基百科。

更新APT 软件包索引

$ sudo apt-get update

清除旧的repo if it exists

$ sudo apt-get purge lxc-docker

至此，你可以使用命令apt-get upgrade, APT 从新代码库拉取代码.

这里记得upgrade一下，否则安装时会遇到无法安装，我在第一次安装时由于没有upgrade，提示安装相关包失败.

某些Ubuntu版本需要的前置操作

Ubuntu Xenial 16.04[LTS]　　Ubuntu Trusty 14.04[LTS]
　　这两个版本记得安装linux-iamge-extra-*的kernel包。这个包允许你使用aufs存储驱动。

$ sudo apt-get install linux-image-extra-$(uname -r) linux-image-extra-virtual

以上前期准备做完后，就可以安装docker

1) 更新APT包索引：sudo apt-get update
2) 安装docker：sudo apt-get install docker-engine
3) 开启docker后天进程：sudo service docker start
4) 校验docker是否安装成功：sudo docker run hello-world
这个命令会下载一个测试镜像，并且运行在一个容器中。当容器运行时，他会打印一些信息，并且退出。

下面是安装成功后，启动docker服务，下载hello-world测试镜像的log记录:

jack@jack-VirtualBox:~$ sudo service docker start 
[sudo] password for jack: 
jack@jack-VirtualBox:~$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
9a0669468bf7: Pull complete 
Digest: sha256:cf2f6d004a59f7c18ec89df311cf0f6a1c714ec924eebcbfdd759a669b90e711
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://cloud.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/engine/userguide/

可选配置

创建一个docker组

docker后台进程是绑定的Unix的socket而不是TCP端口。默认情况下，Unix的socket属于用户root，其它用户要使用要通过sudo命令。由于这个原因，docker daemon通常使用root用户运行。
为了避免使用sudo当你使用docker命令的时候，创建一个Unix组名为docker并且添加用户。当docker daemon启动，它会分配Unix socket读写权限给所属的docker组。
注意：docker组不等价于用户root，如果想要知道的更多关于安全影响，查看docker daemon attack surface。

　　sudo groupadd docker //在ubuntu16上不需要另外创建docker助，默认在安装docker是就已经建好了，可以用cat /etc/group查看下有无docker组

　　sudo usermod -aG docker $USER

退出再重进，确保该用户有正确的权限。
This ensures your user is running with the correct permissions.

确认不使用sudo可以运行docker.

$ docker run hello-world

如果提示失败信息与下面相似:

Cannot connect to the Docker daemon. Is ‘docker daemon’ running on this host?
检查 DOCKER_HOST 环境变量没有设置shell. 如果这样,重置他.

调整内存和交换区计算

When users run Docker, they may see these messages when working with an image:

WARNING: Your kernel does not support cgroup swap limit. WARNING: Your
kernel does not support swap limit capabilities. Limitation discarded.
To prevent these messages, enable memory and swap accounting on your system. Enabling memory and swap accounting does induce both a memory overhead and a performance degradation even when Docker is not in use. The memory overhead is about 1% of the total available memory. The performance degradation is roughly 10%.

To enable memory and swap on system using GNU GRUB (GNU GRand Unified Bootloader), do the following:

Log into Ubuntu as a user with sudo privileges.

Edit the /etc/default/grub file.

Set the GRUB_CMDLINE_LINUX value as follows:

GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
Save and close the file.

Update GRUB.

$ sudo update-grub
Reboot your system.

当用户运行docker时，他们可能在使用一个镜像时看见下面的信息：

　　WARNING: Your kernel does not support cgroup swap limit. WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.

　　为了阻止这些信息，在你的系统中启用内存和交换区计算。这个操作会导致即便docker没有使用也有内存开销以及性能下降。内存开销大概是总内存的1%。性能降低了大约10%。

　　修改/etc/default/grub文件。vi或者vim命令都行，设置GRUB_CMDLINE_LINUX的值，如下：GRUB_CMDLINE_LINUX=”cgroup_enable=memory swapaccount=1”。保存文件并关闭。sudo update-grub更新启动项。reboot重启你的系统。

启动UFW转发

If you use UFW (Uncomplicated Firewall) on the same host as you run Docker, you’ll need to do additional configuration. Docker uses a bridge to manage container networking. By default, UFW drops all forwarding traffic. As a result, for Docker to run when UFW is enabled, you must set UFW’s forwarding policy appropriately.

Also, UFW’s default set of rules denies all incoming traffic. If you want to reach your containers from another host allow incoming connections on the Docker port. The Docker port defaults to 2376 if TLS is enabled or 2375 when it is not. If TLS is not enabled, communication is unencrypted. By default, Docker runs without TLS enabled.

To configure UFW and allow incoming connections on the Docker port:

Log into Ubuntu as a user with sudo privileges.

Verify that UFW is installed and enabled.

$ sudo ufw status
Open the /etc/default/ufw file for editing.

$ sudo nano /etc/default/ufw
Set the DEFAULT_FORWARD_POLICY policy to:

DEFAULT_FORWARD_POLICY="ACCEPT"
Save and close the file.

Reload UFW to use the new setting.

$ sudo ufw reload
Allow incoming connections on the Docker port.

$ sudo ufw allow 2375/tcp

　　当你运行docker时，在同一台主机上使用UFW(Uncomplicated Firewall) ，你需要额外的配置。docker使用桥接方式来管理容器的网络。默认情况下，UFW废弃所有的转发流量。因此，docker运行时UFW可以使用，你必须设置合适UFW的转发规则。

　　UFW默认配置规则拒绝了所有传入流量。如果你想要从另一个主机到达你的容器需要允许连接docker的端口。docker的默认端口是2376如果TLS启用，如果没有启动则是2375,会话是不加密的。默认情况，docker运行在没有TLS启动的情况下。

　　为了配置UFW并且允许进入的连接docker端口：

　　检查UFW是否安装并启用：sudo ufw status

　　打开/etc/default/ufw文件并编辑：sudo nano /etc/default/ufw

　　设置DEFAULT_FORWARD_POLICY：DEFAULT_FORWARD_POLICY=”ACCEPT”

　　保存退出并重启使用新的设置：sudo ufw reload

　　允许所有的连接到docker端口：sudo ufw allow 2375/tcp

为使用docker配置DNS服务器

Systems that run Ubuntu or an Ubuntu derivative on the desktop typically use127.0.0.1 as the default nameserver in /etc/resolv.conf file. The NetworkManager also sets up dnsmasq to use the real DNS servers of the connection and sets up nameserver 127.0.0.1 in /etc/resolv.conf.

When starting containers on desktop machines with these configurations, Docker users see this warning:

WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containers
can't use it. Using default external servers : [8.8.8.8 8.8.4.4]
The warning occurs because Docker containers can’t use the local DNS nameserver. Instead, Docker defaults to using an external nameserver.

To avoid this warning, you can specify a DNS server for use by Docker containers. Or, you can disable dnsmasq in NetworkManager. Though, disablingdnsmasq might make DNS resolution slower on some networks.

The instructions below describe how to configure the Docker daemon running on Ubuntu 14.10 or below. Ubuntu 15.04 and above use systemd as the boot and service manager. Refer to control and configure Docker with systemd to configure a daemon controlled by systemd.

To specify a DNS server for use by Docker:

Log into Ubuntu as a user with sudo privileges.

Open the /etc/default/docker file for editing.

$ sudo nano /etc/default/docker
Add a setting for Docker.

DOCKER_OPTS="--dns 8.8.8.8"
Replace 8.8.8.8 with a local DNS server such as 192.168.1.1. You can also specify multiple DNS servers. Separated them with spaces, for example:

--dns 8.8.8.8 --dns 192.168.1.1
Warning: If you’re doing this on a laptop which connects to various networks, make sure to choose a public DNS server.

Save and close the file.

Restart the Docker daemon.

$ sudo service docker restart


Or, as an alternative to the previous procedure, disable dnsmasq in NetworkManager (this might slow your network).

Open the /etc/NetworkManager/NetworkManager.conf file for editing.

$ sudo nano /etc/NetworkManager/NetworkManager.conf
Comment out the dns=dnsmasq line:

dns=dnsmasq
保存并关闭.

重启NetworkManager 和 Docker.

$ sudo restart network-manager
$ sudo restart docker

　系统运行桌面的Ubuntu或者Ubuntu衍生产品通常使用127.0.0.1作为默认的nameserver文件/etc/resolv.conf文件中。NetworkManager也通常设置dnsmasq nameserver 127.0.0.1在/etc/resolv.conf。

　　当在桌面机器运行容器，使用这些配置时，docker的使用者会看见这些警告：

　　WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containers can’t use it. Using default external servers : [8.8.8.8 8.8.4.4]

　　这个警告发生是因为docker容器不能使用本地DNS命名服务器。此外docker默认使用一个额外的nameserver。

　　为了避免这个警告，你可以在使用docker容器的时候指定一个DNS服务器。或者你可以禁用dnsmasq在NetworkManager中。但是，禁用会导致DNS协议在某些网络中变慢。

　　下面的说明描述了如何在Ubuntu14.0或以下版本配置docker守护进程。Ubuntu15.04及之上的使用systemd用于启动项和服务管理。指导通过使用systemd来配置和控制一个守护进程。

　　设置指定的DNS服务：

　　打开/etc/default/docker文件并编辑：sudo nano /etc/default/docker，添加配置项：DOCKER_OPTS=”–dns 8.8.8.8”。将8.8.8.8用一个本地的DNS服务例如192.168.1.1替换。你也可以配置多个DNS服务器。用空格隔开它们，如：–dns 8.8.8.8 –dns 192.168.1.1。警告：当你在笔记本连接了不同网络的情况时做这些操作，确保选择一个公用的DNS服务器。保存文件并退出，重启docker守护进程：sudo service docker restart。

　　或者另一个选择，禁用dnsmasq在网络管理器中，这可能导致你的网速变慢：

　　打开/etc/NetworkManager/NetworkManager.conf文件，编辑它：sudo nano /etc/NetworkManager/NetworkManager.conf。找到行dns=dnsmasq，注释掉。保存关闭文件，重启网络管理器和docker.sudo restart network-manager sudo restart docker。
　　

配置docker引导启动

Ubuntu uses systemd as its boot and service manager 15.04 onwards andupstart for versions 14.10 and below.

For 15.04 and up, to configure the docker daemon to start on boot, run

$ sudo systemctl enable docker
For 14.10 and below the above installation method automatically configuresupstart to start the docker daemon on boot