DOCKER学习_007:Docker的套接字介绍

根据https://www.cnblogs.com/zyxnhr/p/11825331.html这个文章，已经可以正常安装一个docker服务

查看Docker状态

[root@docker-server3 ~]# systemctl status docker　

● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2019-11-09 11:29:15 EST; 5h 4min ago
     Docs: https://docs.docker.com
 Main PID: 73627 (dockerd)
    Tasks: 13
   Memory: 45.7M
   CGroup: /system.slice/docker.service
           └─73627 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

在执行yum -y install docker-ce的动作的时候，已经安装好了docker的客户端和服务端

[root@docker-server3 ~]# docker version

Client: Docker Engine - Community       #客户端引擎社区版
 Version:           19.03.4             #版本
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        9013bf583a
 Built:             Fri Oct 18 15:52:22 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community        #服务端引擎
 Engine:
  Version:          19.03.4
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.10
  Git commit:       9013bf583a
  Built:            Fri Oct 18 15:50:54 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

docker是一个C/S架构，在执行docker的指令的时候，会默认连接到自己本机的docker -deamon进程

停止掉docker进程

[root@docker-server3 ~]# ps -ef|grep docker

root      73627      1  0 11:29 ?        00:00:13 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root      73992  73963  0 16:25 pts/1    00:00:00 vi /lib/systemd/system/docker.service

[root@docker-server3 ~]# systemctl stop docker

[root@docker-server3 ~]# systemctl status docker

● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: https://docs.docker.com

[root@docker-server3 ~]# docker version　　

Client: Docker Engine - Community
 Version:           19.03.4
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        9013bf583a
 Built:             Fri Oct 18 15:52:22 2019
 OS/Arch:           linux/amd64
 Experimental:      false
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?   #显示无法连接Docker daemon，连接的方式是基于文件套接字连接

客户端使用套接字连接，不需要监听任何端口，只需要读取/var/run/docker.sock这个文件

[root@docker-server3 ~]# ll /var/run/docker.sock

srw-rw---- 1 root docker 0 Nov  9 17:01 /var/run/docker.sock

默认是监听本地的套接字文件，也可以使用网络套接字，需要修改启动文件

[root@docker-server3 ~]# vi /lib/systemd/system/docker.service

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock       #fd://  表示监听的本地套接字
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

配置成成监听网络接口

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd://  -H 0.0.0.0:2375 --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

[root@docker-server3 ~]# systemctl daemon-reload

[root@docker-server3 ~]# systemctl restart docker

[root@docker-server3 ~]# netstat -ntlp

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1415/master         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      29852/sshd          
tcp6       0      0 ::1:25                  :::*                    LISTEN      1415/master         
tcp6       0      0 :::2375                 :::*                    LISTEN      74333/dockerd          #docker的网络套接字就配置完成
tcp6       0      0 :::22                   :::*                    LISTEN      29852/sshd

docker的网络套接字就配置完成，客户端就可以连接2375端口，连接docker-daemon，服务端就是开启端口，等着客户端进行访问

[root@docker-server3 ~]# docker -H 192.168.132.133 version或者

[root@docker-server3 ~]# docker -H 192.168.132.133:2375 version

Client: Docker Engine - Community
 Version:           19.03.4
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        9013bf583a
 Built:             Fri Oct 18 15:52:22 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.4
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.10
  Git commit:       9013bf583a
  Built:            Fri Oct 18 15:50:54 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

docker在开启网络套接字，默认是没有任何验证的，需要安全配置，否则会很危险，生产中也不会使用网络套接字来管理所有的docker客户端，默认使用本地的文件套接字管理自己的docker服务端，如果需要管理所有的docker，可以借助K8S平台进行管理

---

博主声明：本文的内容来源主要来自誉天教育晏威老师，由本人实验完成操作验证，需要的博友请联系誉天教育（http://www.yutianedu.com/），获得官方同意或者晏老师（https://www.cnblogs.com/breezey/）本人同意即可转载，谢谢！