• DOCKER学习_007:Docker的套接字介绍


    根据https://www.cnblogs.com/zyxnhr/p/11825331.html这个文章,已经可以正常安装一个docker服务

    查看Docker状态

    [root@docker-server3 ~]# systemctl status docker 

    ● docker.service - Docker Application Container Engine
       Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
       Active: active (running) since Sat 2019-11-09 11:29:15 EST; 5h 4min ago
         Docs: https://docs.docker.com
     Main PID: 73627 (dockerd)
        Tasks: 13
       Memory: 45.7M
       CGroup: /system.slice/docker.service
               └─73627 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

    在执行yum -y install docker-ce的动作的时候,已经安装好了docker的客户端和服务端

    [root@docker-server3 ~]# docker version

    Client: Docker Engine - Community       #客户端引擎社区版
     Version:           19.03.4             #版本
     API version:       1.40
     Go version:        go1.12.10
     Git commit:        9013bf583a
     Built:             Fri Oct 18 15:52:22 2019
     OS/Arch:           linux/amd64
     Experimental:      false
    
    Server: Docker Engine - Community        #服务端引擎
     Engine:
      Version:          19.03.4
      API version:      1.40 (minimum version 1.12)
      Go version:       go1.12.10
      Git commit:       9013bf583a
      Built:            Fri Oct 18 15:50:54 2019
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.2.10
      GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
     runc:
      Version:          1.0.0-rc8+dev
      GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
     docker-init:
      Version:          0.18.0
      GitCommit:        fec3683

    docker是一个C/S架构,在执行docker的指令的时候,会默认连接到自己本机的docker -deamon进程

    停止掉docker进程

    [root@docker-server3 ~]# ps -ef|grep docker

    root      73627      1  0 11:29 ?        00:00:13 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
    root      73992  73963  0 16:25 pts/1    00:00:00 vi /lib/systemd/system/docker.service

    [root@docker-server3 ~]# systemctl stop docker

    [root@docker-server3 ~]# systemctl status docker

    ● docker.service - Docker Application Container Engine
       Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
       Active: inactive (dead)
         Docs: https://docs.docker.com

    [root@docker-server3 ~]# docker version  

    Client: Docker Engine - Community
     Version:           19.03.4
     API version:       1.40
     Go version:        go1.12.10
     Git commit:        9013bf583a
     Built:             Fri Oct 18 15:52:22 2019
     OS/Arch:           linux/amd64
     Experimental:      false
    Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?   #显示无法连接Docker daemon,连接的方式是基于文件套接字连接

    客户端使用套接字连接,不需要监听任何端口,只需要读取/var/run/docker.sock这个文件

    [root@docker-server3 ~]# ll /var/run/docker.sock

    srw-rw---- 1 root docker 0 Nov  9 17:01 /var/run/docker.sock

    默认是监听本地的套接字文件,也可以使用网络套接字,需要修改启动文件

    [root@docker-server3 ~]# vi /lib/systemd/system/docker.service

    [Service]
    Type=notify
    # the default is not to use systemd for cgroups because the delegate issues still
    # exists and systemd currently does not support the cgroup feature set required
    # for containers run by docker
    ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock       #fd://  表示监听的本地套接字
    ExecReload=/bin/kill -s HUP $MAINPID
    TimeoutSec=0
    RestartSec=2
    Restart=always

    配置成成监听网络接口

    [Service]
    Type=notify
    # the default is not to use systemd for cgroups because the delegate issues still
    # exists and systemd currently does not support the cgroup feature set required
    # for containers run by docker
    ExecStart=/usr/bin/dockerd -H fd://  -H 0.0.0.0:2375 --containerd=/run/containerd/containerd.sock
    ExecReload=/bin/kill -s HUP $MAINPID
    TimeoutSec=0
    RestartSec=2
    Restart=always

    [root@docker-server3 ~]# systemctl daemon-reload

    [root@docker-server3 ~]# systemctl restart docker

    [root@docker-server3 ~]# netstat -ntlp

    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1415/master         
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      29852/sshd          
    tcp6       0      0 ::1:25                  :::*                    LISTEN      1415/master         
    tcp6       0      0 :::2375                 :::*                    LISTEN      74333/dockerd          #docker的网络套接字就配置完成
    tcp6       0      0 :::22                   :::*                    LISTEN      29852/sshd

    docker的网络套接字就配置完成,客户端就可以连接2375端口,连接docker-daemon,服务端就是开启端口,等着客户端进行访问

    [root@docker-server3 ~]# docker -H 192.168.132.133 version或者

    [root@docker-server3 ~]# docker -H 192.168.132.133:2375 version

    Client: Docker Engine - Community
     Version:           19.03.4
     API version:       1.40
     Go version:        go1.12.10
     Git commit:        9013bf583a
     Built:             Fri Oct 18 15:52:22 2019
     OS/Arch:           linux/amd64
     Experimental:      false
    
    Server: Docker Engine - Community
     Engine:
      Version:          19.03.4
      API version:      1.40 (minimum version 1.12)
      Go version:       go1.12.10
      Git commit:       9013bf583a
      Built:            Fri Oct 18 15:50:54 2019
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.2.10
      GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
     runc:
      Version:          1.0.0-rc8+dev
      GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
     docker-init:
      Version:          0.18.0
      GitCommit:        fec3683

    docker在开启网络套接字,默认是没有任何验证的,需要安全配置,否则会很危险,生产中也不会使用网络套接字来管理所有的docker客户端,默认使用本地的文件套接字管理自己的docker服务端,如果需要管理所有的docker,可以借助K8S平台进行管理


    博主声明:本文的内容来源主要来自誉天教育晏威老师,由本人实验完成操作验证,需要的博友请联系誉天教育(http://www.yutianedu.com/),获得官方同意或者晏老师(https://www.cnblogs.com/breezey/)本人同意即可转载,谢谢!

  • 相关阅读:
    lnmp+memcache+tomcat
    redis的主从搭建
    curl只取状态码
    Tomcat的优化
    pip9 安装 centos6.8
    文件的下载
    保存图片到图库更新图库
    上传图片总结
    Android 大图片预览ViewPager
    Android 软件盘 Editext 问题
  • 原文地址:https://www.cnblogs.com/zyxnhr/p/12124395.html
Copyright © 2020-2023  润新知