Docker Serials 1: 安装Docker 和 编译Base Image
来源:互联网 发布:广告图设计软件 编辑:程序博客网 时间:2024/05/16 14:08
最近,公司内部短暂的项目空档期,了解了部分Docker的内容。主要是安装试用。我是在虚拟机中安装docker。本文高深理论没有,有的是枯燥的命令行和输出结果。Installation on Redhat Enterprise Linux(RHEL) 6.5 x86_641. Install RHEL 6.5 x86_64 [Please refer to redhat offical doc.]2. Install Docker [Refers to http://docs.docker.com/installation/rhel/] Docker is available for RHEL on EPEL. Please note that this package is part of Extra Packages for Enterprise Linux (EPEL), a community effort to create and maintain additional packages for the RHEL distribution. Also note that due to the current Docker limitations, Docker is able to run only on the 64 bit architecture. You will need RHEL 6.5 or higher, with a RHEL 6 kernel version 2.6.32-431 or higher as this has specific kernel fixes to allow Docker to work. Installation Firstly, you need to install the EPEL repository. Please follow the EPEL installation instructions. (1) goto https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F (2) select 'The newest version of 'epel-release' for EL6' and goto http://mirrors.yun-idc.com/epel/6/i386/repoview/epel-release.html (3) download epel-release-6-8.noarch.rpm (4) execute command on RHEL 6.4 terminal: rpm -ivh epel-release-6-8.noarch.rpm The docker-io package provides Docker on EPEL. If you already have the (unrelated) docker package installed, it will conflict with docker-io. There's a bug report filed for it. To proceed with docker-io installation, please remove docker first. Next, let's install the docker-io package which will install Docker on our host. $ sudo yum -y install docker-io To update the docker-io package $ sudo yum -y update docker-io Now that it's installed, let's start the Docker daemon. [bruce@rhel6 ~]$ sudo service docker start Starting cgconfig service: [ OK ] Starting docker: [ OK ] [bruce@rhel6 ~]$ sudo docker info Containers: 0 Images: 0 Storage Driver: devicemapper Pool Name: docker-8:2-2625258-pool Data file: /var/lib/docker/devicemapper/devicemapper/data Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata Data Space Used: 291.5 Mb Data Space Total: 102400.0 Mb Metadata Space Used: 0.7 Mb Metadata Space Total: 2048.0 Mb Execution Driver: native-0.2 Kernel Version: 2.6.32-431.el6.x86_64 If we want Docker to start at boot, we should also: $ sudo chkconfig docker on To avoid uncertain issue on network access, I did turn off the iptables related service. $ sudo service iptables status $ sudo service ip6tables status $ sudo service iptables stop $ sudo service ip6tables stop $ sudo chkconfig iptables off $ sudo chkconfig ip6tables off 3. Make a base image from scratch (host os: RHEL 6.5 x86_64, base image os: RHEL 6.5 x86_64 ) (1) Install 'febootstrap' on your host os RHEL 6.5 x86_64 Hit: You can use command 'rpm' or GUI-style 'add/remove software' to install 'febootstrap' (2) Use 'febootstrap' to create RHEL image in a fakeroot (a) RHEL6.5 x86_64 cd content is under directory /RHEL6.5_X86_64_CD. [root@rhel6 /]# ls bin cgroup etc lib lost+found misc net proc RHEL6.5_X86_64_CD sbin srv tmp var boot dev home lib64 media mnt opt redhat root selinux sys usr [root@rhel6 /]# ls /RHEL6.5_X86_64_CD/ EFI EULA_zh RELEASE-NOTES-bn-IN.html RELEASE-NOTES-ko-KR.html RELEASE-NOTES-zh-CN.html EULA GPL RELEASE-NOTES-de-DE.html RELEASE-NOTES-ml-IN.html RELEASE-NOTES-zh-TW.html EULA_de HighAvailability RELEASE-NOTES-en-US.html RELEASE-NOTES-mr-IN.html repodata EULA_en images RELEASE-NOTES-es-ES.html RELEASE-NOTES-or-IN.html ResilientStorage EULA_es isolinux RELEASE-NOTES-fr-FR.html RELEASE-NOTES-pa-IN.html RPM-GPG-KEY-redhat-beta EULA_fr LoadBalancer RELEASE-NOTES-gu-IN.html RELEASE-NOTES-pt-BR.html RPM-GPG-KEY-redhat-release EULA_it media.repo RELEASE-NOTES-hi-IN.html RELEASE-NOTES-ru-RU.html ScalableFileSystem EULA_ja Packages RELEASE-NOTES-it-IT.html RELEASE-NOTES-si-LK.html Server EULA_ko README RELEASE-NOTES-ja-JP.html RELEASE-NOTES-ta-IN.html TRANS.TBL EULA_pt RELEASE-NOTES-as-IN.html RELEASE-NOTES-kn-IN.html RELEASE-NOTES-te-IN.html (b) Yum repository configuation for Yum tag 'rhel6.5_x86_64' is like as following: [root@rhel6 /]# cat /etc/yum.repos.d/rhel6.5_disk.repo [rhel6.5_x86_64] name=RHEL6.5_x86_64 #baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/ baseurl=file:///RHEL6.5_X86_64_CD enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [root@rhel6 /]# yum clean all Loaded plugins: product-id, refresh-packagekit, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. Cleaning repos: epel rhel6.5_x86_64 Cleaning up Everything [root@rhel6 /]# yum makecache (c) Make sure you run 'febootstrap' as root. Otherwise, you gonna walk into a world of pain with permissions in your container. [root@rhel6 /]# febootstrap -i iputils -i vim-minimal -i iproute -i bash -i coreutils -i yum rhel6.5_x86_64 redhatfile:///RHEL6.5_X86_64_CD where: [rhel6.5_x86_64]: same as Yum tag [redhat]: dictory name to hold generated files for base image [file:///RHEL6.5_X86_64_CD]: RHEL6.5 x86_64 Yum source (d) Now that we have our image in our fakeroot, we need to import it into Docker. [root@rhel6 /]# cd redhat/ [root@rhel6 redhat]# ls bin boot dev etc home lib lib64 media mnt opt proc root sbin selinux srv sys tmp usr var [root@rhel6 redhat]# tar -c . | docker import - rhel6.5_x86_64 6b4a87d0b32383bc7f461f530718cc483fcedcbc2562661a9a4e688eafa8ef61 Our newly created image is now available and ready for use. [root@rhel6 redhat]# docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE rhel6.5_x86_64 latest 6b4a87d0b323 About a minute ago 305.3 MB (e) Trial test on image [root@rhel6 redhat]# docker run -i -t rhel6.5_x86_64 /bin/bash 2014/10/20 15:10:35 Error response from daemon: Cannot start container 31c3c567937a5fd0522187c39f84224e18c5233eb3febb7a210a5e4657193b53: unable to remount sys readonly: unable to mount sys as readonly max retries reached What is wrong? [Refers to http://stackoverflow.com/questions/24304560/docker-on-centos-report-unable-to-mount-sys-as-readonly-when-run] Most probably the issue is with native execution driver. Try to switch to lxc edit /etc/sysconfig/docker file and make sure other_args contains --exec-driver=lxc Example: other_args="--exec-driver=lxc" And don't forget to restart the docker service... sudo /etc/init.d/docker restart You can see docker: [bruce@rhel6 ~]$ sudo ps -elf | grep dock 4 S root 1436 1 0 80 0 - 74064 futex_ 08:16 ? 00:00:00 /usr/bin/docker -d --exec-driver=lxc 0 S bruce 3141 2157 0 80 0 - 25814 pipe_w 10:28 pts/0 00:00:00 grep dock More than that? [Refers to http://docs.oracle.com/cd/E37670_01/E55611/html/uek3_known_issues.html] The correct operation of containers might require that you completely disable SELinux on the host system. For example, SELinux can interfere with container operation under the following conditions: - Running the halt or shutdown command from inside the container hangs the container or results in a permission denied error. (An alternate workaround is to use the init 0 command from inside the container to shut it down.) - Setting a password inside the container results in a permission denied error, even when run as root. - You want to allow ssh logins to the container. To disable SELinux on the host: - Edit the configuration file for SELinux, /etc/selinux/config and set the value of the SELINUX directive to disabled. [root@rhel6 redhat]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@rhel6 redhat]# vi /etc/selinux/config [root@rhel6 redhat]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted - Shut down and reboot the host system. Let's try again: [root@rhel6 redhat]# cat /etc/sysconfig/docker # /etc/sysconfig/docker # # Other arguments to pass to the docker daemon process # These will be parsed by the sysv initscript and appended # to the arguments list passed to docker -d other_args="" [root@rhel6 redhat]# vi /etc/sysconfig/docker [root@rhel6 redhat]# /etc/init.d/docker restart Stopping docker: [ OK ] Starting docker: [ OK ] [root@rhel6 redhat]# docker run -i -t rhel6.5_x86_64 /bin/bash lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1; continuing !!!see [About WARNING] bash-4.1# ls bin boot dev etc home lib lib64 media mnt opt proc root sbin selinux srv sys tmp usr var ...... bash-4.1# exit exit You can use another teriminal to see docker container during you run the image: [root@rhel6 Packages]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1130b0c2c518 rhel6.5_x86_64:latest /bin/bash 8 minutes ago Up 8 minutes sleepy_yonath (f) Untill now, you have an available base image. 4. Enjoy!-------------------------------------------------------------------------------------------------------------------- [About WARNING: 'lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1; continuing'] [Refers to http://docs.oracle.com/cd/E37670_01/E55611/html/uek3_known_issues.html] If a Device or resource busy - failed to set memory.use_hierarchy to 1 error message is displayed when you start a container, edit the /etc/cgconfig.conf file and add the following: group . { memory { memory.use_hierarchy = "1"; } } !!!before change: [root@rhel6 redhat]# cat /etc/cgconfig.conf mount { cpuset = /cgroup/cpuset; cpu = /cgroup/cpu; cpuacct = /cgroup/cpuacct; memory = /cgroup/memory; devices = /cgroup/devices; freezer = /cgroup/freezer; net_cls = /cgroup/net_cls; blkio = /cgroup/blkio; } !!!after change: [root@rhel6 redhat]# cat /etc/cgconfig.conf mount { cpuset = /cgroup/cpuset; cpu = /cgroup/cpu; cpuacct = /cgroup/cpuacct; memory = /cgroup/memory; devices = /cgroup/devices; freezer = /cgroup/freezer; net_cls = /cgroup/net_cls; blkio = /cgroup/blkio; } group . { memory { memory.use_hierarchy = "1"; } }
0 0
- Docker Serials 1: 安装Docker 和 编译Base Image
- Docker Serials 3: 安装应用
- Docker Serials 2: 常用命令
- 自已创建Docker Base Image
- building a centos docker base image
- 制作centos base image for docker
- Docker base
- Docker和Docker-compose安装
- docker host OS 和 the container base image OS 之间的关系
- Docker源码编译安装
- docker image保存和恢复
- Docker中的image和container
- docker-image
- docker image
- Docker(1)-- 如何安装Docker
- Docker学习1_CentOS6下docker的安装和使用
- docker安装和启动
- docker 安装和常用命令
- C基础----控制流程
- 【并发编程】ThreadPoolExecutor参数详解
- 求圆的面积1【Java】
- Qt_OpenGL小探1
- android系统字体调到超大后显示不全
- Docker Serials 1: 安装Docker 和 编译Base Image
- Monkey源码分析番外篇之WindowManager注入事件如何跳出进程间安全限制
- Java 使用JSP页面生成随机验证码
- 如何在Android用FFmpeg+SDL2.0之同步视频
- Linux学习笔记之VI(VIM)编辑器
- CPP(十一):STL实现的底层数据结构简介
- source insight 3.5字体设置
- 大规模网站架构的缓存机制和几何分形学
- 黑马程序员--------异常处理和常用类