Docker Serials 1: 安装Docker 和 编译Base Image

最近，公司内部短暂的项目空档期，了解了部分Docker的内容。主要是安装试用。我是在虚拟机中安装docker。本文高深理论没有，有的是枯燥的命令行和输出结果。Installation on Redhat Enterprise Linux(RHEL) 6.5 x86_641. Install RHEL 6.5 x86_64   [Please refer to redhat offical doc.]2. Install Docker  [Refers to http://docs.docker.com/installation/rhel/]   Docker is available for RHEL on EPEL. Please note that this package is part of Extra Packages for Enterprise Linux (EPEL), a community effort to create and maintain additional packages for the RHEL distribution.  Also note that due to the current Docker limitations, Docker is able to run only on the 64 bit architecture.  You will need RHEL 6.5 or higher, with a RHEL 6 kernel version 2.6.32-431 or higher as this has specific kernel fixes to allow Docker to work.  Installation  Firstly, you need to install the EPEL repository. Please follow the EPEL installation instructions.    (1) goto https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F    (2) select 'The newest version of 'epel-release' for EL6' and goto http://mirrors.yun-idc.com/epel/6/i386/repoview/epel-release.html    (3) download epel-release-6-8.noarch.rpm    (4) execute command on RHEL 6.4 terminal: rpm -ivh epel-release-6-8.noarch.rpm  The docker-io package provides Docker on EPEL.  If you already have the (unrelated) docker package installed, it will conflict with docker-io. There's a bug report filed for it. To proceed with docker-io installation, please remove docker first.  Next, let's install the docker-io package which will install Docker on our host.    $ sudo yum -y install docker-io    To update the docker-io package    $ sudo yum -y update docker-io  Now that it's installed, let's start the Docker daemon.    [bruce@rhel6 ~]$ sudo service docker start    Starting cgconfig service:                                 [  OK  ]    Starting docker:                                           [  OK  ]    [bruce@rhel6 ~]$ sudo docker info    Containers: 0    Images: 0    Storage Driver: devicemapper     Pool Name: docker-8:2-2625258-pool     Data file: /var/lib/docker/devicemapper/devicemapper/data     Metadata file: /var/lib/docker/devicemapper/devicemapper/metadata     Data Space Used: 291.5 Mb     Data Space Total: 102400.0 Mb     Metadata Space Used: 0.7 Mb     Metadata Space Total: 2048.0 Mb    Execution Driver: native-0.2    Kernel Version: 2.6.32-431.el6.x86_64  If we want Docker to start at boot, we should also:    $ sudo chkconfig docker on  To avoid uncertain issue on network access, I did turn off the iptables related service.    $ sudo service iptables status    $ sudo service ip6tables status    $ sudo service iptables stop    $ sudo service ip6tables stop    $ sudo chkconfig iptables off    $ sudo chkconfig ip6tables off    3. Make a base image from scratch (host os: RHEL 6.5 x86_64, base image os: RHEL 6.5 x86_64 )  (1) Install 'febootstrap' on your host os RHEL 6.5 x86_64    Hit: You can use command 'rpm' or GUI-style 'add/remove software' to install 'febootstrap'  (2) Use 'febootstrap' to create RHEL image in a fakeroot     (a) RHEL6.5 x86_64 cd content is under directory /RHEL6.5_X86_64_CD.        [root@rhel6 /]# ls        bin   cgroup  etc   lib    lost+found  misc  net  proc    RHEL6.5_X86_64_CD  sbin     srv  tmp  var        boot  dev     home  lib64  media       mnt   opt  redhat  root               selinux  sys  usr        [root@rhel6 /]# ls /RHEL6.5_X86_64_CD/        EFI      EULA_zh                   RELEASE-NOTES-bn-IN.html  RELEASE-NOTES-ko-KR.html  RELEASE-NOTES-zh-CN.html        EULA     GPL                       RELEASE-NOTES-de-DE.html  RELEASE-NOTES-ml-IN.html  RELEASE-NOTES-zh-TW.html        EULA_de  HighAvailability          RELEASE-NOTES-en-US.html  RELEASE-NOTES-mr-IN.html  repodata        EULA_en  images                    RELEASE-NOTES-es-ES.html  RELEASE-NOTES-or-IN.html  ResilientStorage        EULA_es  isolinux                  RELEASE-NOTES-fr-FR.html  RELEASE-NOTES-pa-IN.html  RPM-GPG-KEY-redhat-beta        EULA_fr  LoadBalancer              RELEASE-NOTES-gu-IN.html  RELEASE-NOTES-pt-BR.html  RPM-GPG-KEY-redhat-release        EULA_it  media.repo                RELEASE-NOTES-hi-IN.html  RELEASE-NOTES-ru-RU.html  ScalableFileSystem        EULA_ja  Packages                  RELEASE-NOTES-it-IT.html  RELEASE-NOTES-si-LK.html  Server        EULA_ko  README                    RELEASE-NOTES-ja-JP.html  RELEASE-NOTES-ta-IN.html  TRANS.TBL        EULA_pt  RELEASE-NOTES-as-IN.html  RELEASE-NOTES-kn-IN.html  RELEASE-NOTES-te-IN.html    (b) Yum repository configuation for Yum tag 'rhel6.5_x86_64' is like as following:        [root@rhel6 /]# cat /etc/yum.repos.d/rhel6.5_disk.repo         [rhel6.5_x86_64]        name=RHEL6.5_x86_64        #baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/        baseurl=file:///RHEL6.5_X86_64_CD        enabled=1        gpgcheck=0        gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release        [root@rhel6 /]# yum clean all        Loaded plugins: product-id, refresh-packagekit, security, subscription-manager        This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.        Cleaning repos: epel rhel6.5_x86_64        Cleaning up Everything        [root@rhel6 /]# yum makecache    (c) Make sure you run 'febootstrap' as root. Otherwise, you gonna walk into a world of pain with permissions in your container.        [root@rhel6 /]# febootstrap -i iputils -i vim-minimal -i iproute -i bash -i coreutils -i yum rhel6.5_x86_64 redhatfile:///RHEL6.5_X86_64_CD          where:          [rhel6.5_x86_64]:  same as Yum tag                      [redhat]:  dictory name to hold generated files for base image          [file:///RHEL6.5_X86_64_CD]: RHEL6.5 x86_64 Yum source                                                                                     (d) Now that we have our image in our fakeroot, we need to import it into Docker.                                                                                            [root@rhel6 /]# cd redhat/        [root@rhel6 redhat]# ls        bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  sbin  selinux  srv  sys  tmp  usr  var        [root@rhel6 redhat]# tar -c . | docker import - rhel6.5_x86_64        6b4a87d0b32383bc7f461f530718cc483fcedcbc2562661a9a4e688eafa8ef61        Our newly created image is now available and ready for use.        [root@rhel6 redhat]# docker images        REPOSITORY          TAG                 IMAGE ID            CREATED              VIRTUAL SIZE        rhel6.5_x86_64      latest              6b4a87d0b323        About a minute ago   305.3 MB           (e) Trial test on image        [root@rhel6 redhat]# docker run -i -t rhel6.5_x86_64 /bin/bash        2014/10/20 15:10:35 Error response from daemon: Cannot start container 31c3c567937a5fd0522187c39f84224e18c5233eb3febb7a210a5e4657193b53: unable to remount sys readonly: unable to mount sys as readonly max retries reached        What is wrong?          [Refers to http://stackoverflow.com/questions/24304560/docker-on-centos-report-unable-to-mount-sys-as-readonly-when-run]          Most probably the issue is with native execution driver. Try to switch to lxc          edit /etc/sysconfig/docker file and make sure other_args contains --exec-driver=lxc          Example:            other_args="--exec-driver=lxc"          And don't forget to restart the docker service...            sudo /etc/init.d/docker restart           You can see docker:          [bruce@rhel6 ~]$ sudo ps -elf | grep dock          4 S root      1436     1  0  80   0 - 74064 futex_ 08:16 ?        00:00:00 /usr/bin/docker -d --exec-driver=lxc          0 S bruce       3141  2157  0  80   0 - 25814 pipe_w 10:28 pts/0    00:00:00 grep dock        More than that?          [Refers to http://docs.oracle.com/cd/E37670_01/E55611/html/uek3_known_issues.html]          The correct operation of containers might require that you completely disable SELinux on the host system. For example, SELinux can interfere with container operation under the following conditions:            - Running the halt or shutdown command from inside the container hangs the container or results in a permission denied error. (An alternate workaround is to use the init 0 command from inside the container to shut it down.)            - Setting a password inside the container results in a permission denied error, even when run as root.            - You want to allow ssh logins to the container.          To disable SELinux on the host:            - Edit the configuration file for SELinux, /etc/selinux/config and set the value of the SELINUX directive to disabled.                [root@rhel6 redhat]# cat /etc/selinux/config                 # This file controls the state of SELinux on the system.                # SELINUX= can take one of these three values:                #     enforcing - SELinux security policy is enforced.                #     permissive - SELinux prints warnings instead of enforcing.                #     disabled - No SELinux policy is loaded.                SELINUX=enforcing                # SELINUXTYPE= can take one of these two values:                #     targeted - Targeted processes are protected,                #     mls - Multi Level Security protection.                SELINUXTYPE=targeted                 [root@rhel6 redhat]# vi /etc/selinux/config                 [root@rhel6 redhat]# cat /etc/selinux/config                # This file controls the state of SELinux on the system.                # SELINUX= can take one of these three values:                #     enforcing - SELinux security policy is enforced.                #     permissive - SELinux prints warnings instead of enforcing.                #     disabled - No SELinux policy is loaded.                SELINUX=disabled                # SELINUXTYPE= can take one of these two values:                #     targeted - Targeted processes are protected,                #     mls - Multi Level Security protection.                SELINUXTYPE=targeted             - Shut down and reboot the host system.                Let's try again:          [root@rhel6 redhat]# cat /etc/sysconfig/docker           # /etc/sysconfig/docker          #          # Other arguments to pass to the docker daemon process          # These will be parsed by the sysv initscript and appended          # to the arguments list passed to docker -d          other_args=""          [root@rhel6 redhat]# vi /etc/sysconfig/docker          [root@rhel6 redhat]# /etc/init.d/docker restart          Stopping docker:                                     [  OK  ]          Starting docker:                                     [  OK  ]          [root@rhel6 redhat]# docker run -i -t rhel6.5_x86_64 /bin/bash          lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1; continuing     !!!see [About WARNING]          bash-4.1# ls          bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  sbin  selinux  srv  sys  tmp  usr  var          ......          bash-4.1# exit          exit        You can use another teriminal to see docker container during you run the image:          [root@rhel6 Packages]# docker ps          CONTAINER ID        IMAGE                   COMMAND             CREATED             STATUS              PORTS               NAMES          1130b0c2c518        rhel6.5_x86_64:latest   /bin/bash           8 minutes ago       Up 8 minutes                            sleepy_yonath                (f) Untill now, you have an available base image. 4. Enjoy!--------------------------------------------------------------------------------------------------------------------    [About WARNING: 'lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1; continuing']      [Refers to http://docs.oracle.com/cd/E37670_01/E55611/html/uek3_known_issues.html]      If a Device or resource busy - failed to set memory.use_hierarchy to 1 error message is displayed when you start a container, edit the /etc/cgconfig.conf file and add the following:      group . {      memory {      memory.use_hierarchy = "1";      }      }      !!!before change:      [root@rhel6 redhat]# cat /etc/cgconfig.conf       mount {        cpuset  = /cgroup/cpuset;        cpu = /cgroup/cpu;        cpuacct = /cgroup/cpuacct;        memory  = /cgroup/memory;        devices = /cgroup/devices;        freezer = /cgroup/freezer;        net_cls = /cgroup/net_cls;        blkio = /cgroup/blkio;      }      !!!after change:      [root@rhel6 redhat]# cat /etc/cgconfig.conf       mount {        cpuset  = /cgroup/cpuset;        cpu = /cgroup/cpu;        cpuacct = /cgroup/cpuacct;        memory  = /cgroup/memory;        devices = /cgroup/devices;        freezer = /cgroup/freezer;        net_cls = /cgroup/net_cls;        blkio = /cgroup/blkio;      }      group . {      memory {      memory.use_hierarchy = "1";      }      }