DOCKER學習_007:Docker的套接字介紹

根據https://www.cnblogs.com/zyxnhr/p/11825331.html這個文章，已經可以正常安裝一個docker服務

查看Docker狀態

[root@docker-server3 ~]# systemctl status docker　

● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2019-11-09 11:29:15 EST; 5h 4min ago
     Docs: https://docs.docker.com
 Main PID: 73627 (dockerd)
    Tasks: 13
   Memory: 45.7M
   CGroup: /system.slice/docker.service
           └─73627 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

在執行yum -y install docker-ce的動作的時候，已經安裝好了docker的客戶端和服務端

[root@docker-server3 ~]# docker version

Client: Docker Engine - Community       #客戶端引擎社區版
 Version:           19.03.4             #版本
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        9013bf583a
 Built:             Fri Oct 18 15:52:22 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community        #服務端引擎
 Engine:
  Version:          19.03.4
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.10
  Git commit:       9013bf583a
  Built:            Fri Oct 18 15:50:54 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

docker是一個C/S架構，在執行docker的指令的時候，會默認連接到自己本機的docker -deamon進程

停止掉docker進程

[root@docker-server3 ~]# ps -ef|grep docker

root      73627      1  0 11:29 ?        00:00:13 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root      73992  73963  0 16:25 pts/1    00:00:00 vi /lib/systemd/system/docker.service

[root@docker-server3 ~]# systemctl stop docker

[root@docker-server3 ~]# systemctl status docker

● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: https://docs.docker.com

[root@docker-server3 ~]# docker version　　

Client: Docker Engine - Community
 Version:           19.03.4
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        9013bf583a
 Built:             Fri Oct 18 15:52:22 2019
 OS/Arch:           linux/amd64
 Experimental:      false
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?   #顯示無法連接Docker daemon，連接的方式是基於文件套接字連接

客戶端使用套接字連接，不需要監聽任何端口，只需要讀取/var/run/docker.sock這個文件

[root@docker-server3 ~]# ll /var/run/docker.sock

srw-rw---- 1 root docker 0 Nov  9 17:01 /var/run/docker.sock

默認是監聽本地的套接字文件，也可以使用網絡套接字，需要修改啓動文件

[root@docker-server3 ~]# vi /lib/systemd/system/docker.service

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock       #fd://  表示監聽的本地套接字
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

配置成成監聽網絡接口

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd://  -H 0.0.0.0:2375 --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

[root@docker-server3 ~]# systemctl daemon-reload

[root@docker-server3 ~]# systemctl restart docker

[root@docker-server3 ~]# netstat -ntlp

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1415/master         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      29852/sshd          
tcp6       0      0 ::1:25                  :::*                    LISTEN      1415/master         
tcp6       0      0 :::2375                 :::*                    LISTEN      74333/dockerd          #docker的網絡套接字就配置完成
tcp6       0      0 :::22                   :::*                    LISTEN      29852/sshd

docker的網絡套接字就配置完成，客戶端就可以連接2375端口，連接docker-daemon，服務端就是開啓端口，等着客戶端進行訪問

[root@docker-server3 ~]# docker -H 192.168.132.133 version或者

[root@docker-server3 ~]# docker -H 192.168.132.133:2375 version

Client: Docker Engine - Community
 Version:           19.03.4
 API version:       1.40
 Go version:        go1.12.10
 Git commit:        9013bf583a
 Built:             Fri Oct 18 15:52:22 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.4
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.10
  Git commit:       9013bf583a
  Built:            Fri Oct 18 15:50:54 2019
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.10
  GitCommit:        b34a5c8af56e510852c35414db4c1f4fa6172339
 runc:
  Version:          1.0.0-rc8+dev
  GitCommit:        3e425f80a8c931f88e6d94a8c831b9d5aa481657
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

docker在開啓網絡套接字，默認是沒有任何驗證的，需要安全配置，否則會很危險，生產中也不會使用網絡套接字來管理所有的docker客戶端，默認使用本地的文件套接字管理自己的docker服務端，如果需要管理所有的docker，可以藉助K8S平臺進行管理

博主聲明：本文的內容來源主要來自譽天教育晏威老師，由本人實驗完成操作驗證，需要的博友請聯繫譽天教育（http://www.yutianedu.com/），獲得官方同意或者晏老師（https://www.cnblogs.com/breezey/）本人同意即可轉載，謝謝！

DOCKER學習_007:Docker的套接字介紹

自學編程兩個月，現在我月入 4 萬元

Google Chrome驅動程序 124.0.6367.62（正式版本）去哪下載？

python-cmdb資產管理項目2-使用工廠模式模塊化代碼

python-cmdb資產管理項目

groovy腳本語言基礎1

014.Ansible Playbook Role 及調試

013.Ansible Playbook include

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結