您的位置:首页 > 运维架构 > Docker

docker学习笔记

2017-01-17 17:12 393 查看
2017年08月15日(加入非root账号运行)

2017年07月30日(加入Dockerfile官方文档地址,和nginx官方Dockerfile)

2017年07月29日(编写nginx的Dockerfile)

2017年01年17日(初始文档)

环境

[root@localhost appuser]# uname -a
Linux localhost.localdomain 3.10.5-3.el6.x86_64 #1 SMP Tue Aug 20 14:10:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost appuser]# lsb_release -a
.LSB Version:   :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Distributor ID: CentOS
Description:    CentOS release 6.5 (Final)
Release:        6.5
Codename:       Final
[root@localhost appuser]# cat /etc/redhat-release
CentOS release 6.5 (Final)
[root@localhost appuser]# rpm -q centos-release
centos-release-6-5.el6.centos.11.1.x86_64
[root@localhost appuser]# cat /etc/issue
CentOS release 6.5 (Final)
Kernel \r on an \m


安装

centos6.5需要升级内核。

请参考CentOS6下安装docker

官方文档要求Linux kernel至少3.8以上,且docker只能运行在64位的系统中。由于RHEL6和CentOS6的内核版本为2.6,因此必须要先升级内核。

由于国内网络问题,访问docker公有仓库经常超时,下面以私有仓库hub.com(hub.com是搭建在内网的一台私有仓库)为例.

登录

[root@localhost appuser]# docker login hub.com
Username: xxxxxx
Password:
Email:
WARNING: login credentials saved in /root/.docker/config.json
Login Succeeded


退出

[root@localhost appuser]# docker logout hub.com


搜索镜像

[root@localhost appuser]# docker search hub.com/ubuntu
NAME             DESCRIPTION   STARS     OFFICIAL   AUTOMATED
library/ubuntu                 0


下载镜像

[root@localhost appuser]# docker pull hub.com/library/ubuntu:14.04
Pulling repository hub.com/library/ubuntu
5ba9dab47459: Download complete
511136ea3c5a: Download complete
27d47432a69b: Download complete
5f92234dcf1e: Download complete
51a9c7c1f8bb: Download complete
Status: Image is up to date for hub.com/library/ubuntu:14.04


查看本地镜像

docker images:列出images

docker images -a:列出所有的images(包含历史)

docker images –tree :显示镜像的所有层(layer),这个命令在新版本的docker已经废弃,使用history代替

[root@localhost appuser]# docker images
REPOSITORY                             TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
hub.com/important-duty/importantduty   3                   3f170dd5d716        2 hours ago         437.7 MB
hub.com/library/ubuntu                 14.04               5ba9dab47459        23 months ago       188.3 MB

[root@localhost appuser]# docker images --no-trunc
REPOSITORY                             TAG                 IMAGE ID                                                           CREATED             VIRTUAL SIZE
hub.com/important-duty/importantduty   3                   3f170dd5d7160a50f928197382c36f5135301a5ac1e5390026f6e8476a602a07   2 hours ago         437.7 MB
hub.com/library/ubuntu                 14.04               5ba9dab47459d81c0037ca3836a368a4f8ce5050505ce89720e1fb8839ea048a   23 months ago       188.3 MB
[root@localhost appuser]# docker images -a
REPOSITORY                             TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
hub.com/important-duty/importantduty   3                   3f170dd5d716        2 hours ago         437.7 MB
<none>                                 <none>              27e8294ec684        9 weeks ago         405.3 MB
<none>                                 <none>              b07aa215f0e7        10 months ago       405.3 MB
<none>                                 <none>              4e7cefa76d93        11 months ago       405.3 MB
<none>                                 <none>              f0b48ff9ec3f        11 months ago       405.3 MB
<none>                                 <none>              ccad10dde296        11 months ago       397.2 MB
<none>                                 <none>              20fa8cefdee7        11 months ago       397.2 MB
<none>                                 <none>              52b2643afc80        11 months ago       250.9 MB
<none>                                 <none>              e3d6d644132f        11 months ago       250.9 MB
<none>                                 <none>              58d96effef1b        11 months ago       250.9 MB
<none>                                 <none>              bc05f3be0925        12 months ago       250.9 MB
<none>                                 <none>              6e78ae2846f3        12 months ago       250.9 MB
<none>                                 <none>              845313cc9248        12 months ago       250.9 MB
<none>                                 <none>              b4483884d08c        12 months ago       250.9 MB
<none>                                 <none>              3d94ecb3fe85        12 months ago       188.3 MB
<none>                                 <none>              273d610686f6        12 months ago       188.3 MB
<none>                                 <none>              e63157c77462        12 months ago       188.3 MB
<none>                                 <none>              eba9076fba8a        21 months ago       188.3 MB
hub.com/library/ubuntu                 14.04               5ba9dab47459        23 months ago       188.3 MB
<none>                                 <none>              51a9c7c1f8bb        23 months ago       188.3 MB
<none>                                 <none>              5f92234dcf1e        23 months ago       188.3 MB
<none>                                 <none>              27d47432a69b        23 months ago       188.1 MB
<none>                                 <none>              511136ea3c5a        3 years ago         0 B

[root@localhost appuser]# docker history 5ba9dab47459
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
5ba9dab47459        23 months ago       /bin/sh -c #(nop) CMD [/bin/bash]               0 B
51a9c7c1f8bb        23 months ago       /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)$/   1.895 kB
5f92234dcf1e        23 months ago       /bin/sh -c echo '#!/bin/sh' > /usr/sbin/polic   194.5 kB
27d47432a69b        23 months ago       /bin/sh -c #(nop) ADD file:62400a49cced0d7521   188.1 MB
511136ea3c5a        3 years ago                                                         0 B                 Imported from -


删除镜像

[root@localhost appuser]#  docker rmi 5ba9dab47459
Untagged: hub.com/library/ubuntu:14.04


启动一个容器

[root@localhost appuser]# docker run -it hub.com/ubuntu:14.04 /bin/bash
Error response from daemon: open /var/lib/docker/aufs/mnt/d7445f6482e3addf09808b5f73444050455e1c394a90a33e88d86beeac05206a-init/.dockerenv: permission denied


可以看到上面有报错信息,大概意思是:打开/var/lib/docker/aufs/mnt/d7445f6482e3addf09808b5f73444050455e1c394a90a33e88d86beeac05206a-init/.dockerenv文件没有权限,拒绝访问。

查询了下,主要是selinux导致的。

临时关闭selinux

setenforce 0


再次运行

[root@localhost ~]# docker run -it hub.com/ubuntu:14.04 /bin/bash
root@36e1870ce208:/# uname -a
Linux 36e1870ce208 3.10.5-3.el6.x86_64 #1 SMP Tue Aug 20 14:10:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
root@36e1870ce208:/# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.1 LTS
Release:        14.04
Codename:       trusty


docker run -it hub.com/ubuntu:14.04 /bin/bash

这个表示启动一个ubuntu14.04的容器,并开启了一个终端。

-i, –interactive=false Keep STDIN open even if not attached

-t, –tty=false Allocate a pseudo-TTY

现在已经在容器的终端中,如果想退出终端(注意不是停止终端),可以通过快捷键ctrl+p 然后 ctrl+q 然后就退回到宿主机的终端了,或者使用 exit 。

SELinux的Docker安全性

Docker挂载主机目录Docker访问出现Permission denied的解决办法

2.1 docker 启动容器的时候可以使用的一些选项 和配置

CentOS系统下docker的安装配置及使用详解

docker安装和启动

查看正在运行的容器

[root@localhost appuser]# docker ps
CONTAINER ID        IMAGE                  COMMAND             CREATED             STATUS              PORTS               NAMES
b0ff29a10682        hub.com/ubuntu:14.04   "/bin/bash"         11 minutes ago      Up 11 minutes                           angry_hodgkin


进入容器控制台终端

上面已经退出了容器的控制台,现在要重新打开一个终端,可以输入下面的指令

[root@localhost appuser]# docker exec -it b0ff29a10682 /bin/bash
root@b0ff29a10682:/# pwd
/
root@b0ff29a10682:/#


或者

[root@localhost appuser]# docker attach b0ff29a10682
ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
root@b0ff29a10682:/#


attach和exec的区别:http://blog.csdn.net/halcyonbaby/article/details/46884605

Docker attach可以attach到一个已经运行的容器的stdin,然后进行命令执行的动作。但是需要注意的是,如果从这个stdin中exit,会导致容器的停止,而通过exec不会。

停止运行的容器

[root@localhost appuser]# docker stop --help

Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]

Stop a running container by sending SIGTERM and then SIGKILL after a
grace period

--help=false       Print usage
-t, --time=10      Seconds to wait for stop before killing it
[root@localhost appuser]# docker stop angry_hodgkin
angry_hodgkin
[root@localhost appuser]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@localhost appuser]# docker stop b0ff29a10682
b0ff29a10682
[root@localhost appuser]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES


上面输入docker stop XXX ,XXX可以使 CONTAINER ID 或者 Name 。

查看所有的容器

[root@localhost appuser]# docker ps -a
CONTAINER ID        IMAGE                  COMMAND             CREATED             STATUS                     PORTS               NAMES
b0ff29a10682        hub.com/ubuntu:14.04   "/bin/bash"         26 minutes ago      Exited (0) 4 minutes ago                       angry_hodgkin


-a 表示所有的容器

启动容器

[root@localhost appuser]# docker start b0ff29a10682
b0ff29a10682
[root@localhost appuser]# docker ps
CONTAINER ID        IMAGE                  COMMAND             CREATED             STATUS              PORTS               NAMES
b0ff29a10682        hub.com/ubuntu:14.04   "/bin/bash"         29 minutes ago      Up About a minute                       angry_hodgkin


重启容器

[root@localhost appuser]# docker restart --help

Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...]

Restart a running container

--help=false       Print usage
-t, --time=10      Seconds to wait for stop before killing the container
[root@localhost appuser]# docker restart -t 10 b0ff29a10682
b0ff29a10682
[root@localhost appuser]# docker ps
CONTAINER ID        IMAGE                  COMMAND             CREATED             STATUS              PORTS               NAMES
b0ff29a10682        hub.com/ubuntu:14.04   "/bin/bash"         31 minutes ago      Up 16 seconds                           angry_hodgkin


删除容器

[root@localhost appuser]# docker rm b0ff29a10682
Error response from daemon: Cannot destroy container b0ff29a10682: Conflict, You cannot remove a running container. Stop the container before attempting removal or use -f
Error: failed to remove containers: [b0ff29a10682]
[root@localhost appuser]# docker rm -f  b0ff29a10682
b0ff29a10682
[root@localhost appuser]# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@localhost appuser]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES


停用全部运行中的容器

docker stop $(docker ps -q)


删除所有容器

docker rm $(docker ps -aq)


一条命令实现停用并删除容器

docker stop $(docker ps -q) & docker rm $(docker ps -aq)


制作镜像 docker commit

这里我们使用刚刚的Ubuntu14.04的启动一个容器,然后安装tree命令,安装完后将该容器打包成一个新的镜像。

1.运行一个容器 取名为 ubuntu_01

[root@localhost appuser]# docker run --name ubuntu_01 -it hub.com/ubuntu:14.04 /bin/bash
root@62b4de814111:/# tree
bash: tree: command not found
root@62b4de814111:/# ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var


2.安装tree命令

root@62b4de814111:/# apt-get install tree
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package tree
root@62b4de814111:/# apt-get update
0% [Connecting to archive.ubuntu.com (91.189.88.162)]
0% [Connecting to archive.ubuntu.com (91.189.88.161)]^C
root@62b4de814111:/# export http_proxy="http://172.17.79.88:8080"
root@62b4de814111:/# apt-get install tree
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
tree
0 upgraded, 1 newly installed, 0 to remove and 81 not upgraded.
Need to get 37.8 kB of archives.
After this operation, 109 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu/ trusty/universe tree amd64 1.6.0-1 [37.8 kB]
Fetched 37.8 kB in 1s (26.1 kB/s)
Selecting previously unselected package tree.
(Reading database ... 11527 files and directories currently installed.)
Preparing to unpack .../tree_1.6.0-1_amd64.deb ...
Unpacking tree (1.6.0-1) ...
Setting up tree (1.6.0-1) ...
root@62b4de814111:/# tree -L 1
.
|-- README.txt
|-- bin
|-- boot
|-- dev
|-- etc
|-- home
|-- lib
|-- lib64
|-- media
|-- mnt
|-- opt
|-- proc
|-- root
|-- run
|-- sbin
|-- srv
|-- sys
|-- tmp
|-- usr
`-- var

19 directories, 1 file
root@62b4de814111:/#


3.将容器制作为本地镜像

[root@localhost appuser]# docker commit -a "iccboy" -m "增加了tree指令" 62b4de814111 ubuntu:14.04
08c9c30eeec0d554ca418009aad6a078ba0f51b883aa341b7d7226a66d9e8c5f
[root@localhost appuser]# docker images
REPOSITORY                             TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
ubuntu                                 14.04               08c9c30eeec0        6 seconds ago       211.6 MB
hub.com/important-duty/importantduty   3                   3f170dd5d716        33 hours ago        437.7 MB
hub.com/tomcat7                        2                   b07aa215f0e7        10 months ago       405.3 MB
hub.com/ubuntu                         14.04               5ba9dab47459        24 months ago       188.3 MB


4.打TAG

遵循在私服上的命名规范

[root@localhost appuser]# docker tag ubuntu:14.04 hub.com/iccboy/ubuntu:14.04
[root@localhost appuser]# docker images
REPOSITORY                             TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
ubuntu                                 14.04               08c9c30eeec0        39 seconds ago      211.6 MB
hub.com/iccboy/ubuntu                  14.04               08c9c30eeec0        39 seconds ago      211.6 MB
hub.com/important-duty/importantduty   3                   3f170dd5d716        33 hours ago        437.7 MB
hub.com/tomcat7                        2                   b07aa215f0e7        10 months ago       405.3 MB
hub.com/ubuntu                         14.04               5ba9dab47459        24 months ago       188.3 MB


5.push到私服

[root@localhost appuser]# docker push hub.com/iccboy/ubuntu:14.04
The push refers to a repository [hub.com/iccboy/ubuntu] (len: 1)
Sending image list
Pushing repository hub.com/iccboy/ubuntu (1 tags)
Image 511136ea3c5a already pushed, skipping
Image 27d47432a69b already pushed, skipping
Image 5f92234dcf1e already pushed, skipping
Image 5ba9dab47459 already pushed, skipping
Image 51a9c7c1f8bb already pushed, skipping
08c9c30eeec0: Image successfully pushed
Pushing tag for rev [08c9c30eeec0] on {http://hub.com/v1/repositories/iccboy/ubuntu/tags/14.04}


到这里就完成了镜像的制作和上传。

上面的镜像制作方式是通过 docker commit方式实现。

还可以通过 docker build来制作。

制作镜像方法 docker build

这里以制作nginx镜像为例(注:下面的操作是在Ubuntu 16.04.2 LTS操作,Docker version 17.06.0-ce, build 02c1d87)

首先创建一个Dockerfile文件,

mkdir -p ~/docker/nginx
cd ~/docker/nginx
touch Dockerfile


在Dockerfile中输入以下内容

# 设置继承自哪个镜像
FROM centos:latest
# 下面是一些创建者的基本信息
MAINTAINER iccboy (iccboy@126.com)
# 在终端需要执行的命令,通过yum安装一些需要用到的软件和依赖包
RUN yum -y install wget gcc gcc-c++ make libtool zlib zlib-devel openssl openssl-devel pcre pcre-devel
# 下载解压nginx
RUN /bin/sh -c 'mkdir -p /opt/app/nginx && mkdir -p /opt/app/soft'
RUN wget -P /opt/app/soft/  http://nginx.org/download/nginx-1.12.1.tar.gz RUN tar zxvf /opt/app/soft/nginx-1.12.1.tar.gz -C /opt/app/soft/
# 编译安装nginx
RUN /bin/sh -c 'cd /opt/app/soft/nginx-1.12.1 && ./configure --prefix=/opt/app/nginx --with-pcre --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module'
RUN /bin/sh -c 'cd /opt/app/soft/nginx-1.12.1 && make && make install'
# 将nginx默认配置文件设置为前台执行
RUN echo -e "\ndaemon off;" >> /opt/app/nginx/conf/nginx.conf

#容器启动时执行的命令(如果有多个CMD命令,只会执行最后一个CMD命令;如果在启动容器时指定了命令,则下面的CMD命令也不会执行)
CMD /opt/app/nginx/sbin/nginx

# 对外暴露80端口
EXPOSE 80


编辑完成后保存

另外一个版本(执行多条命令时的区别,CMD执行了多条语句,为了给nginx的conf目录设置挂载点,复杂语句换行处理,代理网络环境设置代理上网和DSN)

# 设置基础镜像
FROM hub.com/centos:7
# 下面是一些创建者的基本信息
MAINTAINER iccboy (iccboy@126.com)
# 在终端需要执行的命令,通过yum安装一些需要用到的软件和依赖包
RUN echo -e "export http_proxy=172.17.79.88:80\nexport https_proxy=172.17.79.88:8080\nexport ftp_proxy=172.17.79.88:8080\nexport  no_proxy=10.0.0.0/8,172.0.0.0/8,127.0.0.0/8" >> /etc/profile \
&& echo -e "\nnameserver 10.9.110.250" >> /etc/resolv.conf
RUN source /etc/profile  \
&& yum clean all \
&& yum -y install wget gcc gcc-c++ make libtool zlib zlib-devel openssl pcre pcre-devel
# 下载解压nginx
RUN mkdir -p /opt/app/nginx \
&& mkdir -p /opt/app/soft
RUN source /etc/profile \
&&  wget -P /opt/app/soft/ http://nginx.org/download/nginx-1.12.1.tar.gz RUN tar zxvf /opt/app/soft/nginx-1.12.1.tar.gz -C /opt/app/soft/
# 编译安装nginx
RUN cd /opt/app/soft/nginx-1.12.1  \
&& ./configure --prefix=/opt/app/nginx --with-pcre --with-http_stub_status_module --with-http_gzip_static_module --with-http_realip_module
RUN cd /opt/app/soft/nginx-1.12.1 \
&& make && make install
# 将nginx默认配置文件设置为前台执行,可以将配置文件目录设置为挂载点,挂载点设置为:/opt/app/nginx/conf
RUN echo -e "\ndaemon off;" >> /opt/app/nginx/conf/nginx.conf \
&& cp -r /opt/app/nginx/conf /opt/app/nginx/conf_org

#容器启动时执行的命令(如果有多个CMD命令,只会执行最后一个CMD命令;如果在启动容器时指定了命令,则下面的CMD命令也不会执行)
CMD if [ ! -f "/opt/app/nginx/conf/nginx.conf" ]; then cp -r /opt/app/nginx/conf_org/* /opt/app/nginx/conf/; fi \
&& /opt/app/nginx/sbin/nginx

# 对外暴露80端口
EXPOSE 80


和CMD有一个类似的指令 ENTRYPOINT 。可以自行搜索下 CMD与ENTRYPOINT的区别。

上面的Dockerfile只是为了学习使用,不适用于生产使用。Dockerfile的详细介绍:https://docs.docker.com/engine/reference/builder/

nginx官方Dockerfile : https://github.com/docker-library/nginx

然后执行docker build 命令创建镜像

docker build -t "centos/nginx:1.12.1" .


镜像的名称:centos/nginx

版本号 1.12.1

注意后面有个 点 ’ . ’ 表示通过当前目录下的Dockerfile进行build

执行上面的命令后,根据网络情况会执行一段时间,最后有如下的日志输出

...
Step 9/11 : RUN echo -e "\ndaemon off;" >> /opt/app/nginx/conf/nginx.conf
---> Running in 7c06bd105a36
---> b877d5b10987
Removing intermediate container 7c06bd105a36
Step 10/11 : CMD /opt/app/nginx/sbin/nginx
---> Running in 2b6b54a12873
---> b3aae8f71548
Removing intermediate container 2b6b54a12873
Step 11/11 : EXPOSE 80
---> Running in 9f7b756a0ff6
---> bf57ed2be5a6
Removing intermediate container 9f7b756a0ff6
Successfully built bf57ed2be5a6
Successfully tagged centos/nginx:1.12.1


此时已经创建完成。

# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
centos/nginx        1.12.1              bf57ed2be5a6        29 minutes ago      474MB
centos              latest              36540f359ca3        3 weeks ago         193MB


启动一个实例

-p 将容器中的80端口映射到物理机的8080 端口; –name 容器的名字

# docker  run -p 8080:80 --name nginx01  centos/nginx:1.12.1


docker run 默认是在前台启动,所有执行后,控制台就阻塞了。

这时候我们可以访问http://127.0.0.1:8080/

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>


我们ctrl+C 终止运行,下面加入 -d 参数 让容器在后台运行。

#docker  run -d -p 8080:80 --name nginx02  centos/nginx:1.12.1
8bfcacd323c79351cedc9fc7bbc6e50e13aa7f1820af7d076c8308210525753b
#


到此容器已成功运行!

挂载本地目录到容器

可以将需要持久化的目录映射到物理机上。

在启动时通过 -v 参数控制

# docker run -d -p 8080:80 --name nginx03 -v /home/iccboy/docker/nginx/html:/opt/app/nginx/html centos/nginx:1.12.1
938588ba99bea83d43959c6909b84a3e9bc711ead335d435cf43dc965b47d50d


事先已在本地目录/home/iccboy/docker/nginx/html 创建了一个 index.html文件

,再次访问http://127.0.0.1:8080

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>Docker Build By IccBoY</p>
</body>
</html>


非root账号运行docker

在执行docker命令时总是提示权限不够,比如下面的提示

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.30/images/json: dial unix /var/run/docker.sock: connect: permission denied


官网的说明如下:

The docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can access it with sudo. For this reason, docker daemon always runs as the root user.

To avoid having to use sudo when you use the docker command, create a Unix group called docker and add users to it. When the docker daemon starts, it makes the ownership of the Unix socket read/writable by the docker group.

大概意思是:docker守护进程守护绑定到的unix socket,而unix socket 是由root拥有,其他用户要访问socket可以通过sudo。

为了避免使用sudo,我们可以创建一个名为 docker的组,然后把用户加入到docker组即可。

下面我们把当前用户加入到docker,在这之前先创建一个docker组(如果docker组已经存在,则不需要创建)

下面是在ubuntu16.04系统上非root用户操作的

#创建组
sudo groupadd docker
# 把当前登录用户加入组(这里的${USER}表示的是当前终端登录的用户,也可以直接写需要加入的用户名)
sudo gpasswd -a ${USER} docker
正在将用户“iccboy”加入到“docker”组中
#重启docker服务
sudo service docker restart


然后退出终端,或者重新登录系统,就可以直接执行docker命令了
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  linux docker
相关文章推荐
新的分享
章节导航