Docker笔记

发表于 更新于 分类于

开始折腾Docker,等待填坑

好耶,是容器。坏耶,是容器。

基本设置和操作

Docker设置

一定要先启动, 不然有可能Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

service docker start

使用docker exec -it XXXXXX bash进入容器的命令界面,输入exit退出

同步Docker容器和宿主机的时间:docker cp /etc/localtime <container id>:/etc/localtime

加当前用户到用户组里面

sudo gpasswd -a ${USER} docker

离线装Docker镜像

教研室服务器的网一直出问题,还有一台机子没有外网 决定离线搞Docker镜像 发现Docker有离线的方法,就是直接在别的机子上pull,然后

docker save -o mysql.tar mysql

把生成的tar文件拷到服务器上

docker load -i  mysql.tar

Docker Compose 部署

当部署多个Docker容器,它们之间还有关联的时候,就用Compose代替Docker run,比如师兄Flask写的标注工具,就是前后端分别一个Docker容器

运行:docker-compose up自动创建

Docker镜像

Docker镜像(image)也是一堆文件,可以自己建或者从远程pull别人建好的 有了Docker镜像,再写好Dockerfile就可以跑起来了(跑起来之后就是个容器container)

Dockerfile

语法近似bash脚本,填写好之后启动会根据文件里面的配置逐步执行

常用命令

Command 功能
Docker build 创建镜像
Docker create 创建镜像(并不启动)
Docker exec 在Docker里面执行命令
Docker images 查看镜像
Docker pull/push 下载/上传镜像
Docker rm/rmi 删除容器/镜像
Docker export/import 导出导入容器
Docker import/load 导出导入镜像
Docker start/stop/restart/pause/unpause/kill

踩坑记录

一次弱智的踩坑

各位看官散了吧,都是一堆弱智操作搞的

Failed to enable unit: Unit file /etc/systemd/system/docker.service is masked.

执行

systemctl unmask docker.service
systemctl unmask docker.socket
systemctl start docker.service

出现 Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.

出现Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

出现systemd[1]: Failed to start LSB: Create lightweight, portable, self-sufficie

Docker pull出现Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp 34.201.196.144:443: connect: connection refused

是镜像源或者DNS的问题,参照这里改了。(阿里的和中科大的教研室的鬼畜教育网根本不稳,最后换了华为的(要注册账号))

出现pkg_resources.DistributionNotFound: The 'docker-compose==1.8.0' distribution was not found and is required by the application

想用Docker-compose结果报了一堆python的错

Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2927, in <module>
    @_call_aside
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2913, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 2940, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 635, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 943, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 829, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'docker-compose==1.8.0' distribution was not found and is required by the application

看到网上的解决方案说

pip3 install backports.ssl_match_hostname --upgrade

结果pip3居然又报错了了

pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Collecting backports.ssl_match_hostname
  Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.",)': /simple/backports-ssl-match-hostname/
  Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.",)': /simple/backports-ssl-match-hostname/
  Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.",)': /simple/backports-ssl-match-hostname/
  Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.",)': /simple/backports-ssl-match-hostname/

哇,又是SSL证书的问题

参照stackoverflow的解决方案

sudo -s

apt install libssl-dev libncurses5-dev libsqlite3-dev libreadline-dev libtk8.5 libgdm-dev libdb4o-cil-dev libpcap-dev

切到the folder with the Python 3.X library source code,一般在/usr/local/bin底下的python文件夹 运行

./configure
make
make install

依然不行 怀疑是SSL证书的问题,curl使用ssl也报错 但是openssl、libssl-dev都装了的

apt install ca-certificates

证书没过期

又运行了一下openssh居然报错connect:errno=111

查了一下 >This has nothing to do with SSL. Connection refused means that either there is no server or the connection is blocked by firewall. In your case (before your edit) the server is also plain wrong, i.e. ":443" is no valid server name (hostname missing).

难道就是防火墙的问题吗?

查看了一下网络状态

没问题的工作站

tcp        0      0 211.83.111.221:40294    211.83.111.224:443      ESTABLISHED 1825/telnet

有问题的服务器

tcp6       0      0 :::443                  :::*                    LISTEN      101411/apache2
tcp6       0      0 211.83.111.224:443      211.83.111.221:40294    ESTABLISHED 101415/apache2

难道学校的ipv6又炸了?

试试nc -l 443

emmm,被占用了

不对,我傻逼了,这是对外的端口啊。。。。

等吧

更新是网费没了没充钱的问题...... 老蔡师兄不是校内的网连不上也是没充钱学校网管给断外网了...... 前几天那个Ubuntu Desktop的工作站最近也没钱了,但是http在终端可以用,镜像源什么的也能连,但是那个浏览器一打开就提示我登录账号。 突然意识到了不对,怀疑服务器的网也没钱了。 其实之前一直怀疑是被制裁了,但是工作站就是好的,才一直以为是SSL证书之类的问题 充钱之后,神奇的都能用了 看来是http神奇的逃脱了没钱的制裁 行吧,在这里排查了四五天,期间还重装过好几次Ubuntu Server 果然还是得充钱啊

Picture

参考

再看Docker

被人骗入坑Docker,甚至教研室服务器上基本全是Docker跑的一个个容器,甚至MySQL都是跑在Docker上的。

http://dockone.io/article/660 https://jimmysong.io/docker-handbook/