Docker 笔记
Summary: Author: 张亚飞 | Read Time: 4 minute read | Published: 2018-10-17
Filed under
—
Categories:
MarkDown
—
Tags:
Tag,
Docker 笔记
Docker Machine 笔记
安装 Docker
apt install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
apt-key fingerprint 0EBFCD88
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt update
apt install -y docker-ce
docker version
docker info
#docker login
安装 docker-compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
升级 Docker
重新执行一遍安装步骤.
常见错误
- 执行
docker info提示如下警告:
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
解决办法:修改
/etc/sysctl.conf添加以下内容
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
最后再执行
sysctl -p
常见问题
- 使用
docker启动报以下错误
$ docker-compose up us.gitlab
ERROR: Pool overlaps with other one on this address space
重启服务器及 docker 服务均无效,最终使用以下命令解决:
docker network prune
Docker 编译镜像报错 no space left on device
docker system df
# Prune everything
docker system prune
# Only prune images
docker image prune
docker system df –format ‘{{json .}}’ docker system df –format ‘{{title .Size}}
- 使用 docker container inspect 查看 docker 容器运行状态(日志)
docker container inspect -f '{{.HostConfig.LogConfig}}' <ContainerName>
docker 默认关闭 ipv4 的端口 Forwarding,导致外网IP无法访问的问题
示例使用命令启动 os-redis
docker container run --rm --name os-redis -p 6379:6379 -v /home/redis:/home/redis -v /etc/redis:/etc/redis -v /data/home/data/redis:/data/home/data/redis -v /var/log/redis:/var/log/redis registry.cn-hangzhou.aliyuncs.com/coam/us.redis:20.11.11 /usr/local/bin/redis-server /etc/redis/6379.conf
使用 docker ps -a 确认监听的端口: 0.0.0.0:6379->6379/tcp
$ docker ps -a
442fa34bb94e registry.cn-hangzhou.aliyuncs.com/coam/us.redis:20.11.11 "/bin/sh -c '/usr/lo…" 3 seconds ago Up 2 seconds 0.0.0.0:6379->6379/tcp os-redis
查看监听的端口发现只监听了 tcp6,没有监听 0.0.0.0:6379
tcp6 0 0 :::6379 :::* LISTEN 51481/docker-proxy
使用外网IP无法连通,只有在本机使用 telnet localhost 6379 可以连通
根据文章介绍查看以下系统配置 [](https://stackoverflow.com/questions/29957143/make-docker-use-ipv4-for-port-binding)
$ sysctl net.ipv6.bindv6only
net.ipv6.bindv6only = 0
$ sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 0
发现 net.ipv6.bindv6only = 0 是对的,但 net.ipv6.conf.all.forwarding = 0 不符合预期,于是设置 net.ipv6.conf.all.forwarding
$ sudo sysctl -w net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1
$ sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 1
重启 docker 和容器后仍无法通过外网访问
docker container run --rm --name os-redis --net=host -p 6379:6379 -v /home/redis:/home/redis -v /etc/redis:/etc/redis -v /data/home/data/redis:/data/home/data/redis -v /var/log/redis:/var/log/redis registry.cn-hangzhou.aliyuncs.com/coam/us.redis:20.11.11 /usr/local/bin/redis-server /etc/redis/6379.conf
使用另一种方案加上 --net=host 参数也可以解决
docker container run --rm --name os-redis --net=host -p 6379:6379 -v /home/redis:/home/redis -v /etc/redis:/etc/redis -v /data/home/data/redis:/data/home/data/redis -v /var/log/redis:/var/log/redis registry.cn-hangzhou.aliyuncs.com/coam/us.redis:20.11.11 /usr/local/bin/redis-server /etc/redis/6379.conf
检查监听的端口
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e3b8ad87b568 registry.cn-hangzhou.aliyuncs.com/coam/us.redis:20.11.11 "/bin/sh -c '/usr/lo…" 5 seconds ago Up 4 seconds os-redis
$ sudo netstat -antup | grep 6379
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 53951/redis-server
tcp6 0 0 :::6379 :::* LISTEN 53951/redis-server
使用外网测试连接
$ telnet t.cs.2 6379
Trying 129.211.16.242...
Connected to t.cs.2.
Escape character is '^]'.
参考文章
Docker: ipv4 Forwarding is disabled
在 docker 容器内无法访问外网IP
docker run --rm --name=us.mysql.ext -u root -p 8000:8000 -it registry.cn-hangzhou.aliyuncs.com/coam/us.mysql.ext:local-20211009151805 /bin/sh --login
# ping 114.114.114.114
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
From 172.17.0.2 icmp_seq=1 Destination Host Unreachable
From 172.17.0.2 icmp_seq=2 Destination Host Unreachable
From 172.17.0.2 icmp_seq=3 Destination Host Unreachable
查看 docker 内网地址发现和主机 IP 地址段重复,均为 172.17.0.1/24 地址段
- Docker容器网络
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 15 bytes 1186 (1.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 39 bytes 1638 (1.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 31 bytes 3232 (3.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31 bytes 3232 (3.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- 主机网络
$ ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.200.1 netmask 255.255.255.0 broadcast 192.168.200.255
inet6 fe80::42:a3ff:fe4b:82c2 prefixlen 64 scopeid 0x20<link>
ether 02:42:a3:4b:82:c2 txqueuelen 0 (Ethernet)
RX packets 699 bytes 20296 (19.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 115 bytes 9904 (9.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.8 netmask 255.255.240.0 broadcast 172.17.15.255
inet6 fe80::5054:ff:fe48:5133 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:48:51:33 txqueuelen 1000 (Ethernet)
RX packets 264851609 bytes 90815181495 (84.5 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 129617754 bytes 208087696757 (193.7 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.9 netmask 255.255.240.0 broadcast 172.17.15.255
inet6 fe80::6a5c:8fe2:a82f:c0b5 prefixlen 64 scopeid 0x20<link>
ether 20:90:6f:a6:c3:50 txqueuelen 1000 (Ethernet)
RX packets 9128428 bytes 384917200 (367.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 58 bytes 3821 (3.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1062936 bytes 4044673665 (3.7 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1062936 bytes 4044673665 (3.7 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
......
移除代理配置都无法解决网络问题
于是参考资料修改 /etc/docker/daemon.json 增加以下配置
/etc/docker/daemon.json
{
"bip": "192.168.200.1/24"
}
重启解决问题
sudo systemctl restart docker
参考 * 由于docker默认虚拟网卡IP地址段导致的网络访问异常问题
Comments