-
Notifications
You must be signed in to change notification settings - Fork 0
Docker basics information
RCH edited this page Apr 17, 2017
·
17 revisions
$ sudo yum info installed | grep Name | grep -i docker
Name : docker
Name : docker-client
Name : docker-common
Name : docker-rhel-push-plugin
$ sudo systemctl is-active docker
active
$ sudo systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-04-14 01:06:31 UTC; 3 days ago
Docs: http://docs.docker.com
Main PID: 1818 (dockerd-current)
Memory: 21.6M
CGroup: /system.slice/docker.service
├─ 1818 /usr/bin/dockerd-current --add-runtime
| docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc
| --authorization-plugin=rhel-push-plugin --exec-opt native.cgroupdriver=systemd
| --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --selinux-enabled
| --log-driver=journald --signature-verification=false --add-registry
| registry.access.redhat.com
├─ 1926 /usr/bin/docker-containerd-current
| -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim
| --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd
| --runtime docker-runc --runtime-args --systemd-cgroup=true
├─115395 /usr/libexec/docker/docker-proxy-current -proto tcp -host-ip 0.0.0.0 -host-port 5000
| -container-ip 172.17.0.2 -container-port 5000
├─115401 /usr/bin/docker-containerd-shim-current
| 322e89808cbcf7568a62e0268b98e3129fed61a37c92e828cd600b80f035a162
| /var/run/docker/libcontainerd/322e89808cbcf7568a62e0268b98e3129fed61a37c92e828cd600b80f035a162
| /usr/libexec/docker/docker-runc-current
└─116107 /usr/bin/docker-containerd-shim-current
| 322e89808cbcf7568a62e0268b98e3129fed61a37c92e828cd600b80f035a162
| /var/run/docker/libcontainerd/322e89808cbcf7568a62e0268b98e3129fed61a37c92e828cd600b80f035a162
| /usr/libexec/docker/docker-runc-current
$ ls -laFZ /var/run/ | grep docker
drwxr-xr-x. root root system_u:object_r:container_var_run_t:s0 docker/
-rw-r--r--. root root system_u:object_r:container_var_run_t:s0 docker.pid
srw-rw----. root root system_u:object_r:container_var_run_t:s0 docker.sock=
$ sudo journalctl _SYSTEMD_UNIT=docker.service | egrep 'error|fail|warn|fatal'
.
.
.
Apr 16 20:16:44 user00 dockerd-current[1818]: time="2017-04-16T20:16:44Z"
level=warning
msg="No HTTP secret provided - generated random secret.
This may cause problems with uploads if multiple registries are behind a load-balancer.
To provide a shared secret, fill in http.secret in the configuration file or set the
REGISTRY_HTTP_SECRET environment variable." go.version=go1.7.3
instance.id=7e2c4642-041d-493d-97dc-ae32742a58f8 version=v2.6.1
Apr 16 20:16:44 user00 dockerd-current[1818]: time="2017-04-16T20:16:44Z"
level=fatal msg="open /certs/fullchain.pem: no such file or directory"
Apr 16 20:17:04 user00 dockerd-current[1818]: time="2017-04-16T20:17:04.264374789Z"
level=error msg="Error setting up exec command in container 6f555c79c7c8:
Container 6f555c79c7c80f61be4340c94452d107dafe58578b67006a6165a2a35273e029
is restarting, wait until the container is running"
.
.
.
$ cat /etc/systemd/system/multi-user.target.wants/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target
Wants=docker-storage-setup.service
Requires=rhel-push-plugin.socket
Requires=docker-cleanup.timer
[Service]
Type=notify
NotifyAccess=all
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd-current \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--authorization-plugin=rhel-push-plugin \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
$OPTIONS \
$DOCKER_STORAGE_OPTIONS \
$DOCKER_NETWORK_OPTIONS \
$ADD_REGISTRY \
$BLOCK_REGISTRY \
$INSECURE_REGISTRY
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
MountFlags=slave
[Install]
WantedBy=multi-user.targe
⚠️ NOTE:If you modify docker.service systemd launcher script you have to reload systemd and restart docker.service
$ sudo systemctl daemon-reload $ sudo systemctk restart docker.service
The configuration of the docker service can be customized via
$ cat /etc/sysconfig/docker
# /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
# If you want to add your own registry to be used for docker search and docker
# pull use the ADD_REGISTRY option to list a set of registries, each prepended
# with --add-registry flag. The first registry added will be the first registry
# searched.
ADD_REGISTRY='--add-registry registry.access.redhat.com'
# If you want to block registries from being used, uncomment the BLOCK_REGISTRY
# option and give it a set of registries, each prepended with --block-registry
# flag. For example adding docker.io will stop users from downloading images
# from docker.io
# BLOCK_REGISTRY='--block-registry'
# If you have a registry secured with https but do not have proper certs
# distributed, you can tell docker to not look for full authorization by
# adding the registry to the INSECURE_REGISTRY line and uncommenting it.
# INSECURE_REGISTRY='--insecure-registry'
# On an SELinux system, if you remove the --selinux-enabled option, you
# also need to turn on the docker_transition_unconfined boolean.
# setsebool -P docker_transition_unconfined 1
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false
#
# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
#DOCKERBINARY=/usr/bin/docker-latest
#DOCKERDBINARY=/usr/bin/dockerd-latest
#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest
⚠️ NOTE:If you modify docker configuration script you have to restart docker.service
$ sudo systemctl restart docker.service
$ sudo docker version # Display Docker version
Client:
Version: 1.12.6
API version: 1.24
Package version: docker-common-1.12.6-16.el7.x86_64
Go version: go1.7.4
Git commit: 3a094bd/1.12.6
Built: Tue Mar 21 13:30:59 2017
OS/Arch: linux/amd64
Server:
Version: 1.12.6
API version: 1.24
Package version: docker-common-1.12.6-16.el7.x86_64
Go version: go1.7.4
Git commit: 3a094bd/1.12.6
Built: Tue Mar 21 13:30:59 2017
OS/Arch: linux/amd64
$ sudo docker info # Display Docker system information
Containers: 2
Running: 1
Paused: 0
Stopped: 1
Images: 2
Server Version: 1.12.6
Storage Driver: devicemapper
Pool Name: docker-8:2-33621697-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 330.1 MB
Data Space Total: 107.4 GB
Data Space Available: 30.25 GB
Metadata Space Used: 921.6 kB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.147 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING:
Usage of loopback devices is strongly discouraged for production use.
Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.135-RHEL7 (2016-11-16)
Logging Driver: journald
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge null overlay host
Authorization: rhel-push-plugin
Swarm: inactive
Runtimes: docker-runc runc
Default Runtime: docker-runc
Security Options: seccomp selinux
Kernel Version: 3.10.0-514.16.1.el7.x86_64
Operating System: Red Hat Enterprise Linux Server 7.3 (Maipo)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 2
CPUs: 8
Total Memory: 27.47 GiB
Name: user00
ID: SZVU:5YIU:CVZI:7FJI:7AQB:SRZW:JXRK:ECXM:3SFY:SKAE:T3QZ:PO6E
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://registry.access.redhat.com/v1/
Insecure Registries:
127.0.0.0/8
Registries: registry.access.redhat.com (secure), docker.io (secure)
$ sudo docker images # List all pulled Docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry 2 136c8b16df20 11 days ago 33.17 MB
training:5000/dgsi/priv-registry 2 136c8b16df20 11 days ago 33.17 MB
registry.access.redhat.com/rhel7 latest 59fd232b7e05 12 days ago 192.7 MB
training:5000/dgsi/rhel latest 59fd232b7e05 12 days ago 192.7 MB
$ sudo docker images -a # List all Docker images + layers
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry 2 136c8b16df20 11 days ago 33.17 MB
training:5000/dgsi/priv-registry 2 136c8b16df20 11 days ago 33.17 MB
registry.access.redhat.com/rhel7 latest 59fd232b7e05 12 days ago 192.7 MB
training:5000/dgsi/rhel latest 59fd232b7e05 12 days ago 192.7 MB
$ sudo docker ps # List running Docker containers
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
322e89808cbc registry:2 "/entrypoint.sh /etc/" 21 hours ago Up 21 hours 0.0.0.0:5000->5000/tcp registry
$ sudo docker ps -a # List all Docker containers run so far
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
322e89808cbc registry:2 "/entrypoint.sh /etc/" 21 hours ago Up 21 hours 0.0.0.0:5000->5000/tcp registry
7a47a2be2732 registry:2 "htpasswd -Bbn dgsi d" 21 hours ago Exited (0)... amazing_saha
$ sudo docker network ls # List Docker networks
NETWORK ID NAME DRIVER SCOPE
48f81e6715b0 bridge bridge local
24b35c830b20 host host local
addc0c70bb98 none null local
$ ip addr # List Docker bridge network interface
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:0d:3a:26:1b:ad brd ff:ff:ff:ff:ff:ff
inet 10.0.0.4/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20d:3aff:fe26:1bad/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 02:42:f4:0c:83:6a brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:f4ff:fe0c:836a/64 scope link
valid_lft forever preferred_lft forever
$ sudo docker network inspect bridge
[
{
"Name": "bridge",
"Id": "48f81e6715b04bbfa853e1641d5a8c2fe2f8de6a6ba54f372888db04b20f81a6",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Containers": {
"322e89808cbcf7568a62e0268b98e3129fed61a37c92e828cd600b80f035a162": {
"Name": "registry",
"EndpointID": "280a8c07b6c52b9d542569ab49af21c30416d3180bb49ec9d7fc1cf58ec0b3ed",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]