远程安装docker

实验环境

ip	服务	备注
192.168.1.11	docker、docker-machine	ssh免密
192.168.1.12	初始环境可联网
192.168.1.13	初始环境可联网

实验目的

通过docker-machine为其他两台主机安装docker

实验步骤

关闭三台防火墙

systemctl stop firewalld

开启防火墙会造成安装不成功，或者获取不到其他两台的信息

三台修改ssh和sudoers文件

[root@localhost ~]# vim /etc/ssh/sshd_config 
# 将以下取消注释，表示允许root权限登录操作
PermitRootLogin yes 
[root@localhost ~]# systemctl restart sshd
[root@localhost ~]# vim /etc/sudoers
# 将以下内容去掉!符号
Defaults   !visiblepw

免密登录

192.168.1.11

做1.11对其他两台的免密登录

[root@localhost ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:QXZy7Z6Ji74+EFxft6azlkSdI4+ClUfz+ZNqltzOrWg root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|        + o.     |
|       o.+  = .  |
|     . ... = = + |
|      o  .+ = O  |
|       .So = O o.|
|      . . o O .o.|
|       . . +.++ .|
|        o . EB...|
|       o+o o+ o+.|
+----[SHA256]-----+
[root@localhost ~]# ssh-copy-id -i root@192.168.1.12
[root@localhost ~]# ssh-copy-id -i root@192.168.1.13

远程安装docker

192.168.1.11

开启两个终端可以同时为两台主机安装docker

192.168.1.12：host1

192.168.1.13：host2

使用--driver generic只适用于Linux系统，其他系统请参考这里

[root@localhost ~]# docker-machine create --driver generic --generic-ip-address 192.168.1.12 host1
[root@localhost ~]# docker-machine create --driver generic --generic-ip-address 192.168.1.13 host2
# 参数说明
-d/--driver  #指定基于什么虚拟化技术的驱动
--generic-ip-address  #指定要安装宿主机的IP，这里是本地的IP。也就是说，你也可以给别的主机装Docker，前提是SSH root用户免交互登录或私钥认证。

如果在这里遇到报错Error creating machine: Error running provisioning: error installing docker:，先去检查之前让修改的都没有问题之后，再试，如果还是不行，除了docker-machine这台主机，其他两台换为已经安装docker的主机，因为在create的过程中，是通过国外的网站去下载的，网络原因，会下载到一半停止，继续运行create后面的步骤，所以会报这个错误，提前将docker安装好就不会这样了

经过漫长的等待，成功之后查看

[root@localhost ~]# docker-machine ls
NAME    ACTIVE   DRIVER    STATE     URL                       SWARM   DOCKER     ERRORS
host1   -        generic   Running   tcp://192.168.1.12:2376           v19.03.8   
host2   -        generic   Running   tcp://192.168.1.13:2376           v19.03.8   

docker-machine远程管理docker主机

控制远程docker主机

显示访问host1需要的环境变量

[root@localhost ~]# docker-machine env host1
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.1.12:2376"
export DOCKER_CERT_PATH="/root/.docker/machine/machines/host1"
export DOCKER_MACHINE_NAME="host1"
# Run this command to configure your shell: 
# eval $(docker-machine env host1)

根据一上提示运行eval $(docker-machine env host1)可进入host1环境中，提前执行bash是因为如果从host1环境exit之后会直接断开xshell的连接

[root@localhost ~]# bash
[root@localhost ~]# eval $(docker-machine env host1)
[root@localhost ~ [host1]]# 

远程下载httpd镜像

[root@localhost ~ [host1]]# docker pull httpd:latest
latest: Pulling from library/httpd
c499e6d256d6: Pull complete 
76155f771be0: Pull complete 
48b718b71719: Pull complete 
d65ae7a4c211: Pull complete 
8d17dee838ad: Pull complete 
Digest: sha256:13aa010584cb3d79d66adf52444494ae5db67faa28d65a1a25e6ddc57f7c0e2a
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
[root@localhost ~ [host1]]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
httpd               latest              8326be82abe6        28 hours ago        166MB

可以看出这时运行的所有命令都会在host1生效

远程运行容器

[root@localhost ~ [host1]]# docker run -d -p 80 --name web  httpd

如果允许容器出现以下报错

docker: Error response from daemon: driver failed programming external connectivity on 
endpoint web3 
(91d14cff50d3343e4b884c342d24713036b4d49eaa3cfe534793495ce013e657):  
(iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 
32827 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables: 
No chain/target/match by that name.
 (exit status 1)).

请去远程主机执行以下命令，或者放行端口

# 方法一、情况防火墙策略
systemctl start firewalld
iptables -F
iptables-save
# 方法二、放行端口
[root@localhost ~]# firewall-cmd --add-port=2376/tcp

远程主机切换远程主机

[root@localhost ~ [host1]]# docker-machine env host2
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.1.13:2376"
export DOCKER_CERT_PATH="/root/.docker/machine/machines/host2"
export DOCKER_MACHINE_NAME="host2"
# Run this command to configure your shell: 
# eval $(docker-machine env host2)
[root@localhost ~ [host1]]# eval $(docker-machine env host2)
[root@localhost ~ [host2]]# 

docker-machine常用命令

批量升级docker版本

docker-machine

[root@localhost ~]# docker-machine upgrade host1 host2

被管理端之间的文件传输

host1

[root@host1 ~]# echo "This file in the host1" > /tmp/host1

docker-machine

[root@localhost ~]# docker-machine scp host1:/tmp/host1 host2:/tmp/bb
[root@localhost ~]# docker-machine ssh host2 cat /tmp/bb
This file in the host1

查看被管理端ip

docker-machine

[root@localhost ~]# docker-machine ip host1 host2
192.168.1.12
192.168.1.13
[root@localhost ~]# docker-machine ip host1
192.168.1.12

ssh连接远程主机执行命令

docker-machine

可以使用任何linux命令

[root@localhost ~]# docker-machine ssh host1 free -m
              total        used        free      shared  buff/cache   available
Mem:           3770        1043         262          25        2465        2420
Swap:          3967           0        3967
[root@localhost ~]# docker-machine ssh host1 hostname
host1

查看别管理端服务器状态

docker-machine

[root@localhost ~]# docker-machine status host1
Running

查看主机配置

docker-machine

[root@localhost ~]# docker-machine inspect host1

映射挂载目录

将docker-machine主机上的目录映射到被管理端的容器中

docker-machine

# 安装支持docker-machine使用mount命令的工具
[root@localhost ~]# yum -y install fuse-sshfs rpel-release
# 创建要挂载的目录
[root@localhost ~]# mkdir /cyj
# 在host1中创建挂载目录
[root@localhost ~]# docker-machine ssh host1 mkdir /pjf
# 将host1中的pjf目录挂载到docker-machine主机的cyj目录
[root@localhost ~]# docker-machine mount host1:/pjf /cyj
# 在本机cyj目录创建index.html文件
[root@localhost ~]# echo "The page in the docker-machine" > /cyj/index.html
# 查看在host1的挂载目录是否存在
[root@localhost ~]# docker-machine ssh host1 ls /pjf
index.html
[root@localhost ~]# docker-machine ssh host1 cat /pjf/index.html
The page in the docker-machine

然后将host1的pjf目录挂载到容器中就好了

[root@localhost ~]# docker-machine env host1
# Run this command to configure your shell: 
# eval $(docker-machine env host1)
[root@localhost ~]# bash
[root@localhost ~]# eval $(docker-machine env host1)
[root@localhost ~ [host1]]# docker run -d -p 80 --name web2 --volume /pjf:/usr/local/apache2/htdocs httpd
a130cc55a787e21afca02f2470ec409e771ec84d64c8433fc6700a336c40c13d
[root@localhost ~ [host1]]# curl 192.168.1.12:32768
The page in the docker-machine

卸载

[root@localhost ~]# docker-machine mount -u host1:/pjf /cyj

远程重启

docker-machine

[root@localhost ~]# docker-machine restart host1

然后就会看到该主机在重新启动

本身docker-machine支持stop/kill来关闭远程主机，但是generic这个驱动器不支持。所以只能restart或者start