分类标题

Autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et dolore feugait.

分类归档 Docker

docker配置代理

背景

在一些实验室环境,服务器没有访问外网的权限,需要通过http代理。我们通常会将网络代理直接配置/etc/profile的配置文件中,这对于大部分操作都是可行的。然而,docker命令却使用不了这些代理。比如docker pull时需要从外网下载镜像,就会出现如下错误:

$ sudo docker pull hello-world

Unable to find image 'hello-world:latest' locally
Pulling repository docker.io/library/hello-world
docker: Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/hello-world/images. You may want to check your internet connection or if you are behind a proxy..
See 'docker run --help'.

解决方案

# 创建 /etc/systemd/system/docker.service.d
$ sudo mkdir -p /etc/systemd/system/docker.service.d

# 
$ sudo vim /etc/systemd/system/docker.service.d/http_proxy.conf
[Service]
Environment="HTTP_PROXY=http://${proxy-addr}:${proxy-port}/" "HTTPS_PROXY=https://${proxy-addr}:${proxy-port}/" "NO_PROXY=localhost,127.0.0.1,docker-registry.somecorporation.com"

# 更新配置并重启 docker 服务
$ sudo systemctl daemon-reload && sudo systemctl restart docker.service

非root用戶沒有權限運行docker命令

問題描述

[[email protected] ~]$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json: dial unix /var/run/docker.sock: connect: permission denied

問題分析

Manage Docker as a non-root user

The docker daemon binds to a Unix socket instead of a TCP port. By
default that Unix socket is owned by the user root and other users can
only access it using sudo. The docker daemon always runs as the root
user.

If you don’t want to use sudo when you use the docker command, create
a Unix group called docker and add users to it. When the docker daemon
starts, it makes the ownership of the Unix socket read/writable by the
docker group.

解決辦法

# 添加docker用户组
[[email protected] ~]$ sudo groupadd docker

# 将登陆用户加入到docker用户组中
[[email protected] ~]$ sudo gpasswd -a $USER docker

# 更新用户组
[[email protected] ~]$ sudo newgrp docker

# 重啓 docker 服務
[[email protected] ~]$ sudo systemctl restart docker.service

# 授權 docker.sock 
[[email protected] ~]$ sudo chmod a+rw /var/run/docker.sock

批量新增用戶至docker用戶組脚本

#!/bin/bash
#author by Michael Ho

# 用戶列表
user_array=(
    zhouj
    zhangmy
    caimz
    yuy
)

# 新增用戶到docker群組中
add_user() {

    if [[ $EUID -ne 0 ]]; then
        echo -ne "\033[31mThis scripts must be run as root ..\033[0m"
        exit 1
    fi

    groupadd docker

    for i in ${user_array[*]}; do
        gpasswd -a $i docker
        echo -ne "\033[32m 已將 $i 加入到 docker 用戶組! \033[0m"
    done

    newgrp docker
}

# main函式
main() {
    add_user

    # 重啓 docker 服務
    systemctl restart docker.service

    # 授權 docker.sock 
    chmod a+rw /var/run/docker.sock
}

# 程式入口
main

docker运行目录/var/lib/docker目录迁移

docker运行目录/var/lib/docker目录迁移

0.停止docker服务
systemctl stop docker
1.创建docker新目录
mkdir -p /data/docker/lib
2.开始迁移
rsync -avzP /var/lib/docker /data/docker/lib/
3.在docker守护进程文件中指定新的docker运行目录
vim /lib/systemd/system/docker.service
# 在ExecStart加入
--graph=/data/docker/lib/docker

4.重启docker服务

systemctl daemon-reload && systemctl start docker

5.检查docker服务状态

systemctl status docker