文章目录
介绍
利用docker提供的API访问docker 在远端操作容器的创建、部署、启动、停止等。
安装
安装Docker服务,此处不做过多介绍,参考上一个笔记。
开启远程访问
本次基于安装的Docker基本信息如下
[root@localhost ~]# docker version Client: Docker Engine - Community Version: 20.10.8 API version: 1.41 Go version: go1.16.6 Git commit: 3967b7d Built: Fri Jul 30 19:55:49 2021 OS/Arch: linux/amd64 Context: default Experimental: trueServer: Docker Engine - Community Engine: Version: 20.10.8 API version: 1.41 (minimum version 1.12) Go version: go1.16.6 Git commit: 75249d8 Built: Fri Jul 30 19:54:13 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.9 GitCommit: e25210fe30a0a703442421b0f60afac609f950a3 runc: Version: 1.0.1 GitCommit: v1.0.1-0-g4144b63 docker-init: Version: 0.19.0 GitCommit: de40ad0123456789101112131415161718192021222324252627282930
首先编辑docker的宿主机文件 /lib/systemd/system/docker.service
修改以ExecStart开头的行
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock
编辑后文件内容如下:
[root@localhost ~]# cat /lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket containerd.service [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock #ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process OOMScoreAdjust=-500 [Install] WantedBy=multi-user.target
修改后保存文件,然后通知docker服务做出的修改
systemctl daemon-reload
重启docker服务
service docker restart
接下来测试一下看是否能连接到docker api。上面的2375就是对应端口
[root@localhost ~]# curl { "Platform": { "Name": "Docker Engine - Community" }, "Components": [{ "Name": "Engine", "Version": "20.10.8", "Details": { "ApiVersion": "1.41", "Arch": "amd64", "BuildTime": "2021-07-30T19:54:13.000000000+00:00", "Experimental": "false", "GitCommit": "75249d8", "GoVersion": "go1.16.6", "KernelVersion": "3.10.0-1160.el7.x86_64", "MinAPIVersion": "1.12", "Os": "linux" } }, { "Name": "containerd", "Version": "1.4.9", "Details": { "GitCommit": "e25210fe30a0a703442421b0f60afac609f950a3" } }, { "Name": "runc", "Version": "1.0.1", "Details": { "GitCommit": "v1.0.1-0-g4144b63" } }, { "Name": "docker-init", "Version": "0.19.0", "Details": { "GitCommit": "de40ad0" } }], "Version": "20.10.8", "ApiVersion": "1.41", "MinAPIVersion": "1.12", "GitCommit": "75249d8", "GoVersion": "go1.16.6", "Os": "linux", "Arch": "amd64", "KernelVersion": "3.10.0-1160.el7.x86_64", "BuildTime": "2021-07-30T19:54:13.000000000+00:00" }
此时本级可以访问,如果其他机器访问的话可能2375端口没有开放,需要在防火墙中打开添加2375端口tcp放行。
#添加2375端口 [root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=2375/tcp success #防火墙重启 [root@localhost ~]# firewall-cmd --reload success #查看开放的端口 [root@localhost ~]# firewall-cmd --permanent --zone=public --list-ports 2375/tcp
使用另外一个机器内网浏览器访问http://192.168.3.8:2375/version
,此时 192.168.3.8是我的docker所在机器的ip地址