CentOS 7.0, no direct access to the external network, and a proxy server.
First install docker-ce, refer to http://blog.51cto.com/aaronsa/2056882
Unless otherwise specified, use the root user for the following operations:
$ export http_proxy=http://xxxx $ export https_proxy=http://xxxx $ yum install -y yum-utils # 安装yum-config-manager $ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo # Add docker-ce yum source $ yum install container-selinux
# Not sure if this package should be installed separately, because I got stuck on this package once when I installed it, so I installed it separately. I checked the reason and found that the yum source used has not been synchronized for a long time (sweat!)
$ yum install docker-ce
$ systemctl start docker
The first pit, the startup fails, check the startup log through journalctl -xe, and report an error
devmapper: Error while creating filesystem xfs on device ....
Reference http://www.cnblogs.com/FoChen/p/8708932.html
$ yum update xfsprogs
The second pit, ordinary users cannot use the docker command, and an error is reported
Got permission denied while trying to connect to the Docker daemon socket at ...
After checking the information, it turns out that the docker command communicates with the docker daemon through a Unix socket, which involves access to the Unix socket. Please refer to https://www.cnblogs.com/franson-2016/p/6412971.html
I checked that there is already a docker group, it should be automatically created when yum install docker-ce, so just add ordinary users to the docker group;
$ gpasswd -a <user> docker
Ordinary users need to log in again;
The third pit, docker pull hello-world, reports an error:
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Confirmed the proxy server, it is not a problem with the proxy server;
I tried https://registry-1.docker.io in the browser, there is no content, I thought it was blocked by a wall, a big mistake, which led to a long journey, and then I think about it later, this should be an api The server just returns an empty result to the empty request. The HTTP return code is 200, not a wall. Even if you try https://registry-1.docker.io/v2/ at that time, you will not take this detour;
At the beginning, according to the wrong idea , I wanted to add a domestic registry mirror and find the information:
- Trying to set the --registry-mirror parameter through DOCKER_OPTS in /etc/default/docker and /etc/sysconfig/docker is invalid, and the configuration file is suspected to be incorrect;
- After referring to a lot of information (especially DaoCloud's Docker accelerator documentation and the set_mirror.sh script ), I learned that docker has undergone a revision from version 1.10 to 1.12, and started to use the json format configuration file under /etc/docker/daemon.json , even the format of the version number has changed; so write the address of the docker image accelerator in /etc/docker/daemon.json; ( regardless of aliyun or daocloud, both require registration and login to obtain the address of the dedicated accelerator. If someone else's accelerator address is used, bandwidth preemption should occur );
Since it is a wrong idea, of course, it did not solve my problem, but it is not empty-handed, and I have a little understanding of the docker architecture:
- When docker pull, the dockerd service is the main body of work, and the docker tool is a command line package;
- Docker's hub and registry server are somewhat similar to glance and swift in openstack;
The correct idea is to set the proxy to the environment variable of dockerd, which involves a little knowledge of systemd, refer to Arch-wiki ;
Then restart the dockerd service;
$ vi /etc/systemd/system/docker.service.d/proxy.conf
[Service] Environment="HTTP_PROXY=192.168.1.1:8080" Environment="HTTPS_PROXY=192.168.1.1:8080"
$ systemctl daemon-reload
$ systemctl show docker --property Environment #Confirm that the environment variable takes effect
$ systemctl restart docker
Use normal user to pull again:
$ docker pull hello-world Using default tag: latest latest: Pulling from library/hello-world 9bb5a5d4561a: Pull complete Digest: sha256:f5233545e43561214ca4891fd1157e1c3c563316ed8e237750d59bde73361e77 Status: Downloaded newer image for hello-world:latest
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest e38bc07ac18e 2 weeks ago 1.85kB
$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/engine/userguide/