本公众号之前发布过一篇《在Oracle云上安装和配置Docker Engine(OL6)》,有网友私信给我,希望能发一篇在Oracle Linux 7上的部署Docker Engine的文章,事实上Docker Engine对Oracle Linux 7的支持,与6完全一致,但是,考虑到这两个版本的操作系统本身差异较大,所以在部署Docker Engine的过程会有一些差异,于是老余就花了一点时间研究了一下Oracle Linux 7,就有了这篇文章。
本文将演示在Oracle云上的Oracle Linux 7的实例上安装和配置Docker Engine。
同样,先要在Oracle云上创建Oracle Linux 7.2 的实例,(略过创建过程,具体流程参见本公众号的其他文章《在Oracle云上创建Oracle Linux实例》),同时为该实例新建一块50G的硬盘,专门用于存放Docker Engine的文件系统,(具体流程参加本公众号的其他文章《为Oracle云上的Linux实例新增硬盘》):
操作系统版本情况:
[root@f807e9 opc]# uname -a
Linux f807e9 4.1.12-61.1.33.el7uek.x86_64 #2 SMP Thu Mar 30 18:45:51 PDT 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@f807e9 opc]# cat /etc/oracle-release
Oracle Linux Server release 7.2
文件系统和新增磁盘:
[root@f807e9 opc]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 7.3G 0 7.3G 0% dev
tmpfs 7.3G 0 7.3G 0% dev/shm
tmpfs 7.3G 8.3M 7.3G 1% run
tmpfs 7.3G 0 7.3G 0% sys/fs/cgroup
/dev/mapper/vg_main-lv_root 46G 1.1G 45G 3%
/dev/xvdb1 497M 113M 384M 23% boot
tmpfs 1.5G 0 1.5G 0% run/user/1000
[root@f807e9 opc]# fdisk -l dev/xvdc
Disk /dev/xvdc: 53.7 GB, 53687091200 bytes, 104857600 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes 512 bytes
I/O size (minimum/optimal): 512 bytes 512 bytes
与Oracle Linux 6一样,在Oracle Linux上,Docker 1.9(含1.9)以后的版本对操作系统内核有要求,只支持内核Unbreakable Enterprise Kernel Release 4 (UEK R4),因此在安装和配置Docker 1.9以上版本前,需要将操作系统的内核升级到UEK R4。
一、升级操作系统内核
本文将介绍采用yum升级操作系统内核。
修改yum repository配置文件,配置文件位于目录 /etc/yum.repos.d/下,Oracle Linux 7的yum repository文件为public-yum-ol7.repo
[root@f807e9 opc]# cd /etc/yum.repos.d/
[root@f807e9 yum.repos.d]# ls
ksplice-uptrack.repo public-yum-ol7.repo
修改public-yum-ol7.repo配置文件,如下:
禁用以下repo,将enabled项置为0
[ol7_UEKR3]
name=Latest Unbreakable Enterprise Kernel Release 3 for Oracle Linux $releasever ($basearch)
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/UEKR3/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=0
注:7.2版本中,此项缺省是0。
启用以下repo,将enabled项设置为1:
[ol7_UEKR4]
name=Latest Unbreakable Enterprise Kernel Release 4 for Oracle Linux $releasever ($basearch)
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/UEKR4/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
[ol7_addons]
name=Oracle Linux $releasever Add ons ($basearch)
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/addons/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
[ol7_latest]
name=Oracle Linux $releasever Latest ($basearch)
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
将系统内核升级到UEK R4:
# yum update
重启操作系统,以内核UEK R4启动
# reboot
注:在重启操作系统前,确认系统的缺省启动内核,查看配置系统启动配置文件/boot/grub/grub.conf,确保缺省内核为UEK R4。
二、安装Docker Engine
确认是以UEK R4内核启动后,准备安装Docker Engine。
采用root安装Docker Engine,执行以下命令
# yum install docker-engine
三、安装btrfs文件系统
Oracle推荐采用btrfs文件系统安装docker,
详情参见:https://docs.docker.com/engine/userguide/storagedriver/overlayfs-driver/.
在7.2版本中,btrfs包已缺省安装,可直接创建btrfs文件系统。
[root@f807e9 opc]# yum install btrfs-progs
Loaded plugins: ulninfo
Package btrfs-progs-4.4.1-1.0.1.el7.x86_64 already installed and latest version
Nothing to do
配置btrfs文件系统
注:本实验中,为docker单独分配了一个磁盘卷/dev/xvdc,接下来将在该磁盘卷上创建btrfs文件系统,这也是在Oracle Linux上安装配置Docker的最佳实践:为docker分配一个专属的btrfs文件系统。
[root@f807e9 opc]# mkfs.btrfs /dev/xvdc
btrfs-progs v4.4.1
See http://btrfs.wiki.kernel.org for more information.
Detected a SSD, turning off metadata duplication. Mkfs with -m dup if you want to force metadata duplication.
WARNING: The skinny-metadata mkfs default feature will work with the current kernel, but it is not compatible with older kernels supported on this OS. You can disable it with -O ^skinny-metadata option in mkfs.btrfs
Label: (null)
UUID: 4580e36a-a60c-4a1b-a689-e614c57c5d03
Node size: 16384
Sector size: 4096
Filesystem size: 50.00GiB
Block group profiles:
Data: single 8.00MiB
Metadata: single 8.00MiB
System: single 4.00MiB
SSD detected: yes
Incompat features: extref, skinny-metadata
Number of devices: 1
Devices:
ID SIZE PATH
1 50.00GiB dev/xvdc
注:保留好文件系统的UUID(红色高亮字体),后面的步骤中需要用到UUID。
也可以通过命令blkid查看文件系统的UUID:
[root@f807e9 opc]# blkid dev/xvdc
/dev/xvdc: UUID="4580e36a-a60c-4a1b-a689-e614c57c5d03"UUID_SUB="87d25447-8d5a-4b80-9bc3-8cf764203e7e" TYPE="btrfs"
四、加载Docker文件系统
创建加载点/var/lib/docker,将已创建的btrfs文件加载到该加载点,并设置自动加载
# mkdir var/lib/docker
Oracle Linux 7.2与6.8最大的区别就在下面的步骤。
首先创建配置文件/etc/systemd/system/var-lib-docker.mount,包含以下内容:
[Unit]
Description = Docker Image Store
[Mount]
What = UUID=4580e36a-a60c-4a1b-a689-e614c57c5d03
Where = /var/lib/docker
Type = btrfs
[Install]
WantedBy = multi-user.target
启用var-lib-docker.mount目标,将前面创建的btrfs文件系统加载
[root@f807e9 opc]# systemctl enable var-lib-docker.mount
Created symlink from /etc/systemd/system/multi-user.target.wants/var-lib-docker.mount to /etc/systemd/system/var-lib-docker.mount.
另外,也可以使用以下命令单独加载btrfs文件系统:
# systemctl start var-lib-docker.mount
查看文件系统加载情况:
[root@f807e9 opc]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 7.3G 0 7.3G 0% /dev
tmpfs 7.3G 0 7.3G 0% /dev/shm
tmpfs 7.3G 8.3M 7.3G 1% /run
tmpfs 7.3G 0 7.3G 0% /sys/fs/cgroup
/dev/mapper/vg_main-lv_root 46G 2.0G 44G 5% /
/dev/xvdb1 497M 157M 340M 32% /boot
tmpfs 1.5G 0 1.5G 0% /run/user/1000
/dev/xvdc 50G 17M 50G 1% /var/lib/docker
[root@f807e9 opc]# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /dev type devtmpfs (rw,nosuid,size=7551472k,nr_inodes=1887868,mode=755)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
configfs on /sys/kernel/config type configfs (rw,relatime)
/dev/mapper/vg_main-lv_root on / type xfs (rw,relatime,attr2,inode64,noquota)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=29,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
/dev/xvdb1 on /boot type xfs (rw,relatime,attr2,inode64,noquota)
xenfs on /proc/xen type xenfs (rw,relatime)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=1513468k,mode=700,uid=1000,gid=1000)
/dev/xvdc on /var/lib/docker type btrfs (rw,relatime,ssd,space_cache)
设置文件系统随系统启动自动加载
创建配置文件/etc/systemd/system/docker.service.d/var-lib-docker-mount.conf,包含以下内容:
[Unit]
Requires=var-lib-docker.mount
After=var-lib-docker.mount
五、关闭SELinux和防火墙
在Oracle Linux 7上,如果使用btrfs文件系统作为docker 的存储引擎,必须将SELinux服务禁用。
设置当前的SELinux模式为Permissive,执行以下命令:
[root@f807e9 opc]# setenforce Permissive
setenforce: SELinux is disabled
[root@f807e9 opc]# more /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
重启操作系统使配置生效
# systemctl reboot
禁用防火墙
[root@f807e9 opc]# systemctl stop firewalld
Failed to stop firewalld.service: Unit firewalld.service not loaded.
[root@f807e9 opc]# systemctl disable firewalld
Failed to execute operation: No such file or directory
注:系统防火墙缺省未启用。
六、启动Docker Engine服务
启动Docker Engine服务,并将该服务设置为随机自启动。
# systemctl start docker
# systemctl enable docker
查看Docker Engine服务的状态和Docker的版本信息
[root@f807e9 opc]# service docker status
Redirecting to /bin/systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/docker.service.d
└─docker-sysconfig.conf, var-lib-docker-mount.conf
Active: active (running) since Fri 2017-05-26 12:42:44 EDT; 1min 14s ago
Docs: https://docs.docker.com
Main PID: 2080 (dockerd)
CGroup: /system.slice/docker.service
├─2080 /usr/bin/dockerd --selinux-enabled
└─2086 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim docker-containerd-shim --metrics-i...
May 26 12:42:43 f807e9 dockerd[2080]: time="2017-05-26T12:42:43.163337728-04:00" level=info msg="Graph migration to content-addressa...seconds"
May 26 12:42:43 f807e9 dockerd[2080]: time="2017-05-26T12:42:43.163778264-04:00" level=warning msg="mountpoint for pids not found"
May 26 12:42:43 f807e9 dockerd[2080]: time="2017-05-26T12:42:43.164138327-04:00" level=info msg="Loading containers: start."
May 26 12:42:43 f807e9 dockerd[2080]: time="2017-05-26T12:42:43.240929303-04:00" level=info msg="Firewalld running: false"
May 26 12:42:43 f807e9 dockerd[2080]: time="2017-05-26T12:42:43.796721078-04:00" level=info msg="Default bridge (docker0) is assigne...address"
May 26 12:42:44 f807e9 dockerd[2080]: time="2017-05-26T12:42:44.433712267-04:00" level=info msg="Loading containers: done."
May 26 12:42:44 f807e9 dockerd[2080]: time="2017-05-26T12:42:44.433896526-04:00" level=info msg="Daemon has completed initialization"
May 26 12:42:44 f807e9 dockerd[2080]: time="2017-05-26T12:42:44.433928509-04:00" level=info msg="Docker daemon" commit=ac13b2b graph...n=1.12.6
May 26 12:42:44 f807e9 systemd[1]: Started Docker Application Container Engine.
May 26 12:42:44 f807e9 dockerd[2080]: time="2017-05-26T12:42:44.462385745-04:00" level=info msg="API listen on /var/run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.
[root@f807e9 opc]# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 1.12.6
Storage Driver: btrfs
Build Version: Btrfs v4.4.1
Library Version: 101
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: null host bridge overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 4.1.12-94.3.5.el7uek.x86_64
Operating System: Oracle Linux Server 7.3
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 14.43 GiB
Name: f807e9
ID: JMXR:N25K:G4WK:LAIN:LSCF:DYFB:FHVB:4VV7:R6HB:IVXZ:L53R:H6SE
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry:https://index.docker.io/v1/
Insecure Registries:
127.0.0.0/8
[root@f807e9 opc]# docker version
Client:
Version: 1.12.6
API version: 1.24
Go version: go1.6.4
Git commit: ac13b2b
Built: Wed Mar 22 02:52:47 2017
OS/Arch: linux/amd64
Server:
Version: 1.12.6
API version: 1.24
Go version: go1.6.4
Git commit: ac13b2b
Built: Wed Mar 22 02:52:47 2017
OS/Arch: linux/amd64
来吧,在Oracle云上部署Docker,就这么简单!!!
