Ubuntu 安装 Docker(译)
Ubuntu
Docker 支持这些 Ubuntu 操作系统:
- Ubuntu Wily 15.10
- Ubuntu Vivid 15.04
- Ubuntu Trusty 14.04 (LTS)
- Ubuntu Precise 12.04 (LTS)
本页指导您使用 Docker-managed 管理发行包和安装机制来安装。使用这些安装包可以确保你获取到的是最新发布的Docker。如果你希望使用 Ubuntu-managed 包安装,查阅ubuntu相关文档。
注: Ubuntu Utopic 14.10 已经在 Docker's apt 仓库存在,但是它将不会再被官方支持。
前提
Docker requires a 64-bit installation regardless of your Ubuntu version. Additionally, your kernel must be 3.10 at minimum. The latest 3.10 minor version or a newer maintained version are also acceptable.
Kernels older than 3.10 lack some of the features required to run Docker containers. These older versions are known to have bugs which cause data loss and frequently panic under certain conditions.
To check your current kernel version, open a terminal and use uname -r to display your kernel version:
$ uname -r 3.11.0-15-generic
注: 如果你之前使用 apt 安装 的哦此可忍,确保你更新apt 到新的Docker 仓库。
更新 apt 源
Docker’s apt 仓库包含 Docker 1.7.1 或更高版本. 设置apt 使用从新的仓库使用软件包:
-
If you haven’t already done so, log into your Ubuntu instance as a privileged user.
-
打开一个终端窗口。
-
增加新 gpg key.
$ sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
-
在你信息的编辑器中打开编辑这个 /etc/apt/sources.list.d/docker.list 文件。如果文件不存在,新建。
-
删除所有存在的项。
-
为你的 Ubuntu操作系统增加新项。
或许有下面条目:
-
在 Ubuntu Precise 12.04 (LTS)
deb https://apt.dockerproject.org/repo ubuntu-precise main
-
在 Ubuntu Trusty 14.04 (LTS)
deb https://apt.dockerproject.org/repo ubuntu-trusty main
-
在 Ubuntu Vivid 15.04
deb https://apt.dockerproject.org/repo ubuntu-vivid main
-
Ubuntu Wily 15.10
deb https://apt.dockerproject.org/repo ubuntu-wily main
-
-
保存且关闭 /etc/apt/sources.list.d/docker.list 这个文件。
-
更新 apt 软件包索引。
$ apt-get update
-
清除旧仓库如果存在。
$ apt-get purge lxc-docker
-
验证 apt 是从 右库来拉取软件包。
$ apt-cache policy docker-engine
从现在开始当使用 apt-get 升级,apt 将会从新的仓库拉取软件包。
Ubuntu 版本前提
- Ubuntu Wily 15.10
- Ubuntu Vivid 15.04
- Ubuntu Trusty 14.04 (LTS)
对于 Ubuntu Trusty, Vivid, and Wily, it’s recommended to install the linux-image-extra kernel package. The linux-image-extra package allows you use theaufs storage driver.
To install the linux-image-extra package for your kernel version:
-
Open a terminal on your Ubuntu host.
-
更新软件包管理。
$ sudo apt-get update
-
推荐安装软件包。
$ sudo apt-get install linux-image-extra-$(uname -r)
-
来吧,安装Ubuntu窗口。
Ubuntu Precise 12.04 (LTS)
For Ubuntu Precise, Docker requires the 3.13 kernel version. If your kernel version is older than 3.13, you must upgrade it. Refer to this table to see which packages are required for your environment:
linux-image-generic-lts-trusty | Generic Linux kernel image. This kernel has AUFS built in. This is required to run Docker. |
linux-headers-generic-lts-trusty | Allows packages such as ZFS and VirtualBox guest additions which depend on them. If you didn’t install the headers for your existing kernel, then you can skip these headers for the”trusty” kernel. If you’re unsure, you should include this package for safety. |
xserver-xorg-lts-trusty | Optional in non-graphical environments without Unity/Xorg.Required when running Docker on machine with a graphical environment. To learn more about the reasons for these packages, read the installation instructions for backported kernels, specifically the LTS Enablement Stack — refer to note 5 under each version. |
libgl1-mesa-glx-lts-trusty |
To upgrade your kernel and install the additional packages, do the following:
-
Open a terminal on your Ubuntu host.
-
Update your package manager.
$ sudo apt-get update
-
Install both the required and optional packages.
$ sudo apt-get install linux-image-generic-lts-trusty
Depending on your environment, you may install more as described in the preceding table.
-
Reboot your host.
$ sudo reboot
-
After your system reboots, go ahead and install Docker.
安装
确保已经安装了前提的 Ubuntu 版本,接下来, 根据下面步骤安装 Docker:
-
使用sudo 权限的用户登录到Ubuntu系统进行安装。
-
更新 apt 软件包索引。
$ sudo apt-get update
-
安装 Docker.
$ sudo apt-get install docker-engine
-
Start the docker daemon.
$ sudo service docker start
-
Verify docker is installed correctly.
$ sudo docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints an informational message. Then, it exits.
可选项配置
This section contains optional procedures for configuring your Ubuntu to work better with Docker.
- Create a docker group
- Adjust memory and swap accounting
- Enable UFW forwarding
- Configure a DNS server for use by Docker
- Configure Docker to start on boot
创建 Docker 用户组
The docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can access it with sudo. For this reason, docker daemon always runs as the root user.
To avoid having to use sudo when you use the docker command, create a Unix group called docker and add users to it. When the docker daemon starts, it makes the ownership of the Unix socket read/writable by the docker group.
警告: docker 用户组等效于root用户;对于您的系统上安全的细节的影响,查看 Docker 守护进程攻击点 详细.
创建 Docker 用户组增加用户:
-
使用 sudo 权限用户登录 Ubuntu.
This procedure assumes you log in as the ubuntu user.
-
创建docker 组并新增用户
$ sudo usermod -aG docker ubuntu
-
Log out and log back in.
This ensures your user is running with the correct permissions.
-
Verify your work by running docker without sudo.
$ docker run hello-world
如果失败并有类似这样的信息提示:
Cannot connect to the Docker daemon. Is 'docker daemon' running on this host?
Check that the DOCKER_HOST environment variable is not set for your shell. If it is, unset it.
Adjust memory and swap accounting
When users run Docker, they may see these messages when working with an image:
WARNING: Your kernel does not support cgroup swap limit. WARNING: Your kernel does not support swap limit capabilities. Limitation discarded.
To prevent these messages, enable memory and swap accounting on your system. Enabling memory and swap accounting does induce both a memory overhead and a performance degradation even when Docker is not in use. The memory overhead is about 1% of the total available memory. The performance degradation is roughly 10%.
To enable memory and swap on system using GNU GRUB (GNU GRand Unified Bootloader), do the following:
-
Log into Ubuntu as a user with sudo privileges.
-
Edit the /etc/default/grub file.
-
Set the GRUB_CMDLINE_LINUX value as follows:
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
-
Save and close the file.
-
Update GRUB.
$ sudo update-grub
-
Reboot your system.
Enable UFW forwarding
If you use UFW (Uncomplicated Firewall) on the same host as you run Docker, you’ll need to do additional configuration. Docker uses a bridge to manage container networking. By default, UFW drops all forwarding traffic. As a result, for Docker to run when UFW is enabled, you must set UFW’s forwarding policy appropriately.
Also, UFW’s default set of rules denies all incoming traffic. If you want to reach your containers from another host allow incoming connections on the Docker port. The Docker port defaults to 2376 if TLS is enabled or 2375 when it is not. If TLS is not enabled, communication is unencrypted. By default, Docker runs without TLS enabled.
To configure UFW and allow incoming connections on the Docker port:
-
Log into Ubuntu as a user with sudo privileges.
-
Verify that UFW is installed and enabled.
$ sudo ufw status
-
Open the /etc/default/ufw file for editing.
$ sudo nano /etc/default/ufw
-
Set the DEFAULT_FORWARD_POLICY policy to:
DEFAULT_FORWARD_POLICY="ACCEPT"
-
Save and close the file.
-
Reload UFW to use the new setting.
$ sudo ufw reload
-
Allow incoming connections on the Docker port.
$ sudo ufw allow 2375/tcp
Configure a DNS server for use by Docker
Systems that run Ubuntu or an Ubuntu derivative on the desktop typically use127.0.0.1 as the default nameserver in /etc/resolv.conf file. The NetworkManager also sets up dnsmasq to use the real DNS servers of the connection and sets up nameserver 127.0.0.1 in /etc/resolv.conf.
When starting containers on desktop machines with these configurations, Docker users see this warning:
WARNING: Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : [8.8.8.8 8.8.4.4]
The warning occurs because Docker containers can’t use the local DNS nameserver. Instead, Docker defaults to using an external nameserver.
To avoid this warning, you can specify a DNS server for use by Docker containers. Or, you can disable dnsmasq in NetworkManager. Though, disabling dnsmasqmight make DNS resolution slower on some networks.
To specify a DNS server for use by Docker:
-
Log into Ubuntu as a user with sudo privileges.
-
Open the /etc/default/docker file for editing.
$ sudo nano /etc/default/docker
-
Add a setting for Docker.
DOCKER_OPTS="--dns 8.8.8.8"
Replace 8.8.8.8 with a local DNS server such as 192.168.1.1. You can also specify multiple DNS servers. Separated them with spaces, for example:
--dns 8.8.8.8 --dns 192.168.1.1
Warning: If you’re doing this on a laptop which connects to various networks, make sure to choose a public DNS server.
-
Save and close the file.
-
Restart the Docker daemon.
$ sudo restart docker
Or, as an alternative to the previous procedure, disable dnsmasq in NetworkManager (this might slow your network).
-
Open the /etc/NetworkManager/NetworkManager.conf file for editing.
$ sudo nano /etc/NetworkManager/NetworkManager.conf
-
Comment out the dns=dsnmasq line:
dns=dnsmasq
-
Save and close the file.
-
Restart both the NetworkManager and Docker.
$ sudo restart network-manager $ sudo restart docker
Configure Docker to start on boot
Ubuntu uses systemd as its boot and service manager 15.04 onwards andupstart for versions 14.10 and below.
For 15.04 and up, to configure the docker daemon to start on boot, run
$ sudo systemctl enable docker
For 14.10 and below the above installation method automatically configuresupstart to start the docker daemon on boot
升级 Docker
To install the latest version of Docker with apt-get:
$ apt-get upgrade docker-engine
卸载
卸载Docker 软件包:
$ sudo apt-get purge docker-engine
卸载Docker软件包和依赖,它们不在使用:
$ sudo apt-get autoremove --purge docker-engine
如下命令将不会移除镜像、容器、数据卷,或用户在主机创建的配置文件。如果希望删除所有镜像、容器和数据卷运行如下命令:
$ rm -rf /var/lib/docker
你必须手动删除用户创建的配置文件。