[Docker] 도커 학습 - 1. 설치 및 정보 확인
- IT/Docker & Kubernetes
- 2020. 5. 9.
docker 설치 하기
Centos7 환경에서 진행합니다~
curl 스크립트를 받아와서 sh로 실행합니다.
curl -sSL http://get.docker.com | sh
[root@linux-1 ~]# curl -sSL http://get.docker.com | sh
# Executing docker install script, commit: 1b02882d63b9cfc484ad6b0180171c679cfe0 f3a
+ sh -c 'yum install -y -q yum-utils'
+ sh -c 'yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo'
Loaded plugins: fastestmirror
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
+ '[' stable '!=' stable ']'
+ sh -c 'yum makecache'
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 7.8 kB 00:00:00
* base: mirror.kakao.com
* epel: ftp.jaist.ac.jp
* extras: mirror.kakao.com
* updates: mirror.kakao.com
base | 3.6 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
...
Metadata Cache Created
+ '[' -n '' ']'
+ sh -c 'yum install -y -q docker-ce'
warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/containerd.io-1.2.13-3.1.el7.x86_64.rpm: Header V4 RSA/SHA512 Sign ature, key ID 621e9f35: NOKEY
Public key for containerd.io-1.2.13-3.1.el7.x86_64.rpm is not installed
Importing GPG key 0x621E9F35:
Userid : "Docker Release (CE rpm) <docker@docker.com>"
Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
From : https://download.docker.com/linux/centos/gpg
setsebool: SELinux is disabled.
If you would like to use Docker as a non-root user, you should now consider
adding your user to the "docker" group with something like:
sudo usermod -aG docker your-user
Remember that you will have to log out and back in for this to take effect!
WARNING: Adding a user to the "docker" group will grant the ability to run
containers which can be used to obtain root privileges on the
docker host.
Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface
for more information.
docker 구동
systemctl start docker
docker 실행 상태 확인
[root@linux-1 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since 토 2020-05-09 08:15:22 KST; 6s ago
Docs: https://docs.docker.com
Main PID: 1850 (dockerd)
Tasks: 8
Memory: 42.5M
CGroup: /system.slice/docker.service
└─1850 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
5월 09 08:15:21 linux-1 dockerd[1850]: time="2020-05-09T08:15:21.807875060+09:00" level=info msg="scheme \"unix\" not registered, ...ule=grpc
5월 09 08:15:21 linux-1 dockerd[1850]: time="2020-05-09T08:15:21.807907462+09:00" level=info msg="ccResolverWrapper: sending updat...ule=grpc
5월 09 08:15:21 linux-1 dockerd[1850]: time="2020-05-09T08:15:21.807939346+09:00" level=info msg="ClientConn switching balancer to...ule=grpc
5월 09 08:15:21 linux-1 dockerd[1850]: time="2020-05-09T08:15:21.837297940+09:00" level=info msg="Loading containers: start."
5월 09 08:15:22 linux-1 dockerd[1850]: time="2020-05-09T08:15:22.307886029+09:00" level=info msg="Default bridge (docker0) is assi...address"
5월 09 08:15:22 linux-1 dockerd[1850]: time="2020-05-09T08:15:22.603792473+09:00" level=info msg="Loading containers: done."
5월 09 08:15:22 linux-1 dockerd[1850]: time="2020-05-09T08:15:22.620586576+09:00" level=info msg="Docker daemon" commit=afacb8b gr...=19.03.8
5월 09 08:15:22 linux-1 dockerd[1850]: time="2020-05-09T08:15:22.620708387+09:00" level=info msg="Daemon has completed initialization"
5월 09 08:15:22 linux-1 systemd[1]: Started Docker Application Container Engine.
5월 09 08:15:22 linux-1 dockerd[1850]: time="2020-05-09T08:15:22.688243341+09:00" level=info msg="API listen on /var/run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.
docker 정보 확인
docker server client 버전 확인
[root@linux-1 ~]# docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:27:04 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:25:42 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
docker 상세 정보 확인
당연한 소리지만 실행 중인 컨테이너 없고, 이미지도 없다.
[root@linux-1 ~]# docker info
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
docker Root directory
[root@linux-1 docker]# pwd
/var/lib/docker
[root@linux-1 docker]# ls -al
합계 4
drwx--x--x 14 root root 182 5월 9 08:15 .
drwxr-xr-x. 30 root root 4096 5월 9 08:15 ..
drwx------ 2 root root 24 5월 9 08:15 builder
drwx--x--x 4 root root 92 5월 9 08:15 buildkit
drwx------ 2 root root 6 5월 9 08:15 containers
drwx------ 3 root root 22 5월 9 08:15 image
drwxr-x--- 3 root root 19 5월 9 08:15 network
drwx------ 3 root root 15 5월 9 08:15 overlay2
drwx------ 4 root root 32 5월 9 08:15 plugins
drwx------ 2 root root 6 5월 9 08:15 runtimes
drwx------ 2 root root 6 5월 9 08:15 swarm
drwx------ 2 root root 6 5월 9 08:15 tmp
drwx------ 2 root root 6 5월 9 08:15 trust
drwx------ 2 root root 25 5월 9 08:15 volumes
사용자 계정 추가 및 docker 권한 할당
다음은 docker.sock파일에 대해 잠깐 살펴보겠습니다.
docker.sock 파일은 docker api의 주요한 entry point로서 docker daemon이 listening 하고 있는 UNIX 소켓입니다.
docker client는 기본적으로 이 socket을 사용하여 도커 명령어를 실행합니다.
docker 명령어를 입력하면 docker CLI가 명령어를 소켓을 통해 docker 데몬에 전달을 하는 방식입니다.
docker.sock의 위치는 아래와 같습니다.
[root@linux-1 run]# ls -al /var/run/docker.sock
srw-rw---- 1 root docker 0 5월 9 08:15 /var/run/docker.sock
docker.sock 그룹 권한이 docker 그룹이네요.
그럼, 만약 root가 아닌 사용자 계정으로 docker 명령어를 수행하고 싶으시면 docker 그룹에 추가하면 되겠죠?
한 번 진행해보겠습니다.
test 계정이 속해있는 그룹 확인 후 docker 명령어 실행 -> "permission denied"
[test@linux-1 run]$ id test
uid=1000(test) gid=1000(test) groups=1000(test)
[test@linux-1 run]$ docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:27:04 2020
OS/Arch: linux/amd64
Experimental: false
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/version: dial unix /var/run/docker.sock: connect: permission denied
test 계정을 docker 그룹에 포함시키고 다시 docker 명령어 실행 -> "성공"
[root@linux-1 run]# usermod -aG docker test
[root@linux-1 run]# su test
[test@linux-1 run]$ docker version
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:27:04 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b
Built: Wed Mar 11 01:25:42 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
[test@linux-1 run]$ id test
uid=1000(test) gid=1000(test) groups=1000(test),991(docker)
오늘은 docker 설치하는 방법과 계정 권한 추가 방법에 대해 간단히 알아보았습니다.
다음 시간에는 이미지를 다운 및 컨터이너를 띄어보도록 하겠습니다.
감사합니다~
'IT > Docker & Kubernetes' 카테고리의 다른 글
| [k8s] kubernetes(쿠버네티스) cluster에 nginx 설치하기 (0) | 2020.07.10 |
|---|---|
| [k8s] kubespray로 kubernetes(쿠버네티스) 설치하기 (2) | 2020.07.01 |
| [Docker] 도커 학습 - 4. Dockerfile을 사용하여 이미지 생성 (0) | 2020.05.19 |
| [Docker] 도커 학습 - 3. 이미지 & 컨테이너 삭제 명령어 (0) | 2020.05.12 |
| [Docker] 도커 학습 - 2. 이미지 다운로드 및 컨테이너 실행 (1) | 2020.05.09 |
