版本比较
比较
标识
- 该行被添加。
- 该行被删除。
- 格式已经改变。
简介
photon 是 vmware 定制化的容器基础系统,目前版本是5.0。相比其他的宿主机,该系统是基于 CentOS 平台精简定制。下载地址可以访问下面:https://vmware.github.io/photon/docs/installation-guide/downloading-photon/。提供不同版本
SSH 配置
默认情况下 SSH 不支持 root 用户登录,需要修改对应的配置文件
网络配置
和 CentOS 7 所在的文件位置有些区别
代码块 | ||
---|---|---|
| ||
cat > /etc/systemd/network/99-static-en.network << EOF [Match] Name=eth0 [Network] Address=192.168.113.114/24 Gateway=192.168.113.1 DNS=119.29.29.29 EOF chmod 644 99-static-en.network systemctl restart systemd-networkd |
系统更新
代码块 | ||
---|---|---|
| ||
tdnf -y update |
防火墙
代码块 | ||
---|---|---|
| ||
/etc/systemd/scripts/ip4save systemctl restart iptables |
调整时间
代码块 | ||
---|---|---|
| ||
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime tdnf install ntp ntpdate 2.cn.pool.ntp.org ntpdate 210.72.145.44 |
安装 docker-compose
代码块 | ||
---|---|---|
| ||
tdnf install docker-compose tdnf install python3-pip pip3 install --root-user-action=ignore docker-compose ln -sv /usr/bin/docker-compose /usr/local/bin/docker-compose #cp docker-compose-linux-aarch64 /root/.docker/cli-plugins/ |
配置 docker compose
新版本的命令从 docker-compose 更改为 docker compose,增加了针对变量文件的支持,如果通过 docker-compose 执行出现“Error response from daemon: invalid reference format”的错误提醒,使用 docker compose 应该就能支持了
代码块 |
---|
DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker} mkdir -p $DOCKER_CONFIG/cli-plugins curl -SL https://github.com/docker/compose/releases/download/v2.29.6/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose |
配置跨平台编译组件
代码块 |
---|
tdnf install docker-buildx |
安装 pstree
代码块 | ||
---|---|---|
| ||
tdnf install psmisc |
查看日志
代码块 | ||
---|---|---|
| ||
journalctl -b |
重置 root 密码
- 进入启动界面,选择编辑。在最后的启动命令行中输入 rw init=/bin/bash
- 按 F10 重启进入单用户模式
- 重启后在命令行输入:
mount -o remount,rw /
- 输入 passwd 重置密码
umount /
reboot -f
版本升级
photon4.0 升级到 photon5.0
代码块 | ||
---|---|---|
| ||
tdnf -y install photon-upgrade photon-upgrade.sh --upgrade-os |
调整镜像配置
最新(25)的版本已经不再使用 overlay2
代码块 | ||
---|---|---|
| ||
{ "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": [ "https://swr.cn-south-1.myhuaweicloud.com", "http://hub-mirror.c.163.com", "https://docker.mirrors.ustc.edu.cn", "https://r9xxm8z8.mirror.aliyuncs.com", "https://registry.docker-cn.com" ], "max-concurrent-downloads": 10, "log-driver": "json-file", "log-level": "warn", "log-opts": { "max-size": "10m", "max-file": "3" }, "data-root": "/var/lib/docker" } |
清理已退出的容器镜像
代码块 | ||
---|---|---|
| ||
docker rm -v $(docker ps -aq -f status=exited) |
删除为 none的容器镜像文件
代码块 | ||
---|---|---|
| ||
docker rmi $(docker images -a |grep "none" |awk '{print $3}') |
调整容器镜像默认的保存位置
代码块 | ||
---|---|---|
| ||
vim /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock #ExecStart=/usr/bin/dockerd -g /data/lib/docker -H fd:// --containerd=/run/containerd/containerd.sock #/data/lib/docker 为新定义的位置 |
telnet 端口
代码块 | ||
---|---|---|
| ||
curl -v telnet://127.0.0.1:22 |
图形化容器管理
代码块 | ||
---|---|---|
| ||
docker pull portainer/portainer-ce docker run -d -p 8004:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce |
配置containerd
代码块 | ||
---|---|---|
| ||
cat > /usr/lib/systemd/system/containerd.service << EOF [Unit] Description=containerd container runtime Documentation=https://containerd.io After=network.target local-fs.target [Service] ExecStartPre=-/sbin/modprobe overlay ExecStart=/usr/bin/containerd Type=notify Delegate=yes KillMode=process Restart=always RestartSec=5 # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNPROC=infinity LimitCORE=infinity LimitNOFILE=infinity # Comment TasksMax if your systemd version does not supports it. # Only systemd 226 and above support this version. TasksMax=infinity OOMScoreAdjust=-999 [Install] WantedBy=multi-user.target EOF cat > /usr/lib/systemd/system/docker.service << EOF [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target containerd.service Wants=network-online.target Requires=docker.socket containerd.service [Service] Type=notify ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always StartLimitBurst=3 StartLimitInterval=60s LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity Delegate=yes KillMode=process [Install] WantedBy=multi-user.target EOF cat > /usr/lib/systemd/system/docker.socket << EOF [Unit] Description=Docker Socket for the API PartOf=docker.service [Socket] ListenStream=/var/run/docker.sock SocketMode=0660 SocketUser=root SocketGroup=docker [Install] WantedBy=sockets.target EOF cat > /etc/docker/daemon.json << EOF { "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": [ "https://hub.uuuadc.top", "https://docker.anyhub.us.kg", "https://dockerhub.jobcher.com", "https://dockerhub.icu", "https://docker.ckyl.me", "https://docker.awsl9527.cn" ], "max-concurrent-downloads": 10, "log-driver": "json-file", "log-level": "warn", "log-opts": { "max-size": "10m", "max-file": "3" }, "data-root": "/var/lib/docker" } EOF |
跳过容器的 entrypoint
代码块 | ||
---|---|---|
| ||
docker run -it --entrypoint /bin/bash [docker_image] |
通过容器还原 Dockerfile
代码块 |
---|
docker history --no-trunc $argv | tac | tr -s ' ' | cut -d " " -f 5- | sed 's,^/bin/sh -c #(nop) ,,g' | sed 's,^/bin/sh -c,RUN,g' | sed 's, && ,\n & ,g' | sed 's,\s*[0-9]*[\.]*[0-9]*\s*[kMG]*B\s*$,,g' | head -n -1
alias dive="docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive"
dive nginx:latest |
通过 overlay2 查看容器
代码块 | ||
---|---|---|
| ||
cd /var/lib/docker/overlay2/ du -s ./* | sort -rn | more docker ps -q | xargs docker inspect --format '{{.State.Pid}}, {{.Id}}, {{.Name}}, {{.GraphDriver.Data.WorkDir}}' | \ grep fa97690552f43d57dd4797baaf8168cebbe2ff83400f09787de3cc8a756dd173 |
清理无用的卷和磁盘
代码块 | ||
---|---|---|
| ||
docker volume rm $(docker volume ls -qf dangling=true) docker rmi $(docker images | grep '^<none>' | awk '{print $3}') docker images --no-trunc | grep '<none>' | awk '{ print $3 }' | xargs docker rmi docker system prune docker volume prune docker rm $(docker ps -q) docker rmi $(docker images -q) |
pull 镜像采用代理方式
代码块 | ||
---|---|---|
| ||
vim /etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=systemd"], "registry-mirrors": [ "https://dockerpull.com", "https://swr.cn-south-1.myhuaweicloud.com", "http://hub-mirror.c.163.com", "https://docker.mirrors.ustc.edu.cn", "https://r9xxm8z8.mirror.aliyuncs.com", "https://registry.docker-cn.com" ], "max-concurrent-downloads": 10, "log-driver": "json-file", "log-level": "warn", "log-opts": { "max-size": "10m", "max-file": "3" }, "data-root": "/var/lib/docker", "proxies": { "http-proxy": "socks5://192.168.77.209:7890", "https-proxy": "socks5://192.168.77.209:7890" } } |
源码安装 qemu 组件
代码块 | ||
---|---|---|
| ||
tdnf install -y wget tar ninja-build glib-devel pixman pixman-devel libgcrypt libgcrypt-devel build-essential git tdnf install libaio-devel libcap-ng-devel capstone-devel gtk3-devel ncurses-devel libseccomp-devel nettle-devel \ lzo-devel snappy-devel librdmacm-devel libibverbs-devel cyrus-sasl-devel libpng-devel systemtap-sdt-devel bzip2-devel \ curl-devel libssh wget https://download.qemu.org/qemu-8.2.5.tar.xz tar xvf qemu-8.2.5.tar.xz cd qemu-8.2.5/ mkdir build cd build ../configure make install |
参考内容
- 容器镜像的下载和配置:https://www.wangdu.site/course/2109.html
- https://github.com/DaoCloud/public-image-mirror
- https://www.dolingou.com/article/Docker-accelerated-mirror
- 自己简易的 docker 镜像加速服务:https://github.com/brighill/registry-mirror
- 南京大学容器镜像服务:https://doc.nju.edu.cn/books/e1654/page/ghcr
- qemu 安装 说明 https://wiki.qemu.org/Hosts/Linux
- 容器代理配置:https://www.fre321.com/docker_proxy_list
目录 |
---|