Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
简介
photon 是 vmware 定制化的容器基础系统,目前版本是5.0。相比其他的宿主机,该系统是基于 CentOS 平台精简定制。下载地址可以访问下面:https://vmware.github.io/photon/docs/installation-guide/downloading-photon/。提供不同版本
SSH 配置
默认情况下 SSH 不支持 root 用户登录,需要修改对应的配置文件
网络配置
和 CentOS 7 所在的文件位置有些区别
| 代码块 | ||
|---|---|---|
| ||
cat > /etc/systemd/network/99-static-en.network << EOF [Match] Name=eth0 [Network] Address=192.168.113.114/24 Gateway=192.168.113.1 DNS=119.29.29.29 EOF chmod 644 99-static-en.network systemctl restart systemd-networkd |
系统更新
| 代码块 | ||
|---|---|---|
| ||
tdnf -y update |
防火墙
| 代码块 | ||
|---|---|---|
| ||
/etc/systemd/scripts/ip4save systemctl restart iptables |
调整时间
| 代码块 | ||
|---|---|---|
| ||
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime tdnf install ntp ntpdate 2.cn.pool.ntp.org ntpdate 210.72.145.44 |
安装 docker-compose
| 代码块 | ||
|---|---|---|
| ||
tdnf install docker-compose tdnf install python3-pip pip3 install --root-user-action=ignore docker-compose ln -sv /usr/bin/docker-compose /usr/local/bin/docker-compose #cp docker-compose-linux-aarch64 /root/.docker/cli-plugins/ |
配置 docker compose
新版本的命令从 docker-compose 更改为 docker compose,增加了针对变量文件的支持,如果通过 docker-compose 执行出现“Error response from daemon: invalid reference format”的错误提醒,使用 docker compose 应该就能支持了
| 代码块 |
|---|
DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
mkdir -p $DOCKER_CONFIG/cli-plugins
curl -SL https://github.com/docker/compose/releases/download/v2.29.6/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose |
配置跨平台编译组件
| 代码块 |
|---|
tdnf install docker-buildx |
安装 pstree
| 代码块 | ||
|---|---|---|
| ||
tdnf install psmisc |
安装 fswatch
fswatch 是一款可以监视系统文件变化的定位工具。在 Photon 环境中并没有提供,需要自行安装。先从官网 https://github.com/emcrisostomo/fswatch 下载该文件,然后自行完成编译。当然在编译前请确保已安装并配置了相应的编译组件。
| 代码块 | ||
|---|---|---|
| ||
wget http://192.168.16.150/fswatch-1.18.3.tar.gz
tar zxvf fswatch-1.18.3.tar.gz
cd fswatch-1.18.3/
./configure
make
make install |
完成安装后运行 fswatch 指令如果出现找不到 libfswatch.so.13 文件,执行 ln -sv /usr/local/lib/libfswatch.so.13 /usr/lib/ 即可
查看日志
| 代码块 | ||
|---|---|---|
| ||
journalctl -b |
重置 root 密码
- 进入启动界面,选择编辑。在最后的启动命令行中输入 rw init=/bin/bash
- 按 F10 重启进入单用户模式
- 重启后在命令行输入:
mount -o remount,rw / - 输入 passwd 重置密码
umount /reboot -f
设置密码永不过期
| 代码块 | ||
|---|---|---|
| ||
chage -M -1 -E -1 root |
版本升级
photon4.0 升级到 photon5.0
| 代码块 | ||
|---|---|---|
| ||
tdnf -y install photon-upgrade photon-upgrade.sh --upgrade-os |
容器操作相关
调整镜像配置
最新(25)的版本已经不再使用 overlay2
| 代码块 | ||
|---|---|---|
| ||
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://swr.cn-south-1.myhuaweicloud.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn",
"https://r9xxm8z8.mirror.aliyuncs.com",
"https://registry.docker-cn.com"
],
"max-concurrent-downloads": 10,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"data-root": "/var/lib/docker"
} |
清理已退出的容器镜像
| 代码块 | ||
|---|---|---|
| ||
docker rm -v $(docker ps -aq -f status=exited) |
删除为 none的容器镜像文件
| 代码块 | ||
|---|---|---|
| ||
docker rmi $(docker images -a |grep "none" |awk '{print $3}') |
调整容器镜像默认的保存位置
| 代码块 | ||
|---|---|---|
| ||
vim /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock #ExecStart=/usr/bin/dockerd -g /data/lib/docker -H fd:// --containerd=/run/containerd/containerd.sock #/data/lib/docker 为新定义的位置 |
telnet 端口
| 代码块 | ||
|---|---|---|
| ||
curl -v telnet://127.0.0.1:22 |
图形化容器管理
| 代码块 | ||
|---|---|---|
| ||
docker pull portainer/portainer-ce docker run -d -p 8004:9000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce |
配置containerd
| 代码块 | ||
|---|---|---|
| ||
cat > /usr/lib/systemd/system/containerd.service << EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
EOF
cat > /usr/lib/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
cat > /usr/lib/systemd/system/docker.socket << EOF
[Unit]
Description=Docker Socket for the API
PartOf=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target
EOF
cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://hub.uuuadc.top",
"https://docker.anyhub.us.kg",
"https://dockerhub.jobcher.com",
"https://dockerhub.icu",
"https://docker.ckyl.me",
"https://docker.awsl9527.cn"
],
"max-concurrent-downloads": 10,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"data-root": "/var/lib/docker"
}
EOF |
跳过容器的 entrypoint
| 代码块 | ||
|---|---|---|
| ||
docker run -it --entrypoint /bin/bash [docker_image] |
通过容器还原 Dockerfile
| 代码块 |
|---|
docker history --no-trunc $argv | tac | tr -s ' ' | cut -d " " -f 5- | sed 's,^/bin/sh -c #(nop) ,,g' | sed 's,^/bin/sh -c,RUN,g' | sed 's, && ,\n & ,g' | sed 's,\s*[0-9]*[\.]*[0-9]*\s*[kMG]*B\s*$,,g' | head -n -1 alias dive="docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive" dive nginx:latest |
通过 overlay2 查看容器
| 代码块 | ||
|---|---|---|
| ||
cd /var/lib/docker/overlay2/
du -s ./* | sort -rn | more
docker ps -q | xargs docker inspect --format '{{.State.Pid}}, {{.Id}}, {{.Name}}, {{.GraphDriver.Data.WorkDir}}' | \
grep fa97690552f43d57dd4797baaf8168cebbe2ff83400f09787de3cc8a756dd173 |
清理无用的卷和磁盘
| 代码块 | ||
|---|---|---|
| ||
docker volume rm $(docker volume ls -qf dangling=true)
docker rmi $(docker images | grep '^<none>' | awk '{print $3}')
docker images --no-trunc | grep '<none>' | awk '{ print $3 }' | xargs docker rmi
docker system prune
docker volume prune
docker rm $(docker ps -q)
docker rmi $(docker images -q) |
pull 镜像采用代理方式
| 代码块 | ||
|---|---|---|
| ||
vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://dockerpull.com",
"https://swr.cn-south-1.myhuaweicloud.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn",
"https://r9xxm8z8.mirror.aliyuncs.com",
"https://registry.docker-cn.com"
],
"max-concurrent-downloads": 10,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"data-root": "/var/lib/docker",
"proxies": {
"http-proxy": "socks5://192.168.77.209:7890",
"https-proxy": "socks5://192.168.77.209:7890"
}
} |
容器镜像服务
| 代码块 | ||
|---|---|---|
| ||
vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"registry-mirrors": [
"https://docker.1panel.live",
"https://docker.1ms.run",
"https://hub.uuuadc.top",
"https://docker.mirrors.ustc.edu.cn/",
"docker.mybacc.com",
"https://a.ussh.net"
],
"max-concurrent-downloads": 10,
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"data-root": "/data/docker"
}
systemctl restart docker |
| 信息 | ||
|---|---|---|
| ||
截至 2025年4月可用 |
按照 CPU 使用率列出容器
| 代码块 | ||
|---|---|---|
| ||
docker stats --no-stream --format "table {{.Container}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}" | (read -r; printf "%s\n" "$REPLY"; sort -k3 -hr) |
查看使用的全部端口
| 代码块 | ||
|---|---|---|
| ||
netstat -lnptu | awk 'NR>2{print $4}' | grep -E '(0.0.0.0:|:::)' | sed 's/.*://' | sort -n | uniq |
获取容器运行所需的命令行
| 代码块 |
|---|
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike YOUR-CONTAINER |
源码安装 qemu 组件
| 代码块 | ||
|---|---|---|
| ||
tdnf install -y wget tar ninja-build glib-devel pixman pixman-devel libgcrypt libgcrypt-devel build-essential git tdnf install libaio-devel libcap-ng-devel capstone-devel gtk3-devel ncurses-devel libseccomp-devel nettle-devel \ lzo-devel snappy-devel librdmacm-devel libibverbs-devel cyrus-sasl-devel libpng-devel systemtap-sdt-devel bzip2-devel \ curl-devel libssh wget https://download.qemu.org/qemu-8.2.5.tar.xz tar xvf qemu-8.2.5.tar.xz cd qemu-8.2.5/ mkdir build cd build ../configure make install |
参考内容
- 容器镜像的下载和配置:https://www.wangdu.site/course/2109.html
- https://github.com/DaoCloud/public-image-mirror
- https://www.dolingou.com/article/Docker-accelerated-mirror
- https://status.daocloud.io/status/docker
- 自己简易的 docker 镜像加速服务:https://github.com/brighill/registry-mirror
- 南京大学容器镜像服务:https://doc.nju.edu.cn/books/e1654/page/ghcr
- qemu 安装 说明 https://wiki.qemu.org/Hosts/Linux
- 容器代理配置:https://www.fre321.com/docker_proxy_list
- 开源自建容器代理 https://github.com/harrisonwang/docxy/tree/main
| 目录 |
|---|