简介

photon 是 vmware 定制化的容器基础系统,目前版本是5.0。相比其他的宿主机,该系统是基于 CentOS 平台精简定制。下载地址可以访问下面:https://vmware.github.io/photon/docs/installation-guide/downloading-photon/。提供不同版本

SSH 配置

默认情况下 SSH 不支持 root 用户登录,需要修改对应的配置文件

网络配置

和 CentOS 7 所在的文件位置有些区别

cat > /etc/systemd/network/99-static-en.network << EOF
[Match]
Name=eth0

[Network]
Address=192.168.113.114/24
Gateway=192.168.113.1
DNS=119.29.29.29
EOF

chmod 644  99-static-en.network
systemctl restart systemd-networkd

系统更新

tdnf -y update

防火墙

/etc/systemd/scripts/ip4save
systemctl restart iptables

调整时间

ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime 
tdnf install ntp
ntpdate 2.cn.pool.ntp.org 
ntpdate 210.72.145.44

安装 docker-compose

tdnf install docker-compose 
tdnf install python3-pip 
pip3 install --root-user-action=ignore docker-compose 
ln -sv /usr/bin/docker-compose /usr/local/bin/docker-compose

#cp docker-compose-linux-aarch64 /root/.docker/cli-plugins/

配置 docker compose

新版本的命令从 docker-compose 更改为 docker compose,增加了针对变量文件的支持,如果通过 docker-compose 执行出现“Error response from daemon: invalid reference format”的错误提醒,使用 docker compose 应该就能支持了

DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
mkdir -p $DOCKER_CONFIG/cli-plugins
curl -SL https://github.com/docker/compose/releases/download/v2.29.6/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose

配置跨平台编译组件

tdnf install docker-buildx

安装 pstree

tdnf install psmisc

查看日志

journalctl -b

重置 root 密码

  1. 进入启动界面,选择编辑。在最后的启动命令行中输入 rw init=/bin/bash
  2. 按 F10 重启进入单用户模式
  3. 重启后在命令行输入:mount -o remount,rw /
  4. 输入 passwd 重置密码
  5. umount /
  6. reboot -f

版本升级

photon4.0 升级到 photon5.0

tdnf -y install photon-upgrade 
photon-upgrade.sh --upgrade-os

容器操作相关

调整镜像配置

最新(25)的版本已经不再使用 overlay2

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": [
    "https://swr.cn-south-1.myhuaweicloud.com", 
    "http://hub-mirror.c.163.com", 
    "https://docker.mirrors.ustc.edu.cn", 
    "https://r9xxm8z8.mirror.aliyuncs.com",
    "https://registry.docker-cn.com"
  ],
  "max-concurrent-downloads": 10,
  "log-driver": "json-file",
  "log-level": "warn",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
    },
  "data-root": "/var/lib/docker"
}

清理已退出的容器镜像

docker rm -v $(docker ps -aq -f status=exited)

删除为 none的容器镜像文件

docker rmi  $(docker images -a |grep "none" |awk '{print $3}')

调整容器镜像默认的保存位置

vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
#ExecStart=/usr/bin/dockerd -g /data/lib/docker -H fd:// --containerd=/run/containerd/containerd.sock
#/data/lib/docker 为新定义的位置

telnet 端口

curl -v telnet://127.0.0.1:22

图形化容器管理

docker pull portainer/portainer-ce 
docker run -d -p 8004:9000 --name portainer --restart always  -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce

配置containerd

cat > /usr/lib/systemd/system/containerd.service << EOF
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=infinity
# Comment TasksMax if your systemd version does not supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target
EOF

cat > /usr/lib/systemd/system/docker.service << EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service

[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

TasksMax=infinity
Delegate=yes
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

cat > /usr/lib/systemd/system/docker.socket  << EOF
[Unit]
Description=Docker Socket for the API
PartOf=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
EOF

cat > /etc/docker/daemon.json << EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": [
    "https://hub.uuuadc.top",
    "https://docker.anyhub.us.kg",
    "https://dockerhub.jobcher.com",
    "https://dockerhub.icu",
    "https://docker.ckyl.me",
    "https://docker.awsl9527.cn"
  ],
  "max-concurrent-downloads": 10,
  "log-driver": "json-file",
  "log-level": "warn",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
    },
  "data-root": "/var/lib/docker"
}
EOF

跳过容器的 entrypoint

docker run -it --entrypoint /bin/bash [docker_image]

通过容器还原 Dockerfile

docker history --no-trunc $argv | tac | tr -s ' ' | cut -d " " -f 5- | sed 's,^/bin/sh -c #(nop) ,,g' | sed 's,^/bin/sh -c,RUN,g' | sed 's, && ,\n  & ,g' | sed 's,\s*[0-9]*[\.]*[0-9]*\s*[kMG]*B\s*$,,g' | head -n -1
alias dive="docker run -ti --rm  -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive"
dive nginx:latest

通过 overlay2 查看容器

cd /var/lib/docker/overlay2/
du -s ./* | sort -rn | more
docker ps -q | xargs docker inspect --format '{{.State.Pid}}, {{.Id}}, {{.Name}}, {{.GraphDriver.Data.WorkDir}}' | \
grep fa97690552f43d57dd4797baaf8168cebbe2ff83400f09787de3cc8a756dd173

清理无用的卷和磁盘

docker volume rm $(docker volume ls -qf dangling=true)
docker rmi $(docker images | grep '^<none>' | awk '{print $3}')
docker images --no-trunc | grep '<none>' | awk '{ print $3 }' | xargs docker rmi
docker system prune
docker volume prune
docker rm $(docker ps -q)
docker rmi $(docker images -q)

pull 镜像采用代理方式

vim /etc/docker/daemon.json 

{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "registry-mirrors": [
    "https://dockerpull.com",
    "https://swr.cn-south-1.myhuaweicloud.com",
    "http://hub-mirror.c.163.com",
    "https://docker.mirrors.ustc.edu.cn",
    "https://r9xxm8z8.mirror.aliyuncs.com",
    "https://registry.docker-cn.com"
  ],
  "max-concurrent-downloads": 10,
  "log-driver": "json-file",
  "log-level": "warn",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
    },
  "data-root": "/var/lib/docker",
  "proxies": {
    "http-proxy": "socks5://192.168.77.209:7890",
    "https-proxy": "socks5://192.168.77.209:7890"
  }
}

按照 CPU 使用率列出容器

docker stats --no-stream --format "table {{.Container}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}" | (read -r; printf "%s\n" "$REPLY"; sort -k3 -hr)

查看使用的全部端口

netstat -lnptu | awk 'NR>2{print $4}' | grep -E '(0.0.0.0:|:::)' | sed 's/.*://' | sort -n | uniq

获取容器运行所需的命令行

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike YOUR-CONTAINER

源码安装 qemu 组件

tdnf install -y wget tar ninja-build glib-devel pixman pixman-devel libgcrypt libgcrypt-devel build-essential git
tdnf install libaio-devel libcap-ng-devel  capstone-devel  gtk3-devel   ncurses-devel  libseccomp-devel nettle-devel  \
lzo-devel snappy-devel librdmacm-devel libibverbs-devel cyrus-sasl-devel libpng-devel    systemtap-sdt-devel bzip2-devel \
curl-devel libssh
wget https://download.qemu.org/qemu-8.2.5.tar.xz
tar xvf qemu-8.2.5.tar.xz
cd qemu-8.2.5/
mkdir build
cd build
../configure
make install

参考内容


  • 无标签
写评论...