docker 在centos6 和centos7上的区别

　　这些天研究了下docker，在centos6.6上装了个docker1.7.1，在centos7.6上装了个docker18.09.0

　　两者还是有区别的。

　　1.配置docker国内镜像加速

　　 Docker的1.7.1版本Docker配置文件在/etc/sysconfig/docker下，1.8或者1.10等更高版本在/etc/docker/daemon.json 
　　docker 1.7配置如下　

# /etc/sysconfig/docker
#
# Other arguments to pass to the docker daemon process
# These will be parsed by the sysv initscript and appended
# to the arguments list passed to docker -d

other_args="--registry-mirror=https://yvaq2qqy.mirror.aliyuncs.com"

#OPTIONS='--registry-mirror=https://yvaq2qqy.mirror.aliyuncs.com'

DOCKER_CERT_PATH=/etc/docker

# Resolves: rhbz#1176302 (docker issue #407)
DOCKER_NOWARN_KERNEL_VERSION=1

# Location used for temporary files, such as those created by
# # docker load and build operations. Default is /var/lib/docker/tmp
# # Can be overriden by setting the following environment variable.
# # DOCKER_TMPDIR=/var/tmp

　　之后service docker restart。并查看进程，发现已经改掉。

[root@localhost docker]# ps -ef|grep docker
root      2746     1  0 06:25 pts/0    00:00:00 /usr/bin/docker -d --registry-mirror=https://yvaq2qqy.mirror.aliyuncs.com
root      2790  1665  0 06:25 pts/0    00:00:00 grep docker

　　更高docker版本配置

sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://yvaq2qqy.mirror.aliyuncs.com"] } EOF sudo systemctl daemon-reload sudo systemctl restart docker

　　

　　之后用docker info验证

[root@localhost docker]# docker info
Containers: 2
 Running: 0
 Paused: 0
 Stopped: 2
Images: 2
Server Version: 18.09.0
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-957.1.3.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 991.2MiB
Name: localhost.localdomain
ID: H3P2:25SP:CIQM:G5V5:VWFZ:2ENN:YGO5:JDAA:NSVJ:BEPY:EPZK:J4QE
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Registry Mirrors:　　#这个配置已生效
 https://yvaq2qqy.mirror.aliyuncs.com/
Live Restore Enabled: false
Product License: Community Engine

　　2.CentOS7中关闭firewall，并使用iptables管理防火墙

　　下载完镜像后，启动时候，竟然出现如下错误。

[root@localhost ~]# docker run -d -P training/webapp python app.py
29cd64c0c282439d8fd6883f29d6a3a23cbef00bd0256ffb9e81561562ed0f5b
docker: Error response from daemon: driver failed programming external connectivity on endpoint laughing_austin
 (e1b9e047d2e915fa77730e8d0e1c6c007a6034bcc782a441934b28ee91058256): 
 (COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -A DOCKER -p tcp -d 0/0 --dport 32787 -j DNAT --to-destination 172.17.0.2:5000 ! -i docker0' 
failed: iptables: No chain/target/match by that name.
).

　　经研究下，是防火墙的缘故。

　　在使用Docker时，启用centos7默认的firewall，启动端口映射时，防火墙规则不生效。docker默认使用了iptables防火墙机制。所以需要关闭firewall使用iptables解决。

　　①关闭默认firewall防火墙

systemctl stop firewalld.service 关闭防火墙

systemctl disable firewalld.service 关闭开机启动

　　②开启iptables

yum install iptables （根据centOS7的版本和内核，有些版本已经装过，可以跳过此命令）
yum install iptables-services
service iptables restart
chkconfig iptables on
或者
systemctl enable iptables.service 开机自启 

　　③添加防火墙命令

/sbin/iptables -I INPUT -p tcp --dport  -j ACCEPT   添加防火墙规则
iptables -L -n            查看防火墙的设置情况

　　上述步骤执行完成之后，docker运行该容器就能成功了。