【背景】
有个用户需要在docker容器中再运行一个容器,实现容器嵌套, 研究了下,可以这样来实现。
【方法】
1. 在系统上先安装一个docker服务,我的版本是20.10.17
[root@testkvm ~]# rpm -qa |grep docker
docker-ce-20.10.17-3.el7.x86_64
docker-ce-cli-20.10.17-3.el7.x86_64
docker-scan-plugin-0.17.0-3.el7.x86_64
docker-ce-rootless-extras-20.10.17-3.el7.x86_64
[root@testkvm ~]#
[root@testkvm ~]# docker version
Client: Docker Engine - Community
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:05:12 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:03:33 2022
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@testkvm ~]#
[root@testkvm ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-11-14 04:57:42 CST; 2 days ago
Docs: https://docs.docker.com
Main PID: 954298 (dockerd)
Tasks: 58
Memory: 496.1M
CGroup: /system.slice/docker.service
└─954298 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
11月 14 04:57:42 testkvm dockerd[954298]: time="2024-11-14T04:57:42.624954732+08:00" level=info msg="ccResolverWrapper: sending update to cc>
11月 14 04:57:42 testkvm dockerd[954298]: time="2024-11-14T04:57:42.624970183+08:00" level=info msg="ClientConn switching balancer to \"pick>
11月 14 04:57:42 testkvm dockerd[954298]: time="2024-11-14T04:57:42.641600382+08:00" level=info msg="[graphdriver] using prior storage drive>
11月 14 04:57:42 testkvm dockerd[954298]: time="2024-11-14T04:57:42.646382394+08:00" level=info msg="Loading containers: start."
11月 14 04:57:42 testkvm dockerd[954298]: time="2024-11-14T04:57:42.779878052+08:00" level=info msg="Default bridge (docker0) is assigned wi>
11月 14 04:57:42 testkvm dockerd[954298]: time="2024-11-14T04:57:42.815611267+08:00" level=info msg="Loading containers: done."
11月 14 04:57:42 testkvm dockerd[954298]: time="2024-11-14T04:57:42.828962289+08:00" level=info msg="Docker daemon" commit=a89b842 graphdriv>
11月 14 04:57:42 testkvm dockerd[954298]: time="2024-11-14T04:57:42.829029829+08:00" level=info msg="Daemon has completed initialization"
11月 14 04:57:42 testkvm systemd[1]: Started Docker Application Container Engine.
11月 14 04:57:42 testkvm dockerd[954298]: time="2024-11-14T04:57:42.846595821+08:00" level=info msg="API listen on /run/docker.sock"
[root@testkvm ~]#
2. 上传一个centos-x86镜像,并以特权模式起一个容器
docker load -i centos-x86.tar.gz
docker run -itd --name ttdocker --privileged centos:latest bash
docker ps -a | grep ttdocker
3. 进入容器,并额外开个会话,将docker安装包及nginx.tar镜像拷贝到容器里
docker exec -it -u 0 ttdocker bash
#另外开个会话,通过docker cp命令将安装包拷贝到容器中
docker cp docker/ ttdocker:/root/
4.在容器中安装docker服务,并执行dockerd命令启动docker
注意:在容器中不允许再用systemd方式启动docker.service守护进程,此处用dockerd命令启动
#先装iptables 2个依赖包
rpm -ivh libnfnetlink-1.0.1-4.el7.x86_64.rpm libnetfilter_conntrack-1.0.6-1.el7_3.x86_64.rpm
#再装iptables
rpm -ivh iptables-1.4.21-35.el7.x86_64.rpm --nodeps --force
#最后装docker
rpm -ivh ./* --nodeps --force
#执行dockerd命令,启动docker进程
dockerd
5. 去第二个会话, 再登录一次ttdocker容器, 导入nginx镜像与创建容器
docker exec -it -u 0 ttdocker bash
docker load -i nginx1.tar
docker images
docker run -itd --name testnginx nginx:stable-perl
docker ps -a
6. 检查nginx容器
【总结】
由于容器中不能再用systemd来启动docker守护进程,需有个终端一直用dockerd命令来起进程,较为麻烦,有建议过用户直接起2个docker容器更简单, 单由于其业务特点只能以此种方式启动。 或许真有这种业务场景,需要嵌套使用吧, 此处只提供实现方法,不探讨实现价值。
标签:11,容器,57,testkvm,954298,嵌套,dockerd,docker From: https://blog.csdn.net/weixin_43948680/article/details/143798247