查看容器的网络相关信息
ifconfig #查看容器内的网络
cat /etc/hosts #查看容器内内部IP映射表
cat /etc/resolv.conf #查看容器内dns服务器配置
cat /etc/nsswitch.conf #查看容器名字服务配置
ip addr show #查看容器IP地址
ip route show #查看容器转发信息
netstat -nr #查看容器当前IP转发表详细信息
分类目录归档:docker
docker-compose的样本
修改docker0的网卡IP
# vim /etc/docker/daemon.json
{
"bip":"192.168.55.1/24"
}
version: '3.1'
networks:
default:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
ipam:
driver: default
config:
- subnet: 192.168.56.0/24
services:
mysql:
image: mysql:5.6.40
restart: always
environment:
MYSQL_ROOT_PASSWORD: 123456
# links:
ports:
- "3306:3306"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/mysql/data:/var/lib/mysql
php:
image: wordpress:php7.1-fpm
restart: always
ports:
- "9000:9000"
links:
- mysql:mysql
depends_on:
- mysql
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/wwwroot:/home/wwwroot
- /home/abc/volume/wwwlogs:/home/wwwlogs
# php-fpm运行的用户为www-data,需要将wwwroot的权限为[chmod a+w ]
nginx:
image: nginx
restart: always
ports:
- "80:80"
links:
- mysql
- php
depends_on:
- mysql
- php
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro
- /home/abc/volume/nginx/conf/fastcgi.conf:/etc/nginx/fastcgi.conf:ro
- /home/abc/volume/nginx/conf/vhost:/etc/nginx/vhost:ro
- /home/abc/volume/wwwroot:/home/wwwroot
- /home/abc/volume/wwwlogs:/home/wwwlogs
ftp:
image: stilliard/pure-ftpd
restart: always
ports:
- "21:21"
volumes:
- /opt/vsftp:/home/vsftp
environment:
FTP_USER_NAME: abc
FTP_USER_PASS: abc0.0123
FTP_USER_HOME: /home/vsftp
mongo:
image: mongo:3.2.20
restart: always
ports:
- 27017:27017
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/mongo/data:/data/db
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: 123456
mongo-express:
image: mongo-express
restart: always
links:
- mongo
depends_on:
- mongo
ports:
- "8081:8081"
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: root
ME_CONFIG_MONGODB_ADMINPASSWORD: 123456
#sonar:
# image: sonarqube
# restart: always
# ports:
# - "9001:9000"
# - "9092:9092"
# links:
# - mysql
# depends_on:
# - mysql
# volumes:
# - /home/abc/volume/sonarqube/extensions/plugins:/opt/sonarqube/extensions/plugins
# environment:
# - SONARQUBE_JDBC_USERNAME=root
# - SONARQUBE_JDBC_PASSWORD=123456
# - SONARQUBE_JDBC_URL=jdbc:mysql://mysql:3306/sonar?useUnicode=true&characterEncoding=utf8
禁用selinux的约束
1. 查看SELinux状态
1.1 getenforce
getenforce 命令是单词get(获取)和enforce(执行)连写,可查看selinux状态,与setenforce命令相反。
setenforce 命令则是单词set(设置)和enforce(执行)连写,用于设置selinux防火墙状态,如: setenforce 0用于关闭selinux防火墙,但重启后失效
[root@localhost ~]# getenforce
Enforcing
1.2 /usr/sbin/sestatus
Current mode表示当前selinux防火墙的安全策略
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
SELinux status:selinux防火墙的状态,enabled表示启用selinux防火墙
Current mode: selinux防火墙当前的安全策略,enforcing 表示强
2. 关闭SELinux
2.1 临时关闭
setenforce 0 :用于关闭selinux防火墙,但重启后失效。
[root@localhost ~]# setenforce 0
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
2.1 永久关闭
修改selinux的配置文件,重启后生效。
打开 selinux 配置文件
[root@localhost ~]# vim /etc/selinux/config
修改 selinux 配置文件
将SELINUX=enforcing改为SELINUX=disabled,保存后退出
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted – Targeted processes are protected,
# minimum – Modification of targeted policy. Only selected processes are protected.
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
此时获取当前selinux防火墙的安全策略仍为Enforcing,配置文件并未生效。
[root@localhost ~]# getenforce
Enforcing
重启
[root@localhost ~]# reboot
验证
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: disabled
wordpress的docker配置
1.安装docker环境
yum install docker
2.安装docker-compose,不要直接使用yum的方式安装,因为yum的方式版本较低,且与系统可能存在兼容问题。
curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
3.软件配置
docker-compose.yml文件配置如下:
version: '3.1'
services:
mysql:
image: mysql:5.5.60
restart: always
environment:
MYSQL_ROOT_PASSWORD: abc123
# links:
ports:
- 13306:3306
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /opt/mysql/data:/var/lib/mysql
php:
image: wordpress:php7.1-fpm
restart: always
ports:
- 9000:9000
links:
- mysql:mysql
depends_on:
- mysql
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /opt/wwwroot:/home/wwwroot
- /opt/wwwlogs:/home/wwwlogs
# php-fpm运行的用户为www-data,需要将wwwroot的权限为[chmod a+w ]
nginx:
image: nginx
restart: always
ports:
- 80:80
links:
- mysql
- php
depends_on:
- mysql
- php
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /opt/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro
- /opt/nginx/conf/fastcgi.conf:/etc/nginx/fastcgi.conf:ro
- /opt/nginx/conf/vhost:/etc/nginx/vhost:ro
- /opt/wwwroot:/home/wwwroot
- /opt/wwwlogs:/home/wwwlogs
/opt/nginx/conf/nginx.conf的配置如下:
user root root;
worker_processes auto;
error_log /home/wwwlogs/nginx_error.log crit;
pid /home/wwwlogs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
#limit_conn_zone $binary_remote_addr zone=perip:10m;
##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.
server_tokens off;
access_log off;
include vhost/*.conf;
}
/opt/nginx/conf/vhost/kxtry.com.conf的配置如下,它是放置在nginx.conf同级的vhost目录下。
server
{
listen 80;
server_name kxtry.com www.kxtry.com www.czysheng.com czysheng.com;
index index.html index.htm index.php;
root /home/wwwroot/kxtry.com;
location ~ \.php {
fastcgi_pass php:9000;
fastcgi_index index.php;
include fastcgi.conf;
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?\.php)(/.+)$") {
set $real_script_name $1;
set $path_info $2;
}
fastcgi_param SCRIPT_FILENAME $document_root$real_script_name;
fastcgi_param SCRIPT_NAME $real_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param IS_DEVELOPMENT '1';
#develop and test environment
}
location / {
if (-f $request_filename/index.html){
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php){
rewrite (.*) $1/index.php;
}
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
access_log /home/wwwlogs/kxtry.com.log;
}
与nginx.conf同级的fastcgi.conf文件配置
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=$document_root/:/tmp/:/proc/";
—————————-
无法上传或保存图片的原因是目录权限问题。
原php的用户为www-data,而映射到dock中都是root权限,故需要修改/wwwroot的权限为
chmod a+w kxtry.com -R
或者chown www-data:www-data kxtry.com -R
Prometheus开源监控告警解决方案
Prometheus是由 SoundCloud 开源监控告警解决方案2015 年在 github 上开源以来,已经吸引了 很多大公司的使用.
cAdvisor的单机监控
cAdvisor是谷哥提供的一款单机docker运行监测工具,包括CPU、内存、网络等,缺点是监控的时间段只在几分钟,没有历史查询及持久化的能力,简单查看一下没有问题,如果要用于企业级监控还是使用grafana+elk这类。
简单的测试命令如下,可以直接看到输出log,结束后,仍可以docker start mytest直接启动:
docker run --name mytest -p 8080:8080 -v /var/run:/var/run:rw -v /:/rootfs:ro -v /sys:/sys:ro -v /var/lib/docker/:/var/lib/docker:ro google/cadvisor:latest
-------
也可以使用docker-compose.yml配置来启动,如下:。
version: '3'
services:
cadvisor:
## Image
build: cadvisor
##image: google/cadvisor:v0.27.1
## Base
privileged: false
restart: always
container_name: cadvisor
hostname: ${ACADVISOR_HOSTNAME}
command: -storage_driver=influxdb -storage_driver_db=${ACADVISOR_DB} -storage_driver_host=${INFLUXBD_SERVER_IP}:${INFLUXDB_SERVER_PORT}
## Network
#network_mode: host
#expose:
ports:
- "8080:8080"
#depends_on:
#link:
## Storage
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
## Env
environment:
- SERVICE_IGNORE=true
如果遇到无法启动,则可以直接用以下命令,检查日志输出结果。
docker logs mytest
————————
如果报错如下:
[abc@localhost ~]$ docker logs mytest
I0501 02:01:54.006051 1 storagedriver.go:50] Caching stats in memory for 2m0s
I0501 02:01:54.006344 1 manager.go:151] cAdvisor running in container: "/sys/fs/cgroup/cpuacct,cpu"
I0501 02:01:54.037279 1 fs.go:139] Filesystem UUIDs: map[]
I0501 02:01:54.037305 1 fs.go:140] Filesystem partitions: map[shm:{mountpoint:/dev/shm major:0 minor:79 fsType:tmpfs blockSize:0} tmpfs:{mountpoint:/dev major:0 minor:82 fsType:tmpfs blockSize:0} /dev/mapper/cl-root:{mountpoint:/var/lib/docker major:253 minor:0 fsType:xfs blockSize:0} /dev/sda1:{mountpoint:/rootfs/boot major:8 minor:1 fsType:xfs blockSize:0}]
I0501 02:01:54.039141 1 manager.go:225] Machine: {NumCores:2 CpuFrequency:2807689 MemoryCapacity:3958325248 HugePages:[{PageSize:1048576 NumPages:0} {PageSize:2048 NumPages:0}] MachineID:fef8b2542f22422eaf1adab44a0cd5f2 SystemUUID:F91D4D56-9CDF-2AB7-E229-52E12085A954 BootID:7a90ab7b-3915-4615-ab38-3df3c3824a4e Filesystems:[{Device:overlay DeviceMajor:0 DeviceMinor:78 Capacity:39700664320 Type:vfs Inodes:19394560 HasInodes:true} {Device:tmpfs DeviceMajor:0 DeviceMinor:82 Capacity:1979162624 Type:vfs Inodes:483194 HasInodes:true} {Device:/dev/mapper/cl-root DeviceMajor:253 DeviceMinor:0 Capacity:39700664320 Type:vfs Inodes:19394560 HasInodes:true} {Device:/dev/sda1 DeviceMajor:8 DeviceMinor:1 Capacity:1063256064 Type:vfs Inodes:524288 HasInodes:true} {Device:shm DeviceMajor:0 DeviceMinor:79 Capacity:67108864 Type:vfs Inodes:483194 HasInodes:true}] DiskMap:map[253:0:{Name:dm-0 Major:253 Minor:0 Size:39720058880 Scheduler:none} 253:1:{Name:dm-1 Major:253 Minor:1 Size:2147483648 Scheduler:none} 8:0:{Name:sda Major:8 Minor:0 Size:42949672960 Scheduler:deadline}] NetworkDevices:[{Name:br-00027b44406b MacAddress:02:42:58:af:8f:6a Speed:0 Mtu:1500} {Name:ens33 MacAddress:00:0c:29:85:a9:54 Speed:1000 Mtu:1500}] Topology:[{Id:0 Memory:4294365184 Cores:[{Id:0 Threads:[0] Caches:[]} {Id:1 Threads:[1] Caches:[]}] Caches:[{Size:6291456 Type:Unified Level:3}]}] CloudProvider:Unknown InstanceType:Unknown InstanceID:None}
I0501 02:01:54.040527 1 manager.go:231] Version: {KernelVersion:3.10.0-514.el7.x86_64 ContainerOsVersion:Alpine Linux v3.4 DockerVersion:1.13.1 DockerAPIVersion:1.26 CadvisorVersion:v0.28.3 CadvisorRevision:1e567c2}
I0501 02:01:54.057139 1 factory.go:356] Registering Docker factory
I0501 02:01:56.058709 1 factory.go:54] Registering systemd factory
I0501 02:01:56.060014 1 factory.go:86] Registering Raw factory
I0501 02:01:56.061514 1 manager.go:1178] Started watching for new ooms in manager
W0501 02:01:56.061593 1 manager.go:313] Could not configure a source for OOM detection, disabling OOM events: open /dev/kmsg: no such file or directory
I0501 02:01:56.078795 1 manager.go:329] Starting recovery of all containers
I0501 02:01:56.156028 1 manager.go:334] Recovery completed
F0501 02:01:56.156054 1 cadvisor.go:156] Failed to start container manager: inotify_add_watch /sys/fs/cgroup/cpuacct,cpu: no such file or directory
这是谷歌的新版bug,需要如下解决
mount -o remount,rw '/sys/fs/cgroup'
ln -s /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup/cpuacct,cpu
————————-
附上使用截图
具体至某一容器
环境变量的修改
docker-compose的文件是不支持环境变量的使用,故为了适应在不同环境中配置不同的变量值如IP地址,则需要利用envsubst这个程序。
1.创建一个与环境变量相关的docker模板,命名为base-compose.yml,内容大概如下:。
version: '3'
services:
cadvisor:
## Image
build: cadvisor
##image: google/cadvisor:v0.27.1
## Base
privileged: false
restart: always
container_name: cadvisor
hostname: ${ACADVISOR_HOSTNAME}
command: -storage_driver=influxdb -storage_driver_db=${ACADVISOR_DB} -storage_driver_host=${INFLUXBD_SERVER_IP}:${INFLUXDB_SERVER_PORT}
## Network
#network_mode: host
#expose:
ports:
- "9090:8080"
#depends_on:
#link:
## Storage
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
## Env
environment:
- SERVICE_IGNORE=true
2.具体的环境变量如下,文件如下:
#!/bin/bash
export PRIVATE_IP=$(cat /etc/hosts | grep `hostname` |awk '{print $1}')
ret=$(curl https://ipapi.co/json| grep -v org)
ret=`echo $ret | sed 's/ip/public_ip/g'`
IP_INFO=`echo $ret | sed 's/"//g'| sed 's/{//g'| sed 's/}//g'| sed '/^$/g'| sed 's/[[:space:]]//g'`
export PUBLIC_IP=`echo $IP_INFO | awk -F ',' '{print $1}' | awk -F ':' '{print $2}'`
export MONITOR_VOLUME='/home/xxx/volume/monitor'
export KMS_VOLUME='/home/xxx/volume/kms'
export ACADVISOR_HOSTNAME=`hostname`
export ACADVISOR_DB='cadvisor'
export INFLUXBD_SERVER_IP=${PUBLIC_IP}
export INFLUXDB_SERVER_PORT='8086'
export GRAFANA_SERVER_IP=${PUBLIC_IP}
export GRAFANA_SERVER_PORT='13000'
export GRAPHITE_SERVER_IP=${PUBLIC_IP}
export GRAPHITE_SERVER_PORT='12003'
export ESEARCH_SERVER_URL='http://'${PUBLIC_IP}':9200'
3.替换指令
#!/bin/bash
source env.sh
envsubst docker-compose.yml
如何在docker内部建立应用的编译环境
1.随便下载一个ubuntu或centos的镜像,如centos:7.4.1708版本。
2.执行如何命令,一定要加上”-it -d”的交互指令,这两个指令其在后台执行,并默认执行交互动作。
docker run --name lnmp-build -itd -v /home/abc/build/lnmp/lnmp1.4-full:/lnmp1.4-full centos:7.4.1708 /bin/bash
或
docker run --name lnmp-build -itd -v /home/abc/build/lnmp/lnmp1.4-full:/lnmp1.4-full centos:7.4.1708
#必须带上-it -d参数,
#若只有-d参数时,由于centos没有相应的CMD指令,则会主动退出,且下一次即使docker start mytest也只是容器启动后,马上退出。
#若只有-it参数,则会直接进行交互模式,程序退出后,容器结束执行,但可以使用docker start mytest启动,并不会主动退出。
#交互模式下,不需要指定/bin/bash参数,若指定则相应运算该cmd参数。
3.进入交互模式
docker exec -it lnmp-build /bin/bash
或
docker attach lnmp-build
#前者会新创建一个终端,进行交互,后者会使用现有的终端进行交互。
普通用户直接使用docker命令
sudo groupadd docker
sudo usermod -aG dockerroot abc
sudo usermod -aG docker abc
cat /etc/group #检查是否生效。
sudo systemctl restart docker,重启docker镜像
如果提示权限不够,如下:
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json: dial unix /var/run/docker.sock: connect: permission denied
则修改/var/run/docker.sock权限.
sudo chmod a+rw /var/run/docker.sock
docker logs –follow –tail 10
docker启动失败解决
在使用systemctl start docker启动失败时,使用systemctl status docker.service其报告如下:
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2018-04-27 02:38:36 EDT; 12s ago
Docs: http://docs.docker.com
Process: 2356 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 2356 (code=exited, status=1/FAILURE)
Apr 27 02:38:35 localhost.localdomain systemd[1]: Starting Docker Application Container Engine...
Apr 27 02:38:35 localhost.localdomain dockerd-current[2356]: time="2018-04-27T02:38:35.166869440-04:00" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
Apr 27 02:38:35 localhost.localdomain dockerd-current[2356]: time="2018-04-27T02:38:35.171487584-04:00" level=info msg="libcontainerd: new containerd process, pid: 2361"
Apr 27 02:38:36 localhost.localdomain dockerd-current[2356]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel. Either boot into a newer kernel or disable selinux in docker (--selinux-enabled=false)
Apr 27 02:38:36 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Apr 27 02:38:36 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine.
Apr 27 02:38:36 localhost.localdomain systemd[1]: Unit docker.service entered failed state.
Apr 27 02:38:36 localhost.localdomain systemd[1]: docker.service failed.
截图如下:
此处意思是linux的内核中的SELinux不支持 overlay2 graph driver ,解决方法有两个,要么启动一个新内核,要么就在docker里禁用selinux,–selinux-enabled=false,
解决办法如下:
vi /etc/sysconfig/docker
