容器（七）建立 Machine【41】

（二）建立 Machine

​ 对于 Docker Machine 来讲，术语 Machine 就是运行 docker daemon 的主机。“建立 Machine” 指的就是在 host 上安装和部署 docker。先执行 docker-machine ls 查看一下当前的 machine：

root@cuiyongchao:/etc/bash_completion.d# docker-machine ls
NAME   ACTIVE   DRIVER   STATE   URL   SWARM   DOCKER   ERRORS
root@cuiyongchao:/etc/bash_completion.d#

如咱们所料，当前尚未 machine，接下来咱们建立第一个 machine： host1 - 10.0.0.21。

建立 machine 要求可以无密码登陆远程主机，因此须要先经过以下命令将 ssh key 拷贝到 10.0.0.21：

root@cuiyongchao:~# ssh-keygen -t rsa
root@cuiyongchao:~# ll .ssh/
total 16
drwx------  2 root root 4096 Nov  4 01:02 ./
drwx------ 10 root root 4096 Nov  4 00:56 ../
-rw-------  1 root root    0 Oct 19 02:44 authorized_keys
-rw-------  1 root root 1679 Nov  4 01:02 id_rsa
-rw-r--r--  1 root root  398 Nov  4 01:02 id_rsa.pub
root@cuiyongchao:~# ssh-copy-id 10.0.0.21

一切准备就绪，执行 docker-machine create 命令建立 host1：

docker-machine create --driver generic --generic-ip-address=10.0.0.21 host1

由于咱们是往普通的 Linux 中部署 docker，因此使用 generic driver，其余 driver 能够参考文档 https://docs.docker.com/machine/drivers/。

--generic-ip-address 指定目标系统的 IP，并命名为 host1。命令执行过程以下：

root@cuiyongchao:~# docker-machine create --driver generic --generic-ip-address=10.0.0.21 host1
Creating CA: /root/.docker/machine/certs/ca.pem
Creating client certificate: /root/.docker/machine/certs/cert.pem
Running pre-create checks...
Creating machine...
(host1) No SSH key specified. Assuming an existing key at the default location.
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env host1
root@cuiyongchao:~#

① 经过 ssh 登陆到远程主机。
② 安装 docker。
③ 拷贝证书。
④ 配置 docker daemon。
⑤ 启动 docker。

再次执行 docker-machine ls ：

root@cuiyongchao:~# docker-machine ls
NAME    ACTIVE   DRIVER    STATE     URL                    SWARM   DOCKER      ERRORS
host1   -        generic   Running   tcp://10.0.0.21:2376           v19.03.13   
root@cuiyongchao:~#

已经能看到 host1 了。 咱们能够登陆到 host1 查看 docker daemon 的具体配置 /etc/systemd/system/docker.service。

root@cuiyongchao:~# docker-machine ls
NAME    ACTIVE   DRIVER    STATE     URL                    SWARM   DOCKER      ERRORS
host1   -        generic   Running   tcp://10.0.0.21:2376           v19.03.13   
root@cuiyongchao:~#  docker-machine ip host1
10.0.0.21
root@cuiyongchao:~# docker-machine ssh host1
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 4.15.0-122-generic x86_64)

root@host1:~# cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker

ExecStart=/usr/bin/dockerd --insecure-registry 10.0.0.20:5000
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target
root@host1:~# 
root@host1:~# hostname
host1