046、建立Docker Machine（2019-03-11 週一）

參考https://www.cnblogs.com/CloudMan6/p/7237420.html

 

對於Docker Machine來說，屬於 Machine 就是執行docker daemon的主機。建立Machine 指的就是在host上安裝和部署docker，

 

1、建立machine要求 能夠通過ssh沒金鑰登入遠端主機，過程略

 

[root@dm03 ~]# ssh-copy-id -i .ssh/id_rsa.pub 123.58.8.20

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@123.58.8.20's password:

 

Number of key(s) added: 1

 

Now try logging into the machine, with:   "ssh '123.58.8.20'"

and check to make sure that only the key(s) you wanted were added.

 

2、各host配置apt源，包括docker-ce源

 

scp /etc/apt/sources.list 123.58.8.20:/etc/apt/sources.list

 

3、各host修改防火牆，開啟tcp 2376

 

ssh 123.58.8.20 'ufw allow 2376'

 

4、安裝docker

 

[root@dm03 ~]# docker-machine create --driver generic --generic-ip-address 123.58.8.20 host1

Running pre-create checks...

Creating machine...

(host1) No SSH key specified. Assuming an existing key at the default location.    # ssh登入到遠端主機

Waiting for machine to be running, this may take a few minutes...

Detecting operating system of created instance...

Waiting for SSH to be available...

Detecting the provisioner...

Provisioning with ubuntu(systemd)...    # 安裝docker

Installing Docker...

Copying certs to the local machine directory...    # 拷貝證書

Copying certs to the remote machine...

Setting Docker configuration on the remote daemon...    # 配置docker

Checking connection to Docker...    # 啟動docker

Docker is up and running!

To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-machine env host1

 

[root@dm03 ~]# docker-machine ls

NAME    ACTIVE   DRIVER    STATE     URL                      SWARM   DOCKER     ERRORS

host1   -        generic   Running   tcp://123.58.8.20:2376           v18.09.3   

host2   -        generic   Running   tcp://123.58.8.75:2376           v18.09.3   

 

5、如果安裝docker的時候報證書相關錯誤可以執行一下命令進行修復

 

docker-machine regenerate-certs host1

 

 

 

登入到一臺docker host上可以看到主機名已經修改成了host2 ，且docker配置檔案開啟了遠端連線，並啟用了tls安全認證和加密

 

root@host2:~# hostname    

host2

root@host2:~# cat /etc/systemd/system/docker.service.d/10-machine.conf

[Service]

ExecStart=

ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --storage-driver overlay2 --tlsverify --tlscacert /etc/docker/ca.pem --tlscert /etc/docker/server.pem --tlskey /etc/docker/server-key.pem --label provider=generic

Environment=

root@host2:~#