docker 操作 remote API 的 socket 和 tcp 方式

【摘要】docker 除了可以使用在本机使用 docker 命令来进行各种操作外,还可以使用访问 remote docker api 的方式,如果有多台docker宿主的话就方便进行统一集中管理,下面我们一块体验一下。

docker api
docker

(1)使用socket方式访问 docker api
默认docker启动是socket方式(Debian)下,可以以socket方式来访问docker API。
命令行方式:

$ docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ubuntu              latest              e4415b714b62        11 days ago         128.1 MB

API方式:

$ curl --unix-socket /var/run/docker.sock http://localhost/images/json | python -m json.tool
[
    {
        "Created": 1479329906,
        "Id": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7",
        "Labels": {},
        "ParentId": "",
        "RepoDigests": [
            "ubuntu@sha256:35bc48a1ca97c3971611dc4662d08d131869daa692acb281c7e9e052924e38b1"
        ],
        "RepoTags": [
            "ubuntu:latest"
        ],
        "Size": 128115414,
        "VirtualSize": 128115414
    }
]

再来两组例子:

$ docker ps --all
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS               NAMES
9c2e6ebab75b        ubuntu              "/bin/bash"              36 minutes ago      Up 34 minutes                                   fervent_euler
30ad267e904c        ubuntu              "/bin/echo 'Hello wor"   37 minutes ago      Exited (0) 34 minutes ago                       gloomy_kalam

$ curl --unix-socket /var/run/docker.sock http://localhost/containers/json?all=1 | python -m json.tool
[
    {
        "Command": "/bin/bash",
        "Created": 1480323914,
        "HostConfig": {
            "NetworkMode": "default"
        },
        "Id": "9c2e6ebab75b791df4fdd978a507340e8068b655f0285b2a74a9d0e33bede811",
        "Image": "ubuntu",
        "ImageID": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7",
        "Labels": {},
        "Mounts": [],
        "Names": [
            "/fervent_euler"
        ],
        "NetworkSettings": {
            "Networks": {
                "bridge": {
                    "Aliases": null,
                    "EndpointID": "5cff60a96ba0bb6505db3138d80c7d0daf5334054b50a074d8f8ce451d93bd18",
                    "Gateway": "172.17.0.1",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "IPAMConfig": null,
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "Links": null,
                    "MacAddress": "02:42:ac:11:00:02",
                    "NetworkID": "da0febf987e7bd348949ca50b4d1c1e1fdd1965e5bf4dd31f90fbc1ed0e7f748"
                }
            }
        },
        "Ports": [],
        "State": "running",
        "Status": "Up 34 minutes"
    },
    {
        "Command": "/bin/echo 'Hello world'",
        "Created": 1480323861,
        "HostConfig": {
            "NetworkMode": "default"
        },
        "Id": "30ad267e904c9e5650be5606ccdccc124179124c31ff2f3f2d9689cbd1be1c54",
        "Image": "ubuntu",
        "ImageID": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7",
        "Labels": {},
        "Mounts": [],
        "Names": [
            "/gloomy_kalam"
        ],
        "NetworkSettings": {
            "Networks": {
                "bridge": {
                    "Aliases": null,
                    "EndpointID": "",
                    "Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "IPAMConfig": null,
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "Links": null,
                    "MacAddress": "",
                    "NetworkID": "da0febf987e7bd348949ca50b4d1c1e1fdd1965e5bf4dd31f90fbc1ed0e7f748"
                }
            }
        },
        "Ports": [],
        "State": "exited",
        "Status": "Exited (0) 34 minutes ago"
    }
]

$ docker info
Containers: 2
 Running: 1
 Paused: 0
 Stopped: 1
Images: 1
Server Version: 1.12.3
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 9
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge null host overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options:
Kernel Version: 3.16.0-4-amd64
Operating System: Debian GNU/Linux stretch/sid
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.871 GiB
Name: debian
ID: ATFR:PAOT:FFFY:TX76:JVLS:DGE6:LQS5:SMSJ:LNMT:LAEM:J263:MD7I
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Insecure Registries:
 127.0.0.0/8


$ curl --unix-socket /var/run/docker.sock http://localhost/info | python -m json.tool
{
    "Architecture": "x86_64",
    "BridgeNfIp6tables": true,
    "BridgeNfIptables": true,
    "CPUSet": true,
    "CPUShares": true,
    "CgroupDriver": "cgroupfs",
    "ClusterAdvertise": "",
    "ClusterStore": "",
    "Containers": 2,
    "ContainersPaused": 0,
    "ContainersRunning": 1,
    "ContainersStopped": 1,
    "CpuCfsPeriod": false,
    "CpuCfsQuota": false,
    "Debug": false,
    "DefaultRuntime": "runc",
    "DockerRootDir": "/var/lib/docker",
    "Driver": "aufs",
    "DriverStatus": [
        [
            "Root Dir",
            "/var/lib/docker/aufs"
        ],
        [
            "Backing Filesystem",
            "extfs"
        ],
        [
            "Dirs",
            "9"
        ],
        [
            "Dirperm1 Supported",
            "true"
        ]
    ],
    "ExecutionDriver": "",
    "ExperimentalBuild": false,
    "HttpProxy": "",
    "HttpsProxy": "",
    "ID": "ATFR:PAOT:FFFY:TX76:JVLS:DGE6:LQS5:SMSJ:LNMT:LAEM:J263:MD7I",
    "IPv4Forwarding": true,
    "Images": 1,
    "IndexServerAddress": "https://index.docker.io/v1/",
    "KernelMemory": false,
    "KernelVersion": "3.16.0-4-amd64",
    "Labels": null,
    "LiveRestoreEnabled": false,
    "LoggingDriver": "json-file",
    "MemTotal": 4156346368,
    "MemoryLimit": false,
    "NCPU": 2,
    "NEventsListener": 0,
    "NFd": 21,
    "NGoroutines": 29,
    "Name": "debian",
    "NoProxy": "",
    "OSType": "linux",
    "OomKillDisable": false,
    "OperatingSystem": "Debian GNU/Linux stretch/sid",
    "Plugins": {
        "Authorization": null,
        "Network": [
            "bridge",
            "null",
            "host",
            "overlay"
        ],
        "Volume": [
            "local"
        ]
    },
    "RegistryConfig": {
        "IndexConfigs": {
            "docker.io": {
                "Mirrors": null,
                "Name": "docker.io",
                "Official": true,
                "Secure": true
            }
        },
        "InsecureRegistryCIDRs": [
            "127.0.0.0/8"
        ],
        "Mirrors": null
    },
    "Runtimes": {
        "runc": {
            "path": "docker-runc"
        }
    },
    "SecurityOptions": null,
    "ServerVersion": "1.12.3",
    "SwapLimit": false,
    "Swarm": {
        "Cluster": {
            "CreatedAt": "0001-01-01T00:00:00Z",
            "ID": "",
            "Spec": {
                "CAConfig": {},
                "Dispatcher": {},
                "Orchestration": {},
                "Raft": {},
                "TaskDefaults": {}
            },
            "UpdatedAt": "0001-01-01T00:00:00Z",
            "Version": {}
        },
        "ControlAvailable": false,
        "Error": "",
        "LocalNodeState": "inactive",
        "Managers": 0,
        "NodeAddr": "",
        "NodeID": "",
        "Nodes": 0,
        "RemoteManagers": null
    },
    "SystemStatus": null,
    "SystemTime": "2016-11-28T17:48:08.022062393+08:00"
}

(2)使用tcp方式访问 docker api

$ curl http://10.0.0.71:2376/images/json
[
    {
        "Created": 1479329906,
        "Id": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7",
        "Labels": {},
        "ParentId": "",
        "RepoDigests": [
            "ubuntu@sha256:35bc48a1ca97c3971611dc4662d08d131869daa692acb281c7e9e052924e38b1"
        ],
        "RepoTags": [
            "ubuntu:latest"
        ],
        "Size": 128115414,
        "VirtualSize": 128115414
    }
]

$ curl http://10.0.0.71:2376/containers/json?all=1 | python -m json.tool
[
    {
        "Command": "/bin/bash",
        "Created": 1480323914,
        "HostConfig": {
            "NetworkMode": "default"
        },
        "Id": "9c2e6ebab75b791df4fdd978a507340e8068b655f0285b2a74a9d0e33bede811",
        "Image": "ubuntu",
        "ImageID": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7",
        "Labels": {},
        "Mounts": [],
        "Names": [
            "/fervent_euler"
        ],
        "NetworkSettings": {
            "Networks": {
                "bridge": {
                    "Aliases": null,
                    "EndpointID": "5cff60a96ba0bb6505db3138d80c7d0daf5334054b50a074d8f8ce451d93bd18",
                    "Gateway": "172.17.0.1",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "IPAMConfig": null,
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "Links": null,
                    "MacAddress": "02:42:ac:11:00:02",
                    "NetworkID": "da0febf987e7bd348949ca50b4d1c1e1fdd1965e5bf4dd31f90fbc1ed0e7f748"
                }
            }
        },
        "Ports": [],
        "State": "running",
        "Status": "Up 36 minutes"
    },
    {
        "Command": "/bin/echo 'Hello world'",
        "Created": 1480323861,
        "HostConfig": {
            "NetworkMode": "default"
        },
        "Id": "30ad267e904c9e5650be5606ccdccc124179124c31ff2f3f2d9689cbd1be1c54",
        "Image": "ubuntu",
        "ImageID": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7",
        "Labels": {},
        "Mounts": [],
        "Names": [
            "/gloomy_kalam"
        ],
        "NetworkSettings": {
            "Networks": {
                "bridge": {
                    "Aliases": null,
                    "EndpointID": "",
                    "Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "IPAMConfig": null,
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "Links": null,
                    "MacAddress": "",
                    "NetworkID": "da0febf987e7bd348949ca50b4d1c1e1fdd1965e5bf4dd31f90fbc1ed0e7f748"
                }
            }
        },
        "Ports": [],
        "State": "exited",
        "Status": "Exited (0) 36 minutes ago"
    }
]

*** 接下来是介绍的重点,Debian下如何通过修改docker启动方式,增加对tcp的监听!(CentOS下的修改方式略有不同)

编辑:
/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd://

改成:
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock
#0.0.0.0为全部网卡,也可以只监听内网

执行
systemctl daemon-reload

然后重启启动docker
/etc/init.d/docker restart

很简单吧,这样就可以从远程以API调用的方式对 docker api 进行操作,比如查询dokcer状态,创建、启动docker容器等等。
docker API其他的访问方式请参考docker官方文档.