【摘要】docker 除了可以使用在本机使用 docker 命令来进行各种操作外,还可以使用访问 remote docker api 的方式,如果有多台docker宿主的话就方便进行统一集中管理,下面我们一块体验一下。
(1)使用socket方式访问 docker api
默认docker启动是socket方式(Debian)下,可以以socket方式来访问docker API。
命令行方式:
$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE ubuntu latest e4415b714b62 11 days ago 128.1 MB
API方式:
$ curl --unix-socket /var/run/docker.sock http://localhost/images/json | python -m json.tool [ { "Created": 1479329906, "Id": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7", "Labels": {}, "ParentId": "", "RepoDigests": [ "ubuntu@sha256:35bc48a1ca97c3971611dc4662d08d131869daa692acb281c7e9e052924e38b1" ], "RepoTags": [ "ubuntu:latest" ], "Size": 128115414, "VirtualSize": 128115414 } ]
再来两组例子:
$ docker ps --all CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9c2e6ebab75b ubuntu "/bin/bash" 36 minutes ago Up 34 minutes fervent_euler 30ad267e904c ubuntu "/bin/echo 'Hello wor" 37 minutes ago Exited (0) 34 minutes ago gloomy_kalam $ curl --unix-socket /var/run/docker.sock http://localhost/containers/json?all=1 | python -m json.tool [ { "Command": "/bin/bash", "Created": 1480323914, "HostConfig": { "NetworkMode": "default" }, "Id": "9c2e6ebab75b791df4fdd978a507340e8068b655f0285b2a74a9d0e33bede811", "Image": "ubuntu", "ImageID": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7", "Labels": {}, "Mounts": [], "Names": [ "/fervent_euler" ], "NetworkSettings": { "Networks": { "bridge": { "Aliases": null, "EndpointID": "5cff60a96ba0bb6505db3138d80c7d0daf5334054b50a074d8f8ce451d93bd18", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAMConfig": null, "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "Links": null, "MacAddress": "02:42:ac:11:00:02", "NetworkID": "da0febf987e7bd348949ca50b4d1c1e1fdd1965e5bf4dd31f90fbc1ed0e7f748" } } }, "Ports": [], "State": "running", "Status": "Up 34 minutes" }, { "Command": "/bin/echo 'Hello world'", "Created": 1480323861, "HostConfig": { "NetworkMode": "default" }, "Id": "30ad267e904c9e5650be5606ccdccc124179124c31ff2f3f2d9689cbd1be1c54", "Image": "ubuntu", "ImageID": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7", "Labels": {}, "Mounts": [], "Names": [ "/gloomy_kalam" ], "NetworkSettings": { "Networks": { "bridge": { "Aliases": null, "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAMConfig": null, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "Links": null, "MacAddress": "", "NetworkID": "da0febf987e7bd348949ca50b4d1c1e1fdd1965e5bf4dd31f90fbc1ed0e7f748" } } }, "Ports": [], "State": "exited", "Status": "Exited (0) 34 minutes ago" } ] $ docker info Containers: 2 Running: 1 Paused: 0 Stopped: 1 Images: 1 Server Version: 1.12.3 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Backing Filesystem: extfs Dirs: 9 Dirperm1 Supported: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge null host overlay Swarm: inactive Runtimes: runc Default Runtime: runc Security Options: Kernel Version: 3.16.0-4-amd64 Operating System: Debian GNU/Linux stretch/sid OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 3.871 GiB Name: debian ID: ATFR:PAOT:FFFY:TX76:JVLS:DGE6:LQS5:SMSJ:LNMT:LAEM:J263:MD7I Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Insecure Registries: 127.0.0.0/8 $ curl --unix-socket /var/run/docker.sock http://localhost/info | python -m json.tool { "Architecture": "x86_64", "BridgeNfIp6tables": true, "BridgeNfIptables": true, "CPUSet": true, "CPUShares": true, "CgroupDriver": "cgroupfs", "ClusterAdvertise": "", "ClusterStore": "", "Containers": 2, "ContainersPaused": 0, "ContainersRunning": 1, "ContainersStopped": 1, "CpuCfsPeriod": false, "CpuCfsQuota": false, "Debug": false, "DefaultRuntime": "runc", "DockerRootDir": "/var/lib/docker", "Driver": "aufs", "DriverStatus": [ [ "Root Dir", "/var/lib/docker/aufs" ], [ "Backing Filesystem", "extfs" ], [ "Dirs", "9" ], [ "Dirperm1 Supported", "true" ] ], "ExecutionDriver": "", "ExperimentalBuild": false, "HttpProxy": "", "HttpsProxy": "", "ID": "ATFR:PAOT:FFFY:TX76:JVLS:DGE6:LQS5:SMSJ:LNMT:LAEM:J263:MD7I", "IPv4Forwarding": true, "Images": 1, "IndexServerAddress": "https://index.docker.io/v1/", "KernelMemory": false, "KernelVersion": "3.16.0-4-amd64", "Labels": null, "LiveRestoreEnabled": false, "LoggingDriver": "json-file", "MemTotal": 4156346368, "MemoryLimit": false, "NCPU": 2, "NEventsListener": 0, "NFd": 21, "NGoroutines": 29, "Name": "debian", "NoProxy": "", "OSType": "linux", "OomKillDisable": false, "OperatingSystem": "Debian GNU/Linux stretch/sid", "Plugins": { "Authorization": null, "Network": [ "bridge", "null", "host", "overlay" ], "Volume": [ "local" ] }, "RegistryConfig": { "IndexConfigs": { "docker.io": { "Mirrors": null, "Name": "docker.io", "Official": true, "Secure": true } }, "InsecureRegistryCIDRs": [ "127.0.0.0/8" ], "Mirrors": null }, "Runtimes": { "runc": { "path": "docker-runc" } }, "SecurityOptions": null, "ServerVersion": "1.12.3", "SwapLimit": false, "Swarm": { "Cluster": { "CreatedAt": "0001-01-01T00:00:00Z", "ID": "", "Spec": { "CAConfig": {}, "Dispatcher": {}, "Orchestration": {}, "Raft": {}, "TaskDefaults": {} }, "UpdatedAt": "0001-01-01T00:00:00Z", "Version": {} }, "ControlAvailable": false, "Error": "", "LocalNodeState": "inactive", "Managers": 0, "NodeAddr": "", "NodeID": "", "Nodes": 0, "RemoteManagers": null }, "SystemStatus": null, "SystemTime": "2016-11-28T17:48:08.022062393+08:00" }
(2)使用tcp方式访问 docker api
$ curl http://10.0.0.71:2376/images/json [ { "Created": 1479329906, "Id": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7", "Labels": {}, "ParentId": "", "RepoDigests": [ "ubuntu@sha256:35bc48a1ca97c3971611dc4662d08d131869daa692acb281c7e9e052924e38b1" ], "RepoTags": [ "ubuntu:latest" ], "Size": 128115414, "VirtualSize": 128115414 } ] $ curl http://10.0.0.71:2376/containers/json?all=1 | python -m json.tool [ { "Command": "/bin/bash", "Created": 1480323914, "HostConfig": { "NetworkMode": "default" }, "Id": "9c2e6ebab75b791df4fdd978a507340e8068b655f0285b2a74a9d0e33bede811", "Image": "ubuntu", "ImageID": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7", "Labels": {}, "Mounts": [], "Names": [ "/fervent_euler" ], "NetworkSettings": { "Networks": { "bridge": { "Aliases": null, "EndpointID": "5cff60a96ba0bb6505db3138d80c7d0daf5334054b50a074d8f8ce451d93bd18", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAMConfig": null, "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "Links": null, "MacAddress": "02:42:ac:11:00:02", "NetworkID": "da0febf987e7bd348949ca50b4d1c1e1fdd1965e5bf4dd31f90fbc1ed0e7f748" } } }, "Ports": [], "State": "running", "Status": "Up 36 minutes" }, { "Command": "/bin/echo 'Hello world'", "Created": 1480323861, "HostConfig": { "NetworkMode": "default" }, "Id": "30ad267e904c9e5650be5606ccdccc124179124c31ff2f3f2d9689cbd1be1c54", "Image": "ubuntu", "ImageID": "sha256:e4415b714b624040f19f45994b51daed5cbdb00e0eb9a07221ff0bd6bcf55ed7", "Labels": {}, "Mounts": [], "Names": [ "/gloomy_kalam" ], "NetworkSettings": { "Networks": { "bridge": { "Aliases": null, "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAMConfig": null, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "Links": null, "MacAddress": "", "NetworkID": "da0febf987e7bd348949ca50b4d1c1e1fdd1965e5bf4dd31f90fbc1ed0e7f748" } } }, "Ports": [], "State": "exited", "Status": "Exited (0) 36 minutes ago" } ]
*** 接下来是介绍的重点,Debian下如何通过修改docker启动方式,增加对tcp的监听!(CentOS下的修改方式略有不同)
编辑: /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// 改成: ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock #0.0.0.0为全部网卡,也可以只监听内网 执行 systemctl daemon-reload 然后重启启动docker /etc/init.d/docker restart
很简单吧,这样就可以从远程以API调用的方式对 docker api 进行操作,比如查询dokcer状态,创建、启动docker容器等等。
docker API其他的访问方式请参考docker官方文档.