参考博客

CentOS7.5安装docker1.13.1并自动启动
docker下载网站
https://download.docker.com/linux/centos/7/x86_64/stable/Packages/
https://www.jianshu.com/p/feffb24b08b2
https://www.zabbix.com/documentation/3.4/zh/manual/installation/containers

docker操作

保存镜像

docker 存出镜像需要注意的一个问题
正确：docker save <repository>:<tag> -o <repository>.tar
错误：docker save <IMAGE ID> -o <repository>.tar（会导致载入镜像后名字标签都为<none>）
如果docker载入新的镜像后repository和tag名称都为none
通过tag的方法增加名字标签
docker tag <IMAGE ID> <repository>:<tag>

安装zabbix

启动mysql服务

docker run --name mysql-server \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix" \
-e MYSQL_ROOT_PASSWORD="123456" \
-p 3300:3306 \
-v /data/zabbix/mysql:/var/lib/mysql \
-d mysql:5.7

启动zabbix-server-mysql

docker run --name zabbix-server \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix" \
-v /data/zabbix/zabbix-server:/var/lib/zabbix \
-p 10051:10051 \
--link mysql-server:mysql \
-d --privileged  \
zabbix/zabbix-server-mysql:latest   

启动zabbix-web-nginx

docker run --name zabbix-web \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
e MYSQL_PASSWORD="zabbix" \
-e ZBX_HOSTNAME=zabbix-server \
--link mysql-server:mysql \
--link zabbix-server:zabbix-server \
-p 8080:80 \
-d --privileged \
zabbix/zabbix-web-nginx-mysql:latest

启动zabbix-agent

docker run --name zabbix-agent \
-e ZBX_HOSTNAME=zabbix-server \
-p 10050:10050 \
--link zabbix-server:zabbix-server \
-d zabbix/zabbix-agent:latest 

docker run --name zabbix-agent-a \
-e ZBX_HOSTNAME=zabbix-server \
-p 10052:10050 \
--link zabbix-server:zabbix-server \
-d zabbix/zabbix-agent:latest 

配置文件

/etc/zabbix/zabbix_agentd.conf

启动zabbix-proxy

docker run --name zabbix-proxy \
-e MYSQL_DATABASE="zabbix" \
-e MYSQL_USER="zabbix" \
-e MYSQL_PASSWORD="zabbix" \
-e ZBX_HOSTNAME=zabbix-server \
--link mysql-server:mysql \
-d --privileged \
zabbix/zabbix-proxy-mysql:latest

配置文件

/etc/zabbix/zabbix_proxy.conf

oracle

docker run -d --name oracle-server \
-p 1521:1521 \
-p 9999:8080 \
--shm-size=1g \
--restart=always \
-e ORACLE_PWD=XXX \
-v /data/oracle/data:/u01/app/oracle/oradata \
zerda/oracle-database:11.2.0.2-xe

报错解决

1、chown: cannot read directory '/var/lib/mysql/': Permission denied

CentOS7中Docker文件挂载，容器中没有执行权限
//挂载外部数据卷时,无法启动容器,
报
chown: cannot read directory '/var/lib/mysql/': Permission denied
由$ docker logs [name] 查看得知

该原因为centOs7默认开启selinux安全模块,需要临时关闭该安全模块,或者添加目录到白名单
临时关闭selinux：su -c "setenforce 0"
重新开启selinux：su -c "setenforce 1"

添加selinux规则，将要挂载的目录添加到白名单：
示例：chcon -Rt svirt_sandbox_file_t  /data/zabbix/   (可用)

2、启动docker容器时报错：

iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 5000 -j DNAT --to-destination 172.18.0.4:5000 ! -i br-ff45d935188b: iptables: No chain/target/match by that name. (exit status 1)

解决方案：重启docker

3、连不上数据库

＃ Solution 1
/sbin/ip route|awk '/default/ { print $3 }'
docker run --add-host dockerhost:`/sbin/ip route|awk '/default/ { print  $3}'` [my container]
＃ Solution 2
-e "DOCKER_HOST=$(ip -4 addr show docker0 | grep -Po 'inet \K[\d.]+')"

4、WARNING: IPv4 forwarding is disabled. Networking will not work.

# vim  /usr/lib/sysctl.d/00-system.conf
net.ipv4.ip_forward=1

开放端口服务

iptables -A INPUT -p tcp --dport 3300 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 3300 -j ACCEPT

docker.service

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

安装脚本

#!/bin/sh
 
usage(){
  echo "Usage: $0 FILE_NAME_DOCKER_CE_TAR_GZ"
  echo "       $0 docker-17.09.0-ce.tgz"
  echo "Get docker-ce binary from: https://download.docker.com/linux/static/stable/x86_64/"
  echo "eg: wget https://download.docker.com/linux/static/stable/x86_64/docker-17.09.0-ce.tgz"
  echo ""
}
SYSTEMDDIR=/usr/lib/systemd/system
SERVICEFILE=docker.service
DOCKERDIR=/usr/bin
DOCKERBIN=docker
SERVICENAME=docker
 
if [ $# -ne 1 ]; then
  usage
  exit 1
else
  FILETARGZ="$1"
fi
 
if [ ! -f ${FILETARGZ} ]; then
  echo "Docker binary tgz files does not exist, please check it"
  echo "Get docker-ce binary from: https://download.docker.com/linux/static/stable/x86_64/"
  echo "eg: wget https://download.docker.com/linux/static/stable/x86_64/docker-17.09.0-ce.tgz"
  exit 1
fi
 
echo "##unzip : tar xvpf ${FILETARGZ}"
tar xvpf ${FILETARGZ}
echo
 
echo "##binary : ${DOCKERBIN} copy to ${DOCKERDIR}"
cp -p ${DOCKERBIN}/* ${DOCKERDIR} >/dev/null 2>&1
which ${DOCKERBIN}
 
echo "##systemd service: ${SERVICEFILE}"
echo "##docker.service: create docker systemd file"
cat >${SYSTEMDDIR}/${SERVICEFILE} <<EOF
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
[Service]
Type=notify
EnvironmentFile=-/run/flannel/docker
WorkingDirectory=/usr/local/bin
ExecStart=/usr/bin/dockerd \
                -H tcp://0.0.0.0:4243 \
                -H unix:///var/run/docker.sock \
                --selinux-enabled=false \
                --log-opt max-size=1g
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
 
echo ""
 
systemctl daemon-reload
echo "##Service status: ${SERVICENAME}"
systemctl status ${SERVICENAME}
echo "##Service restart: ${SERVICENAME}"
systemctl restart ${SERVICENAME}
echo "##Service status: ${SERVICENAME}"
systemctl status ${SERVICENAME}
 
echo "##Service enabled: ${SERVICENAME}"
systemctl enable ${SERVICENAME}
cat >/etc/docker/daemon.json <<EOF
{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF
# swapoff -a
# iptables -P FORWARD ACCEPT
# sysctl --system
systemctl daemon-reload
systemctl restart docker.service
 
echo "## docker version"
docker version
docker run hello-world