我要评论1、下载openeuler,在虚拟机上安装openeuler
2、查看openeuler和安装docker
--openeuler查看版本号
[qyq@openeuler ~]$ cat /etc/openeuler-release
openeuler release 22.03 (lts-sp1)
[qyq@openeuler ~]$
[qyq@openeuler ~]$ cat /etc/os-release
name="openeuler"
version="22.03 (lts-sp1)"
id="openeuler"
version_id="22.03"
pretty_name="openeuler 22.03 (lts-sp1)"
ansi_color="0;31"
[qyq@openeuler ~]$
[qyq@openeuler ~]$ uname -a
linux openeuler 5.10.0-136.12.0.86.oe2203sp1.x86_64 #1 smp tue dec 27 17:50:15 cst 2022 x86_64 x86_64 x86_64 gnu/linux
[qyq@openeuler ~]$
--openeuler查看yum源配置
[qyq@openeuler ~]$ cat /etc/yum.repos.d/openeuler.repo |grep -v ^#|head -10
[os]
name=os
baseurl=http://repo.openeuler.org/openeuler-22.03-lts-sp1/os/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://repo.openeuler.org/openeuler-22.03-lts-sp1/os/$basearch/rpm-gpg-key-openeuler
[everything]
name=everything
[qyq@openeuler ~]$
--openeuler安装docker引擎
[qyq@openeuler ~]$ sudo yum install -y docker
[sudo] qyq 的密码:
last metadata expiration check: 1:00:39 ago on 2023年01月12日 星期四 12时57分47秒.
package docker-engine-2:18.09.0-316.oe2203sp1.x86_64 is already installed.
dependencies resolved.
nothing to do.
complete!
[qyq@openeuler ~]$ rpm -qa|grep docker
docker-engine-18.09.0-316.oe2203sp1.x86_64
[qyq@openeuler ~]$
3、openeuler 系统的docker服务启停
--查看docker 服务的状态,依然是用systemctl
[qyq@openeuler ~]$ sudo systemctl status docker
● docker.service - docker application container engine
loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
active: active (running) since thu 2023-01-12 13:53:58 cst; 15min ago
docs: https://docs.docker.com
main pid: 8922 (dockerd)
tasks: 20 (limit: 8939)
memory: 274.2m
cgroup: /system.slice/docker.service
├─ 8922 /usr/bin/dockerd --live-restore
└─ 8928 containerd --config /var/run/docker/containerd/containerd.toml --log-level info
1月 12 13:53:58 openeuler dockerd[8922]: time="2023-01-12t13:53:58.008046817+08:00" level=info msg="setup ip tables begin"
1月 12 13:53:58 openeuler dockerd[8922]: time="2023-01-12t13:53:58.108477150+08:00" level=info msg="setup ip tables end"
1月 12 13:53:58 openeuler dockerd[8922]: time="2023-01-12t13:53:58.178187633+08:00" level=info msg="loading containers: done."
1月 12 13:53:58 openeuler dockerd[8922]: time="2023-01-12t13:53:58.281023046+08:00" level=info msg="docker daemon" commit=9b9af2f graphdriver(s)=overlay2 version=18.09.0
1月 12 13:53:58 openeuler dockerd[8922]: time="2023-01-12t13:53:58.281179240+08:00" level=info msg="daemon has completed initialization"
1月 12 13:53:58 openeuler dockerd[8922]: time="2023-01-12t13:53:58.285324277+08:00" level=warning msg="could not register builder git source: failed to find git binary: >
1月 12 13:53:58 openeuler dockerd[8922]: time="2023-01-12t13:53:58.298511265+08:00" level=info msg="api listen on /var/run/docker.sock"
1月 12 13:53:58 openeuler systemd[1]: started docker application container engine.
1月 12 13:54:27 openeuler dockerd[8922]: time="2023-01-12t13:54:27.667907447+08:00" level=info msg="received image create request, name:almalinux:latest repo:"
1月 12 13:54:54 openeuler dockerd[8922]: time="2023-01-12t13:54:54.379484733+08:00" level=info msg="image create request process success, name:almalinux:latest repo:"
[qyq@openeuler ~]$
--查看系统是否随系统启动,也是用systemctl is-enabled
[qyq@openeuler ~]$ sudo systemctl is-enabled docker
enabled
[qyq@openeuler ~]$4、openeuler 防火墙管理
openeuler默认采用firewall-cmd进行管理,iptables默认是禁用状态。
[qyq@openeuler ~]$ sudo systemctl is-enabled firewalld
enabled
[qyq@openeuler ~]$ sudo systemctl is-enabled iptables
disabled
[qyq@openeuler ~]$
[qyq@openeuler ~]$ sudo systemctl status iptables
○ iptables.service - ipv4 firewall with iptables
loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
active: inactive (dead)
[qyq@openeuler ~]$
[qyq@openeuler ~]$ sudo systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
active: active (running) since thu 2023-01-12 12:18:12 cst; 2h 23min ago
docs: man:firewalld(1)
main pid: 779 (firewalld)
tasks: 2 (limit: 8939)
memory: 38.1m
cgroup: /system.slice/firewalld.service
└─ 779 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
1月 12 13:53:57 openeuler firewalld[779]: warning: command_failed: '/usr/sbin/iptables -w10 -t nat -x docker' failed: iptables: no chain/target/match by that name.
1月 12 13:53:57 openeuler firewalld[779]: warning: command_failed: '/usr/sbin/iptables -w10 -t filter -f docker' failed: iptables: no chain/target/match by that name.
1月 12 13:53:57 openeuler firewalld[779]: warning: command_failed: '/usr/sbin/iptables -w10 -t filter -x docker' failed: iptables: no chain/target/match by that name.
1月 12 13:53:57 openeuler firewalld[779]: warning: command_failed: '/usr/sbin/iptables -w10 -t filter -f docker-isolation-stage-1' failed: iptables: no chain/target/matc>
1月 12 13:53:57 openeuler firewalld[779]: warning: command_failed: '/usr/sbin/iptables -w10 -t filter -x docker-isolation-stage-1' failed: iptables: no chain/target/matc>
1月 12 13:53:57 openeuler firewalld[779]: warning: command_failed: '/usr/sbin/iptables -w10 -t filter -f docker-isolation-stage-2' failed: iptables: no chain/target/matc>
1月 12 13:53:57 openeuler firewalld[779]: warning: command_failed: '/usr/sbin/iptables -w10 -t filter -x docker-isolation-stage-2' failed: iptables: no chain/target/matc>
1月 12 13:53:57 openeuler firewalld[779]: warning: command_failed: '/usr/sbin/iptables -w10 -t filter -f docker-isolation' failed: iptables: no chain/target/match by tha>
1月 12 13:53:57 openeuler firewalld[779]: warning: command_failed: '/usr/sbin/iptables -w10 -t filter -x docker-isolation' failed: iptables: no chain/target/match by tha>
1月 12 13:53:58 openeuler firewalld[779]: warning: command_failed: '/usr/sbin/iptables -w10 -d forward -i docker0 -o docker0 -j drop' failed: iptables: bad rule (does a >
[qyq@openeuler ~]$
[qyq@openeuler ~]$ sudo yum install firewalld
last metadata expiration check: 1:38:46 ago on 2023年01月12日 星期四 12时57分47秒.
package firewalld-1.0.2-5.oe2203sp1.noarch is already installed.
dependencies resolved.
nothing to do.
complete!
[qyq@openeuler ~]$ sudo rpm -qa|grep firewalld
firewalld-1.0.2-5.oe2203sp1.noarch
[qyq@openeuler ~]$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client mdns ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[qyq@openeuler ~]$ sudo iptables -l
chain input (policy accept)
target prot opt source destination
chain forward (policy drop)
target prot opt source destination
docker-user all -- anywhere anywhere
docker-isolation-stage-1 all -- anywhere anywhere
accept all -- anywhere anywhere ctstate related,established
docker all -- anywhere anywhere
accept all -- anywhere anywhere
accept all -- anywhere anywhere
chain output (policy accept)
target prot opt source destination
chain docker (1 references)
target prot opt source destination
chain docker-isolation-stage-1 (1 references)
target prot opt source destination
docker-isolation-stage-2 all -- anywhere anywhere
return all -- anywhere anywhere
chain docker-isolation-stage-2 (1 references)
target prot opt source destination
drop all -- anywhere anywhere
return all -- anywhere anywhere
chain docker-user (1 references)
target prot opt source destination
return all -- anywhere anywhere
[qyq@openeuler ~]$
发表评论