在 docker 容器中使用 docker

本文介绍如何在 docker Ubuntu 容器中安装 docker，从而可以在容器中再创建容器，实现套娃！

1. 启动并进入 docker Ubuntu 容器

root@ubuntu20:~# docker run -itd --name ubuntu --privileged --cap-add=NET_ADMIN  ubuntu:20.04 
350983744ebfbc2d7828ef24256b7b5a7d4ce4dd97e083e173c10f2dca4fa097
root@ubuntu20:~# docker exec -it ubuntu bash
root@350983744ebf:/# 
1
2
3
4

2. 替换软件源

root@350983744ebf:/# sed -i s@/archive.ubuntu.com/@/mirrors.aliyun.com/@g /etc/apt/sources.list
root@350983744ebf:/# sed -i s@/security.ubuntu.com/@/mirrors.aliyun.com/@g /etc/apt/sources.list
root@350983744ebf:/# apt-get update
Get:1 http://mirrors.aliyun.com/ubuntu focal InRelease [265 kB]
Get:2 http://mirrors.aliyun.com/ubuntu focal-updates InRelease [114 kB]
Get:3 http://mirrors.aliyun.com/ubuntu focal-backports InRelease [108 kB]
Get:4 http://mirrors.aliyun.com/ubuntu focal-security InRelease [114 kB]
Get:5 http://mirrors.aliyun.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:6 http://mirrors.aliyun.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:7 http://mirrors.aliyun.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:8 http://mirrors.aliyun.com/ubuntu focal/main amd64 Packages [1275 kB]
Get:9 http://mirrors.aliyun.com/ubuntu focal-updates/universe amd64 Packages [1421 kB]
Get:10 http://mirrors.aliyun.com/ubuntu focal-updates/restricted amd64 Packages [3092 kB]
Get:11 http://mirrors.aliyun.com/ubuntu focal-updates/multiverse amd64 Packages [32.0 kB]
Get:12 http://mirrors.aliyun.com/ubuntu focal-updates/main amd64 Packages [3633 kB]
Get:13 http://mirrors.aliyun.com/ubuntu focal-backports/main amd64 Packages [55.2 kB]
Get:14 http://mirrors.aliyun.com/ubuntu focal-backports/universe amd64 Packages [28.6 kB]
Get:15 http://mirrors.aliyun.com/ubuntu focal-security/universe amd64 Packages [1117 kB]
Get:16 http://mirrors.aliyun.com/ubuntu focal-security/restricted amd64 Packages [2942 kB]
Get:17 http://mirrors.aliyun.com/ubuntu focal-security/main amd64 Packages [3145 kB]
Get:18 http://mirrors.aliyun.com/ubuntu focal-security/multiverse amd64 Packages [29.3 kB]
Fetched 28.9 MB in 3s (8636 kB/s)                             
Reading package lists... Done
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

3. 安装 docker

apt-get install docker.io
1

需要安装400多M的一大堆程序。

4. 启动 docker 服务

因为 docker 容器中，systemctl 程序已经不管用了，所以安装完 docker 后，系统并不会自动启动 docker 服务。需要手动添加服务启动脚本：

apt-get install vim
vi /etc/init.d/docker
1
2

新建 /etc/init.d/docker 文件，内容如下：

#!/bin/sh
set -e

### BEGIN INIT INFO
# Provides:           docker
# Required-Start:     $syslog $remote_fs
# Required-Stop:      $syslog $remote_fs
# Should-Start:       cgroupfs-mount cgroup-lite
# Should-Stop:        cgroupfs-mount cgroup-lite
# Default-Start:      2 3 4 5
# Default-Stop:       0 1 6
# Short-Description:  Create lightweight, portable, self-sufficient containers.
# Description:
#  Docker is an open-source project to easily create lightweight, portable,
#  self-sufficient containers from any application. The same container that a
#  developer builds and tests on a laptop can run at scale, in production, on
#  VMs, bare metal, OpenStack clusters, public clouds and more.

### END INIT INFO

export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin

BASE=docker

# modify these in /etc/default/$BASE (/etc/default/docker)
DOCKERD=/usr/bin/dockerd
# This is the pid file managed by docker itself
DOCKER_PIDFILE=/var/run/$BASE.pid
# This is the pid file created/managed by start-stop-daemon
DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid
DOCKER_LOGFILE=/var/log/$BASE.log
DOCKER_OPTS=
DOCKER_DESC="Docker"

# Get lsb functions
. /lib/lsb/init-functions

if [ -f /etc/default/$BASE ]; then
        . /etc/default/$BASE
fi

# Check docker is present
if [ ! -x $DOCKERD ]; then
        log_failure_msg "$DOCKERD not present or not executable"
        exit 1
fi

fail_unless_root() {
        if [ "$(id -u)" != '0' ]; then
                log_failure_msg "$DOCKER_DESC must be run as root"
                exit 1
        fi
}

case "$1" in
        start)
                fail_unless_root

                touch "$DOCKER_LOGFILE"
                chgrp docker "$DOCKER_LOGFILE"

                ulimit -n 1048576

                # Having non-zero limits causes performance problems due to accounting overhead
                # in the kernel. We recommend using cgroups to do container-local accounting.
                if [ "$BASH" ]; then
                        ulimit -u unlimited
                else
                        ulimit -p unlimited
                fi

                log_begin_msg "Starting $DOCKER_DESC: $BASE"
                start-stop-daemon --start --background \
                        --no-close \
                        --exec "$DOCKERD" \
                        --pidfile "$DOCKER_SSD_PIDFILE" \
                        --make-pidfile \
                        -- \
                        -p "$DOCKER_PIDFILE" \
                        $DOCKER_OPTS \
                        >> "$DOCKER_LOGFILE" 2>&1
                log_end_msg $?
                ;;

        stop)
                fail_unless_root
                if [ -f "$DOCKER_SSD_PIDFILE" ]; then
                        log_begin_msg "Stopping $DOCKER_DESC: $BASE"
                        start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10
                        log_end_msg $?
                else
                        log_warning_msg "Docker already stopped - file $DOCKER_SSD_PIDFILE not found."
                fi
                ;;

        restart)
                fail_unless_root
                docker_pid=$(cat "$DOCKER_SSD_PIDFILE" 2> /dev/null || true)
                [ -n "$docker_pid" ] \
                        && ps -p $docker_pid > /dev/null 2>&1 \
                        && $0 stop
                $0 start
                ;;

        force-reload)
                fail_unless_root
                $0 restart
                ;;

        status)
                status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKERD" "$DOCKER_DESC"
                ;;

        *)
                echo "Usage: service docker {start|stop|restart|status}"
                exit 1
                ;;
esac

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

然后加上可执行权限：

chmod +x /etc/init.d/docker
1

接着就可以启动 docker 服务：

root@350983744ebf:/# service docker start
 * Starting Docker: docker                                                                                                                                     [ OK ] 
root@350983744ebf:/# service docker status
 * Docker is running
root@350983744ebf:/# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES
1
2
3
4
5
6

5. 验证 docker 是否可以正常工作

我们再在容器中启动一个 Ubuntu 容器：

root@350983744ebf:/# docker run -itd --name ubuntu --privileged --cap-add=NET_ADMIN ubuntu:20.04
Unable to find image 'ubuntu:20.04' locally
20.04: Pulling from library/ubuntu
96d54c3075c9: Pull complete 
Digest: sha256:ed4a42283d9943135ed87d4ee34e542f7f5ad9ecf2f244870e23122f703f91c2
Status: Downloaded newer image for ubuntu:20.04
53ec4adbb55196fad5b31cdbf81ec9fe1e8229bb2df7be47b220911cc8bd0a7d

root@350983744ebf:/# docker ps
CONTAINER ID   IMAGE          COMMAND       CREATED         STATUS         PORTS     NAMES
53ec4adbb551   ubuntu:20.04   "/bin/bash"   8 seconds ago   Up 6 seconds             ubuntu
1
2
3
4
5
6
7
8
9
10
11

这就实现了容器的套娃！