Detailed explanation of the process of building docker-ce in CentOS7

# The default installation of CentOS 7.9 has been initializedCPU: 4nuclear * 2
Memory: 16G
Disk: 2Block physical hard disk(sda,sdb) sda: 40GB(Preinstalled minimizationLinux), sdb: 200GB
Swap: 2GB
dockerThe mapping storage directory of the application: /opt/mydocker
# Complete the following configurations laterhostname: 
ip: 10.0.0.210
gateway: 10.0.0.254
dns: 223.5.5.5 114.114.114.114
# swapChange to12G, closureselinux, Openfirewalld

[root@localhost ~]# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                8			#8 logic processorsOn-line CPU(s) list:   0-7
Thread(s) per core:    1
Core(s) per socket:    4			# Number of CPU cores per slotSocket(s):             2			# Number of CPU slots, number of physical CPUs...
[root@localhost ~]# lsmem | grep Total
Total online memory:      16G		#16G memoryTotal offline memory:      0B
[root@localhost ~]# lsscsi 
[0:0:0:0]    disk    VMware   Virtual disk     2.0   /dev/sda 
[0:0:1:0]    disk    VMware   Virtual disk     2.0   /dev/sdb 
[3:0:0:0]    cd/dvd  NECVMWar VMware SATA CD00 1.00  /dev/sr0
[root@localhost ~]# fdisk -l | grep -i 'disk /dev'
Disk /dev/sdb: 214.7 GB, 214748364800 bytes, 419430400 sectors		# sdb: 200GB
Disk /dev/sda: 42.9 GB, 42949672960 bytes, 83886080 sectors			# sda: 40GB
Disk /dev/mapper/centos-root: 39.7 GB, 39720058880 bytes, 77578240 sectors
Disk /dev/mapper/centos-swap: 2147 MB, 2147483648 bytes, 4194304 sectors

### centos configure network connection, sshd, yum package update, ntp time synchronizationvi /etc/sysconfig/network-scripts/ifcfg-ens192
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.0.0.210
PREFIX=24
GATEWAY=10.0.0.254
DNS1=223.5.5.5
DNS2=114.114.114.114
# :xSavesystemctl restart network

vim /etc/ssh/sshd_config
Port 22
PermitRootLogin yes
PasswordAuthentication yes
# :xSavesystemctl restart sshd

hostnamectl set-hostname  --static
su	# Switch root to refresh hostnameyum update -y	# Optional update to all packages# Install some basic packagesyum -y install vim tcpdump lsof zip unzip strace traceroute net-tools bind-utils bridge-utils whois wget ftp nc lrzsz sysstat telnet ntp
yum -y install psmisc bc ntpdate dos2unix tree openldap-devel
yum -y install epel-release	  #epel sourceyum -y install jq		  	  # jsonFormat tool

# Configure ntp time synchronization of HWCLOCK hardware layer[root@localhost ~]# vim /etc/sysconfig/ntpd
# Command line options for ntpd
OPTIONS="-u ntp:ntp -p /var/run/ -g"
SYNC_HWCLOCK=yes
# :xSavesystemctl enable --now ntpd
timedatectl set-timezone Asia/Shanghai
[root@docker01 ~]# timedatectl 
      Local time: Sat 2024-05-01 14:13:37 CST
  Universal time: Sat 2024-05-01 06:13:37 UTC
        RTC time: Sat 2024-05-01 06:13:38
       Time zone: Asia/Shanghai (CST, +0800)	# East 8 time zone     NTP enabled: yes		# ntp enabledNTP synchronized: yes		# ntp is synchronized RTC in local TZ: no
      DST active: n/a

### sdb hard drive configuration lvm### lvdocker logical volume is mounted to /opt/mydockerfdisk /dev/sdb	# Disk operation on /dev/sdbn				# Add a new partitionp				# Create a new primary partition1				# Define number 12048			# Define sector size, default 2048				# Define the capacity size, default 100%FREEt				# Change the system id of the partition8e				# Linux LVM system idw				# Save configurationpartprobe		# Re-identify disklsblk			# View block device informationpvs    						# View the created physical volume information listpvcreate /dev/sdb1    		# Create a new pv physical volumevgcreate vgdocker /dev/sdb1	# Create a new vg volume group to store lvm logical volumesvgs							# View created vg volume grouplvcreate -l 100%FREE -n lvdocker vgdocker		# Create lv logical volume[root@docker01 ~]# lvs
  LV        VG        Attr       LSize    Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  root      centos    -wi-ao----   36.99g                                                    
  swap      centos    -wi-ao----    2.00g                                                    
  lvdocker  vgdocker  -wi-a----- <200.00g
[root@docker01 ~]# mkfs.ext4 /dev/mapper/vgdocker-lvdocker
[root@docker01 ~]# blkid | grep docker
/dev/mapper/vgdocker-lvdocker: UUID="2a2e3964-5b40-42e5-a813-9f3c12e17a13" TYPE="ext4"
vim /etc/fstab			# Add configuration on the last line, mount the lvdocker logical volume to the /opt/mydocker directory, the file system format is ext4#
# /etc/fstab
# Created by anaconda on Wed Jul 12 00:06:09 2023
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=e56d6e40-f244-4d46-b5fb-80365ad2cfc4 /boot                   xfs     defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
UUID=2a2e3964-5b40-42e5-a813-9f3c12e17a13 /opt/mydocker ext4    defaults        0 0
# :xSavemkdir -p /opt/mydocker	# Create a new /opt/mydocker directorymount -a				# Refresh all mount sources[root@docker01 ~]# mount | grep docker
/dev/mapper/vgdocker-lvdocker on /opt/mydocker type ext4 (rw,relatime,seclabel,data=ordered)

### (Optional) Close selinux# setenforce 0
# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
### Optimize the basic configuration of centos, modify the swap memory to 12G (centos virtual machine 16G memory), and the swap memory usage weight is 60swapoff -a
dd if=/dev/zero of=/swap_12g bs=1024 count=12582912
chmod 600 /swap_12g
mkswap /swap_12g
swapon /swap_12g
echo " = 60" >> /etc/
sysctl -p
[root@docker01 ~]# swapon
NAME      TYPE SIZE USED PRIO
/swap_12g file  12G   0B   -2
### Disable ipv6sysctl -a 2>1 | grep disable_ipv6	# Customize the parameter if it is different from the following parameterscat <<EOF > /etc//
net..disable_ipv6 = 1
net..disable_ipv6 = 1
net..disable_ipv6 = 1
EOF
### Optimize file system and network performancecat <<EOF > /etc//
-max = 10000000
.max_user_instances = 8192
.max_user_watches = 524288
EOF
cat <<EOF > /etc//
 = 1024
.netdev_max_backlog = 5000
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65000
net..rp_filter = 0
net..rp_filter = 0
EOF
sysctl -p /etc//*.conf

### The underlying principle of dockerdockerThe life cycle consists of three parts：storehouse（repository）+ Mirror（image）+ container（container）
dockerIt is usedLinuxKernel virtualization technology（LXC），Provides lightweight virtualization，In order to isolate processes and resources。LXCNot a hardware virtualization，ButLinuxKernel level virtualization，Compared with traditional virtual machines，Save a lot of hardware resources。
NameSpace
LXCIt is used内核namespacetechnology，Perform process isolation。inpid, net, ipc, mnt, utswaitnamespaceWill container The process, network, information, File system and hostname Isolation。
Control Group
LXCResources shared by the utilized host，AlthoughnamespaceIsolate，However, resource usage has not been restricted，It needs to be used hereControl Grouptechnology，Limit resource usage，Set priority，资源控制wait。
images: Mirror, Read-only template. Mirror的描述文件是Dockerfile
Dockerfile: Mirror的描述文件
FROM		定义基础Mirror
MAINTAINER	author
RUN			runLinuxOrder
ENV			Environment variables
CMD			run进程
...
container: container, Mirror的run实例, Mirror > container
获取Mirror: docker pull nginx    从Mirrorstorehouse拉取
useMirror创建container, Allocation file system, Mount a read and write layer(Implement data interaction with the host),在读写层加载Mirror
分配network/Bridge interface, 创建一个network接口, 让container和宿主机通信
container获取IPaddress
执行containerOrder, like/bin/bash
use -p Willdockercontainer端口映射到宿主机端口, 实现container的端口通信
use -v Willdockercontainer目录映射到宿主机目录, 实现container的文件系统关联
反馈container启动结果
registry: Mirrorstorehouse(也是一个container)
官方Mirrorstorehouseaddress: /
国内Mirrorstorehouseaddress(阿里云Mirroraddress)：/docker-ce/linux/centos/

### Install docker dependency environment, install docker-ce community version, and configure mirror acceleration# step 1: Install some necessary system toolsyum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: Add software source informationyum-config-manager --add-repo /docker-ce/linux/centos/
sed -i 's//\/docker-ce/g' /etc//
# Step 3: Update and install Docker-CEyum makecache fast
yum -y install docker-ce
# Firewall rules allow network bridges and ipv4 network forwardingcat <<EOF > /etc//
-nf-call-ip6tables = 1
-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
modprobe br_netfilter	# Execute this line of command first to start the bridge filtering function, otherwise an error will be reported /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directorysysctl -p /etc//
# Configuring mirror acceleration Alibaba Cloud Mirror Warehouse, NetEase Mirror Warehouse, and University of Science and Technology Mirror Warehousemkdir -p /etc/docker
vim /etc/docker/
{
    "registry-mirrors":[
	    "",
        "./",
        "/"
    ]
}
systemctl daemon-reload;systemctl enable --now docker
[root@docker ~]# docker version # View docker version, Docker Engine - Community Community EditionClient: Docker Engine - Community
 Version:           26.1.2
 API version:       1.45
 Go version:        go1.21.10
 Git commit:        211e74b
 Built:             Wed May  8 14:01:02 2024
 OS/Arch:           linux/amd64
 Context:           default
Server: Docker Engine - Community
 Engine:
  Version:          26.1.2
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.21.10
  Git commit:       ef1912d
  Built:            Wed May  8 13:59:55 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.31
  GitCommit:        e377cd56a71523140ca6ae87e30244719194a521
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

# Output the following text to indicate that docker-ce is running normally and pulling the mirror normally[root@docker01 ~]# docker run --rm hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete 
Digest: sha256:2498fce14358aa50ead0cc6c19990fc6ff866ce72aeb5546e1d59caac3d0d60f
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
 /
For more examples and ideas, visit:
 /get-started/

### Deploy nginx images, nginx default execution directory /usr/share/nginx/html/ maps to /opt/mydocker/nginx/html/ directory, and access port 80 of nginx container using the host's 8000 port### Write /opt/mydocker/nginx/html/ file, docker starts nginx container, accepts code projectsdocker pull nginx
docker run --name nginx8000 -p 8000:80 -v /opt/mydocker/nginx/html/:/usr/share/nginx/html/ -itd nginx
# --name Custom container name# -p [Host Port]: [Container Port] Map the 80 port of the container to the 8000 port of the host# -v [Host directory]: [Container directory] Map the /usr/share/nginx/html/ directory of the container to the /opt/mydocker/nginx/html/ directory of the host. If the directory does not exist, it will be automatically recursively created.# -d Run in the background# -it interactively started. Containers without foreground processes need to use the -it parameter so that the container will be in a running state, such as centos mirroring.# nginx container comes with a foreground process, and the -it parameter can be selected or not, and the container will remain running.# Add to the site that nginx listensecho '<h1>welcome to my nginx server.</h1>' > /opt/mydocker/nginx/html/
# Modify the firewall-cmd configuration to release access to port 8000[root@docker01 ~]# firewall-cmd --remove-service=dhcpv6-client --per
[root@docker01 ~]# firewall-cmd --add-port=8000/tcp --per
[root@docker01 ~]# firewall-cmd --reload
[root@docker01 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  sources: 
  services: ssh			# Only retain the sshd service and cancel the dhcpv6-client service  ports: 8000/tcp		# Open tcp's 8000 port  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

# Local Verification[root@docker01 ~]# curl localhost:8000
<h1>welcome to my nginx server.</h1>
[root@docker01 ~]# netstat -tnlp | grep 8000
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      10681/docker-proxy  

# Network VerificationPS C:\> curl http://10.0.0.210:8000 | ForEach-Object Content
<h1>welcome to my nginx server.</h1>