docker_error response from daemon: remote ca does not mat

docker install

• sudo yum install -y yum-utils device-mapper-persistent-data lvm2
• sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo (if you can't connect to https://download.docker.com, please use next step.)
• sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
• yum makecache fast
• sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
• sudo yum install -y  containerd.io-1.2.13 docker-ce-19.03.11  docker-ce-cli-19.03.11 (install specific version)
• sudo systemctl start docker
• sudo systemctl enable docker 开机启动
• sudo docker version
• mkdir -p /etc/containerd && containerd config default > /etc/containerd/config.toml (generate default configuration file)

install FAQ

• 国内访问docker仓库失败， 需配置阿里云加速

docker: Error response from daemon: Head "https://registry-1.docker.io/v2/library/hello-world/manifests/latest": read tcp 192.168.1.105:59804->3.216.34.172:443: read: connection reset by peer.

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://8xxvcaud.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

解决配置镜像加速后docker起不来：配置文件是一个json格式的文件，在json文件中对齐的时候不能存在空格，直接拷贝整个tee命令执行

• run docker command without sudo:

sudo usermod -a -G docker USERNAME && newgrp docker

when install docker it will add a new group "docker"

docker CMD

• 查看log：

1. docker logs -n  100 -t  containerid
2. docker logs -ft containerid
3. docker logs -ft containerid --since 30m 查看最近30分钟的日志
4. docker logs -ft -since 0m containerid 2>&1 | tee ~/test.log 记录当前时间以后的日志，并进行屏显

docker image

• sudo docker pull  imagename[:tag]
• sudo docker images
• sudo docker commit containerid imagename[:tag]
• sudo docker rmi imagename
• sudo docker inspect imageid/containerid
• docker login repourl -u username -p passwd

credential will be recorded in $HOME/.docker/config.json

• docker push reponame[:tag]
• docker load -i tarfile  : manually load images from a export tar
• docker save -o tarfile images
• docker run

1. -it
2. -d
3. -p
4. -P
5. -v
6. -e

docker container

• sudo docker start containerid
• sudo docker attach containerid
• sudo docker stop containerid
• sudo docker rm containerid
• sudo docker ps -a
• sudo docker exec containerid cmd 
• sudo docker ceate --name containername image:基于image创建container，container状态是create
• sudo docker run -it --entrypoint cmdname   --name containername image cmdargs:覆盖entrypoint
• sudo docker run -it --name containername image cmd args:覆盖cmd

docker run

• -e a=b:添加环境变量
• --user username:以什么用户运行
• -it
• -v: 磁盘挂载
• -w:工作目录
• --rm:运行结束删除container
• --network=host：运行的网络docker network

• docker network create  --driver bridge --gateway 192.168.0.1 --subnet 192.168.0.0/24  test_net
• docker network ls
• docker inspect networkid
• bridge/host(it will share network with host)

docker windows

•  docker pull mcr.microsoft.com/windows:ltsc2019

docker build

GIT_AUTH_TOKEN=<token> docker buildx build \
  --secret id=GIT_AUTH_TOKEN \
  https://github.com/user/private.git

docker build --file test.Dockerfile - < foo.tar.gz

docker build --build-arg a=b --secret id=a,env=b

docker file

• # syntax=

• FROM：指定images，在FROM指令后前面的ARG会失效，需要重新获取
• USER：切换用户
• RUN
• ARG:
• ENV:image中设置环境变量

docker swarm

• docker swarm init --advertise-addr 192.168.73.141
• docker swarm leave --force
• docker swarm join-token worker
• docker node ls
• docker swarm leave
• docker node  rm

[pdguser@localhost ~]$ docker swarm join --token SWMTKN-1-3krq7qkuscnh5o91q1w4r1ps041ipatc8ne4y2qgqbu7o6qy44-a862je8dng2vxnuuc5q7jg3gt 192.168.73.255:2377
Error response from daemon: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 192.168.73.255:2377: connect: network is unreachable"
[pdguser@localhost ~]$ docker swarm join --token SWMTKN-1-1awgiow7j7dvs8651chiiiqdn6pxs6ui085hcc018zh5baahpf-d5dgh42kcw4xziy8k60j7q6ij 192.168.73.141:2377
Error response from daemon: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 192.168.73.141:2377: connect: no route to host"
[pdguser@localhost ~]$ docker swarm join --token SWMTKN-1-1awgiow7j7dvs8651chiiiqdn6pxs6ui085hcc018zh5baahpf-d5dgh42kcw4xziy8k60j7q6ij 192.168.73.141:2377
Error response from daemon: remote CA does not match fingerprint. Expected: 3445a1a11bac390f8d09bd7f31149c5d3c3a1ae6b7f712ebf3feca93ba3d5e23
[pdguser@localhost ~]$ docker swarm join --token SWMTKN-1-1h0378e5d715ufrsp8xcr82rpfh3t02yb5pux0lhxsrffp374j-5rxjx15oeud4cg0hx91a78k8g 192.168.73.141:2377
 
[root@localhost ~]# docker swarm join --token SWMTKN-1-5q8e2tevh5lmio5rp06t07houh1c754rtwnrm9vao11i39cff0-7w3icgk110pifhun9xxhie4su 192.168.73.141:2377
Error response from daemon: manager stopped: can't initialize raft node: rpc error: code = Unknown desc = could not connect to prospective new cluster member using its advertised address: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 192.168.73.143:2377: connect: no route to host"
[pdguser@localhost ~]$ docker node ls
Error response from daemon: rpc error: code = Unknown desc = The swarm does not have a leader. It's possible that too few managers are online. Make sure more than half of the managers are online.
 
[pdguser@localhost ~]$ docker swarm leave
Error response from daemon: You are attempting to leave the swarm on a node that is participating as a manager. The only way to restore a swarm that has lost consensus is to reinitialize it with `--force-new-cluster`. Use `--force` to suppress this message.
 
docker node  rm  

• FAQ : need to add port 2377 in white list

[root@localhost ~]# firewall-cmd --zone=public --add-port=2377/tcp --permanent
success
[root@localhost ~]# firewall-cmd --query-port=2377/tcp
no
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --query-port=2377/tcp

docker build nginx server

• setup mount folder

mkdir -p /home/nginx/conf
mkdir -p /home/nginx/log
mkdir -p /home/nginx/html

•  run latest images

docker run --name nginx -p 9001:80 -d nginx

• copy configuration files

docker cp nginx:/etc/nginx/nginx.conf /home/nginx/conf/nginx.conf
docker cp nginx:/etc/nginx/conf.d /home/nginx/conf/conf.d
docker cp nginx:/usr/share/nginx/html /home/nginx/html

• change configuration files, make it work as a file server

/home/nginx/conf/nginx.conf

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
 
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 
    access_log  /var/log/nginx/access.log  main;
 
    sendfile        on;
    #tcp_nopush     on;
 
    keepalive_timeout  65;
 
    #gzip  on;
 
 
    # 显示目录
    autoindex on;
    # 显示文件大小
    autoindex_exact_size on;
    # 显示文件时间
    autoindex_localtime on;
    server {
                listen 80;
                server_name localhost;
                # 本地文件路径
                root  /usr/share/nginx/data/repo;
    }
}

• run a nginx container with exist configuration files

docker run \
-p 9002:80 \
--name nginx \
-v /home/nginx/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /home/nginx/log:/var/log/nginx \
-v /home/nginx/html:/usr/share/nginx/html \
-v /home/nginx/repo:/usr/share/nginx/data/repo \
-d nginx:latest

docker in docker

docker run with -v /var/run/docker.sock:/var/run/docker.sock

docker load JVM fail

library initialization failed - unable to allocate file descriptor table - out of memory

vi /etc/systemd/system/docker.conf

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --default-ulimit nofile=65535:65535 -H fd://

systemctl daemon-reload
systemctl restart docker