apt installs docker&docker log& logging driver to extract logs from the running container

apt installs docker & docker Log & logging driver

A: Online apt installation

1. Install docker Online

# Configuration after docker installation, image acceleration
root@ekmp-server-prod:/home/ekmp# docker

Command 'docker' not found, but can be installed with:

snap install docker     # version 19.03.13, or
apt  install docker.io  # version 19.03.8-0ubuntu1.20.04.2

See 'snap info docker' for additional versions.
root@ekmp-server-prod:/home/ekmp# apt install docker.io
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for dbus (1.12.16-2ubuntu2.1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...

2. Configure startup

systemctl start docker && systemctl enable docker

3. Verify docker

docker version

4. Image accelerator configuration

ali image accelerator

#For users with Docker client version greater than 1.10.0
#You can modify the daemon configuration file / etc / docker / daemon JSON to use the accelerator
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
  "registry-mirrors": ["https://xxxxx.mirror.aliyuncs.com"]
sudo systemctl daemon-reload
sudo systemctl restart docker

5. Configure log driver

Configure log driver
Docker includes a variety of logging mechanisms to help you Get information from running containers and services . These mechanisms are called logging drivers.

Each Docker daemon has a default logging driver, which is used by each container unless you configure it to use another logging driver.

In addition to using the logging driver provided with Docker, you can also implement and use Logging driver plug-in.

6. Configure the default logging driver

To configure the Docker daemon as a specific logging driver by default, set the value log driver to daemon The name of the logging driver in the JSON file, which is located on the / etc/docker/Linux host or C:\ProgramData\docker\config\Windows server host. Notice the daemon JSON, if the file does not exist, the file should be created. The default logging driver is JSON file. The following example explicitly sets the default logging driver to syslog:

  "log-driver": "syslog"

If the logging driver has configurable options, you can use daemon JSON uses the key to set them as JSON object log opts in the file. The following example sets two configurable options on the JSON file logging driver:

  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3",
    "labels": "production_status",
    "env": "os,customer"

be careful

Log opts configuration daemon The configuration options in the JSON file must be provided as strings. Therefore, Boolean and numeric values (max file, such as the value in the above example) must be enclosed in quotation marks (").

If you do not specify a logging driver, the default is JSON file. Therefore, the default output of the command docker inspect < container > is JSON.

#Check the status of docker and find / usr / lib / SYSTEMd / system / docker service
systemctl status docker
#View docker Service finds the environment variable configuration EnvironmentFile=-/etc/sysconfig/docker
cat /usr/lib/systemd/system/docker.service
#Edit / etc/sysconfig/docker configuration information to remove -- log driver = Journal
vi /etc/sysconfig/docker
#OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
#OPTIONS='--selinux-enabled --signature-verification=false'
#Configure daemon json
vi /etc/docker/daemon.json
  "registry-mirrors": ["https://dr6xf1z7.mirror.aliyuncs.com"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3",
    "labels": "production_status",
    "env": "os,customer"
sudo systemctl daemon-reload
sudo systemctl restart docker

7. Start the container and test the log file

#Start nginx container
docker run nginx
#After docker is started, the log will be in the following location / var/lib/docker/containers / container ID / container ID JSON log
ls /var/lib/docker/containers/9475d4c1ecb0d962045d008fb8721e7a3392836aecdc562446c2d6a027e55a39
9475d4c1ecb0d962045d008fb8721e7a3392836aecdc562446c2d6a027e55a39-json.log  checkpoints  config.v2.json  hostconfig.json  hostname  hosts  resolv.conf  resolv.conf.hash  secrets  shm

Log content

 cat 9475d4c1ecb0d962045d008fb8721e7a3392836aecdc562446c2d6a027e55a39-json.log
{"log":"/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration\n","stream":"stdout","time":"2020-08-27T07:07:31.530206826Z"}
{"log":"/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/\n","stream":"stdout","time":"2020-08-27T07:07:31.530259323Z"}
{"log":"/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh\n","stream":"stdout","time":"2020-08-27T07:07:31.53274532Z"}
{"log":"10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf\n","stream":"stdout","time":"2020-08-27T07:07:31.538446501Z"}
{"log":"10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf\n","stream":"stdout","time":"2020-08-27T07:07:31.552051393Z"}
{"log":"/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh\n","stream":"stdout","time":"2020-08-27T07:07:31.552168337Z"}
{"log":"/docker-entrypoint.sh: Configuration complete; ready for start up\n","stream":"stdout","time":"2020-08-27T07:07:31.554854339Z"}

8. Dock logs subcommand

Docker logs subcommand
By default, Docker logs will be sent to the standard output device (STDOUT) and standard error device (STDERR) of the container. STDOUT and STDERR are actually the console terminal of the container.

We can view the log output of a specific container through the logs subcommand:

#docker logs CONTAINER ID
docker logs 9475d4c1ecb0
#The log you see at this time is static, and the log up to now. If you want to continuously see the newly printed log information, you can add the - f parameter, such as:
docker logs -f 9475d4c1ecb0

9.Docker logging driver

Docker logs will be sent to STDOUT and STDERR. But in fact, docker also provides other mechanisms that allow us to extract logs from the running container. These mechanisms are collectively referred to as the logging driver

For Docker, the default logging driver is JSON file. If it is not specified during startup, the default logging driver will be used.

docker info | grep 'logging driver'
Logging Driver: json-file
#json file will save all the logs we see in the console through the name of docker logs in a json file. We can find this json file in the container directory on the server Host.
#Container log path: / var / lib / docker / containers / < container ID > / < container ID > - JSON log

View log path and other information

#It mainly depends on the path of LogPath
[root@localhost var]# docker inspect 9475d4c1ecb0 | grep 'Path'
        "Path": "/docker-entrypoint.sh",
        "ResolvConfPath": "/var/lib/docker/containers/9475d4c1ecb0d962045d008fb8721e7a3392836aecdc562446c2d6a027e55a39/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/9475d4c1ecb0d962045d008fb8721e7a3392836aecdc562446c2d6a027e55a39/hostname",
        "HostsPath": "/var/lib/docker/containers/9475d4c1ecb0d962045d008fb8721e7a3392836aecdc562446c2d6a027e55a39/hosts",
        "LogPath": "/var/lib/docker/containers/9475d4c1ecb0d962045d008fb8721e7a3392836aecdc562446c2d6a027e55a39/9475d4c1ecb0d962045d008fb8721e7a3392836aecdc562446c2d6a027e55a39-json.log",

10 types of logging dirver supported by docker

logging dirver types supported by Docker

The following logging drivers are supported. See the link to each driver's documentation for its configurable options, if applicable. If you are using logging driver plugins, you may see more options.

DriverDescriptionChinese interpretation
noneNo logs are available for the container and docker logs does not return any output.none means that the container log is disabled and no container log will be output.
localLogs are stored in a custom format designed for minimal overhead.
json-fileThe logs are formatted as JSON. The default logging driver for Docker.
syslogWrites logging messages to the syslog facility. The syslog daemon must be running on the host machine.Log management service on Linux
journaldWrites log messages to journald. The journald daemon must be running on the host machine.Log management service on Linux
gelfWrites log messages to a Graylog Extended Log Format (GELF) endpoint such as Graylog or Logstash.It is an open source log management scheme
fluentdWrites log messages to fluentd (forward input). The fluentd daemon must be running on the host machine.It is an open source log management scheme
awslogsWrites log messages to Amazon CloudWatch Logs.Third party log hosting service
splunkWrites log messages to splunk using the HTTP Event Collector.Third party log hosting service
etwlogsWrites log messages as Event Tracing for Windows (ETW) events. Only available on Windows platforms.
gcplogsWrites log messages to Google Cloud Platform (GCP) Logging.Third party log hosting service
logentriesWrites log messages to Rapid7 Logentries.

The following example starts an Alpine container with the none logging driver.

#We can specify which specific logging driver to use by adding -- log driver when the container is started
docker run -it --log-driver none alpine ash
#This example will start an alpine container, which can contain up to 3 log files, each of which is no more than 10 MB.
docker run -it --log-opt max-size=10m --log-opt max-file=3 alpine ash

B: CentOS 7 offline installation of docker

#This environment is an environment without docker service installed. If it has been installed, uninstall it by yourself.
#The packages uploaded in the following environments and the offline yum source are under the / home directory by default. Unless otherwise specified, this directory shall prevail

#Download docker offline installation package, download address
 Link: https://pan.baidu.com/s/13nzMoQJ6A4ZCbW2D8han9Q 
Extraction code: 4 rod 
#Upload the downloaded package to the server, unzip it to the / home directory, and configure the offline yum source
tar xvf docker-19.03.6.tar.gz -C /home/   #Unzip it to the home directory
cp /home/docker/docker-19.03.6.repo /etc/yum.repos.d/     #Configure offline YUM source
yum repolist   #Check whether the configuration is successful
cd /home/docker
#Install docker19 Version 03.6
yum -y install docker-ce-19.03.6-3.el7.x86_64.rpm
#Start docker service
systemctl  start docker
#View version
docker -v
#Add startup self startup
systemctl enable docker

C: Install docker compose


curl -L https://github.com/docker/compose/releases/download/1.28.4/run.sh > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version

After docker compose -- version is executed, the output is as follows, indicating that the installation is successful

[root@shl dockerfiles]# docker-compose --version
docker-compose version 1.28.4, build cabd5cf

D: How to close SELinux

Error starting daemon: SELinux is docnot supported with the overlay2 graph driver on this kernel. Either boot into a newer kernel or disable selinux in...enabled=false

1. Permanently close SELinux

# Permanently close SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
#The system needs to be restarted after shutdown
# View SELinux status

Edit the configuration file / etc/selinux/config, change SELinux = to SELINUX=disabled, and restart the system. SELinux is disabled

2. Temporarily close SELinux

# Closing SELinux temporarily is to switch between enabling and permissive modes
setenforce 0 #Switch to tolerant mode
setenforce 1 #Switch to forced mode
# check SELinux

System restart, temporary failure mode

Tags: Docker

Posted by stuart7398 on Wed, 13 Apr 2022 17:38:55 +0300