解决：启动容器中的linux时加上参数：-v /var/run/docker.sock:/var/run/docker.sock

https://hub.docker.com/_/centos?tab=tags
docker pull centos:8.1.1911
docker run -d --name lhrcentos8 -h lhrcentos8 -v /etc/localtime:/etc/localtime:ro -v /var/run/docker.sock:/var/run/docker.sock -p 223:22 --privileged=true centos:8.1.1911 /usr/sbin/init
docker exec -it lhrcentos8 /bin/bash
yum install -y openssh-clients openssh-server initscripts  net-tools telnet which wget passwd e4fsprogs
systemctl restart sshd
ssh root@121.36.78.6 -p223
执行安装docker即可。
1、卸载掉旧版本的 Docker：
yum remove -y docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
2、执行以下安装命令去安装依赖包：
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum -y install docker-ce docker-ce-cli containerd.io
### CentOS 8 需要先安装containerd.io，否则报错：Problem: package docker-ce-3:19.03.8-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed
dnf install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
yum -y install docker-ce docker-ce-cli containerd.io
systemctl start docker
systemctl status docker
3、检查版本
docker version
docker info
4、测试
docker run hello-world

---

---

-- docker运行在docker里面分两种情况

(dind) docker inside docker

(dood) docker outside of docker

--  `dind` 即 Docker In Docker 
# https://hub.docker.com/_/docker?tab=tags
docker pull docker:dind
docker pull docker:dind
docker network create --subnet=192.168.68.0/16 some-network
docker run --privileged --name some-docker -d \
    --network some-network --network-alias docker \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v some-docker-certs-ca:/certs/ca \
    -v some-docker-certs-client:/certs/client \
    docker:dind
docker exec -it some-docker sh

https://hub.docker.com/_/docker?tab=description

Quick reference

• Maintained by:  Tianon (of the Docker Project)

• Where to get help:  the Docker Community Forums,  the Docker Community Slack, or  Stack Overflow

Supported tags and respective  Dockerfile links

• 19.03.11,  19.03,  19,  stable,  test,  latest
• 19.03.11-dind,  19.03-dind,  19-dind,  stable-dind,  test-dind,  dind
• 19.03.11-dind-rootless,  19.03-dind-rootless,  19-dind-rootless,  stable-dind-rootless,  test-dind-rootless,  dind-rootless
• 19.03.11-git,  19.03-git,  19-git,  stable-git,  test-git,  git

Quick reference (cont.)

• Where to file issues:  https://github.com/docker-library/docker/issues

• Supported architectures: ( more info)  amd64,  arm32v6,  arm32v7,  arm64v8

• Published image artifact details:  repo-info repo's  repos/docker/ directory ( history) (image metadata, transfer size, etc)

• Image updates:  official-images PRs with label  library/docker
  official-images repo's  library/docker file ( history)

• Source of this description:  docs repo's  docker/ directory ( history)

What is Docker in Docker?

Although running Docker inside Docker is generally not recommended, there are some legitimate use cases, such as development of Docker itself.

Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux, Mac OS and Windows.

wikipedia.org/wiki/Docker_(software)

Before running Docker-in-Docker, be sure to read through  Jérôme Petazzoni's excellent blog post on the subject, where he outlines some of the pros and cons of doing so (and some nasty gotchas you might run into).

If you are still convinced that you need Docker-in-Docker and not just access to a container's host Docker server, then read on.

How to use this image

TLS

Starting in 18.09+, the  dind variants of this image will automatically generate TLS certificates in the directory specified by the  DOCKER_TLS_CERTDIR environment variable.

Warning: in 18.09, this behavior is disabled by default (for compatibility). If you use  --network=host, shared network namespaces (as in Kubernetes pods), or otherwise have network access to the container (including containers started within the  dind instance via their gateway interface), this is a potential security issue (which can lead to access to the host system, for example). It is recommended to enable TLS by setting the variable to an appropriate value ( -e DOCKER_TLS_CERTDIR=/certs or similar). In 19.03+, this behavior is enabled by default.

When enabled, the Docker daemon will be started with  --host=tcp://0.0.0.0:2376 --tlsverify ... (and when disabled, the Docker daemon will be started with  --host=tcp://0.0.0.0:2375).

Inside the directory specified by  DOCKER_TLS_CERTDIR, the entrypoint scripts will create/use three directories:

• ca: the certificate authority files ( cert.pem,  key.pem)
• server: the  dockerd (daemon) certificate files ( cert.pem,  ca.pem,  key.pem)
• client: the  docker (client) certificate files ( cert.pem,  ca.pem,  key.pem; suitable for  DOCKER_CERT_PATH)

In order to make use of this functionality from a "client" container, at least the  client subdirectory of the  $DOCKER_TLS_CERTDIR directory needs to be shared (as illustrated in the following examples).

To disable this image behavior, simply override the container command or entrypoint to run  dockerd directly ( ... docker:dind dockerd ... or  ... --entrypoint dockerd docker:dind ...).

Start a daemon instance

$ docker run --privileged --name some-docker -d \
    --network some-network --network-alias docker \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v some-docker-certs-ca:/certs/ca \
    -v some-docker-certs-client:/certs/client \
    docker:dind

Note:  --privileged is required for Docker-in-Docker to function properly, but it should be used with care as it provides full access to the host environment, as explained  in the relevant section of the Docker documentation.

Connect to it from a second container

$ docker run --rm --network some-network \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v some-docker-certs-client:/certs/client:ro \
    docker:latest version
Client: Docker Engine - Community
 Version:           18.09.8
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        0dd43dd87f
 Built:             Wed Jul 17 17:38:58 2019
 OS/Arch:           linux/amd64
 Experimental:      false
Server: Docker Engine - Community
 Engine:
  Version:          18.09.8
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       0dd43dd87f
  Built:            Wed Jul 17 17:48:49 2019
  OS/Arch:          linux/amd64
  Experimental:     false

$ docker run -it --rm --network some-network \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v some-docker-certs-client:/certs/client:ro \
    docker:latest sh
/ # docker version
Client: Docker Engine - Community
 Version:           18.09.8
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        0dd43dd87f
 Built:             Wed Jul 17 17:38:58 2019
 OS/Arch:           linux/amd64
 Experimental:      false
Server: Docker Engine - Community
 Engine:
  Version:          18.09.8
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       0dd43dd87f
  Built:            Wed Jul 17 17:48:49 2019
  OS/Arch:          linux/amd64
  Experimental:     false

$ docker run --rm --network some-network \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v some-docker-certs-client:/certs/client:ro \
    docker:latest info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.09.8
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.19.0-5-amd64
Operating System: Alpine Linux v3.10 (containerized)
OSType: linux
Architecture: x86_64
CPUs: 12
Total Memory: 62.79GiB
Name: e174d61a4a12
ID: HJXG:3OT7:MGDL:Y2BL:WCYP:CKSP:CGAM:4BLH:NEI4:IURF:4COF:AH6N
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

$ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock docker:latest version
Client: Docker Engine - Community
 Version:           18.09.8
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        0dd43dd87f
 Built:             Wed Jul 17 17:38:58 2019
 OS/Arch:           linux/amd64
 Experimental:      false
Server: Docker Engine - Community
 Engine:
  Version:          18.09.7
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       2d0083d
  Built:            Thu Jun 27 17:23:02 2019
  OS/Arch:          linux/amd64
  Experimental:     false

Custom daemon flags

$ docker run --privileged --name some-docker -d \
    --network some-network --network-alias docker \
    -e DOCKER_TLS_CERTDIR=/certs \
    -v some-docker-certs-ca:/certs/ca \
    -v some-docker-certs-client:/certs/client \
    docker:dind --storage-driver overlay2

Rootless

For more information about using the experimental "rootless" image variants, see  docker-library/docker#174.

Where to Store Data

Important note: There are several ways to store data used by applications that run in Docker containers. We encourage users of the  docker images to familiarize themselves with the options available, including:

• Let Docker manage the storage of your data  by writing to disk on the host system using its own internal volume management. This is the default and is easy and fairly transparent to the user. The downside is that the files may be hard to locate for tools and applications that run directly on the host system, i.e. outside containers.
• Create a data directory on the host system (outside the container) and  mount this to a directory visible from inside the container. This places the files in a known location on the host system, and makes it easy for tools and applications on the host system to access the files. The downside is that the user needs to make sure that the directory exists, and that e.g. directory permissions and other security mechanisms on the host system are set up correctly.

The Docker documentation is a good starting point for understanding the different storage options and variations, and there are multiple blogs and forum postings that discuss and give advice in this area. We will simply show the basic procedure here for the latter option above:

1. Create a data directory on a suitable volume on your host system, e.g.  /my/own/var-lib-docker.

2. Start your  docker container like this:

   $ docker run --privileged --name some-docker -v /my/own/var-lib-docker:/var/lib/docker -d docker:dind

The  -v /my/own/var-lib-docker:/var/lib/docker part of the command mounts the  /my/own/var-lib-docker directory from the underlying host system as  /var/lib/docker inside the container, where Docker by default will write its data files.

License

View  license information for the software contained in this image.

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

Some additional license information which was able to be auto-detected might be found in  the  repo-info repository's  docker/ directory.

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

---

---

About Me

........................................................................................................................ ● 本文作者：小麦苗，部分内容整理自网络，若有侵权请联系小麦苗删除 ● 本文在itpub、博客园、CSDN和个人微 信公众号（ DB宝）上有同步更新 ● 本文itpub地址： http://blog.itpub.net/26736162 ● 本文博客园地址： http://www.cnblogs.com/lhrbest ● 本文CSDN地址： https://blog.csdn.net/lihuarongaini ● 本文pdf版、个人简介及小麦苗云盘地址： http://blog.itpub.net/26736162/viewspace-1624453/ ● 数据库笔试面试题库及解答： http://blog.itpub.net/26736162/viewspace-2134706/ ● DBA宝典今日头条号地址： http://www.toutiao.com/c/user/6401772890/#mid=1564638659405826 ........................................................................................................................ ● QQ群号： 230161599 、618766405 ● 微 信群：可加我微 信，我拉大家进群，非诚勿扰 ● 联系我请加QQ好友 （ 646634621 ），注明添加缘由 ● 于 2020-04-01 06:00 ~ 2020-04-30 24:00 在西安完成 ● 最新修改时间：2020-04-01 06:00 ~ 2020-04-30 24:00 ● 文章内容来源于小麦苗的学习笔记，部分整理自网络，若有侵权或不当之处还请谅解 ● 版权所有，欢迎分享本文，转载请保留出处 ........................................................................................................................ ● 小麦苗的微店： https://weidian.com/s/793741433?wfr=c&ifr=shopdetail ● 小麦苗出版的数据库类丛书： http://blog.itpub.net/26736162/viewspace-2142121/ ● 小麦苗OCP、OCM、高可用网络班： http://blog.itpub.net/26736162/viewspace-2148098/ ● 小麦苗腾讯课堂主页： https://lhr.ke.qq.com/ ........................................................................................................................ 使用 微 信客户端扫描下面的二维码来关注小麦苗的微 信公众号（ DB宝）及QQ群（DBA宝典）、添加小麦苗微 信， 学习最实用的数据库技术。 ........................................................................................................................