Table of Contents
在使用oci-add-hooks的过程中出了一些问题,为了找出问题所在,对源码进行了修改,添加了日志输出。因此也借这个机会对通过docker run
runc is a command line client for running applications packaged according to the Open Container Initiative (OCI) format and is a compliant implementation of the Open Container Initiative specification.
runc integrates well with existing process supervisors to provide a production container runtime environment for applications. It can be used with your existing process monitoring tools and the container will be spawned as a direct child of the process supervisor.
Containers are configured using bundles. A bundle for a container is a directory that includes a specification file named “config.json” and a root filesystem. The root filesystem contains the contents of the container.
最重要的是第三段,容器是通过bundle进行配置的。bundle包括了容器的配置文件config.json和包含容器内容的root filesystem。
To start a new instance of a container:
# runc run [ -b bundle ] <container-id>
Where "<container-id>" is your name for the instance of the container that youare starting. The name you provide for the container instance must be unique onyour host. Providing the bundle directory using "-b" is optional. The defaultvalue for "bundle" is the current directory.
USAGE: runc [global options] command [command options] [arguments...]
启动一个容器实例最简单的方法是通过runc run [ -b bundle ] <container-id>
COMMANDS: checkpoint checkpoint a running container create create a container delete delete any resources held by the container often used with detached container events display container events such as OOM notifications, cpu, memory, and IO usage statistics exec execute new process inside the container kill kill sends the specified signal (default: SIGTERM) to the container's init process list lists containers started by runc with the given root pause pause suspends all processes inside the container ps ps displays the processes running inside a container restore restore a container from a previous checkpoint resume resumes all processes that have been previously paused run create and run a container spec create a new specification file start executes the user defined process in a created container state output the state of a container update update container resource constraints features show the enabled features help, h Shows a list of commands or help for one command
GLOBAL OPTIONS: --debug enable debug logging --log value set the log file to write runc logs to (default is '/dev/stderr') --log-format value set the log format ('text' (default), or 'json') (default: "text") --root value root directory for storage of container state (this should be located in tmpfs) (default: "/run/user/1000/runc") --criu value path to the criu binary used for checkpoint and restore (default: "criu") --systemd-cgroup enable systemd cgroup support, expects cgroupsPath to be of form "slice:prefix:name" for e.g. "system.slice:runc:434234" --rootless value ignore cgroup permission errors ('true', 'false', or 'auto') (default: "auto") --help, -h show help --version, -v print the version
How runc create, start and delete container?
日志输出的runc create时的调用参数如下,准确来说应该是global options。
- —root指定了用于存储容器状态的根目录,前面对这个根目录的描述提到需要是tmpfs(类Unix系统上暂存档存储空间的常见名称,通常以挂载文件系统方式实现,并将资料存储在易失性存储器即内存而非永久存储设备中),这里是/var/run/docker/runtime-runc/moby。关于moby的介绍
- —log指定了runc日志文件。
- —log-format指定了runc日志文件格式为json。
- —systemd-cgroup开启systemd cgroup支持,这也是容器资源隔离机制的关键。
- —bundle指定的目录和runc日志的目录一致。
- —pid-file指定了容器进程的pid路径。
--root /var/run/docker/runtime-runc/moby --log/run/containerd/io.containerd.runtime.v2.task/moby/6dbd69e6f9e0c7efe3026ae83624012fce6917e2f7e2c73958b8530d369fef05/log.json --log-format json --systemd-cgroupcreate --bundle/run/containerd/io.containerd.runtime.v2.task/moby/6dbd69e6f9e0c7efe3026ae83624012fce6917e2f7e2c73958b8530d369fef05 --pid-file/run/containerd/io.containerd.runtime.v2.task/moby/6dbd69e6f9e0c7efe3026ae83624012fce6917e2f7e2c73958b8530d369fef05/init.pid6dbd69e6f9e0c7efe3026ae83624012fce6917e2f7e2c73958b8530d369fef05
日志输出的runc start时的调用参数如下,相比于create参数少了一些,基本参数保持一致,6dbd69e…为容器id。
--root /var/run/docker/runtime-runc/moby --log/run/containerd/io.containerd.runtime.v2.task/moby/6dbd69e6f9e0c7efe3026ae83624012fce6917e2f7e2c73958b8530d369fef05/log.json --log-format json --systemd-cgroupstart 6dbd69e6f9e0c7efe3026ae83624012fce6917e2f7e2c73958b8530d369fef05
日志输出的runc delete时的调用参数如下,和start的参数一致。
--root /var/run/docker/runtime-runc/moby --log/run/containerd/io.containerd.runtime.v2.task/moby/6dbd69e6f9e0c7efe3026ae83624012fce6917e2f7e2c73958b8530d369fef05/log.json --log-format json --systemd-cgroupdelete 6dbd69e6f9e0c7efe3026ae83624012fce6917e2f7e2c73958b8530d369fef05
在runc delete后,还有个runc delete —force的操作,参数如下。
--root /var/run/docker/runtime-runc/moby --log/run/containerd/io.containerd.runtime.v2.task/moby/6dbd69e6f9e0c7efe3026ae83624012fce6917e2f7e2c73958b8530d369fef05/log.json --log-format json delete --force6dbd69e6f9e0c7efe3026ae83624012fce6917e2f7e2c73958b8530d369fef05