1. 準(zhǔn)備工作
本文承接內(nèi)容 [mydocker]---一步步實(shí)現(xiàn)volume操作 , 由于其實(shí)現(xiàn)會(huì)讓多個(gè)容器共用容器層, 這樣會(huì)導(dǎo)致多個(gè)容器之間的數(shù)據(jù)不隔離, 相互可以訪問(wèn)修改彼此之間的數(shù)據(jù). 因此本文將會(huì)實(shí)現(xiàn)容器層隔離.
1.1 準(zhǔn)備環(huán)境
root@nicktming:~/go/src/github.com/nicktming/mydocker# git clone https://github.com/nicktming/mydocker.git
root@nicktming:~/go/src/github.com/nicktming/mydocker# git checkout code-5.7
root@nicktming:~/go/src/github.com/nicktming/mydocker# git checkout -b dev-5.7.1
1.2 準(zhǔn)備busybox.tar
// 前提條件
root@nicktming:/nicktming# pwd
/nicktming
root@nicktming:/nicktming# ls
busybox.tar
2. code-5.7 存在的問(wèn)題
2.1 問(wèn)題
在開(kāi)始之前先解決一個(gè)問(wèn)題, 在以后臺(tái)運(yùn)行容器的形式創(chuàng)建進(jìn)程時(shí)無(wú)法將
mount進(jìn)來(lái)的文件持久化.
root@nicktming:~/go/src/github.com/nicktming/mydocker# git checkout code-5.7
root@nicktming:~/go/src/github.com/nicktming/mydocker# go build .
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker run -d -name test -v /nicktming/volume1:/containerVolume busybox /bin/top
2019/04/17 23:33:32 rootPath is empaty, set rootPath: /nicktming
2019/04/17 23:33:32 remove /nicktming/mnt/test/containerVolume, err:remove /nicktming/mnt/test/containerVolume: device or resource busy
2019/04/17 23:33:32 remove /nicktming/writerLayer/test, err:remove /nicktming/writerLayer/test: device or resource busy
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker ps
ID NAME PID STATUS COMMAND CREATED
15555152121560770321 test 14321 running /bin/top 2019-04-17 23:33:32
root@nicktming:~/go/src/github.com/nicktming/mydocker# ps -ef | grep top
root 14321 1 0 23:33 pts/2 00:00:00 /bin/top
root 14364 13802 0 23:34 pts/2 00:00:00 grep --color=auto top
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker exec -it test /bin/sh
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker exec test /bin/sh
2019/04/17 23:34:44 containerName:test,command:/bin/sh
/ # ls
bin dev etc home proc root sys tmp usr var
/ # exit
root@nicktming:~/go/src/github.com/nicktming/mydocker#
所以
code-5.7分支中存在此問(wèn)題, 當(dāng)再次進(jìn)入到容器中的時(shí)候, 看不到containerVolume.
2.2 實(shí)現(xiàn)
原因: 出現(xiàn)上面的情況是因?yàn)?code>Run方法在不是
-d參數(shù)表示后臺(tái)運(yùn)行的時(shí)候在父進(jìn)程退出時(shí)會(huì)調(diào)用ClearWorkDir(newRootPath, containerName, volumes)方法, 所以當(dāng)再次進(jìn)入到容器的時(shí)候看不到mount的文件.
解決:
1. 在
Run方法中判斷如果是以后臺(tái)運(yùn)行的形式啟動(dòng)容器則不調(diào)用ClearWorkDir方法, 在stop命令的時(shí)候需要調(diào)用該方法.
2. 如果是以tty的形式啟動(dòng)容器則在子進(jìn)程運(yùn)行結(jié)束后應(yīng)該調(diào)用ClearWorkDir方法.
2.2.1 修改Run方法
修改
Run方法如下: 關(guān)于RecordContainerInfo方法中加入了volumes和newRootPath變量, 這是因?yàn)樵?code>Stop方法中需要調(diào)用ClearWorkDir(newRootPath, containerName, volumes)方法做清除操作, 因此需要將該變量保存到容器的metadata中.
func Run(command string, tty bool, cg *cgroups.CroupManger, rootPath string, volumes []string, containerName, imageName string) {
...
//defer ClearWorkDir(newRootPath, containerName, volumes)
...
cg.Set()
//defer cg.Destroy()
cg.Apply(strconv.Itoa(cmd.Process.Pid))
RecordContainerInfo(strconv.Itoa(cmd.Process.Pid), containerName, id, command, volumes, newRootPath)
// false 表明父進(jìn)程(Run程序)無(wú)須等待子進(jìn)程(Init程序,Init進(jìn)程后續(xù)會(huì)被用戶程序覆蓋)
if tty {
cmd.Wait()
DeleteContainerInfo(containerName)
ClearWorkDir(newRootPath, containerName, volumes)
cg.Destroy()
}
}
對(duì)應(yīng)的結(jié)構(gòu)體改變?nèi)缦? (增加
Volumes和RootPath變量)
type ContainerInfo struct {
Pid string `json:"pid"`
Id string `json:"id"`
Name string `json:"name"`
Command string `json:"command"`
CreateTime string `json:"createTime"`
Status string `json:"status"`
Volumes []string `json:"volumes"`
RootPath string `json:"rootPaths"`
}
修改
RecordContainerInfo方法
func RecordContainerInfo(pid, name, id, command string, volumes []string, rootPath string) error {
containerInfo := &ContainerInfo {
Pid: pid,
Id: id,
Name: name,
Command: command,
CreateTime: time.Now().Format("2006-01-02 15:04:05"),
Status: RUNNING,
Volumes: volumes,
RootPath: rootPath,
}
...
}
2.2.2 修改stop方法
有了上面的操作, 在
stop容器的時(shí)候就可以獲得RootPath和Volumes這兩個(gè)變量了, 調(diào)用ClearWorkDir方法做清理工作.
func Stop(containerName string) {
...
log.Printf("rootPath:%s\n", containerInfo.RootPath)
log.Println(containerInfo.Volumes)
ClearWorkDir(containerInfo.RootPath, containerName, containerInfo.Volumes)
}
2.2.3 測(cè)試
root@nicktming:~/go/src/github.com/nicktming/mydocker# go build .
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker run -d -name test -v /nicktming/volume1:/containerVolume busybox /bin/top
2019/04/18 00:05:26 rootPath is empaty, set rootPath: /nicktming
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker ps
ID NAME PID STATUS COMMAND CREATED
15555171266202920071 test 17471 running /bin/top 2019-04-18 00:05:26
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker exec test /bin/sh
2019/04/18 00:05:46 containerName:test,command:/bin/sh
/ # ls -l
total 48
drwxr-xr-x 2 root root 12288 Feb 14 18:58 bin
drwxr-xr-x 4 root root 4096 Apr 17 16:05 containerVolume
drwxr-xr-x 4 root root 4096 Mar 17 16:05 dev
drwxr-xr-x 3 root root 4096 Mar 17 16:05 etc
drwxr-xr-x 2 nobody nogroup 4096 Feb 14 18:58 home
dr-xr-xr-x 108 root root 0 Apr 17 16:05 proc
drwx------ 2 root root 4096 Apr 17 16:05 root
drwxr-xr-x 2 root root 4096 Mar 17 16:05 sys
drwxrwxrwt 2 root root 4096 Feb 14 18:58 tmp
drwxr-xr-x 3 root root 4096 Feb 14 18:58 usr
drwxr-xr-x 4 root root 4096 Feb 14 18:58 var
/ # echo "container test: test01" > containerVolume/test01.txt
/ # cat containerVolume/test01.txt
container test: test01
/ # exit
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker stop test
2019/04/18 00:06:33 rootPath:/nicktming
2019/04/18 00:06:33 [/nicktming/volume1:/containerVolume]
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker rm test
root@nicktming:~/go/src/github.com/nicktming/mydocker# ls -l /nicktming/volume1/
total 4
-rw-r--r-- 1 root root 23 Apr 18 00:06 test01.txt
root@nicktming:~/go/src/github.com/nicktming/mydocker# cat /nicktming/volume1/test01.txt
container test: test01
root@nicktming:~/go/src/github.com/nicktming/mydocker#
這個(gè)時(shí)候再次進(jìn)入到容器中就可以把數(shù)據(jù)持久化了.
3. 通過(guò)容器制作鏡像
通過(guò)容器制作鏡像其實(shí)也很簡(jiǎn)單, 鏡像其實(shí)就是由一些文件組成, 因此直接將運(yùn)行中的容器打包就可以組成一個(gè)新的鏡像.
3.1 修改
由于在[mydocker]---實(shí)現(xiàn)保存鏡像 已經(jīng)實(shí)現(xiàn)了保存鏡像, 但是當(dāng)時(shí)并沒(méi)有做容器層隔離, 默認(rèn)就是當(dāng)前容器, 因此本文將會(huì)對(duì)此做一點(diǎn)修改.
command/command.go中修改CommitCommand如下:
var CommitCommand = cli.Command{
Name: "commit",
Action: func(c *cli.Context) error {
//imageName := c.Args().Get(0)
containerName := c.Args().Get(0)
imageName := c.Args().Get(1)
Commit(containerName, imageName)
return nil
},
}
command/commit.go修改如下:
func Commit(containerName, imageName string) {
//mntPath := DEFAULTPATH + "/mnt"
//imageTar := DEFAULTPATH + "/" + imageName + ".tar"
containerInfo, err := GetContainerInfo(containerName)
if err != nil {
fmt.Errorf("GetContainerInfo error:%v\n", err)
return
}
mntPath := containerInfo.RootPath + "/mnt/" + containerName
imageTar := containerInfo.RootPath + "/" + imageName + ".tar"
log.Printf("mntPath:%s, imageTar:%s\n", mntPath, imageTar)
if _, err := exec.Command("tar", "-czf", imageTar, "-C", mntPath, ".").CombinedOutput(); err != nil {
log.Printf("Error: tar -czf %s -C %s .; err:%v\n", imageTar, mntPath, err)
}
}
3.2 測(cè)試
---------------------------------------terminal 01--------------------------------------------
root@nicktming:/nicktming# pwd
/nicktming
root@nicktming:/nicktming# ls
busybox.tar
// 啟動(dòng)兩個(gè)容器 container01 container02
---------------------------------------terminal 02--------------------------------------------
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker run -d -name container01 -v /nicktming/from1:/to1 busybox /bin/top
2019/04/18 22:25:24 rootPath is empaty, set rootPath: /nicktming
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker run -d -name container02 -v /nicktming/from2:/to2 busybox /bin/top
2019/04/18 22:25:56 rootPath is empaty, set rootPath: /nicktming
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker ps
ID NAME PID STATUS COMMAND CREATED
15555975245549425111 container01 14158 running /bin/top 2019-04-18 22:25:24
15555975563445863921 container02 14218 running /bin/top 2019-04-18 22:25:56
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker exec container01 /bin/sh
2019/04/18 22:26:27 containerName:container01,command:/bin/sh
/ # echo -e "hello container1" >> /to1/test1.txt
/ # mkdir to1-1
/ # echo -e "hello cotainer1,to-1,test1" >> /to1-1/test1.txt
/ # exit
root@nicktming:~/go/src/github.com/nicktming/mydocker#
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker commit container01 image1
// 查看宿主機(jī)內(nèi)容
---------------------------------------terminal 01--------------------------------------------
root@nicktming:/nicktming# cat mnt/container01/to1-1/test1.txt
hello cotainer1,to-1,test1
root@nicktming:/nicktming# cat mnt/container01/to1/test1.txt
hello container1
root@nicktming:/nicktming# ls
busybox busybox.tar from1 from2 image1.tar mnt writerLayer
root@nicktming:/nicktming#
// 刪除容器container01 根據(jù)image1鏡像啟動(dòng)容器container03 查看是否有to1,to1-1文件夾
---------------------------------------terminal 02--------------------------------------------
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker stop container01
2019/04/18 22:35:10 rootPath:/nicktming
2019/04/18 22:35:10 [/nicktming/from1:/to1]
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker rm container01
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker ps
ID NAME PID STATUS COMMAND CREATED
15555975563445863921 container02 14218 running /bin/top 2019-04-18 22:25:56
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker run -d -name container03 image1 /bin/top
2019/04/18 22:37:50 rootPath is empaty, set rootPath: /nicktming
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker ps
ID NAME PID STATUS COMMAND CREATED
15555975563445863921 container02 14218 running /bin/top 2019-04-18 22:25:56
15555982709688329991 container03 15433 running /bin/top 2019-04-18 22:37:50
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker exec container03 /bin/sh
2019/04/18 22:38:08 containerName:container03,command:/bin/sh
/ # ls -l
total 52
drwxr-xr-x 2 root root 12288 Feb 14 18:58 bin
drwxr-xr-x 4 root root 4096 Mar 17 16:05 dev
drwxr-xr-x 3 root root 4096 Mar 17 16:05 etc
drwxr-xr-x 2 nobody nogroup 4096 Feb 14 18:58 home
dr-xr-xr-x 97 root root 0 Apr 18 14:37 proc
drwx------ 2 root root 4096 Apr 18 14:38 root
drwxr-xr-x 2 root root 4096 Mar 17 16:05 sys
drwxrwxrwt 2 root root 4096 Feb 14 18:58 tmp
drwxr-xr-x 2 root root 4096 Apr 18 14:26 to1
drwxr-xr-x 2 root root 4096 Apr 18 14:27 to1-1
drwxr-xr-x 3 root root 4096 Feb 14 18:58 usr
drwxr-xr-x 4 root root 4096 Feb 14 18:58 var
// 文件夾存在 文件內(nèi)容也存在
/ # cat to1/test1.txt
hello container1
/ # cat to1-1/test1.txt
hello cotainer1,to-1,test1
/ # exit
root@nicktming:~/go/src/github.com/nicktming/mydocker#
// 再次根據(jù)鏡像image1啟動(dòng) 并且用宿主機(jī)中的from5映射到容器的/to1
//根據(jù)aufs原理可知容器層的內(nèi)容會(huì)覆蓋鏡像層的內(nèi)容, 因此/to1/test1.txt的內(nèi)容為hello container05
root@nicktming:~/go/src/github.com/nicktming/mydocker# mkdir -p /nicktming/from5 && echo "hello container05" > /nicktming/from5/test1.txt
root@nicktming:~/go/src/github.com/nicktming/mydocker# cat /nicktming/from5/test1.txt
hello container05
root@nicktming:~/go/src/github.com/nicktming/mydocker# ./mydocker run -it -name container05 -v /nicktming/from5:/to1 image1 /bin/sh
2019/04/18 22:45:06 rootPath is empaty, set rootPath: /nicktming
2019/04/18 22:45:06 current path: /nicktming/mnt/container05.
/ # ls -l
total 52
drwxr-xr-x 2 root root 12288 Feb 14 18:58 bin
drwxr-xr-x 4 root root 4096 Mar 17 16:05 dev
drwxr-xr-x 3 root root 4096 Mar 17 16:05 etc
drwxr-xr-x 2 nobody nogroup 4096 Feb 14 18:58 home
dr-xr-xr-x 97 root root 0 Apr 18 14:45 proc
drwx------ 2 root root 4096 Apr 18 14:45 root
drwxr-xr-x 2 root root 4096 Mar 17 16:05 sys
drwxrwxrwt 2 root root 4096 Feb 14 18:58 tmp
drwxr-xr-x 4 root root 4096 Apr 18 14:45 to1
drwxr-xr-x 2 root root 4096 Apr 18 14:27 to1-1
drwxr-xr-x 3 root root 4096 Feb 14 18:58 usr
drwxr-xr-x 4 root root 4096 Feb 14 18:58 var
/ # cat to1
to1-1/ to1/
/ # cat to1/test1.txt
hello container05
4. 時(shí)序圖
commit-container.png
5. 參考
1. 自己動(dòng)手寫(xiě)docker.(基本參考此書(shū),加入一些自己的理解,加深對(duì)
docker的理解)
6. 全部?jī)?nèi)容
mydocker.png
1. [mydocker]---環(huán)境說(shuō)明
2. [mydocker]---urfave cli 理解
3. [mydocker]---Linux Namespace
4. [mydocker]---Linux Cgroup
5. [mydocker]---構(gòu)造容器01-實(shí)現(xiàn)run命令
6. [mydocker]---構(gòu)造容器02-實(shí)現(xiàn)資源限制01
7. [mydocker]---構(gòu)造容器02-實(shí)現(xiàn)資源限制02
8. [mydocker]---構(gòu)造容器03-實(shí)現(xiàn)增加管道
9. [mydocker]---通過(guò)例子理解存儲(chǔ)驅(qū)動(dòng)AUFS
10. [mydocker]---通過(guò)例子理解chroot 和 pivot_root
11. [mydocker]---一步步實(shí)現(xiàn)使用busybox創(chuàng)建容器
12. [mydocker]---一步步實(shí)現(xiàn)使用AUFS包裝busybox
13. [mydocker]---一步步實(shí)現(xiàn)volume操作
14. [mydocker]---實(shí)現(xiàn)保存鏡像
15. [mydocker]---實(shí)現(xiàn)容器的后臺(tái)運(yùn)行
16. [mydocker]---實(shí)現(xiàn)查看運(yùn)行中容器
17. [mydocker]---實(shí)現(xiàn)查看容器日志
18. [mydocker]---實(shí)現(xiàn)進(jìn)入容器Namespace
19. [mydocker]---實(shí)現(xiàn)停止容器
20. [mydocker]---實(shí)現(xiàn)刪除容器
21. [mydocker]---實(shí)現(xiàn)容器層隔離
22. [mydocker]---實(shí)現(xiàn)通過(guò)容器制作鏡像
23. [mydocker]---實(shí)現(xiàn)cp操作
24. [mydocker]---實(shí)現(xiàn)容器指定環(huán)境變量
25. [mydocker]---網(wǎng)際協(xié)議IP
26. [mydocker]---網(wǎng)絡(luò)虛擬設(shè)備veth bridge iptables
27. [mydocker]---docker的四種網(wǎng)絡(luò)模型與原理實(shí)現(xiàn)(1)
28. [mydocker]---docker的四種網(wǎng)絡(luò)模型與原理實(shí)現(xiàn)(2)
29. [mydocker]---容器地址分配
30. [mydocker]---網(wǎng)絡(luò)net/netlink api 使用解析
31. [mydocker]---網(wǎng)絡(luò)實(shí)現(xiàn)
32. [mydocker]---網(wǎng)絡(luò)實(shí)現(xiàn)測(cè)試
