linuxkit试玩

Docker在DockerCon 2017大会上发布了一个自己的操作系统，宣称LinuxKit，安全，精简，强移植性。

• 项目地址：https://github.com/linuxkit/linuxkit。
• 博客地址：https://blog.docker.com/2017/04/introducing-linuxkit-container-os-toolkit/

本次我在MacOSX上试玩下这个系统，本文章简单记录试玩的步骤。

安装

运行linuxkit需要使用到moby工具，参照GitHub上的步骤。

安装moby

• moby工具
• moby操作系统(也就是以前的Docker项目改名而来)：https://github.com/moby/moby

$ go get -u github.com/docker/moby/src/cmd/moby

运行linuxkit

编译linuxkit镜像

$ git clone https://github.com/linuxkit/linuxkit.git$ cd linuxkit $ moby build linuxkit.yml

输出：

Create outputs:  linuxkit-bzImage linuxkit-initrd.img linuxkit-cmdline  linuxkit.iso  linuxkit-efi.iso

启动linuxkit

# moby run linuxkitWelcome to LinuxKit                         ##.                   ## ## ## ==                ## ## ## ## ## ===            / "" "" "" "" "" "" "" "" "" \ ___ / = = =       ~~~ { ​~~~~~~~~~~~~~~~~~ / === --~~~            \ ______ o __ /              \ \ __ /               \ ____ \ _______ / / # [2.449400] IPVS : Creating Netns Size = 2104 Id = 1 [2.449828] IPVS: Ftp: Loaded Support On Port [0] = 21 [2.699956] IPVS: Creating Netns Size = 2104 Id = 2 [2.700419] IPVS: Ftp: Loaded Support On Port [ 0] = 21 [3.408548] clocksource: Switched to clocksource tsc

查看进程情况如下：

/ # pstreeinit-+-containerd-+-containerd-shim---nginx---nginx     |            `-containerd-shim---tini---rngd     |-containers---2*[ctr]     |-sh---pstree     `-sh

可以查看到系统启动后启动的容器

/ # runc listID          PID         STATUS      BUNDLE                        CREATED                        OWNERnginx       544         running     /run/containerd/linux/nginx   2017-04-19T16:03:50.2015541Z   rootrngd        598         running     /run/containerd/linux/rngd    2017-04-19T16:03:50.3057929Z   root

访问容器

首先确认nginx容器运行在主机网络上，尝试发送http请求到主机网络进行访问

/ # wget -qO- 127.0.0.1<!DOCTYPE html><html><head><title>Welcome to nginx!</title><style>    body {        width: 35em;        margin: 0 auto;        font-family: Tahoma, Verdana, Arial, sans-serif;    }</style></head><body><h1>Welcome to nginx!</h1><p>If you see this page, the nginx web server is successfully installed andworking. Further configuration is required.</p><p>For online documentation and support please refer to<a href="http://nginx.org/">nginx.org</a>.<br/>Commercial support is available at<a href="http://nginx.com/">nginx.com</a>.</p><p><em>Thank you for using nginx.</em></p></body></html>

可以通过runc检查配置

/ # runc exec nginx cat /etc/nginx/conf.d/default.confserver {    listen       80;    server_name  localhost;    #charset koi8-r;    #access_log  /var/log/nginx/log/host.access.log  main;    location / {        root   /usr/share/nginx/html;        index  index.html index.htm;    }    #error_page  404              /404.html;    # redirect server error pages to the static page /50x.html    #    error_page   500 502 503 504  /50x.html;    location = /50x.html {        root   /usr/share/nginx/html;    }    # proxy the PHP scripts to Apache listening on 127.0.0.1:80    #    #location ~ \.php$ {    #    proxy_pass   http://127.0.0.1;    #}    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000    #    #location ~ \.php$ {    #    root           html;    #    fastcgi_pass   127.0.0.1:9000;    #    fastcgi_index  index.php;    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;    #    include        fastcgi_params;    #}    # deny access to .htaccess files, if Apache's document root    # concurs with nginx's one    #    #location ~ /\.ht {    #    deny  all;    #}}

在linuxkit上运行docker

因为linuxkit设置为只读，你不能在上面做任何编辑或者写文件的事情。下面将启动linuxkit，在其中运行docker来替代上一个步骤中的nginx

编译与启动

docker.yml文件位于example目录下

$ moby build docker.yml $ moby run docker

连接到启动的Docker服务容器

# 查看启动的容器服务/ # runc listID          PID         STATUS      BUNDLE                        CREATED                        OWNERdhcpcd      625         running     /containers/services/dhcpcd   2017-04-19T16:14:49.7139173Z   rootdocker      638         running     /containers/services/docker   2017-04-19T16:14:49.653635Z    rootntpd        650         running     /containers/services/ntpd     2017-04-19T16:14:49.7246421Z   rootrngd        750         running     /containers/services/rngd     2017-04-19T16:14:49.8057626Z   root

进入到docker服务容器

/ # runc exec -t docker sh

查看docker信息

/ # docker infoContainers: 0 Running: 0 Paused: 0 Stopped: 0Images: 0Server Version: 17.04.0-ceStorage Driver: overlay2 Backing Filesystem: tmpfs Supports d_type: true Native Overlay Diff: trueLogging Driver: json-fileCgroup Driver: cgroupfsPlugins: Volume: local Network: bridge host macvlan null overlaySwarm: inactiveRuntimes: runcDefault Runtime: runcInit Binary:containerd version: 422e31ce907fd9c3833a38d7b8fdd023e5a76e73runc version: 9c2d8d184e5da67c95d601382adf14862e4f2228init version: 949e6faSecurity Options: seccomp  Profile: defaultKernel Version: 4.9.22-mobyOperating System: Alpine Linux v3.5 (containerized)OSType: linuxArchitecture: x86_64CPUs: 1Total Memory: 992.5MiBName: moby-c0ffeec0ffeeID: CPFG:OSX6:E5U7:AS3S:GSGG:NXPU:I4HX:XLCX:7KWN:7SWF:NE3G:RJGRDocker Root Dir: /var/lib/dockerDebug Mode (client): falseDebug Mode (server): falseRegistry: https://index.docker.io/v1/Experimental: falseInsecure Registries: 127.0.0.0/8Live Restore Enabled: false

启动docker容器

使用df -h查看，可以看到系统可用空间很小，以至于我们不能做其他的事情(可以通过moby run参数修改)，这是这里为什么选择一个node.js的原因。

/ # docker run --rm -it node:7.9-alpine shUnable to find image 'node:7.9-alpine' locally7.9-alpine: Pulling from library/node709515475419: Pull complete278538de9ce7: Pull complete3e4c7b7d4426: Pull completeDigest: sha256:a85ea008c8ea08799b8c60ecd3003becd332d5067ed3f238bf61085ce4368c88Status: Downloaded newer image for node:7.9-alpine[  377.941800] docker0: port 1(vetha204c60) entered blocking state[  377.942279] docker0: port 1(vetha204c60) entered disabled state[  377.942743] device vetha204c60 entered promiscuous mode[  377.943191] IPv6: ADDRCONF(NETDEV_UP): vetha204c60: link is not ready[  377.963661] IPVS: Creating netns size=2104 id=6[  377.963984] IPVS: ftp: loaded support on port[0] = 21[  378.057793] eth0: renamed from vethd083636[  378.058417] IPv6: ADDRCONF(NETDEV_CHANGE): vetha204c60: link becomes ready[  378.058951] docker0: port 1(vetha204c60) entered blocking state[  378.059368] docker0: port 1(vetha204c60) entered forwarding state[  378.059860] IPv6: ADDRCONF(NETDEV_CHANGE): docker0: link becomes ready/ #

可以像使用正常的容器一样使用它：

/ # node -vv7.9.0/ # node> 2 + 35>

简单试玩到此结束