Docker Swarm代码分析笔记(5)——cluster/cluster.go

cluster\cluster.go文件定义了Cluster interface

// Cluster is exported
type Cluster interface {
    // Create a container
    CreateContainer(config *ContainerConfig, name string, authConfig *types.AuthConfig) (*Container, error)

    // Remove a container
    RemoveContainer(container *Container, force, volumes bool) error

    // Return all images
    Images() Images
    ......
}

目前实现了mesoscluster/mesos/cluster.go,目前仍然处于试验阶段)和swarmcluster/swarm/cluster.go)两种driver。如果你想实现自己的driver,就要实现上面Cluster interface的所有函数。

 

Docker Swarm代码分析笔记(4)——swarm join

Docker Swarmjoin命令的定义:

    {
        Name:      "join",
        ShortName: "j",
        Usage:     "Join a docker cluster",
        Flags:     []cli.Flag{flJoinAdvertise, flHeartBeat, flTTL, flJoinRandomDelay, flDiscoveryOpt},
        Action:    join,
    },

flHeartBeat的默认值是60s,而flTTL默认值是180s:

flHeartBeat = cli.StringFlag{
    Name:  "heartbeat",
    Value: "60s",
    Usage: "period between each heartbeat",
}
flTTL = cli.StringFlag{
    Name:  "ttl",
    Value: "180s",
    Usage: "set the expiration of an ephemeral node",
}

join函数的核心代码:

......
for {
    log.WithFields(log.Fields{"addr": addr, "discovery": dflag}).Infof("Registering on the discovery service every %s...", hb)
    if err := d.Register(addr); err != nil {
        log.Error(err)
    }
    time.Sleep(hb)
}
......

token.Register函数实现:

func (s *Discovery) Register(addr string) error {
    buf := strings.NewReader(addr)

    resp, err := http.Post(fmt.Sprintf("%s/%s/%s?ttl=%d", s.url,
        "clusters", s.token, uint64(s.ttl.Seconds())), "application/json", buf)

    if err != nil {
        return err
    }

    resp.Body.Close()
    return nil
}

join命令其实就是每隔heartbeat时间(例如,60s),向https://discovery.hub.docker.com/v1/clusters/token/ttl=180ttl取默认值),注册一下当前Docker的地址(IP:PORT)。

 

Docker Swarm代码分析笔记(3)——swarm create

Docker Swarmcreate命令代码很简单:

func create(c *cli.Context) {
    if len(c.Args()) != 0 {
        log.Fatalf("the `create` command takes no arguments. See '%s create --help'.", c.App.Name)
    }
    discovery := &token.Discovery{}
    discovery.Initialize("", 0, 0, nil)
    token, err := discovery.CreateCluster()
    if err != nil {
        log.Fatal(err)
    }
    fmt.Println(token)
}

token.CreateCluster()函数的实现:

// CreateCluster returns a unique cluster token
func (s *Discovery) CreateCluster() (string, error) {
    resp, err := http.Post(fmt.Sprintf("%s/%s", s.url, "clusters"), "", nil)
    if err != nil {
        return "", err
    }

    defer resp.Body.Close()
    token, err := ioutil.ReadAll(resp.Body)
    return string(token), err
}

其实就是向https://discovery.hub.docker.com/v1/clusters发送一个https post请求,然后得到唯一的一个token,利用这个token来创建和管理cluster

 

Docker Swarm代码分析笔记(2)——discovery

Dockerdiscovery package提供了实现新的backend定义的interfacediscovey.go):

package discovery

import (
    "errors"
    "time"
)

var (
    // ErrNotSupported is returned when a discovery service is not supported.
    ErrNotSupported = errors.New("discovery service not supported")

    // ErrNotImplemented is returned when discovery feature is not implemented
    // by discovery backend.
    ErrNotImplemented = errors.New("not implemented in this discovery service")
)

// Watcher provides watching over a cluster for nodes joining and leaving.
type Watcher interface {
    // Watch the discovery for entry changes.
    // Returns a channel that will receive changes or an error.
    // Providing a non-nil stopCh can be used to stop watching.
    Watch(stopCh <-chan struct{}) (<-chan Entries, <-chan error)
}

// Backend is implemented by discovery backends which manage cluster entries.
type Backend interface {
    // Watcher must be provided by every backend.
    Watcher

    // Initialize the discovery with URIs, a heartbeat, a ttl and optional settings.
    Initialize(string, time.Duration, time.Duration, map[string]string) error

    // Register to the discovery.
    Register(string) error
}

Watcher interface用于node加入或移除出cluster时的回调函数。Initialize用于backend的初始化,而Register用于将node加入cluster

 

docker笔记(10)—— “EXPOSE”,“–expose=[]”,“-P”和“-p=[]”

A Brief Primer on Docker Networking Rules: EXPOSE, -p, -P, –link对“EXPOSE”,“--expose=[]”,“-P”和“-p=[]”做了详细介绍:

 

Capture

EXPOSE”和“--expose=[]”会expose container中的端口,但是不会映射到host上的端口,因此这些端口只能在这个host上访问。“-P”把所有expose出来的端口映射到host上的端口,而“-p=[]”则会动态指定containerhost之间的端口映射。

其它参考资料:
Why does a Docker container running a server expose port to the outside world even though said port is blocked by iptables?
Exposing a container port on host

docker笔记(9)—— 通过systemd管理docker

包括RHEL在内的很多Linux操作系统通过systemd管理docker。例如启动和停止docker daemon

# systemctl start docker
# systemctl stop docker

另外,可以使用systemctl status docker检查目前docker daemon的运行状态:

# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled)
  Drop-In: /etc/systemd/system/docker.service.d
           └─http-proxy.conf
   Active: active (running) since Mon 2016-03-28 23:04:48 EDT; 21min ago
     Docs: https://docs.docker.com
 Main PID: 64991 (docker)
   CGroup: /system.slice/docker.service
           └─64991 /usr/bin/docker daemon -D -H fd://

Mar 28 23:08:51 lxc-dl980-g7-1-hLinux docker[64991]: time="2016-03-28T23:08:51.685679667-04:00" level=debug msg="devmapper: Delete...START"
Mar 28 23:08:51 lxc-dl980-g7-1-hLinux docker[64991]: time="2016-03-28T23:08:51.688765554-04:00" level=debug msg="devmapper: issueD...START"
Mar 28 23:08:51 lxc-dl980-g7-1-hLinux docker[64991]: time="2016-03-28T23:08:51.689292872-04:00" level=debug msg="devmapper: activa...c9f6)"
Mar 28 23:08:53 lxc-dl980-g7-1-hLinux docker[64991]: time="2016-03-28T23:08:53.050572512-04:00" level=debug msg="devmapper: issueD.... END"
.....

配置文件是/lib/systemd/system/docker.service,修改这个文件后要记得使用systemctl daemon-reload命令重新加载一下。

systemctl show docker命令显示docker的各种配置信息:

~# systemctl show docker
Type=notify
Restart=no
NotifyAccess=main
RestartUSec=100ms
TimeoutStartUSec=0
TimeoutStopUSec=1min 30s
WatchdogUSec=0
WatchdogTimestampMonotonic=0
StartLimitInterval=10000000
StartLimitBurst=5
StartLimitAction=none
FailureAction=none
PermissionsStartOnly=no
......

关于如何使用journalctl查看log,可以参考https://www.loggly.com/ultimate-guide/using-journalctl/

绑定service和运行的CPUhttps://www.golinuxhub.com/2018/02/how-to-assign-service-to-specific-core/ 。

参考资料:
Control and configure Docker with systemd

 

docker笔记(8)—— Container的生命周期

docker create创建一个containerdocker start则启动这个container

docker run相当于docker create加上docker start。需要注意的是,一旦执行完container需要做的工作,container就会退出:

# docker run hello-world

Hello from Docker.
......

# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                     PORTS               NAMES
62a13663511f        hello-world         "/hello"            5 seconds ago       Exited (0) 4 seconds ago                       compassionate_ptolemy

停止container可以使用下列两个命令:
docker kill:向container发送SIGKILL信号;
docker stop:先向container发送SIGTERM信号,过一段时间再发送SIGKILL信号。

彻底干掉container使用docker rm命令。移除所有已经停止的container可以使用下列命令:

$ docker rm $(docker ps -a -q)

参考资料:
Docker Cookbook

 

docker笔记(7)—— Index,registry和repository

看一下对三个词的英文解释:

An index manages user accounts, permissions, search, tagging, and all that nice stuff that’s in the public web interface.

A registry stores and serves up the actual image assets, and it delegates authentication to the index. Docker registry is a service that is storing your docker images.

Docker repository is a collection of different docker images with same name, that have different tags.

Index是管理docker的服务(包含用户账户,操作权限,等等)。Registry是存储docker image的服务。Repository则是包含同名不同tagdocker image的集合。

参考资料:
Difference between Docker registry and repository
Where are Docker images stored?

 

docker笔记(6)—— 在docker container中执行命令的脚本

下面脚本的功能是循环地在各个container中执行命令:

#!/bin/bash -x

for i in {1..2}
do
        docker exec -i hammerdb_net${i} bash <<-EOF
        su oracle
        source /tmp/ora_env
        cd /data/oracle/tablespaces/
        rm -f *.html
        ./create_awr.sh
        mv awr.html awr_${i}.html
        EOF
done

需要注意的是在dodone之间应该使用tab而不是空格。

参考资料:
Indenting bourne shell here documents
How to write a bash script which automate entering “docker container” and doing other things?
Can’t indent heredoc to match nesting’s indent

 

docker笔记(5)—— Volume

Docker image是一系列的read-only layer。当启动container以后,在read-only layer之上会增加一个read-write layer。当需要对文件进行修改时,就要把数据从read-only layer拷贝到read-write layer。因此,image的数据不会被破坏,container相当于操作的是image数据的副本。这种read-only layerread-write layer的结合称之为Union File System

因此,为使对数据的修改能够保存下来,docker引入了volume概念:volume即是位于主机文件系统上,而不是Union File System上的目录和文件。

(1)

$ docker run -it --name container-test -h CONTAINER -v /data debian /bin/bash
root@CONTAINER:/# ls /data
root@CONTAINER:/#   

container-test中的/data目录位于主机的位置:

$ docker inspect -f {{.Volumes}} container-test
map[/data:/var/lib/docker/vfs/dir/cde167197ccc3e138a14f1a4f7c0d65b32cecbada822b0db4cc92e79059437a9] 

(2)

$ docker run -v /home/adrian/data:/data debian ls /data

这种方式直接把主机上的目录映射到container中的一个目录。

参考资料:
Understanding Volumes in Docker