search

todaygood / container-lab

for docker
0 stars 0 forks source link

使用cc-runtime作为docker runtime 之后运行容器失败 #2

Open todaygood opened 6 years ago

todaygood commented 6 years ago

试用clearContainer

参见Clear Container installation on Centos7

[root@mycentos7 runtime]# docker info 
Containers: 11
 Running: 0
 Paused: 0
 Stopped: 11
Images: 83
Server Version: 17.12.0-ce
Storage Driver: btrfs
 Build Version: Btrfs v4.9.1
 Library Version: 102
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: cc-runtime runc
Default Runtime: cc-runtime
Init Binary: docker-init
containerd version: 89623f28b87a6004d4b785663257362d1658a729
runc version: ee89afd (expected: b2567b37d7b75eb4cf325b77297b140ea686ce8f)
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-693.2.2.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 976.3MiB
Name: mycentos7.marginhu.com
ID: CD7I:3FNV:YV7D:OFFF:HIUX:DEU3:KZ7U:I2EG:ZSKL:MG4D:YK5G:3DYL
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 20
 Goroutines: 35
 System Time: 2018-02-19T10:16:16.090786655+08:00
 EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Registry Mirrors:
 https://ou5mvdtq.mirror.aliyuncs.com/
Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Case 运行失败

[root@mycentos7 runtime]# docker run -it hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
ca4f61b1923c: Pull complete 
Digest: sha256:083de497cff944f969d8499ab94f07134c50bcf5e6b9559b27182d3fa80ce3f7
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: OCI runtime create failed: qemu-system-x86_64: -m 2048M,slots=2,max
mem=2000M: invalid value of -m option maxmem: maximum memory size (0x7d000000) must be at least the initial memory size (0x80000000): unknown.
todaygood commented 6 years ago

该server是一个vmware虚拟机, 

[root@mycentos7 ~]# free -m 
              total        used        free      shared  buff/cache   available
Mem:            975         289         343           6         341         475
Swap:          2047           0        2047

修改内存大小从1G到2G

[root@mycentos7 ~]# free -m 
              total        used        free      shared  buff/cache   available
Mem:           1999         310        1344           6         344        1584
Swap:          2047           0        2047
[root@mycentos7 ~]# docker run -it   hello-world
docker: Error response from daemon: OCI runtime create failed: Could not access KVM kernel module: No s
uch file or directoryfailed to initialize KVM: No such file or directory: unknown.
[root@mycentos7 ~]# modprobe kvm
[root@mycentos7 ~]# modprobe kvm_intel
[root@mycentos7 ~]# docker run -it hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://cloud.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/engine/userguide/

看来这个clearContainers使用qemu-kvm 

[root@mycentos7 ~]# ps aux |grep kvm
root        614  0.0  0.0      0     0 ?        S<   10:51   0:00 [kvm-irqfd-clean]
root      12553  0.0  0.0 112668   976 pts/0    S+   10:57   0:00 grep --color=auto kvm

[root@mycentos7 ~]# docker run -idt 196e0ce0c9fb bash
609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19

[root@mycentos7 ~]# ps aux |grep kvm 
root        614  0.0  0.0      0     0 ?        S<   10:51   0:00 [kvm-irqfd-clean]
root      12665 56.8  6.2 2361652 116044 ?      Sl   10:58   0:05 /usr/local/bin/qemu-system-x86_64 -na
me pod-609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19 -uuid e358cad7-c3f4-4abe-aaad-f06417070b5c -machine pc,accel=kvm,kernel_irqchip,nvdimm -cpu host,pmu=off -qmp unix:/run/virtcontainers/pods/609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19/mon-e358cad7-c3f4,server,nowait -qmp unix:/run/virtcontainers/pods/609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19/ctl-e358cad7-c3f4,server,nowait -m 2048M,slots=2,maxmem=2846M -device virtio-serial-pci,disable-modern=true,id=serial0 -device virtconsole,chardev=charconsole0,id=console0 -chardev socket,id=charconsole0,path=/run/virtcontainers/pods/609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19/console.sock,server,nowait -device nvdimm,id=nv0,memdev=mem0 -object memory-backend-file,id=mem0,mem-path=/usr/share/clear-containers/cc-20640-agent-4186b0.img,size=134217728 -device pci-bridge,bus=pci.0,id=pci-bridge-0,chassis_nr=1,shpc=on -device virtserialport,chardev=charch0,id=channel0,name=sh.hyper.channel.0 -chardev socket,id=charch0,path=/run/virtcontainers/pods/609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19/hyper.sock,server,nowait -device virtserialport,chardev=charch1,id=channel1,name=sh.hyper.channel.1 -chardev socket,id=charch1,path=/run/virtcontainers/pods/609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19/tty.sock,server,nowait -device virtio-9p-pci,disable-modern=true,fsdev=extra-9p-hyperShared,mount_tag=hyperShared -fsdev local,id=extra-9p-hyperShared,path=/run/hyper/shared/pods/609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19,security_model=none -netdev tap,id=network-0,vhost=on,vhostfds=3:4:5:6:7:8:9:10,fds=11:12:13:14:15:16:17:18 -device driver=virtio-net-pci,netdev=network-0,mac=02:42:ac:11:00:02,disable-modern=true,mq=on,vectors=18 -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -vga none -no-user-config -nodefaults -nographic -daemonize -kernel /usr/share/clear-containers/vmlinuz-4.9.60-84.1.container -append root=/dev/pmem0p1 rootflags=dax,data=ordered,errors=remount-ro rw rootfstype=ext4 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k panic=1 console=hvc0 console=hvc1 initcall_debug iommu=off cryptomgr.notests net.ifnames=0 pci=lastbus=0 quiet systemd.show_status=false init=/usr/lib/systemd/systemd systemd.unit=clear-containers.target systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket ip=::::::609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19::off:: -smp 1,cores=1,threads=1,sockets=1
root      12678  0.0  0.0      0     0 ?        S    10:58   0:00 [kvm-pit/12665]
root      12715  0.0  0.0 112668   976 pts/0    R+   10:58   0:00 grep --color=auto kvm
todaygood commented 6 years ago

观察

[root@mycentos7 ~]# cc-runtime --version
cc-runtime  : 3.0.18
   commit   : ee89afd
   OCI specs: 1.0.1

[root@mycentos7 609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19]# ls
609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19  hyper.sock         network.json
agent.json                                                        hypervisor.json    proxy.sock
console.sock                                                      lock               state.json
ctl-e358cad7-c3f4                                                 mon-e358cad7-c3f4  tty.sock
[root@mycentos7 609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19]# pwd
/run/virtcontainers/pods/609816365e90770a99f47af38f9707e7258de74d79ded6275ce6ca1255b88c19