文章目錄
- 探討話題
- 實戰剖析
- 1、不配引數
- 2、帶引數
- 附官方配置
探討話題
執行以下命令后,運行的docker容器還能正常提供服務嗎?或者換種說法,容器內對應的服務行程還存在嗎?
~]# systemctl stop docker.service
此問題是我一個同事拋出來的,當時我沒經過太多思考,也直接進行了回答:“不能說停掉,是你本身就沒docker守護行程了,有多少個容器你也看不到了,再往后推理,容器也提供不了對應的服務,”,當時我是這樣回答的,接著我又拋出了這個話題,在深圳的一位朋友(高級云原生工程師:包包),他回復默認是所有docker容器都會受影響的,但是記得好像有一種是不受影響的,最后也找到了Docker官方提供的鏈接 https://docs.docker.com/config/containers/live-restore/
附當時的爭論記錄
最后的仰慕
實戰剖析
1、不配引數
docker組態檔概覽
[root@VM-0-30-centos ~]# cat /etc/docker/daemon.json
{
"graph": "/data/ti-platform/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com","quay.io"],
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
"bip": "172.0.30.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver":"json-file",
"log-opts": {
"max-size": "256M",
"max-file": "3"
}
}
查看當前運行的容器
查看docker.service狀態
執行重啟docker動作,發現所有容器狀態已經變為Exited,這時會引來一個問題,假如我們剛好需要重啟docker,不可能一重啟其他容器就都退出了,還要手動進行啟動,這個就成了一個很反感的問題,也會使服務例外,
于是查看Docker官方https://docs.docker.com/config/containers/live-restore/ 有提供引數,無論是停止docker、還是重啟,都不會影響我容器里邊的服務,也就是服務不會產生中斷,接下來看操作演示,
2、帶引數
docker組態檔概覽
[root@VM-0-30-centos ~]# cat /etc/docker/daemon.json
{
"graph": "/data/ti-platform/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com","quay.io"],
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
"bip": "172.0.30.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver":"json-file",
"log-opts": {
"max-size": "256M",
"max-file": "3"
},
"live-restore": true #官方提供的特殊引數
}
重啟生效
[root@VM-0-30-centos ~]# systemctl daemon-reload
[root@VM-0-30-centos ~]# systemctl restart docker
驗證stop docker.service,可以看出docker服務已處于不可運行狀態
通過公網IP訪問Nginx服務,結論:訪問正常
檢查本地docker行程也是不存在的,符合預期,
接下來分析一下背后實作的邏輯
首先,停止docker服務后還能繼續提供服務,它背后的邏輯是在停止前會拍攝類似于一個快照的東西,并且它當前快照是處于激活狀態的, 其實更專業一點應該叫瞬態存根,可以看出以下有.scope結尾的檔案,其實它就是以服務的角色存在,
查看這個服務的狀態,那么是處于active狀態,并且也可以看出是nginx容器的
其他會自動保存一個檔案,也就是本文前邊所提到的瞬態存根
研究了一下 如果你運行有多個容器,停掉之后它就會有對應多個瞬態存根,而且都是激活狀態,所以停止docker.service后,服務是不會受影響的,還是可以保持不中斷的狀態,
附官方配置
/etc/docker/daemon.json
{
"allow-nondistributable-artifacts": [],
"api-cors-header": "",
"authorization-plugins": [],
"bip": "",
"bridge": "",
"cgroup-parent": "",
"cluster-advertise": "",
"cluster-store": "",
"cluster-store-opts": {},
"containerd": "/run/containerd/containerd.sock",
"containerd-namespace": "docker",
"containerd-plugin-namespace": "docker-plugins",
"data-root": "",
"debug": true,
"default-address-pools": [
{
"base": "172.30.0.0/16",
"size": 24
},
{
"base": "172.31.0.0/16",
"size": 24
}
],
"default-cgroupns-mode": "private",
"default-gateway": "",
"default-gateway-v6": "",
"default-runtime": "runc",
"default-shm-size": "64M",
"default-ulimits": {
"nofile": {
"Hard": 64000,
"Name": "nofile",
"Soft": 64000
}
},
"dns": [],
"dns-opts": [],
"dns-search": [],
"exec-opts": [],
"exec-root": "",
"experimental": false,
"features": {},
"fixed-cidr": "",
"fixed-cidr-v6": "",
"group": "",
"hosts": [],
"icc": false,
"init": false,
"init-path": "/usr/libexec/docker-init",
"insecure-registries": [],
"ip": "0.0.0.0",
"ip-forward": false,
"ip-masq": false,
"iptables": false,
"ip6tables": false,
"ipv6": false,
"labels": [],
"live-restore": true,
"log-driver": "json-file",
"log-level": "",
"log-opts": {
"cache-disabled": "false",
"cache-max-file": "5",
"cache-max-size": "20m",
"cache-compress": "true",
"env": "os,customer",
"labels": "somelabel",
"max-file": "5",
"max-size": "10m"
},
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"max-download-attempts": 5,
"mtu": 0,
"no-new-privileges": false,
"node-generic-resources": [
"NVIDIA-GPU=UUID1",
"NVIDIA-GPU=UUID2"
],
"oom-score-adjust": -500,
"pidfile": "",
"raw-logs": false,
"registry-mirrors": [],
"runtimes": {
"cc-runtime": {
"path": "/usr/bin/cc-runtime"
},
"custom": {
"path": "/usr/local/bin/my-runc-replacement",
"runtimeArgs": [
"--debug"
]
}
},
"seccomp-profile": "",
"selinux-enabled": false,
"shutdown-timeout": 15,
"storage-driver": "",
"storage-opts": [],
"swarm-default-advertise-addr": "",
"tls": true,
"tlscacert": "",
"tlscert": "",
"tlskey": "",
"tlsverify": true,
"userland-proxy": false,
"userland-proxy-path": "/usr/libexec/docker-proxy",
"userns-remap": ""
}
參考資料:https://my.oschina.net/xsh1208/blog/1837768
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/342000.html
標籤:其他
上一篇:Aruco碼估計相機位姿初步