systemd整合:
因为systemd要求CAPSYSADMIN授权,从而得到了读取到宿主机cgroup的能力,Centos7中已经用fakesystemd代替了systemd来解决依赖问题。如果仍然希望使用systemd,可用参考下面的Dockerfile:
mkdir systemd/ vim dockerfile
# systemd_centos7
FROM centos:7
ENV container docker ##环境
RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
RUN yum -y ipdate; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done);\
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
# systemd_centos7 FROM centos:7 ENV container docker ##环境 RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs RUN yum -y ipdate; yum clean all; \ (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done);\ rm -f /lib/systemd/system/multi-user.target.wants/*;\ rm -f /etc/systemd/system/*.wants/*;\ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*;\ rm -f /lib/systemd/system/anaconda.target.wants/*; VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"]
[root@hwf systemd]# docker build -t "sys_cen7" . ##创建镜像
[root@hwf systemd]# docker build -t "sys_cen7" .
Sending build context to Docker daemon 2.56kB
Step 1/6 : FROM centos:7
---> b5b4d78bc90c
Step 2/6 : ENV container docker ##环境
---> Using cache
---> 8d7308d9a749
Step 3/6 : RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
---> Running in ac776d9b3ade
Loaded plugins: fastestmirror, ovl
No Match for argument: fakesystemd
swap remove fakesystemd
Removing intermediate container ac776d9b3ade
---> 332338bcc8de
Step 4/6 : RUN yum -y ipdate; yum clean all; (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done);rm -f /lib/systemd/system/multi-user.target.wants/*;rm -f /etc/systemd/system/*.wants/*;rm -f /lib/systemd/system/local-fs.target.wants/*; rm -f /lib/systemd/system/sockets.target.wants/*udev*; rm -f /lib/systemd/system/sockets.target.wants/*initctl*; rm -f /lib/systemd/system/basic.target.wants/*;rm -f /lib/systemd/system/anaconda.target.wants/*;
---> Running in 7e3e0c23ece8
Loaded plugins: fastestmirror, ovl
No such command: ipdate. Please use /usr/bin/yum --help
Loaded plugins: fastestmirror, ovl
Cleaning repos: base extras updates
Removing intermediate container 7e3e0c23ece8
---> 1a7433e1a4eb
Step 5/6 : VOLUME [ "/sys/fs/cgroup" ]
---> Running in 48fd11b7429a
Removing intermediate container 48fd11b7429a
---> 92bfddc0fa36
Step 6/6 : CMD ["/usr/sbin/init"]
---> Running in bf744c04a978
Removing intermediate container bf744c04a978
---> e9a3fe778a78
Successfully built e9a3fe778a78
Successfully tagged sys_cen7:latest
在这个镜像的基础上写一个httpd的dockerfile进行测试
mkdir httpd vim dockerfile
# centos7_systemd_httpd
FROM sys_cen7:latest
RUN yum -y install httpd
EXPOSE 80
CMD ["/usr/sbin/init"]
制作镜像,登陆进去进行验证
[root@hwf httpd]# docker build -t "http_sys" .
启动容器
--privileged 授权参数必须加, -v /sys/fs/cgroup/:/sys/fs/cgroup:ro 参数必须加
[root@hwf httpd]# docker container run --privileged -it -v /sys/fs/cgroup/:/sys/fs/cgroup:ro -p 8003:80 http_sys:latest
[root@hwf httpd]# docker container run --privileged -it -v /sys/fs/cgroup/:/sys/fs/cgroup:ro -p 8003:80 http_sys:latest
这里会卡主,然后退出容器,不要关闭,用exec连接进去
[root@hwf httpd]# docker container exec -it 9d514ce07b08 bash
进行验证
[root@9d514ce07b08 /]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)

评论