Pursue container architecture with mincs
•
1 like•292 views
It's talking about container and MINCS which is the implementation of containerising software in pure shell script
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Pursue container architecture with mincs
Similar to Pursue container architecture with mincs (20)
Recently uploaded
Recently uploaded (20)
Pursue container architecture with mincs
- 1. Minimum Container environment Yuki Nishiwaki
- 2. What’s Container image#2 Linux Kernel image#1 process container A Warden LXC MINCS cgroupsnamespacenetfilter netlink process NW Isorated process Software to create container It’s just process be running on the same host as containerising software like docker. But that process called as container is isolated by the feature linux kernel provided than host machine. Docker is just one of the software to create/control isolated process(container) Root namespace
- 3. Docker !== Container $ docker ps docker-containerd-shim docker-containerd-shim docker-containerd-shim dockerd docker-containerd /var/run/docker.sock Docker
- 4. Bit interesting behavior of Docker
- 5. Docker try to ensure container status as config in init stop initialising running This container should start with such a configuration. If docker fail to ensure container as configuration like failing to bind port, docker restart to do initialisation process
- 6. Docker restart normal procedure port: 7000 port: 7000 port: 7001 port: 8080 port: 80 port: 7000 port: 7000 port: 7001 port: 8080 port: 80 running runningstop initilising initilising stop Restart running --restart --restart
- 7. Docker failed to start due to one of containers port: 7000 port: 7000 port: 7001 port: 8080 port: 80 runningstop initilising initilising Binding failed due to conflicting of port Container initialisation failed due to network error stop infinite $ docker ps --restart --restart I can’t “docker ps”, means docker control plane could be dead
- 8. If docker don’t respond 1. check if dockerd is restarting repeatedly 2. if yes, remove the existing resource (/var/lib/docker/volumes, networks...)
- 9. What’s MINCS ❖ Minimum Container Shellscripts ❖ Consisit of all pure shellscripts ❖ The number of all lines ➢ 3250 lines It’s easier to understand the basic consept than other container management tool How container is managed/created
- 10. How to install MINCS $ git clone https://github.com/mhiramat/mincs.git It was supposed to finish with this one line…..
- 11. Not working …... vagrant@vagrant:~/mincs$ sudo ./minc bash unshare: invalid option -- 'p' Usage: unshare [options] <program> [args...]
- 12. unshare command is needed to replace with other ~:$ git clone https://github.com/mirror/busybox.git ~:$ cd busybox ~/busybox:$ make config require the user to fill with many configuration items…. ~/busybox:$ make install ~/busybox:$ mv _install/bin /bin/busybox
- 13. Change minc-exec script as following diff --git a/libexec/minc-exec b/libexec/minc-exec index 834b4e0..a5a1b8c 100755 --- a/libexec/minc-exec +++ b/libexec/minc-exec @@ -174,4 +174,4 @@ cd / UNSHARE_OPT= # Enter new namespace and exec command [ "$MINC_NOPRIV" ] && UNSHARE_OPT=--map-root-user -$IP_NETNS unshare $UNSHARE_OPT -iumpf $LIBEXEC/`basename $0` "$@" +$IP_NETNS busybox unshare $UNSHARE_OPT -iumpf $LIBEXEC/`basename $0` "$@"
- 14. 1. Try to create container $ sudo ./minc bash vagrant@vagrant-ubuntu-trusty:~/mincs$ sudo ./minc bash # <- enter in container mount: warning: /tmp/minc9215-334yCm/root/proc/sys seems to be mounted read-only. mount: warning: /tmp/minc9215-334yCm/root/proc/sysrq-trigger seems to be mounted read-only. mount: warning: /tmp/minc9215-334yCm/root/proc/irq seems to be mounted read-only. mount: warning: /tmp/minc9215-334yCm/root/proc/bus seems to be mounted read-only. root@vagrant-ubuntu-trusty:/# echo test >> test root@vagrant-ubuntu-trusty:/# cat /test test #<- There is /test files root@vagrant-ubuntu-trusty:/# exit exit #<- get out of container vagrant@vagrant-ubuntu-trusty:~/mincs$ cat /test cat: /test: No such file or directory # <- There is no /test file (directory tree is separated)
- 15. 2. Try to use image management vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten import ubuntu.tar.gz mincs/marten: 1: mincs/marten: jq: not found # <- need jq package vagrant@vagrant-ubuntu-trusty:~$ sudo apt-get install jq vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten import ubuntu.tar.gz Importing image: ubuntu jq: error: Cannot index number with string parse error: Invalid numeric literal #<- This is bug… it can’t import the images to contain multiples # https://github.com/mhiramat/mincs/issues/8 vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten import ubuntu_latest.tar.gz Importing image: ubuntu 9d2e5c12a9428108649812c24645eba52c030507a74c891984b3fb7f218d7690 …………. 9177e32309d14441f30648db6ba1641800c79d959d63dddc0ab7da673cd6acd9 9d2e5c12a9428108649812c24645eba52c030507a74c891984b3fb7f218d7690 vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten images #<- it works
- 16. 3. Try to create the container form images vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten images ID SIZE NAME 06bd4c05b6dc 20K (noname) 72a988653a4a 84K (noname) 891a3a3af630 138M (noname) 9177e32309d1 16K (noname) 9d2e5c12a942 16K ubuntu vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/minc -r ubuntu bash mount: special device overlayfs does not exist #<- I need fix, somehow overlayfs is enabled since kernel 3.18 To reuse this, run: mincs/minc -t 3c94cdd1629d vagrant@vagrant-ubuntu-trusty:~/mincs$ uname -r 3.13.0-24-generic #<- not supported for overlayfs vagrant@vagrant-ubuntu-trusty:~$ sudo apt-get install linux-generic-lts-vivid linux-headers-generic-lts-vivid vagrant@vagrant-ubuntu-trusty:~$ reboot
- 17. 3. Try to create the container form images root@vagrant-ubuntu-trusty:/home/vagrant/mincs# ./minc -r ubuntu mount: wrong fs type, bad option, bad superblock on overlayfs, missing codepage or helper program, or other error (for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program) In some cases useful info is found in syslog - try dmesg | tail or so root@vagrant-ubuntu-trusty:/home/vagrant/mincs# sudo dmesg | tail -f [ 1383.505546] overlayfs: failed to resolve '/var/lib/mincs/images/9d2e5c12a9428108649812c24645eba52c030507a74c891984b3fb7f218d7690/root:/var /lib/mincs/images/9177e32309d14441f30648db6ba1641800c79d959d63dddc0ab7da673cd6acd9/root:/var/lib/ mincs/images/06bd4c05b6dcfa6e669d02f4150b7842166a97ce536fbb0a98f66d2c4566c37e/root:/var/lib/mincs /images/72a988653a4a1802b617429efccfb972f0693fa6665fed9d27d912cc23590670/root:/var/lib/mincs/imag es/891a3a3af630e0853915722c47dc1a7002d2ea0218273456a12014fca609fc7d/root': -2 [ 1383.508533] overlayfs: missing upperdir or lowerdir or workdir In the case of overlayfs, we can’t use multiple base images with kernel version less than 4.0. since kernel 4.0, we can use multiple images as lowerdir.
- 18. In a nutshel Create container with no additaional image 1. rebuild latest busybox 2. correct minc-exec a little Import docker image 1. image should be single images ( it’s ok to consist of multiple images ) Create container from the image to be imported from docker 1. kernel version should be updated over 3.18 2. merge multiple images into one image if kernel version is less than 4 ← I added https://github.com/ukinau/mincs/commit/d94eb4fed4626e2f934a3ddc44912e8c2b28b269
- 19. Good articles The slide original developer - http://www.slideshare.net/mhiramat/mincs-containers-in-the-shell-script Can’t support multiple lowerlayers in overlayfs - http://queforum.com/unix-linux-basics/1008603-linux-how-use-multiple-lower-layers-overlayfs.html - http://stackoverflow.com/questions/31044982/how-to-use-multiple-lower-layers-in-overlayfs Support multiple lowerlayers in overlayfs since kernel 4.0 version - https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt