你也许会好奇Docker是怎样启动的,Docker run 之后发生了什么?
本文尝试解释这个问题,如果有不对的还请指出。

安装Docker之后,在/usr/lib/systemd/system/docker.sercice可以找到Docker的启动配置,

首先让我们打开两个终端,登到服务器上,停掉Docker的守护进程,手动启动Docker,

1
2

然后在一个终端上运行一个容器
docker run -d --name demo vsxen/k8s sleep 1d
然后你就会看到之前终端的输出是下面这样的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
803992695+08:00] Calling POST /v1.37/containers/create?name=demo
804435991+08:00] form data: {"AttachStderr":false,"AttachStdin":false,"AttachStdout":false,"Cmd":["sleep","1d"],"Domainname":"","Entrypoint":null,"Env":[],"HostConfig":
{"AutoRemove":false,"Binds":null,"BlkioDeviceReadBps":null,"BlkioDeviceReadIOps":null,"BlkioDeviceWriteBps":null,"BlkioDeviceWriteIOps":null,"BlkioWeight":0,
"BlkioWeightDevice":[],"CapAdd":null,"CapDrop":null,"Cgroup":"","CgroupParent":"","ConsoleSize":[0,0],"ContainerIDFile":"","CpuCount":0,"CpuPercent":0,"CpuPeriod":0,
"CpuQuota":0,"CpuRealtimePeriod":0,"CpuRealtimeRuntime":0,"CpuShares":0,"CpusetCpus":"","CpusetMems":"","DeviceCgroupRules":null,"Devices":[],"DiskQuota":0,"Dns":[],
"DnsOptions":[],"DnsSearch":[],"ExtraHosts":null,"GroupAdd":null,"IOMaximumBandwidth":0,"IOMaximumIOps":0,"IpcMode":"","Isolation":"","KernelMemory":0,"Links":null,
"LogConfig":{"Config":{},"Type":""},"Memory":0,"MemoryReservation":0,"MemorySwap":0,"MemorySwappiness":-1,"NanoCpus":0,"NetworkMode":"default","OomKillDisable":
false,"OomScoreAdj":0,"PidMode":"","PidsLimit":0,"PortBindings":{},"Privileged":false,"PublishAllPorts":false,"ReadonlyRootfs":false,"RestartPolicy":
{"MaximumRetryCount":0,"Name":"no"},"SecurityOpt":null,"ShmSize":0,"UTSMode":"","Ulimits":null,"UsernsMode":"","VolumeDriver":"","VolumesFrom":null},
"Hostname":"","Image":"vsxen/k8s","Labels":{},"NetworkingConfig":{"EndpointsConfig":{}},"OnBuild":null,"OpenStdin":false,"StdinOnce":false,"Tty":false,
"User":"","Volumes":{},"WorkingDir":""}
806495772+08:00] Calling GET /v1.37/info
818830810+08:00] Calling POST /v1.37/images/create?fromImage=vsxen%2Fk8s&tag=latest
819790581+08:00] hostDir: /etc/docker/certs.d/kuamavit.mirror.aliyuncs.com
988618315+08:00] hostDir: /etc/docker/certs.d/registry.docker-cn.com
989356593+08:00] hostDir: /etc/docker/certs.d/docker.mirrors.ustc.edu.cn
989403187+08:00] Trying to pull vsxen/k8s from https://kuamavit.mirror.aliyuncs.com/ v2
846006535+08:00] Pulling ref from V2 registry: vsxen/k8s:latest
846348869+08:00] pulling blob "sha256:a073c86ecf9e0f29180e80e9638d4c741970695851ea48247276c32c57e40282"
846399492+08:00] pulling blob "sha256:2c6e38c9a4d87a6f057e48456f506b2e613d444771f90270bb89222e0cdcffdc"
039455746+08:00] Downloaded 2c6e38c9a4d8 to tempfile /var/lib/docker/tmp/GetImageBlob852666233
063967425+08:00] Downloaded a073c86ecf9e to tempfile /var/lib/docker/tmp/GetImageBlob130530818
064575247+08:00] Applying tar in /var/lib/docker/overlay2/ac670ad909a3da7b4bb59ae46c77e1c203bdb186a936254b9e9b0020f14a7011/diff
218217702+08:00] Applied tar sha256:8dfad20556038ab47a4913f593ce538a1cd5dad200d557fd9f18c38e795cffdf to ac670ad909a3da7b4bb59ae46c77e1c203bdb186a936254b9e9b0020f14a7011,
size: 4027841
248688030+08:00] Applying tar in /var/lib/docker/overlay2/e149fd921b28516319e7f777d669f71320e335620b330074ea799805c8836882/diff
811328386+08:00] Applied tar sha256:82e84b8b8bf04ada7ce330ce0ed5c77e3414a5079a8a1a78c7b38613b0268c6e to e149fd921b28516319e7f777d669f71320e335620b330074ea799805c8836882,
size: 11125045
872122134+08:00] Calling POST /v1.37/containers/create?name=demo
872425785+08:00] form data: {"AttachStderr":false,"AttachStdin":false,"AttachStdout":false,"Cmd":["sleep","1d"],"Domainname":"","Entrypoint":null,"Env":[],"HostConfig":
{"AutoRemove":false,"Binds":null,"BlkioDeviceReadBps":null,"BlkioDeviceReadIOps":null,"BlkioDeviceWriteBps":null,"BlkioDeviceWriteIOps":null,"BlkioWeight":0,
"BlkioWeightDevice":[],"CapAdd":null,"CapDrop":null,"Cgroup":"","CgroupParent":"","ConsoleSize":[0,0],"ContainerIDFile":"","CpuCount":0,"CpuPercent":0,"CpuPeriod":0,
"CpuQuota":0,"CpuRealtimePeriod":0,"CpuRealtimeRuntime":0,"CpuShares":0,"CpusetCpus":"","CpusetMems":"","DeviceCgroupRules":null,"Devices":[],"DiskQuota":0,"Dns":[],
"DnsOptions":[],"DnsSearch":[],"ExtraHosts":null,"GroupAdd":null,"IOMaximumBandwidth":0,"IOMaximumIOps":0,"IpcMode":"","Isolation":"","KernelMemory":0,"Links":null,
"LogConfig":{"Config":{},"Type":""},"Memory":0,"MemoryReservation":0,"MemorySwap":0,"MemorySwappiness":-1,"NanoCpus":0,"NetworkMode":"default","OomKillDisable":false,
"OomScoreAdj":0,"PidMode":"","PidsLimit":0,"PortBindings":{},"Privileged":false,"PublishAllPorts":false,"ReadonlyRootfs":false,"RestartPolicy":{"MaximumRetryCount":0,
"Name":"no"},"SecurityOpt":null,"ShmSize":0,"UTSMode":"","Ulimits":null,"UsernsMode":"","VolumeDriver":"","VolumesFrom":null},"Hostname":"","Image":"vsxen/k8s","Labels":{},
"NetworkingConfig":{"EndpointsConfig":{}},"OnBuild":null,"OpenStdin":false,"StdinOnce":false,"Tty":false,"User":"","Volumes":{},"WorkingDir":""}
887483763+08:00] container mounted via layerStore: &{/var/lib/docker/overlay2/21ff2c37012c6eff30d88b62769235f90e54805c71bc793b23572f984b9a359b/merged 0x2f42600 0x2f42600}
898821677+08:00] Calling POST /v1.37/containers/3ba24bd7565ac01d5dc1b35ac1f67b3d150b77bf7358d017a282efaa38459aa9/wait?condition=next-exit
899626974+08:00] Calling POST /v1.37/containers/3ba24bd7565ac01d5dc1b35ac1f67b3d150b77bf7358d017a282efaa38459aa9/start
900416738+08:00] container mounted via layerStore: &{/var/lib/docker/overlay2/21ff2c37012c6eff30d88b62769235f90e54805c71bc793b23572f984b9a359b/merged 0x2f42600 0x2f42600}
900848809+08:00] Assigning addresses for endpoint demo's interface on network bridge
900868754+08:00] RequestAddress(LocalDefault/192.168.0.0/20, <nil>, map[])
900886343+08:00] Received set for ordinal 0, start 0, end 4095, any true, release false, serial:false curr:0
910805476+08:00] Assigning addresses for endpoint demo's interface on network bridge
920134116+08:00] Programming external connectivity on endpoint demo (9a96a09aa95c684420fc1cafb74954c794921eaad388a54f8e292feaf7618cd7)
932291097+08:00] EnableService 3ba24bd7565ac01d5dc1b35ac1f67b3d150b77bf7358d017a282efaa38459aa9 START
932317648+08:00] EnableService 3ba24bd7565ac01d5dc1b35ac1f67b3d150b77bf7358d017a282efaa38459aa9 DONE
938982303+08:00] bundle dir created bundle=/var/run/docker/containerd/3ba24bd7565ac01d5dc1b35ac1f67b3d150b77bf7358d017a282efaa38459aa9
module=libcontainerd namespace=moby root=/var/lib/docker/overlay2/21ff2c37012c6eff30d88b62769235f90e54805c71bc793b23572f984b9a359b/merged
DEBU[0025] event published module="containerd/containers" ns=moby topic="/containers/create" type=containerd.events.ContainerCreate
INFO[0025] shim docker-containerd-shim started address="/containerd-shim/moby/3ba24bd7565ac01d5dc1b35ac1f67b3d150b77bf7358d017a282efaa38459aa9/shim.sock"
debug=true module="containerd/tasks" pid=6391
DEBU[0000] registering ttrpc server
DEBU[0000] serving api on unix socket socket="[inherited from parent]"
DEBU[2018-07-27T09:21:01.052338704+08:00] sandbox set key processing took 40.208089ms for container 3ba24bd7565ac01d5dc1b35ac1f67b3d150b77bf7358d017a282efaa38459aa9
DEBU[0025] event published module="containerd/tasks" ns=moby topic="/tasks/create" type=containerd.events.TaskCreate
DEBU[2018-07-27T09:21:01.077928074+08:00] event module=libcontainerd namespace=moby topic=/tasks/create
DEBU[0025] event published module="containerd/tasks" ns=moby topic="/tasks/start" type=containerd.events.TaskStart
DEBU[2018-07-27T09:21:01.096959004+08:00] event module=libcontainerd namespace=moby topic=/tasks/start

首先docker 会POST /v1.37/containers/create?name=demo
下一段就是POST的数据,很明显是一段json,用python格式化之后是下面这样的
其中有很多值都是false,因为docker run 的参数其实是非常多的,但是我就给了几个,
所有其他的都是默认

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
{
"AttachStderr": false,
"AttachStdin": false,
"AttachStdout": false,
"Cmd": [
"sleep",
"1d"
],
"Domainname": "",
"Entrypoint": null,
"Env": [],
"HostConfig": {
"AutoRemove": false,
"Binds": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceWriteIOps": null,
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"CapAdd": null,
"CapDrop": null,
"Cgroup": "",
"CgroupParent": "",
"ConsoleSize": [
0,
0
],
"ContainerIDFile": "",
"CpuCount": 0,
"CpuPercent": 0,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpuShares": 0,
"CpusetCpus": "",
"CpusetMems": "",
"DeviceCgroupRules": null,
"Devices": [],
"DiskQuota": 0,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IOMaximumBandwidth": 0,
"IOMaximumIOps": 0,
"IpcMode": "",
"Isolation": "",
"KernelMemory": 0,
"Links": null,
"LogConfig": {
"Config": {},
"Type": ""
},
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"NanoCpus": 0,
"NetworkMode": "default",
"OomKillDisable": false,
"OomScoreAdj": 0,
"PidMode": "",
"PidsLimit": 0,
"PortBindings": {},
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"RestartPolicy": {
"MaximumRetryCount": 0,
"Name": "no"
},
"SecurityOpt": null,
"ShmSize": 0,
"UTSMode": "",
"Ulimits": null,
"UsernsMode": "",
"VolumeDriver": "",
"VolumesFrom": null
},
"Hostname": "",
"Image": "vsxen/k8s",
"Labels": {},
"NetworkingConfig": {
"EndpointsConfig": {}
},
"OnBuild": null,
"OpenStdin": false,
"StdinOnce": false,
"Tty": false,
"User": "",
"Volumes": {},
"WorkingDir": ""
}

然后docker就会去寻找vsxen/k8s的镜像,发现本地并没有这个镜像,于是就去registry上面拉,
于是就有了POST /v1.37/images/create?fromImage=vsxen%2Fk8s&tag=latest
先试了一下证书文件(我配置了三个加速器),然后发现https://kuamavit.mirror.aliyuncs.com/
上面有,就开始拉(比较好奇顺序问题),最后下载了镜像的tar文件,解压后放到/var/lib/docker/overlay2/
目录,这就完成了镜像拉取。下一步开始创建。

之后会分配一个IP地址Assigning addresses for endpoint demo’s interface on network bridge

然后交由shim处理shim docker-containerd-shim started

/ # ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: tunl0@NONE: mtu 1480 qdisc noop state DOWN qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
151: eth0@if152: mtu 1500 qdisc noqueue state UP
link/ether 02:42:c0:a8:00:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.2/20 brd 192.168.15.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ip r
default via 192.168.0.1 dev eth0
192.168.0.0/20 dev eth0 src 192.168.0.2