一.命令行工具介绍
默认执行yum install -y docker后会安装以下docker命令行工具
[root@localhost bin]# ls -l | grep docker
-rwxr-xr-x. 1 root root 33069608 8月 21 2018 docker
-rwxr-xr-x. 1 root root 38088856 8月 21 2018 docker-containerd
-rwxr-xr-x. 1 root root 20895160 8月 21 2018 docker-containerd-ctr
-rwxr-xr-x. 1 root root 4173632 8月 21 2018 docker-containerd-shim
-rwxr-xr-x. 1 root root 68608880 8月 21 2018 dockerd
-rwxr-xr-x. 1 root root 849224 8月 21 2018 docker-init
-rwxr-xr-x. 1 root root 2411096 8月 21 2018 docker-proxy
-rwxr-xr-x. 1 root root 7639448 8月 21 2018 docker-runc1.docker docker client用来发送客户端指令
2.dockerd docker daemon 守护进程,用来管理所有docker进程,被删除后已创建的docker应用将被停止
3.docker-containerd 实际管理docker的进程,被删除后,dockerd会将其拉起,主要实现功能:日志,镜像,存储,网络等
4.docker-containerd-ctr containerd命令行工具
5.docker-containerd-shim 实际docker应用的载体,表现形式为docker ps -a看到的进程,可以使用ps aux | grep nginx查看对应进程
6.docker-init 如果你熟悉 Linux 系统,你应该知道在 Linux 系统中,1 号进程是 init 进程,是所有进程的父进程。主机上的进程出现问题时,init 进程可以帮我们回收这些问题进程。同样的,在容器内部,当我们自己的业务进程没有回收子进程的能力时,在执行 docker run 启动容器时可以添加 --init 参数,此时 Docker 会使用 docker-init 作为1号进程,帮你管理容器内子进程,例如回收僵尸进程
7.docker-proxy 负责端口转发,ps aux | grep docker可以查看到具体进程
8.docker-runc 负责实际执行容器启停的命令行工具,执行dockerfile后会退出,被containerd调用
二.调用关系图
docker(客户端CLI命令) -> dockerd(服务端) -> containerd -> 创建 containerd-shim -> runc工具
Docker将单体引擎拆分为三部分,分别为runC、containerd和dockerd,其中runC主要负责容器的运行和生命周期的管理(低层运行时)、containerd主要负责容器镜像的下载和解压等镜像管理功能(高层运行时)、dockerd主要负责提供镜像制作、上传等功能同时提供容器存储和网络的映射功能,同时也是Docker服务器端的守护进程,用来响应Docker客户端(命令行CLI工具)发来的各种容器、镜像管理的任务。
三.以下演示进程之间的关系
A.创建一个nginx应用:
docker run -dit -p 30071:80 —name nginx nginx
[root@localhost bin]# ps aux | grep docker
root 3470 0.1 12.0 628228 60168 ? Ssl 10:01 0:01 /usr/bin/dockerd # 守护进程
root 3476 0.1 5.4 336436 27224 ? Ssl 10:01 0:01 docker-containerd --config /var/run/docker/containerd/containerd.toml # 实际干活的进程
root 3618 0.0 0.5 108968 2636 ? Sl 10:02 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 30071 -container-ip 172.17.0.2 -container-port 80 #端口转发
root 3623 0.0 0.6 7488 3160 ? Sl 10:02 0:00 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ea01d464ff89d29a275818bb86444bbfdcff3b76e38aca02fb83c22a0cdb1e46 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc # 实际容器应用载体和runc工具
[root@localhost bin]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea01d464ff89 nginx "/docker-entrypoint.…" 21 minutes ago Up 18 minutes 0.0.0.0:30071->80/tcp nginxB.删除dockerd守护进程,docker应用无法使用
[root@localhost bin]# ps aux | grep docker
root 4079 1.7 10.5 609208 52796 ? Ssl 10:24 0:00 /usr/bin/dockerd
root 4085 0.5 5.2 317580 25952 ? Ssl 10:24 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
root 4241 0.0 0.1 112824 980 pts/0 S+ 10:24 0:00 grep --color=auto docker
[root@localhost bin]# kill -9 4079
[root@localhost bin]# ps aux | grep docker
root 4243 13.0 10.3 599956 51556 ? Ssl 10:25 0:00 /usr/bin/dockerd
root 4249 3.0 5.2 317516 26144 ? Ssl 10:25 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
[root@localhost bin]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea01d464ff89 nginx "/docker-entrypoint.…" 26 minutes ago Exited (0) 56 seconds ago 0.0.0.0:30071->80/tcp nginxC.删除docker-contained,将会被自动拉起,不影响应用使用
[root@localhost bin]# ps aux | grep docker | grep -v grep
root 4243 0.2 11.1 619772 55560 ? Ssl 10:25 0:00 /usr/bin/dockerd
root 4249 0.1 5.3 317580 26652 ? Ssl 10:25 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
root 4394 0.0 0.5 108968 2636 ? Sl 10:27 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 30071 -container-ip 172.17.0.2 -container-port 80
root 4399 0.0 0.5 8896 2808 ? Sl 10:27 0:00 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ea01d464ff89d29a275818bb86444bbfdcff3b76e38aca02fb83c22a0cdb1e46 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
[root@localhost bin]# kill -9 4249
[root@localhost bin]# ps aux | grep docker | grep -v grep
root 4243 1.1 13.6 631720 68060 ? Ssl 10:25 0:02 /usr/bin/dockerd
root 4394 0.0 0.5 108968 2636 ? Sl 10:27 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 30071 -container-ip 172.17.0.2 -container-port 80
root 4399 0.0 0.5 8896 2808 ? Sl 10:27 0:00 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ea01d464ff89d29a275818bb86444bbfdcff3b76e38aca02fb83c22a0cdb1e46 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
[root@localhost bin]# ps aux | grep docker | grep -v grep
root 4243 2.8 13.8 632840 69172 ? Ssl 10:25 0:05 /usr/bin/dockerd
root 4394 0.0 0.5 108968 2636 ? Sl 10:27 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 30071 -container-ip 172.17.0.2 -container-port 80
root 4399 0.0 0.5 8896 2808 ? Sl 10:27 0:00 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ea01d464ff89d29a275818bb86444bbfdcff3b76e38aca02fb83c22a0cdb1e46 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
root 4485 0.6 5.1 381996 25712 ? Ssl 10:28 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
[root@localhost bin]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea01d464ff89 nginx "/docker-entrypoint.…" 30 minutes ago Up About a minute 0.0.0.0:30071->80/tcp nginxD.删除docker-proxy,docker-proxy将变成僵尸进程,且应用无法访问,此时需要删除dockerd,僵尸进程才可以删除
[root@localhost bin]# !ps
ps aux | grep docker | grep -v grep
root 4243 1.8 13.8 632840 69172 ? Ssl 10:25 0:05 /usr/bin/dockerd
root 4394 0.0 0.5 108968 2636 ? Sl 10:27 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 30071 -container-ip 172.17.0.2 -container-port 80
root 4399 0.0 0.5 8896 2840 ? Sl 10:27 0:00 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ea01d464ff89d29a275818bb86444bbfdcff3b76e38aca02fb83c22a0cdb1e46 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
root 4485 0.1 5.2 383116 25972 ? Ssl 10:28 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
[root@localhost bin]# kill -9 4394
[root@localhost bin]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea01d464ff89 nginx "/docker-entrypoint.…" 32 minutes ago Up 3 minutes 0.0.0.0:30071->80/tcp nginx
[root@localhost bin]# ps aux | grep docker | grep -v grep
root 4243 1.6 13.8 632840 69172 ? Ssl 10:25 0:05 /usr/bin/dockerd
root 4394 0.0 0.0 0 0 ? Z 10:27 0:00 [docker-proxy] <defunct>
root 4399 0.0 0.5 8896 2808 ? Sl 10:27 0:00 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ea01d464ff89d29a275818bb86444bbfdcff3b76e38aca02fb83c22a0cdb1e46 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
root 4485 0.1 5.2 383116 25972 ? Ssl 10:28 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
[root@localhost bin]# ps aux | grep docker | grep -v grep
root 4243 1.6 13.8 632840 69172 ? Ssl 10:25 0:05 /usr/bin/dockerd
root 4394 0.0 0.0 0 0 ? Z 10:27 0:00 [docker-proxy] <defunct>
root 4399 0.0 0.5 8896 2808 ? Sl 10:27 0:00 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ea01d464ff89d29a275818bb86444bbfdcff3b76e38aca02fb83c22a0cdb1e46 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
root 4485 0.1 5.2 383116 25972 ? Ssl 10:28 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
[root@localhost bin]# !curl
curl http://localhost:30071
curl: (7) Failed connect to localhost:30071; 拒绝连接E.删除docker-shim,该docker应用无法使用
[root@localhost bin]# ps aux | grep docker | grep -v grep
root 4617 0.4 10.8 619772 54160 ? Ssl 10:35 0:00 /usr/bin/dockerd
root 4623 0.1 5.3 317580 26672 ? Ssl 10:35 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
root 4801 0.0 0.5 108968 2632 ? Sl 10:36 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 30071 -container-ip 172.17.0.2 -container-port 80
root 4806 0.0 0.4 7360 2488 ? Sl 10:36 0:00 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/ea01d464ff89d29a275818bb86444bbfdcff3b76e38aca02fb83c22a0cdb1e46 -address /var/run/docker/containerd/docker-containerd.sock -containerd-binary /usr/bin/docker-containerd -runtime-root /var/run/docker/runtime-runc
[root@localhost bin]# kill -9 4806
[root@localhost bin]# ps aux | grep docker | grep -v grep
root 4617 0.3 11.0 619772 54960 ? Ssl 10:35 0:00 /usr/bin/dockerd
root 4623 0.1 5.3 317580 26672 ? Ssl 10:35 0:00 docker-containerd --config /var/run/docker/containerd/containerd.toml
[root@localhost bin]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea01d464ff89 nginx "/docker-entrypoint.…" 38 minutes ago Exited (137) 11 seconds ago nginx
