1、runc 连接
https://github.com/opencontainers/runc
[root@node01 ~]# !501
rpm -qf /usr/bin/runc
containerd.io-1.6.6-3.1.el7.x86_64
[root@node01 ~]# !502
rpm -ql containerd.io
/etc/containerd
/etc/containerd/config.toml
/usr/bin/containerd
/usr/bin/containerd-shim
/usr/bin/containerd-shim-runc-v1
/usr/bin/containerd-shim-runc-v2
/usr/bin/ctr
/usr/bin/runc
/usr/lib/systemd/system/containerd.service
/usr/share/doc/containerd.io-1.6.6
/usr/share/doc/containerd.io-1.6.6/README.md
/usr/share/licenses/containerd.io-1.6.6
/usr/share/licenses/containerd.io-1.6.6/LICENSE
/usr/share/man/man5/containerd-config.toml.5
/usr/share/man/man8/containerd-config.8
/usr/share/man/man8/containerd.8
/usr/share/man/man8/ctr.8
2、运行runc
runc 是容器的运行态,不包含镜像管理,直接使用,需要构建镜像
oci 是容器运行时的工业标准:运行时标准 runtime-spec ; 容器镜像标准 image-spec ;
docker run -dit --name busybox busybox
docker export c1 >busybox.tar
mkdir ~/rootfs
tar xf busybox.tar -c rootfs
run spec
runc create c1
runc delete c1
runc list
[root@node01 ~]# runc create c1
[root@node01 ~]# runc list
ID PID STATUS BUNDLE CREATED OWNER
c1 4323 created /root 2022-08-14T09:19:48.132364283Z root
[root@node01 ~]# runc state c1
{
"ociVersion": "1.0.2-dev",
"id": "c1",
"pid": 4323,
"status": "created",
"bundle": "/root",
"rootfs": "/root/rootfs",
"created": "2022-08-14T09:19:48.132364283Z",
"owner": ""
}[root@node01 ~]# runc pause c1
[root@node01 ~]# runc resume c1
[root@node01 ~]# runc events c1
{
"type": "stats",
"id": "c1",
"data": {
"cpu": {
"usage": {
"total": 14002365,
"percpu": [14002365],
"kernel": 0,
"user": 0
},
"throttling": {}
},
"cpuset": {
"cpus": [0],
"cpu_exclusive": 0,
"mems": [0],
"mem_hardwall": 0,
"mem_exclusive": 0,
"memory_migrate": 0,
"memory_spread_page": 0,
"memory_spread_slab": 0,
"memory_pressure": 0,
"sched_load_balance": 1,
"sched_relax_domain_level": -1
},
"memory": {
"usage": {
"limit": 9223372036854771712,
"usage": 10199040,
"max": 10211328,
"failcnt": 0
},
"swap": {
"limit": 9223372036854771712,
"usage": 10199040,
"max": 10211328,
"failcnt": 0
},
"kernel": {
"limit": 9223372036854771712,
"failcnt": 0
},
"kernelTCP": {
"limit": 9223372036854771712,
"failcnt": 0
},
"raw": {
"active_anon": 10199040,
"active_file": 0,
"cache": 0,
"hierarchical_memory_limit": 9223372036854771712,
"hierarchical_memsw_limit": 9223372036854771712,
"inactive_anon": 0,
"inactive_file": 0,
"mapped_file": 0,
"pgfault": 1678,
"pgmajfault": 0,
"pgpgin": 478,
"pgpgout": 32,
"rss": 10199040,
"rss_huge": 8388608,
"swap": 0,
"total_active_anon": 10199040,
"total_active_file": 0,
"total_cache": 0,
"total_inactive_anon": 0,
"total_inactive_file": 0,
"total_mapped_file": 0,
"total_pgfault": 1678,
"total_pgmajfault": 0,
"total_pgpgin": 478,
"total_pgpgout": 32,
"total_rss": 10199040,
"total_rss_huge": 8388608,
"total_swap": 0,
"total_unevictable": 0,
"unevictable": 0
}
},
"pids": {
"current": 4
},
"blkio": {},
"hugetlb": {
"1GB": {
"failcnt": 0
},
"2MB": {
"failcnt": 0
}
},
"intel_rdt": {},
"network_interfaces": null
}
}
附件:
conf.json
[root@node01 ~]# cat config.json
{
"ociVersion": "1.0.2-dev",
"process": {
"terminal": false,
"user": {
"uid": 0,
"gid": 0
},
"args": [
"sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": "/",
"capabilities": {
"bounding": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"effective": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"permitted": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"ambient": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
]
},
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 1024,
"soft": 1024
}
],
"noNewPrivileges": true
},
"root": {
"path": "rootfs",
"readonly": true
},
"hostname": "runc",
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"destination": "/dev/mqueue",
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev",
"ro"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
}
],
"linux": {
"resources": {
"devices": [
{
"allow": false,
"access": "rwm"
}
]
},
"namespaces": [
{
"type": "pid"
},
{
"type": "network"
},
{
"type": "ipc"
},
{
"type": "uts"
},
{
"type": "mount"
}
],
"maskedPaths": [
"/proc/acpi",
"/proc/asound",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/sys/firmware",
"/proc/scsi"
],
"readonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
}
}
