Containerd 安裝及使用(yum及源碼)
yum 安裝containerd
一、下載源碼庫:
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
二、安裝containerd
[root@control yum.repos.d]# yum list | grep containerd Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast containerd.io.x86_64 1.6.8-3.1.el7 docker-ce-stable [root@control yum.repos.d]# yum -y install containerd.io 已加載插件:fastestmirror base | 3.6 kB 00:00 docker-ce-stable | 3.5 kB 00:00 epel/x86_64/metalink | 3.4 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/6): extras/7/x86_64/primary_db | 249 kB 00:00:00 (2/6): epel/x86_64/group_gz | 98 kB 00:00:00 (3/6): updates/7/x86_64/primary_db | 18 MB 00:00:00 epel/x86_64/updateinfo FAILED http://mirror.dimensi.cloud/epel/7/x86_64/repodata/269450cc66b7f08d8d0e9e77cce11bd14dd2473f18ac9dfe7dfcb7b638db68ae-updateinfo.xml.bz2: [Errno 14] HTTP Error 404 - Not Found 正在嘗試其它鏡像。 To address this issue please refer to the below knowledge base article https://access.redhat.com/articles/1320623 ........... 已安裝: containerd.io.x86_64 0:1.6.9-3.1.el7 作為依賴被安裝: audit-libs-python.x86_64 0:2.8.5-4.el7 checkpolicy.x86_64 0:2.5-8.el7 container-selinux.noarch 2:2.119.2-1.911c772.el7_8 libcgroup.x86_64 0:0.41-21.el7 libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-34.el7 python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-4.el7 作為依賴被升級: audit.x86_64 0:2.8.5-4.el7 audit-libs.x86_64 0:2.8.5-4.el7 libselinux.x86_64 0:2.5-15.el7 libselinux-python.x86_64 0:2.5-15.el7 libselinux-utils.x86_64 0:2.5-15.el7 libsemanage.x86_64 0:2.5-14.el7 libsepol.x86_64 0:2.5-10.el7 policycoreutils.x86_64 0:2.5-34.el7 selinux-policy.noarch 0:3.13.1-268.el7_9.2 selinux-policy-targeted.noarch 0:3.13.1-268.el7_9.2 完畢! [root@control yum.repos.d]# rpm -qa | grep containerd containerd.io-1.6.9-3.1.el7.x86_64
三、創建containerd配置文件
mkdir -p /etc/containerd containerd config default > /etc/containerd/config.toml # 替換配置文件 sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml sed -i 's#sandbox_image = "registry.k8s.io/pause:3.6"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"#' /etc/containerd/config.toml
四、啟動containerd
[root@control yum.repos.d]# systemctl enable containerd
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
[root@control yum.repos.d]# systemctl start containerd
[root@control yum.repos.d]# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2022-11-11 16:42:57 CST; 8s ago
Docs: https://containerd.io
Process: 2013 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 2016 (containerd)
Memory: 17.8M
CGroup: /system.slice/containerd.service
└─2016 /usr/bin/containerd
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6..."
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...c
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...k
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6..."
Hint: Some lines were ellipsized, use -l to show in full.
五、驗證
[root@control ~]# ctr version Client: Version: 1.6.9 Revision: 1c90a442489720eec95342e1789ee8a5e1b9536f Go version: go1.18.7 Server: Version: 1.6.9 Revision: 1c90a442489720eec95342e1789ee8a5e1b9536f UUID: dbb7ed0c-cdec-4f60-8849-419dee1b6721 [root@control yum.repos.d]# ctr images ls REF TYPE DIGEST SIZE PLATFORMS LABELS
源碼安裝containerd
一、下載安裝包:
wget https://github.com/containerd/containerd/releases/download/v1.6.9/cri-containerd-cni-1.6.9-linux-amd64.tar.gz
二、解壓安裝包
[root@node1 ~]# tar xf cri-containerd-cni-1.6.9-linux-amd64.tar.gz [root@node1 ~]# ls anaconda-ks.cfg cri-containerd-cni-1.6.9-linux-amd64.tar.gz etc opt usr
說明:
- etc 主要是containerd服務管理配置文件及cni虛擬網卡配置文件。
- opt 主要為gce環境中使用containerd配置文件及cn組件。
- usr 主要為containerd運行時文件,包含runc。
三、拷貝containerd執行文件到系統目錄
[root@node1 ]# cp ~/usr/local/bin/containerd /usr/local/bin/ [root@node1 ]# ls /usr/local/bin/ containerd
四、拷貝啟動文件到系統目錄
[root@node1 ~]# cp ~/etc/systemd/system/containerd.service /usr/lib/systemd/system/
五、生成containerd模塊配置文件
Contalnerd的默認配置文件為/etc/containerd./config.toml,可以使用containerd config default 創建一份模塊配置文件。
命令:
containerd config default > /etc/containerd/config.toml
注:替換配置文件,如下:
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml sed -i 's#sandbox_image = "registry.k8s.io/pause:3.6"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"#' /etc/containerd/config.toml
1.、創建目錄,生成配置文件:
[root@node1 ~]# mkdir /etc/containerd [root@node1 ~]# containerd config default > /etc/containerd/config.toml [root@node1 containerd]# ls config.toml
文件內容:
[root@node1 containerd]# cat config.toml
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
version = 2
[cgroup]
path = ""
[debug]
address = ""
format = ""
gid = 0
level = ""
uid = 0
[grpc]
address = "/run/containerd/containerd.sock"
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
tcp_address = ""
tcp_tls_ca = ""
tcp_tls_cert = ""
tcp_tls_key = ""
uid = 0
[metrics]
address = ""
grpc_histogram = false
[plugins]
[plugins."io.containerd.gc.v1.scheduler"]
deletion_threshold = 0
mutation_threshold = 100
pause_threshold = 0.02
schedule_delay = "0s"
startup_delay = "100ms"
[plugins."io.containerd.grpc.v1.cri"]
device_ownership_from_security_context = false
disable_apparmor = false
disable_cgroup = false
disable_hugetlb_controller = true
disable_proc_mount = false
disable_tcp_service = true
enable_selinux = false
enable_tls_streaming = false
enable_unprivileged_icmp = false
enable_unprivileged_ports = false
ignore_image_defined_volumes = false
max_concurrent_downloads = 3
max_container_log_line_size = 16384
netns_mounts_under_state_dir = false
restrict_oom_score_adj = false
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"
selinux_category_range = 1024
stats_collect_period = 10
stream_idle_timeout = "4h0m0s"
stream_server_address = "127.0.0.1"
stream_server_port = "0"
systemd_cgroup = false
tolerate_missing_hugetlb_controller = true
unset_seccomp_profile = ""
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
conf_template = ""
ip_pref = ""
max_conf_num = 1
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
disable_snapshot_annotations = true
discard_unpacked_layers = false
ignore_rdt_not_enabled_errors = false
no_pivot = false
snapshotter = "overlayfs"
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = ""
[plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = ""
[plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options]
[plugins."io.containerd.grpc.v1.cri".image_decryption]
key_model = "node"
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins."io.containerd.internal.v1.opt"]
path = "/opt/containerd"
[plugins."io.containerd.internal.v1.restart"]
interval = "10s"
[plugins."io.containerd.internal.v1.tracing"]
sampling_ratio = 1.0
service_name = "containerd"
[plugins."io.containerd.metadata.v1.bolt"]
content_sharing_policy = "shared"
[plugins."io.containerd.monitor.v1.cgroups"]
no_prometheus = false
[plugins."io.containerd.runtime.v1.linux"]
no_shim = false
runtime = "runc"
runtime_root = ""
shim = "containerd-shim"
shim_debug = false
[plugins."io.containerd.runtime.v2.task"]
platforms = ["linux/amd64"]
sched_core = false
[plugins."io.containerd.service.v1.diff-service"]
default = ["walking"]
[plugins."io.containerd.service.v1.tasks-service"]
rdt_config_file = ""
[plugins."io.containerd.snapshotter.v1.aufs"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.btrfs"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.devmapper"]
async_remove = false
base_image_size = ""
discard_blocks = false
fs_options = ""
fs_type = ""
pool_name = ""
root_path = ""
[plugins."io.containerd.snapshotter.v1.native"]
root_path = ""
[plugins."io.containerd.snapshotter.v1.overlayfs"]
root_path = ""
upperdir_label = false
[plugins."io.containerd.snapshotter.v1.zfs"]
root_path = ""
[plugins."io.containerd.tracing.processor.v1.otlp"]
endpoint = ""
insecure = false
protocol = ""
[proxy_plugins]
[stream_processors]
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar"
[stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar+gzip"
[timeouts]
"io.containerd.timeout.bolt.open" = "0s"
"io.containerd.timeout.shim.cleanup" = "5s"
"io.containerd.timeout.shim.load" = "5s"
"io.containerd.timeout.shim.shutdown" = "3s"
"io.containerd.timeout.task.state" = "2s"
[ttrpc]
address = ""
gid = 0
uid = 0
注:但上述配置文件后期改動的地方較多,缺少鏡像倉庫,這里直接換成可單機使用、也可k8s環境使用的配置文件并配置好鏡像加速器。(根據自己需求決定是否使用)
root = "/var/lib/containerd"
state = "/run/containerd"
oom_score = -999
[grpc]
address = "/run/containerd/containerd.sock"
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
[debug]
address = ""
uid = 0
gid = 0
level = ""
[metrics]
address = ""
grpc_histogram = false
[cgroup]
path = ""
[plugins]
[plugins.cgroups]
no_prometheus = false
[plugins.cri]
stream_server_address = "127.0.0.1"
stream_server_port = "0"
enable_selinux = false
sandbox_image = "easzlab/pause-amd64:3.2"
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
[plugins.cri.containerd]
snapshotter = "overlayfs"
no_pivot = false
[plugins.cri.containerd.default_runtime]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = ""
runtime_root = ""
[plugins.cri.containerd.untrusted_workload_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
[plugins.cri.cni]
bin_dir = "/opt/kube/bin"
conf_dir = "/etc/cni/net.d"
conf_template = "/etc/cni/net.d/10-default.conf"
[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = [
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com"
]
[plugins.cri.registry.mirrors."gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn"
]
[plugins.cri.registry.mirrors."k8s.gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn/google-containers/"
]
[plugins.cri.registry.mirrors."quay.io"]
endpoint = [
"https://quay.mirrors.ustc.edu.cn"
]
[plugins.cri.registry.mirrors."harbor.kubemsb.com"] 此處添加了本地容器鏡像倉庫 Harbor,做為本地容器鏡像倉庫。
endpoint = [
"http://harbor.kubemsb.com"
]
[plugins.cri.x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins.diff-service]
default = ["walking"]
[plugins.linux]
shim = "containerd-shim"
runtime = "runc"
runtime_root = ""
no_shim = false
shim_debug = false
[plugins.opt]
path = "/opt/containerd"
[plugins.restart]
interval = "10s"
[plugins.scheduler]
pause_threshold = 0.02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = "0s"
startup_delay = "100ms"
2、啟動及開機自啟
注:無法啟動,查看配置文件中中文是否刪除!
[root@node1 containerd]# systemctl enable containerd
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
[root@node1 containerd]# systemctl start containerd
[root@node1 containerd]# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2022-11-15 14:48:23 CST; 5s ago
Docs: https://containerd.io
Process: 1695 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 1699 (containerd)
Memory: 16.1M
CGroup: /system.slice/containerd.service
└─1699 /usr/local/bin/containerd
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.839990989+08:00" level=error msg="failed to load cni during init, please check CRI...i config"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.850452922+08:00" level=info msg="Start subscribing containerd event"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.851525974+08:00" level=info msg="Start recovering state"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.852292233+08:00" level=info msg="Start event monitor"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.852485764+08:00" level=info msg="Start snapshots syncer"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.852500721+08:00" level=info msg="Start cni network conf syncer for default"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.852506239+08:00" level=info msg="Start streaming server"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.850747787+08:00" level=info msg=serving... address=/run/containerd/containerd.sock.ttrpc
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.856247111+08:00" level=info msg=serving... address=/run/containerd/containerd.sock
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.877704878+08:00" level=info msg="containerd successfully booted in 0.629643s"
Hint: Some lines were ellipsized, use -l to show in full.
六、拷貝ctr命令到系統
[root@node1 ~]# cd usr/local/bin/ [root@node1 bin]# ls containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr [root@node1 bin]# cp ~/usr/local/bin/ctr /usr/bin/ [root@node1 bin]# ls /usr/bin/ | grep ctr ctr genl-ctrl-list nl-tctree-list [root@node1 bin]# ctr ctr ctrlaltdel [root@node1 bin]# ctr version Client: Version: v1.6.9 Revision: 1c90a442489720eec95342e1789ee8a5e1b9536f Go version: go1.18.7 Server: Version: v1.6.9 Revision: 1c90a442489720eec95342e1789ee8a5e1b9536f UUID: 4754c3c8-1e9c-4985-894e-70ff37f0247d
安裝runC
由于二進制包中提供的runC默認需要系統中安裝seccomp支持,需要單獨安裝,且不同版本runC對seccomp版本要求一致,所以建議單獨下載runC 二進制包進行安裝,里面包含了seccomp模塊支持。
官方地址:https://github.com
下載地址:wget https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64
1、安裝
[root@node1 ~]# ls anaconda-ks.cfg etc runc.amd64 cri-containerd-cni-1.6.9-linux-amd64.tar.gz opt usr [root@node1 ~]# mv runc.amd64 /usr/bin/runc [root@node1 ~]# chmod +x /usr/bin/runc
2、驗證
[root@node1 ~]# runc -version runc version 1.1.4 commit: v1.1.4-0-g5fd4c4d1 spec: 1.0.2-dev go: go1.17.10 libseccomp: 2.5.4
Containerd容器鏡像管理
Containerd容器鏡像管理命令
- docker使用docker images命令管理鏡像
- 單機containerd使用ctr images命令管理鏡像,containerd本身的CLI
- k8s中containerd使用crictl images命令管理鏡像,Kubernetes社區的專用CLI工具
1、命令使用
[root@node1 ~]# ctr --help
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/
containerd CLI
USAGE:
ctr [global options] command [command options] [arguments...]
VERSION:
v1.6.9
DESCRIPTION:
ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project.
COMMANDS:
plugins, plugin provides information about containerd plugins
version print the client and server versions
containers, c, container manage containers
content manage content
events, event display containerd events
images, image, i manage images
leases manage leases
namespaces, namespace, ns manage namespaces
pprof provide golang pprof outputs for containerd
run run a container
snapshots, snapshot manage snapshots
tasks, t, task manage tasks
install install a new package
oci OCI tools
shim interact with a shim directly
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
2、查看鏡像(五種方式均可查看)
[root@node1 ~]# ctr i ls REF TYPE DIGEST SIZE PLATFORMS LABELS [root@node1 ~]# ctr images list REF TYPE DIGEST SIZE PLATFORMS LABELS [root@node1 ~]# ctr image ls REF TYPE DIGEST SIZE PLATFORMS LABELS [root@node1 ~]# ctr i list REF TYPE DIGEST SIZE PLATFORMS LABELS [root@node1 ~]# ctr images ls REF TYPE DIGEST SIZE PLATFORMS LABELS
3、下載鏡像
containerd支持oci標準的鏡像,所以可以直接使用docker官方或dockerfile構建的鏡像
[root@node1 ~]# ctr images pull --help NAME: ctr images pull - pull an image from a remote USAGE: ctr images pull [command options] [flags] <ref> DESCRIPTION: Fetch and prepare an image for use in containerd.
After pulling an image, it should be ready to use the same reference in a run command. As part of this process, we do the following: 1. Fetch all resources into containerd. 2. Prepare the snapshot filesystem with the pulled resources. 3. Register metadata for the image. OPTIONS: --skip-verify, -k skip SSL certificate validation # 跳過 SSL 證書驗證 --plain-http allow connections using plain HTTP # 允許使用純 HTTP 連接 --user value, -u value user[:password] Registry user and password # 注冊用戶和密碼 --refresh value refresh token for authorization server # 授權服務器的刷新令牌 --hosts-dir value Custom hosts configuration directory # 自定義主機配置目錄 --tlscacert value path to TLS root CA # 值到 TLS 根 CA 的路徑 --tlscert value path to TLS client certificate # 值 TLS 客戶端證書的路徑 --tlskey value path to TLS client key # 客戶端密鑰的 tlskey 值路徑 --http-dump dump all HTTP request/responses when interacting with container registry 在與容器注冊表交互時轉儲所有 HTTP 請求/響應 --http-trace enable HTTP tracing for registry interactions # 為注冊表交互啟用 HTTP 跟蹤 --snapshotter value snapshotter name. Empty value stands for the default value. [$CONTAINERD_SNAPSHOTTER] # 值快照程序名稱。空值代表默認值。 --label value labels to attach to the image # 值標簽附加到圖像 --platform value Pull content from a specific platform # 從特定平臺拉取內容 --all-platforms pull content and metadata from all platforms # 從所有平臺中提取內容和元數據 --all-metadata Pull metadata for all platforms # 為所有平臺拉取元數據 --print-chainid Print the resulting image's chain ID # 打印結果圖像的鏈 ID --max-concurrent-downloads value Set the max concurrent downloads for each pull (default: 0) # 設置每次拉取的最大并發下載量
3.1 查看不指定平臺的支持
[root@node1 ~]# ctr images pull nginx:stable ctr: failed to resolve reference "nginx:stable": parse "dummy://nginx:stable": invalid port ":stable" after host [root@node1 ~]# ctr images pull docker.io/library/nginx:stable docker.io/library/nginx:stable: resolved |++++++++++++++++++++++++++++++++++++++| index-sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92: done |++++++++++++++++++++++++++++++++++++++| manifest-sha256:530f601770ac6d8fa1f89eea41ed5e68c9e7e1350b632f6c2d6130fc7e6e6def: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:a8acafbf647e882d55071a1b1cab522058d1652d728e7c0cbbb87842c90a1ddf: done |++++++++++++++++++++++++++++++++++++++| config-sha256:0ccb2559380c363276bbbbb6bf64a1247049865345ad4ff0951bc9c9c1f6f1e8: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:e9995326b091af7b3ce352fad4d76cf3a3cb62b7a0c35cc5f625e8e649d23c50: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:6cc239fad4598fc1aa1663807ecb734ffc0caf2e415da9a639b99881fa853273: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:55bbc49cb4de1c16460d1b3b5eeb8a22b2b42f6fe51f358f4ecff6fc1ded0358: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:a3949c6b4890f8c6a91c7907731a12750c1d2b9aa460534e42ae28087ceb6ba2: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:b9e696b15b8ab12c46463aa3e93c98a2bfabcdaeb5d776de8ccfc773d2283e0a: done |++++++++++++++++++++++++++++++++++++++| elapsed: 10.0s total: 54.2 M (5.4 MiB/s) unpacking linux/amd64 sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92... done: 22.749826389s [root@node1 ~]# uname -a Linux node1 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux [root@node1 ~]# date 2022年 11月 15日 星期二 17:29:42 CST [root@node1 ~]# ctr images ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
3.2 指定(單個)平臺下載
[root@node1 ~]# ctr images pull --platform linux/amd64 docker.io/library/nginx:alpine docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++| index-sha256:455c39afebd4d98ef26dd70284aa86e6810b0485af5f4f222b19b89758cabf1e: done |++++++++++++++++++++++++++++++++++++++| manifest-sha256:0f2ab24c6aba5d96fcf6e7a736333f26dca1acf5fa8def4c276f6efc7d56251f: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:4342b1ab302e894161372b32fe2976899a978bf8ff2241fb1655dc25e6645a34: done |++++++++++++++++++++++++++++++++++++++| config-sha256:19dd4d73108a1feefc29d299f3727467ac02486c83474fc3979e4a7637291fe6: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:ca7dd9ec2225f2385955c43b2379305acd51543c28cf1d4e94522b3d94cce3ce: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:76a48b0f58980a64d28bc3575ae4733eb337f7b82403559122b13d5e2ced3921: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:2f12a0e7c01d607251a4040fa41518fd2542f3ebab83a6f7817867d0de111c96: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:1a7b9b9bbef6853211515e42f58be7763749950c244a0c485bb4afd1946e06d7: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:b704883c57afcf77f6bc48709943bcf808c9e9945d7e04926be41226fa415d33: done |++++++++++++++++++++++++++++++++++++++| elapsed: 8.6 s total: 7.7 Mi (915.8 KiB/s) unpacking linux/amd64 sha256:455c39afebd4d98ef26dd70284aa86e6810b0485af5f4f222b19b89758cabf1e... done: 488.54181ms [root@node1 ~]# uname -a Linux node1 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
3.3 指定(全部)平臺下載
[root@node1 ~]# ctr images pull --all-platforms docker.io/library/nginx:latest .......... layer-sha256:5b221a36b4338b09410bbe89507e41d0b7f29bca528624270cdae477a994a020: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:fcd48e11f0ee5b433a823d2ce982c083cc16daf0de2c64acd8f58f0fee3b4abf: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:2c61dffb3feda2a72f267842bc181dda76c16a6902616dbf8379f2e2175aa046: done |++++++++++++++++++++++++++++++++++++++| elapsed: 38.7s total: 395.6 (10.2 MiB/s) unpacking linux/amd64 sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d... unpacking linux/arm/v5 sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d... unpacking linux/arm/v7 sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d... unpacking linux/arm64/v8 sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d... unpacking linux/386 sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d... unpacking linux/mips64le sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d... unpacking linux/ppc64le sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d... unpacking linux/s390x sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d... done: 30.090253019s
3.4 查看所有鏡像
[root@node1 ~]# ctr i ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:455c39afebd4d98ef26dd70284aa86e6810b0485af5f4f222b19b89758cabf1e 9.8 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x - docker.io/library/nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x - docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
4、掛載鏡像
[root@node1 ~]# ctr images mount docker.io/library/nginx:latest /mnt sha256:8b811a30cb94c227fb2ae61a2a1ec1e93381dbef06f9ea6b5c06df4f27651fed /mnt [root@node1 ~]# ls /mnt bin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
5、卸載鏡像
[root@node1 ~]# umount /mnt/ [root@node1 ~]# ls /mnt/ [root@node1 ~]#
6、鏡像導出
說明:
- --all-platforms,導出所有平臺鏡像,本版本為1.6版本,1.4版本不需要添加此選項。
6.1 導出所有平臺鏡像
[root@node1 ~]# ctr i export --all-platforms nginx.img docker.io/library/nginx:latest [root@node1 ~]# ls etc nginx.img opt usr
6.2 導出單個平臺鏡像
[root@node1 ~]# ctr i export --platform linux/amd64 nginx.img docker.io/library/nginx:latest [root@node1 ~]# ll 總用量 183296 drwxr-xr-x 4 root root 51 10月 25 01:43 etc -rw-r--r-- 1 root root 56853504 11月 16 10:56 nginx.img drwxr-xr-x 4 root root 35 10月 25 01:42 opt drwxr-xr-x 3 root root 19 10月 25 01:41 usr
7、刪除鏡像
說明:
- rm 、remove 、delete、del 四個命令都可以用來刪除鏡像
- 多個鏡像也可以一起刪除,只需要加到命令后面
[root@node1 ~]# ctr images rm docker.io/library/nginx:alpine docker.io/library/nginx:alpine [root@node1 ~]# ctr i ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x - docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
7.2 刪除所有鏡像
[root@node1 ~]# ctr i rm $(ctr i ls) WARN[0000] REF: image not found WARN[0000] TYPE: image not found WARN[0000] DIGEST: image not found WARN[0000] SIZE: image not found WARN[0000] PLATFORMS: image not found WARN[0000] LABELS: image not found docker.io/library/mysql:latest
8、導入鏡像
[root@node1 ~]# ctr i ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x - [root@node1 ~]# ctr images import nginx.img unpacking docker.io/library/nginx:latest (sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d)...done [root@node1 ~]# ctr i ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x - docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
9、修改tag
語法:
- ctr images tag 命令選項 源鏡像tag 目標tag 目標tag ....可以跟多個目標tag
[root@node1 ~]# ctr i tag docker.io/library/mysql:latest mysql:latest mysql:latest [root@node1 ~]# ctr i ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/mysql:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:25aace9734db96ae09c24c6a2eeb6db4720c41d493de352eb76007eddf437fbe 150.0 MiB linux/amd64,linux/arm64/v8 - docker.io/library/nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x - docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x - mysql:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:25aace9734db96ae09c24c6a2eeb6db4720c41d493de352eb76007eddf437fbe 150.0 MiB linux/amd64,linux/arm64/v8 [root@node1 ~]# ctr i tag docker.io/library/mysql:latest mysql:12345 mysql:123 mysql:12345 mysql:123
Containerd容器管理
1、查看容器
[root@node1 ~]# ctr c ls CONTAINER IMAGE RUNTIME [root@node1 ~]# ctr container ls CONTAINER IMAGE RUNTIME [root@node1 ~]# ctr containers ls CONTAINER IMAGE RUNTIME
2、查看容器進程(任務)
[root@node1 ~]# ctr t ls TASK PID STATUS [root@node1 ~]# ctr tasks ls TASK PID STATUS [root@node1 ~]# ctr task ls TASK PID STATUS
3、創建靜態容器
[root@node1 ~]# ctr containers create docker.io/library/nginx:latest nginx ctr: image "docker.io/library/nginx:latest": not found [root@node1 ~]# ctr images pull docker.io/library/nginx:latest docker.io/library/nginx:latest: resolved |++++++++++++++++++++++++++++++++++++++| index-sha256:e209ac2f37c70c1e0e9873a5f7231e91dcd83fdf1178d8ed36c2ec09974210ba: done |++++++++++++++++++++++++++++++++++++++| manifest-sha256:6ad8394ad31b269b563566998fd80a8f259e8decf16e807f8310ecc10c687385: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:9802a2cfdb8d8504273e75f503a7c9fb4594782653b8252ec3073ae7b850a235: done |++++++++++++++++++++++++++++++++++++++| config-sha256:88736fe827391462a4db99252117f136b2b25d1d31719006326a437bb40cb12d: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:a603fa5e3b4127f210503aaa6189abf6286ee5a73deeaab460f8f33ebc6b64e2: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:c39e1cda007e48da53e4b20c928bcefa9e10958c7461c1ca645b5eed9a2ba029: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:90cfefba34d7c6a81fe1dfbb4a579998c65ff49092052967f63ddc48f6be85d9: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:a38226fb7abac764207dffedaee902fdf63c9d4ec076236fb632fe991c4d4b4f: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:62583498bae6886d90f3b1cbad2ebbeb68b66948161413087ff27b05cb75b994: done |++++++++++++++++++++++++++++++++++++++| elapsed: 10.7s total: 54.2 M (5.1 MiB/s) unpacking linux/amd64 sha256:e209ac2f37c70c1e0e9873a5f7231e91dcd83fdf1178d8ed36c2ec09974210ba... done: 2.371879085s [root@node1 ~]# ctr containers create docker.io/library/nginx:latest nginx [root@node1 ~]# ctr containers ls CONTAINER IMAGE RUNTIME nginx docker.io/library/nginx:latest io.containerd.runc.v2 [root@node1 ~]# ctr tasks ls TASK PID STATUS
說明:
- 使用 ctr container create 命令創建容器后,容器并沒有處于運行狀態,其只是一個靜態的容器。這個 container 對象只是包含了運行一個容器所需的資源及配置的數據結構,例如: namespaces、rootfs 和容器的配置都已經初始化成功了,只是用戶進程(本案例為nginx)還沒有啟動。需要使用`ctr tasks`命令才能獲取一個動態容器。
- ctr 創建容器的時候本地必須要有鏡像,否則報錯
4、靜態容器啟動為動態容器
注:需要將containerd中的containerd-shim-runc-v2拷貝到系統的/usr/bin/目錄下,負責啟動會報錯。
[root@node1 ]# ctr tasks start nginx ctr: failed to start shim: failed to resolve runtime path: runtime "io.containerd.runc.v2" binary not installed "containerd-shim-runc-v2": file does not exist: unknown CTR:啟動墊片失敗:無法解析運行時路徑:未安裝運行時“io.containerd.runc.v2”二進制文件“containerd-shim-runc-v2”:文件不存在:未知 [root@node1 bin]# cp /root/usr/local/bin/containerd-shim-runc-v2 /usr/bin/ [root@node1 bin]# ls /usr/bin/ | grep containerd-shim-runc-v2 containerd-shim-runc-v2 # 啟動task,即表時在容器中運行了進程,即為動態容器。 [root@node1 bin]# ctr tasks start -d nginx
4.1 查看容器宿主機進程
# 查看容器所在宿主機進程,是以宿主機進程的方式存在的。 [root@node1 bin]# ctr task ls TASK PID STATUS nginx 3356 RUNNING # 查看容器的進程(都是物理機的進程) [root@node1 bin]# ctr task ps nginx PID INFO 3356 - 3387 - 3388 - # 物理機查看到相應的進程 [root@node1 bin]# ps aux | grep 3356 root 3356 0.0 0.3 8916 3488 ? Ss 17:26 0:00 nginx: master process nginx -g daemon off; root 3416 0.0 0.0 112824 988 pts/0 S+ 17:29 0:00 grep --color=auto 3356
5、進入到容器中
[root@node1 bin]# ctr tasks exec --exec-id 2 nginx2 /bin/sh
ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
curl http://127.0.0.1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 615 100 615 0 0 823k 0 --:--:-- --:--:-- --:--:-- 600k
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a >nginx.org</a>.<br/>
Commercial support is available at
<a >nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
說明:
- 為exec進程設定一個id,可以隨意輸入,只要保證唯一即可,也可使用$RANDOM變量。
6、運行一個動態容器
說明:
- -d 代表dameon,后臺運行
- --net-host 代表容器的IP就是宿主機的IP(相當于docker里的host類型網絡)
[root@node1 vod]# ctr run -d --net-host docker.io/library/nginx:alpine nginx [root@node1 vod]# ctr t ls TASK PID STATUS nginx 3582 RUNNING
6.1 進入容器
[root@node1 vod]# ctr task exec --exec-id 1 -t nginx /bin/sh
/ # ifconfig
ens32 Link encap:Ethernet HWaddr 00:0C:29:DF:7E:67
inet addr:192.168.1.90 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::8449:8163:c2e:26fb/64 Scope:Link
inet6 addr: fe80::e340:238:62a0:6413/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39979 errors:0 dropped:0 overruns:0 frame:0
TX packets:4733 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4738148 (4.5 MiB) TX bytes:496878 (485.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:56 errors:0 dropped:0 overruns:0 frame:0
TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:4409 (4.3 KiB) TX bytes:4409 (4.3 KiB)
/ # curl http://192.168.1.90
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a >nginx.org</a>.<br/>
Commercial support is available at
<a >nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
# 修改顯示文件
/ # echo "nginx" > /usr/share/nginx/html/index.html
/ # curl http://192.168.1.90
nginx
/ # exit
# 宿主機也可以訪問
[root@node1 vod]# curl http://192.168.1.90
nginx
7、暫停容器
[root@node1 ~]# ctr t ls TASK PID STATUS nginx4 3187 RUNNING [root@node1 ~]# ctr tasks --help NAME: ctr tasks - manage tasks USAGE: ctr tasks command [command options] [arguments...] COMMANDS: attach attach to the IO of a running container checkpoint checkpoint a container delete, del, remove, rm delete one or more tasks exec execute additional processes in an existing container list, ls list tasks kill signal a container (default: SIGTERM) pause pause an existing container ps list processes for container resume resume a paused container start start a container that has been created metrics, metric get a single data point of metrics for a task with the built-in Linux runtime OPTIONS: --help, -h show help [root@node1 ~]# ctr tasks pause nginx4 [root@node1 ~]# ctr t ls TASK PID STATUS nginx4 3187 PAUSED
8、恢復容器
[root@node1 ~]# ctr task resume nginx4 [root@node1 ~]# ctr t ls TASK PID STATUS nginx4 3187 RUNNING
9、停止容器
# 使用kill命令停止容器中運行的進程,既為停止容器 [root@node1 ~]# ctr t ls TASK PID STATUS nginx4 3187 RUNNING [root@node1 ~]# ctr task kill nginx4 [root@node1 ~]# ctr t ls TASK PID STATUS nginx4 3187 STOPPED
9.1 刪除一個進程
# 必須先停止tasks或先刪除task,再刪除容器 [root@node1 ~]# ctr task delete nginx4 [root@node1 ~]# ctr c ls CONTAINER IMAGE RUNTIME nginx4 docker.io/library/nginx:alpine io.containerd.runc.v2
注:
- 查看靜態容器,確認其還存在于系統中
- 再次啟動,容器即可恢復,如下:
[root@node1 ~]# ctr task start -d nginx4 /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ [root@node1 ~]# ctr t ls TASK PID STATUS nginx4 3416 RUNNING
10、刪除容器
注:刪除容器之前,必須先停止進程,否則報錯,刪除容器后,進程也會一塊刪除!
[root@node1 ~]# ctr t ls
TASK PID STATUS
nginx4 3416 RUNNING
[root@node1 ~]# ctr c ls
CONTAINER IMAGE RUNTIME
nginx4 docker.io/library/nginx:alpine io.containerd.runc.v2
[root@node1 ~]# ctr container rm nginx4
ERRO[0000] failed to delete container "nginx4" error="cannot delete a non stopped container: {running 0 0001-01-01 00:00:00 +0000 UTC}"
ctr: cannot delete a non stopped container: {running 0 0001-01-01 00:00:00 +0000 UTC} # 無法刪除未停止的容器
[root@node1 ~]# ctr task kill nginx4
[root@node1 ~]# ctr t ls
TASK PID STATUS
nginx4 3416 STOPPED
[root@node1 ~]# ctr container delete nginx4
[root@node1 ~]# ctr c ls
CONTAINER IMAGE RUNTIME
浙公網安備 33010602011771號