Containerd 安装及使用(yum及源码)
yum 安装containerd
一、下载源码库:
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
二、安装containerd
[root@control yum.repos.d]# yum list | grep containerd
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
containerd.io.x86_64 1.6.8-3.1.el7 docker-ce-stable
[root@control yum.repos.d]# yum -y install containerd.io
已加载插件:fastestmirror
base | 3.6 kB 00:00
docker-ce-stable | 3.5 kB 00:00
epel/x86_64/metalink | 3.4 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/6): extras/7/x86_64/primary_db | 249 kB 00:00:00
(2/6): epel/x86_64/group_gz | 98 kB 00:00:00
(3/6): updates/7/x86_64/primary_db | 18 MB 00:00:00
epel/x86_64/updateinfo FAILED
http://mirror.dimensi.cloud/epel/7/x86_64/repodata/269450cc66b7f08d8d0e9e77cce11bd14dd2473f18ac9dfe7dfcb7b638db68ae-updateinfo.xml.bz2: [Errno 14] HTTP Error 404 - Not Found
正在尝试其它镜像。
To address this issue please refer to the below knowledge base article https://access.redhat.com/articles/1320623
........... 已安装:
containerd.io.x86_64 0:1.6.9-3.1.el7 作为依赖被安装:
audit-libs-python.x86_64 0:2.8.5-4.el7 checkpolicy.x86_64 0:2.5-8.el7 container-selinux.noarch 2:2.119.2-1.911c772.el7_8
libcgroup.x86_64 0:0.41-21.el7 libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-34.el7
python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-4.el7 作为依赖被升级:
audit.x86_64 0:2.8.5-4.el7 audit-libs.x86_64 0:2.8.5-4.el7 libselinux.x86_64 0:2.5-15.el7
libselinux-python.x86_64 0:2.5-15.el7 libselinux-utils.x86_64 0:2.5-15.el7 libsemanage.x86_64 0:2.5-14.el7
libsepol.x86_64 0:2.5-10.el7 policycoreutils.x86_64 0:2.5-34.el7 selinux-policy.noarch 0:3.13.1-268.el7_9.2
selinux-policy-targeted.noarch 0:3.13.1-268.el7_9.2 完毕!
[root@control yum.repos.d]# rpm -qa | grep containerd
containerd.io-1.6.9-3.1.el7.x86_64
三、创建containerd配置文件
mkdir -p /etc/containerd
containerd config default > /etc/containerd/config.toml
# 替换配置文件
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml
sed -i 's#sandbox_image = "registry.k8s.io/pause:3.6"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"#' /etc/containerd/config.toml
四、启动containerd
[root@control yum.repos.d]# systemctl enable containerd
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
[root@control yum.repos.d]# systemctl start containerd
[root@control yum.repos.d]# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2022-11-11 16:42:57 CST; 8s ago
Docs: https://containerd.io
Process: 2013 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 2016 (containerd)
Memory: 17.8M
CGroup: /system.slice/containerd.service
└─2016 /usr/bin/containerd 11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...1
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6..."
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...c
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6...k
11月 11 16:42:57 control containerd[2016]: time="2022-11-11T16:42:57.6..."
Hint: Some lines were ellipsized, use -l to show in full.
五、验证
[root@control ~]# ctr version
Client:
Version: 1.6.9
Revision: 1c90a442489720eec95342e1789ee8a5e1b9536f
Go version: go1.18.7 Server:
Version: 1.6.9
Revision: 1c90a442489720eec95342e1789ee8a5e1b9536f
UUID: dbb7ed0c-cdec-4f60-8849-419dee1b6721
[root@control yum.repos.d]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
源码安装containerd
一、下载安装包:
wget https://github.com/containerd/containerd/releases/download/v1.6.9/cri-containerd-cni-1.6.9-linux-amd64.tar.gz
二、解压安装包
[root@node1 ~]# tar xf cri-containerd-cni-1.6.9-linux-amd64.tar.gz
[root@node1 ~]# ls
anaconda-ks.cfg cri-containerd-cni-1.6.9-linux-amd64.tar.gz etc opt usr
说明:
- etc 主要是containerd服务管理配置文件及cni虚拟网卡配置文件。
- opt 主要为gce环境中使用containerd配置文件及cn组件。
- usr 主要为containerd运行时文件,包含runc。
三、拷贝containerd执行文件到系统目录
[root@node1 ]# cp ~/usr/local/bin/containerd /usr/local/bin/
[root@node1 ]# ls /usr/local/bin/
containerd
四、拷贝启动文件到系统目录
[root@node1 ~]# cp ~/etc/systemd/system/containerd.service /usr/lib/systemd/system/
五、生成containerd模块配置文件
Contalnerd的默认配置文件为/etc/containerd./config.toml,可以使用containerd config default 创建一份模块配置文件。
命令:
containerd config default > /etc/containerd/config.toml
注:替换配置文件,如下:
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#' /etc/containerd/config.toml
sed -i 's#sandbox_image = "registry.k8s.io/pause:3.6"#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"#' /etc/containerd/config.toml
1.、创建目录,生成配置文件:
[root@node1 ~]# mkdir /etc/containerd
[root@node1 ~]# containerd config default > /etc/containerd/config.toml
[root@node1 containerd]# ls
config.toml
文件内容:
[root@node1 containerd]# cat config.toml
disabled_plugins = []
imports = []
oom_score = 0
plugin_dir = ""
required_plugins = []
root = "/var/lib/containerd"
state = "/run/containerd"
temp = ""
version = 2 [cgroup]
path = "" [debug]
address = ""
format = ""
gid = 0
level = ""
uid = 0 [grpc]
address = "/run/containerd/containerd.sock"
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216
tcp_address = ""
tcp_tls_ca = ""
tcp_tls_cert = ""
tcp_tls_key = ""
uid = 0 [metrics]
address = ""
grpc_histogram = false [plugins] [plugins."io.containerd.gc.v1.scheduler"]
deletion_threshold = 0
mutation_threshold = 100
pause_threshold = 0.02
schedule_delay = "0s"
startup_delay = "100ms" [plugins."io.containerd.grpc.v1.cri"]
device_ownership_from_security_context = false
disable_apparmor = false
disable_cgroup = false
disable_hugetlb_controller = true
disable_proc_mount = false
disable_tcp_service = true
enable_selinux = false
enable_tls_streaming = false
enable_unprivileged_icmp = false
enable_unprivileged_ports = false
ignore_image_defined_volumes = false
max_concurrent_downloads = 3
max_container_log_line_size = 16384
netns_mounts_under_state_dir = false
restrict_oom_score_adj = false
sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.6"
selinux_category_range = 1024
stats_collect_period = 10
stream_idle_timeout = "4h0m0s"
stream_server_address = "127.0.0.1"
stream_server_port = "0"
systemd_cgroup = false
tolerate_missing_hugetlb_controller = true
unset_seccomp_profile = "" [plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
conf_template = ""
ip_pref = ""
max_conf_num = 1 [plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
disable_snapshot_annotations = true
discard_unpacked_layers = false
ignore_rdt_not_enabled_errors = false
no_pivot = false
snapshotter = "overlayfs" [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = "" [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime.options] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = "io.containerd.runc.v2" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
BinaryName = ""
CriuImagePath = ""
CriuPath = ""
CriuWorkPath = ""
IoGid = 0
IoUid = 0
NoNewKeyring = false
NoPivotRoot = false
Root = ""
ShimCgroup = ""
SystemdCgroup = true [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
base_runtime_spec = ""
cni_conf_dir = ""
cni_max_conf_num = 0
container_annotations = []
pod_annotations = []
privileged_without_host_devices = false
runtime_engine = ""
runtime_path = ""
runtime_root = ""
runtime_type = "" [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime.options] [plugins."io.containerd.grpc.v1.cri".image_decryption]
key_model = "node" [plugins."io.containerd.grpc.v1.cri".registry]
config_path = "" [plugins."io.containerd.grpc.v1.cri".registry.auths] [plugins."io.containerd.grpc.v1.cri".registry.configs] [plugins."io.containerd.grpc.v1.cri".registry.headers] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = "" [plugins."io.containerd.internal.v1.opt"]
path = "/opt/containerd" [plugins."io.containerd.internal.v1.restart"]
interval = "10s" [plugins."io.containerd.internal.v1.tracing"]
sampling_ratio = 1.0
service_name = "containerd" [plugins."io.containerd.metadata.v1.bolt"]
content_sharing_policy = "shared" [plugins."io.containerd.monitor.v1.cgroups"]
no_prometheus = false [plugins."io.containerd.runtime.v1.linux"]
no_shim = false
runtime = "runc"
runtime_root = ""
shim = "containerd-shim"
shim_debug = false [plugins."io.containerd.runtime.v2.task"]
platforms = ["linux/amd64"]
sched_core = false [plugins."io.containerd.service.v1.diff-service"]
default = ["walking"] [plugins."io.containerd.service.v1.tasks-service"]
rdt_config_file = "" [plugins."io.containerd.snapshotter.v1.aufs"]
root_path = "" [plugins."io.containerd.snapshotter.v1.btrfs"]
root_path = "" [plugins."io.containerd.snapshotter.v1.devmapper"]
async_remove = false
base_image_size = ""
discard_blocks = false
fs_options = ""
fs_type = ""
pool_name = ""
root_path = "" [plugins."io.containerd.snapshotter.v1.native"]
root_path = "" [plugins."io.containerd.snapshotter.v1.overlayfs"]
root_path = ""
upperdir_label = false [plugins."io.containerd.snapshotter.v1.zfs"]
root_path = "" [plugins."io.containerd.tracing.processor.v1.otlp"]
endpoint = ""
insecure = false
protocol = "" [proxy_plugins] [stream_processors] [stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar" [stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
path = "ctd-decoder"
returns = "application/vnd.oci.image.layer.v1.tar+gzip" [timeouts]
"io.containerd.timeout.bolt.open" = "0s"
"io.containerd.timeout.shim.cleanup" = "5s"
"io.containerd.timeout.shim.load" = "5s"
"io.containerd.timeout.shim.shutdown" = "3s"
"io.containerd.timeout.task.state" = "2s" [ttrpc]
address = ""
gid = 0
uid = 0
注:但上述配置文件后期改动的地方较多,缺少镜像仓库,这里直接换成可单机使用、也可k8s环境使用的配置文件并配置好镜像加速器。(根据自己需求决定是否使用)
root = "/var/lib/containerd"
state = "/run/containerd"
oom_score = -999 [grpc]
address = "/run/containerd/containerd.sock"
uid = 0
gid = 0
max_recv_message_size = 16777216
max_send_message_size = 16777216 [debug]
address = ""
uid = 0
gid = 0
level = "" [metrics]
address = ""
grpc_histogram = false [cgroup]
path = "" [plugins]
[plugins.cgroups]
no_prometheus = false
[plugins.cri]
stream_server_address = "127.0.0.1"
stream_server_port = "0"
enable_selinux = false
sandbox_image = "easzlab/pause-amd64:3.2"
stats_collect_period = 10
systemd_cgroup = false
enable_tls_streaming = false
max_container_log_line_size = 16384
[plugins.cri.containerd]
snapshotter = "overlayfs"
no_pivot = false
[plugins.cri.containerd.default_runtime]
runtime_type = "io.containerd.runtime.v1.linux"
runtime_engine = ""
runtime_root = ""
[plugins.cri.containerd.untrusted_workload_runtime]
runtime_type = ""
runtime_engine = ""
runtime_root = ""
[plugins.cri.cni]
bin_dir = "/opt/kube/bin"
conf_dir = "/etc/cni/net.d"
conf_template = "/etc/cni/net.d/10-default.conf"
[plugins.cri.registry]
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = [
"https://docker.mirrors.ustc.edu.cn",
"http://hub-mirror.c.163.com"
]
[plugins.cri.registry.mirrors."gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn"
]
[plugins.cri.registry.mirrors."k8s.gcr.io"]
endpoint = [
"https://gcr.mirrors.ustc.edu.cn/google-containers/"
]
[plugins.cri.registry.mirrors."quay.io"]
endpoint = [
"https://quay.mirrors.ustc.edu.cn"
]
[plugins.cri.registry.mirrors."harbor.kubemsb.com"] 此处添加了本地容器镜像仓库 Harbor,做为本地容器镜像仓库。
endpoint = [
"http://harbor.kubemsb.com"
]
[plugins.cri.x509_key_pair_streaming]
tls_cert_file = ""
tls_key_file = ""
[plugins.diff-service]
default = ["walking"]
[plugins.linux]
shim = "containerd-shim"
runtime = "runc"
runtime_root = ""
no_shim = false
shim_debug = false
[plugins.opt]
path = "/opt/containerd"
[plugins.restart]
interval = "10s"
[plugins.scheduler]
pause_threshold = 0.02
deletion_threshold = 0
mutation_threshold = 100
schedule_delay = "0s"
startup_delay = "100ms"
2、启动及开机自启
注:无法启动,查看配置文件中中文是否删除!
[root@node1 containerd]# systemctl enable containerd
Created symlink from /etc/systemd/system/multi-user.target.wants/containerd.service to /usr/lib/systemd/system/containerd.service.
[root@node1 containerd]# systemctl start containerd
[root@node1 containerd]# systemctl status containerd
● containerd.service - containerd container runtime
Loaded: loaded (/usr/lib/systemd/system/containerd.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2022-11-15 14:48:23 CST; 5s ago
Docs: https://containerd.io
Process: 1695 ExecStartPre=/sbin/modprobe overlay (code=exited, status=0/SUCCESS)
Main PID: 1699 (containerd)
Memory: 16.1M
CGroup: /system.slice/containerd.service
└─1699 /usr/local/bin/containerd 11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.839990989+08:00" level=error msg="failed to load cni during init, please check CRI...i config"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.850452922+08:00" level=info msg="Start subscribing containerd event"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.851525974+08:00" level=info msg="Start recovering state"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.852292233+08:00" level=info msg="Start event monitor"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.852485764+08:00" level=info msg="Start snapshots syncer"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.852500721+08:00" level=info msg="Start cni network conf syncer for default"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.852506239+08:00" level=info msg="Start streaming server"
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.850747787+08:00" level=info msg=serving... address=/run/containerd/containerd.sock.ttrpc
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.856247111+08:00" level=info msg=serving... address=/run/containerd/containerd.sock
11月 15 14:48:23 node1 containerd[1699]: time="2022-11-15T14:48:23.877704878+08:00" level=info msg="containerd successfully booted in 0.629643s"
Hint: Some lines were ellipsized, use -l to show in full.
六、拷贝ctr命令到系统
[root@node1 ~]# cd usr/local/bin/
[root@node1 bin]# ls
containerd containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2 containerd-stress crictl critest ctd-decoder ctr
[root@node1 bin]# cp ~/usr/local/bin/ctr /usr/bin/
[root@node1 bin]# ls /usr/bin/ | grep ctr
ctr
genl-ctrl-list
nl-tctree-list
[root@node1 bin]# ctr
ctr ctrlaltdel
[root@node1 bin]# ctr version
Client:
Version: v1.6.9
Revision: 1c90a442489720eec95342e1789ee8a5e1b9536f
Go version: go1.18.7 Server:
Version: v1.6.9
Revision: 1c90a442489720eec95342e1789ee8a5e1b9536f
UUID: 4754c3c8-1e9c-4985-894e-70ff37f0247d
安装runC
由于二进制包中提供的runC默认需要系统中安装seccomp支持,需要单独安装,且不同版本runC对seccomp版本要求一致,所以建议单独下载runC 二进制包进行安装,里面包含了seccomp模块支持。
官方地址:https://github.com
下载地址:wget https://github.com/opencontainers/runc/releases/download/v1.1.4/runc.amd64
1、安装
[root@node1 ~]# ls
anaconda-ks.cfg etc runc.amd64
cri-containerd-cni-1.6.9-linux-amd64.tar.gz opt usr
[root@node1 ~]# mv runc.amd64 /usr/bin/runc
[root@node1 ~]# chmod +x /usr/bin/runc
2、验证
[root@node1 ~]# runc -version
runc version 1.1.4
commit: v1.1.4-0-g5fd4c4d1
spec: 1.0.2-dev
go: go1.17.10
libseccomp: 2.5.4
Containerd容器镜像管理
Containerd容器镜像管理命令
- docker使用docker images命令管理镜像
- 单机containerd使用ctr images命令管理镜像,containerd本身的CLI
- k8s中containerd使用crictl images命令管理镜像,Kubernetes社区的专用CLI工具
1、命令使用
[root@node1 ~]# ctr --help
NAME:
ctr -
__
_____/ /______
/ ___/ __/ ___/
/ /__/ /_/ /
\___/\__/_/ containerd CLI USAGE:
ctr [global options] command [command options] [arguments...] VERSION:
v1.6.9 DESCRIPTION: ctr is an unsupported debug and administrative client for interacting
with the containerd daemon. Because it is unsupported, the commands,
options, and operations are not guaranteed to be backward compatible or
stable from release to release of the containerd project. COMMANDS:
plugins, plugin provides information about containerd plugins
version print the client and server versions
containers, c, container manage containers
content manage content
events, event display containerd events
images, image, i manage images
leases manage leases
namespaces, namespace, ns manage namespaces
pprof provide golang pprof outputs for containerd
run run a container
snapshots, snapshot manage snapshots
tasks, t, task manage tasks
install install a new package
oci OCI tools
shim interact with a shim directly
help, h Shows a list of commands or help for one command GLOBAL OPTIONS:
--debug enable debug output in logs
--address value, -a value address for containerd's GRPC server (default: "/run/containerd/containerd.sock") [$CONTAINERD_ADDRESS]
--timeout value total timeout for ctr commands (default: 0s)
--connect-timeout value timeout for connecting to containerd (default: 0s)
--namespace value, -n value namespace to use with commands (default: "default") [$CONTAINERD_NAMESPACE]
--help, -h show help
--version, -v print the version
2、查看镜像(五种方式均可查看)
[root@node1 ~]# ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@node1 ~]# ctr images list
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@node1 ~]# ctr image ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@node1 ~]# ctr i list
REF TYPE DIGEST SIZE PLATFORMS LABELS
[root@node1 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
3、下载镜像
containerd支持oci标准的镜像,所以可以直接使用docker官方或dockerfile构建的镜像
[root@node1 ~]# ctr images pull --help
NAME:
ctr images pull - pull an image from a remote USAGE:
ctr images pull [command options] [flags] <ref> DESCRIPTION:
Fetch and prepare an image for use in containerd.
After pulling an image, it should be ready to use the same reference in a run
command. As part of this process, we do the following:
1. Fetch all resources into containerd.
2. Prepare the snapshot filesystem with the pulled resources.
3. Register metadata for the image.
OPTIONS:
--skip-verify, -k skip SSL certificate validation # 跳过 SSL 证书验证
--plain-http allow connections using plain HTTP # 允许使用纯 HTTP 连接
--user value, -u value user[:password] Registry user and password # 注册用户和密码
--refresh value refresh token for authorization server # 授权服务器的刷新令牌
--hosts-dir value Custom hosts configuration directory # 自定义主机配置目录
--tlscacert value path to TLS root CA # 值到 TLS 根 CA 的路径
--tlscert value path to TLS client certificate # 值 TLS 客户端证书的路径
--tlskey value path to TLS client key # 客户端密钥的 tlskey 值路径
--http-dump dump all HTTP request/responses when interacting with container registry 在与容器注册表交互时转储所有 HTTP 请求/响应
--http-trace enable HTTP tracing for registry interactions # 为注册表交互启用 HTTP 跟踪
--snapshotter value snapshotter name. Empty value stands for the default value. [$CONTAINERD_SNAPSHOTTER] # 值快照程序名称。空值代表默认值。
--label value labels to attach to the image # 值标签附加到图像
--platform value Pull content from a specific platform # 从特定平台拉取内容
--all-platforms pull content and metadata from all platforms # 从所有平台中提取内容和元数据
--all-metadata Pull metadata for all platforms # 为所有平台拉取元数据
--print-chainid Print the resulting image's chain ID # 打印结果图像的链 ID
--max-concurrent-downloads value Set the max concurrent downloads for each pull (default: 0) # 设置每次拉取的最大并发下载量
3.1 查看不指定平台的支持
[root@node1 ~]# ctr images pull nginx:stable
ctr: failed to resolve reference "nginx:stable": parse "dummy://nginx:stable": invalid port ":stable" after host
[root@node1 ~]# ctr images pull docker.io/library/nginx:stable
docker.io/library/nginx:stable: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:530f601770ac6d8fa1f89eea41ed5e68c9e7e1350b632f6c2d6130fc7e6e6def: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a8acafbf647e882d55071a1b1cab522058d1652d728e7c0cbbb87842c90a1ddf: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:0ccb2559380c363276bbbbb6bf64a1247049865345ad4ff0951bc9c9c1f6f1e8: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:e9995326b091af7b3ce352fad4d76cf3a3cb62b7a0c35cc5f625e8e649d23c50: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:6cc239fad4598fc1aa1663807ecb734ffc0caf2e415da9a639b99881fa853273: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:55bbc49cb4de1c16460d1b3b5eeb8a22b2b42f6fe51f358f4ecff6fc1ded0358: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a3949c6b4890f8c6a91c7907731a12750c1d2b9aa460534e42ae28087ceb6ba2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b9e696b15b8ab12c46463aa3e93c98a2bfabcdaeb5d776de8ccfc773d2283e0a: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 10.0s total: 54.2 M (5.4 MiB/s)
unpacking linux/amd64 sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92...
done: 22.749826389s
[root@node1 ~]# uname -a
Linux node1 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@node1 ~]# date
2022年 11月 15日 星期二 17:29:42 CST
[root@node1 ~]# ctr images ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
3.2 指定(单个)平台下载
[root@node1 ~]# ctr images pull --platform linux/amd64 docker.io/library/nginx:alpine
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:455c39afebd4d98ef26dd70284aa86e6810b0485af5f4f222b19b89758cabf1e: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:0f2ab24c6aba5d96fcf6e7a736333f26dca1acf5fa8def4c276f6efc7d56251f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:4342b1ab302e894161372b32fe2976899a978bf8ff2241fb1655dc25e6645a34: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:19dd4d73108a1feefc29d299f3727467ac02486c83474fc3979e4a7637291fe6: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ca7dd9ec2225f2385955c43b2379305acd51543c28cf1d4e94522b3d94cce3ce: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:76a48b0f58980a64d28bc3575ae4733eb337f7b82403559122b13d5e2ced3921: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2f12a0e7c01d607251a4040fa41518fd2542f3ebab83a6f7817867d0de111c96: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:1a7b9b9bbef6853211515e42f58be7763749950c244a0c485bb4afd1946e06d7: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:b704883c57afcf77f6bc48709943bcf808c9e9945d7e04926be41226fa415d33: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 8.6 s total: 7.7 Mi (915.8 KiB/s)
unpacking linux/amd64 sha256:455c39afebd4d98ef26dd70284aa86e6810b0485af5f4f222b19b89758cabf1e...
done: 488.54181ms
[root@node1 ~]# uname -a
Linux node1 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
3.3 指定(全部)平台下载
[root@node1 ~]# ctr images pull --all-platforms docker.io/library/nginx:latest
..........
layer-sha256:5b221a36b4338b09410bbe89507e41d0b7f29bca528624270cdae477a994a020: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:fcd48e11f0ee5b433a823d2ce982c083cc16daf0de2c64acd8f58f0fee3b4abf: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2c61dffb3feda2a72f267842bc181dda76c16a6902616dbf8379f2e2175aa046: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 38.7s total: 395.6 (10.2 MiB/s)
unpacking linux/amd64 sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d...
unpacking linux/arm/v5 sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d...
unpacking linux/arm/v7 sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d...
unpacking linux/arm64/v8 sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d...
unpacking linux/386 sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d...
unpacking linux/mips64le sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d...
unpacking linux/ppc64le sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d...
unpacking linux/s390x sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d...
done: 30.090253019s
3.4 查看所有镜像
[root@node1 ~]# ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:455c39afebd4d98ef26dd70284aa86e6810b0485af5f4f222b19b89758cabf1e 9.8 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x -
docker.io/library/nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
4、挂载镜像
[root@node1 ~]# ctr images mount docker.io/library/nginx:latest /mnt
sha256:8b811a30cb94c227fb2ae61a2a1ec1e93381dbef06f9ea6b5c06df4f27651fed
/mnt
[root@node1 ~]# ls /mnt
bin boot dev docker-entrypoint.d docker-entrypoint.sh etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
5、卸载镜像
[root@node1 ~]# umount /mnt/
[root@node1 ~]# ls /mnt/
[root@node1 ~]#
6、镜像导出
说明:
- --all-platforms,导出所有平台镜像,本版本为1.6版本,1.4版本不需要添加此选项。
6.1 导出所有平台镜像
[root@node1 ~]# ctr i export --all-platforms nginx.img docker.io/library/nginx:latest
[root@node1 ~]# ls
etc nginx.img opt usr
6.2 导出单个平台镜像
[root@node1 ~]# ctr i export --platform linux/amd64 nginx.img docker.io/library/nginx:latest
[root@node1 ~]# ll
总用量 183296
drwxr-xr-x 4 root root 51 10月 25 01:43 etc
-rw-r--r-- 1 root root 56853504 11月 16 10:56 nginx.img
drwxr-xr-x 4 root root 35 10月 25 01:42 opt
drwxr-xr-x 3 root root 19 10月 25 01:41 usr
7、删除镜像
说明:
- rm 、remove 、delete、del 四个命令都可以用来删除镜像
- 多个镜像也可以一起删除,只需要加到命令后面
[root@node1 ~]# ctr images rm docker.io/library/nginx:alpine
docker.io/library/nginx:alpine
[root@node1 ~]# ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
7.2 删除所有镜像
[root@node1 ~]# ctr i rm $(ctr i ls)
WARN[0000] REF: image not found
WARN[0000] TYPE: image not found
WARN[0000] DIGEST: image not found
WARN[0000] SIZE: image not found
WARN[0000] PLATFORMS: image not found
WARN[0000] LABELS: image not found
docker.io/library/mysql:latest
8、导入镜像
[root@node1 ~]# ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
[root@node1 ~]# ctr images import nginx.img
unpacking docker.io/library/nginx:latest (sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d)...done
[root@node1 ~]# ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
9、修改tag
语法:
- ctr images tag 命令选项 源镜像tag 目标tag 目标tag ....可以跟多个目标tag
[root@node1 ~]# ctr i tag docker.io/library/mysql:latest mysql:latest
mysql:latest
[root@node1 ~]# ctr i ls
REF TYPE DIGEST SIZE PLATFORMS LABELS
docker.io/library/mysql:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:25aace9734db96ae09c24c6a2eeb6db4720c41d493de352eb76007eddf437fbe 150.0 MiB linux/amd64,linux/arm64/v8 -
docker.io/library/nginx:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:d08d964023fe853b491e1f5eb182499653722c58cc4c294f2675f39d7c6a209d 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
docker.io/library/nginx:stable application/vnd.docker.distribution.manifest.list.v2+json sha256:6f93c7c8b3ecc6ff99a743564c9701278d3f678bbe09d12dd3019bbb3d534f92 54.2 MiB linux/386,linux/amd64,linux/arm/v5,linux/arm/v7,linux/arm64/v8,linux/mips64le,linux/ppc64le,linux/s390x -
mysql:latest application/vnd.docker.distribution.manifest.list.v2+json sha256:25aace9734db96ae09c24c6a2eeb6db4720c41d493de352eb76007eddf437fbe 150.0 MiB linux/amd64,linux/arm64/v8
[root@node1 ~]# ctr i tag docker.io/library/mysql:latest mysql:12345 mysql:123
mysql:12345
mysql:123
Containerd容器管理
1、查看容器
[root@node1 ~]# ctr c ls
CONTAINER IMAGE RUNTIME
[root@node1 ~]# ctr container ls
CONTAINER IMAGE RUNTIME
[root@node1 ~]# ctr containers ls
CONTAINER IMAGE RUNTIME
2、查看容器进程(任务)
[root@node1 ~]# ctr t ls
TASK PID STATUS
[root@node1 ~]# ctr tasks ls
TASK PID STATUS
[root@node1 ~]# ctr task ls
TASK PID STATUS
3、创建静态容器
[root@node1 ~]# ctr containers create docker.io/library/nginx:latest nginx
ctr: image "docker.io/library/nginx:latest": not found
[root@node1 ~]# ctr images pull docker.io/library/nginx:latest
docker.io/library/nginx:latest: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:e209ac2f37c70c1e0e9873a5f7231e91dcd83fdf1178d8ed36c2ec09974210ba: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:6ad8394ad31b269b563566998fd80a8f259e8decf16e807f8310ecc10c687385: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:9802a2cfdb8d8504273e75f503a7c9fb4594782653b8252ec3073ae7b850a235: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:88736fe827391462a4db99252117f136b2b25d1d31719006326a437bb40cb12d: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a603fa5e3b4127f210503aaa6189abf6286ee5a73deeaab460f8f33ebc6b64e2: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c39e1cda007e48da53e4b20c928bcefa9e10958c7461c1ca645b5eed9a2ba029: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:90cfefba34d7c6a81fe1dfbb4a579998c65ff49092052967f63ddc48f6be85d9: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:a38226fb7abac764207dffedaee902fdf63c9d4ec076236fb632fe991c4d4b4f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:62583498bae6886d90f3b1cbad2ebbeb68b66948161413087ff27b05cb75b994: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 10.7s total: 54.2 M (5.1 MiB/s)
unpacking linux/amd64 sha256:e209ac2f37c70c1e0e9873a5f7231e91dcd83fdf1178d8ed36c2ec09974210ba...
done: 2.371879085s
[root@node1 ~]# ctr containers create docker.io/library/nginx:latest nginx
[root@node1 ~]# ctr containers ls
CONTAINER IMAGE RUNTIME
nginx docker.io/library/nginx:latest io.containerd.runc.v2
[root@node1 ~]# ctr tasks ls
TASK PID STATUS
说明:
- 使用 ctr container create 命令创建容器后,容器并没有处于运行状态,其只是一个静态的容器。这个 container 对象只是包含了运行一个容器所需的资源及配置的数据结构,例如: namespaces、rootfs 和容器的配置都已经初始化成功了,只是用户进程(本案例为nginx)还没有启动。需要使用`ctr tasks`命令才能获取一个动态容器。
- ctr 创建容器的时候本地必须要有镜像,否则报错
4、静态容器启动为动态容器
注:需要将containerd中的containerd-shim-runc-v2拷贝到系统的/usr/bin/目录下,负责启动会报错。
[root@node1 ]# ctr tasks start nginx
ctr: failed to start shim: failed to resolve runtime path: runtime "io.containerd.runc.v2" binary not installed "containerd-shim-runc-v2": file does not exist: unknown
CTR:启动垫片失败:无法解析运行时路径:未安装运行时“io.containerd.runc.v2”二进制文件“containerd-shim-runc-v2”:文件不存在:未知
[root@node1 bin]# cp /root/usr/local/bin/containerd-shim-runc-v2 /usr/bin/
[root@node1 bin]# ls /usr/bin/ | grep containerd-shim-runc-v2
containerd-shim-runc-v2
# 启动task,即表时在容器中运行了进程,即为动态容器。
[root@node1 bin]# ctr tasks start -d nginx
4.1 查看容器宿主机进程
# 查看容器所在宿主机进程,是以宿主机进程的方式存在的。
[root@node1 bin]# ctr task ls
TASK PID STATUS
nginx 3356 RUNNING
# 查看容器的进程(都是物理机的进程)
[root@node1 bin]# ctr task ps nginx
PID INFO
3356 -
3387 -
3388 -
# 物理机查看到相应的进程
[root@node1 bin]# ps aux | grep 3356
root 3356 0.0 0.3 8916 3488 ? Ss 17:26 0:00 nginx: master process nginx -g daemon off;
root 3416 0.0 0.0 112824 988 pts/0 S+ 17:29 0:00 grep --color=auto 3356
5、进入到容器中
[root@node1 bin]# ctr tasks exec --exec-id 2 nginx2 /bin/sh
ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) curl http://127.0.0.1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 615 100 615 0 0 823k 0 --:--:-- --:--:-- --:--:-- 600k
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p> <p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p>
</body>
</html>
说明:
- 为exec进程设定一个id,可以随意输入,只要保证唯一即可,也可使用$RANDOM变量。
6、运行一个动态容器
说明:
- -d 代表dameon,后台运行
- --net-host 代表容器的IP就是宿主机的IP(相当于docker里的host类型网络)
[root@node1 vod]# ctr run -d --net-host docker.io/library/nginx:alpine nginx
[root@node1 vod]# ctr t ls
TASK PID STATUS
nginx 3582 RUNNING
6.1 进入容器
[root@node1 vod]# ctr task exec --exec-id 1 -t nginx /bin/sh
/ # ifconfig
ens32 Link encap:Ethernet HWaddr 00:0C:29:DF:7E:67
inet addr:192.168.1.90 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::8449:8163:c2e:26fb/64 Scope:Link
inet6 addr: fe80::e340:238:62a0:6413/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39979 errors:0 dropped:0 overruns:0 frame:0
TX packets:4733 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4738148 (4.5 MiB) TX bytes:496878 (485.2 KiB) lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:56 errors:0 dropped:0 overruns:0 frame:0
TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:4409 (4.3 KiB) TX bytes:4409 (4.3 KiB) / # curl http://192.168.1.90
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p> <p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p>
</body>
</html>
# 修改显示文件
/ # echo "nginx" > /usr/share/nginx/html/index.html
/ # curl http://192.168.1.90
nginx
/ # exit
# 宿主机也可以访问
[root@node1 vod]# curl http://192.168.1.90
nginx
7、暂停容器
[root@node1 ~]# ctr t ls
TASK PID STATUS
nginx4 3187 RUNNING
[root@node1 ~]# ctr tasks --help
NAME:
ctr tasks - manage tasks USAGE:
ctr tasks command [command options] [arguments...] COMMANDS:
attach attach to the IO of a running container
checkpoint checkpoint a container
delete, del, remove, rm delete one or more tasks
exec execute additional processes in an existing container
list, ls list tasks
kill signal a container (default: SIGTERM)
pause pause an existing container
ps list processes for container
resume resume a paused container
start start a container that has been created
metrics, metric get a single data point of metrics for a task with the built-in Linux runtime OPTIONS:
--help, -h show help [root@node1 ~]# ctr tasks pause nginx4
[root@node1 ~]# ctr t ls
TASK PID STATUS
nginx4 3187 PAUSED
8、恢复容器
[root@node1 ~]# ctr task resume nginx4
[root@node1 ~]# ctr t ls
TASK PID STATUS
nginx4 3187 RUNNING
9、停止容器
# 使用kill命令停止容器中运行的进程,既为停止容器
[root@node1 ~]# ctr t ls
TASK PID STATUS
nginx4 3187 RUNNING
[root@node1 ~]# ctr task kill nginx4
[root@node1 ~]# ctr t ls
TASK PID STATUS
nginx4 3187 STOPPED
9.1 删除一个进程
# 必须先停止tasks或先删除task,再删除容器
[root@node1 ~]# ctr task delete nginx4
[root@node1 ~]# ctr c ls
CONTAINER IMAGE RUNTIME
nginx4 docker.io/library/nginx:alpine io.containerd.runc.v2
注:
- 查看静态容器,确认其还存在于系统中
- 再次启动,容器即可恢复,如下:
[root@node1 ~]# ctr task start -d nginx4
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
[root@node1 ~]# ctr t ls
TASK PID STATUS
nginx4 3416 RUNNING
10、删除容器
注:删除容器之前,必须先停止进程,否则报错,删除容器后,进程也会一块删除!
[root@node1 ~]# ctr t ls
TASK PID STATUS
nginx4 3416 RUNNING
[root@node1 ~]# ctr c ls
CONTAINER IMAGE RUNTIME
nginx4 docker.io/library/nginx:alpine io.containerd.runc.v2
[root@node1 ~]# ctr container rm nginx4
ERRO[0000] failed to delete container "nginx4" error="cannot delete a non stopped container: {running 0 0001-01-01 00:00:00 +0000 UTC}"
ctr: cannot delete a non stopped container: {running 0 0001-01-01 00:00:00 +0000 UTC} # 无法删除未停止的容器
[root@node1 ~]# ctr task kill nginx4
[root@node1 ~]# ctr t ls
TASK PID STATUS
nginx4 3416 STOPPED
[root@node1 ~]# ctr container delete nginx4
[root@node1 ~]# ctr c ls
CONTAINER IMAGE RUNTIME
Containerd 安装及使用(yum及源码)的更多相关文章
- linux 基础入门(8) 软件安装 rpm、yum与源码安装详解
8.软件 RPM包安装 8.1rpm安装 rpm[选项]软件包名称 主选项 -i 安装 -e卸载 -U升级 -q查找 辅助选项 -ⅴ显示过程 -h --hash 查询 -a-all查询所有安装的包 - ...
- 逃不掉的mysql数据库安装方式大全yum rpm 源码
数据库虽然也不是天天安装,但每次安装都要找来找去挺烦,特整理记录在此. 系统基于:Centos 7.x 数据库版本: MySQL 5.7.x 转载请注明出处 Yum 安装方式 1.下载 yum rep ...
- 安装Nginx到Linux(源码)
运行环境 系统版本:无 软件版本:无 硬件要求:无 安装过程 NGINX官方提供源码包的下载,NGINX有两个版本Mainline(主线)版和Stable(稳定)版.主线版本我们可以理解为是开发版本, ...
- Linux基础3(用户/组管理,rpm,yum,源码安装软件)
用户管理 与用户相关的配置文件 /etc/passwd /etc/shadow /etc/skel /etc/defalut/useradd /etc/login.defs useradd userm ...
- Linux基础--------监控系统、进程管理、软件包管理-------free、dd、kill、 rpm、yum、源码安装python
作业一:1) 开启Linux系统前添加一块大小为15G的SCSI硬盘 2) 开启系统,右击桌面,打开终端 3) 为新加的硬盘分区,一个主分区大小为5G,剩余空间给扩展分区,在扩展分区上划分1个逻辑分区 ...
- Centos7通过yum跟源码编译安装Nginx
源码编译安装 http://nginx.org/en/download.html 到官网下载,然后用XFTP上传到root目录 把文件解压出来 tar -zxvf nginx-1.16.0.tar.g ...
- linux安装MySQL5.7.13(二进制|源码)
二进制和源码版本安装MySQL5.7.13,并简单介绍不同之处. 一.通用二进制部分 1.下载MySQL通用二进制软件包.[root@node1 ~]# wget http://120.52.72.2 ...
- CentOS安装相应版本的内核源码
昨天接到同事给安排的新任务,测试系统性能:网上查了些资料,目测perf功能很强大,而且是内核源码自带的,编译安装即可使用:看了下自己的虚拟机,没有内核源码,好吧,装一个: 查看一下系统版本: #cat ...
- 【从零开始搭建K8S】【第一篇】CentOS7.6离线安装Docker(手动安装以及基于yum本地源安装)
下载CentOS7.6以及最小化安装CentOS7.6版本.由于CentOS属于开源软件,在国内也有很多的mirror站点可供下载,我选择的是华为站点进行下载:http://mirrors.huawe ...
- 拾遗:{rpm、yum及源码方式管理软件包}
一.yum配置文件位置 /etc/yum.conf /etc/yum.repos.d/*.repo 二.yum常用命令 install pkgs reinstall pkgs update pkgs ...
随机推荐
- 今天学到的新知识--自己的电脑可以像Github Pages、码云 Pages一样发布静态资源
大佬教我的,感觉这个很神奇哦 假设下面这个路径是我的本地电脑静态资源路径 打开powershell窗口 然后按照下图的样子执行命令 复制网址就可以访问啦 然后可以通过 https://iplocati ...
- Java入门与进阶P-3.7+P-3.8
猜数游戏 让计算机来想一个数,然后让用户来猜,用户每输入一个数,就告诉它这是大了还是小了,知道用户猜中为止,最后还要告诉用户它猜了多少次 因为需要不断重复让用户猜,所以需要用到循环 在实际写出程序之前 ...
- Java JDK1.5: 泛型 新特性的讲解说明
Java JDK1.5: 泛型 新特性的讲解说明 每博一文案 听到过这样一句话:"三观没有标准.在乌鸦的世界里,天鹅也有罪." 环境.阅历的不同,造就了每个人独有的世界观.人生观. ...
- http协议的请求方式
协议 协议,就是通信双方去定义的一堆数据格式,并且共同遵守的标准. HTTP协议 HTTP是一个基于TCP/IP通信协议来传递数据,包括html文件.图像.结果等,即是一个客户端和服务器端请求和应答的 ...
- linux 基础(6)简单认识 bash
shell 和 bash 是什么? shell 是一种应用程序,在这个程序里输入文字指令,系统就会做出响应的操作.这个"壳程序"是我们使用系统各种功能的接口,学会了 shell 就 ...
- Idea创建类模板方法模板
参考https://blog.csdn.net/sdut406/article/details/81750858 写代码是少不了注释的,但是自带的注释就几个,所以使用注释模板添加自定义的注释是个非常好 ...
- OPENMP FOR CONSTRUCT GUIDED 调度方式实现原理和源码分析
OPENMP FOR CONSTRUCT GUIDED 调度方式实现原理和源码分析 前言 在本篇文章当中主要给大家介绍在 OpenMP 当中 guided 调度方式的实现原理.这个调度方式其实和 dy ...
- Dapr Workflow构建块的.NET Demo
Dapr 1.10版本中带来了最有亮点的特性就是工作流构建块的的发布,虽然是Alpha 阶段,可以让我们尽早在应用系统中规划工作流, 在使用Dapr的系统中更好的编写负责的分布式应用系统.Dapr 工 ...
- 学习Java Day21
今天学习了静态导入,可以导入静态方法和静态字段
- 2021级《JAVA语言程序设计》上机考试试题6
首先管理员页面 代码: <%@ page language="java" contentType="text/html; charset=UTF-8" p ...