- 探讨话题
- 实战剖析
- 1、不配参数
- 2、带参数
- 附官方配置
执行以下命令后,运行的docker容器还能正常提供服务吗?或者换种说法,容器内对应的服务进程还存在吗?
~]# systemctl stop docker.service
此问题是我一个同事抛出来的,当时我没经过太多思考,也直接进行了回答:“不能说停掉,是你本身就没docker守护进程了,有多少个容器你也看不到了,再往后推理,容器也提供不了对应的服务。”,当时我是这样回答的,接着我又抛出了这个话题,在深圳的一位朋友(高级云原生工程师:包包),他回复默认是所有docker容器都会受影响的,但是记得好像有一种是不受影响的,最后也找到了Docker官方提供的链接 https://docs.docker.com/config/containers/live-restore/
附当时的争论记录
最后的仰慕
docker配置文件概览
[root@VM-0-30-centos ~]# cat /etc/docker/daemon.json
{
"graph": "/data/ti-platform/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com","quay.io"],
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
"bip": "172.0.30.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver":"json-file",
"log-opts": {
"max-size": "256M",
"max-file": "3"
}
}
查看当前运行的容器
查看docker.service状态
执行重启docker动作,发现所有容器状态已经变为Exited,这时会引来一个问题,假如我们刚好需要重启docker,不可能一重启其他容器就都退出了,还要手动进行启动,这个就成了一个很反感的问题,也会使服务异常。
于是查看Docker官方https://docs.docker.com/config/containers/live-restore/ 有提供参数,无论是停止docker、还是重启,都不会影响我容器里边的服务,也就是服务不会产生中断,接下来看操作演示。
docker配置文件概览
[root@VM-0-30-centos ~]# cat /etc/docker/daemon.json
{
"graph": "/data/ti-platform/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com","quay.io"],
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
"bip": "172.0.30.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver":"json-file",
"log-opts": {
"max-size": "256M",
"max-file": "3"
},
"live-restore": true #官方提供的特殊参数
}
重启生效
[root@VM-0-30-centos ~]# systemctl daemon-reload
[root@VM-0-30-centos ~]# systemctl restart docker
验证stop docker.service,可以看出docker服务已处于不可运行状态
通过公网IP访问Nginx服务,结论:访问正常
检查本地docker进程也是不存在的,符合预期。
接下来分析一下背后实现的逻辑
首先,停止docker服务后还能继续提供服务,它背后的逻辑是在停止前会拍摄类似于一个快照的东西,并且它当前快照是处于激活状态的, 其实更专业一点应该叫瞬态存根。可以看出以下有.scope结尾的文件,其实它就是以服务的角色存在。
查看这个服务的状态,那么是处于active状态,并且也可以看出是nginx容器的
其他会自动保存一个文件,也就是本文前边所提到的瞬态存根
研究了一下 如果你运行有多个容器,停掉之后它就会有对应多个瞬态存根,而且都是激活状态,所以停止docker.service后,服务是不会受影响的,还是可以保持不中断的状态。
附官方配置/etc/docker/daemon.json
{
"allow-nondistributable-artifacts": [],
"api-cors-header": "",
"authorization-plugins": [],
"bip": "",
"bridge": "",
"cgroup-parent": "",
"cluster-advertise": "",
"cluster-store": "",
"cluster-store-opts": {},
"containerd": "/run/containerd/containerd.sock",
"containerd-namespace": "docker",
"containerd-plugin-namespace": "docker-plugins",
"data-root": "",
"debug": true,
"default-address-pools": [
{
"base": "172.30.0.0/16",
"size": 24
},
{
"base": "172.31.0.0/16",
"size": 24
}
],
"default-cgroupns-mode": "private",
"default-gateway": "",
"default-gateway-v6": "",
"default-runtime": "runc",
"default-shm-size": "64M",
"default-ulimits": {
"nofile": {
"Hard": 64000,
"Name": "nofile",
"Soft": 64000
}
},
"dns": [],
"dns-opts": [],
"dns-search": [],
"exec-opts": [],
"exec-root": "",
"experimental": false,
"features": {},
"fixed-cidr": "",
"fixed-cidr-v6": "",
"group": "",
"hosts": [],
"icc": false,
"init": false,
"init-path": "/usr/libexec/docker-init",
"insecure-registries": [],
"ip": "0.0.0.0",
"ip-forward": false,
"ip-masq": false,
"iptables": false,
"ip6tables": false,
"ipv6": false,
"labels": [],
"live-restore": true,
"log-driver": "json-file",
"log-level": "",
"log-opts": {
"cache-disabled": "false",
"cache-max-file": "5",
"cache-max-size": "20m",
"cache-compress": "true",
"env": "os,customer",
"labels": "somelabel",
"max-file": "5",
"max-size": "10m"
},
"max-concurrent-downloads": 3,
"max-concurrent-uploads": 5,
"max-download-attempts": 5,
"mtu": 0,
"no-new-privileges": false,
"node-generic-resources": [
"NVIDIA-GPU=UUID1",
"NVIDIA-GPU=UUID2"
],
"oom-score-adjust": -500,
"pidfile": "",
"raw-logs": false,
"registry-mirrors": [],
"runtimes": {
"cc-runtime": {
"path": "/usr/bin/cc-runtime"
},
"custom": {
"path": "/usr/local/bin/my-runc-replacement",
"runtimeArgs": [
"--debug"
]
}
},
"seccomp-profile": "",
"selinux-enabled": false,
"shutdown-timeout": 15,
"storage-driver": "",
"storage-opts": [],
"swarm-default-advertise-addr": "",
"tls": true,
"tlscacert": "",
"tlscert": "",
"tlskey": "",
"tlsverify": true,
"userland-proxy": false,
"userland-proxy-path": "/usr/libexec/docker-proxy",
"userns-remap": ""
}
参考资料:https://my.oschina.net/xsh1208/blog/1837768
