我正在尝试构建一个运行docker的自定义发行版。我正在使用 猕猴桃框架实现这一点。Docker 安装在构建过程中成功完成。问题是我想在构建过程中加载一些 docker 镜像,以便系统启动时包含所有需要的镜像。问题是 KIWI 软件用于chroot运行 docker load、docker pull 等命令。这些命令需要正在运行的 docker 守护进程。当我尝试启动守护进程时,它总是失败。我尝试了以下方法:
运行 docker :systemctl start docker失败(systemctl 设计上将拒绝在 chroot jail 中启动服务)
运行 docker through:/usr/bin/dockerd也会失败并生成以下日志
time="2019-02-04T16:00:25.861184013+01:00" level=warning msg="Error while setting daemon root propagation, this is not generally critical but may cause some functionality to not work or fallback to less desirable behavior" dir=/var/lib/docker error="error getting daemon root's parent mount: Can't find mount point of /var/lib/docker"
time="2019-02-04T16:00:25.861693151+01:00" level=info msg="libcontainerd: started new docker-containerd process" pid=19256
time="2019-02-04T16:00:25.861719642+01:00" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2019-02-04T16:00:25.861728310+01:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2019-02-04T16:00:25.861756358+01:00" level=info msg="ccResolverWrapper: sending new addresses to cc: [{unix:///var/run/docker/containerd/docker-containerd.sock 0 <nil>}]" module=grpc
time="2019-02-04T16:00:25.861765096+01:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2019-02-04T16:00:25.861797149+01:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc4203c57b0, CONNECTING" module=grpc
time="2019-02-04T16:00:25+01:00" level=info msg="starting containerd" revision=468a545b9edcd5932818eb9de8e72413e616e86e version=v1.1.2
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.content.v1.content"..." type=io.containerd.content.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.snapshotter.v1.btrfs"..." type=io.containerd.snapshotter.v1
time="2019-02-04T16:00:25+01:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.btrfs" error="failed to find the mount info for "/var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs""
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.snapshotter.v1.aufs"..." type=io.containerd.snapshotter.v1
time="2019-02-04T16:00:25+01:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.aufs" error="modprobe aufs failed: "modprobe: FATAL: Module aufs not found in directory /lib/modules/4.12.14-lp150.12.45-default\n": exit status 1"
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.snapshotter.v1.native"..." type=io.containerd.snapshotter.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.snapshotter.v1.overlayfs"..." type=io.containerd.snapshotter.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1
time="2019-02-04T16:00:25+01:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.zfs" error="failed to find the mount info for "/var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs""
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.metadata.v1.bolt"..." type=io.containerd.metadata.v1
time="2019-02-04T16:00:25+01:00" level=warning msg="could not use snapshotter btrfs in metadata plugin" error="failed to find the mount info for "/var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs""
time="2019-02-04T16:00:25+01:00" level=warning msg="could not use snapshotter aufs in metadata plugin" error="modprobe aufs failed: "modprobe: FATAL: Module aufs not found in directory /lib/modules/4.12.14-lp150.12.45-default\n": exit status 1"
time="2019-02-04T16:00:25+01:00" level=warning msg="could not use snapshotter zfs in metadata plugin" error="failed to find the mount info for "/var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs""
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.differ.v1.walking"..." type=io.containerd.differ.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.gc.v1.scheduler"..." type=io.containerd.gc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.service.v1.containers-service"..." type=io.containerd.service.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.service.v1.content-service"..." type=io.containerd.service.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.service.v1.diff-service"..." type=io.containerd.service.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.service.v1.images-service"..." type=io.containerd.service.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.service.v1.leases-service"..." type=io.containerd.service.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.service.v1.namespaces-service"..." type=io.containerd.service.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.service.v1.snapshots-service"..." type=io.containerd.service.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.monitor.v1.cgroups"..." type=io.containerd.monitor.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.runtime.v1.linux"..." type=io.containerd.runtime.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.service.v1.tasks-service"..." type=io.containerd.service.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.containers"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.content"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.diff"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.events"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.healthcheck"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.images"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.leases"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.namespaces"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.snapshots"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.tasks"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.version"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." type=io.containerd.grpc.v1
time="2019-02-04T16:00:25+01:00" level=info msg=serving... address="/var/run/docker/containerd/docker-containerd-debug.sock"
time="2019-02-04T16:00:25+01:00" level=info msg=serving... address="/var/run/docker/containerd/docker-containerd.sock"
time="2019-02-04T16:00:25+01:00" level=info msg="containerd successfully booted in 0.008216s"
time="2019-02-04T16:00:25.884102534+01:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc4203c57b0, READY" module=grpc
time="2019-02-04T16:00:25.887492664+01:00" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2019-02-04T16:00:25.887505949+01:00" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2019-02-04T16:00:25.887530644+01:00" level=info msg="ccResolverWrapper: sending new addresses to cc: [{unix:///var/run/docker/containerd/docker-containerd.sock 0 <nil>}]" module=grpc
time="2019-02-04T16:00:25.887540195+01:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2019-02-04T16:00:25.887563400+01:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc4201821f0, CONNECTING" module=grpc
time="2019-02-04T16:00:25.887660990+01:00" level=info msg="pickfirstBalancer: HandleSubConnStateChange: 0xc4201821f0, READY" module=grpc
time="2019-02-04T16:00:25.909326944+01:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
time="2019-02-04T16:00:25.909459182+01:00" level=warning msg="Your kernel does not support cgroup memory limit"
time="2019-02-04T16:00:25.909468854+01:00" level=warning msg="Unable to find cpu cgroup in mounts"
time="2019-02-04T16:00:25.909473921+01:00" level=warning msg="Unable to find blkio cgroup in mounts"
time="2019-02-04T16:00:25.909478263+01:00" level=warning msg="Unable to find cpuset cgroup in mounts"
time="2019-02-04T16:00:25.909552255+01:00" level=warning msg="mountpoint for pids not found"
Error starting daemon: Devices cgroup isn't mounted
有没有什么技术可以在 chroot Jail 中启动 docker daemon ?
答案1
chroot 需要 cgroups - 您必须确保 chroot 已安装正确的文件系统/proc /dev /sys,您可以再次安装或从主机进行 rbind - 然后您需要在 jail 内安装 cgroups(如果您已进行 rbind,则/sys可能已经拥有它们/sys/fs/cgroup)。您可以使用这些脚本安装 cgroups。-然后启动 docker
由于您无法从 chroot 加载内核模块,因此您必须确保事先安装这些模块,例如overlay存储驱动程序和nf_conntrack网络模块。或者,您可以随时回退到vfs存储驱动程序并禁用 iptables...