我目前正在尝试使用 buildroot 让容器在我的 RPi(CM4 模块)上运行。
我已经配置了内核和附加包,以便我应该能够运行容器。我可以containerd通过在终端中运行来验证它是否正确运行。同时我可以执行以下操作:
ctr run --no-pivot --rm docker.io/library/hello-world:latest test
这有效,我收到了 hello-world 消息
然而,当运行一个更雄心勃勃的容器时,我收到一个错误:
ctr run --no-pivot --rm -t --net-host docker.io/library/nginx:1.21 nginx
输出:
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/01/23 11:09:36 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2023/01/23 11:09:36 [notice] 1#1: try again to bind() after 500ms
2023/01/23 11:09:36 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2023/01/23 11:09:36 [notice] 1#1: try again to bind() after 500ms
2023/01/23 11:09:36 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2023/01/23 11:09:36 [notice] 1#1: try again to bind() after 500ms
这是由于另一个服务在端口 80 上运行。如果我停止该服务,它会起作用:
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/01/23 12:42:51 [notice] 1#1: using the "epoll" event method
2023/01/23 12:42:51 [notice] 1#1: nginx/1.21.6
2023/01/23 12:42:51 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2023/01/23 12:42:51 [notice] 1#1: OS: Linux 5.10.110-v8
2023/01/23 12:42:51 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1024:1024
2023/01/23 12:42:51 [notice] 1#1: start worker processes
2023/01/23 12:42:51 [notice] 1#1: start worker process 31
2023/01/23 12:42:51 [notice] 1#1: start worker process 32
2023/01/23 12:42:51 [notice] 1#1: start worker process 33
2023/01/23 12:42:51 [notice] 1#1: start worker process 34
但问题是:我仍然需要释放80端口。
现在,我想将该端口映射到其他地方,例如端口 8080。
我尝试这样做nerdctl(我之前也使用 buildroom 编译进行过配置),但我收到此错误:
# nerdctl run --rm -it --name nginx -p 80:8080 docker.io/library/nginx:1.21
FATA[0001] failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: time="2023-01-23T13:45:04+01:00" level=fatal msg="failed to call cni.Setup: plugin type=\"bridge\" failed (add): running [/usr/sbin/iptables -t nat -A CNI-40513ffc80d158b3c3937c5b -d 10.4.0.18/24 -j ACCEPT -m comment --comment name: \"bridge\" id: \"default-9c651b466d3604dfe46ace174f0cb61634ab731d560428d10475b357016d79e3\" --wait]: exit status 1: Warning: Extension comment revision 0 not supported, missing kernel module?\niptables: No chain/target/match by that name.\n"
Failed to write to log, write /var/lib/nerdctl/1935db59/containers/default/9c651b466d3604dfe46ace174f0cb61634ab731d560428d10475b357016d79e3/oci-hook.createRuntime.log: file already closed: unknown
现在,为了达到这一目标,我不仅必须启用 CNI 插件。host-local缺少/opt/cni/bin/,所以我下载了这个:https://github.com/containerd/containerd/releases/download/v1.6.15/cri-containerd-cni-1.6.15-linux-arm64.tar.gz,并提取/opt/cni/bin/host-local,以及/etc/cni/net.d/10-containerd-net.conflist。两者在 buildroot 套件中都不可用。即便如此,当尝试调整配置时,/etc/cni/net.d/10-containerd-net.conflist它仍然不起作用。我没有更多的 CNI 模块可以编译到 buildroot 中。
这就是我被困住的地方。
我在这里缺少什么?iptables也在 buildroot 中启用,所以这不应该是一个问题。
我的目标是能够在使用 buidroot 制作的环境中的 RPi CM4 上运行容器,以便我可以自由映射端口等。
我知道我无法使用ctror映射端口runc,因此我尝试使用nerdctl(主要是因为它可以作为 buildroot 中的模块使用)
(用“docker”标记,因为通用容器标记不可用)