如何从 systemd 启动 docker 中的 etcd?

tag-icon tag-icon linux docker systemd etcd amazon-linux-2
如何从 systemd 启动 docker 中的 etcd?

我想从 systemd 启动 docker 中的 etcd(单节点),但似乎出了点问题——它在启动后大约 30 秒终止。

看起来服务以状态启动“激活”但大约 30 秒后就终止了,没有达到状态“积极的”. 也许 docker 容器和 systemd 之间缺少信号?

更新(参见帖子底部):failed (Result: timeout)当我删除该Restart=on-failure指令时,systemd 服务状态达到 - 。

当我启动后检查 etcd 服务的状态时,得到了以下结果:

$ sudo systemctl status etcd● etcd.service - etcd   Loaded: loaded (/etc/systemd/system/etcd.service; enabled; vendor preset: disabled)
   Active: activating (auto-restart) (Result: exit-code) since Wed 2021-08-18 20:13:30 UTC; 4s ago
  Process: 2971 ExecStart=/usr/bin/docker run -p 2380:2380 -p 2379:2379 --volume=etcd-data:/etcd-data --name etcd my-aws-account.dkr.ecr.eu-north-1.amazonaws.com/etcd:v3.5.0 /usr/local/bin/etcd --data-dir=/etcd-data --name etcd0 --advertise-client-urls http://10.0.0.11:2379 --listen-client-urls http://0.0.0.0:2379 --initial-advertise-peer-urls http://10.0.0.11:2380 --listen-peer-urls http://0.0.0.0:2380 --initial-cluster etcd0=http://10.0.0.11:2380 (code=exited, status=125)
 Main PID: 2971 (code=exited, status=125)

我在 Amazon Linux 2 机器上运行此程序,并在启动时运行用户数据脚本。我已确认docker.servicedocker_ecr_login.service成功运行。

启动机器后不久,我可以看到 etcd 正在运行:

 sudo systemctl status etcd
● etcd.service - etcd
   Loaded: loaded (/etc/systemd/system/etcd.service; enabled; vendor preset: disabled)
   Active: activating (start) since Wed 2021-08-18 20:30:07 UTC; 1min 20s ago
 Main PID: 1573 (docker)
    Tasks: 9
   Memory: 24.3M
   CGroup: /system.slice/etcd.service
           └─1573 /usr/bin/docker run -p 2380:2380 -p 2379:2379 --volume=etcd-data:/etcd-data --name etcd my-aws-account.dkr.ecr.eu-north-1.amazonaws.com...

Aug 18 20:30:17 ip-10-0-0-11.eu-north-1.compute.internal docker[1573]: {"level":"info","ts":"2021-08-18T20:30:17.690Z","logger":"raft","caller":"...rm 2"}
Aug 18 20:30:17 ip-10-0-0-11.eu-north-1.compute.internal docker[1573]: {"level":"info","ts":"2021-08-18T20:30:17.691Z","caller":"etcdserver/serve..."3.5"}
Aug 18 20:30:17 ip-10-0-0-11.eu-north-1.compute.internal docker[1573]: {"level":"info","ts":"2021-08-18T20:30:17.693Z","caller":"membership/clust..."3.5"}
Aug 18 20:30:17 ip-10-0-0-11.eu-north-1.compute.internal docker[1573]: {"level":"info","ts":"2021-08-18T20:30:17.693Z","caller":"etcdserver/server.go:2...
Aug 18 20:30:17 ip-10-0-0-11.eu-north-1.compute.internal docker[1573]: {"level":"info","ts":"2021-08-18T20:30:17.693Z","caller":"api/capability.g..."3.5"}
Aug 18 20:30:17 ip-10-0-0-11.eu-north-1.compute.internal docker[1573]: {"level":"info","ts":"2021-08-18T20:30:17.693Z","caller":"etcdserver/serve..."3.5"}
Aug 18 20:30:17 ip-10-0-0-11.eu-north-1.compute.internal docker[1573]: {"level":"info","ts":"2021-08-18T20:30:17.693Z","caller":"embed/serve.go:9...ests"}
Aug 18 20:30:17 ip-10-0-0-11.eu-north-1.compute.internal docker[1573]: {"level":"info","ts":"2021-08-18T20:30:17.695Z","caller":"etcdmain/main.go...emon"}
Aug 18 20:30:17 ip-10-0-0-11.eu-north-1.compute.internal docker[1573]: {"level":"info","ts":"2021-08-18T20:30:17.695Z","caller":"etcdmain/main.go...emon"}
Aug 18 20:30:17 ip-10-0-0-11.eu-north-1.compute.internal docker[1573]: {"level":"info","ts":"2021-08-18T20:30:17.702Z","caller":"embed/serve.go:1...2379"}
Hint: Some lines were ellipsized, use -l to show in full.

无论 etcd 监听节点 IP(10.0.0.11)还是 127.0.0.1,我都会得到相同的行为。

我可以在本地运行 etcd,从命令行启动(30 秒后仍未终止), 和:

sudo docker run -p 2380:2380 -p 2379:2379 --volume=etcd-data:/etcd-data --name etcd-local \
my-aws-account.dkr.ecr.eu-north-1.amazonaws.com/etcd:v3.5.0 \
/usr/local/bin/etcd --data-dir=/etcd-data \
--name etcd0 \
--advertise-client-urls http://127.0.0.1:2379 \
--listen-client-urls http://0.0.0.0:2379 \
--initial-advertise-peer-urls http://127.0.0.1:2380 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-cluster etcd0=http://127.0.0.1:2380

etcd 的参数类似于运行单节点 etcd - ectd 3.5 文档

这是用于启动 etcd 的启动脚本的相关部分:

sudo docker volume create --name etcd-data

cat <<EOF | sudo tee /etc/systemd/system/etcd.service
[Unit]
Description=etcd
After=docker_ecr_login.service

[Service]
Type=notify
ExecStart=/usr/bin/docker run -p 2380:2380 -p 2379:2379 --volume=etcd-data:/etcd-data \
 --name etcd my-aws-account.dkr.ecr.eu-north-1.amazonaws.com/etcd:v3.5.0 \
 /usr/local/bin/etcd --data-dir=/etcd-data \
 --name etcd0 \
 --advertise-client-urls http://10.0.0.11:2379 \
 --listen-client-urls http://0.0.0.0:2379 \
 --initial-advertise-peer-urls http://10.0.0.11:2380 \
 --listen-peer-urls http://0.0.0.0:2380 \
 --initial-cluster etcd0=http://10.0.0.11:2380
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl enable etcd
sudo systemctl start etcd

当列出机器上的所有容器时,我可以看到它一直在运行:

sudo docker ps -a
CONTAINER ID   IMAGE                                                       COMMAND                  CREATED          STATUS                      PORTS                          NAMES
a744aed0beb1   my-aws-account.dkr.ecr.eu-north-1.amazonaws.com/etcd:v3.5.0   "/usr/local/bin/etcd…"   25 minutes ago   Exited (0) 24 minutes ago                          etcd

但我怀疑由于容器名称已经存在,因此无法重新启动。

为什么从 systemd 启动 etcd 容器后约 30 秒就会终止?看起来它已成功启动,但 systemd 仅显示其处于“正在激活”状态,而从未显示“活动”状态,并且它似乎在大约 30 秒后终止。从 etcd docker 容器到 systemd 是否缺少一些信号?如果是,我该如何正确获取该信号?

更新:

删除Restart=on-failure服务单元文件内的指令后,我现在得到状态:失败(结果:超时)

$ sudo systemctl status etcd
● etcd.service - etcd
   Loaded: loaded (/etc/systemd/system/etcd.service; enabled; vendor preset: disabled)
   Active: failed (Result: timeout) since Wed 2021-08-18 21:35:54 UTC; 5min ago
  Process: 1567 ExecStart=/usr/bin/docker run -p 2380:2380 -p 2379:2379 --volume=etcd-data:/etcd-data --name etcd my-aws-account.dkr.ecr.eu-north-1.amazonaws.com/etcd:v3.5.0 /usr/local/bin/etcd --data-dir=/etcd-data --name etcd0 --advertise-client-urls http://127.0.0.1:2379 --listen-client-urls http://0.0.0.0:2379 --initial-advertise-peer-urls http://127.0.0.1:2380 --listen-peer-urls http://0.0.0.0:2380 --initial-cluster etcd0=http://127.0.0.1:2380 (code=exited, status=0/SUCCESS)
 Main PID: 1567 (code=exited, status=0/SUCCESS)

Aug 18 21:35:54 ip-10-0-0-11.eu-north-1.compute.internal docker[1567]: {"level":"info","ts":"2021-08-18T21:35:54.332Z","caller":"osutil/interrupt...ated"}
Aug 18 21:35:54 ip-10-0-0-11.eu-north-1.compute.internal docker[1567]: {"level":"info","ts":"2021-08-18T21:35:54.333Z","caller":"embed/etcd.go:36...379"]}
Aug 18 21:35:54 ip-10-0-0-11.eu-north-1.compute.internal docker[1567]: WARNING: 2021/08/18 21:35:54 [core] grpc: addrConn.createTransport failed ...ing...
Aug 18 21:35:54 ip-10-0-0-11.eu-north-1.compute.internal docker[1567]: {"level":"info","ts":"2021-08-18T21:35:54.335Z","caller":"etcdserver/serve...6a6c"}
Aug 18 21:35:54 ip-10-0-0-11.eu-north-1.compute.internal docker[1567]: {"level":"info","ts":"2021-08-18T21:35:54.337Z","caller":"embed/etcd.go:56...2380"}
Aug 18 21:35:54 ip-10-0-0-11.eu-north-1.compute.internal docker[1567]: {"level":"info","ts":"2021-08-18T21:35:54.338Z","caller":"embed/etcd.go:56...2380"}
Aug 18 21:35:54 ip-10-0-0-11.eu-north-1.compute.internal docker[1567]: {"level":"info","ts":"2021-08-18T21:35:54.339Z","caller":"embed/etcd.go:36...379"]}
Aug 18 21:35:54 ip-10-0-0-11.eu-north-1.compute.internal systemd[1]: Failed to start etcd.
Aug 18 21:35:54 ip-10-0-0-11.eu-north-1.compute.internal systemd[1]: Unit etcd.service entered failed state.
Aug 18 21:35:54 ip-10-0-0-11.eu-north-1.compute.internal systemd[1]: etcd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

答案1

更新:发布测试数据并根据收到的评论整合更新。docker -d 不是 systemd 集成所必需的,这与最初的想法不同。根据我的经验,Michael 指出的 Type= 设置似乎比将服务的守护进程状态卸载到 docker 更重要。乍一看,OP 问题似乎是没有后台运行的副作用,正如我最初解释的那样。经过进一步测试后,这个后台似乎无关紧要。

请注意,OP 中使用的 Amazon AWS 映像不是我可以测试或直接排除故障的。这里显示了 etcd 和 systemd 的对比示例,以帮助配置与我的类似的端点系统。系统详细信息:

  • Ubuntu 20.04 LTS
  • docker 20.10.7
  • etcd 3.5.0

systemd 配置

我最终得到了以下 systemd 服务文件。请注意 Type=simple,这是由于 Michael 建议在回复中澄清这一点(显然,这也是我自己对这个难题的理解)。您可以在此处了解有关 systemd 类型的更多信息:

https://www.freedesktop.org/software/systemd/man/systemd.service.html

类型很重要;更重要的是,我最初对简单类型的理解,短视地集中于缺乏与 systemd 的沟通,这导致我忽略了适用的行为类型设置对被调用应用程序(在本例中为 docker)的响应做出什么反应。

删除类型或将类型添加到 simple 都会导致相同的行为。在我的测试中,以下配置运行可靠,docker run 命令中是否存在 -d 也一样:

[Unit]
Description=Docker container-etcd.service
Documentation=man:docker
Requires=docker.service
Wants=network.target
After=network-online.target

[Service]
ExecStartPre=- /usr/bin/docker stop etcd
ExecStartPre=- /usr/bin/docker rm etcd
ExecStart=docker run --rm -d -p 2379:2379 -p 2380:2380 --volume=/home/user/etcd-data:/etcd-data --name etcd quay.io/coreos/etcd:v3.5.0 /usr/local/bin/etcd --data-dir=/etcd-data --name etcd --initial-advertise-peer-urls http://10.4.4.132:2380 --listen-peer-urls http://0.0.0.0:2380 --advertise-client-urls http://10.4.4.132:2379 --listen-client-urls http://0.0.0.0:2379 --initial-cluster etcd=http://10.4.4.132:2380
ExecStop=/usr/bin/docker stop etcd -t 10
ExecRestart=/usr/bin/docker restart etcd
KillMode=none
RemainAfterExit=1
Restart=on-failure
Type=simple

[Install]
WantedBy=multi-user.target default.target

笔记

  • 添加了 RemainAfterExit,因为如果不存在,systemd 将在启动后认为服务已退出;缺少这个布尔值会造成一种看似错误的情况,即docker ps显示容器正在运行,但systemctl status container-etcd实际上显示已退出且不活动。
  • systemd 单元文件在语法上有些不正确。%n 通常用于 Exec 行来引用服务名称(如 ...docker restart %n);我不想在尝试解决 OP 的问题时造成进一步的混乱。更不用说我使用 etcd 作为 docker 容器名称,而不是使用 container-etcd 作为单元服务名称。
  • ExecStart 被压缩为一行命令。\ 标准语法对我来说不起作用,引用 etcd call 命令到容器也不起作用。我昨天的测试似乎运行良好,但今天的配置与昨天的表现不一样。所以我重新进行了测试和配置,以找到对我来说最稳定的配置。
  • 显然,如果你要在任何时候使用 docker rm,你必须或非常强烈应该使用绑定挂载,如 OP 中所述,这里使用 --volume。我个人使用完整路径位置,全部存储在 /srv 下,然后绑定挂载到容器中。这样我就有一个要备份的文件夹,而容器的状态(是否存在)无关紧要。

确认

更新 systemd 服务文件、执行守护进程重新加载等之后,我进入容器并针对 etcd 运行了测试命令:

  • docker exec -it etcd sh
  • etcdctl --endpoints=http://10.4.4.132:2379 member list

结果

9a552f9b95628384, started, etcd, http://10.4.4.132:2380, http://10.4.4.132:2379, false

相关内容