• kata agent CreateSandbox & CreateContainer


    虚拟机rootfs

    root@25a725e7599e:/# ls
    bin   dev  home  lost+found  mnt  proc  run   srv  tmp  var
    boot  etc  lib   media       opt  root  sbin  sys  usr
    root@25a725e7599e:/# ls lib/  
    aarch64-linux-gnu  ld-linux-aarch64.so.1  modprobe.d  terminfo
    init               lsb                    systemd     udev
    root@25a725e7599e:/# ls      
    bin   dev  home  lost+found  mnt  proc  run   srv  tmp  var
    boot  etc  lib   media       opt  root  sbin  sys  usr
    root@25a725e7599e:/# ls bin/ps 
    bin/ps
    root@25a725e7599e:/# ps -elf | grep nginx
    4 S root        71    50  0  80   0 -  2069 arm64_ Oct31 ?        00:00:00 nginx: master process nginx -g daemon off;
    5 S systemd+    99    71  0  80   0 -  2164 ep_pol Oct31 ?        00:00:00 nginx: worker process
    0 S root       201    57  0  80   0 -   676 pipe_w 04:54 hvc0     00:00:00 grep --color=auto nginx
    root@25a725e7599e:/# ls run/
    kata-containers  kata1.txt  libcontainer  lock  mount  sandbox-ns  systemd
    root@25a725e7599e:/# 

    容器 rootfs

    root@fa55c7478feb:/# ls bin/ps
    ls: cannot access 'bin/ps': No such file or directory
    root@fa55c7478feb:/# ls
    bin   docker-entrypoint.d   home   mnt   root  srv  usr
    boot  docker-entrypoint.sh  lib    opt   run   sys  var
    dev   etc                   media  proc  sbin  tmp
    root@fa55c7478feb:/# ps -elf | grep nginx
    bash: ps: command not found
    root@fa55c7478feb:/# ls run/
    lock  nginx.pid  utmp
    root@fa55c7478feb:/# 
    func (a *agentGRPC) CreateSandbox(ctx context.Context, req *pb.CreateSandboxRequest) (*gpb.Empty, error) {
        if a.sandbox.running {
            return emptyResp, grpcStatus.Error(codes.AlreadyExists, "Sandbox already started, impossible to start again")
        }
    
        a.sandbox.hostname = req.Hostname
        a.sandbox.containers = make(map[string]*container)
        a.sandbox.network.ifaces = make(map[string]*types.Interface)
        a.sandbox.network.dns = req.Dns
        a.sandbox.running = true
        a.sandbox.sandboxPidNs = req.SandboxPidns
        a.sandbox.storages = make(map[string]*sandboxStorage)
        a.sandbox.guestHooks = &specs.Hooks{}
        a.sandbox.guestHooksPresent = false
    
        for _, m := range req.KernelModules {
            if err := loadKernelModule(m); err != nil {
                return emptyResp, err
            }
        }
    
        if req.GuestHookPath != "" {
            a.sandbox.scanGuestHooks(req.GuestHookPath)
        }
    
        if req.SandboxId != "" {
            a.sandbox.id = req.SandboxId
            agentLog = agentLog.WithField("sandbox", a.sandbox.id)
        }
    
        // Set up shared UTS and IPC namespaces
        if err := a.sandbox.setupSharedNamespaces(ctx); err != nil {
            return emptyResp, err
        }
    
        if req.SandboxPidns {
            if err := a.sandbox.setupSharedPidNs(); err != nil {
                return emptyResp, err
            }
        }
    
        mountList, err := addStorages(ctx, req.Storages, a.sandbox)
        if err != nil {
            return emptyResp, err
        }
    
        a.sandbox.mounts = mountList
    
        if err := setupDNS(a.sandbox.network.dns); err != nil {
            return emptyResp, err
        }
    
        return emptyResp, nil
    }
    func (a *agentGRPC) CreateContainer(ctx context.Context, req *pb.CreateContainerRequest) (resp *gpb.Empty, err error) {
        if err := a.createContainerChecks(req); err != nil {
            return emptyResp, err
        }
    
        // re-scan PCI bus
        // looking for hidden devices
        if err = rescanPciBus(); err != nil {
            agentLog.WithError(err).Warn("Could not rescan PCI bus")
        }
    
        // Some devices need some extra processing (the ones invoked with
        // --device for instance), and that's what this call is doing. It
        // updates the devices listed in the OCI spec, so that they actually
        // match real devices inside the VM. This step is necessary since we
        // cannot predict everything from the caller.
        if err = addDevices(ctx, req.Devices, req.OCI, a.sandbox); err != nil {
            return emptyResp, err
        }
    
        // Both rootfs and volumes (invoked with --volume for instance) will
        // be processed the same way. The idea is to always mount any provided
        // storage to the specified MountPoint, so that it will match what's
        // inside oci.Mounts.
        // After all those storages have been processed, no matter the order
        // here, the agent will rely on libcontainer (using the oci.Mounts
        // list) to bind mount all of them inside the container.
        mountList, err := addStorages(ctx, req.Storages, a.sandbox)
        if err != nil {
            return emptyResp, err
        }
    
        ctr := &container{
            id:              req.ContainerId,
            processes:       make(map[string]*process),
            mounts:          mountList,
            useSandboxPidNs: req.SandboxPidns,
            agentPidNs:      req.AgentPidns,
            ctx:             ctx,
        }
    
        // In case the container creation failed, make sure we cleanup
        // properly by rolling back the actions previously performed.
        defer func() {
            if err != nil {
                a.rollbackFailingContainerCreation(ctr)
            }
        }()
    
        // Add the nvdimm root partition to the device cgroup to prevent access
        updateDeviceCgroupForGuestRootfs(req.OCI)
    
        // Convert the spec to an actual OCI specification structure.
        ociSpec, err := pb.GRPCtoOCI(req.OCI)
        if err != nil {
            return emptyResp, err
        }
    
        if err := a.handleCPUSet(ociSpec); err != nil {
            return emptyResp, err
        }
    
        if err := a.applyNetworkSysctls(ociSpec); err != nil {
            return emptyResp, err
        }
    
        if a.sandbox.guestHooksPresent {
            // Add any custom OCI hooks to the spec
            a.sandbox.addGuestHooks(ociSpec)
    
            // write the OCI spec to a file so that hooks can read it
            err = writeSpecToFile(ociSpec, req.ContainerId)
            if err != nil {
                return emptyResp, err
            }
    
            // Change cwd because libcontainer assumes the bundle path is the cwd:
            // https://github.com/opencontainers/runc/blob/v1.0.0-rc5/libcontainer/specconv/spec_linux.go#L157
            oldcwd, err := changeToBundlePath(ociSpec, req.ContainerId)
            if err != nil {
                return emptyResp, err
            }
            defer os.Chdir(oldcwd)
        }
    
        // Convert the OCI specification into a libcontainer configuration.
        config, err := specconv.CreateLibcontainerConfig(&specconv.CreateOpts{
            CgroupName:   req.ContainerId,
            NoNewKeyring: true,
            Spec:         ociSpec,
            NoPivotRoot:  a.sandbox.noPivotRoot,
        })
        if err != nil {
            return emptyResp, err
        }
    
        // apply rlimits
        config.Rlimits = posixRlimitsToRlimits(ociSpec.Process.Rlimits)
    
        // Update libcontainer configuration for specific cases not handled
        // by the specconv converter.
        if err = a.updateContainerConfig(ociSpec, config, ctr); err != nil {
            return emptyResp, err
        }
    
        return a.finishCreateContainer(ctr, req, config)
    }
    root@ubuntu:~# ls kata
    go  go1.15.2.linux-arm64.tar.gz  go_package  go_source  go.tar.gz  images  kata_package  linux_signing_key.pub  nemu  qemu  qemu4.0  qemu-lite  runtime  typescript
    root@ubuntu:~# docker run -d -it --runtime=kata-runtime -v  /root/kata/:/containerdir nginx:latest

    虚拟机

    root@25a725e7599e:/# 
    root@25a725e7599e:/# find ./ -name containerdir
    ./run/kata-containers/shared/containers/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc/rootfs/containerdir
    fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc/rootfs/containerdir70596e0b829af5f
    root@25a725e7599e:/# 
    root@25a725e7599e:/# ls run/kata-containers/shared/containers/*/rootfs         --------容器的
    bin           dev                   etc   media  proc  sbin  tmp
    boot          docker-entrypoint.d   home  mnt    root  srv   usr
    containerdir  docker-entrypoint.sh  lib   opt    run   sys   var
    dirt@25a725e7599e:/# ls run/kata-containers/shared/containers/*/rootfs/container 
    root@25a725e7599e:/# 
    root@25a725e7599e:/# 
    root@25a725e7599e:/# find ./run/kata-containers -name  go.tar.gz
    ./run/kata-containers/shared/containers/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc-da0bf2558a65810c-containerdir/go.tar.gz
    root@25a725e7599e:/# 
    root@25a725e7599e:/# ls run/
    kata-containers  libcontainer  lock  mount  sandbox-ns  systemd
    root@25a725e7599e:/# ls run/libcontainer/
    ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    d22ea1f23e83b14384fa4f1cc/n/libcontainer/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d
    ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    root@25a725e7599e:/# 
    root@25a725e7599e:/# 
    root@25a725e7599e:/# 
    root@25a725e7599e:/# ls run/libcontainer/*/
    ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    root@25a725e7599e:/# ls run/libcontainer/*/*/
    state.json
    root@25a725e7599e:/# ls run/sandbox-ns/
    ipc  uts
    root@25a725e7599e:/# 
    root@25a725e7599e:/# cat run/libcontainer/*/*/state.json
    {"id":"ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc","init_process_pid":71,"init_process_start":76,"created":"2020-11-01T05:01:25.22615616Z","config":{"no_pivot_root":false,"parent_death_signal":0,"rootfs":"/run/kata-containers/shared/containers/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc/rootfs","readonlyfs":false,"rootPropagation":0,"mounts":[{"source":"proc","destination":"/proc","device":"proc","flags":14,"propagation_flags":null,"data":"","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null},{"source":"tmpfs","destination":"/dev","device":"tmpfs","flags":16777218,"propagation_flags":null,"data":"mode=755,size=65536k","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null},{"source":"devpts","destination":"/dev/pts","device":"devpts","flags":10,"propagation_flags":null,"data":"newinstance,ptmxmode=0666,mode=0620,gid=5","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null},{"source":"sysfs","destination":"/sys","device":"sysfs","flags":15,"propagation_flags":null,"data":"","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null},{"source":"cgroup","destination":"/sys/fs/cgroup","device":"cgroup","flags":15,"propagation_flags":null,"data":"","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null},{"source":"mqueue","destination":"/dev/mqueue","device":"mqueue","flags":14,"propagation_flags":null,"data":"","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null},{"source":"/run/kata-containers/sandbox/shm","destination":"/dev/shm","device":"bind","flags":20480,"propagation_flags":null,"data":"","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null},{"source":"/run/kata-containers/shared/containers/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc-da0bf2558a65810c-containerdir",

    "destination":"/containerdir","device":"bind","flags":20480,"propagation_flags":[278528],"data":"","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null},{"source":"/run/kata-containers/shared/containers/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc-f7faba68233284cf-resolv.conf","destination":"/etc/resolv.conf","device":"bind","flags":20480,"propagation_flags":[278528],"data":"","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null},{"source":"/run/kata-containers/shared/containers/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc-5043e8bb14e2574a-hostname","destination":"/etc/hostname","device":"bind","flags":20480,"propagation_flags":[278528],"data":"","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null},{"source":"/run/kata-containers/shared/containers/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc-ed8c152bff649fc4-hosts","destination":"/etc/hosts","device":"bind","flags":20480,"propagation_flags":[278528],"data":"","relabel":"","extensions":0,"premount_cmds":null,"postmount_cmds":null}],"devices":[{"type":99,"path":"/dev/null","major":1,"minor":3,"permissions":"","file_mode":438,"uid":0,"gid":0,"allow":false},{"type":99,"path":"/dev/random","major":1,"minor":8,"permissions":"","file_mode":438,"uid":0,"gid":0,"allow":false},{"type":99,"path":"/dev/full","major":1,"minor":7,"permissions":"","file_mode":438,"uid":0,"gid":0,"allow":false},{"type":99,"path":"/dev/tty","major":5,"minor":0,"permissions":"","file_mode":438,"uid":0,"gid":0,"allow":false},{"type":99,"path":"/dev/zero","major":1,"minor":5,"permissions":"","file_mode":438,"uid":0,"gid":0,"allow":false},{"type":99,"path":"/dev/urandom","major":1,"minor":9,"permissions":"","file_mode":438,"uid":0,"gid":0,"allow":false}],"mount_label":"","hostname":"ef4b70596e0b","namespaces":[{"type":"NEWNS","path":""},
    {"type":"NEWUTS","path":"/var/run/sandbox-ns/uts"},{"type":"NEWIPC","path":"/var/run/sandbox-ns/ipc"},{"type":"NEWPID","path":""}],"capabilities":{"Bounding":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"],"Effective":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"],"Inheritable":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"],"Permitted":["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_FSETID","CAP_FOWNER","CAP_MKNOD","CAP_NET_RAW","CAP_SETGID","CAP_SETUID","CAP_SETFCAP","CAP_SETPCAP","CAP_NET_BIND_SERVICE","CAP_SYS_CHROOT","CAP_KILL","CAP_AUDIT_WRITE"],"Ambient":[]},"networks":null,"routes":null,"cgroups":{"path":"/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc","scope_prefix":"","Paths":null,"allowed_devices":[{"type":99,"path":"","major":-1,"minor":-1,"permissions":"m","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":98,"path":"","major":-1,"minor":-1,"permissions":"m","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/null","major":1,"minor":3,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/random","major":1,"minor":8,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/full","major":1,"minor":7,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/tty","major":5,"minor":0,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/zero","major":1,"minor":5,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/urandom","major":1,"minor":9,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/console","major":5,"minor":1,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},
    {"type":99,"path":"","major":136,"minor":-1,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},
    {"type":99,"path":"","major":5,"minor":2,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"","major":10,"minor":200,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true}],"devices":[{"type":98,"path":"","major":254,"minor":1,"permissions":"rw","file_mode":0,"uid":0,"gid":0,"allow":false},
    {"type":99,"path":"","major":-1,"minor":-1,"permissions":"m","file_mode":0,"uid":0,"gid":0,"allow":true},
    {"type":98,"path":"","major":-1,"minor":-1,"permissions":"m","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/null","major":1,"minor":3,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/random","major":1,"minor":8,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/full","major":1,"minor":7,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/tty","major":5,"minor":0,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/zero","major":1,"minor":5,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/urandom","major":1,"minor":9,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"/dev/console","major":5,"minor":1,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"","major":136,"minor":-1,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"","major":5,"minor":2,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true},{"type":99,"path":"","major":10,"minor":200,"permissions":"rwm","file_mode":0,"uid":0,"gid":0,"allow":true}],"memory":0,"memory_reservation":0,"memory_swap":0,"kernel_memory":0,"kernel_memory_tcp":0,"cpu_shares":0,"cpu_quota":0,"cpu_period":0,"cpu_rt_quota":0,"cpu_rt_period":0,"cpuset_cpus":"","cpuset_mems":"","pids_limit":0,"blkio_weight":0,"blkio_leaf_weight":0,"blkio_weight_device":null,"blkio_throttle_read_bps_device":null,"blkio_throttle_write_bps_device":null,"blkio_throttle_read_iops_device":null,"blkio_throttle_write_iops_device":null,"freezer":"","hugetlb_limit":null,"oom_kill_disable":false,"memory_swappiness":0,"net_prio_ifpriomap":null,"net_cls_classid_u":0,"cpu_weight":0,"cpu_max":""},"oom_score_adj":0,"uid_mappings":null,"gid_mappings":null,"mask_paths":["/proc/asound","/proc/acpi","/proc/kcore","/proc/keys","/proc/latency_stats","/proc/timer_list","/proc/timer_stats","/proc/sched_debug","/proc/scsi","/sys/firmware"],"readonly_paths":["/proc/bus","/proc/fs","/proc/irq","/proc/sys","/proc/sysrq-trigger"],"sysctl":{},"seccomp":null,"Hooks":{"poststart":null,"poststop":null,"prestart":null},
    "version":"1.0.1-dev","labels":["bundle=/"],"no_new_keyring":true},"rootless":false,"cgroup_paths":
    {"blkio":"/sys/fs/cgroup/blkio/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",

    "cpu":"/sys/fs/cgroup/cpu,cpuacct/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",
    "cpuacct":"/sys/fs/cgroup/cpu,cpuacct/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",
    "cpuset":"/sys/fs/cgroup/cpuset/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",
    "devices":"/sys/fs/cgroup/devices/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",
    "freezer":"/sys/fs/cgroup/freezer/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",
    "memory":"/sys/fs/cgroup/memory/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",
    "name=systemd":"/sys/fs/cgroup/systemd/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",
    "net_cls":"/sys/fs/cgroup/net_cls,net_prio/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",
    "net_prio":"/sys/fs/cgroup/net_cls,net_prio/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",
    "perf_event":"/sys/fs/cgroup/perf_event/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc",
    "pids":"/sys/fs/cgroup/pids/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc"},

    "namespace_paths":{"NEWCGROUP":"/proc/71/ns/cgroup",

    "NEWIPC":"/proc/71/ns/ipc","NEWNET":"/proc/71/ns/net",

    "NEWNS":"/proc/71/ns/mnt","NEWPID":"/proc/71/ns/pid","NEWUSER":"/proc/71/ns/user",

    "NEWUTS":"/proc/71/ns/uts"},"external_descriptors":["/dev/null","/dev/null","/dev/null"],"intel_rdt_path":""}
    root@25a725e7599e:/#
    root@25a725e7599e:/# ps -elf | grep 71
    4 S root        71    50  0  80   0 -  2069 arm64_ 05:01 ?        00:00:00 nginx: master process nginx -g daemon off;
    5 S systemd+    99    71  0  80   0 -  2164 ep_pol 05:01 ?        00:00:00 nginx: worker process
    0 S root       166    57  0  80   0 -   676 pipe_w 05:25 hvc0     00:00:00 grep --color=auto 71
    root@25a725e7599e:/# 


    root@25a725e7599e:/# cat /proc/71/cgroup   
    10:pids:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    9:perf_event:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    8:cpu,cpuacct:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    7:blkio:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    6:net_cls,net_prio:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    5:freezer:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    4:cpuset:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    3:devices:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    2:memory:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    1:name=systemd:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    0::/system.slice/kata-agent.service
    root@25a725e7599e:/# cat /proc/99/cgroup  
    10:pids:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    9:perf_event:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    8:cpu,cpuacct:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    7:blkio:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    6:net_cls,net_prio:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    5:freezer:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    4:cpuset:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    3:devices:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    2:memory:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    1:name=systemd:/docker/ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    0::/system.slice/kata-agent.service
    root@25a725e7599e:/# 
    root@25a725e7599e:/# ls /sys/fs/cgroup/memory/docker/  
    cgroup.clone_children
    cgroup.event_control
    cgroup.procs
    ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    memory.failcnt
    memory.force_empty
    memory.kmem.failcnt
    memory.kmem.limit_in_bytes
    memory.kmem.max_usage_in_bytes
    memory.kmem.slabinfo
    memory.kmem.tcp.failcnt
    memory.kmem.tcp.limit_in_bytes
    memory.kmem.tcp.max_usage_in_bytes
    memory.kmem.tcp.usage_in_bytes
    memory.kmem.usage_in_bytes
    memory.limit_in_bytes
    memory.max_usage_in_bytes
    memory.memsw.failcnt
    memory.memsw.limit_in_bytes
    memory.memsw.max_usage_in_bytes
    memory.memsw.usage_in_bytes
    memory.move_charge_at_immigrate
    memory.oom_control
    memory.pressure_level
    memory.soft_limit_in_bytes
    memory.stat
    memory.swappiness
    memory.usage_in_bytes
    memory.use_hierarchy
    notify_on_release
    tasks
    root@25a725e7599e:/#
    root@25a725e7599e:/# ls /sys/fs/cgroup/cpu,cpuacct/docker/
    cgroup.clone_children
    cgroup.procs
    cpu.cfs_period_us
    cpu.cfs_quota_us
    cpu.shares
    cpu.stat
    cpuacct.stat
    cpuacct.usage
    cpuacct.usage_all
    cpuacct.usage_percpu
    cpuacct.usage_percpu_sys
    cpuacct.usage_percpu_user
    cpuacct.usage_sys
    cpuacct.usage_user
    ef4b70596e0b829af5fd9f14343f2c92a8da3d0d22ea1f23e83b14384fa4f1cc
    notify_on_release
    tasks
    root@25a725e7599e:/#
    root@25a725e7599e:/# ls /sys/fs/cgroup/cpu,cpuacct/docker/e*/
    cgroup.clone_children  cpuacct.stat               cpuacct.usage_sys
    cgroup.procs           cpuacct.usage              cpuacct.usage_user
    cpu.cfs_period_us      cpuacct.usage_all          notify_on_release
    cpu.cfs_quota_us       cpuacct.usage_percpu       tasks
    cpu.shares             cpuacct.usage_percpu_sys
    cpu.stat               cpuacct.usage_percpu_user
    root@25a725e7599e:/# 

    docker 容器

    root@ubuntu:~# docker exec -it pensive_meninsky sh
    # ls
    bin           dev                   etc   media  proc  sbin  tmp
    boot          docker-entrypoint.d   home  mnt    root  srv   usr
    containerdir  docker-entrypoint.sh  lib   opt    run   sys   var
    # ls con        ^H^H^H^H
    ls: cannot access 'con': No such file or directory
    ls: cannot access ''$'': No such file or directory
    # ls containerdir
    go                           go_source              nemu       runtime
    go.tar.gz                    images                 qemu       typescript
    go1.15.2.linux-arm64.tar.gz  kata_package           qemu-lite
    go_package                   linux_signing_key.pub  qemu4.0
    # 
    
    
    
  • 相关阅读:
    和2018年年初做管理系统的不同(vuex)
    项目中使用package-lock.json锁版本问题
    沟通协作:避免犯低级错误,开发前沟通清楚所有细节
    学会学习:高效学习方式(使用vscode-snippet有感)
    关于学习,避免没必要的熬夜的思考
    pc端布局的一点思考
    学习掌握一个新东西
    要想有价值,首先要乐于去解决每一个问题
    problem: 记一次聊天框的表情包弹框不显示的找问题过程
    abp-159,js最理想的继承——寄生组合式继承
  • 原文地址:https://www.cnblogs.com/dream397/p/13909215.html
Copyright © 2020-2023  润新知