runc 是一个 client 工具,用于根据 OCI 规范在 Linux 上生成和运行容器。runc
由 docker libcontainer
中分离而来,并由 Docker 捐赠给 OCI,docker 也默认提供了 docker-runc
实现。下面介绍如何使用 runc
命令创建容器。
安装
wget https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd64
mv runc.amd64 /usr/local/bin/runc
chmod +x /usr/local/bin/runc
help
$ runc --help
NAME:
runc - Open Container Initiative runtime
runc is a command line client for running applications packaged according to
the Open Container Initiative (OCI) format and is a compliant implementation of the
Open Container Initiative specification.
runc integrates well with existing process supervisors to provide a production
container runtime environment for applications. It can be used with your
existing process monitoring tools and the container will be spawned as a
direct child of the process supervisor.
Containers are configured using bundles. A bundle for a container is a directory
that includes a specification file named "config.json" and a root filesystem.
The root filesystem contains the contents of the container.
To start a new instance of a container:
# runc run [ -b bundle ] <container-id>
Where "<container-id>" is your name for the instance of the container that you
are starting. The name you provide for the container instance must be unique on
your host. Providing the bundle directory using "-b" is optional. The default
value for "bundle" is the current directory.
USAGE:
runc [global options] command [command options] [arguments...]
VERSION:
1.1.0
commit: v1.1.0-0-g067aaf85
spec: 1.0.2-dev
go: go1.17.6
libseccomp: 2.5.3
COMMANDS:
checkpoint checkpoint a running container
create create a container
delete delete any resources held by the container often used with detached container
events display container events such as OOM notifications, cpu, memory, and IO usage statistics
exec execute new process inside the container
kill kill sends the specified signal (default: SIGTERM) to the container's init process
list lists containers started by runc with the given root
pause pause suspends all processes inside the container
ps ps displays the processes running inside a container
restore restore a container from a previous checkpoint
resume resumes all processes that have been previously paused
run create and run a container
spec create a new specification file
start executes the user defined process in a created container
state output the state of a container
update update container resource constraints
features show the enabled features
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug enable debug logging
--log value set the log file to write runc logs to (default is '/dev/stderr')
--log-format value set the log format ('text' (default), or 'json') (default: "text")
--root value root directory for storage of container state (this should be located in tmpfs) (default: "/run/runc")
--criu value path to the criu binary used for checkpoint and restore (default: "criu")
--systemd-cgroup enable systemd cgroup support, expects cgroupsPath to be of form "slice:prefix:name" for e.g. "system.slice:runc:434234"
--rootless value ignore cgroup permission errors ('true', 'false', or 'auto') (default: "auto")
--help, -h show help
--version, -v print the version
示例
runc 启动 busybox 容器
以 busybox
为例,演示 runc
工作过程
# create the top most bundle directory
mkdir /mycontainer
cd /mycontainer
# create the rootfs directory
mkdir rootfs
# export busybox via Docker into the rootfs directory
docker export $(docker create busybox) | tar -C rootfs -xvf -
- 按照 OCI 标准生成配置文件 config.json
$ runc spec
$ ls
config.json rootfs
# run as root
$ cd /mycontainer
$ runc run mycontainerid
/ # ls
bin dev etc home proc root sys tmp usr var
/ # ps -ef
PID USER TIME COMMAND
1 root 0:00 sh
9 root 0:00 ps -ef
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
/ #
# 查看列表
$ runc list
ID PID STATUS BUNDLE CREATED OWNER
mycontainerid 4274 running /mycontainer 2022-01-28T19:20:07.658890097Z root
# 状态信息
$ tree /run/runc/
/run/runc/
└── mycontainerid
└── state.json
1 directory, 1 file
# 暂停
$ runc pause mycontainerid
$ runc list
ID PID STATUS BUNDLE CREATED OWNER
mycontainerid 4274 paused /mycontainer 2022-01-28T19:20:07.658890097Z root
# 恢复
$ runc resume mycontainerid
$ runc list
ID PID STATUS BUNDLE CREATED OWNER
mycontainerid 4274 running /mycontainer 2022-01-28T19:20:07.658890097Z root
# 删除
$ runc delete mycontainerid
runc 启动 oci 格式镜像
使用umoci解压oci镜像,并使用runc启动容器