runc 介绍

发布时间: 更新时间: 总字数:829 阅读时间:2m 作者: IP上海 分享 网址

runc 是一个 client 工具,用于根据 OCI 规范在 Linux 上生成和运行容器。runc 由 docker libcontainer 中分离而来,并由 Docker 捐赠给 OCI,docker 也默认提供了 docker-runc 实现。下面介绍如何使用 runc 命令创建容器。

安装

wget https://github.com/opencontainers/runc/releases/download/v1.1.0/runc.amd64
mv runc.amd64 /usr/local/bin/runc
chmod +x /usr/local/bin/runc

help

$ runc --help
NAME:
   runc - Open Container Initiative runtime

runc is a command line client for running applications packaged according to
the Open Container Initiative (OCI) format and is a compliant implementation of the
Open Container Initiative specification.

runc integrates well with existing process supervisors to provide a production
container runtime environment for applications. It can be used with your
existing process monitoring tools and the container will be spawned as a
direct child of the process supervisor.

Containers are configured using bundles. A bundle for a container is a directory
that includes a specification file named "config.json" and a root filesystem.
The root filesystem contains the contents of the container.

To start a new instance of a container:

    # runc run [ -b bundle ] <container-id>

Where "<container-id>" is your name for the instance of the container that you
are starting. The name you provide for the container instance must be unique on
your host. Providing the bundle directory using "-b" is optional. The default
value for "bundle" is the current directory.

USAGE:
   runc [global options] command [command options] [arguments...]

VERSION:
   1.1.0
commit: v1.1.0-0-g067aaf85
spec: 1.0.2-dev
go: go1.17.6
libseccomp: 2.5.3

COMMANDS:
   checkpoint  checkpoint a running container
   create      create a container
   delete      delete any resources held by the container often used with detached container
   events      display container events such as OOM notifications, cpu, memory, and IO usage statistics
   exec        execute new process inside the container
   kill        kill sends the specified signal (default: SIGTERM) to the container's init process
   list        lists containers started by runc with the given root
   pause       pause suspends all processes inside the container
   ps          ps displays the processes running inside a container
   restore     restore a container from a previous checkpoint
   resume      resumes all processes that have been previously paused
   run         create and run a container
   spec        create a new specification file
   start       executes the user defined process in a created container
   state       output the state of a container
   update      update container resource constraints
   features    show the enabled features
   help, h     Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --debug             enable debug logging
   --log value         set the log file to write runc logs to (default is '/dev/stderr')
   --log-format value  set the log format ('text' (default), or 'json') (default: "text")
   --root value        root directory for storage of container state (this should be located in tmpfs) (default: "/run/runc")
   --criu value        path to the criu binary used for checkpoint and restore (default: "criu")
   --systemd-cgroup    enable systemd cgroup support, expects cgroupsPath to be of form "slice:prefix:name" for e.g. "system.slice:runc:434234"
   --rootless value    ignore cgroup permission errors ('true', 'false', or 'auto') (default: "auto")
   --help, -h          show help
   --version, -v       print the version

示例

runc 启动 busybox 容器

busybox 为例,演示 runc 工作过程

  • Creating an OCI Bundle
# create the top most bundle directory
mkdir /mycontainer
cd /mycontainer

# create the rootfs directory
mkdir rootfs

# export busybox via Docker into the rootfs directory
docker export $(docker create busybox) | tar -C rootfs -xvf -
  • 按照 OCI 标准生成配置文件 config.json
$ runc spec
$ ls
config.json  rootfs
  • 创建一个容器
# run as root
$ cd /mycontainer
$ runc run mycontainerid
/ # ls
bin   dev   etc   home  proc  root  sys   tmp   usr   var
/ # ps -ef
PID   USER     TIME  COMMAND
    1 root      0:00 sh
    9 root      0:00 ps -ef
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
/ #
  • 其他命令
# 查看列表
$ runc list
ID              PID         STATUS      BUNDLE         CREATED                          OWNER
mycontainerid   4274        running     /mycontainer   2022-01-28T19:20:07.658890097Z   root

# 状态信息
$ tree /run/runc/
/run/runc/
└── mycontainerid
    └── state.json

1 directory, 1 file

# 暂停
$ runc pause mycontainerid
$ runc list
ID              PID         STATUS      BUNDLE         CREATED                          OWNER
mycontainerid   4274        paused      /mycontainer   2022-01-28T19:20:07.658890097Z   root

# 恢复
$ runc resume mycontainerid
$ runc list
ID              PID         STATUS      BUNDLE         CREATED                          OWNER
mycontainerid   4274        running     /mycontainer   2022-01-28T19:20:07.658890097Z   root

# 删除
$ runc delete mycontainerid

runc 启动 oci 格式镜像

使用umoci解压oci镜像,并使用runc启动容器

Home Archives Categories Tags Statistics
本文总阅读量 次 本站总访问量 次 本站总访客数