Docker Containerizer

最后更新于:2022-04-01 21:49:26

## Docker Containerizer Mesos 0.20.0 新增了对使用Docker镜像启动任务的支持,同时支持了一部分Docker参数设置,未来计划支持更多! 使用者可以将Docker 镜像作为一个任务 或 一个执行器来启动. 下面的章节将结合对Docker的支持来描述 API的变化,同时说明如何设置Docker. ### 设置 为了让agent使用Docker Containerizer,你必须在启动agent的时候设置containerizers 参数值为docker. 如: `mesos-agent --containerizers=docker,mesos` 每一个具有Docker containerizer的agent 都需要安装Docker 命令行客户端(版本 >= 1.0.0) 如果你在agent允许iptables运行,请确保iptables允许所有的docker 桥接接口的网络流量通过.添加如下规则: ``` iptables -A INPUT -s 172.17.0.0/16 -i docker0 -p tcp -j ACCEPT ``` ### 如何使用 Docker Containerizer? 0.20.0版本之前的TaskInfo,只支持2种方式运行任务:一种是通过设置CommandInfo,在bash命令行运行任务;或者设置ExecutorInfo启动一个自定义的执行器来运行任务. 0.20.0开始在TaskInfo和ExecutorInfo增加了ContainerInfo字段,用来配置类似于Docker的Containerizer去运行任务和执行器. 为了启动一个Docker镜像作为任务运行,需要在TaskInfo 中设置command和container字段,因为Docker Containerizer会使用它们作为辅助命令去启动docker 镜像.ContainerInfo的类型设置为docker,在DockerInfo中说明要被启动的docker镜像. 为了启动一个个Docker镜像作为执行器运行,需要在TaskInfo中设置ExecutorInfo,它包含了一个type为docker的ContainerInfo用来启动执行器.注意一旦Docker 镜像作为mesos 执行器启动,将向agent进行注册. ### Docker Containerizer的作用是什么? Docker Containerizer将任务/执行器的启动与停止请求,转换为Docker命令行. 当任务启动的时候,Docker Containerizer将做如下事情: 1. 将CommandInfo中涉及到的所有文件拉取到sandbox。 2. 从远程仓库拉取Docker 镜像. 3. 使用docker 执行器运行docker 镜像,将sandbox 目录映射到docker 容器,并且设置 MESOS_SANDBOX环境变量的映射目录.执行器将容器日志输出到sandbox中的stdout/stderr文件. 4. 当容器退出或者销毁的时候,停止或删除docker容器. The Docker Containerizer launches all containers with the mesos- prefix plus the agent id (ie: mesos-agent1-abcdefghji), and also assumes all containers with the mesos- prefix is managed by the agent and is free to stop or kill the containers. When launching the docker image as an Executor, the only difference is that it skips launching a command executor but just reaps on the docker container executor pid. Note that we currently default to host networking when running a docker image, to easier support running a docker image as an Executor. The containerizer also supports optional force pulling of the image. It is set disabled as default, so the docker image will only be updated again if it’s not available on the host. To enable force pulling an image, force_pull_image has to be set as true. ### 私有Docker仓库 To run an image from a private repository, one can include the uri pointing to a .dockercfg that contains login information. The .dockercfg file will be pulled into the sandbox the Docker Containerizer set the HOME environment variable pointing to the sandbox so docker cli will automatically pick up the config file. Starting from 0.29, we provide an alternative way to specify docker config file for pulling images from private registries. We allow operators to specify a shared docker config file using an agent flag. This docker config file will be used to pull images from private registries for all containers. See configuration documentation for detail. Operators can either use a local docker config file (need to manually configure .docker/config.json or .dockercfg on each agent), or specify the flag as a JSON-formatted string. For example: `--docker_config=file:///home/vagrant/.docker/config.json` or as a JSON object, ``` --docker_config="{ \ \"auths\": { \ \"https://index.docker.io/v1/\": { \ \"auth\": \"xXxXxXxXxXx=\", \ \"email\": \"username@example.com\" \ } \ } \ }" ``` ### CommandInfo to run Docker images A docker image currently supports having an entrypoint and/or a default command. To run a docker image with the default command (ie: docker run image), the CommandInfo’s value must not be set. If the value is set then it will override the default command. To run a docker image with an entrypoint defined, the CommandInfo’s shell option must be set to false. If shell option is set to true the Docker Containerizer will run the user’s command wrapped with /bin/sh -c which will also become parameters to the image entrypoint. ### Recover Docker containers on agent recovery The Docker containerizer supports recovering Docker containers when the agent restarts, which supports both when the agent is running in a Docker container or not. With the --docker_mesos_image flag enabled, the Docker containerizer assumes the containerizer is running in a container itself and modifies the mechanism it recovers and launches docker containers accordingly.
';