未加星标

Kushal Das: Using rkt and systemd

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二05 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

Kushal Das: Using rkt and systemd

Few days back, Iwrote about my usage of rkt containers . As rkt does not have any daemon running, the simplest way to have a container running is to start it inside some screen or tmux session. I started following the same path, I used a tmux session.

But then I wanted to have better control over the containers, to start or stop them as required. Systemd is the solution for all the other services in the system, that makes it an ideal candidate for this case too.

Example of a service file [Unit] Description=ircbot Documentation=https://github.com/kushaldas/ircbot Requires=network-online.target [Service] Slice=machine.slice MemoryLimit=500M ExecStart=/usr/bin/rkt --insecure-options=image --debug run --dns=8.8.8.8 --volume mnt,kind=host,source=/some/path,readOnly=false /mnt/ircbot-latest-linux-amd64.aci ExecStopPost=/usr/bin/rkt gc --mark-only KillMode=mixed Restart=always The path of the service file is /etc/systemd/system/ircbot.service . In the [Unit] section, I mentioned a super short Description, and link to the documentation of the project. I also mentioned that this service requires network-online.target to be available first. The [Service] is the part where we define all the required configurations. The first value we mention is the Slice . Slices, a way to do resource control

Systemd uses slices to group a number of services, and slices in a hierarchical tree. This is built on top of the Linux Kernel Control Group feature. In a system by default, there are four different slices.

-.slice : The root slice. system.slice : All system services are in this slice. machine.slice : All vms and containers are in this slice. user.slice : All user sessions are in this slice.

We can see the whole hierarchy using the systemd-cgls command. For example:

Control group /: -.slice ├─machine.slice │ ├─ircbot.service │ │ ├─11272 /usr/bin/systemd-nspawn --boot --register=true -Zsystem_u:system_r:container_t:s0:c447,c607 -Lsystem_u:object_r:container_file_t:s0:c447, │ │ ├─init.scope │ │ │ └─11693 /usr/lib/systemd/systemd --default-standard-output=tty │ │ └─system.slice │ │ ├─ircbot.service │ │ │ └─11701 /usr/bin/ircbot │ │ └─systemd-journald.service │ │ └─11695 /usr/lib/systemd/systemd-journald ├─user.slice │ └─user-1000.slice │ ├─session-31.scope │ │ ├─16228 sshd: kdas [priv] │ │ ├─16231 sshd: [email protected]/0 │ │ ├─16232 -bash │ │ ├─16255 sudo su - │ │ ├─16261 su - │ │ └─16262 -bash

You can manage various resources using cgroups. Here, in our example service file, I mentioned that memory limit for the service is 500MB. You can read more here on resource management.

There is also systemd-cgtop tool, which will give you a top like view for the various resources consumed by the slices.

# systemd-cgtop -M rkt-250d0c2b-0130-403b-a9a6-3bb3bde4e934 Control Group Tasks %CPU Memory Input/s Output/s /machine.slice/ircbot.service 9 - 234.0M - - /machine.slice/ircbot.service/system.slice - - 5.0M - - /machine.slice/ircbot.service/system.slice/ircbot.service - - 5.0M - -

The actual command which we used to run the container is mentioned in ExecStart .

Using the service

I can now use the standard systemctl commands for this new ircbot service. For example:

# systemctl start ircbot # systemctl enable ircbot # systemctl stop ircbot # systemctl status ircbot

You can also view the log of the application using journalctl command.

# journalctl -u ircbot

The documentation from rkt has more details on systemd and rkt.

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: CPULinux
分页:12
转载请注明
本文标题:Kushal Das: Using rkt and systemd
本站链接:http://www.codesec.net/view/521516.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(48)