Shulou(Shulou.com)05/31 Report--

This article mainly explains "what is the principle of creating Docker containers". The explanation in this article is simple and clear, easy to learn and understand. Please follow the ideas of Xiaobian and go deep into it slowly to study and learn "what is the principle of creating Docker containers" together!

I: Introduction

The core technology of containers is Cgroup+Namespace. The minimum composition of a Linux container can be represented by the following formula: Container =cgroup+namespace+rootfs+ container engine. Cgroup: resource control, Namespace: access isolation, rootfs: file system isolation, container engine: lifecycle control.

Second: Namespace Mind Map

III: Summary

Namespace and Cgroup use is very flexible, and there are many places to pay attention to, so it is not easy to directly operate Namespace and Cgroup. It is for these reasons that Docker handles these underlying things through Libcontainers. In this way, Docker simply needs to call Libcontainer API to build the complete container.

IV: The principle of container creation

1. Through the clone system call and passing the clone flag corresponding to each namespace, a new child process is created, which has its own Namespace.

pid = clone(fun,task,flags,clone_arg);(flags:CLONE_NEWPID|CLONE_NEWNS|CLINE_NEWUSER|CLONE_NEWNET|CLONE_NEWIPC|CLONE_NEWUTS:...)

2. Write the pid generated in the first step into each cgroup subsystem, so that the process can be controlled by the corresponding Cgroup subsystem.

echo $pid>/sys/fs/cgroup/cpu/tasksecho $pid>/sys/fs/cgroup/cpuset/tasksecho $pid>/sys/fs/cgroup/blkio/tasksecho $pid>/sys/fs/cgroup/memory/tasksecho $pid>/sys/fs/cgroup/devices/tasksecho $pid>/sys/fs/cgroup/freezer/tasks

3. The fun function is executed by the new process generated above, using the pivot_root system call in the fun function to make the process enter a new rootfs, and then using the exec system call to execute the "/bin/bash" program in the new namespace,cgroup,rootfs

fun(){... pivot_root("path_of_rootfs/",path);... exec("/bin/bash");...} Thank you for reading, the above is "Docker container creation principle is what" content, after the study of this article, I believe that we have a deeper understanding of Docker container creation principle is what this problem, the specific use of the situation also needs to be verified by practice. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.