当前位置: 首页 > 工具软件 > iSulad > 使用案例 >

本实验介绍如何在弹性云服务器上安装iSulad及其有关容器生命周期的基本操作。同时,尝试使用iSula容器镜像构建工具isula-build构建自己的容器镜像

赏成益
2023-12-01

 这里安装需要最基础的Linux知识,比如vi编辑器的使用,和常见的命令

 

目录

安装isulad

启动并查看版本

容器与镜像管理

准备工作

运行容器busybox

运行容器openeuler:20.09

使用isula-build构建容器镜像

安装isula-build

构建容器镜像并导入到isulad

扩展实验:isula-build的其他镜像导出方式


安装isulad

用yum命令安装

[root@openeuler ~]# yum install -y iSulad

启动并查看版本

用systemctl start命令启动

[root@openeuler ~]# systemctl start isulad

          查看状态

[root@openeuler ~]# systemctl status isulad
● isulad.service - iSulad Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/isulad.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-09-14 15:53:43 CST; 4h 35min ago
 Main PID: 1248 (isulad)
    Tasks: 25
   Memory: 88.3M
   CGroup: /system.slice/isulad.service
           ├─1248 /usr/bin/isulad
           └─1315 isulad-img ......
按‘q’或‘Q’键退出信息显示。
            • 1 查看版本
            • [root@openeuler ~]# isula version
              Client:
                Version:      2.0.0
                Git commit:   5bf7c66ad4f7095156e87ca455da016f57c3e60f
                Built:        2020-03-23T21:35:55.821352180+00:00
              
              Server:
                Version:      2.0.0
                Git commit:   5bf7c66ad4f7095156e87ca455da016f57c3e60f
                Built:        2020-03-23T21:35:55.821352180+00:00
              
              OCI config:
                Version:      1.0.1
                Default file: /etc/default/isulad/config.json

            • 1 查看帮助
              [root@openeuler ~]# isula --help

容器与镜像管理

准备工作

安装JSON格式数据处理工具 

[root@openeuler ~]# yum install -y jq

修改isulad的配置文件 

[root@openeuler ~]# mkdir iSula && cd iSula
[root@openeuler iSula]# cp /etc/isulad/daemon.json /etc/isulad/daemon.json.origin
[root@openeuler iSula]# vi /etc/isulad/daemon.json    #在此处修改
{
    "group": "isulad",
    "default-runtime": "lcr",
    "graph": "/var/lib/isulad",
    "state": "/var/run/isulad",
    "engine": "lcr",
    "log-level": "ERROR",
    "pidfile": "/var/run/isulad.pid",
    "log-opts": {
        "log-file-mode": "0600",
        "log-path": "/var/lib/isulad",
        "max-file": "1",
        "max-size": "30KB"
    },
    "log-driver": "stdout",
    "hook-spec": "/etc/default/isulad/hooks/default.json",
    "start-timeout": "2m",
    "storage-driver": "overlay2",
    "storage-opts": [
        "overlay2.override_kernel_check=true"
    ],
    "registry-mirrors": [
        "hub.oepkgs.net"
    ],
    "insecure-registries": [
    ],
    "pod-sandbox-image": "",
    "image-opt-timeout": "5m",
    "image-server-sock-addr": "unix:///var/run/isulad/isula_image.sock",
    "native.umask": "secure",
    "network-plugin": "",
    "cni-bin-dir": "",
    "cni-conf-dir": "",
    "image-layer-check": false,
    "use-decrypted-key": true,
    "insecure-skip-verify-enforce": false
}
在上述文件中,我们设"registry-mirrors"的值为"hub.oepkgs.net"。(hub.oepkgs.net为openEuler社区与中科院软件所共建的、开源免费的容器镜像仓库)
[root@openeuler iSula]# cat /etc/isulad/daemon.json   

检查配置文件合法性:如果配置文件的内容能正确显示出来,即表示其格式合法。

[root@openeuler iSula]# cat /etc/isulad/daemon.json | jq

 重启isulad服务

[root@openeuler iSula]# systemctl restart isulad

运行容器busybox

用isula run命令直接运行

[root@openeuler iSula]# isula run busybox echo "hello world"
Unable to find image 'busybox' locally
Image "busybox" pulling
Image "219ee5171f8006d1462fa76c12b9b01ab672dbc8b283f186841bf2c3ca8e3c93" pulled
hello world
由于这是第一次运行,所以会拉取busybox的镜像,然后会运行它的一个实例,并且调用echo命令打印hello world字符串。(按:由于oepkgs目前只有x86的busybox镜像,在鲲鹏平台上运行这一步会提示错误,请忽略这一步。)
查看其镜像:
[root@openeuler iSula]# isula images
REPOSITORY					TAG		IMAGE ID			CREATED				SIZE
busybox						latest		219ee5171f80		2020-12-04 06:19:53		1.385 MB
以上输出表明这一阶段的安装成功了,下面继续验证其他的一些命令。

运行容器openeuler:20.09

创建容器并启动

创建容器

[root@openeuler iSula]# isula create -it openeuler/openeuler:20.09

Unable to find image 'openeuler/openeuler:20.09' locally

Image "openeuler/openeuler:20.09" pulling

Image "8c788f4bfb7290e434b2384340a5f9811db6ed302f9247c5fc095d6ec4fc8f32" pulled

e91e5359be653f534312bc2b4703dcc6c4ca0436ac7819e09e1ff0e75ee1d733

由于没有运行容器所以利用isula ps命令无法找到刚刚创建的容器:

[root@openeuler iSula]# isula ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

可以使用isula pa –a命令可以找到刚刚创建的容器

[root@ecs-cdf3 ~]# isula ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

e91e5359be65 openeuler/openeuler:20.09 "/bin/bash" 8 seconds ago Created  e91e5359be653f534312bc2b4703dcc6c4ca0436ac7819e09e1ff0e75ee1d733

启动容器

[root@openeuler iSula]# isula start e91e5359be65

由于已经运行容器可以利用isula ps命令查找运行中的容器

[root@openeuler iSula]# isula ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

e91e5359be65 openeuler/openeuler:20.09 "/bin/bash" 30 seconds ago Up 4 seconds      e91e5359be653f534312bc2b4703dcc6c4ca0436ac7819e09e1ff0e75ee1d733

执行命令输出容器系统版本信息

[root@ecs-cdf3 ~]# isula exec e91e5359be65 cat /etc/os-release

NAME="openEuler"

VERSION="20.09"

ID="openEuler"

VERSION_ID="20.09"

PRETTY_NAME="openEuler 20.09"

ANSI_COLOR="0;31"

可以看到我们在openeuler 20.03系统上成功运行openeuler 20.09系统容器。

直接运行

[root@openeuler iSula]# isula run openeuler/openeuler:20.09 cat /etc/os-release
NAME="openEuler"
VERSION="20.09"
ID="openEuler"
VERSION_ID="20.09"
PRETTY_NAME="openEuler 20.09"
ANSI_COLOR="0;31"

 同样我们可以看到和步骤一相同的输出

交互式运行

[root@openeuler iSula]# isula run -it openeuler/openeuler:20.09
Welcome to 4.19.90-2003.4.0.0036.oe1.x86_64

System information as of time: 	Wed 27 Jan 2021 11:13:26 AM CST

System load: 	0.02
Processes: 	5
Memory used: 	6.9%
Swap used: 	0.0%
Usage On: 	9%
Users online: 	0


[root@localhost /]# ls
bin  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
[root@localhost /]# uname -a 
Linux localhost 4.19.90-2003.4.0.0036.oe1.aarch64 #1 SMP Mon Mar 23 19:06:43 UTC 2020 aarch64 GNU/Linux
[root@localhost /]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@localhost /]# cat /etc/os-release
NAME="openEuler"
VERSION="20.09"
ID="openEuler"
VERSION_ID="20.09"
PRETTY_NAME="openEuler 20.09"
ANSI_COLOR="0;31"
[root@localhost /]# exit
exit

暂停/恢复一个容器

[root@openeuler iSula]# isula pause e91e5359be65
e91e5359be65
[root@openeuler iSula]# isula unpause e91e5359be65
e91e5359be65

先停止,再删除一个容器

[root@openeuler iSula]# isula stop e91e5359be65
e91e5359be65
[root@openeuler iSula]# isula rm e91e5359be65
e91e5359be653f534312bc2b4703dcc6c4ca0436ac7819e09e1ff0e75ee1d733

 查看正在运行着的容器

[root@openeuler iSula]# isula ps
CONTAINER ID	IMAGE				COMMAND	CREATED		STATUS	PORTS	NAMES
6c1d81467d33		openeuler/openeuler:20.09	"/bin/bash"		37 minutes ago	Up 37 minutes           6c1d81467d3367a90dd6e388a16c80411d4ba76316d86b6f56463699306e1394

强制删除运行中的容器

[root@openeuler iSula]# isula rm -f 6c1d81467d33
6c1d81467d3367a90dd6e388a16c80411d4ba76316d86b6f56463699306e1394

 查看所有容器(包含运行中的容器

[root@openeuler iSula]# isula ps -a
CONTAINER ID	IMAGE				COMMAND	CREATED		STATUS	PORTS	NAMES
bb85ce20525d	openeuler/openeuler:20.09	"/bin/bash"		57 seconds ago	Up 57 seconds	  bb85ce20525db387c81c94e7a0865fccbf868a35ca4ba0dd077c0bba4a9c379a
3139ce089c56		openeuler/openeuler:20.09	"/bin/bash"		4 seconds ago 	Created 3139ce089c56567ba877f11cba3dbb9dbdcd68cf4cdc4ded701451a23a4cc38e

先将关联到镜像的容器销毁

[root@openeuler iSula]# isula rm -f bb85ce20525d 3139ce089c56
bb85ce20525db387c81c94e7a0865fccbf868a35ca4ba0dd077c0bba4a9c379a
3139ce089c56567ba877f11cba3dbb9dbdcd68cf4cdc4ded701451a23a4cc38e

然后删除镜像

[root@openeuler iSula]# isula rmi openeuler/openeuler:20.09
Image " openeuler/openeuler:20.09" removed

如果这一步骤失败,请先将所有容器删除后再运行此命令。

使用isula-build构建容器镜像

目前为止,我们使用的容器镜像都是从hub.oepkgs.net下载的已经构建好的容器镜像,下面我们尝试使用iSula提供的容器镜像构建工具isula-build,构建自己的容器镜像并运行。

安装isula-build

检查yum

[root@openeuler iSula]# tail /etc/yum.repos.d/openEuler_aarch64.repo
[update]
name=update
baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/update/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS/OS/$basearch/RPM-GPG-KEY-openEuler

用vi编辑器将文件中[update]节的enable=0改为enable=1并保存,这里不做赘述。

[root@openeuler ~]# yum repolist | grep update
update                                  update

从输出中可以看到update赫然纸上。

用yum命令安装isula-build

[root@openeuler iSula]# yum install -y isula-build

安装docker-runc

[root@openeuler iSula]# yum install -y docker-runc

systemctl start命令启动

[root@openeuler iSula]# systemctl start isula-build

查看版本

[root@openeuler iSula]# isula-build version
Client:
  Version:       0.9.2
  Go Version:    go1.13.3
  Git Commit:    a96cf18
  Built:         Thu Aug 25 01:08:45 2020
  OS/Arch:       linux/arm64

Server:
  Version:       0.9.2
  Go Version:    go1.13.3
  Git Commit:    a96cf18
  Built:         Thu Aug 25 01:08:45 2020
  OS/Arch:       linux/arm64

修改配置

[root@openeuler iSula]# vi /etc/isula-build/registries.toml

将hub.oepkgs.net加入到isula-build可搜索的镜像仓库列表里

vi /etc/isula-build/registries.toml

……

[registries.search]

registries = ["hub.oepkgs.net"]

……

当然,如果有不同的镜像仓库也可以配置不同的镜像仓库。

重启isula-build服务

[root@openeuler iSula]# systemctl restart isula-build

查看配置:
 

[root@openeuler iSula]# isula-build info -H
General:
  MemTotal:     3.6 GB
  MemFree:      1.33 GB
  SwapTotal:    0 B
  SwapFree:     0 B
  OCI Runtime:  runc
  DataRoot:     /var/lib/isula-build/
  RunRoot:      /var/run/isula-build/
  Builders:     0
  Goroutines:   11
Store:
  Storage Driver:     overlay
  Backing Filesystem: extfs
Registry:
  Search Registries:
    hub.oepkgs.net
  Insecure Registries:


在Search Registries 配置项里看到”hub.oepkgs.net”赫然纸上。
至此,isula-build安装完成。

构建容器镜像并导入到isulad

创建Dockerfile

创建 “Dockerfile”的文件:

[root@openeuler iSula]# mkdir –p /home/test/ && cd /home/test/

[root@openeuler test]# vi Dockerfile    #在此编辑文件内容

FROM openeuler/openeuler:20.09

COPY hello.sh /usr/bin/

CMD ["sh", "-c", "/usr/bin/hello.sh"]


[root@openeuler iSula]# cat Dockerfile

这里我们是在在/home/test目录下创建Dockerfile文件的。

编辑Dockerfile中出现的hello.sh脚本,它将被加到原有的openeuler:20.09镜像中以构建出我们自己的镜像

[root@openeuler test]# vi hello.sh    #在此编辑文件

[root@openeuler test]# cat hello.sh

#!/bin/sh

echo "hello, isula-build!"

修改文件属性:

[root@openeuler test]# chmod +x hello.sh

验证:

[root@openeuler test]# ls -l

total 8

-rw------- 1 root root 91 Jan 27 15:09 Dockerfile

-rwx------ 1 root root 37 Jan 27 15:10 hello.sh

以上即是我们刚刚创建的2个文件。

构建容器镜像

用isula-build构建我们自己的容器镜像并导入到isulad,镜像命名为hello-isula-build:v0.1:

[root@openeuler test]# isula-build ctr-img build -f ./Dockerfile -o isulad:hello-isula-build:v0.1
STEP  1: FROM openeuler/openeuler:20.09
STEP  2: COPY hello.sh /usr/bin/
STEP  3: CMD ["sh", "-c", "/usr/bin/hello.sh"]
…
Build success with image id: 093721586033ee24966cea91d8276b1cd1cf07240fd770a702e6d2d77577cb7f

查询构建出来的容器镜像

[root@openeuler test]# isula-build ctr-img images
[root@openeuler test]# isula-build ctr-img images
------------------------------------------------  -------------  ------------------  -------------------------------  -----------
 REPOSITORY             			TAG      IMAGE ID		CREATED				SIZE
------------------------------------------------  -------------  ------------------  -------------------------------  -----------
 hello-isula-build					v0.1		093721586033	2021-01-27 07:09:23      550 MB

 hub.oepkgs.net/openeuler/openeuler	20.09		8c788f4bfb72	2020-09-28 04:27:37      550 MB
------------------------------------------------  -------------  ------------------  ------------------------------  ------------
[root@openeuler test]# isula images
REPOSITORY             TAG       IMAGE ID             CREATED              SIZE       
hello-isula-build            v0.1       093721586033         2020-01-27 15:09:23    524.466 MB

可以看到isula-build ctr-img images可以查询到构建出来的容器镜像,同时,isula images命令也可以查询到从isula-build导入到isulad的容器镜像

启动容器

我们使用自己构建出来的容器镜像来启动容器,按照预期,容器进程会打印出“hello, isula-build!”:

[root@openeuler test]# isula run hello-isula-build:v0.1
hello, isula-build!

扩展实验:isula-build的其他镜像导出方式

在前述步骤中构建了自己的容器镜像hello-isula-build:v0.1并将容器镜像导出到isulad启动容器。isula-build除了能将容器镜像导出到isulad之外,还可以:

  1. 导出到远端仓库
  2. 导出到docker daemon
  3. 导出到本地压缩包
  4. 导出到isula-build的本地存储

可以通过isula-build的命令行帮助,查看这些导出方式:

[root@openeuler test]# isula-build ctr-img build --help

Build container images

Usage:

isula-build ctr-img build [FLAGS] PATH

Examples:

isula-build ctr-img build -f Dockerfile .

isula-build ctr-img build -f Dockerfile -o docker-archive:name.tar:image:tag .

isula-build ctr-img build -f Dockerfile -o docker-daemon:image:tag .

isula-build ctr-img build -f Dockerfile -o docker://registry.example.com/repository:tag .

isula-build ctr-img build -f Dockerfile -o isulad:image:tag .

isula-build ctr-img build -f Dockerfile --build-static='build-time=2020-06-30 15:05:05' .

可以按照命令行帮助信息中给出的详细示例进行练习。

 类似资料: