Cumulus Linux 上的 Docker
您可以使用 Cumulus Linux 运行 Docker 容器平台。
Docker 软件包作为 Cumulus Linux 安装或 ONIE 升级过程的一部分进行安装。 Docker 软件包包括 Docker Engine 以及运行 Docker 服务所需的依赖项和配置文件。 如果您使用 apt-upgrade 升级交换机,则必须手动安装 Docker 软件包。
要在 Cumulus Linux 交换机上运行 Docker 容器
- 使用
dpkg-query -l cumulus-docker-setup命令检查 Docker 软件包是否已存在于交换机上。
以下命令输出显示 Docker 软件包已存在。 转到下一步以启用 Docker 服务。
cumulus@switch:mgmt:~$ dpkg-query -l cumulus-docker-setup
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-====================-=================================-============-=========================================
ii cumulus-docker-setup 1.0-cl4.4.0+u1~1607633230.afa6ce7 all Cumulus Linux docker configuration files.
以下命令输出显示 Docker 软件包不存在于交换机上
cumulus@switch:mgmt:~$ dpkg-query -l cumulus-docker-setup
dpkg-query: no packages found matching cumulus-docker-setup
要安装 Docker 软件包,请运行以下命令
cumulus@switch:mgmt:~$ sudo -E apt-get update
cumulus@switch:mgmt:~$ sudo -E apt-get install cumulus-docker-setup
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
containerd.io docker-ce docker-ce-cli
Suggested packages:
aufs-tools cgroupfs-mount | cgroup-lite
Recommended packages:
apparmor docker-ce-rootless-extras libltdl7 pigz
The following NEW packages will be installed:
containerd.io cumulus-docker-setup docker-ce docker-ce-cli
0 upgraded, 4 newly installed, 0 to remove and 6 not upgraded.
Need to get 91.9 MB of archives.
After this operation, 420 MB of additional disk space will be used.
Do you want to continue? [Y/n]
在管理 VRF 中,启用 Docker 服务。 Docker 从互联网拉取容器镜像,这需要通过管理 VRF 访问互联网。
cumulus@switch:mgmt:~$ sudo systemctl enable --now docker@mgmt.service Created symlink /etc/systemd/system/multi-user.target.wants/docker@mgmt.service → /etc/systemd/system/docker@.service. Warning: The unit file, source configuration file or drop-ins of docker@mgmt.service changed on disk. Run 'systemctl daemon-reload' to reload units.此警告是已知问题,没有功能影响。
使用
systemctl status docker@mgmt.service命令检查 Docker 服务状态cumulus@switch:mgmt:~$ sudo systemctl status docker@mgmt.service Warning: The unit file, source configuration file or drop-ins of docker@mgmt.service changed on di ● docker@mgmt.service - Docker Application Container Engine Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled) Drop-In: /run/systemd/generator/docker@.service.d └─vrf.conf Active: active (running) since Tue 2020-12-15 01:02:36 UTC; 7s ago Docs: https://docs.docker.net.cn Main PID: 9558 (dockerd) Memory: 40.5M CGroup: /system.slice/system-docker.slice/docker@mgmt.service └─vrf └─mgmt └─9558 /usr/bin/dockerd --containerd=/run/containerd/containerd.sock Dec 15 01:02:36 act-5812-10 ip[9558]: time="2020-12-15T01:02:36.235571032Z" level=info msg="ccReso Dec 15 01:02:36 act-5812-10 ip[9558]: time="2020-12-15T01:02:36.235612700Z" level=info msg="Client Dec 15 01:02:36 act-5812-10 ip[9558]: time="2020-12-15T01:02:36.351654900Z" level=warning msg="Una Dec 15 01:02:36 act-5812-10 ip[9558]: time="2020-12-15T01:02:36.352171765Z" level=info msg="Loadin Dec 15 01:02:36 act-5812-10 ip[9558]: time="2020-12-15T01:02:36.432399835Z" level=info msg="Defaul Dec 15 01:02:36 act-5812-10 ip[9558]: time="2020-12-15T01:02:36.473407023Z" level=info msg="Loadin Dec 15 01:02:36 act-5812-10 ip[9558]: time="2020-12-15T01:02:36.527590296Z" level=info msg="Docker Dec 15 01:02:36 act-5812-10 ip[9558]: time="2020-12-15T01:02:36.527846668Z" level=info msg="Daemon Dec 15 01:02:36 act-5812-10 systemd[1]: Started Docker Application Container Engine. Dec 15 01:02:36 act-5812-10 ip[9558]: time="2020-12-15T01:02:36.635997529Z" level=info msg="API li通过运行
hello-world容器测试您的安装cumulus@switch:mgmt:~$ docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 0e03bdcc26d7: Pull complete Digest: sha256:1a523af650137b8accdaed439c17d684df61ee4d74feac151b5b337bd29e7eec Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.net.cn/get-started/
Docker 守护程序在管理 VRF 中运行;但是,默认情况下 Docker 容器在 VRF 外部运行。 要在主机上的管理 VRF 内运行容器进程,请运行 docker run —privileged —ulimit memlock=131072 —rm —network host ip vrf exec mgmt 命令。 例如
cumulus@switch:mgmt:~$ sudo docker run —privileged —ulimit memlock=131072 —rm —network host debian ip vrf exec mgmt ping -c3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=110 time=1.21 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=110 time=1.24 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=110 time=1.26 ms
8.8.8.8 ping statistics -
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 1.212/1.237/1.262/0.045 ms
如果您看到错误 Failed to load BPF prog: ‘Operation not permitted’,请通过将值加倍来增加 memlock 限制。
请注意您想在 Cumulus Linux 交换机上的容器中运行的应用程序类型。 根据容器的配置,DHCP 服务器、自定义脚本和其他轻量级服务运行良好。 但是,VPN、NAT 和加密类型服务是 CPU 密集型的,并且会对关键应用程序产生不良影响。