上一篇文章学习了overlay2的基本知识, 分享时候发现有个问题。就是2cda8c39e97b6157f8599f83c50c4591da423a2c3c0abd20302140c515a876a9-init这种xxx-init文件是干什么用的。
搜了几篇文章都说这个是系统初始化时候,解决host问题的。但是具体过程都没有说明。
为此做了一些尝试。
首先看看host 中的resolve.conf。
root@mcong-Virtual-Machine:~# cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0
search mshome.net
再看看container中
root@cfc13f607966:/etc# cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 172.17.176.161
search mshome.net
两个文件内容不一样,肯定不是挂载的。
那么不一样。 我们第一想法就是肯定是存在/var/lib/docker/overlay2/xxxx里边。
我们去看看。
root@mcong-Virtual-Machine:/var/lib/docker/overlay2# find . -name "resolv.conf"
./8ea06311f7fa82211f09765c9880b1bf1b947ac21bb98b99f6a573ce69b55859/diff/etc/resolv.conf
./2cda8c39e97b6157f8599f83c50c4591da423a2c3c0abd20302140c515a876a9/merged/etc/resolv.conf
./2cda8c39e97b6157f8599f83c50c4591da423a2c3c0abd20302140c515a876a9-init/diff/etc/resolv.conf
我这个虚拟机中只有一个image,一个container。 按理来说container里边的resolve.conf应该就是
./2cda8c39e97b6157f8599f83c50c4591da423a2c3c0abd20302140c515a876a9/merged/etc/resolv.conf这个文件。然鹅,这个文件是空的。
root@mcong-Virtual-Machine:/var/lib/docker/overlay2# cat ./2cda8c39e97b6157f8599f83c50c4591da423a2c3c0abd20302140c515a876a9/merged/etc/resolv.conf
root@mcong-Virtual-Machine:/var/lib/docker/overlay2#
不是说好的merged里边的文件就是container里边看到的文件么?
所以这里有两个问题。1. 谁写的这个文件。2. 这个文件在哪?
继续研究。翻了翻google。 发现有dockers对一些文件采取了特殊处理。比如标题中的三个文件–hostname hosts resolv.conf。
如果docker run时不含–dns=IP_ADDRESS…, --dns-search=DOMAIN…, or --dns-opt=OPTION…参数,docker daemon会将copy本主机的/etc/resolv.conf,然后对该copy进行处理(将那些/etc/resolv.conf中ping不通的nameserver项给抛弃),处理完成后留下的部分就作为该容器内部的/etc/resolv.conf。因此,如果你想利用宿主机中的/etc/resolv.conf配置的nameserver进行域名解析,那么你需要宿主机中该dns service配置一个宿主机内容器能ping通的IP。
就拿刚开始的例子说。 再container中DNSserver的IP是:172.17.176.161而host中是: 127.0.0.53
当container run时。dockerd 一看,再container中127.0.0.53ping不通。会把它换成172.17.176.161。
其实这个172.17.176.161会最终指向127.0.0.53。
root@mcong-Virtual-Machine:/var/lib/docker/overlay2# dig 172.17.176.161
; <<>> DiG 9.11.5-P1-1ubuntu2.4-Ubuntu <<>> 172.17.176.161
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44670
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;172.17.176.161. IN A
;; ANSWER SECTION:
172.17.176.161. 0 IN A 172.17.176.161
;; Query time: 5 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Jul 22 02:58:42 EDT 2019
;; MSG SIZE rcvd: 59
这样DNS都通了。但是现在的问题时我们再xxxx/merged文件中看到的和container中看到的文件不一致。
又google了一下。发现docker对这个文件又特殊对待了。
大概的过程是:
docker 启动后会把刚才说的东西参数化。然后存到了别的地方。
到底存在哪了呢。 我们可以通过inspect来查一下:
[
{
"Id": "cfc13f607966b01244a7fc41c895c6deb4cefc642a2c081012a8cede9e961375",
"Created": "2019-07-22T03:53:43.6401604Z",
"Path": "bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 4151,
"ExitCode": 0,
"Error": "",
"StartedAt": "2019-07-22T03:53:44.2082711Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:7698f282e5242af2b9d2291458d4e425c75b25b0008c1e058d66b717b4c06fa9",
"ResolvConfPath": "/var/lib/docker/containers/cfc13f607966b01244a7fc41c895c6deb4cefc642a2c081012a8cede9e961375/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/cfc13f607966b01244a7fc41c895c6deb4cefc642a2c081012a8cede9e961375/hostname",
"HostsPath": "/var/lib/docker/containers/cfc13f607966b01244a7fc41c895c6deb4cefc642a2c081012a8cede9e961375/hosts",
......
看到了吧, 着三个文件不在/var/lib/docker/overlay2下。
root@mcong-Virtual-Machine:/var/lib/docker/overlay2# cat /var/lib/docker/containers/cfc13f607966b01244a7fc41c895c6deb4cefc642a2c081012a8cede9e961375/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 172.17.176.161
search mshome.net
这个正好是container中的文件。
这就能解释/var/lib/docker/overlay2/xxx-init为什么存在了。这个文件是stub住这些特殊的文件。这样merged中显示就是一个空文件。而在container中看到的不是空文件。
为了验证一下,首先在container中改变一下resolv.conf。
root@cfc13f607966:/etc# echo "#fafafa">resolv.conf
这个改变并不会引起/var/lib/docker/overlay2目录下的任何文件改变。但是改变了/var/lib/docker/containers/cfc13f607966b01244a7fc41c895c6deb4cefc642a2c081012a8cede9e961375/resolv.conf
root@mcong-Virtual-Machine:/var/lib/docker/overlay2# cat /var/lib/docker/containers/cfc13f607966b01244a7fc41c895c6deb4cefc642a2c081012a8cede9e961375/resolv.conf
#fafafa
docker对于一些类似DNS,hostname的东西采取了“特殊处理”。
仔细想一下,这些是说的通的。像DNS,hostname等,这些东西都不是静态存在的–也就是这些信息不能存在image中,即使存在image中也没用,image运行在不同的环境会有不用的结果。所以需要特殊对待,而不是存在overlay2目录下。
其实这些东西都是OCI定义的。想要更深入的了解。应该更深入的学习OCI。