• 周四. 10 月 3rd, 2024

5G编程聚合网

5G时代下一个聚合的编程学习网

热门标签

Seven days to write a docker with go (day 1)

King Wang

1 月 3, 2022

1. docker Detailed explanation

A lot of people have just touched docker It’s amazing , I think this technology is very novel , It’s not ,docker The technologies used are all pre-existing , It’s just that the old wine has changed into a new bottle . Simply speaking docker The essence is actually a A special process , This process is special in that it is Namespace and Cgroup The technology is decorated ,Namespace Connect the process with Linux The system is isolated , Put the process in a virtual sandbox , and Cgroup There are a series of resource restrictions on the process , The two work together to simulate a sandbox environment .

2. Namespace

Linux There are six isolation mechanisms for threads , Respectively :uts pid user mount network ipc , Their functions are as follows :

  • uts: Used to isolate host names
  • pid: Used to isolate processes PID The no.
  • user: Used to isolate users
  • mount: Used to isolate the mount point view seen by each process
  • network: Used to isolate the network
  • ipc: Used to isolate System V IPC and POSIX message queues

3. Environment configuration

Because we are Windows It’s code , Then compile the code , Put it in Linux In the implementation of , So here we’re going to change us goland Environment , Because in different environments ,go The imported files are also different , If our environment uses Windows, So use os/exec Packet time , The import will be exec_windows.go, And if our environment is Linux, So it will import exec_linux.go file , Because only Linux This isolation parameter is provided to create the process , So we need to change the environment to Linux.

 Insert picture description here

4. Go Implement process isolation

4.1 Isolation uts

package main
import (
"log"
"os"
"os/exec"
"syscall"
)
func main() {

cmd := exec.Command("sh")
cmd.SysProcAttr = &syscall.SysProcAttr{

Cloneflags: syscall.CLONE_NEWUTS,
}
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
if err := cmd.Run(); err != nil {

log.Fatal(err)
}
}

Let’s compile , Put it in Linux Let’s test it ,windows To compile in, you need to first GOOS Change to Linux, And then execute go build, The compiled script is as follows

SET CGO_ENABLED=0
SET GOOS=linux
SET GOARCH=amd64
go build main.go


 Insert picture description here

take main Put it in Linux Running in the environment , So here I’m going to use theta Centos

4.2 Test whether host names can be isolated

  1. to main File add executable rights
chmod +x main
  1. View the current hostname
  2. perform main file
./main


4. Modify hostname

hostname -b New hostname


Check the hostname again , We see that the hostname has been changed to test

5. sign out shell, Check the hostname again

And then we found out , External host name , It hasn’t changed , It shows that the process will succeed in hostname External hostname It’s isolated . It also proves that we use uts namespace succeed .

4.2 Other isolation

We want that kind of isolation of the process , Only need Cloneflags Add parameters to

package main
import (
"log"
"os"
"os/exec"
"syscall"
)
func main() {

cmd := exec.Command("sh")
cmd.SysProcAttr = &syscall.SysProcAttr{

// Isolation uts,ipc,pid,mount,user,network
Cloneflags: syscall.CLONE_NEWUTS |
syscall.CLONE_NEWIPC |
syscall.CLONE_NEWPID |
syscall.CLONE_NEWNS |
syscall.CLONE_NEWUSER |
syscall.CLONE_NEWNET,
// Set up the UID and GID
UidMappings: []syscall.SysProcIDMap{

{

// Container of UID
ContainerID: 1,
// The host machine UID
HostID: 0,
Size: 1,
},
},
GidMappings: []syscall.SysProcIDMap{

{

// Container of GID
ContainerID: 1,
// The host machine GID
HostID: 0,
Size: 1,
},
},
}
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
if err := cmd.Run(); err != nil {

log.Fatal(err)
}
}

发表回复