77 Star 414 Fork 86

calvinwilliams / cocker

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
贡献代码
同步代码
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
Loading...
README
LGPL-2.1

容器引擎(cocker)

1. 概述

1.1. cocker是什么

cocker是我个人用C语言完全自研的容器引擎(对标Docker阿里Pouch),主要解决如下工作场景中的痛点:

  • 原生支持多进程架构的容器使用模式,无须引入第三方组件。
  • 按虚拟主机方式管理容器,交互式构建镜像,写过复杂Dockerfile的人都深恶痛绝。
  • 镜像多版本共存管理。
  • (更多...)

cocker使用到了以下Linux底层技术:LXCcgroupoverlayfsiptablesptms等。

1.2. 兼容性

笔者环境是Red Hat Enterprise Linux Server release 7.4,理论上7版本、以及对应CentOS都是可用的。有朋友反映在Ubuntu上不能使用,经笔者初步试验是由于环境差异造成问题,所以非RedHat/CentOS环境等待以后解决其兼容性。

1.3. 系统架构

images/cocker_architecture.png

在LXC中,容器只是内核命名空间隔离的根进程以及子进程树,隔离域有主机名字、进程空间、根文件系统、IPC、网络等。cocker完整的实现了以上所有隔离域,在容器管理设计上倾向于虚拟主机方式,也支持类似Docker的单进程方式。

cocker自带了容器根进程,负责通过伪终端方式桥接容器内外,而不是必须通过ssh

cgroup负责隔离域的系统资源管控,包括CPU、内存等。

1.3.1. 状态迁移图

images/cocker_state_transition_diagram.png

cocker镜像可以本地构建或从镜像库上传下载,镜像库目前只支持ssh服务端,后续版本中会加入cocker原生服务器。

cocker镜像允许不同版本共存,创建容器时可以指定镜像版本,或者默认最新版。镜像可以复制和删除,也可以修改版本号。

cocker容器创建出来后可以启动、关闭和销毁。修改容器属性如虚拟IP、端口映射和卷映射必须在容器关闭状态下进行。

cocker镜像可以转化为cocker容器便于交互式修改,然后再转化回来。

1.3.2. 层叠文件系统

images/cocker_overlayfs.png

层叠文件系统是多镜像容器的存储基础,cocker采用overlayfs作为其层叠文件系统引擎,可以叠加几乎无限的镜像层。

cocker的镜像和容器等都存放在环境变量COCKER_HOME指向的主目录中,所以规划其容量是使用前必须要考虑的问题。如果没有设置环境变量COCKER_HOME,则默认指向/var/cocker

COCKER_HOME主目录中有镜像主目录images、容器主目录containersssh镜像仓库srepo,以及日志文件cocker.log

1.3.3. 网络

images/cocker_network.png

cocker支持三种网络模型:HOST、CUSTOM和BRIDGE。

网络模型 说明
HOST 无预置网络环境,与容器外共享网络环境
CUSTOM 仅仅预置网络命名空间,不创建容器内外网卡等,完全由用户自设置
BRIDGE 预置以NAT方式的容器向宿主机的网络连接方式,自定义多组指定端口映射转发的宿主机向容器的网络模型

首次执行cocker会创建网桥设备cocker0,网段为166.88.0.x

1.3.4. 系统资源限制

images/cocker_cgroup.png

cocker目前只实现了CPU核分配、时间片占用百分比分配、内存分配,其它系统资源在后续版本中会逐渐完善。

1.3.5. 伪终端

images/cocker_pty.png

自带容器根进程接受客户端cocker连接后会创建伪终端会话,就像登录到虚拟主机上命令交互一样,无需使用ssh

1.4. 快速使用

使用主控工具cocker快速创建一个小型测试镜像,里面调用了自带脚本cocker_install_test.sh构建根文件系统。

然后使用指令-a boot基于刚刚创建的镜像test启动一个容器test,并且直接打开一个会话连接到容器中的伪终端...退出伪终端后,使用指令-a shutdown关闭容器,最后使用指令-a destroy销毁容器。

# cocker -a install_test
OK
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
test                           _          2018-11-10T09:21:12 24 MB
# cocker -a create -m test -c test
OK
# cocker -a boot -c test -t   
connect to container ok
--- Welcome to cocker contrainer ---

[root@test /root] exit
logout
# cocker -a shutdown -c test
OK
# cocker -a destroy -c test
OK

2. 安装

2.1. Linux源码编译

2.1.1. 确认依赖包已安装

yum install -y telnet
yum install -y nmap-ncat
yum install -y bridge-utils
yum install -y man-pages
yum install -y supermin5
yum install -y openssl-devel

2.1.2. 确认内核转发功能已开启

临时开启

# echo "1" >/proc/sys/net/ipv4/ip_forward

或永久开启

# echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
# sysctl -p

2.1.3. 准备cocker源码

下载cocker源码包,解开,进入

# tar xvzf cocker-X.X.X.tar.gz
# cd cocker-X.X.X

或克隆cocker源码库,进入

# git clone https://gitee.com/calvinwilliams/cocker
# cd cocker

or

# git clone https://github.com/calvinwilliams/cocker
# cd cocker

2.1.4. 编译安装

注意:如果你在非root用户编译源码,确认sudo无需输入密码。

清理中间文件

# make -f makefile.Linux clean
make[1]: 进入目录“/home/calvin/src/cocker/shbin”
make[1]: 离开目录“/home/calvin/src/cocker/shbin”
make[1]: 进入目录“/home/calvin/src/cocker/src”
make[2]: 进入目录“/home/calvin/src/cocker/src/util”
rm -f list.o
rm -f LOGC.o
rm -f version.o
rm -f file.o
rm -f string.o
rm -f socket.o
rm -f pts.o
rm -f libcocker_util.so
make[2]: 离开目录“/home/calvin/src/cocker/src/util”
make[2]: 进入目录“/home/calvin/src/cocker/src/cocker”
rm -f util.o
rm -f main.o
rm -f env.o
rm -f show_images.o
rm -f show_containers.o
rm -f action_create.o
rm -f action_destroy.o
rm -f action_boot.o
rm -f action_shutdown.o
rm -f action_version.o
rm -f action_vip.o
rm -f action_port_mapping.o
rm -f action_volume.o
rm -f action_attach.o
rm -f action_install_test.o
rm -f action_to_container.o
rm -f action_to_image.o
rm -f action_copy_image.o
rm -f action_del_image.o
rm -f action_export.o
rm -f action_import.o
rm -f show_ssearch.o
rm -f action_spush.o
rm -f action_spull.o
rm -f cocker
make[2]: 离开目录“/home/calvin/src/cocker/src/cocker”
make[2]: 进入目录“/home/calvin/src/cocker/src/cockerinit”
rm -f main.o
rm -f server.o
rm -f pty.o
rm -f pts_and_tcp_bridge.o
rm -f cockerinit
make[2]: 离开目录“/home/calvin/src/cocker/src/cockerinit”
make[1]: 离开目录“/home/calvin/src/cocker/src”

编译并安装到系统目录里

注意:如果你在非root用户编译源码,前面加上sudo -E

# make -f makefile.Linux install
make[1]: 进入目录“/home/calvin/src/cocker/src”
make[2]: 进入目录“/home/calvin/src/cocker/src/util”
rm -f list.o
rm -f LOGC.o
rm -f version.o
rm -f file.o
rm -f string.o
rm -f socket.o
rm -f pts.o
rm -f libcocker_util.so
make[2]: 离开目录“/home/calvin/src/cocker/src/util”
make[2]: 进入目录“/home/calvin/src/cocker/src/cocker”
rm -f util.o
rm -f main.o
rm -f env.o
rm -f show_images.o
rm -f show_containers.o
rm -f action_create.o
rm -f action_destroy.o
rm -f action_boot.o
rm -f action_shutdown.o
rm -f action_version.o
rm -f action_vip.o
rm -f action_port_mapping.o
rm -f action_volume.o
rm -f action_attach.o
rm -f action_install_test.o
rm -f action_to_container.o
rm -f action_to_image.o
rm -f action_copy_image.o
rm -f action_del_image.o
rm -f action_export.o
rm -f action_import.o
rm -f show_ssearch.o
rm -f action_spush.o
rm -f action_spull.o
rm -f cocker
make[2]: 离开目录“/home/calvin/src/cocker/src/cocker”
make[2]: 进入目录“/home/calvin/src/cocker/src/cockerinit”
rm -f main.o
rm -f server.o
rm -f pty.o
rm -f pts_and_tcp_bridge.o
rm -f cockerinit
make[2]: 离开目录“/home/calvin/src/cocker/src/cockerinit”
make[1]: 离开目录“/home/calvin/src/cocker/src”
make[1]: 进入目录“/home/calvin/src/cocker/shbin”
make[1]: 离开目录“/home/calvin/src/cocker/shbin”
make[1]: 进入目录“/home/calvin/src/cocker/src”
make[2]: 进入目录“/home/calvin/src/cocker/src/util”
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99  -c list.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99  -c LOGC.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99  -c version.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99  -c file.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99  -c string.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99  -c socket.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99  -c pts.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -o libcocker_util.so list.o LOGC.o version.o file.o string.o socket.o pts.o -shared -L. -L/lib64 -L/usr/lib64 -L/usr/lib 
rm -f /lib64/libcocker_util.so
cp -rf libcocker_util.so /lib64/
rm -f /usr/include/cocker_in/list.h
cp -rf list.h /usr/include/cocker_in/
rm -f /usr/include/cocker_in/LOGC.h
cp -rf LOGC.h /usr/include/cocker_in/
rm -f /usr/include/cocker_in/cocker_util.h
cp -rf cocker_util.h /usr/include/cocker_in/
make[2]: 离开目录“/home/calvin/src/cocker/src/util”
make[2]: 进入目录“/home/calvin/src/cocker/src/cocker”
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c util.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c main.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c env.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c show_images.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c show_containers.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_create.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_destroy.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_boot.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_shutdown.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_version.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_vip.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_port_mapping.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_volume.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_attach.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_install_test.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_to_container.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_to_image.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_copy_image.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_del_image.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_export.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_import.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c show_ssearch.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_spush.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c action_spull.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -o cocker util.o main.o env.o show_images.o show_containers.o action_create.o action_destroy.o action_boot.o action_shutdown.o action_version.o action_vip.o action_port_mapping.o action_volume.o action_attach.o action_install_test.o action_to_container.o action_to_image.o action_copy_image.o action_del_image.o action_export.o action_import.o show_ssearch.o action_spush.o action_spull.o -L. -L/lib64 -L/usr/lib64 -L/usr/lib -L/lib64 -lcocker_util -lcrypto 
rm -f /bin/cocker
cp -rf cocker /bin/
make[2]: 离开目录“/home/calvin/src/cocker/src/cocker”
make[2]: 进入目录“/home/calvin/src/cocker/src/cockerinit”
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c main.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c server.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c pty.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -I. -I/usr/include -I/usr/include -std=gnu99 -I/usr/include/cocker_in  -c pts_and_tcp_bridge.c
gcc -g -fPIC -O2 -Wall -Werror -fno-strict-aliasing -o cockerinit main.o server.o pty.o pts_and_tcp_bridge.o -L. -L/lib64 -L/usr/lib64 -L/usr/lib -L/lib64 -lcocker_util -lcrypto 
rm -f /bin/cockerinit
cp -rf cockerinit /bin/
make[2]: 离开目录“/home/calvin/src/cocker/src/cockerinit”
make[1]: 离开目录“/home/calvin/src/cocker/src”
make[1]: 进入目录“/home/calvin/src/cocker/shbin”
rm -f /bin/cocker_ldd_and_cp_lib64.sh
cp -rf cocker_ldd_and_cp_lib64.sh /bin/
rm -f /bin/cocker_profile_template.sh
cp -rf cocker_profile_template.sh /bin/
rm -f /bin/cocker_etc_profile_template.sh
cp -rf cocker_etc_profile_template.sh /bin/
rm -f /bin/cocker_install_test.sh
cp -rf cocker_install_test.sh /bin/
rm -f /bin/cocker_create_image_rhel-7.4-x86_64.sh
cp -rf cocker_create_image_rhel-7.4-x86_64.sh /bin/
rm -f /bin/cocker_create_image_rhel-7.4-gcc-x86_64.sh
cp -rf cocker_create_image_rhel-7.4-gcc-x86_64.sh /bin/
make[1]: 离开目录“/home/calvin/src/cocker/shbin”

如果没有发生错误则表明编译安装成功,从以上命令行获知:

  • 构建出开发内部使用头文件src/cocker/*.h安装到/usr/include/cocker_in,库文件libcocker_util.so安装到/lib64。开发内部文件仅用于编译。
  • 构建出可执行文件cockercockerinit安装到/bin
  • 自带脚本shbin/*.sh安装到/bin

3. 使用教程

3.1. cocker指令

不带选项执行cocker将得到所有指令和选项列表

# cocker
USAGE : cocker -v
               -s images
               -s containers
               -a create (-m|--image) (image[:version])[,(image[:version])]... [ create options ] [ (-c|--container) (container) ] [ (-b|--boot) [ cgroup options ] [ (-t|--attach) | (-e|--exec) (cmd|"program para1 ...") ] ]
               -a boot (-c|--container) (container) [ cgroup options ] [ (-t|--attach) | (-e|--exec) (cmd|"program para1 ...") ]
               -a attach (-c|--container) (container)
               -a shutdown (-c|--container) (container) [ (-f|--forcely) ]
               -a kill (-c|--container) (container) [ (-f|--forcely) ]
               -a destroy (-c|--container) (container) [ (-f|--forcely) ] [ (-h|--shutdown) ]
               -a version (-m|--image) (image[:version]) [ --version (version) ]
               -a vip (-c|--container) (container) --vip (ip)
               -a port_mapping (-c|--container) (container) --port-mapping (src_port:dst_port)
               -a volume (-c|--container) (container) --volume (host_path[:container_path])[ ...]
               -a to_image --from-container (container) [ --verion (verion) ] --to-image (image)
               -a to_container --from-image (image[:version]) (-m|--image) (image[:version])[,(image[:version])]... [ create options ] --to-container (container)
               -a copy_image --from-image (image[:version]) --to-image (image[:version])
               -a del_image (-m|--image) (image[:version])
               -a import --image-file (file)
               -a export (-m|--image) (image[:version])
               -s ssearch --srepo (user@host)
               -a install_test
create options : [ --volume (host_path:container_path) ][ --volume ... ] [ --host (hostname) ] [ --net (BRIDGE|HOST|CUSTOM) ] [ --host-eth (eth) ] [ --vip (ip) ] [ --port-mapping (src_port:dst_port) ]
cgroup options : [ --cpus [(cpu_num,...)|(cpu_num-cpu_num2)] ] [ --cpu-quota (percent%) ] [ --mem-limit (num|numM) ]
  enable debug : [ (-d|--debug) ]

注意:首次执行cocker会自动创建镜像主目录images、容器主目录containers

3.1.1. 额外附加选项

cocker选项-d用于输出执行时调试信息,但并不是所有调试信息都会输出在屏幕上,某些不方便输出屏幕的信息会记录到日志文件中cocker.log,输出到屏幕上的信息也会复制一份到日志文件中。

cocker选项-f用于强制执行而忽略一些报错,这在一些指令中很有用。

3.1.2. 查询镜像列表

使用cocker指令-s images查询镜像主目录里的所有镜像。

# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
test                           _          2018-11-10T09:21:12 24 MB

镜像目录层次为镜像名/版本号/镜像目录文件内容。如果没有版本号,版本号目录名为_

镜像名格式推荐(个人名或组织名)=(软件名)-(软件版本号)。版本号格式推荐x.y.z

我们可以使用指令-a install_test创建不同版本的测试镜像,多版本共存管理。

# cocker -a install_test --version "1.0.0"
OK
# cocker -a install_test --version "1.1.0"   
OK
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
test                           _          2018-11-10T09:21:12 24 MB
test                           1.0.0      2018-11-14T07:20:06 24 MB
test                           1.1.0      2018-11-14T07:20:17 24 MB

注意:-a install_test创建的镜像仅作简单玩耍,里面很多环境都不完整。

3.1.3. 由镜像创建容器

使用cocker指令-a create由一个或多个镜像叠加创建容器。

# cocker -a create -m test --host test --net BRIDGE --vip 166.88.0.2 --port-mapping 19527:9527 -c test
OK

-m (镜像列表):指定镜像列表,镜像名可以以(镜像名)(:版本号)格式指定版本号,本指令中允许不指定版本号,cocker会自动挑选一个最大版本号的镜像。多个镜像之间用,分隔。

--host (主机名):设置容器内的主机名。

--net (网络模型):设置容器网络模型,见前面网络模型章节。

--vip (ip):如果网络模型为BRIDGE,设置容器内的网卡IP。

--port-mapping (网络端口映射列表):如果网络模型为BRIDGE,设置外部或宿主机访问容器的网络端口映射列表,端口映射格式为(宿主机端口):(容器端口)。多个端口映射之间用,分隔。

-c (容器名):指定容器名,若不指定,与镜像同名。建议指定。

除了以上示例中用到的选项,以下为其它可选选项:

--host-eth (网卡名):指定宿主机对外网卡名。这在多物理网卡时使用。

--volume (磁盘卷映射列表):磁盘卷映射用于宿主机与容器之间目录共享,设置格式为(宿主机目录:容器目录)。多个磁盘卷映射使用各自的选项键前缀--volume

-b:容器创建完后立即启动。(后可追加所有启动容器选项)

3.1.4. 查询容器列表

使用cocker指令-s containers查询容器主目录中的所有容器以及状态。

# cocker -s containers
container_id         image                hostname   net        netns            size       status
-----------------------------------------------------------------------------------------------------------
test                 test                 test       BRIDGE     nns098F6BCD46    0 B        STOPED

容器test状态为停止。

3.1.5. 启动容器

使用cocker指令-a boot查询容器主目录中的所有容器以及状态。

# cocker -a boot -c test
OK

除了以上示例中用到的选项,以下为其它可选选项:

--cpus (CPU核列表):容器限制的CPU核列表,比如第一个CPU核0,比如前两个CPU核0,1,比如第二个CPU核到第十个CPU核1-9

--cpu-quota (num%):容器限制的CPU利用率,比如完全利用100%,比如只能利用四分之一25%

--mem-limit (numM):容器限制的内存容量,比如100M

-t:容器启动后立即连接。

-e (cmd):指定容器根进程,默认使用cocker自带的cockerinit

启动后再查看容器状态

# cocker -s containers  
container_id         image                hostname   net        netns            size       status
-----------------------------------------------------------------------------------------------------------
test                 test                 test       BRIDGE     nns098F6BCD46    0 B        RUNNING(89698)

注意:默认启动容器的根进程为cockerinit,可简单代替系统init进程回收孤儿进程、管理伪终端等功能。

3.1.6. 连接容器

如果使用cockerinit作为根进程启动容器,使用cocker指令-a attch连接至容器,cockerinit打开一个会话连接到容器中的伪终端。也可叠加ssh镜像在容器内启动ssh服务器,利用ssh连接至容器。

# cocker -a attach -c test   
connect to container ok
--- Welcome to cocker contrainer ---

[root@test /root] 

注意:测试用镜像test已包含了绝大多数必备工具包,但不是所有。

在伪终端中输入exit加回车可关闭会话。

[root@test /root] exit
logout
#

3.1.7. 停止容器

使用cocker指令-a shutdown停止容器。

# cocker -a shutdown -c test   
OK
# cocker -s containers          
container_id         image                hostname   net        netns            size       status
-----------------------------------------------------------------------------------------------------------
test                 test                 test       BRIDGE     nns098F6BCD46    0 B        STOPED

3.1.8. 杀死容器

使用cocker指令-a kill强杀容器。

3.1.9. 销毁容器

使用cocker指令-a destroy销毁容器。

注意:销毁容器后容器内所有修改将丢失。

# cocker -a destroy -c test
OK

除了以上示例中用到的选项,以下为其它可选选项:

-h:先停止容器然后马上销毁容器。

-f:销毁容器过程中忽略错误,默认会中断销毁过程。

3.1.10. 修改镜像属性

3.1.10.1. 修改版本号

使用cocker指令-a version修改镜像版本号。

# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
test                           _          2018-11-10T09:21:12 24 MB
# cocker -a version -m test --version "1.0.1"
OK
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
test                           1.0.1      2018-11-10T09:21:12 24 MB
# cocker -a version -d -m "test:1.0.1" --version "1.0.2"
OK
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
test                           1.0.2      2018-11-10T09:21:12 24 MB
# cocker -a version -d -m "test:1.0.2"
OK
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
test                           _          2018-11-10T09:21:12 24 MB

3.1.11. 修改容器属性

3.1.11.1. 修改VIP

使用cocker指令-a vip修改容器内网卡IP。

注意:必须容器停止后才能修改。

# cocker -a vip --vip 166.88.0.3 -c test
OK

3.1.11.2. 修改容器端口映射

使用cocker指令-a port_mapping修改容器网络端口映射。

注意:必须容器停止后才能修改。

# cocker -a port_mapping --port-mapping 19528:9528 -c test
OK

3.1.11.3. 修改外挂卷映射

使用cocker指令-a volume修改容器磁盘卷映射。

注意:必须容器停止后才能修改。

# cocker -a volume --volume "/tmp:/tmp" --volume "/mnt/cdrom:/mnt/cdrom" -c test
OK

3.1.12. 镜像转换为容器

当需要修改镜像内文件时可先把镜像转换为容器,修改完后转换回镜像。

使用cocker指令-a to_container转换指定镜像为容器。

# cocker -a to_container --from-image test --host test --net BRIDGE --vip 166.88.0.2 --port-mapping 19527:9527 --to-container test
OK

注意:几乎可使用所有指令-a create的选项。

3.1.13. 容器转换为镜像

当想把某一容器打包成镜像,可使用此指令。

使用cocker指令-a to_image转换指定容器为镜像。

注意:转换的容器必须是停止的。

# cocker -a to_image --from-container test --to-image test
OK

3.1.14. 复制镜像

使用cocker指令-a copy_image可复制镜像。

# cocker -a copy_image --from-image test --to-image "test2:1.0.0"
OK

3.1.15. 删除镜像

使用cocker指令-a del_image可删除镜像。

# cocker -a del_image -m "test2:1.0.0"   
OK

3.1.16. 导出镜像

使用cocker指令-a export可导出镜像为镜像打包文件。

# cocker -a export -m "test:1.1.0"   
OK

3.1.17. 导入镜像

使用cocker指令-a import可从镜像打包文件导入镜像库。

注意:镜像打包文件名扩展名必须是.cockerimage

# cocker -a del_image -m "test:1.1.0"
OK
# cocker -a import --image-file "test:1.1.0.cockerimage"   
OK
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
test                           1.1.0      2018-11-14T08:53:13 24 MB

3.1.18. 上传镜像到ssh镜像库

ssh镜像库是利用ssh服务器来搭建镜像库。首先安装ssh服务器,创建镜像库用户,从客户端产生公钥文件分发给镜像库以方便免密登录。

# ssh-keygen -t rsa
...
# ssh-copy-id -i ~/.ssh/id_rsa.pub cockerimages@192.168.6.74

使用cocker指令-s ssearch可查看ssh镜像库里的镜像列表。

# cocker -s ssearch --srepo "cockerimages@192.168.6.74"
OK

注意:cocker保存ssh镜像库地址配置cockerimages@192.168.6.74

还能加上子串通配选项--match

# cocker -s ssearch --match test

使用cocker指令-a spush上传镜像到ssh镜像库。

# cocker -a spush -m "test:1.0.0"
OK
# cocker -s ssearch --match test
cocker -s ssearch   
image_id                                      modify_datetime     size      
----------------------------------------------------------------------
test:1.0.0                                    2018-11-14T9:05:48  11 MB

3.1.19. 从ssh镜像库下载镜像

使用cocker指令-a spull从ssh镜像库下载镜像。

# 
cocker -a del_image -m "test:1.0.0"
OK
# cocker -a spull -m "test:1.0.0"
OK
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
test                           1.0.0      2018-11-14T09:09:04 24 MB

3.1.20. 上传镜像到cocker自有镜像库

(待研发)

3.1.21. 从cocker自有镜像库下载镜像

(待研发)

3.1.22. 在容器外执行容器内命令

使用cocker指令-a run在容器外执行容器内命令

# cocker -a run -c test --cmd "hostname"
test
#

注意:容器是必须运行中状态。

3.1.23. 替换容器内文件内容

使用cocker指令-a rplfile替换容器内文件内容

# cocker -a rplfile -c test --template-file "/root/tpl.txt" --mapping-file "map.txt" --instance-file "/root/ins.txt"
OK
#

--template-file--instance-file分别为模板文件和实例化文件,按容器内路径,省略--instance-file将替换--template-file自己。

--mapping-file为替换配置,按容器外路径。一条规则为一行:

(KEY) (VALUE)\n
(KEY) (VAL UE)\n
...\n

替换示例:

tpl.txt

{ "leaf":"${LEAF}" }

map.txt

${LEAF} 我的树叶

替换后的ins.txt

{ "leaf":"我的树叶" }

此替换功能被广泛用于实例化容器内应用配置文件。

注意:容器是必须运行中状态。

3.1.24. 复制容器外文件或目录到容器内

使用cocker指令-a putfile复制容器外文件或目录到容器内

# cocker -a putfile -c test --src-file "map.txt" --dst-file "/root/"
OK
#

注意:也可通过ssh等服务复制。

3.1.25. 复制容器内文件或目录到容器外

使用cocker指令-a getfile复制容器内文件或目录到容器外

# cocker -a getfile -c test --src-file "/root/map.txt" --dst-file "./"
OK
#

注意:也可通过ssh等服务复制。

3.1.26. 得到容器根目录在容器外路径

使用cocker指令-s container_root得到容器根目录在容器外路径

# cocker -s container_root -c test
/var/cocker/containers/test/merged
#

注意:外露容器根目录可能不太合适。

3.2. 脚本

3.2.1. 创建测试镜像根文件系统脚本

# cocker_install_test.sh

注意:应与cocker指令-a install_test配合使用。

3.2.2. 创建操作系统基础镜像脚本

注意:必须可正常使用yum为前提。 注意:如需增删软件可修改supermin5 -v --prepare后的软件列表。

# cocker_create_image_rhel-7.4-x86_64.sh
...
# ls -l calvin=rhel-7.4-x86_64:1.0.0.cockerimage
-rw-r--r--  1 root root 91781857 Nov 25 09:03 calvin=rhel-7.4-x86_64:1.0.0.cockerimage

执行后输入名字和版本号,自动生成可导入的镜像打包文件,文件名格式为(作者)=(rhel-7.4-x86_64):(版本号).cockerimage

# cocker -a import --image-file calvin=rhel-7.4-x86_64:1.0.0.cockerimage
OK
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
calvin=rhel-7.4-x86_64         1.0.0      2018-11-25T09:03:48 228 MB

3.2.3. 创建sshd镜像脚本

此为创建sshd镜像层镜像打包文件。

# cocker_create_image_rhel-7.4-sshd-x86_64.sh

注意:后面章节通过交互式构建可达到更小更干净的镜像。

3.2.4. 创建gcc镜像脚本

此为创建gcc镜像层镜像打包文件。

# cocker_create_image_rhel-7.4-gcc-x86_64.sh

注意:后面章节通过交互式构建可达到更小更干净的镜像。

3.2.5. 设置容器根目录环境变量

# . cocker_container_root.sh test
$ echo $COCKER_CONTAINER_ROOT
/var/cocker/containers/test/merged
# ls -l $COCKER_CONTAINER_ROOT
total 20
drwxr-xr-x.   2 root root 4096 Nov 22 08:26 bin
-rwxr-xr-x.   1 root root 2634 Nov 22 08:43 cocker.log
-rwxr-xr-x.   1 root root 4848 Nov 22 08:46 cockerinit.log
drwxr-xr-x.   1 root root   25 Nov 22 08:43 dev
drwxr-xr-x.   1 root root    6 Nov 22 08:26 etc
drwxr-xr-x.   2 root root    6 Nov 22 08:26 lib
drwxr-xr-x.   2 root root 4096 Nov 22 08:26 lib64
drwxr-xr-x.   3 root root   19 Nov 22 08:26 mnt
dr-xr-xr-x. 197 root root    0 Nov 22 08:43 proc
drwxr-xr-x.   1 root root   42 Nov 22 08:46 root
drwxr-xr-x.   2 root root   61 Nov 22 08:26 sbin
drwxr-xr-x.   2 root root    6 Nov 22 08:26 tmp
drwxr-xr-x.   3 root root   19 Nov 22 08:26 usr
drwxr-xr-x.   2 root root    6 Nov 22 08:26 var

注意:此脚本调用了指令-s container_root。 注意:外露容器根目录可能不太合适。

3.3. 场景示例

3.3.1. 交互式构建yum镜像

有了操作系统基础镜像后可以交互式构建其它镜像。大致过程为用基础镜像创建启动容器,在容器内交互式安装和部署,然后停止容器,最后转换容器为新镜像。

# cocker -a create -m "calvin=rhel-7.4-x86_64" --host yum --volume "/mnt/cdrom:/mnt/cdrom" -c "calvin=yum"
OK
# cocker -a boot -c "calvin=yum" -t
[root@yum /root] 

在容器内配置好yum,在我的环境里这样配置

[root@yum /root] mkdir -p /etc/yum.repos.d
[root@yum /root] vi /etc/yum.repos.d/cdrom.repo
[cdrom]
name=cdrom
baseurl=file:///mnt/cdrom
gpgcheck=0
enable=1
[root@yum /root] yum search sshd
cdrom                                                                                                                                                                                                                 | 4.1 kB  00:00:00     
(1/2): cdrom/group_gz                                                                                                                                                                                                 | 137 kB  00:00:00     
(2/2): cdrom/primary_db                                                                                                                                                                                               | 4.0 MB  00:00:00     
=============================================================================================================== Matched: sshd ===============================================================================================================
openssh-server.x86_64 : An open source SSH server daemon

转换容器为yum镜像

[root@yum /etc/yum.repos.d] exit
logout
# cocker -a shutdown -c "calvin=yum"
OK
# cocker -s containers
container_id         image                hostname   net        netns            size       status
-----------------------------------------------------------------------------------------------------------
calvin=yum           calvin=rhel-7.4-x86_64 yum        HOST                        24 MB      STOPED
# cocker -a to_image --from-container "calvin=yum" --version "1.0.0" --to-image "calvin=yum"
OK
# cocker -s containers
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
calvin=rhel-7.4-x86_64         1.0.0      2018-11-25T09:55:25 271 MB
calvin=yum                     1.0.0      2018-11-25T10:16:59 24 MB

3.3.2. 交互式构建sshd镜像

注意:交互式构建sshd依赖yum。

# cocker -a create -m "calvin=rhel-7.4-x86_64,calvin=yum" --host sshd --volume "/mnt/cdrom:/mnt/cdrom" --net BRIDGE --vip 166.88.0.2 --port-mapping "2222:22" -c "calvin=sshd"
OK
# cocker -a boot -c "calvin=sshd" -t
[root@sshd /root] 

在容器内配置好sshd,在我的环境里这样配置

[root@sshd /root] yum install -y openssh-server
...
[root@sshd /root] ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
...(一般全直接按回车)
[root@sshd /root] ssh-keygen -t rsa -f /etc/ssh/ssh_host_ecdsa_key
...(一般全直接按回车)
[root@sshd /root] echo "root:root" | chpasswd
...(如有卡住,按Ctrl+C结束)
[root@sshd /root] nohup /usr/sbin/sshd -D &

另外开一屏连接sshd容器

# ssh root@166.88.0.2 -p 2222
The authenticity of host '[166.88.0.2]:2222 ([166.88.0.2]:2222)' can't be established.
RSA key fingerprint is SHA256:kSX5DU3MiwEy8dArBoAk00kbB7hBtRXl/Pm4n9jWjBY.
RSA key fingerprint is MD5:27:5d:b6:5a:5a:b1:bc:eb:b9:82:98:58:40:7e:eb:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[166.88.0.2]:2222' (RSA) to the list of known hosts.
root@166.88.0.2's password: (root密码前面被重置成root了)
Last login: Mon Nov 26 13:28:07 2018 from 192.168.6.7
-bash-4.2# 

转换容器为sshd镜像

[root@sshd /root] exit
logout
# cocker -a shutdown -c "calvin=sshd"
OK
# cocker -s containers
container_id         image                hostname   net        netns            size       status
-----------------------------------------------------------------------------------------------------------
calvin=yum           calvin=rhel-7.4-x86_64 yum        HOST                        24 MB      STOPED
# cocker -a to_image --from-container "calvin=sshd" --version "1.0.0" --to-image "calvin=sshd"
OK
# cocker -s containers
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
calvin=rhel-7.4-x86_64         1.0.0      2018-11-25T09:55:25 271 MB
calvin=yum                     1.0.0      2018-11-25T10:16:59 24 MB
calvin=sshd                    1.0.0      2018-11-26T09:16:59 335 MB

3.3.3. 交互式构建G6镜像

G6是本人以前独立自研的负载均衡器(源码托管地址 : 开源中国github),不少公司在使用,下面介绍交互式构建G6镜像。

# cocker -a create -m "calvin=rhel-7.4-x86_64,calvin=yum,calvin=sshd" --host G6 --volume "/mnt/cdrom:/mnt/cdrom" --net BRIDGE --vip 166.88.0.2 --port-mapping "8600:8600,2222:222" -c "calvin=G6"
OK
# cocker -a boot -c "calvin=G6" -t
[root@G6 /root] 

在容器内配置好G6,在我的环境里这样配置

[root@G6 /root] yum install -y git
[root@G6 /root] yum install -y make
[root@G6 /root] yum install -y gcc
...(这里仅作演示,所以把git、gcc都安装在一起了)
[root@G6 /root] mkdir src && cd src
[root@G6 /root/src] git clone https://gitee.com/calvinwillisms/G6 && cd G6
[root@G6 /root/src/G6] cd src
[root@G6 /root/src/G6/src] make -f makefile.Linux install
...
[root@G6 /root/src/G6/src] mkdir ~/etc/ && vi ~/etc/G6.conf
admin_rule_id G 127.0.0.1:* - 127.0.0.1:8600 ;
my_rule RR *:* - 0.0.0.0:222 > 166.88.0.2:22 ;
[root@G6 /root/src/G6/src] cd ~
[root@G6 /root] nohup /usr/sbin/sshd -D &
[root@G6 /root] G6
G6 v1.0.6 build Nov 26 2018 14:28:18
TCP Bridge && Load-Balance Dispenser
Copyright by calvin 2016
USAGE : G6 -f (config_pathfilename) [ -t (forward_thread_size) ] [ -s (forward_session_size) ] [ --log-level (DEBUG|INFO|WARN|ERROR|FATAL) ] [ --log-filename (logfilename) ] [ --close-log ] [ --no-daemon ] [ --set-cpu-affinity ]
[root@G6 /root] G6 -f ~/etc/G6.conf

另外开一屏连接G6容器

# ssh root@166.88.0.2 -p 2222
root@166.88.0.2's password: (root密码前面被重置成root了)
Last login: Mon Nov 26 13:28:07 2018 from 192.168.6.7
-bash-4.2# 

转换容器为G6镜像

[root@G6 /root] ps -ef
...
[root@G6 /root] ps -ef | grep -v grep | grep "G6 -f" | awk '{if($3==1)print $2}' | xargs kill
[root@G6 /root] ps -ef | grep -v grep | grep -w sshd | awk '{print $2}' | xargs kill
[root@G6 /root] exit
logout
# cocker -a shutdown -c "calvin=G6"
OK
# cocker -s containers
container_id         image                hostname   net        netns            size       status
-----------------------------------------------------------------------------------------------------------
calvin=G6            calvin=rhel-7.4-x86_64,calvin=yum,calvin=sshd G6         BRIDGE     nns2513F44178    373 MB     STOPED
# cocker -a to_image --from-container "calvin=G6" --version "1.0.0" --to-image "calvin=G6"
OK
# cocker -s containers
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
calvin=rhel-7.4-x86_64         1.0.0      2018-11-25T09:55:25 271 MB
calvin=yum                     1.0.0      2018-11-25T10:16:59 24 MB
calvin=sshd                    1.0.0      2018-11-26T09:16:59 335 MB
calvin=G6                      1.0.0      2018-11-26T10:01:48 373 MB

3.3.4. 镜像配置实例化容器并启动

还是拿本人的G6做例子,把镜像calvin=G6转化为容器,把配置文件改成模板后再转化回镜像

# cocker -a to_container --from-image "calvin=G6" -m "calvin=rhel-7.4-x86_64" --host G6 --to-container "calvin=G6"
OK
# cocker -a boot -c "calvin=G6" -t
[root@G6 /root] cd etc
[root@G6 /root/etc] mv G6.conf G6.conf.tpl
[root@G6 /root/etc] vi G6.conf.tpl
admin_rule G 127.0.0.1:* - 127.0.0.1:${ADMIN_PORT} ;
my_rule RR *:* - 0.0.0.0:${FORWARD_PORT} > ${DEST_IP}:${DEST_PORT} ;
[root@G6 /root/etc] vi ../bin/sshd.start
nohup /usr/sbin/sshd -D &
[root@G6 /root/etc] chmod +x ../bin/sshd.start
[root@G6 /root/etc] exit
logout
# cocker -a shutdown -c "calvin=G6"
OK
# cocker -a to_image --from-container "calvin=G6" --version "1.1.0" --to-image "calvin=G6"
OK
# cocker -s images
image_id                       version    modify_datetime     size      
--------------------------------------------------------------------
calvin=rhel-7.4-x86_64         1.0.0      2018-11-27T08:00:07 273 MB
calvin=yum                     1.0.0      2018-11-26T09:10:43 24 MB
calvin=sshd                    1.0.0      2018-11-26T09:17:12 335 MB
calvin=G6                      1.1.0      2018-11-27T08:03:33 373 MB

最后用镜像创建容器,配置实例化,启动服务

# cocker -a create -m "calvin=rhel-7.4-x86_64,calvin=sshd,calvin=G6" --host G6 --net BRIDGE --vip 166.88.0.2 --port-mapping "8600:8600,2222:222" -c "G6"
OK
# cocker -a boot -c "G6"
OK
# vi G6.conf.map
${ADMIN_PORT}   8600
${FORWARD_PORT} 222
${DEST_IP}      166.88.0.2
${DEST_PORT}    22
# cocker -a rplfile -c "G6" --template-file "/root/etc/G6.conf.tpl" --mapping-file "G6.conf.map" --instance-file "/root/etc/G6.conf"
OK
# cocker -a run -c "G6" --cmd "cat /root/etc/G6.conf"
admin_rule G 127.0.0.1:* - 127.0.0.1:8600 ;
my_rule RR *:* - 0.0.0.0:222 > 166.88.0.2:22 ;
# cocker -a run -c "G6" --cmd "nohup /usr/sbin/sshd -D"
nohup: ignoring input and appending output to 'nohup.out'
# cocker -a run -c "G6" --cmd "G6 -f /root/etc/G6.conf"
OK

另外开一屏连接G6容器

# ssh root@166.88.0.2 -p 2222
root@166.88.0.2's password: (root密码前面被重置成root了)
Last login: Mon Nov 26 13:28:07 2018 from 192.168.6.7
-bash-4.2# exit

用完后关闭服务,最后停止和销毁容器

# cocker -a run -c "G6" --cmd "ps -ef | grep -v grep | grep 'G6 -f' | awk '{if($3==1)print $2}' | xargs kill"
# cocker -a run -c "G6" --cmd "ps -ef | grep -v grep | grep -w sshd | awk '{print $2}' | xargs kill"
# cocker -a shutdown -c G6

3.3.5. 单进程启动容器

拿前面的G6容器来演示像Docker那样单进程启动容器

# cocker -a create -m "calvin=rhel-7.4-x86_64,calvin=sshd,calvin=G6" --host G6 --net BRIDGE --vip 166.88.0.2 --port-mapping "8600:8600,2222:222" -c "G6" -b -e "/root/bin/G6 -f /root/etc/G6.conf --no-daemon" -d
OK

用完后停止并销毁容器

# cocker -a destroy -c G6 -h
OK

4. 最后

4.1. 关于cocker

欢迎使用cocker,如果你使用中碰到了问题请告诉我,谢谢 ^_^

源码托管地址 : 开源中国github

4.2. 关于作者

厉华,主手C,写过小到性能卓越方便快捷的日志库、HTTP解析器、日志采集器等,大到交易平台/中间件等,分布式系统实践者,容器技术专研者,目前在某城商行负责基础架构。

通过邮箱联系我 : 网易Gmail

GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. (This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.) Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. {description} Copyright (C) 2017 calvinwilliams This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. {signature of Ty Coon}, 1 April 1990 Ty Coon, President of Vice That's all there is to it!

简介

cocker是我个人用C语言完全自研的容器引擎(对标Docker、阿里Pouch) 展开 收起
C 等 3 种语言
LGPL-2.1
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
C
1
https://gitee.com/calvinwilliams/cocker.git
git@gitee.com:calvinwilliams/cocker.git
calvinwilliams
cocker
cocker
master

搜索帮助