├── .gitignore ├── README.md ├── cgroups ├── manager.go └── subsystem │ ├── cpu.go │ ├── cpuset.go │ ├── memory.go │ ├── subsystem.go │ ├── util.go │ └── util_test.go ├── command.go ├── common └── common.go ├── container ├── commit.go ├── exec.go ├── info.go ├── init.go ├── log.go ├── process.go ├── remove.go ├── stop.go └── workspace.go ├── go.mod ├── go.sum ├── main.go ├── network ├── bridge.go ├── bridge_test.go ├── ipam.go ├── ipam_test.go └── netwrok.go ├── nsenter └── nsenter.go ├── run.go └── test ├── cgroup └── memory │ └── main.go ├── namespace ├── ipc │ └── main.go ├── main.go ├── mount │ └── main.go ├── network │ └── main.go ├── pid │ └── main.go ├── user │ └── main.go └── uts │ └── main.go └── util └── util_test.go /.gitignore: -------------------------------------------------------------------------------- 1 | .idea -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # go-docker 2 | > 用go写一个docker 3 | 4 | ## 环境配置 5 | - 开发环境: windows 6 | - 运行环境: CentOS 7 | 8 | ### windows中goland配置 9 | > windows下要修改goland的OS环境为 linux,不然只会引用`exec_windows.go`而不会引用`exec_linxu_go` 10 | > 在Setting->Go->Build Tags & Vendoring -> OS=linux 11 | 12 | ### 设置CentOS支持aufs 13 | 查看是否支持 14 | ```bash 15 | cat /proc/filesystems 16 | ``` 17 | 安装aufs 18 | ```bash 19 | cd /etc/yum.repo.d 20 | # 下载文件 21 | wget https://yum.spaceduck.org/kernel-ml-aufs/kernel-ml-aufs.repo 22 | # 安装 23 | yum install kernel-ml-aufs 24 | # 修改内核启动 25 | vim /etc/default/grub 26 | ## 修改参数 27 | GRUB_DEFAULT=0 28 | 29 | # 重新生成grub.cfg 30 | grub2-mkconfig -o /boot/grub2/grub.cfg 31 | 32 | # 重启计算机 33 | reboot 34 | ``` 35 | ### 配置busybox 36 | ```bash 37 | # 下载 busybox 38 | docker pull busybox 39 | # 运行 40 | docker run -d busybox top -b 41 | # 导出 42 | docker export -o busybox.tar (容器ID) 43 | # 解压到 /root文件夹下 44 | cd /root 45 | mkdir busybox 46 | tar -xvf busybox.tar -C busybox/ 47 | ``` 48 | 49 | ## 使用指南 50 | ```bash 51 | # 编译 52 | go build . 53 | 54 | # 启动一个容器, busybox为镜像名,存放在 /root/busybox.tar 55 | ./go-docker run -ti --name test busybox sh 56 | 57 | # 后台启动 58 | ./go-docker run -d --name test busybox sh 59 | 60 | # 挂载文件 61 | ./go-docker run -d -v /root/test:/test --name test busybox sh 62 | 63 | # 进入容器 64 | ./go-docker exec test sh 65 | 66 | # 查看容器日志 67 | ./go-docker logs test 68 | 69 | # 查看容器列表 70 | ./go-docker ps 71 | 72 | # 停止容器 73 | ./go-docker stop test 74 | 75 | # 删除容器 76 | ./go-docker rm test 77 | ``` 78 | 79 | ## docker核心技术 80 | ### namespace 81 | - uts : 隔离主机名 82 | - pid : 隔离进程pid 83 | - user : 隔离用户 84 | - network : 隔离网络 85 | - mount : 隔离挂载点 86 | - ipc : 隔离System VIPC和POSIX message queues 87 | 88 | ### cgroup 89 | > 主要是使用三个组件相互协作实现的,分别是:subsystem, hierarchy, cgroup, 90 | 91 | - cgroup: 是对进程分组管理的一种机制 92 | - subsystem: 是一组资源控制的模块 93 | - hierarchy: 把一组cgroup串成一个树状结构(可让其实现继承) 94 | 95 | #### 实现方式 96 | > 主要实现方式是在`/sys/fs/cgroup/` 文件夹下,根据限制的不同,创建一个新的文件夹即可,kernel会将这个文件夹 97 | > 标记为它的`子cgroup`, 比如要限制内存使用,则在`/sys/fs/cgroup/memory/` 下创建`test-limit-memory`文件夹即可,将 98 | > 内存限制数写到该文件夹里面的 `memory.limit_in_bytes`即可 99 | 100 | ## 指令小记 101 | 102 | - 查看Linux程序父进程 103 | ```bash 104 | pstree -pl | grep main 105 | ``` 106 | - 查看进程id 107 | ```bash 108 | echo $$ 109 | ``` 110 | - 查看进程的uts 111 | ```bash 112 | readling /proc/进程id/ns/uts 113 | ``` 114 | - 修改hostname 115 | ```bash 116 | hostname -b 新名称 117 | ``` 118 | - 常看当前用户和用户组 119 | ```bash 120 | id 121 | ``` 122 | - 创建并挂载一个hierarchy 123 | > 在这个文件夹下面创建新的文件夹,会被kernel标记为该`cgroup`的子`cgroup` 124 | ```bash 125 | mkdir cgroup-test 126 | mount -t cgroup -o none,name=cgroup-test cgroup-test ./cgroup-test 127 | ``` 128 | - 将其他进程移动到其他的`cgroup`中 129 | > 只要将该进程的ID放到其`cgroup`的`tasks`里面即可 130 | ```bash 131 | echo "进程ID" >> cgroup/tasks 132 | ``` 133 | 134 | - 导出容器 135 | ```bash 136 | docker export -o busybox.tar 45c98e055883(容器ID) 137 | ``` 138 | - 移除mount 139 | ```bash 140 | unshare -m 141 | ``` -------------------------------------------------------------------------------- /cgroups/manager.go: -------------------------------------------------------------------------------- 1 | package cgroups 2 | 3 | import ( 4 | "github.com/sirupsen/logrus" 5 | "go-docker/cgroups/subsystem" 6 | ) 7 | 8 | type CGroupManager struct { 9 | Path string 10 | } 11 | 12 | func NewCGroupManager(path string) *CGroupManager { 13 | return &CGroupManager{Path: path} 14 | } 15 | 16 | func (c *CGroupManager) Set(res *subsystem.ResourceConfig) { 17 | for _, subsystem := range subsystem.Subsystems { 18 | err := subsystem.Set(c.Path, res) 19 | if err != nil { 20 | logrus.Errorf("set %s err: %v", subsystem.Name(), err) 21 | } 22 | } 23 | } 24 | 25 | func (c *CGroupManager) Apply(pid int) { 26 | for _, subsystem := range subsystem.Subsystems { 27 | err := subsystem.Apply(c.Path, pid) 28 | if err != nil { 29 | logrus.Errorf("apply task, err: %v", err) 30 | } 31 | } 32 | } 33 | 34 | func (c *CGroupManager) Destroy() { 35 | for _, subsystem := range subsystem.Subsystems { 36 | err := subsystem.Remove(c.Path) 37 | if err != nil { 38 | logrus.Errorf("remove %s err: %v", subsystem.Name(), err) 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /cgroups/subsystem/cpu.go: -------------------------------------------------------------------------------- 1 | package subsystem 2 | 3 | import ( 4 | "github.com/sirupsen/logrus" 5 | "io/ioutil" 6 | "os" 7 | "path" 8 | "strconv" 9 | ) 10 | 11 | type CpuSubSystem struct { 12 | apply bool 13 | } 14 | 15 | func (*CpuSubSystem) Name() string { 16 | return "cpu" 17 | } 18 | 19 | func (c *CpuSubSystem) Set(cgroupPath string, res *ResourceConfig) error { 20 | subsystemCgroupPath, err := GetCgroupPath(c.Name(), cgroupPath, true) 21 | if err != nil { 22 | logrus.Errorf("get %s path, err: %v", cgroupPath, err) 23 | return err 24 | } 25 | if res.CpuShare != "" { 26 | c.apply = true 27 | err = ioutil.WriteFile(path.Join(subsystemCgroupPath, "cpu.shares"), []byte(res.CpuShare), 0644) 28 | if err != nil { 29 | logrus.Errorf("failed to write file cpu.shares, err: %+v", err) 30 | return err 31 | } 32 | } 33 | return nil 34 | } 35 | 36 | func (c *CpuSubSystem) Remove(cgroupPath string) error { 37 | subsystemCgroupPath, err := GetCgroupPath(c.Name(), cgroupPath, false) 38 | if err != nil { 39 | return err 40 | } 41 | return os.RemoveAll(subsystemCgroupPath) 42 | } 43 | 44 | func (c *CpuSubSystem) Apply(cgroupPath string, pid int) error { 45 | if c.apply { 46 | subsystemCgroupPath, err := GetCgroupPath(c.Name(), cgroupPath, false) 47 | if err != nil { 48 | return err 49 | } 50 | 51 | tasksPath := path.Join(subsystemCgroupPath, "tasks") 52 | err = ioutil.WriteFile(tasksPath, []byte(strconv.Itoa(pid)), os.ModePerm) 53 | if err != nil { 54 | logrus.Errorf("write pid to tasks, path: %s, pid: %d, err: %v", tasksPath, pid, err) 55 | return err 56 | } 57 | } 58 | return nil 59 | } 60 | -------------------------------------------------------------------------------- /cgroups/subsystem/cpuset.go: -------------------------------------------------------------------------------- 1 | package subsystem 2 | 3 | import ( 4 | "github.com/sirupsen/logrus" 5 | "io/ioutil" 6 | "os" 7 | "path" 8 | "strconv" 9 | ) 10 | 11 | type CpuSetSubSystem struct { 12 | apply bool 13 | } 14 | 15 | func (*CpuSetSubSystem) Name() string { 16 | return "cpuset" 17 | } 18 | 19 | func (c *CpuSetSubSystem) Set(cgroupPath string, res *ResourceConfig) error { 20 | subsystemCgroupPath, err := GetCgroupPath(c.Name(), cgroupPath, true) 21 | if err != nil { 22 | logrus.Errorf("get %s path, err: %v", cgroupPath, err) 23 | return err 24 | } 25 | if res.CpuSet != "" { 26 | c.apply = true 27 | err := ioutil.WriteFile(path.Join(subsystemCgroupPath, "cpuset.cpus"), []byte(res.CpuSet), 0644) 28 | if err != nil { 29 | logrus.Errorf("failed to write file cpuset.cpus, err: %+v", err) 30 | return err 31 | } 32 | } 33 | return nil 34 | } 35 | 36 | func (c *CpuSetSubSystem) Remove(cgroupPath string) error { 37 | subsystemCgroupPath, err := GetCgroupPath(c.Name(), cgroupPath, false) 38 | if err != nil { 39 | return err 40 | } 41 | return os.RemoveAll(subsystemCgroupPath) 42 | } 43 | 44 | func (c *CpuSetSubSystem) Apply(cgroupPath string, pid int) error { 45 | if c.apply { 46 | subsystemCgroupPath, err := GetCgroupPath(c.Name(), cgroupPath, false) 47 | if err != nil { 48 | return err 49 | } 50 | tasksPath := path.Join(subsystemCgroupPath, "tasks") 51 | err = ioutil.WriteFile(tasksPath, []byte(strconv.Itoa(pid)), os.ModePerm) 52 | if err != nil { 53 | logrus.Errorf("write pid to tasks, path: %s, pid: %d, err: %v", tasksPath, pid, err) 54 | return err 55 | } 56 | } 57 | return nil 58 | } 59 | -------------------------------------------------------------------------------- /cgroups/subsystem/memory.go: -------------------------------------------------------------------------------- 1 | package subsystem 2 | 3 | import ( 4 | "io/ioutil" 5 | "os" 6 | "path" 7 | "strconv" 8 | 9 | "github.com/sirupsen/logrus" 10 | ) 11 | 12 | type MemorySubSystem struct { 13 | apply bool 14 | } 15 | 16 | func (*MemorySubSystem) Name() string { 17 | return "memory" 18 | } 19 | 20 | func (m *MemorySubSystem) Set(cgroupPath string, res *ResourceConfig) error { 21 | subsystemCgroupPath, err := GetCgroupPath(m.Name(), cgroupPath, true) 22 | if err != nil { 23 | logrus.Errorf("get %s path, err: %v", cgroupPath, err) 24 | return err 25 | } 26 | if res.MemoryLimit != "" { 27 | m.apply = true 28 | // 设置cgroup内存限制, 29 | // 将这个限制写入到cgroup对应目录的 memory.limit_in_bytes文件中即可 30 | err := ioutil.WriteFile(path.Join(subsystemCgroupPath, "memory.limit_in_bytes"), []byte(res.MemoryLimit), 0644) 31 | if err != nil { 32 | return err 33 | } 34 | } 35 | return nil 36 | } 37 | 38 | func (m *MemorySubSystem) Remove(cgroupPath string) error { 39 | subsystemCgroupPath, err := GetCgroupPath(m.Name(), cgroupPath, false) 40 | if err != nil { 41 | return err 42 | } 43 | return os.RemoveAll(subsystemCgroupPath) 44 | } 45 | 46 | func (m *MemorySubSystem) Apply(cgroupPath string, pid int) error { 47 | if m.apply { 48 | subsystemCgroupPath, err := GetCgroupPath(m.Name(), cgroupPath, false) 49 | if err != nil { 50 | return err 51 | } 52 | tasksPath := path.Join(subsystemCgroupPath, "tasks") 53 | err = ioutil.WriteFile(tasksPath, []byte(strconv.Itoa(pid)), os.ModePerm) 54 | if err != nil { 55 | logrus.Errorf("write pid to tasks, path: %s, pid: %d, err: %v", tasksPath, pid, err) 56 | return err 57 | } 58 | } 59 | return nil 60 | } 61 | -------------------------------------------------------------------------------- /cgroups/subsystem/subsystem.go: -------------------------------------------------------------------------------- 1 | package subsystem 2 | 3 | // 资源限制配置 4 | type ResourceConfig struct { 5 | // 内存限制 6 | MemoryLimit string 7 | // CPU时间片权重 8 | CpuShare string 9 | // CPU核数 10 | CpuSet string 11 | } 12 | 13 | /** 14 | 将cgroup抽象成path, 因为在hierarchy中,cgroup便是虚拟的路径地址 15 | */ 16 | type Subystem interface { 17 | // 返回subsystem名字,如 cpu,memory 18 | Name() string 19 | // 设置cgroup在这个subSystem中的资源限制 20 | Set(cgroupPath string, res *ResourceConfig) error 21 | // 移除这个cgroup资源限制 22 | Remove(cgroupPath string) error 23 | // 将某个进程添加到cgroup中 24 | Apply(cgroupPath string, pid int) error 25 | } 26 | 27 | var ( 28 | Subsystems = []Subystem{ 29 | &MemorySubSystem{}, 30 | // 设置tasks时,这两个必须同时设置 31 | &CpuSubSystem{}, 32 | &CpuSetSubSystem{}, 33 | } 34 | ) 35 | -------------------------------------------------------------------------------- /cgroups/subsystem/util.go: -------------------------------------------------------------------------------- 1 | package subsystem 2 | 3 | import ( 4 | "bufio" 5 | "os" 6 | "path" 7 | "strings" 8 | 9 | "github.com/sirupsen/logrus" 10 | ) 11 | 12 | // 获取cgroup在文件系统中的绝对路径 13 | func GetCgroupPath(subsystem string, cgroupPath string, autoCreate bool) (string, error) { 14 | cgroupRootPath, err := findCgroupMountPoint(subsystem) 15 | if err != nil { 16 | logrus.Errorf("find cgroup mount point, err: %s", err.Error()) 17 | return "", err 18 | } 19 | cgroupTotalPath := path.Join(cgroupRootPath, cgroupPath) 20 | _, err = os.Stat(cgroupTotalPath) 21 | if err != nil && os.IsNotExist(err) { 22 | if err := os.MkdirAll(cgroupTotalPath, 0755); err != nil { 23 | return "", err 24 | } 25 | } 26 | 27 | return cgroupTotalPath, nil 28 | } 29 | 30 | // 找到挂载了 subsystem 的hierarchy cgroup根节点所在的目录 31 | func findCgroupMountPoint(subystem string) (string, error) { 32 | f, err := os.Open("/proc/self/mountinfo") 33 | if err != nil { 34 | return "", err 35 | } 36 | defer f.Close() 37 | 38 | scanner := bufio.NewScanner(f) 39 | for scanner.Scan() { 40 | txt := scanner.Text() 41 | fields := strings.Split(txt, " ") 42 | for _, opt := range strings.Split(fields[len(fields)-1], ",") { 43 | if opt == subystem && len(fields) > 4 { 44 | return fields[4], nil 45 | } 46 | } 47 | } 48 | return "", scanner.Err() 49 | } 50 | -------------------------------------------------------------------------------- /cgroups/subsystem/util_test.go: -------------------------------------------------------------------------------- 1 | package subsystem 2 | 3 | import ( 4 | "github.com/sirupsen/logrus" 5 | "testing" 6 | ) 7 | 8 | func TestGetCgroupPath(t *testing.T) { 9 | logrus.Infof(findCgroupMountPoint("memory")) 10 | logrus.Infof(findCgroupMountPoint("cpu")) 11 | logrus.Infof(findCgroupMountPoint("cpuset")) 12 | } 13 | -------------------------------------------------------------------------------- /command.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "github.com/sirupsen/logrus" 6 | "github.com/urfave/cli" 7 | "go-docker/common" 8 | "go-docker/network" 9 | "os" 10 | 11 | "go-docker/cgroups/subsystem" 12 | "go-docker/container" 13 | ) 14 | 15 | // 创建namespace隔离的容器进程 16 | // 启动容器 17 | var runCommand = cli.Command{ 18 | Name: "run", 19 | Usage: "Create a container with namespace and cgroups limit", 20 | Flags: []cli.Flag{ 21 | cli.BoolFlag{ 22 | Name: "ti", 23 | Usage: "enable tty", 24 | }, 25 | cli.StringFlag{ 26 | Name: "m", 27 | Usage: "memory limit", 28 | }, 29 | cli.StringFlag{ 30 | Name: "cpushare", 31 | Usage: "cpushare limit", 32 | }, 33 | cli.StringFlag{ 34 | Name: "cpuset", 35 | Usage: "cpuset limit", 36 | }, 37 | cli.StringFlag{ 38 | Name: "v", 39 | Usage: "docker volume", 40 | }, 41 | cli.BoolFlag{ 42 | Name: "d", 43 | Usage: "detach container", 44 | }, 45 | cli.StringFlag{ 46 | Name: "name", 47 | Usage: "container name", 48 | }, 49 | cli.StringSliceFlag{ 50 | Name: "e", 51 | Usage: "docker env", 52 | }, 53 | cli.StringFlag{ 54 | Name: "net", 55 | Usage: "container network", 56 | }, 57 | cli.StringSliceFlag{ 58 | Name: "p", 59 | Usage: "port mapping", 60 | }, 61 | }, 62 | Action: func(ctx *cli.Context) error { 63 | if len(ctx.Args()) < 1 { 64 | return fmt.Errorf("missing container args") 65 | } 66 | 67 | res := &subsystem.ResourceConfig{ 68 | MemoryLimit: ctx.String("m"), 69 | CpuSet: ctx.String("cpuset"), 70 | CpuShare: ctx.String("cpushare"), 71 | } 72 | // cmdArray 为容器运行后,执行的第一个命令信息 73 | // cmdArray[0] 为镜像名, .Tail() 是去掉第一个后的全部参数 74 | var cmdArray []string 75 | for _, arg := range ctx.Args().Tail() { 76 | cmdArray = append(cmdArray, arg) 77 | } 78 | 79 | tty := ctx.Bool("ti") 80 | detach := ctx.Bool("d") 81 | 82 | if tty && detach { 83 | return fmt.Errorf("ti and d paramter can not both provided") 84 | } 85 | 86 | containerName := ctx.String("name") 87 | volume := ctx.String("v") 88 | net := ctx.String("net") 89 | // 要运行的镜像名 90 | imageName := ctx.Args().Get(0) 91 | envs := ctx.StringSlice("e") 92 | ports := ctx.StringSlice("p") 93 | 94 | Run(cmdArray, tty, res, containerName, imageName, volume, net, envs, ports) 95 | return nil 96 | }, 97 | } 98 | 99 | // 初始化容器内容,挂载proc文件系统,运行用户执行程序 100 | var initCommand = cli.Command{ 101 | Name: "init", 102 | Usage: "Init container process run user's process in container. Do not call it outside", 103 | Action: func(ctx *cli.Context) error { 104 | logrus.Infof("init come on") 105 | return container.RunContainerInitProcess() 106 | }, 107 | } 108 | 109 | // 导出容器内容 110 | var commitCommand = cli.Command{ 111 | Name: "commit", 112 | Usage: "docker commit a container into image", 113 | Flags: []cli.Flag{ 114 | cli.StringFlag{ 115 | Name: "c", 116 | Usage: "export image path", 117 | }, 118 | }, 119 | Action: func(ctx *cli.Context) error { 120 | if len(ctx.Args()) < 1 { 121 | return fmt.Errorf("missing container name") 122 | } 123 | imageName := ctx.Args().Get(0) 124 | imagePath := ctx.String("c") 125 | return container.CommitContainer(imageName, imagePath) 126 | }, 127 | } 128 | 129 | var listCommand = cli.Command{ 130 | Name: "ps", 131 | Usage: "list all container", 132 | Action: func(ctx *cli.Context) error { 133 | container.ListContainerInfo() 134 | return nil 135 | }, 136 | } 137 | 138 | var logCommand = cli.Command{ 139 | Name: "logs", 140 | Usage: "look container log", 141 | Action: func(ctx *cli.Context) error { 142 | if len(ctx.Args()) < 1 { 143 | return fmt.Errorf("missing container name") 144 | } 145 | containerName := ctx.Args().Get(0) 146 | container.LookContainerLog(containerName) 147 | return nil 148 | }, 149 | } 150 | 151 | var execCommand = cli.Command{ 152 | Name: "exec", 153 | Usage: "exec a command into container", 154 | Action: func(ctx *cli.Context) error { 155 | // 如果环境变量里面有 PID,那么则什么都不执行 156 | pid := os.Getenv(common.EnvExecPid) 157 | if pid != "" { 158 | logrus.Infof("pid callback pid %s, gid: %d", pid, os.Getgid()) 159 | return nil 160 | } 161 | if len(ctx.Args()) < 2 { 162 | return fmt.Errorf("missing container name or command") 163 | } 164 | 165 | var cmdArray []string 166 | for _, arg := range ctx.Args().Tail() { 167 | cmdArray = append(cmdArray, arg) 168 | } 169 | 170 | containerName := ctx.Args().Get(0) 171 | container.ExecContainer(containerName, cmdArray) 172 | return nil 173 | }, 174 | } 175 | 176 | var stopCommand = cli.Command{ 177 | Name: "stop", 178 | Usage: "stop a container", 179 | Action: func(ctx *cli.Context) error { 180 | if len(ctx.Args()) < 1 { 181 | return fmt.Errorf("missing stop container name") 182 | } 183 | containerName := ctx.Args().Get(0) 184 | container.StopContainer(containerName) 185 | return nil 186 | }, 187 | } 188 | 189 | var removeCommand = cli.Command{ 190 | Name: "rm", 191 | Usage: "rm a container", 192 | Action: func(ctx *cli.Context) error { 193 | if len(ctx.Args()) < 1 { 194 | return fmt.Errorf("missing remove container name") 195 | } 196 | containerName := ctx.Args().Get(0) 197 | container.RemoveContainer(containerName) 198 | return nil 199 | }, 200 | } 201 | 202 | var networkCommand = cli.Command{ 203 | Name: "network", 204 | Usage: "container network commands", 205 | Subcommands: []cli.Command{ 206 | { 207 | Name: "create", 208 | Usage: "create a container network", 209 | Flags: []cli.Flag{ 210 | cli.StringFlag{ 211 | Name: "driver", 212 | Usage: "network driver", 213 | }, 214 | cli.StringFlag{ 215 | Name: "subnet", 216 | Usage: "subnet cidr", 217 | }, 218 | }, 219 | Action: func(context *cli.Context) error { 220 | if len(context.Args()) < 1 { 221 | return fmt.Errorf("Missing network name") 222 | } 223 | err := network.Init() 224 | if err != nil { 225 | logrus.Errorf("network init failed, err: %v", err) 226 | return err 227 | } 228 | // 创建网络 229 | err = network.CreateNetwork(context.String("driver"), context.String("subnet"), context.Args()[0]) 230 | if err != nil { 231 | return fmt.Errorf("create network error: %+v", err) 232 | } 233 | return nil 234 | }, 235 | }, 236 | { 237 | Name: "list", 238 | Usage: "list container network", 239 | Action: func(context *cli.Context) error { 240 | err := network.Init() 241 | if err != nil { 242 | logrus.Errorf("network init failed, err: %v", err) 243 | return err 244 | } 245 | 246 | network.ListNetwork() 247 | return nil 248 | }, 249 | }, 250 | { 251 | Name: "remove", 252 | Usage: "remove container network", 253 | Action: func(context *cli.Context) error { 254 | if len(context.Args()) < 1 { 255 | return fmt.Errorf("Missing network name") 256 | } 257 | 258 | err := network.Init() 259 | if err != nil { 260 | logrus.Errorf("network init failed, err: %v", err) 261 | return err 262 | } 263 | err = network.DeleteNetwork(context.Args()[0]) 264 | if err != nil { 265 | return fmt.Errorf("remove network error: %+v", err) 266 | } 267 | return nil 268 | }, 269 | }, 270 | }, 271 | } 272 | -------------------------------------------------------------------------------- /common/common.go: -------------------------------------------------------------------------------- 1 | package common 2 | 3 | const ( 4 | RootPath = "/root/" 5 | MntPath = "/root/mnt/" 6 | WriteLayer = "writeLayer" 7 | ) 8 | 9 | const ( 10 | Running = "running" 11 | Stop = "stopped" 12 | Exit = "exited" 13 | ) 14 | 15 | const ( 16 | DefaultContainerInfoPath = "/var/run/go-docker/" 17 | ContainerInfoFileName = "config.json" 18 | ContainerLogFileName = "container.log" 19 | ) 20 | 21 | const ( 22 | EnvExecPid = "docker_pid" 23 | EnvExecCmd = "docker_cmd" 24 | ) 25 | 26 | const ( 27 | DefaultNetworkPath = "/var/run/go-docker/network/network/" 28 | DefaultAllocatorPath = "/var/run/go-docker/network/ipam/subnet.json" 29 | ) 30 | -------------------------------------------------------------------------------- /container/commit.go: -------------------------------------------------------------------------------- 1 | package container 2 | 3 | import ( 4 | "fmt" 5 | "github.com/sirupsen/logrus" 6 | "go-docker/common" 7 | "os/exec" 8 | "path" 9 | ) 10 | 11 | func CommitContainer(imageName, imagePath string) error { 12 | if imagePath == "" { 13 | imagePath = common.RootPath 14 | } 15 | imageTar := path.Join(imagePath, fmt.Sprintf("%s.tar", imageName)) 16 | if _, err := exec.Command("tar", "-czf", imageTar, "-C", common.MntPath, ".").CombinedOutput(); err != nil { 17 | logrus.Errorf("tar container image, file name: %s, err: %v", imageTar, err) 18 | return err 19 | } 20 | return nil 21 | } 22 | -------------------------------------------------------------------------------- /container/exec.go: -------------------------------------------------------------------------------- 1 | package container 2 | 3 | import ( 4 | "fmt" 5 | "io/ioutil" 6 | "os" 7 | "os/exec" 8 | "strings" 9 | 10 | "github.com/sirupsen/logrus" 11 | 12 | "go-docker/common" 13 | ) 14 | 15 | // 重新进入容器 16 | // 通过设置环境变量的方式,让 C 语言写的程序真正执行 17 | // 通过 setns 的系统调用,重新进入到指定的 PID的 namespace 中 18 | func ExecContainer(containerName string, cmdArray []string) { 19 | info, err := getContainerInfo(containerName) 20 | if err != nil { 21 | logrus.Errorf("get container info, err: %v", err) 22 | } 23 | cmd := exec.Command("/proc/self/exe", "exec") 24 | cmd.Stdout = os.Stdout 25 | cmd.Stdin = os.Stdin 26 | cmd.Stderr = os.Stderr 27 | err = os.Setenv(common.EnvExecPid, info.Pid) 28 | err = os.Setenv(common.EnvExecCmd, strings.Join(cmdArray, " ")) 29 | // 设置环境变量 30 | envs := getEnvsByPid(info.Pid) 31 | cmd.Env = append(os.Environ(), envs...) 32 | 33 | if err = cmd.Run(); err != nil { 34 | logrus.Errorf("exec cmd run, err: %v", err) 35 | } 36 | } 37 | 38 | func getEnvsByPid(pid string) []string { 39 | envFilePath := fmt.Sprintf("/proc/%s/environ", pid) 40 | file, err := os.Open(envFilePath) 41 | if err != nil { 42 | logrus.Errorf("open env file, path: %s, err: %v", envFilePath, err) 43 | return nil 44 | } 45 | bs, err := ioutil.ReadAll(file) 46 | if err != nil { 47 | logrus.Errorf("read env file, err: %v", err) 48 | } 49 | return strings.Split(string(bs), "\u0000") 50 | } 51 | -------------------------------------------------------------------------------- /container/info.go: -------------------------------------------------------------------------------- 1 | package container 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | "github.com/sirupsen/logrus" 7 | "go-docker/common" 8 | "io/ioutil" 9 | "math/rand" 10 | "os" 11 | "path" 12 | "strconv" 13 | "strings" 14 | "text/tabwriter" 15 | "time" 16 | ) 17 | 18 | type ContainerInfo struct { 19 | Pid string `json:"pid"` // 容器的init进程再宿主机上的PID 20 | Id string `json:"id"` // 容器ID 21 | Command string `json:"command"` // 容器内init进程的运行命令 22 | Name string `json:"name"` 23 | CreateTime string `json:"createTime"` 24 | Status string `json:"status"` 25 | Volume string `json:"volume"` //容器的数据卷 26 | PortMapping []string `json:"portmapping"` //端口映射 27 | } 28 | 29 | // 记录容器信息 30 | func RecordContainerInfo(containerPID int, cmdArray []string, containerName, containerID string) error { 31 | info := &ContainerInfo{ 32 | Pid: strconv.Itoa(containerPID), 33 | Id: containerID, 34 | Command: strings.Join(cmdArray, ""), 35 | Name: containerName, 36 | CreateTime: time.Now().Format("2006-01-02 15:04:05"), 37 | Status: common.Running, 38 | } 39 | 40 | dir := path.Join(common.DefaultContainerInfoPath, containerName) 41 | _, err := os.Stat(dir) 42 | if err != nil && os.IsNotExist(err) { 43 | err := os.MkdirAll(dir, os.ModePerm) 44 | if err != nil { 45 | logrus.Errorf("mkdir container dir: %s, err: %v", dir, err) 46 | return err 47 | } 48 | } 49 | 50 | fileName := fmt.Sprintf("%s/%s", dir, common.ContainerInfoFileName) 51 | file, err := os.Create(fileName) 52 | if err != nil { 53 | logrus.Errorf("create config.json, fileName: %s, err: %v", fileName, err) 54 | return err 55 | } 56 | 57 | bs, _ := json.Marshal(info) 58 | _, err = file.WriteString(string(bs)) 59 | if err != nil { 60 | logrus.Errorf("write config.json, fileName: %s, err: %v", fileName, err) 61 | return err 62 | } 63 | 64 | return nil 65 | } 66 | 67 | func GenContainerID(n int) string { 68 | letterBytes := "0123456789" 69 | rand.Seed(time.Now().UnixNano()) 70 | b := make([]byte, n) 71 | for i := range b { 72 | b[i] = letterBytes[rand.Intn(len(letterBytes))] 73 | } 74 | return string(b) 75 | } 76 | 77 | func DeleteContainerInfo(containerName string) { 78 | dir := path.Join(common.DefaultContainerInfoPath, containerName) 79 | err := os.RemoveAll(dir) 80 | if err != nil { 81 | logrus.Errorf("remove container info, err: %v", err) 82 | } 83 | } 84 | 85 | func ListContainerInfo() { 86 | files, err := ioutil.ReadDir(common.DefaultContainerInfoPath) 87 | if err != nil { 88 | logrus.Errorf("read info dir, err: %v", err) 89 | } 90 | 91 | var infos []*ContainerInfo 92 | for _, file := range files { 93 | info, err := getContainerInfo(file.Name()) 94 | if err != nil { 95 | logrus.Errorf("get container info, name: %s, err: %v", file.Name(), err) 96 | continue 97 | } 98 | infos = append(infos, info) 99 | } 100 | 101 | // 打印 102 | w := tabwriter.NewWriter(os.Stdout, 12, 1, 2, ' ', 0) 103 | _, _ = fmt.Fprint(w, "ID\tNAME\tPID\tSTATUS\tCOMMAND\tCREATED\n") 104 | for _, info := range infos { 105 | _, _ = fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\t\n", info.Id, info.Name, info.Pid, info.Status, info.Command, info.CreateTime) 106 | } 107 | 108 | // 刷新标准输出流缓存区,将容器列表打印出来 109 | if err := w.Flush(); err != nil { 110 | logrus.Errorf("flush info, err: %v", err) 111 | } 112 | } 113 | 114 | func getContainerInfo(containerName string) (*ContainerInfo, error) { 115 | filePath := path.Join(common.DefaultContainerInfoPath, containerName, common.ContainerInfoFileName) 116 | bs, err := ioutil.ReadFile(filePath) 117 | if err != nil { 118 | logrus.Errorf("read file, path: %s, err: %v", filePath, err) 119 | return nil, err 120 | } 121 | info := &ContainerInfo{} 122 | err = json.Unmarshal(bs, info) 123 | return info, err 124 | } 125 | -------------------------------------------------------------------------------- /container/init.go: -------------------------------------------------------------------------------- 1 | package container 2 | 3 | import ( 4 | "fmt" 5 | "io/ioutil" 6 | "os" 7 | "os/exec" 8 | "path/filepath" 9 | "strings" 10 | "syscall" 11 | 12 | "github.com/sirupsen/logrus" 13 | ) 14 | 15 | // 本容器执行的第一个进程 16 | // 使用mount挂载proc文件系统 17 | // 以便后面通过`ps`等系统命令查看当前进程资源的情况 18 | func RunContainerInitProcess() error { 19 | cmdArray := readUserCommand() 20 | if cmdArray == nil || len(cmdArray) == 0 { 21 | return fmt.Errorf("get user command in run container") 22 | } 23 | // 挂载 24 | err := setUpMount() 25 | if err != nil { 26 | logrus.Errorf("set up mount, err: %v", err) 27 | return err 28 | } 29 | 30 | // 在系统环境 PATH中寻找命令的绝对路径 31 | path, err := exec.LookPath(cmdArray[0]) 32 | if err != nil { 33 | path = cmdArray[0] 34 | } 35 | 36 | err = syscall.Exec(path, cmdArray[0:], os.Environ()) 37 | if err != nil { 38 | return err 39 | } 40 | return nil 41 | } 42 | 43 | func readUserCommand() []string { 44 | // 指 index 为 3的文件描述符, 45 | // 也就是 cmd.ExtraFiles 中 我们传递过来的 readPipe 46 | pipe := os.NewFile(uintptr(3), "pipe") 47 | bs, err := ioutil.ReadAll(pipe) 48 | if err != nil { 49 | logrus.Errorf("read pipe, err: %v", err) 50 | return nil 51 | } 52 | msg := string(bs) 53 | return strings.Split(msg, " ") 54 | } 55 | 56 | func setUpMount() error { 57 | err := pivotRoot() 58 | if err != nil { 59 | logrus.Errorf("pivot root, err: %v", err) 60 | return err 61 | } 62 | 63 | // systemd 加入linux之后, mount namespace 就变成 shared by default, 所以你必须显示 64 | //声明你要这个新的mount namespace独立。 65 | err = syscall.Mount("", "/", "", syscall.MS_PRIVATE|syscall.MS_REC, "") 66 | if err != nil { 67 | return err 68 | } 69 | //mount proc 70 | defaultMountFlags := syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV 71 | err = syscall.Mount("proc", "/proc", "proc", uintptr(defaultMountFlags), "") 72 | if err != nil { 73 | logrus.Errorf("mount proc, err: %v", err) 74 | return err 75 | } 76 | // mount temfs, temfs是一种基于内存的文件系统 77 | err = syscall.Mount("tmpfs", "/dev", "tmpfs", syscall.MS_NOSUID|syscall.MS_STRICTATIME, "mode=755") 78 | if err != nil { 79 | logrus.Errorf("mount tempfs, err: %v", err) 80 | return err 81 | } 82 | 83 | return nil 84 | } 85 | 86 | // 改变当前root的文件系统 87 | func pivotRoot() error { 88 | root, err := os.Getwd() 89 | if err != nil { 90 | return err 91 | } 92 | logrus.Infof("current location is %s", root) 93 | 94 | // systemd 加入linux之后, mount namespace 就变成 shared by default, 所以你必须显示 95 | //声明你要这个新的mount namespace独立。 96 | err = syscall.Mount("", "/", "", syscall.MS_PRIVATE|syscall.MS_REC, "") 97 | if err != nil { 98 | return err 99 | } 100 | // 为了使当前root的老 root 和新 root 不在同一个文件系统下,我们把root重新mount了一次 101 | // bind mount是把相同的内容换了一个挂载点的挂载方法 102 | if err := syscall.Mount(root, root, "bind", syscall.MS_BIND|syscall.MS_REC, ""); err != nil { 103 | return fmt.Errorf("mount rootfs to itself error: %v", err) 104 | } 105 | // 创建 rootfs/.pivot_root 存储 old_root 106 | pivotDir := filepath.Join(root, ".pivot_root") 107 | _, err = os.Stat(pivotDir) 108 | if err != nil && os.IsNotExist(err) { 109 | if err := os.Mkdir(pivotDir, 0777); err != nil { 110 | return err 111 | } 112 | } 113 | // pivot_root 到新的rootfs, 现在老的 old_root 是挂载在rootfs/.pivot_root 114 | // 挂载点现在依然可以在mount命令中看到 115 | if err := syscall.PivotRoot(root, pivotDir); err != nil { 116 | return fmt.Errorf("pivot_root %v", err) 117 | } 118 | // 修改当前的工作目录到根目录 119 | if err := syscall.Chdir("/"); err != nil { 120 | return fmt.Errorf("chdir / %v", err) 121 | } 122 | 123 | pivotDir = filepath.Join("/", ".pivot_root") 124 | // unmount rootfs/.pivot_root 125 | if err := syscall.Unmount(pivotDir, syscall.MNT_DETACH); err != nil { 126 | return fmt.Errorf("unmount pivot_root dir %v", err) 127 | } 128 | // 删除临时文件夹 129 | return os.Remove(pivotDir) 130 | } 131 | -------------------------------------------------------------------------------- /container/log.go: -------------------------------------------------------------------------------- 1 | package container 2 | 3 | import ( 4 | "fmt" 5 | "io/ioutil" 6 | "os" 7 | "path" 8 | 9 | "github.com/sirupsen/logrus" 10 | 11 | "go-docker/common" 12 | ) 13 | 14 | // 查看容器内日志信息 15 | func LookContainerLog(containerName string) { 16 | logFileName := path.Join(common.DefaultContainerInfoPath, containerName, common.ContainerLogFileName) 17 | file, err := os.Open(logFileName) 18 | if err != nil { 19 | logrus.Errorf("open log file, path: %s, err: %v", logFileName, err) 20 | } 21 | bs, err := ioutil.ReadAll(file) 22 | if err != nil { 23 | logrus.Errorf("read log file, err: %v", err) 24 | } 25 | _, _ = fmt.Fprint(os.Stdout, string(bs)) 26 | } 27 | -------------------------------------------------------------------------------- /container/process.go: -------------------------------------------------------------------------------- 1 | package container 2 | 3 | import ( 4 | "os" 5 | "os/exec" 6 | "path" 7 | "syscall" 8 | 9 | "github.com/sirupsen/logrus" 10 | 11 | "go-docker/common" 12 | ) 13 | 14 | // 创建一个会隔离namespace进程的Command 15 | func NewParentProcess(tty bool, volume, containerName, imageName string, envs []string) (*exec.Cmd, *os.File) { 16 | readPipe, writePipe, _ := os.Pipe() 17 | // 调用自身,传入 init 参数,也就是执行 initCommand 18 | cmd := exec.Command("/proc/self/exe", "init") 19 | cmd.SysProcAttr = &syscall.SysProcAttr{ 20 | Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS | 21 | syscall.CLONE_NEWNET | syscall.CLONE_NEWIPC, 22 | } 23 | if tty { 24 | cmd.Stdin = os.Stdin 25 | cmd.Stdout = os.Stdout 26 | cmd.Stderr = os.Stderr 27 | } else { 28 | // 把日志输出到文件里 29 | logDir := path.Join(common.DefaultContainerInfoPath, containerName) 30 | if _, err := os.Stat(logDir); err != nil && os.IsNotExist(err) { 31 | err := os.MkdirAll(logDir, os.ModePerm) 32 | if err != nil { 33 | logrus.Errorf("mkdir container log, err: %v", err) 34 | } 35 | } 36 | logFileName := path.Join(logDir, common.ContainerLogFileName) 37 | file, err := os.Create(logFileName) 38 | if err != nil { 39 | logrus.Errorf("create log file, err: %v", err) 40 | } 41 | cmd.Stdout = file 42 | } 43 | // 设置额外文件句柄 44 | cmd.ExtraFiles = []*os.File{ 45 | readPipe, 46 | } 47 | // 设置环境变量 48 | cmd.Env = append(os.Environ(), envs...) 49 | err := NewWorkSpace(volume, containerName, imageName) 50 | if err != nil { 51 | logrus.Errorf("new work space, err: %v", err) 52 | } 53 | // 指定容器初始化后的工作目录 54 | cmd.Dir = common.MntPath 55 | return cmd, writePipe 56 | } 57 | -------------------------------------------------------------------------------- /container/remove.go: -------------------------------------------------------------------------------- 1 | package container 2 | 3 | import ( 4 | "os" 5 | "path" 6 | 7 | "github.com/sirupsen/logrus" 8 | 9 | "go-docker/common" 10 | ) 11 | 12 | // 删除容器 13 | func RemoveContainer(containerName string) { 14 | info, err := getContainerInfo(containerName) 15 | if err != nil { 16 | logrus.Errorf("get container info, err: %v", err) 17 | return 18 | } 19 | // 只能删除停止状态的容器 20 | if info.Status != common.Stop { 21 | logrus.Errorf("can't remove running container") 22 | return 23 | } 24 | dir := path.Join(common.DefaultContainerInfoPath, containerName) 25 | err = os.RemoveAll(dir) 26 | if err != nil { 27 | logrus.Errorf("remove container dir: %s, err: %v", dir, err) 28 | return 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /container/stop.go: -------------------------------------------------------------------------------- 1 | package container 2 | 3 | import ( 4 | "encoding/json" 5 | "io/ioutil" 6 | "path" 7 | "strconv" 8 | "syscall" 9 | 10 | "github.com/sirupsen/logrus" 11 | 12 | "go-docker/common" 13 | ) 14 | 15 | // 停止容器,修改容器状态 16 | func StopContainer(containerName string) { 17 | info, err := getContainerInfo(containerName) 18 | if err != nil { 19 | logrus.Errorf("get container info, err: %v", err) 20 | return 21 | } 22 | if info.Pid != "" { 23 | pid, _ := strconv.Atoi(info.Pid) 24 | // 杀死进程 25 | if err := syscall.Kill(pid, syscall.SIGTERM); err != nil { 26 | logrus.Errorf("stop container, pid: %d, err: %v", pid, err) 27 | return 28 | } 29 | // 修改容器状态 30 | info.Status = common.Stop 31 | info.Pid = "" 32 | bs, _ := json.Marshal(info) 33 | fileName := path.Join(common.DefaultContainerInfoPath, containerName, common.ContainerInfoFileName) 34 | err := ioutil.WriteFile(fileName, bs, 0622) 35 | if err != nil { 36 | logrus.Errorf("write container config.json, err: %v", err) 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /container/workspace.go: -------------------------------------------------------------------------------- 1 | package container 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "os/exec" 7 | "path" 8 | "strings" 9 | 10 | "github.com/sirupsen/logrus" 11 | 12 | "go-docker/common" 13 | ) 14 | 15 | // 创建容器运行时目录 16 | func NewWorkSpace(volume, containerName, imageName string) error { 17 | // 1. 创建只读层 18 | err := createReadOnlyLayer(imageName) 19 | if err != nil { 20 | logrus.Errorf("create read only layer, err: %v", err) 21 | return err 22 | } 23 | // 2. 创建读写层 24 | err = createWriteLayer(containerName) 25 | if err != nil { 26 | logrus.Errorf("create write layer, err: %v", err) 27 | return err 28 | } 29 | // 3. 创建挂载点,将只读层和读写层挂载到指定位置 30 | err = CreateMountPoint(containerName, imageName) 31 | if err != nil { 32 | logrus.Errorf("create mount point, err: %v", err) 33 | return err 34 | } 35 | // 4. 设置宿主机与容器文件映射 36 | mountVolume(containerName, imageName, volume) 37 | return nil 38 | } 39 | 40 | // 根据镜像创建只读层 41 | func createReadOnlyLayer(imageName string) error { 42 | imagePath := path.Join(common.RootPath, imageName) 43 | _, err := os.Stat(imagePath) 44 | if err != nil && os.IsNotExist(err) { 45 | err := os.MkdirAll(imagePath, os.ModePerm) 46 | if err != nil { 47 | logrus.Errorf("mkdir image path, err: %v", err) 48 | return err 49 | } 50 | } 51 | // 解压 /root/imageName.tar 52 | imageTarPath := path.Join(common.RootPath, fmt.Sprintf("%s.tar", imageName)) 53 | if _, err = exec.Command("tar", "-xvf", imageTarPath, "-C", imagePath).CombinedOutput(); err != nil { 54 | logrus.Errorf("tar image tar,path: %s, err: %v", imageTarPath, err) 55 | return err 56 | } 57 | return nil 58 | } 59 | 60 | // 创建读写层 61 | func createWriteLayer(containerName string) error { 62 | writeLayerPath := path.Join(common.RootPath, common.WriteLayer, containerName) 63 | _, err := os.Stat(writeLayerPath) 64 | if err != nil && os.IsNotExist(err) { 65 | err = os.MkdirAll(writeLayerPath, os.ModePerm) 66 | if err != nil { 67 | logrus.Errorf("mkdir write layer, err: %v", err) 68 | return err 69 | } 70 | } 71 | return nil 72 | } 73 | 74 | func CreateMountPoint(containerName, imageName string) error { 75 | mntPath := path.Join(common.MntPath, containerName) 76 | _, err := os.Stat(mntPath) 77 | if err != nil && os.IsNotExist(err) { 78 | err := os.MkdirAll(mntPath, os.ModePerm) 79 | if err != nil { 80 | logrus.Errorf("mkdir mnt path, err: %v", err) 81 | return err 82 | } 83 | } 84 | 85 | // 将宿主机上关于容器的读写层和只读层挂载到 /root/mnt/容器名 里 86 | writeLayPath := path.Join(common.RootPath, common.WriteLayer, containerName) 87 | imagePath := path.Join(common.RootPath, imageName) 88 | dirs := fmt.Sprintf("dirs=%s:%s", writeLayPath, imagePath) 89 | cmd := exec.Command("mount", "-t", "aufs", "-o", dirs, "none", mntPath) 90 | if err := cmd.Run(); err != nil { 91 | logrus.Errorf("mnt cmd run, err: %v", err) 92 | return err 93 | } 94 | return nil 95 | } 96 | 97 | func mountVolume(containerName, imageName, volume string) { 98 | if volume != "" { 99 | volumes := strings.Split(volume, ":") 100 | if len(volumes) > 1 { 101 | // 创建宿主机中文件路径 102 | parentPath := volumes[0] 103 | if _, err := os.Stat(parentPath); err != nil && os.IsNotExist(err) { 104 | if err := os.MkdirAll(parentPath, os.ModePerm); err != nil { 105 | logrus.Errorf("mkdir parent path: %s, err: %v", parentPath, err) 106 | } 107 | } 108 | 109 | // 创建容器内挂载点 110 | containerPath := volumes[1] 111 | containerVolumePath := path.Join(common.MntPath, containerName, containerPath) 112 | if _, err := os.Stat(containerVolumePath); err != nil && os.IsNotExist(err) { 113 | if err := os.MkdirAll(containerVolumePath, os.ModePerm); err != nil { 114 | logrus.Errorf("mkdir volume path path: %s, err: %v", containerVolumePath, err) 115 | } 116 | } 117 | 118 | // 把宿主机文件目录挂载到容器挂载点中 119 | dirs := fmt.Sprintf("dirs=%s", parentPath) 120 | cmd := exec.Command("mount", "-t", "aufs", "-o", dirs, "none", containerVolumePath) 121 | cmd.Stdout = os.Stdout 122 | cmd.Stderr = os.Stderr 123 | if err := cmd.Run(); err != nil { 124 | logrus.Errorf("mount cmd run, err: %v", err) 125 | } 126 | } 127 | } 128 | } 129 | 130 | // 删除容器工作空间 131 | func DeleteWorkSpace(containerName, volume string) error { 132 | // 1. 卸载挂载点 133 | err := unMountPoint(containerName) 134 | if err != nil { 135 | return err 136 | } 137 | // 2. 删除读写层 138 | err = deleteWriteLayer(containerName) 139 | if err != nil { 140 | return err 141 | } 142 | // 3. 删除宿主机与文件系统映射 143 | deleteVolume(containerName, volume) 144 | return nil 145 | } 146 | 147 | func unMountPoint(containerName string) error { 148 | mntPath := path.Join(common.MntPath, containerName) 149 | if _, err := exec.Command("umount", mntPath).CombinedOutput(); err != nil { 150 | logrus.Errorf("unmount mnt, err: %v", err) 151 | return err 152 | } 153 | err := os.RemoveAll(mntPath) 154 | if err != nil { 155 | logrus.Errorf("remove mnt path, err: %v", err) 156 | return err 157 | } 158 | return nil 159 | } 160 | 161 | func deleteWriteLayer(containerName string) error { 162 | writerLayerPath := path.Join(common.RootPath, common.WriteLayer, containerName) 163 | return os.RemoveAll(writerLayerPath) 164 | } 165 | 166 | func deleteVolume(containerName, volume string) { 167 | if volume != "" { 168 | volumes := strings.Split(volume, ":") 169 | if len(volumes) > 1 { 170 | mntPath := path.Join(common.MntPath, common.WriteLayer, containerName) 171 | containerPath := path.Join(mntPath, volumes[1]) 172 | if _, err := exec.Command("umount", containerPath).CombinedOutput(); err != nil { 173 | logrus.Errorf("unmount container path, err: %v", err) 174 | } 175 | } 176 | } 177 | } 178 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module go-docker 2 | 3 | go 1.13 4 | 5 | require ( 6 | github.com/sirupsen/logrus v1.4.2 7 | github.com/urfave/cli v1.22.2 8 | github.com/vishvananda/netlink v1.1.0 9 | github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df 10 | ) 11 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 2 | github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY= 3 | github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= 4 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 5 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 6 | github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= 7 | github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= 8 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 9 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 10 | github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= 11 | github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= 12 | github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= 13 | github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= 14 | github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= 15 | github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= 16 | github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 17 | github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= 18 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= 19 | github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= 20 | github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= 21 | github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0= 22 | github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= 23 | github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k= 24 | github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= 25 | golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc= 26 | golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 27 | golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444 h1:/d2cWp6PSamH4jDPFLyO150psQdqvtoNX8Zjg3AQ31g= 28 | golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 29 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 30 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 31 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | 6 | "github.com/sirupsen/logrus" 7 | "github.com/urfave/cli" 8 | 9 | _ "go-docker/nsenter" 10 | ) 11 | 12 | const usage = `go-docker` 13 | 14 | func main() { 15 | app := cli.NewApp() 16 | app.Name = "go-docker" 17 | app.Usage = usage 18 | 19 | app.Commands = []cli.Command{ 20 | runCommand, 21 | initCommand, 22 | commitCommand, 23 | listCommand, 24 | logCommand, 25 | execCommand, 26 | stopCommand, 27 | removeCommand, 28 | networkCommand, 29 | } 30 | app.Before = func(context *cli.Context) error { 31 | logrus.SetFormatter(&logrus.JSONFormatter{}) 32 | logrus.SetOutput(os.Stdout) 33 | return nil 34 | } 35 | if err := app.Run(os.Args); err != nil { 36 | logrus.Fatal(err) 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /network/bridge.go: -------------------------------------------------------------------------------- 1 | package network 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "os/exec" 7 | "strings" 8 | "time" 9 | 10 | "github.com/sirupsen/logrus" 11 | "github.com/vishvananda/netlink" 12 | ) 13 | 14 | // 桥接驱动 15 | type BridgeNetworkDriver struct { 16 | } 17 | 18 | func (d *BridgeNetworkDriver) Name() string { 19 | return "bridge" 20 | } 21 | 22 | func (d *BridgeNetworkDriver) Create(subnet string, name string) (*Network, error) { 23 | ip, ipRange, _ := net.ParseCIDR(subnet) 24 | ipRange.IP = ip 25 | n := &Network{ 26 | Name: name, 27 | IpRange: ipRange, 28 | Driver: d.Name(), 29 | } 30 | err := d.initBridge(n) 31 | if err != nil { 32 | logrus.Errorf("error init bridge: %v", err) 33 | return nil, err 34 | } 35 | 36 | return n, err 37 | } 38 | 39 | func (d *BridgeNetworkDriver) Delete(network Network) error { 40 | bridgeName := network.Name 41 | br, err := netlink.LinkByName(bridgeName) 42 | if err != nil { 43 | return err 44 | } 45 | return netlink.LinkDel(br) 46 | } 47 | 48 | func (d *BridgeNetworkDriver) Connect(network *Network, endpoint *Endpoint) error { 49 | bridgeName := network.Name 50 | br, err := netlink.LinkByName(bridgeName) 51 | if err != nil { 52 | return err 53 | } 54 | 55 | la := netlink.NewLinkAttrs() 56 | la.Name = endpoint.ID[:5] 57 | la.MasterIndex = br.Attrs().Index 58 | 59 | endpoint.Device = netlink.Veth{ 60 | LinkAttrs: la, 61 | PeerName: "cif-" + endpoint.ID[:5], 62 | } 63 | 64 | if err = netlink.LinkAdd(&endpoint.Device); err != nil { 65 | logrus.Errorf("add endpoint device, err: %v", err) 66 | return err 67 | } 68 | 69 | if err = netlink.LinkSetUp(&endpoint.Device); err != nil { 70 | logrus.Errorf("add endpoint device: %v", err) 71 | return err 72 | } 73 | return nil 74 | } 75 | 76 | func (d *BridgeNetworkDriver) Disconnect(network Network, endpoint *Endpoint) error { 77 | return nil 78 | } 79 | 80 | func (d *BridgeNetworkDriver) initBridge(n *Network) error { 81 | // try to get bridge by name, if it already exists then just exit 82 | bridgeName := n.Name 83 | if err := createBridgeInterface(bridgeName); err != nil { 84 | logrus.Errorf("add bridge: %s, err: %v", bridgeName, err) 85 | return err 86 | } 87 | 88 | // Set bridge IP 89 | gatewayIP := *n.IpRange 90 | gatewayIP.IP = n.IpRange.IP 91 | 92 | if err := setInterfaceIP(bridgeName, gatewayIP.String()); err != nil { 93 | logrus.Errorf("assigning address: %s on bridge: %s with an error: %v", gatewayIP, bridgeName, err) 94 | return err 95 | } 96 | 97 | if err := setInterfaceUP(bridgeName); err != nil { 98 | logrus.Errorf("set bridge up: %s, err: %v", bridgeName, err) 99 | return err 100 | } 101 | 102 | // Setup iptables 103 | if err := setupIPTables(bridgeName, n.IpRange); err != nil { 104 | logrus.Errorf("setting iptables for %s, err: %v", bridgeName, err) 105 | return err 106 | } 107 | 108 | return nil 109 | } 110 | 111 | // deleteBridge deletes the bridge 112 | func (d *BridgeNetworkDriver) deleteBridge(n *Network) error { 113 | bridgeName := n.Name 114 | 115 | // get the link 116 | l, err := netlink.LinkByName(bridgeName) 117 | if err != nil { 118 | logrus.Errorf("get link with name %s failed: %v", bridgeName, err) 119 | return err 120 | } 121 | 122 | // delete the link 123 | if err := netlink.LinkDel(l); err != nil { 124 | logrus.Errorf("remove bridge interface %s, err: %v", bridgeName, err) 125 | return err 126 | } 127 | 128 | return nil 129 | } 130 | 131 | func createBridgeInterface(bridgeName string) error { 132 | _, err := net.InterfaceByName(bridgeName) 133 | if err == nil || !strings.Contains(err.Error(), "no such network interface") { 134 | return err 135 | } 136 | 137 | // create *netlink.Bridge object 138 | la := netlink.NewLinkAttrs() 139 | la.Name = bridgeName 140 | 141 | br := &netlink.Bridge{LinkAttrs: la} 142 | if err := netlink.LinkAdd(br); err != nil { 143 | logrus.Errorf("bridge creation failed for bridge %s, err: %v", bridgeName, err) 144 | return err 145 | } 146 | return nil 147 | } 148 | 149 | func setInterfaceUP(interfaceName string) error { 150 | iface, err := netlink.LinkByName(interfaceName) 151 | if err != nil { 152 | logrus.Errorf("retrieving a link, err: %v", err) 153 | return err 154 | } 155 | 156 | if err := netlink.LinkSetUp(iface); err != nil { 157 | logrus.Errorf("enabling interface for %s, err: %v", interfaceName, err) 158 | return err 159 | } 160 | return nil 161 | } 162 | 163 | // Set the IP addr of a netlink interface 164 | func setInterfaceIP(name string, rawIP string) error { 165 | retries := 2 166 | var iface netlink.Link 167 | var err error 168 | for i := 0; i < retries; i++ { 169 | iface, err = netlink.LinkByName(name) 170 | if err == nil { 171 | break 172 | } 173 | logrus.Debugf("error retrieving new bridge netlink link [ %s ]... retrying", name) 174 | time.Sleep(2 * time.Second) 175 | } 176 | if err != nil { 177 | logrus.Errorf("abandoning retrieving the new bridge link from netlink, Run [ ip link ] to troubleshoot the error: %v", err) 178 | return err 179 | } 180 | ipNet, err := netlink.ParseIPNet(rawIP) 181 | if err != nil { 182 | return err 183 | } 184 | addr := &netlink.Addr{IPNet: ipNet, Peer: ipNet, Label: "", Flags: 0, Scope: 0, Broadcast: nil} 185 | return netlink.AddrAdd(iface, addr) 186 | } 187 | 188 | func setupIPTables(bridgeName string, subnet *net.IPNet) error { 189 | iptablesCmd := fmt.Sprintf("-t nat -A POSTROUTING -s %s ! -o %s -j MASQUERADE", subnet.String(), bridgeName) 190 | cmd := exec.Command("iptables", strings.Split(iptablesCmd, " ")...) 191 | //err := cmd.Run() 192 | output, err := cmd.Output() 193 | if err != nil { 194 | logrus.Errorf("iptables output: %v, err: %v", output, err) 195 | return err 196 | } 197 | return nil 198 | } 199 | -------------------------------------------------------------------------------- /network/bridge_test.go: -------------------------------------------------------------------------------- 1 | package network 2 | 3 | import ( 4 | "go-docker/container" 5 | "testing" 6 | ) 7 | 8 | func TestBridgeInit(t *testing.T) { 9 | d := BridgeNetworkDriver{} 10 | _, err := d.Create("192.168.0.1/24", "test-bridge") 11 | t.Logf("err: %v", err) 12 | } 13 | 14 | func TestBridgeConnect(t *testing.T) { 15 | ep := Endpoint{ 16 | ID: "test container", 17 | } 18 | 19 | n := Network{ 20 | Name: "test-bridge", 21 | } 22 | 23 | d := BridgeNetworkDriver{} 24 | err := d.Connect(&n, &ep) 25 | t.Logf("err: %v", err) 26 | } 27 | 28 | func TestNetworkConnect(t *testing.T) { 29 | 30 | cInfo := &container.ContainerInfo{ 31 | Id: "test-container", 32 | Pid: "15438", 33 | } 34 | 35 | d := BridgeNetworkDriver{} 36 | n, err := d.Create("192.168.0.1/24", "test-bridge") 37 | t.Logf("err: %v", n) 38 | 39 | Init() 40 | 41 | networks[n.Name] = n 42 | err = Connect(n.Name, cInfo) 43 | t.Logf("err: %v", err) 44 | } 45 | 46 | func TestLoad(t *testing.T) { 47 | n := Network{ 48 | Name: "test-bridge", 49 | } 50 | n.load("/var/run/go-docker/network/network/testbridge") 51 | 52 | t.Logf("network: %v", n) 53 | } 54 | -------------------------------------------------------------------------------- /network/ipam.go: -------------------------------------------------------------------------------- 1 | package network 2 | 3 | import ( 4 | "encoding/json" 5 | "net" 6 | "os" 7 | "path" 8 | "strings" 9 | 10 | "github.com/sirupsen/logrus" 11 | 12 | "go-docker/common" 13 | ) 14 | 15 | // 网络IP地址的分配与释放 16 | type IPAM struct { 17 | SubnetAllocatorPath string 18 | Subnets *map[string]string 19 | } 20 | 21 | var ipAllocator = &IPAM{ 22 | SubnetAllocatorPath: common.DefaultAllocatorPath, 23 | } 24 | 25 | // 从文件里加载对象信息 26 | func (ipam *IPAM) load() error { 27 | if _, err := os.Stat(ipam.SubnetAllocatorPath); err != nil { 28 | return err 29 | } 30 | file, err := os.Open(ipam.SubnetAllocatorPath) 31 | if err != nil { 32 | return err 33 | } 34 | defer file.Close() 35 | 36 | bs := make([]byte, 2000) 37 | n, err := file.Read(bs) 38 | if err != nil { 39 | return err 40 | } 41 | 42 | return json.Unmarshal(bs[:n], ipam.Subnets) 43 | } 44 | 45 | // 将对象信息保存到文件里 46 | func (ipam *IPAM) dump() error { 47 | ipamConfigFileDir, _ := path.Split(ipam.SubnetAllocatorPath) 48 | if _, err := os.Stat(ipamConfigFileDir); err != nil && os.IsNotExist(err) { 49 | if err := os.MkdirAll(ipamConfigFileDir, os.ModePerm); err != nil { 50 | return err 51 | } 52 | } 53 | 54 | file, err := os.OpenFile(ipam.SubnetAllocatorPath, os.O_TRUNC|os.O_WRONLY|os.O_CREATE, 0644) 55 | if err != nil { 56 | return err 57 | } 58 | defer file.Close() 59 | 60 | bs, _ := json.Marshal(ipam.Subnets) 61 | 62 | _, err = file.Write(bs) 63 | if err != nil { 64 | return err 65 | } 66 | 67 | return nil 68 | } 69 | 70 | // 从指定的subnet网段中分配IP地址 71 | func (ipam *IPAM) Allocate(subnet *net.IPNet) (ip net.IP, err error) { 72 | // 存放网段中地址分配信息的数组 73 | ipam.Subnets = &map[string]string{} 74 | // 从文件中加载已经分配的网段信息 75 | err = ipam.load() 76 | if err != nil { 77 | logrus.Errorf("dump allocation info, err: %v", err) 78 | return nil, err 79 | } 80 | 81 | _, subnet, err = net.ParseCIDR(subnet.String()) 82 | if err != nil { 83 | return nil, err 84 | } 85 | 86 | one, size := subnet.Mask.Size() 87 | 88 | if _, exist := (*ipam.Subnets)[subnet.String()]; !exist { 89 | (*ipam.Subnets)[subnet.String()] = strings.Repeat("0", 1< 0; t -= 1 { 99 | []byte(ip)[4-t] += uint8(c >> ((t - 1) * 8)) 100 | } 101 | ip[3] += 1 102 | break 103 | } 104 | } 105 | 106 | err = ipam.dump() 107 | if err != nil { 108 | logrus.Errorf("allocate ip, dump ipam info, err: %v", err) 109 | return nil, err 110 | } 111 | 112 | return 113 | } 114 | 115 | // 从指定的subnet网段中释放指定的IP地址 116 | func (ipam *IPAM) Release(subnet *net.IPNet, ipaddr *net.IP) error { 117 | ipam.Subnets = &map[string]string{} 118 | 119 | _, subnet, err := net.ParseCIDR(subnet.String()) 120 | if err != nil { 121 | return err 122 | } 123 | 124 | err = ipam.load() 125 | if err != nil { 126 | logrus.Errorf("dump allocation info, err: %v", err) 127 | return err 128 | } 129 | 130 | c := 0 131 | releaseIP := ipaddr.To4() 132 | releaseIP[3] -= 1 133 | for t := uint(4); t > 0; t -= 1 { 134 | c += int(releaseIP[t-1]-subnet.IP[t-1]) << ((4 - t) * 8) 135 | } 136 | 137 | ipalloc := []byte((*ipam.Subnets)[subnet.String()]) 138 | ipalloc[c] = '0' 139 | (*ipam.Subnets)[subnet.String()] = string(ipalloc) 140 | 141 | err = ipam.dump() 142 | if err != nil { 143 | logrus.Errorf("release ip, dump ipam info, err: %v", err) 144 | } 145 | return nil 146 | } 147 | -------------------------------------------------------------------------------- /network/ipam_test.go: -------------------------------------------------------------------------------- 1 | package network 2 | 3 | import ( 4 | "net" 5 | "testing" 6 | ) 7 | 8 | func TestAllocate(t *testing.T) { 9 | _, ipnet, _ := net.ParseCIDR("192.168.0.1/24") 10 | ip, _ := ipAllocator.Allocate(ipnet) 11 | t.Logf("alloc ip: %v", ip) 12 | } 13 | 14 | func TestRelease(t *testing.T) { 15 | ip, ipnet, _ := net.ParseCIDR("192.168.0.1/24") 16 | ipAllocator.Release(ipnet, &ip) 17 | } 18 | -------------------------------------------------------------------------------- /network/netwrok.go: -------------------------------------------------------------------------------- 1 | package network 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | "net" 7 | "os" 8 | "os/exec" 9 | "path" 10 | "path/filepath" 11 | "runtime" 12 | "strings" 13 | "text/tabwriter" 14 | 15 | "github.com/sirupsen/logrus" 16 | "github.com/vishvananda/netlink" 17 | "github.com/vishvananda/netns" 18 | 19 | "go-docker/common" 20 | "go-docker/container" 21 | ) 22 | 23 | var ( 24 | drivers = map[string]NetworkDriver{} 25 | networks = map[string]*Network{} 26 | ) 27 | 28 | // 网络 29 | type Network struct { 30 | Name string 31 | IpRange *net.IPNet 32 | Driver string 33 | } 34 | 35 | // 网络端点 36 | type Endpoint struct { 37 | ID string `json:"id"` 38 | Device netlink.Veth `json:"dev"` 39 | IPAddress net.IP `json:"ip"` 40 | MacAddress net.HardwareAddr `json:"mac"` 41 | Network *Network 42 | PortMapping []string 43 | } 44 | 45 | // 网络驱动接口 46 | type NetworkDriver interface { 47 | // 驱动名 48 | Name() string 49 | // 创建网络 50 | Create(subnet string, name string) (*Network, error) 51 | // 删除网络 52 | Delete(network Network) error 53 | // 连接容器网络端点到网络 54 | Connect(network *Network, endpoint *Endpoint) error 55 | // 从网络上移除容器网络端点 56 | Disconnect(network Network, endpoint *Endpoint) error 57 | } 58 | 59 | func (nw *Network) dump(dumpPath string) error { 60 | if _, err := os.Stat(dumpPath); err != nil && os.IsNotExist(err) { 61 | err = os.MkdirAll(dumpPath, os.ModePerm) 62 | if err != nil { 63 | return err 64 | } 65 | } 66 | 67 | nwPath := path.Join(dumpPath, nw.Name) 68 | nwFile, err := os.OpenFile(nwPath, os.O_TRUNC|os.O_WRONLY|os.O_CREATE, 0644) 69 | if err != nil { 70 | logrus.Errorf("error:", err) 71 | return err 72 | } 73 | defer nwFile.Close() 74 | 75 | nwJson, _ := json.Marshal(nw) 76 | _, err = nwFile.Write(nwJson) 77 | if err != nil { 78 | logrus.Errorf("write network file, error: %v", err) 79 | return err 80 | } 81 | return nil 82 | } 83 | 84 | func (nw *Network) remove(dumpPath string) error { 85 | if _, err := os.Stat(path.Join(dumpPath, nw.Name)); err != nil && os.IsNotExist(err) { 86 | return nil 87 | } 88 | return os.Remove(path.Join(dumpPath, nw.Name)) 89 | } 90 | 91 | func (nw *Network) load(dumpPath string) error { 92 | nwConfigFile, err := os.Open(dumpPath) 93 | if err != nil { 94 | return err 95 | } 96 | defer nwConfigFile.Close() 97 | 98 | nwJson := make([]byte, 2000) 99 | n, err := nwConfigFile.Read(nwJson) 100 | if err != nil { 101 | return err 102 | } 103 | 104 | err = json.Unmarshal(nwJson[:n], nw) 105 | if err != nil { 106 | logrus.Errorf("json unmarshal nw info, err: %v", err) 107 | return err 108 | } 109 | return nil 110 | } 111 | 112 | // 初始化网络驱动 113 | func Init() error { 114 | var bridgeDriver = BridgeNetworkDriver{} 115 | drivers[bridgeDriver.Name()] = &bridgeDriver 116 | 117 | if _, err := os.Stat(common.DefaultNetworkPath); err != nil && os.IsNotExist(err) { 118 | if err = os.MkdirAll(common.DefaultNetworkPath, os.ModePerm); err != nil { 119 | return err 120 | } 121 | } 122 | // 递归遍历目录 123 | err := filepath.Walk(common.DefaultNetworkPath, func(nwPath string, info os.FileInfo, err error) error { 124 | if strings.HasSuffix(nwPath, "/") { 125 | return nil 126 | } 127 | _, nwName := path.Split(nwPath) 128 | nw := &Network{ 129 | Name: nwName, 130 | } 131 | 132 | if err := nw.load(nwPath); err != nil { 133 | logrus.Errorf("error load network: %s", err) 134 | } 135 | 136 | networks[nwName] = nw 137 | return nil 138 | }) 139 | 140 | if err != nil { 141 | logrus.Errorf("file path walk, err: %v", err) 142 | return err 143 | } 144 | logrus.Infof("networks: %v", networks) 145 | 146 | return nil 147 | } 148 | 149 | // 创建网络 150 | func CreateNetwork(driver, subnet, name string) error { 151 | _, ipNet, err := net.ParseCIDR(subnet) 152 | if err != nil { 153 | logrus.Errorf("parse cidr, err: %v", err) 154 | return err 155 | } 156 | // 分配一个IP地址 157 | ip, err := ipAllocator.Allocate(ipNet) 158 | if err != nil { 159 | logrus.Errorf("allocate ip, err: %v", err) 160 | } 161 | ipNet.IP = ip 162 | 163 | // 创建网络 164 | nw, err := drivers[driver].Create(ipNet.String(), name) 165 | if err != nil { 166 | return err 167 | } 168 | 169 | // 将对象保存到文件中 170 | err = nw.dump(common.DefaultNetworkPath) 171 | if err != nil { 172 | logrus.Errorf("dump network, err: %v", err) 173 | return err 174 | } 175 | return nil 176 | } 177 | 178 | // 连接网络 179 | func Connect(networkName string, containerInfo *container.ContainerInfo) error { 180 | network, ok := networks[networkName] 181 | if !ok { 182 | return fmt.Errorf("no Such network: %s", networkName) 183 | } 184 | 185 | // 分配容器IP地址 186 | ip, err := ipAllocator.Allocate(network.IpRange) 187 | if err != nil { 188 | return err 189 | } 190 | 191 | // 创建网络端点 192 | ep := &Endpoint{ 193 | ID: fmt.Sprintf("%s-%s", containerInfo.Id, networkName), 194 | IPAddress: ip, 195 | Network: network, 196 | PortMapping: containerInfo.PortMapping, 197 | } 198 | // 调用网络驱动挂载和配置网络端点 199 | if err = drivers[network.Driver].Connect(network, ep); err != nil { 200 | return err 201 | } 202 | // 给容器的namespace配置容器网络设备IP地址 203 | if err = configEndpointIpAddressAndRoute(ep, containerInfo); err != nil { 204 | return err 205 | } 206 | 207 | // 配置端口映射 208 | err = configPortMapping(ep, containerInfo) 209 | if err != nil { 210 | logrus.Errorf("config port mapping, err: %v", err) 211 | return err 212 | } 213 | return nil 214 | } 215 | 216 | // 给容器的namespace配置容器网络设备IP地址 217 | func configEndpointIpAddressAndRoute(ep *Endpoint, cinfo *container.ContainerInfo) error { 218 | peerLink, err := netlink.LinkByName(ep.Device.PeerName) 219 | if err != nil { 220 | logrus.Errorf("fail config endpoint: %v", err) 221 | return err 222 | } 223 | defer enterContainerNetns(&peerLink, cinfo)() 224 | 225 | interfaceIP := *ep.Network.IpRange 226 | interfaceIP.IP = ep.IPAddress 227 | 228 | if err = setInterfaceIP(ep.Device.PeerName, interfaceIP.String()); err != nil { 229 | return fmt.Errorf("%v,%s", ep.Network, err) 230 | } 231 | 232 | if err = setInterfaceUP(ep.Device.PeerName); err != nil { 233 | return err 234 | } 235 | 236 | if err = setInterfaceUP("lo"); err != nil { 237 | return err 238 | } 239 | 240 | _, cidr, _ := net.ParseCIDR("0.0.0.0/0") 241 | 242 | defaultRoute := &netlink.Route{ 243 | LinkIndex: peerLink.Attrs().Index, 244 | Gw: ep.Network.IpRange.IP, 245 | Dst: cidr, 246 | } 247 | 248 | if err = netlink.RouteAdd(defaultRoute); err != nil { 249 | return err 250 | } 251 | 252 | return nil 253 | } 254 | 255 | func enterContainerNetns(enLink *netlink.Link, cinfo *container.ContainerInfo) func() { 256 | f, err := os.OpenFile(fmt.Sprintf("/proc/%s/ns/net", cinfo.Pid), os.O_RDONLY, 0) 257 | if err != nil { 258 | logrus.Errorf("error get container net namespace, %v", err) 259 | } 260 | 261 | nsFD := f.Fd() 262 | runtime.LockOSThread() 263 | 264 | // 修改veth peer 另外一端移到容器的namespace中 265 | if err = netlink.LinkSetNsFd(*enLink, int(nsFD)); err != nil { 266 | logrus.Errorf("set link netns, err: %v", err) 267 | } 268 | 269 | // 获取当前的网络namespace 270 | origns, err := netns.Get() 271 | if err != nil { 272 | logrus.Errorf("get current netns, err: %v", err) 273 | } 274 | 275 | // 设置当前进程到新的网络namespace,并在函数执行完成之后再恢复到之前的namespace 276 | if err = netns.Set(netns.NsHandle(nsFD)); err != nil { 277 | logrus.Errorf("error set netns, %v", err) 278 | } 279 | return func() { 280 | netns.Set(origns) 281 | origns.Close() 282 | runtime.UnlockOSThread() 283 | f.Close() 284 | } 285 | } 286 | 287 | // 配置端口映射关系 288 | func configPortMapping(ep *Endpoint, cinfo *container.ContainerInfo) error { 289 | for _, pm := range ep.PortMapping { 290 | portMapping := strings.Split(pm, ":") 291 | if len(portMapping) != 2 { 292 | logrus.Errorf("port mapping format error, %v", pm) 293 | continue 294 | } 295 | iptablesCmd := fmt.Sprintf("-t nat -A PREROUTING -p tcp -m tcp --dport %s -j DNAT --to-destination %s:%s", 296 | portMapping[0], ep.IPAddress.String(), portMapping[1]) 297 | cmd := exec.Command("iptables", strings.Split(iptablesCmd, " ")...) 298 | //err := cmd.Run() 299 | output, err := cmd.Output() 300 | if err != nil { 301 | logrus.Errorf("iptables Output, %v", output) 302 | continue 303 | } 304 | } 305 | return nil 306 | } 307 | 308 | // 遍历网络 309 | func ListNetwork() { 310 | w := tabwriter.NewWriter(os.Stdout, 12, 1, 3, ' ', 0) 311 | _, _ = fmt.Fprint(w, "NAME\tIpRange\tDriver\n") 312 | for _, nw := range networks { 313 | _, _ = fmt.Fprintf(w, "%s\t%s\t%s\n", 314 | nw.Name, 315 | nw.IpRange.String(), 316 | nw.Driver, 317 | ) 318 | } 319 | if err := w.Flush(); err != nil { 320 | logrus.Errorf("Flush error %v", err) 321 | return 322 | } 323 | } 324 | 325 | // 删除网络 326 | func DeleteNetwork(networkName string) error { 327 | nw, ok := networks[networkName] 328 | if !ok { 329 | return fmt.Errorf("no Such Network: %s", networkName) 330 | } 331 | 332 | if err := ipAllocator.Release(nw.IpRange, &nw.IpRange.IP); err != nil { 333 | return fmt.Errorf("remove network gateway ip, err: %v", err) 334 | } 335 | 336 | if err := drivers[nw.Driver].Delete(*nw); err != nil { 337 | return fmt.Errorf("remove network driver, err: %v", err) 338 | } 339 | 340 | return nw.remove(common.DefaultNetworkPath) 341 | } 342 | -------------------------------------------------------------------------------- /nsenter/nsenter.go: -------------------------------------------------------------------------------- 1 | package nsenter 2 | 3 | /* 4 | #define _GNU_SOURCE 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | // 一旦这个包被引用,则这个函数就会被自动执行 14 | __attribute__((constructor)) void enter_namespace(void) { 15 | char *docker_pid; 16 | docker_pid = getenv("docker_pid"); 17 | if (docker_pid) { 18 | //fprintf(stdout, "got docker_pid=%s\n", docker_pid); 19 | } else { 20 | //fprintf(stdout, "missing docker_pid env skip nsenter"); 21 | return; 22 | } 23 | char *docker_cmd; 24 | docker_cmd = getenv("docker_cmd"); 25 | if (docker_cmd) { 26 | //fprintf(stdout, "got docker_cmd=%s\n", docker_cmd); 27 | } else { 28 | //fprintf(stdout, "missing docker_cmd env skip nsenter"); 29 | return; 30 | } 31 | int i; 32 | char nspath[1024]; 33 | char *namespaces[] = { "ipc", "uts", "net", "pid", "mnt" }; 34 | for (i=0; i<5; i++) { 35 | sprintf(nspath, "/proc/%s/ns/%s", docker_pid, namespaces[i]); 36 | int fd = open(nspath, O_RDONLY); 37 | // 调用setns系统调用,进入对应的 namespace 38 | if (setns(fd, 0) == -1) { 39 | //fprintf(stderr, "setns on %s namespace failed: %s\n", namespaces[i], strerror(errno)); 40 | } else { 41 | //fprintf(stdout, "setns on %s namespace succeeded\n", namespaces[i]); 42 | } 43 | close(fd); 44 | } 45 | int res = system(docker_cmd); 46 | exit(0); 47 | return; 48 | } 49 | */ 50 | import "C" 51 | -------------------------------------------------------------------------------- /run.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "go-docker/network" 5 | "os" 6 | "strconv" 7 | "strings" 8 | 9 | "github.com/sirupsen/logrus" 10 | 11 | "go-docker/cgroups" 12 | "go-docker/cgroups/subsystem" 13 | "go-docker/container" 14 | ) 15 | 16 | func Run(cmdArray []string, tty bool, res *subsystem.ResourceConfig, containerName, imageName, volume, net string, envs, ports []string) { 17 | containerID := container.GenContainerID(10) 18 | if containerName == "" { 19 | containerName = containerID 20 | } 21 | parent, writePipe := container.NewParentProcess(tty, volume, containerName, imageName, envs) 22 | if parent == nil { 23 | logrus.Errorf("failed to new parent process") 24 | return 25 | } 26 | if err := parent.Start(); err != nil { 27 | logrus.Errorf("parent start failed, err: %v", err) 28 | return 29 | } 30 | // 记录容器信息 31 | err := container.RecordContainerInfo(parent.Process.Pid, cmdArray, containerName, containerID) 32 | if err != nil { 33 | logrus.Errorf("record container info, err: %v", err) 34 | } 35 | 36 | // 添加资源限制 37 | cgroupMananger := cgroups.NewCGroupManager("go-docker") 38 | // 删除资源限制 39 | defer cgroupMananger.Destroy() 40 | // 设置资源限制 41 | cgroupMananger.Set(res) 42 | // 将容器进程,加入到各个subsystem挂载对应的cgroup中 43 | cgroupMananger.Apply(parent.Process.Pid) 44 | 45 | // 设置网络 46 | if net != "" { 47 | // 初始化容器网络 48 | err = network.Init() 49 | if err != nil { 50 | logrus.Errorf("network init failed, err: %v", err) 51 | return 52 | } 53 | containerInfo := &container.ContainerInfo{ 54 | Id: containerID, 55 | Pid: strconv.Itoa(parent.Process.Pid), 56 | Name: containerName, 57 | PortMapping: ports, 58 | } 59 | if err := network.Connect(net, containerInfo); err != nil { 60 | logrus.Errorf("connect network, err: %v", err) 61 | return 62 | } 63 | } 64 | 65 | // 设置初始化命令 66 | sendInitCommand(cmdArray, writePipe) 67 | 68 | if tty { 69 | // 等待父进程结束 70 | err := parent.Wait() 71 | if err != nil { 72 | logrus.Errorf("parent wait, err: %v", err) 73 | } 74 | // 删除容器工作空间 75 | err = container.DeleteWorkSpace(containerName, volume) 76 | if err != nil { 77 | logrus.Errorf("delete work space, err: %v", err) 78 | } 79 | // 删除容器信息 80 | container.DeleteContainerInfo(containerName) 81 | } 82 | } 83 | 84 | func sendInitCommand(comArray []string, writePipe *os.File) { 85 | command := strings.Join(comArray, " ") 86 | logrus.Infof("command all is %s", command) 87 | _, _ = writePipe.WriteString(command) 88 | _ = writePipe.Close() 89 | } 90 | -------------------------------------------------------------------------------- /test/cgroup/memory/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "io/ioutil" 6 | "os" 7 | "os/exec" 8 | "path" 9 | "strconv" 10 | "syscall" 11 | ) 12 | 13 | const ( 14 | // 挂载了 memory subsystem的hierarchy的根目录位置 15 | cgroupMemoryHierarchyMount = "/sys/fs/cgroup/memory" 16 | ) 17 | 18 | func main() { 19 | 20 | if os.Args[0] == "/proc/self/exe" { 21 | //容器进程 22 | fmt.Printf("current pid %d \n", syscall.Getpid()) 23 | 24 | cmd := exec.Command("sh", "-c", "stress --vm-bytes 200m --vm-keep -m 1") 25 | cmd.SysProcAttr = &syscall.SysProcAttr{} 26 | cmd.Stdin = os.Stdin 27 | cmd.Stdout = os.Stdout 28 | cmd.Stderr = os.Stderr 29 | if err := cmd.Run(); err != nil { 30 | panic(err) 31 | } 32 | } 33 | 34 | cmd := exec.Command("/proc/self/exe") 35 | cmd.SysProcAttr = &syscall.SysProcAttr{ 36 | Cloneflags: syscall.CLONE_NEWUTS | syscall.CLONE_NEWPID | syscall.CLONE_NEWNS, 37 | } 38 | cmd.Stdin = os.Stdin 39 | cmd.Stdout = os.Stdout 40 | cmd.Stderr = os.Stderr 41 | err := cmd.Start() 42 | if err != nil { 43 | panic(err) 44 | } 45 | // 得到 fork出来进程映射在外部命名空间的pid 46 | fmt.Printf("%+v", cmd.Process.Pid) 47 | 48 | // 创建子cgroup 49 | newCgroup := path.Join(cgroupMemoryHierarchyMount, "testmemorylimit") 50 | if err := os.Mkdir(newCgroup, 0755); err != nil { 51 | panic(err) 52 | } 53 | // 将容器进程放到子cgroup中 54 | if err := ioutil.WriteFile(path.Join(newCgroup, "tasks"), []byte(strconv.Itoa(cmd.Process.Pid)), 0644); err != nil { 55 | panic(err) 56 | } 57 | // 限制cgroup的内存使用 58 | if err := ioutil.WriteFile(path.Join(newCgroup, "memory.limit_in_bytes"), []byte("100m"), 0644); err != nil { 59 | panic(err) 60 | } 61 | cmd.Process.Wait() 62 | } 63 | -------------------------------------------------------------------------------- /test/namespace/ipc/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | "os/exec" 7 | "syscall" 8 | ) 9 | 10 | /** 11 | ipc namespace 主要是用来隔离 System VIPC 和 POSIX message queues的 12 | */ 13 | func main() { 14 | cmd := exec.Command("sh") 15 | cmd.SysProcAttr = &syscall.SysProcAttr{ 16 | Cloneflags: syscall.CLONE_NEWIPC, 17 | } 18 | cmd.Stdin = os.Stdin 19 | cmd.Stdout = os.Stdout 20 | cmd.Stderr = os.Stderr 21 | 22 | if err := cmd.Run(); err != nil { 23 | log.Fatal(err) 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /test/namespace/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | "os/exec" 7 | "syscall" 8 | ) 9 | 10 | func main() { 11 | cmd := exec.Command("sh") 12 | cmd.SysProcAttr = &syscall.SysProcAttr{ 13 | // 隔离 uts,ipc,pid,mount,user,network 14 | Cloneflags: syscall.CLONE_NEWUTS | 15 | syscall.CLONE_NEWIPC | 16 | syscall.CLONE_NEWPID | 17 | syscall.CLONE_NEWNS | 18 | syscall.CLONE_NEWUSER | 19 | syscall.CLONE_NEWNET, 20 | // 设置容器的UID和GID 21 | UidMappings: []syscall.SysProcIDMap{ 22 | { 23 | // 容器的UID 24 | ContainerID: 1, 25 | // 宿主机的UID 26 | HostID: 0, 27 | Size: 1, 28 | }, 29 | }, 30 | GidMappings: []syscall.SysProcIDMap{ 31 | { 32 | // 容器的GID 33 | ContainerID: 1, 34 | // 宿主机的GID 35 | HostID: 0, 36 | Size: 1, 37 | }, 38 | }, 39 | } 40 | cmd.Stdin = os.Stdin 41 | cmd.Stdout = os.Stdout 42 | cmd.Stderr = os.Stderr 43 | 44 | if err := cmd.Run(); err != nil { 45 | log.Fatal(err) 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /test/namespace/mount/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | "os/exec" 7 | "syscall" 8 | ) 9 | 10 | /** 11 | mount namespace 用来隔离各个进程看到的挂载点视图 12 | */ 13 | 14 | func main() { 15 | cmd := exec.Command("sh") 16 | cmd.SysProcAttr = &syscall.SysProcAttr{ 17 | Cloneflags: syscall.CLONE_NEWNS, 18 | } 19 | cmd.Stdin = os.Stdin 20 | cmd.Stdout = os.Stdout 21 | cmd.Stderr = os.Stderr 22 | 23 | if err := cmd.Run(); err != nil { 24 | log.Fatal(err) 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /test/namespace/network/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | "os/exec" 7 | "syscall" 8 | ) 9 | 10 | /** 11 | network namespace 主要是用来隔离网络设备,IP地址端口等 12 | 它可以让每个容器拥有自己独立的(虚拟的)网络设备 13 | 每个namespace中的端口都不会互相冲突 14 | */ 15 | 16 | func main() { 17 | cmd := exec.Command("sh") 18 | cmd.SysProcAttr = &syscall.SysProcAttr{ 19 | Cloneflags: syscall.CLONE_NEWNET, 20 | } 21 | cmd.Stdin = os.Stdin 22 | cmd.Stdout = os.Stdout 23 | cmd.Stderr = os.Stderr 24 | 25 | if err := cmd.Run(); err != nil { 26 | log.Fatal(err) 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /test/namespace/pid/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | "os/exec" 7 | "syscall" 8 | ) 9 | 10 | /** 11 | pid namespace 主要是用来隔离 进程ID的 12 | 同样一个进程在不同的pid namespace中可以拥有不同的PID 13 | */ 14 | 15 | func main() { 16 | cmd := exec.Command("sh") 17 | cmd.SysProcAttr = &syscall.SysProcAttr{ 18 | Cloneflags: syscall.CLONE_NEWPID, 19 | } 20 | cmd.Stdin = os.Stdin 21 | cmd.Stdout = os.Stdout 22 | cmd.Stderr = os.Stderr 23 | 24 | if err := cmd.Run(); err != nil { 25 | log.Fatal(err) 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /test/namespace/user/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | "os/exec" 7 | "syscall" 8 | ) 9 | 10 | /** 11 | user namespace 主要是用来隔离用户和用户组id的 12 | https://github.com/xianlubird/mydocker/issues/3 13 | echo 640 > /proc/sys/user/max_user_namespaces 14 | */ 15 | 16 | func main() { 17 | cmd := exec.Command("sh") 18 | cmd.SysProcAttr = &syscall.SysProcAttr{ 19 | Cloneflags: syscall.CLONE_NEWUSER, 20 | UidMappings: []syscall.SysProcIDMap{ 21 | { 22 | // 容器的UID 23 | ContainerID: 1, 24 | // 宿主机的UID 25 | HostID: 0, 26 | Size: 1, 27 | }, 28 | }, 29 | GidMappings: []syscall.SysProcIDMap{ 30 | { 31 | // 容器的GID 32 | ContainerID: 1, 33 | // 宿主机的GID 34 | HostID: 0, 35 | Size: 1, 36 | }, 37 | }, 38 | } 39 | 40 | cmd.Stdin = os.Stdin 41 | cmd.Stdout = os.Stdout 42 | cmd.Stderr = os.Stderr 43 | 44 | if err := cmd.Run(); err != nil { 45 | log.Fatal(err) 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /test/namespace/uts/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "log" 5 | "os" 6 | "os/exec" 7 | "syscall" 8 | ) 9 | 10 | /** 11 | uts namespace 主要是用来隔离 nodename和 domainname 两个系统标识的 12 | 每个uts中允许有自己的 hostname 13 | */ 14 | 15 | func main() { 16 | cmd := exec.Command("sh") 17 | cmd.SysProcAttr = &syscall.SysProcAttr{ 18 | Cloneflags: syscall.CLONE_NEWUTS, 19 | } 20 | cmd.Stdin = os.Stdin 21 | cmd.Stdout = os.Stdout 22 | cmd.Stderr = os.Stderr 23 | 24 | if err := cmd.Run(); err != nil { 25 | log.Fatal(err) 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /test/util/util_test.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "os/exec" 5 | "path" 6 | "syscall" 7 | "testing" 8 | ) 9 | 10 | func TestLookPath(t *testing.T) { 11 | // 寻找 ls 命令的绝对路径 12 | path, err := exec.LookPath("ls") 13 | if err != nil { 14 | t.Error(err) 15 | } 16 | t.Logf("ls path: %s \n", path) 17 | } 18 | 19 | // 切换运行时目录 20 | func TestChangeRunDir(t *testing.T) { 21 | err := syscall.Chdir("/root") 22 | if err != nil { 23 | t.Error(err) 24 | } 25 | cmd := exec.Command("pwd") 26 | bs, _ := cmd.CombinedOutput() 27 | t.Log(string(bs)) 28 | } 29 | 30 | func TestPathJoin(t *testing.T) { 31 | newPath := path.Join("/root/", "busybox.tar") 32 | t.Log(newPath) 33 | } 34 | --------------------------------------------------------------------------------