我正在EC2上的CoreOS上尝试Docker。
我想做的是:
- 运行Docker私有注册表容器
- 从私有注册表中提取映像后运行其他容器
初始配置
我的cloud-config.yml像这样:
#cloud-config
coreos:
units:
- name: etcd2.service
command: start
- name: fleet.service
command: start
- name: docker.service
command: start
drop-ins:
- name: 50-insecure-registry.conf
content: |
[Service]
Environment=DOCKER_OPTS='--insecure-registry="localhost:5000"'
- name: private-docker-registry.service
command: start
runtime: true
content: |
[Unit]
Description=Docker Private Registry
After=docker.service
Requires=docker.service
Requires=network-online.target
After=network-online.target
[Service]
ExecStartPre=/usr/bin/docker pull registry:latest
ExecStart=/usr/bin/docker run --name private-docker-registry --privileged -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=bucket -e AWS_KEY=awskey -e AWS_SECRET=awssecret -e SEARCH_BACKEND=sqlalchemy -p 5000:5000 registry:latest
- name: myservice.service
command: start
runtime: true
content: |
[Unit]
Description=My Service
After=private-docker-registry.service
Requires=private-docker-registry.service
Requires=network-online.target
After=network-online.target
[Service]
ExecStartPre=/usr/bin/docker pull localhost:5000/myservice:latest
ExecStart=/usr/bin/docker run --name myservice localhost:5000/myservice:latest
myservice。服务失败
问题是:
- myservice。私有注册表容器成功运行,服务失败
当我登录到机器时,它显示如下消息:
Failed Units: 1
myservice.service
命令journalctl -u private-docker-registry.service显示如下:
Jul 24 07:30:25 docker[830]: [2015-07-24 07:30:25 +0000] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
命令journalctl -u myservice.service显示如下日志。
Jul 24 07:30:25 systemd[1]: Starting My Service...
Jul 24 07:30:25 docker[836]: time="2015-07-24T07:30:25Z" level=fatal msg="Error response from daemon: v1 ping attempt failed with error: Get http://localhost:5000/v1/_ping: dial tcp 127.0.0.1:5000: connection refused"
Jul 24 07:30:25 systemd[1]: myservice.service: Control process exited, code=exited status=1
Jul 24 07:30:25 systemd[1]: Failed to start My Service.
Jul 24 07:30:25 systemd[1]: myservice.service: Unit entered failed state.
Jul 24 07:30:25 systemd[1]: myservice.service: Failed with result 'exit-code'.
但是,我可以手动运行myservice容器(几分钟后)。
docker run --name myservice localhost:5000/myservice:latest
我的假设是:
- 拔
myservice映像失败,因为myservice.service试图拔myservice映像立即在私有注册表开始侦听后
试一试,误差
基于我上面的假设,我添加了wait-for-registry.service,它在私有注册表启动后等待2分钟。
#cloud-config
coreos:
units:
- name: etcd2.service
command: start
- name: fleet.service
command: start
- name: docker.service
command: start
drop-ins:
- name: 50-insecure-registry.conf
content: |
[Service]
Environment=DOCKER_OPTS='--insecure-registry="localhost:5000"'
- name: private-docker-registry.service
command: start
runtime: true
content: |
[Unit]
Description=Docker Private Registry
After=docker.service
Requires=docker.service
Requires=network-online.target
After=network-online.target
[Service]
ExecStartPre=/usr/bin/docker pull registry:latest
ExecStart=/usr/bin/docker run --name private-docker-registry --privileged -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=bucket -e AWS_KEY=awskey -e AWS_SECRET=awssecret -e SEARCH_BACKEND=sqlalchemy -p 5000:5000 registry:latest
- name: wait-for-registry.service
command: start
runtime: true
content: |
[Unit]
Description=Wait Until Private Registry is Ready
After=private-docker-registry.service
Requires=private-docker-registry.service
[Service]
ExecStart=/usr/bin/sleep 120
- name: myservice.service
command: start
runtime: true
content: |
[Unit]
Description=My Service
After=wait-for-registry.service
After=private-docker-registry.service
Requires=private-docker-registry.service
Requires=network-online.target
After=network-online.target
[Service]
ExecStartPre=/usr/bin/docker pull localhost:5000/myservice:latest
ExecStart=/usr/bin/docker run --name myservice localhost:5000/myservice:latest
但是这会导致同样的问题。
命令journalctl -u private-docker-registry.service显示如下:
Jul 24 08:23:38 docker[838]: [2015-07-24 08:23:38 +0000] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
命令journalctl -u wait-for-registry.service显示如下:
Jul 24 08:23:37 systemd[1]: Started Wait Until Private Registry is Ready.
Jul 24 08:23:37 systemd[1]: Starting Wait Until Private Registry is Ready...
命令journalctl -u myservice.service显示如下:
Jul 24 08:23:37 systemd[1]: Starting My Service...
Jul 24 08:23:37 docker[847]: time="2015-07-24T08:23:37Z" level=fatal msg="Error response from daemon: v1 ping attempt failed with error: Get http://localhost:5000/v1/_ping: dial tcp 127.0.0.1
Jul 24 08:23:37 systemd[1]: myservice.service: Control process exited, code=exited status=1
Jul 24 08:23:37 systemd[1]: Failed to start My Service.
Jul 24 08:23:37 systemd[1]: myservice.service: Unit entered failed state.
Jul 24 08:23:37 systemd[1]: myservice.service: Failed with result 'exit-code'.
看来sleep不起作用。
我怎么能让它等待,直到私有注册表将可用?
欢迎任何提示或建议!
谢谢:)
systemd单元文件很棘手:-)
我想你正好有它。我不是专家,但我会尽力解释我认为发生的事情。
首先,我认为你可能需要添加一个:
- name: wait-for-registry.service
command: start
runtime: true
content: |
[Unit]
Description=Wait Until Private Registry is Ready
After=private-docker-registry.service
Requires=private-docker-registry.service
[Service]
ExecStart=/usr/bin/sleep 120
RemainAfterExit=true
Type=oneshot
解释是/usr/bin/sleep 120 已启动。既然它启动了,链中的下一个单元也就启动了(你的myservice.service)。通过将其更改为单点,您必须等待直到它完成。我在这里猜测,虽然,因为很多单位的东西对我来说是尝试和错误。
我在我的单元文件中有一个类似的结构。我不认为你真的想要"睡觉",那是一种欺骗。我想你真的想等到端口5000有应答,对吗?如果是这种情况,您可以使用以下命令替换sleep:
ExecStart=/usr/bin/bash /opt/bin/waiter.sh
然后,在云的顶部配置:
write_files:
- path: /opt/bin/waiter.sh
permissions: 0755
owner: root
content: |
#! /usr/bin/bash
until curl -s http://127.0.0.1:5000/; do echo waiting waiter.sh; sleep 2; done
或者类似的东西。等那个端口有东西后再继续。
- g