OpenHarmony运行docker详细步骤 原创 精华
作者:离北况归 2022年度OpenHarmony活跃讲师、2023年度开放原子基金会开源贡献之星、润开鸿实习软件工程师
本文将介绍如何在OpenHarmony内核上运行docker容器。
@toc
1.环境和设备
- 系统版本: 3.2release(64位)
- OpenHarmony内核版本:5.10
- 标准系统设备: DAYU200
- Docker:18.03.1 (64位)
- sd卡一张
2.准备支持Docker容器的OpenHarmony内核
1.检测DAYU200 3568 OpenHarmony3.2release内核对docker的支持
- 下载检测脚本check-config.sh
2.在编译命令./build.sh --product-name rk3568 --ccache --target-cpu arm64
编译arm64位系统情况下
-
进入out/kernel/src_tmp/linux-5.10下执行
scripts/extract-ikconfig boot_linux.img > /home/.config
生成boot_linux.img内核镜像的配置文件,配置文件此时输入到了/home/.config -
执行脚本 ./check-config.sh .config
3.修改源码内核配置kernel/linux/config/linux-5.10/rk3568/arch/arm64_defconfig
- 将必选和可选的配置都打开,修改内核配置
# add for Docker
CONFIG_POSIX_MQUEUE=y
CONFIG_SCHED_WALT=y
CONFIG_PSI=y
CONFIG_PAGE_COUNTER=y
CONFIG_CGROUP_BPF=y
CONFIG_MEMCG_KMEM=y
CONFIG_MEMCG_SWAP_ENABLED=y
CONFIG_BLK_CGROUP=y
CONFIG_BLK_DEV_THROTTLING=y
CONFIG_RT_GROUP_SCHED=y
CONFIG_CGROUP_PIDS=y
CONFIG_CGROUP_HUGETLB=y
CONFIG_CGROUP_PERF=y
CONFIG_NET_CLS_CGROUP=y
CONFIG_BPF_SYSCALL=y
CONFIG_BINFMT_MISC=y
CONFIG_TLS=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
CONFIG_INET_ESP=y
CONFIG_IPV6_MIP6=y
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_MROUTE=y
CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
CONFIG_NF_CONNTRACK=y
CONFIG_NETFILTER_XT_MARK=y
CONFIG_NETFILTER_XT_SET=y
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
CONFIG_NETFILTER_XT_MATCH_IPVS=y
CONFIG_NETFILTER_XT_MATCH_CGROUP=y
CONFIG_IP_SET=y
CONFIG_IP_SET_HASH_IP=y
CONFIG_IP_SET_HASH_NET=y
CONFIG_IP_VS=y
CONFIG_IP_VS_NFCT=y
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_RR=y
CONFIG_IP_VS_WRR=y
CONFIG_IP_VS_SH=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_NF_NAT=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_IRC=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_BRIDGE=y
CONFIG_BRIDGE_NETFILTER=y
CONFIG_CGROUP_NET_PRIO=y
CONFIG_STREAM_PARSER=y
CONFIG_DRIVERS_HDF_LIGHT=y
CONFIG_HYPERHOLD=y
CONFIG_HYPERHOLD_DEBUG=y
CONFIG_HYPERHOLD_ZSWAPD=y
CONFIG_HYPERHOLD_FILE_LRU=y
CONFIG_HYPERHOLD_MEMCG=y
CONFIG_ZRAM_GROUP=y
CONFIG_ZRAM_GROUP_DEBUG=y
CONFIG_ZLIST_DEBUG=y
CONFIG_ZRAM_GROUP_WRITEBACK=y
CONFIG_REGMAP_SPI=y
CONFIG_MACVLAN=y
CONFIG_VXLAN=y
CONFIG_AUFS_FS=y
CONFIG_VETH=y
CONFIG_DRM_DW_HDMI_I2S_AUDIO=y
CONFIG_SND_TIMER=y
CONFIG_SND_PCM=y
CONFIG_SND_PCM_ELD=y
CONFIG_SND_PCM_IEC958=y
CONFIG_SND_DMAENGINE_PCM=y
CONFIG_SND_HWDEP=y
CONFIG_SND_SEQ_DEVICE=y
CONFIG_SND_RAWMIDI=y
CONFIG_SND_JACK=y
CONFIG_SND_JACK_INPUT_DEV=y
CONFIG_SND_PCM_TIMER=y
CONFIG_SND_HRTIMER=y
CONFIG_SND_DYNAMIC_MINORS=y
CONFIG_SND_MAX_CARDS=32
CONFIG_SND_PROC_FS=y
CONFIG_SND_VERBOSE_PROCFS=y
CONFIG_SND_SEQUENCER=y
CONFIG_SND_SEQ_DUMMY=y
CONFIG_SND_SEQ_HRTIMER_DEFAULT=y
CONFIG_SND_SEQ_MIDI_EVENT=y
CONFIG_SND_SEQ_MIDI=y
CONFIG_SND_DRIVERS=y
CONFIG_SND_HDA_PREALLOC_SIZE=64
CONFIG_SND_USB=y
CONFIG_SND_USB_AUDIO=y
CONFIG_SND_USB_AUDIO_USE_MEDIA_CONTROLLER=y
CONFIG_SND_SOC=y
CONFIG_SND_SOC_GENERIC_DMAENGINE_PCM=y
CONFIG_SND_SOC_ROCKCHIP=y
CONFIG_SND_SOC_ROCKCHIP_I2S=y
CONFIG_SND_SOC_ROCKCHIP_I2S_TDM=y
CONFIG_SND_SOC_ROCKCHIP_PDM=y
CONFIG_SND_SOC_ROCKCHIP_SPDIF=y
CONFIG_SND_SOC_ROCKCHIP_SPDIFRX=y
CONFIG_SND_SOC_ROCKCHIP_MAX98090=y
CONFIG_SND_SOC_ROCKCHIP_MULTICODECS=y
CONFIG_SND_SOC_ROCKCHIP_RT5645=y
CONFIG_SND_SOC_ROCKCHIP_HDMI=y
CONFIG_SND_SOC_DUMMY_CODEC=y
CONFIG_SND_SOC_HDMI_CODEC=y
CONFIG_SND_SOC_ES7202=y
CONFIG_SND_SOC_ES7243E=y
CONFIG_SND_SOC_ES8311=y
CONFIG_SND_SOC_ES8316=y
CONFIG_SND_SOC_MAX98090=y
CONFIG_SND_SOC_RK3308=y
CONFIG_SND_SOC_RK3328=y
CONFIG_SND_SOC_RK817=y
CONFIG_SND_SOC_RK_CODEC_DIGITAL=y
CONFIG_SND_SOC_RL6231=y
CONFIG_SND_SOC_RT5616=y
CONFIG_SND_SOC_RT5640=y
CONFIG_SND_SOC_RT5645=y
CONFIG_SND_SOC_RT5651=y
CONFIG_SND_SOC_SPDIF=y
CONFIG_SND_SOC_TS3A227E=y
CONFIG_SND_SIMPLE_CARD_UTILS=y
CONFIG_SND_SIMPLE_CARD=y
CONFIG_ANDROID_PARANOID_NETWORK=y
CONFIG_ACCESS_TOKENID=y
CONFIG_F2FS_GRADING_SSR=y
CONFIG_OVERLAY_FS=y
CONFIG_HUGETLBFS=y
CONFIG_HUGETLB_PAGE=y
CONFIG_CRYPTO_SEQIV=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_BRIDGE_VLAN_FILTERING=y
CONFIG_IPVLAN=y
CONFIG_DUMMY=y
CONFIG_NF_NAT_FTP=y
CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_NAT_TFTP=y
CONFIG_NF_CONNTRACK_TFTP=y
CONFIG_BTRFS_FS=y
# end
4.添加Docker运行需要的目录’run’, ‘var’, ‘opt’, ‘usr’。修改build/ohos/images/build_image.py
'run', 'var', 'opt', 'usr'
5.修改/base/security/selinux/sepolicy/base/system/file_contexts
/run u:object_r:rootfs:s0
/var u:object_r:rootfs:s0
/opt u:object_r:rootfs:s0
/usr u:object_r:rootfs:s0
/lib u:object_r:rootfs:s0
3.编译烧录镜像
./build.sh --product-name rk3568 --ccache --target-cpu arm64
4.安装docker容器引擎组件
1.hdc shell
进入开发板终端在/etc/下创建cgroups.json,cgroups.json内容如下
{
"Cgroups": [
{
"UID": "system",
"GID": "system",
"Mode": "0755",
"Controller": "blkio",
"Path": "/dev/blkio"
},
{
"UID": "system",
"GID": "system",
"Mode": "0755",
"Controller": "cpu",
"Path": "/dev/cpu"
},
{
"Mode": "0555",
"Path": "/dev/cpuacct",
"Controller": "cpuacct"
},
{
"UID": "system",
"GID": "system",
"Mode": "0755",
"Controller": "cpuset",
"Path": "/dev/cpuset"
},
{
"UID": "system",
"GID": "system",
"Mode": "0755",
"Controller": "memory",
"Path": "/dev/memcg"
},
{
"UID": "system",
"GID": "system",
"Mode": "0755",
"Controller": "schedtune",
"Path": "/dev/stune"
},
{
"GID": "system",
"UID": "system",
"Mode": "0755",
"Controller": "devices",
"Path": "/dev/devices"
},
{
"GID": "system",
"UID": "system",
"Mode": "0755",
"Controller": "freezer",
"Path": "/dev/freezer"
},
{
"GID": "system",
"UID": "system",
"Mode": "0755",
"Controller": "hugetlb",
"Path": "/dev/hugetlb"
},
{
"GID": "system",
"UID": "system",
"Mode": "0755",
"Controller": "net_cls",
"Path": "/dev/net_cls"
},
{
"GID": "system",
"UID": "system",
"Mode": "0755",
"Controller": "net_prio",
"Path": "/dev/net_prio"
},
{
"GID": "system",
"UID": "system",
"Mode": "0755",
"Controller": "perf_event",
"Path": "/dev/perf_event"
},
{
"GID": "system",
"UID": "system",
"Mode": "0755",
"Controller": "pids",
"Path": "/dev/pids"
},
{
"GID": "system",
"UID": "system",
"Mode": "0755",
"Controller": "rdma",
"Path": "/dev/rdma"
}
],
"Cgroups2": {
"UID": "root",
"GID": "root",
"Mode": "0600",
"Path": "/dev/cg2_bpf"
}
}
2.安装docker静态二进制文件
# 下载docker static binaries 18.03.1
https://download.docker.com/linux/static/stable/aarch64/
若为32位选择armhf版。
# 解压并且加入环境变量
tar zxvf 到/system/bin下
# 给二进制文件执行权限
cd /system/bin/docker/
chmod 777 docker
chmod 777 docker-containerd-ctr
chmod 777 docker-init
chmod 777 docker-runc
chmod 777 docker-containerd
chmod 777 docker-containerd-shim
chmod 777 docker-proxy
chmod 777 dockerd
export PATH=$PATH:/system/bin/
export PATH=$PATH:/system/bin/docker/
5.格式化sd卡为f2fs文件系统
# 修改root目录下的权限使其可以进行文件操作
hdc shell mount -o rw,remount -t auto /
-
docker overlay filesystem推荐backing filesystem是未加密的f2fs。而RK3568的data分区是加密的ext4,可以通过micro sd card卡扩展RK3568的存储将sd card格式化为f2fs解决此问题。
-
准备一个sd卡,插入到DAYU200板子上
# 查看系统文件系统格式
blkid
# 查看系统文件系统和挂载情况
df -h
# 确定sd卡的名称,将其格式化sd卡为f2fs
# 卸载设备:如果设备已挂载,使用以下命令卸载设备:(请确保设备已成功卸载,不再出现任何输出。)
umount /dev/block/vol-179-97
# 执行mkfs.f2fs命令来创建F2FS文件系统:
mkfs.f2fs /dev/block/vol-179-97
格式化后先不要挂载sd卡
6.通过有线或者无线连接网络
将开发板连接网络
# 查看正在运行的
ifconfig
# 查看所有的网络接口
ifconfig -a
# 开启ip forward
echo "1" > /proc/sys/net/ipv4/ip_forward
7.docker环境准备
# 创建docker运行需要的目录
mkdir /system/etc/docker
mkdir /data/var
mkdir /data/run
mkdir /data/tmp
mkdir /data/opt
mkdir /data/etc
mkdir /data/etc/docker
mkdir /data/usr
mkdir /mnt/f2fs
# 挂载刚刚已经被f2fs格式化的sd卡设备,可以用blkid查看到具体的名称
mount /dev/block/vol-179-97 /mnt/f2fs/
# 创建一个1GB大小的tmpfs文件系统,并将其挂载到"/sys/fs/cgroup"目录下,以供cgroup机制使用。
mount tmpfs /sys/fs/cgroup -t tmpfs -o size=1G
mkdir /sys/fs/cgroup/blkio
mkdir /sys/fs/cgroup/cpu
mkdir /sys/fs/cgroup/cpuacct
mkdir /sys/fs/cgroup/cpuset
mkdir /sys/fs/cgroup/devices
mkdir /sys/fs/cgroup/freezer
mkdir /sys/fs/cgroup/hugetlb
mkdir /sys/fs/cgroup/memory
mkdir /sys/fs/cgroup/net_cls
mkdir /sys/fs/cgroup/net_prio
mkdir /sys/fs/cgroup/perf_event
mkdir /sys/fs/cgroup/pids
mkdir /sys/fs/cgroup/rdma
mkdir /sys/fs/cgroup/schedtune
mkdir /sys/fs/cgroup/systemd
mount --bind /data/etc/docker /etc/docker
mount --bind /data/var /var
mount --bind /data/run /run
mount --bind /data/tmp /tmp
mount --bind /data/opt /opt
mount --bind /data/usr /usr
mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd
mount -t cgroup -o blkio,nodev,noexec,nosuid cgroup /sys/fs/cgroup/blkio
mount -t cgroup -o cpu,nodev,noexec,nosuid cgroup /sys/fs/cgroup/cpu
mount -t cgroup -o cpuacct,nodev,noexec,nosuid cgroup /sys/fs/cgroup/cpuacct
mount -t cgroup -o cpuset,nodev,noexec,nosuid cgroup /sys/fs/cgroup/cpuset
mount -t cgroup -o devices,nodev,noexec,nosuid cgroup /sys/fs/cgroup/devices
mount -t cgroup -o freezer,nodev,noexec,nosuid cgroup /sys/fs/cgroup/freezer
mount -t cgroup -o hugetlb,nodev,noexec,nosuid cgroup /sys/fs/cgroup/hugetlb
mount -t cgroup -o memory,nodev,noexec,nosuid cgroup /sys/fs/cgroup/memory
mount -t cgroup -o net_cls,nodev,noexec,nosuid cgroup /sys/fs/cgroup/net_cls
mount -t cgroup -o net_prio,nodev,noexec,nosuid cgroup /sys/fs/cgroup/net_prio
mount -t cgroup -o perf_event,nodev,noexec,nosuid cgroup /sys/fs/cgroup/perf_event
mount -t cgroup -o pids,nodev,noexec,nosuid cgroup /sys/fs/cgroup/pids
mount -t cgroup -o rdma,nodev,noexec,nosuid cgroup /sys/fs/cgroup/rdma
mount -t cgroup -o schedtune,nodev,noexec,nosuid cgroup /sys/fs/cgroup/schedtune
# 设置DNS名称服务器和docker image注册表
echo "{\"registry-mirrors\":[\"https://docker.mirrors.ustc.edu.cn\"],\"experimental\":false,\"storage-driver\": \"overlay2\",\"data-root\": \"/mnt/f2fs\"}" > /etc/docker/daemon.json
# 临时关闭 SELinux 安全模式
setenforce 0
8.运行docker
dockerd -D -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock &
9.验证docker运行状态
docker run hello-world
10.OpenHarmony系统重启后重新开启docker
hdc shell
mount -o rw,remount -t auto /
mkdir /mnt/f2fs
blkid
df -h
# 挂载sd卡到/mnt/f2fs/
mount /dev/block/vol-179-97 /mnt/f2fs/
cd /system/bin/docker/
chmod 777 docker
chmod 777 docker-containerd-ctr
chmod 777 docker-init
chmod 777 docker-runc
chmod 777 docker-containerd
chmod 777 docker-containerd-shim
chmod 777 docker-proxy
chmod 777 dockerd
export PATH=$PATH:/system/bin/
export PATH=$PATH:/system/bin/docker/
mount tmpfs /sys/fs/cgroup -t tmpfs -o size=1G
mkdir /sys/fs/cgroup/blkio
mkdir /sys/fs/cgroup/cpu
mkdir /sys/fs/cgroup/cpuacct
mkdir /sys/fs/cgroup/cpuset
mkdir /sys/fs/cgroup/devices
mkdir /sys/fs/cgroup/freezer
mkdir /sys/fs/cgroup/hugetlb
mkdir /sys/fs/cgroup/memory
mkdir /sys/fs/cgroup/net_cls
mkdir /sys/fs/cgroup/net_prio
mkdir /sys/fs/cgroup/perf_event
mkdir /sys/fs/cgroup/pids
mkdir /sys/fs/cgroup/rdma
mkdir /sys/fs/cgroup/schedtune
mkdir /sys/fs/cgroup/systemd
mount --bind /data/etc/docker /etc/docker
mount --bind /data/var /var
mount --bind /data/run /run
mount --bind /data/tmp /tmp
mount --bind /data/opt /opt
mount --bind /data/usr /usr
mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd
mount -t cgroup -o blkio,nodev,noexec,nosuid cgroup /sys/fs/cgroup/blkio
mount -t cgroup -o cpu,nodev,noexec,nosuid cgroup /sys/fs/cgroup/cpu
mount -t cgroup -o cpuacct,nodev,noexec,nosuid cgroup /sys/fs/cgroup/cpuacct
mount -t cgroup -o cpuset,nodev,noexec,nosuid cgroup /sys/fs/cgroup/cpuset
mount -t cgroup -o devices,nodev,noexec,nosuid cgroup /sys/fs/cgroup/devices
mount -t cgroup -o freezer,nodev,noexec,nosuid cgroup /sys/fs/cgroup/freezer
mount -t cgroup -o hugetlb,nodev,noexec,nosuid cgroup /sys/fs/cgroup/hugetlb
mount -t cgroup -o memory,nodev,noexec,nosuid cgroup /sys/fs/cgroup/memory
mount -t cgroup -o net_cls,nodev,noexec,nosuid cgroup /sys/fs/cgroup/net_cls
mount -t cgroup -o net_prio,nodev,noexec,nosuid cgroup /sys/fs/cgroup/net_prio
mount -t cgroup -o perf_event,nodev,noexec,nosuid cgroup /sys/fs/cgroup/perf_event
mount -t cgroup -o pids,nodev,noexec,nosuid cgroup /sys/fs/cgroup/pids
mount -t cgroup -o rdma,nodev,noexec,nosuid cgroup /sys/fs/cgroup/rdma
mount -t cgroup -o schedtune,nodev,noexec,nosuid cgroup /sys/fs/cgroup/schedtune
echo "1" > /proc/sys/net/ipv4/ip_forward
setenforce 0
dockerd -D -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock &
docker run hello-world
特别说明:本文档参考的是RK3568 OpenHarmony运行KubeEdge , 在此感谢相关开发者。
很完整的搭建流程,必须学习一下
有了docker 就可以在本地跑ubuntu、跑python、跑Pytorch、Spring boot、MQTT服务器等等,在很多场景下都非常有用。算是解决很多技术上的关键问题。
绝对的,理论上有linux内核就可以跑docker。但是还是要考虑要运行一些应用的时候OpenHarmony内核中是否有这个配置
docker的虚拟化可以解决软件开发中遇到的大部分因为系统差异导致的问题,这是我学习OpenHarmony到现在对我来说价值最高的一篇博客了!
多回复回复,给你刷刷热度
不错不错,非常好!!
不错不错,已经连上docker了
有些编译选项kconfig都没有,.config中也没有相关选项,是要自己加一个kconfig然后把对应的宏加上去吗?
.config里的check必须全部enable才行吗?看了下,有些选项默认不编。kernel/linux/linux-5.10/drivers/net/Kconfig。这个里面的前加了
if NETDEVICES 和if NET_CORE默认都没打开,要在哪里可以配置?能指导下吗?
已解决。可以正常跑docker了
请问,我在执行第7步的mount -t cgroup -o hugetlb,nodev,noexec,nosuid cgroup /sys/fs/cgroup/hugetlb时候会报错,怎么解决呢?
如何开机自启docker呢
我也遇到这个问题,请问如何解决的呢?