<CoreOS,cloud-config>如何在Docker Private Registry准备好之前等待?
我正在EC2上的CoreOS上尝试Docker。
我想要做的是:
- 运行Docker专用registry容器
- 从私人registry中拉出图像后运行其他容器
初始configuration
我的cloud-config.yml
是这样的:
#cloud-config coreos: units: - name: etcd2.service command: start - name: fleet.service command: start - name: docker.service command: start drop-ins: - name: 50-insecure-registry.conf content: | [Service] Environment=DOCKER_OPTS='--insecure-registry="localhost:5000"' - name: private-docker-registry.service command: start runtime: true content: | [Unit] Description=Docker Private Registry After=docker.service Requires=docker.service Requires=network-online.target After=network-online.target [Service] ExecStartPre=/usr/bin/docker pull registry:latest ExecStart=/usr/bin/docker run --name private-docker-registry --privileged -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=bucket -e AWS_KEY=awskey -e AWS_SECRET=awssecret -e SEARCH_BACKEND=sqlalchemy -p 5000:5000 registry:latest - name: myservice.service command: start runtime: true content: | [Unit] Description=My Service After=private-docker-registry.service Requires=private-docker-registry.service Requires=network-online.target After=network-online.target [Service] ExecStartPre=/usr/bin/docker pull localhost:5000/myservice:latest ExecStart=/usr/bin/docker run --name myservice localhost:5000/myservice:latest
myservice.service失败
这里的问题是:
- 私人registry容器成功运行myservice.service失败
当我login到机器时,会显示以下消息。
Failed Units: 1 myservice.service
命令journalctl -u private-docker-registry.service
显示:
Jul 24 07:30:25 docker[830]: [2015-07-24 07:30:25 +0000] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
命令journalctl -u myservice.service
显示以下日志。
Jul 24 07:30:25 systemd[1]: Starting My Service... Jul 24 07:30:25 docker[836]: time="2015-07-24T07:30:25Z" level=fatal msg="Error response from daemon: v1 ping attempt failed with error: Get http://localhost:5000/v1/_ping: dial tcp 127.0.0.1:5000: connection refused" Jul 24 07:30:25 systemd[1]: myservice.service: Control process exited, code=exited status=1 Jul 24 07:30:25 systemd[1]: Failed to start My Service. Jul 24 07:30:25 systemd[1]: myservice.service: Unit entered failed state. Jul 24 07:30:25 systemd[1]: myservice.service: Failed with result 'exit-code'.
但是,我可以手动运行myservice容器(几分钟后)。
docker run --name myservice localhost:5000/myservice:latest
我的假设是:
- 拉
myservice
图像失败,因为myservice.service
试图在私人registry开始侦听后立即拉myservice
图像。
尝试&错误
根据我上面的假设,我添加了wait-for-registry.service
,只是在私人registry启动后等待2分钟。
#cloud-config coreos: units: - name: etcd2.service command: start - name: fleet.service command: start - name: docker.service command: start drop-ins: - name: 50-insecure-registry.conf content: | [Service] Environment=DOCKER_OPTS='--insecure-registry="localhost:5000"' - name: private-docker-registry.service command: start runtime: true content: | [Unit] Description=Docker Private Registry After=docker.service Requires=docker.service Requires=network-online.target After=network-online.target [Service] ExecStartPre=/usr/bin/docker pull registry:latest ExecStart=/usr/bin/docker run --name private-docker-registry --privileged -e SETTINGS_FLAVOR=s3 -e AWS_BUCKET=bucket -e AWS_KEY=awskey -e AWS_SECRET=awssecret -e SEARCH_BACKEND=sqlalchemy -p 5000:5000 registry:latest - name: wait-for-registry.service command: start runtime: true content: | [Unit] Description=Wait Until Private Registry is Ready After=private-docker-registry.service Requires=private-docker-registry.service [Service] ExecStart=/usr/bin/sleep 120 - name: myservice.service command: start runtime: true content: | [Unit] Description=My Service After=wait-for-registry.service After=private-docker-registry.service Requires=private-docker-registry.service Requires=network-online.target After=network-online.target [Service] ExecStartPre=/usr/bin/docker pull localhost:5000/myservice:latest ExecStart=/usr/bin/docker run --name myservice localhost:5000/myservice:latest
但是这导致同样的问题。
命令journalctl -u private-docker-registry.service
显示:
Jul 24 08:23:38 docker[838]: [2015-07-24 08:23:38 +0000] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
命令journalctl -u wait-for-registry.service
显示:
Jul 24 08:23:37 systemd[1]: Started Wait Until Private Registry is Ready. Jul 24 08:23:37 systemd[1]: Starting Wait Until Private Registry is Ready...
命令journalctl -u myservice.service
显示:
Jul 24 08:23:37 systemd[1]: Starting My Service... Jul 24 08:23:37 docker[847]: time="2015-07-24T08:23:37Z" level=fatal msg="Error response from daemon: v1 ping attempt failed with error: Get http://localhost:5000/v1/_ping: dial tcp 127.0.0.1 Jul 24 08:23:37 systemd[1]: myservice.service: Control process exited, code=exited status=1 Jul 24 08:23:37 systemd[1]: Failed to start My Service. Jul 24 08:23:37 systemd[1]: myservice.service: Unit entered failed state. Jul 24 08:23:37 systemd[1]: myservice.service: Failed with result 'exit-code'.
看来sleep
不起作用。
题
我怎样才能让它等到私人registry可用?
任何提示或build议的欢迎!
谢谢:)
系统单元文件是棘手的:-)
我想你只是有它。 我不是专家,但是我会尽力解释我的想法。
首先,我想你可能想要添加一个:
- name: wait-for-registry.service command: start runtime: true content: | [Unit] Description=Wait Until Private Registry is Ready After=private-docker-registry.service Requires=private-docker-registry.service [Service] ExecStart=/usr/bin/sleep 120 RemainAfterExit=true Type=oneshot
解释是/ usr / bin / sleep 120启动。 自启动以来,链中的下一个单元启动(您的myservice.service)。 通过改变它onehot,你必须等到它完成。 不过,我在这里猜测,因为单位的大部分东西都是我的反复试验。
我在单元文件中有类似的结构。 我不认为你真的想'睡',这是一个黑客。 我想你真的想等到5000端口回答,对不对? 如果是这样的话,你可以用下面的方式replace睡眠:
ExecStart=/usr/bin/bash /opt/bin/waiter.sh
然后,朝着cloud-config的顶部:
write_files: - path: /opt/bin/waiter.sh permissions: 0755 owner: root content: | #! /usr/bin/bash until curl -s http://127.0.0.1:5000/; do echo waiting waiter.sh; sleep 2; done
或类似的东西。 等到这个港口有什么东西再继续。
-G