与设备映射和docker的docker工人
我正在尝试将docker容器存储在luks设备中,但是使用下面的命令却无法正常工作。
我也试图有一个docker容器来使用(也许打开)一个stream行文件作为卷数据,但我不知道如何将其绑定到容器
我做了以下几件事:
pvcreate /dev/sdb Physical volume "/dev/sdb" successfully created vgcreate vgluks /dev/sdb Volume group "vgluks" successfully created lvcreate -l 90%FREE -n lvdocker-data vgluks WARNING: crypto_LUKS signature detected on /dev/vgluks/lvdocker-data at offset 0. Wipe it? [y/n]: y Wiping crypto_LUKS signature on /dev/vgluks/lvdocker-data. Logical volume "lvdocker-data" created. lvcreate -l 100%FREE -n lvdocker-metadata vgluks Logical volume "lvdocker-metadata" created. 创造了一把钥匙
dd if=/dev/urandom of=/tmp/key bs=4K count=1 1+0 records in 1+0 records out 4096 bytes (4.1 kB) copied, 0.00126301 s, 3.2 MB/s cryptsetup luksFormat --batch-mode --key-file=/tmp/key /dev/vgluks/lvdocker-data cryptsetup luksFormat --batch-mode --key-file=/tmp/key /dev/vgluks/lvdocker-metadata cryptsetup luksOpen --key-file=/tmp/key /dev/vgluks/lvdocker-data cryptfs-data cryptsetup luksOpen --key-file=/tmp/key /dev/vgluks/lvdocker-metadata cryptfs-metadata
在ext4格式化
mkfs.ext4 /dev/mapper/cryptfs-data mkfs.ext4 /dev/mapper/cryptfs-metadata
我的docker.service看起来像这样:
[Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network.target docker.socket Requires=docker.socket [Service] Type=notify EnvironmentFile=-/etc/sysconfig/docker ExecStart=/usr/bin/docker daemon -H fd:// $OPTIONS MountFlags=slave LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity [Install] WantedBy=multi-user.target
和/ etc / sysconfig / docker是这样的:
OPTIONS="--storage-driver=devicemapper --storage-opt dm.datadev=/dev/vgluks/lvdocker-data --storage-opt dm.metadatadev=/dev/vgluks/lvdocker-metadata --insecure-registry myregistryhost:443 -H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock"
systemctl的输出是:
systemctl status -l docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2015-12-23 16:05:28 CET; 25min ago Docs: https://docs.docker.com Main PID: 6544 (code=exited, status=1/FAILURE) Dec 23 16:05:28 localhost.localdomain systemd[1]: Starting Docker Application Container Engine... Dec 23 16:05:28 localhost.localdomain docker[6544]: time="2015-12-23T16:05:28.457356524+01:00" level=warning msg="/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\" Dec 23 16:05:28 localhost.localdomain docker[6544]: time="2015-12-23T16:05:28.478448525+01:00" level=fatal msg="Error starting daemon: error initializing graphdriver: Error running deviceCreate (CreatePool) dm_task_run failed" Dec 23 16:05:28 localhost.localdomain systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE Dec 23 16:05:28 localhost.localdomain systemd[1]: Failed to start Docker Application Container Engine. Dec 23 16:05:28 localhost.localdomain systemd[1]: Unit docker.service entered failed state. Dec 23 16:05:28 localhost.localdomain systemd[1]: docker.service failed.