zoukankan      html  css  js  c++  java
  • docker 源码分析NewDaemon 函数


        setDefaultMtu(config)  //  设置默认MTU 1500
        ModifyRootKeyLimit() //  "/proc/sys/kernel/keys/root_maxkeys"  key权限不足的话修改权限
        verifyDaemonSettings(config) //   检查配置是否正确,不正确退出
        config.DisableBridge = isBridgeNetworkDisabled(config)   // conf.BridgeConfig.Iface == config.DisableNetworkBridge

        if !platformSupported {  //   系统是否支持
            return nil, errSystemNotSupported

        checkSystem()  //   检查系统版本等信息

        uidMaps, gidMaps, err := setupRemappedRoot(config)  // pkg/idtools/idtools.go  根据username、groupname创建两个map
        rootUID, rootGID, err := idtools.GetRootUIDGID(uidMaps, gidMaps) // pkg/idtools/idtools.go 创建根uid、gid

        setupDaemonProcess(config)   // linux   设置 /proc/self/oom_score_adj
        tmp, err := tempDir(config.Root, rootUID, rootGID)  //  创建tmp文件夹
        realTmp, err := fileutils.ReadSymlinkedDirectory(tmp)  //  pkg/fileutils/fileutils.go 给tmp创建一个symlink
        os.Setenv("TMPDIR", realTmp)

        d := &Daemon{configStore: config}   //创建个daem 实例
        defer func() {  // 函数退出时 daemon 关闭
            if err != nil {
                if err := d.Shutdown(); err != nil {

        d.setupSeccompProfile()  // 需要的话创建 seccompProfile
        d.setDefaultIsolation()  // 只是windows使用,决定 isolation mode

        configureMaxThreads(config)  // linux 下面设置最大线程 /proc/sys/kernel/threads-max
        ensureDefaultAppArmorProfile()  // 如果使能 AppArmor ,则加载

        daemonRepo := filepath.Join(config.Root, "containers")   // 创建一个containers的目录
        if err := idtools.MkdirAllAs(daemonRepo, 0700, rootUID, rootGID); err != nil && !os.IsExist(err) {
            return nil, err

        if runtime.GOOS == "windows" {   //  windows创建credentialspecs的目录
            if err := system.MkdirAll(filepath.Join(config.Root, "credentialspecs"), 0); err != nil && !os.IsExist(err) {
                return nil, err

        driverName := os.Getenv("DOCKER_DRIVER")   // 取环境变量设置值,未设置取配置
        if driverName == "" {
            driverName = config.GraphDriver

        d.RegistryService = registryService
        d.PluginStore = plugin.NewStore(config.Root) // todo: remove
        // Plugin system initialization should happen before restore. Do not change order.
        d.pluginManager, err = plugin.NewManager(plugin.ManagerConfig{   // plugin/manager.go  创建plugin manager 实例
            Root:               filepath.Join(config.Root, "plugins"),
            ExecRoot:           getPluginExecRoot(config.Root),
            Store:              d.PluginStore,
            Executor:           containerdRemote,
            RegistryService:    registryService,
            LiveRestoreEnabled: config.LiveRestoreEnabled,
            LogPluginEvent:     d.LogPluginEvent, // todo: make private

        d.layerStore, err = layer.NewStoreFromOptions(layer.StoreOptions{   // lay/layer_store.go 创建graphDriver实例,从driver创建layer仓库的实例
            StorePath:                 config.Root,
            MetadataStorePathTemplate: filepath.Join(config.Root, "image", "%s", "layerdb"),
            GraphDriver:               driverName,
            GraphDriverOptions:        config.GraphOptions,
            UIDMaps:                   uidMaps,
            GIDMaps:                   gidMaps,
            PluginGetter:              d.PluginStore,
            ExperimentalEnabled:       config.Experimental,

        graphDriver := d.layerStore.DriverName()   // 取layer里面的graphDriver
        imageRoot := filepath.Join(config.Root, "image", graphDriver) 

        configureKernelSecuritySupport(config, graphDriver)  // linux内核安全支持的配置
        d.downloadManager = xfer.NewLayerDownloadManager(d.layerStore, *config.MaxConcurrentDownloads)   // distribution/xfer/download.go 创建层下载管理实例
        d.uploadManager = xfer.NewLayerUploadManager(*config.MaxConcurrentUploads)  // distribution/xfer/upload.go 创建层上传管理实例
        ifs, err := image.NewFSStoreBackend(filepath.Join(imageRoot, "imagedb"))   // image/fs.go   创建仓库后端的文件系统
        d.imageStore, err = image.NewImageStore(ifs, d.layerStore)  // image/store.go  创建镜像仓库实例
        volStore, err := d.configureVolumes(rootUID, rootGID) // 创建 volumes driver实例
        trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)  //  api/common.go 按照路径加载libtrust key ,没有就新建一个

        trustDir := filepath.Join(config.Root, "trust")
        system.MkdirAll(trustDir, 0700)
        distributionMetadataStore, err := dmetadata.NewFSMetadataStore(filepath.Join(imageRoot, "distribution"))  // distribution/metadata/metadata.go  按照路径创建一个基于文件系统的元数据仓库实例

        eventsService := events.New()   //  daemon/events/events.go  创建event服务实例
        referenceStore, err := refstore.NewReferenceStore(filepath.Join(imageRoot, "repositories.json"))  // reference/store.go  按照路径创建 reference仓库实例

        v1.Migrate(config.Root, graphDriver, d.layerStore, d.imageStore, referenceStore, distributionMetadataStore) // migrate/v1/migrate.go  迁移metadata

        d.initDiscovery(config) // 创建 discoveryWatcher 实例

        sysInfo := sysinfo.New(false)   // 获取系统信息,linux 不支持cgroup则返回
        if runtime.GOOS == "linux" && !sysInfo.CgroupDevicesEnabled {
            return nil, errors.New("Devices cgroup isn't mounted")

        d.ID = trustKey.PublicKey().KeyID()  // 赋值
        d.repository = daemonRepo
        d.containers = container.NewMemoryStore()
        d.execCommands = exec.NewStore()
        d.referenceStore = referenceStore
        d.distributionMetadataStore = distributionMetadataStore
        d.trustKey = trustKey
        d.idIndex = truncindex.NewTruncIndex([]string{})
        d.statsCollector = d.newStatsCollector(1 * time.Second)
        d.defaultLogConfig = containertypes.LogConfig{
            Type:   config.LogConfig.Type,
            Config: config.LogConfig.Config,
        d.EventsService = eventsService
        d.volumes = volStore
        d.root = config.Root
        d.uidMaps = uidMaps
        d.gidMaps = gidMaps
        d.seccompEnabled = sysInfo.Seccomp
        d.apparmorEnabled = sysInfo.AppArmor
        d.nameIndex = registrar.NewRegistrar()
        d.linkIndex = newLinkIndex()
        d.containerdRemote = containerdRemote

        go d.execCommandGC()  // 新建协程清理容器不需要的命令

        d.containerd, err = containerdRemote.Client(d) //  创建和daemon相关的容器客户端 libcontainerd
        d.restore()    //  restart  container

        // FIXME: this method never returns an error
        info, _ := d.SystemInfo()   // 获取host server系统信息


        // set up SIGUSR1 handler on Unix-like systems, or a Win32 global event
        // on Windows to dump Go routine stacks
        stackDumpDir := config.Root
        if execRoot := config.GetExecRoot(); execRoot != "" {
            stackDumpDir = execRoot
        d.setupDumpStackTrap(stackDumpDir)  // 创建处理系统信号的通道和协程

  • 相关阅读:
    CM10 WIFI连不上解决方案
    项目报错 java lang illegalargumentexception error at 0 can t find referenced pointcut
    Apache Log4j 2 is Coming
    Struts2报错:No result defined for action xxx and result input
    运行Android程序出错:The connection to adb is down, and a severe error has occured
    DB2 和 有道词典冲突: A communication error has been detected. Communication protocol being used: Reply.fill().
  • 原文地址:https://www.cnblogs.com/arwen-spy/p/6624362.html
Copyright © 2011-2022 走看看