fd：//是什么意思在dockerd -H fd：// [英] what does fd:// mean exactly in dockerd -H fd://

问题描述

Docker守护程序文档建议以下内容主机选项大多数设置：

Docker daemon documentation suggests the following hosts option for most setups:

dockerd -H fd://

我猜 fd 代表文件描述符。我不明白 fd 是否用于套接字通信。

I guess fd stands for file descriptor. I don't understand how fd is used for socket communication.

我了解以下选项：

-H unix:///var/run/docker.sock -H tcp://192.168.59.106 -H tcp://10.10.10.2

这些是unix域套接字和tcp套接字。我知道如何使用这些套接字来调用docker守护进程：

These are unix domain sockets and tcp sockets. I know how to call docker daemon using these sockets:

docker -H tcp://0.0.0.0:2375 ps

但是，如果我使用 -H启动docker守护程序-H fd：// ，以下调用给出错误：

But if I started docker daemon using -H fd://, the following call gives error:

$ docker -H fd:// ps
error during connect: Get http:///v1.26/containers/json: http: no Host in request URL

那么 fd：// 的含义是什么？有什么用吗？

So what is the meaning of fd://? Is there any use for it?

推荐答案

当您启动Docker守护程序时， -H fd：// 将告诉Docker该服务正在由Systemd启动，并将使用套接字激活，systemd将创建目标套接字并将其传递给Docker守护程序以使用。这是 Systemd的介绍，这是套接字激活介绍。博客很漫长但真的很值得阅读，这里有一个简要的要点，了解这个问题：

When you start Docker daemon, -H fd:// will tell Docker that the service is being started by Systemd and will use socket activation, systemd will create the target socket and pass it to Docker daemon to use. This is the introduction to Systemd and this is the introduction to socket activation. The blogs are pretty long but really worthy reading, here's a short summary of key points for understanding this question:

• Systemd是一个新的 init 系统旨在取代传统的SysV init系统，其主要功能之一是更快的init进程。


• 套接字激活是Systemd中加速服务初始化的技术之一


• 要接收请求，服务需要套接字来监听，以Docker为例，它需要 unix domain socket like /var/run/docker.sock 或TCP套接字，当然这些套接字需要有人创建，大多数的时间是服务本身在开始时间。


• 通过套接字激活，SystemD将创建这些套接字并收听服务，并在启动时将这些套接字传递到 exec 服务。一个好处是，即使在相关服务启动之前，客户机请求可以在套接字成功创建后在套接字缓冲区中排队。



• Systemd使用的特定服务的套接字信息在套接字单元文件中，Docker的 [docker.socket] [3] 包含内容：

• Systemd is a new init system intending to replace traditional SysV init system, one of its key features is faster init process.
• Socket activation is one of the technologies used in Systemd to speed up service initialization
• To receive requests, service needs socket to listen on, take Docker as example it needs unix domain socket like /var/run/docker.sock or TCP socket, of course those sockets needs somebody to create, most of the time is the service itself during start time.
• With socket activation, SystemD will create those sockets and listen on it for services, and pass those sockets to service with exec when start the service. One benefit is that client requests can be queued in socket buffer once the socket is successfully created, even before the related service is started.

• The socket info for a certain service used by Systemd is in socket unit file, for Docker it's [docker.socket][3] with content:

[Unit]
Description=Docker Socket for the API
PartOf=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

让我们看看整个事情如何运作。我在 / etc / systemd / system下的文件 docker.socket 和 docker.service / code>，$ code> docker.service 的 ExecStart 行是：

Let's see how the whole thing works. I have file docker.socket and docker.service under /etc/systemd/system, the ExecStart line for docker.service is:

ExecStart=/usr/bin/dockerd -H fd://

1. 停止Docker服务： systemctl stop docker

$> ps aux | grep 'docker' # the `grep` itself in the output is ignored
$> lsof -Ua | grep 'docker'
$> 

没有Docker进程正在运行，没有 docker.sock

No docker process is running, and no docker.sock

执行 systemctl start docker.socket ：

$> systemctl start docker.socket
$> ps aux | grep 'docker' 
$> lsof -Ua | grep 'docker'
systemd       1    root   27u  unix 0xffff880036da6000      0t0 140748188 /var/run/docker.sock

启动后 docker.socket ，我们可以看到还没有运行Docker进程，但套接字 /var/run/docker.sock 已创建，它属于进程 systemd 。

After start docker.socket, we can see that there's still no docker process running, but the socket /var/run/docker.sock has been created, and it's belongs to process systemd.

（Off-Topic ：实际上，套接字现在可以接收请求，即使 docker 尚未运行，systemd将启动 docker.service 在第一个请求到来的时候，将已经创建的套接字传递给Docker，这就是所谓的按需自动生成）

(Off-Topic: Actually the socket is ready to receive requests now, even docker is not running yet, systemd will start docker.service at the moment the first request comes, passing the already created sockets to Docker. This is so-called on-demand auto-spawning)

开始 docker.service

$> systemctl start docker.service
$> ps aux | grep 'docker'
root     26302  0.0  1.8 431036 38712 ?        Ssl  14:57   0:00 /usr/bin/dockerd -H fd://
<....>

正如你可以告诉Docker现在运行的那样。让我们一步一步，尝试从终端手动执行 / usr / bin / dockerd -H fd：//

As you can tell that Docker is running now. Let's go one step back and try to execute /usr/bin/dockerd -H fd:// manually from terminal:

$> /usr/bin/dockerd -H fd://
FATA[0000] no sockets found via socket activation: make sure the service was started by systemd 

现在您看到差异，当您使用 -H fd：// 时，docker将期望套接字被传递通过其父进程，而不是自己创建它。当Systemd启动时，Systemd将执行此操作，但是当您手动启动它时，您不会执行任务，因此docker守护程序进程失败并中止。这是 docker进程的代码fd：//当docker守护进程启动时，如果你有兴趣，你可以看看。

Now you see the differences, when you use -H fd://, docker will expect the socket be passed by its parent process, rather than creating it by itself. When it's started by Systemd, Systemd will do the job, but when you manually start it on termial, you don't do the job so the docker daemon process failed and aborted. This is the code of how docker process fd:// when docker daemon starts, you can have a look if you're interested.

另一方面，对于docker客户端，docker cli将从主机中解析协议/ addr 在 -H 中指定，并对Docker守护程序进行 http 请求，默认主机为 UNIX：///var/run/docker.sock 。支持的协议包括 tcp ， unix ， npipe 和 FD 。就我从源代码中浏览， fd 的传输配置与 tcp 相同，所以如果你有tcp套接字侦听，你可以直接玩：

On the other hand for docker client, docker cli will parse protocol/addr from host specified in -H and make http request to docker daemon, the default host is unix:///var/run/docker.sock. The supported protocols include tcp, unix, npipe and fd. As far as I explore from source code, the transport configuration for fd is the same with tcp, so if you have tcp socket listening, you can just play it with:

$> docker -H fd://localhost:4322 ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

与以下相同：

docker -H tcp://localhost:4322 ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

这篇关于fd：//是什么意思在dockerd -H fd：//的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！