在一屏幕显示的选项内,按指定关键字可快速定位到选项。选项可以有多个。继续按即可。在ncurese界面以粗体显示。如在 Device Drivers中,按字母 p 可定位到 Parallel port support、PPS support、 PTP clock support、 Pin controllers、 Power supply class support。注意,只有当前屏幕上显示的才会定位到,屏幕外的无法定位,但可以按向下箭头翻页,可以将配置界面窗口最大化,描述看似复杂,有兴趣者尝试即知。
在重新编译后,一定要确认版本,如内核,可以通过 uname -a 得到编译时间,如buildroot,可以通过定入特定文件来确认。
五、实验
本文实验环境:
buildroot: 2018.02 (busybox: 1.27.2)
kernel: 4.15
交叉编译器:buildroot构建,7.2
本文针对docker的配置,与此之外的,略过。
buildroot配置:
1 2 3 4 5 6 7 8 9 10 11 12
System configuration ---> Init system (systemd) ---> /bin/sh (bash) --->
[Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=1048576 # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNPROC=infinity LimitCORE=infinity # Uncomment TasksMax if your systemd version supports it. # Only systemd 226 and above support this version. #TasksMax=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process # restart the docker process if it exits prematurely Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s
# systemctl start docker Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
5.1.2 结果分析
启动失败,根据提示,使用 systemctl status docker.service 查看状态:
level=warning msg="Your kernel does not support cgroup blkio throttle.read_bps_device" level=warning msg="Your kernel does not support cgroup blkio throttle.write_bps_device" level=warning msg="Your kernel does not support cgroup blkio throttle.read_iops_device" level=warning msg="Your kernel does not support cgroup blkio throttle.write_iops_device" level=warning msg="Unable to find cpuset cgroup in mounts" level=warning msg="mountpoint for pids not found" level=info msg="Loading containers: start." level=warning msg="Running modprobe nf_nat failed with message: `modprobe: WARNING: Module nf_nat not found in directory /lib/modules/4.14.67`, error: exit status 1" level=warning msg="Running modprobe xt_conntrack failed with message: `modprobe: WARNING: Module xt_conntrack not found in directory /lib/modules/4.14.67`, error: exit status 1" level=warning msg="could not create bridge network for id 2d6e81842f793d6effca9c7a9e34164338971f4f12e3577f063b77645c795427 bridge name docker0 while booting up from persistent state: Failed to program NAT chain: Failed to inject docker in PREROUTING chain: iptables failed: iptables --wait -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER: iptables: No chain/target/match by that name.\n (exit status 1)"
[*] Enable the block layer ---> [*] Block layer bio throttling support
[*] Networking support ---> Networking options ---> [*] Network packet filtering framework (Netfilter) ---> IP: Netfilter Configuration ---> <*> IPv4 connection tracking support (required for NAT) <M> IPv4 socket lookup support -*- IPv4 nf_tables support <*> IPv4 nf_tables route chain support <*> IPv4 nf_tables packet duplication support <*> nf_tables fib / ip route lookup support <*> ARP nf_tables support -*- Netfilter IPv4 packet duplication to alternate destination <*> ARP packet logging {M} IPv4 packet logging -*- IPv4 packet rejection -*- IPv4 NAT <*> IPv4 nf_tables nat chain support -*- IPv4 masquerade support < > IPv4 masquerading support for nf_tables < > IPv4 redirect support for nf_tables <*> IP tables support (required for filtering/masq/NAT) <*> "ah" match support <*> "ecn" match support < > "rpfilter" reverse path filter match support <*> "ttl" match support <*> Packet filtering <*> REJECT target support <*> SYNPROXY target support <*> iptables NAT support // !!! 这里 <*> MASQUERADE target support <*> NETMAP target support <*> REDIRECT target support <*> Packet mangling < > CLUSTERIP target support < > ECN target support <*> "TTL" target support < > raw table support (required for NOTRACK/TRACE) < > Security table <*> ARP tables support <*> ARP packet filtering <*> ARP payload mangling
level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded." level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded." level=error msg="Failed to built-in GetDriver graph devicemapper /var/lib/docker" level=info msg="Graph migration to content-addressability took 0.00 seconds" level=warning msg="Your kernel does not support swap memory limit" level=warning msg="Your kernel does not support cgroup blkio weight" level=warning msg="Your kernel does not support cgroup blkio weight_device" level=warning msg="Unable to find cpuset cgroup in mounts" level=info msg="Loading containers: start." level=warning msg="Running modprobe xt_conntrack failed with message: `modprobe: WARNING: Module xt_conntrack not found in directory /lib/modules/4.14.67`, error: exit status 1"
[*] Enable the block layer ---> IO Schedulers ---> <*> CFQ I/O scheduler [*] CFQ Group Scheduling support Default I/O scheduler (CFQ) --->
General setup ---> [*] Support for paging of anonymous memory (swap)
[*] Networking support ---> Networking options ---> [*] Network packet filtering framework (Netfilter) ---> Core Netfilter Configuration ---> [M] "conntrack" connection tracking match support
File systems ---> <*> Overlay filesystem support [*] Overlayfs: turn on redirect dir feature by default [*] Overlayfs: turn on inodes index feature by default
*** Xtables targets *** [*] AUDIT target support [*] CHECKSUM target support [*] "CLASSIFY" target support [*] "CONNMARK" target support [*] "DSCP" and "TOS" target support -*- "HL" hoplimit target support [*] "HMARK" target support [*] IDLETIMER target support [*] "LED" target support [*] LOG target support [*] "MARK" target support -*- "SNAT and DNAT" targets support -*- "NETMAP" target support [*] "NFLOG" target support [*] "NFQUEUE" target Support -*- "RATEEST" target support -*- REDIRECT target support [*] "TEE" - packet cloning to alternate destination [*] "TPROXY" target transparent proxying support [*] "TCPMSS" target support [*] "TCPOPTSTRIP" target support *** Xtables matches *** [*] "addrtype" address type match support [*] "bpf" match support [*] "control group" match support [*] "cluster" match support [*] "comment" match support [*] "connbytes" per-connection counter match support [*] "connlabel" match support [*] "connlimit" match support [*] "connmark" connection mark match support [*] "conntrack" connection tracking match support [*] "cpu" match support [*] "dccp" protocol match support [*] "devgroup" match support [*] "dscp" and "tos" match support -*- "ecn" match support [*] "esp" match support [*] "hashlimit" match support [*] "helper" match support -*- "hl" hoplimit/TTL match support [*] "ipcomp" match support [*] "iprange" address range match support [*] "l2tp" match support [*] "length" match support [*] "limit" match support [*] "mac" address match support [*] "mark" match support [*] "multiport" Multiple port match support [*] "nfacct" match support [*] "osf" Passive OS fingerprint match [*] "owner" match support [*] IPsec "policy" match support [*] "physdev" match support [*] "pkttype" packet type match support [*] "quota" match support [*] "rateest" match support [*] "realm" match support [*] "recent" match support [*] "sctp" protocol match support [*] "state" match support [*] "statistic" match support [*] "string" match support [*] "tcpmss" match support [*] "time" match support [*] "u32" match support
5.3 第三次
5.3.1 启动
重新编译,烧写镜像,登陆系统。启动:
1 2 3
# systemctl start docker Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
# systemctl status docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2019-11-30 19:56:57 +08; 10s ago Docs: https://docs.docker.com Main PID: 594 (dockerd) Tasks: 17 (limit: 1124) CGroup: /system.slice/docker.service ├─594 /usr/bin/dockerd -H fd:// └─599 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc
level=info msg="Graph migration to content-addressability took 0.00 seconds" level=info msg="Loading containers: start." level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address" level=info msg="Loading containers: done." level=warning msg="failed to retrieve docker-runc version: unknown output format: runc version commit: 9c2d8d184e5da67c95d601382adf14862e4f2228\nspec: 1.0.0-rc2-dev\n" level=warning msg="failed to retrieve docker-init version: exec: \"docker-init\": executable file not found in $PATH" level=info msg="Daemon has completed initialization" level=info msg="Docker daemon" commit=89658be graphdriver=overlay2 version=17.05.0-ce buildroot systemd[1]: Started Docker Application Container Engine. level=info msg="API listen on /var/run/docker.sock"
Docker服务启动成功。
六、拉取镜像
6.1 第一次
6.1.1 拉取镜像
1 2 3
# docker pull armhf/busybox Using default tag: latest Error response from daemon: Get https://registry-1.docker.io/v2/: x509: failed to load system roots and no roots provided
Target packages -> Libraries -> Crypto [*] CA Certificates
6.2 第二次
6.2.1 拉取镜像
1 2 3
# docker pull armhf/busybox Using default tag: latest Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate has expired or is not yet valid
6.2.2 结果分析
提示信息为证书过期,原因是板子的时间不正确,查看:
1 2
# date Thu Jan 4 12:40:00 UTC 2018
6.2.3 问题解决
板子上UTC时间:
1 2
# ls -lh /etc/localtime lrwxrwxrwx 1 root root 29 Nov 27 2019 /etc/localtime -> ../usr/share/zoneinfo/Etc/UTC
改为东八区(GMT-8),并设置为当前时间:
1 2
ln -s ../usr/share/zoneinfo/Etc/GMT-8 /etc/localtime date -s '2019-11-30 22:34'
重新尝试。
1 2 3 4 5 6
# docker pull armhf/busybox Using default tag: latest latest: Pulling from armhf/busybox d34a655120f5: Pull complete Digest: sha256:8e51389cdda2158935f2b231cd158790c33ae13288c3106909324b061d24d6d1 Status: Downloaded newer image for armhf/busybox:latest
成功拉取镜像。
七、运行镜像
7.1 第一次
7.1.1 运行
运行出错:
1 2
# docker run --name busybox -it armhf/busybox sh docker: Error response from daemon: failed to create endpoint busybox on network bridge: failed to add the host (vethb7b8cb4) <=> sandbox (veth9baa1ae) pair interfaces: operation not supported.
7.1.2 结果分析
使用 docker ps -a 查看状态,为 Created(但不是运行):
1 2 3 4 5 6
# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d98ede1ba748 armhf/busybox "sh" 7 seconds ago Created busybox // 删除之 # docker rm busybox busybox
查看 docker 网络:
1 2 3 4 5
# docker network ls NETWORK ID NAME DRIVER SCOPE 606c3e2fd95b bridge bridge local 702e4dd6184e host host local 8341311d1332 none null local
g 31 14:50:14 BL-OCU audit[305]: SYSCALL arch=40000028 syscall=294 per=800000 success=yes exit=0 a0=4 a1=0 a2=40 a3=82e48 items=0 ppid=32608 pid=305 auid=42949672 95 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/xtables-multi" key=(null) Aug 31 14:50:14 BL-OCU audit: PROCTITLE proctitle=2F7573722F7362696E2F69707461626C6573002D2D77616974002D74006E6174002D4900444F434B4552002D6900646F636B657230002D6A00 52455455524E Aug 31 14:50:14 BL-OCU kernel: xt_addrtype: disagrees about version of symbol module_layout Aug 31 14:50:14 BL-OCU kernel: xt_addrtype: disagrees about version of symbol module_layout Aug 31 14:50:14 BL-OCU kernel: xt_addrtype: disagrees about version of symbol module_layout Aug 31 14:50:14 BL-OCU kernel: xt_addrtype: disagrees about version of symbol module_layout Aug 31 14:50:14 BL-OCU kernel: xt_addrtype: disagrees about version of symbol module_layout Aug 31 14:50:15 BL-OCU dockerd[32608]: Error starting daemon: Error initializing network controller: Error creating default "bridge" network: Failed to program NAT chain: Failed to inject docker in PREROUTING chain: iptables failed: iptables --wait -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER: iptables: No chain /target/match by that name. Aug 31 14:50:15 BL-OCU dockerd[32608]: (exit status 1) Aug 31 14:50:15 BL-OCU systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE Aug 31 14:50:15 BL-OCU systemd[1]: docker.service: Failed with result 'exit-code'. Aug 31 14:50:15 BL-OCU systemd[1]: Failed to start Docker Application Container Engine. -- Subject: Unit docker.service has failed -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit docker.service has failed. -- -- The result is RESULT.
