怎么修改docker容器中使用的内核参数?

怎么样修改容器使用的内核参数？

 

通过下面的实验，你将知道，如何对容器使用的内核参数进行调整

 

1、背景信息

 

操作系统的内核参数 net.ipv4.ip_forward = 1

[root@centos7 ~]# sysctl -a | grep ip_forward
sysctl: reading key "net.ipv6.conf.all.stable_secret"
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0

 

启动一个容器，查看容器中的内核参数值

 

发现，容器中的内核参数 net.ipv4.ip_forward 的值 1

[dc68fc884ae9 root:/usr/local/tomcat]# sysctl -a | grep ip_forward
sysctl: error reading key 'net.ipv6.conf.all.stable_secret': I/O error
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
sysctl: error reading key 'net.ipv6.conf.default.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': I/O error

 

2、修改内核参数及验证

 

在操作系统上，将内核参数修改为 0

 

[root@centos7 ~]# cat /etc/sysctl.conf 
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=0
[root@centos7 ~]# 


# 让参数生效
sysctl -p

 

从操作系统上看，内核参数已经生效，值变为了0

[root@centos7 ~]# sysctl -a |grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_use_pmtu = 0

 

现在，进入到容器中，看参数值是否发生变化

 

参数值，还是 1

[dc68fc884ae9 root:/usr/local/tomcat]# sysctl -a | grep ip_forward
sysctl: error reading key 'net.ipv6.conf.all.stable_secret': I/O error
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
sysctl: error reading key 'net.ipv6.conf.default.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': I/O error

 

容器中执行sysctl -p重新加载

 

发现，参数值还是1，没有变化

[dc68fc884ae9 root:/usr/local/tomcat]# sysctl -p
[dc68fc884ae9 root:/usr/local/tomcat]# sysctl -a | grep ip_forward
sysctl: error reading key 'net.ipv6.conf.all.stable_secret': I/O error
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
sysctl: error reading key 'net.ipv6.conf.default.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': I/O error

 

OK，那重点来了 ...

 

重启容器

 

# 从容器中退出
[dc68fc884ae9 root:/usr/local/tomcat]# exit
exit

# 重新启动容器
[root@centos7 ~]# docker run -it --rm tomcat:9.0.73-jdk8u202-alpine bash
WARNING: IPv4 forwarding is disabled. Networking will not work.
using system default DNS server.
time="2023-05-26 15:05:44" level=info msg="【配置中心下载器 【4.1版本】】 日志如下 ==> "
time="2023-05-26 15:05:44" level=warning msg="未设置环境变量cf_disconf_conf_server_host，将不会执行下载配置文件的功能，下载器正常运行结束."
当前服务HOSTNAME:9c5e53cf2ed5
截取后的服务名为：9c5e53cf2ed5
识别到当前为标准业务服务，设置容器内下载路径为/usr/local/tomcat/webapps/ROOT/WEB-INF/
dbDriverTool.jar or driver directory is not exist.
+ gitproject=
+ test -z
+ echo 'Patchmangement parameter gitproject is not set!'
Patchmangement parameter gitproject is not set!

 

查看内核参数

 

内核参数已经修改为0了，已经和操作系统一样了

[9c5e53cf2ed5 root:/usr/local/tomcat]# sysctl -a | grep ip_forward
sysctl: error reading key 'net.ipv6.conf.all.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.default.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': I/O error
sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': I/O error
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_use_pmtu = 0
[9c5e53cf2ed5 root:/usr/local/tomcat]# 

 

3、结论

 

• 操作系统内核参数，docker容器会继承。

 

• 如果操作系统内核参数修改了，docker容器要重启，才会生效。