Docker source code analysis (three): Daemon Docker start

Label Dockercloud computingSource analysis
5613 people read comment(0) Collection report


[Docker source code analysis (three): Daemon Docker start] Docker as the industry's highly respected lightweight virtual container management engine, its powerful background capabilities all by Daemon Docker. Starting from the source code, this paper introduces the start of Daemon Docker process, and in-depth analysis of the implementation details of each step in the start process. Docker run really can be described as the carrier for the daemon, scheduling management by the engine, the task is performed by job.

1 Preface

Since the birth of Docker, it has led the field of lightweight virtual container technology boom. In this trend, Google, IBM, Redhat and other industry leaders have joined the Docker camp. Although the docker still mainly based on the Linux platform, but Microsoft has repeatedly announced support for docker, from the previously announced azure support docker and kubernetes, today announced the next generation windows server of the original ecology support docker. Microsoft of this series of measures to show how much of a compromise to the Linux world, of course, this also had to let the world have a new understanding of the great influence of Docker.

Docker's influence is self-evident, but if you need to in-depth study of the internal implementation of Docker, the author believes that the most important is to understand the Daemon Docker. In the Docker architecture, Client Docker communicates with Daemon Docker through a specific protocol, while Daemon Docker mainly carries most of the work during the Docker operation. This is the "Docker" series of third source code analysis - Docker Daemon.

2 Daemon Docker profile

Daemon Docker is running in the Docker architecture in the background of the guard process, can be divided into Server Engine, Docker and Job three parts. Docker daemon that is through docker server module accept docker client request, and in the engine to handle the request, and then according to the type of request, to create the specified job and run and operation process has several possible: to docker registry to obtain mirror, pass over graphdriver container image localization operation execution, vessel network environment configuration by networkdriver, by execdriver perform the operation in the interior of the container implementation etc..

The following is a schematic diagram of the Daemon Docker architecture:


3 Daemon Docker source analysis content arrangement

This article from the source point of view, the main analysis of the starting process of Daemon Docker. Because there are great similarities docker daemon and docker client startup process, so after the start process is introduced. This paper emphatically analyses start process in the most important link: create a daemon process mainDaemon ().

4 Daemon Docker startup process

Since both Daemon Docker and Client Docker are started by an executable file docker, the startup process is very similar. Docker executable file run, run the code through different command line flag parameters, to distinguish between the two, and eventually run the respective parts of the two.

When starting Daemon Docker, you can generally use the following command: --daemon=true docker; D - docker; d=true - docker, etc.. Then by the main docker () function to resolve the above command of the corresponding flag parameters, and ultimately complete the Daemon Docker start.

First, attach the Daemon Docker start flow chart:


Because of the "Docker source code analysis" seriesDocker Client articlesIn the Docker () has been involved in the main () function to run a lot of previous work.Docker Client articles), and docker Daemon Start will be involved in the work, so this paper omits some of the same, and specific source mainly for only the subsequent and docker daemon related content carries on the thorough analysis, namely mainDaemon () implementation.

5 mainDaemon () of the specific implementation

Through the flow chart of Daemon Docker, we can draw a conclusion: all the work related to Daemon Docker is included in the implementation of mainDaemon () method.

Macroscopically speaking, mainDaemon () to complete the creation of a daemon process, and to make its normal operation.

From the functional point of view, mainDaemon () to achieve the two parts: first, create a Docker running environment; second, service in Client Docker, receive and process the corresponding request.

From the implementation details,Implementation process of mainDaemon ()Mainly contains the following steps:

* the daemon config initiliaze (in this part of the init () function to achieve, that is in front of the mainDaemon () to run executes, but because is closely related to the operation of this part of the content and mainDaemon (), so can think is mainDaemon () operational prerequisite);
* command line flag parameter check;
* create a engine object;
* set engine signal acquisition and processing method;
* load builtins;
* use goroutine to load daemon objects and run;
* print Docker version and drive information;
The creation and operation of Job "serveapi".

Below will be one one in-depth analysis of the above steps.

5 configuration initialization

Before the mainDaemon () run, the config configuration information needed for Daemon Docker has been initialized. Specific implementation is as follows, located in./docker/docker/daemon.go:

DaemonCfg = &daemon.Config{}
Init func () {
DaemonCfg.InstallFlags ()


First, declare a variable of the Config type in the daemon package, named daemonCfg. The Config object defines the configuration information required by the Daemon Docker. At the start of Daemon daemonCfg, the Docker variable is passed to Daemon Docker and is used.

The Config object is defined as follows (including the interpretation of some of the attributes)../docker/daemon/config.go:

Config struct type {
String //Docker Daemon PID Pidfile file of the process
Root path used by string //Docker Root runtime
AutoRestart bool / / has been enabled to support docker run, restart the
[]string //Docker DNS using Server Dns
[]string //Docker DnsSearch to use the specified DNS to find the domain name
Mirrors []string / / the specified priority Docker Registry image
EnableIptables bool / / Docker enabled iptables function
EnableIpForward bool / / net.ipv4.ip_forward enabled function
EnableIpMasq bool / / IP enabled camouflage technology
The default IP DefaultIp net.IP / / use the binding container port
BridgeIface string / / add to the existing bridge container network
BridgeIP string / / create the bridge IP address
FixedCIDR string / / IP specified IPv4 subnet, subnet bridge must be included
InterContainerCommunication bool / / host on the same whether to allow communication between the container
String //Docker GraphDriver runtime use of a specific storage drive
GraphOptions storage []string / / set driver options
The specific exec ExecDriver string / / Docker runtime use drive
Mtu int / / MTU container network settings
DisableNetwork bool / / definition, after not initialized
EnableSelinuxSupport bool / / SELinux enabled function support
Context map[string][]string / / definition, after not initialized


After the declaration of daemonCfg, init () function to achieve the daemonCfg variables in the various attributes of the assignment, the specific implementation is: daemonCfg.InstallFlags (), located in./docker/daemon/config.go, the code is as follows:

Func (*Config InstallFlags) config () {
Flag.StringVar (&config.Pidfile), "P", "[]string{", "-pidfile", "/var/run/", "Path", "to use for daemon PID file"
Flag.StringVar (&config.Root), "g", "[]string{", "-graph", "/var/lib/docker", "Path", "to use as the root of the Docker" (runtime)
Opts.IPVar (&config.DefaultIp), "#ip", "[]string{", "-ip", "", "Default", "IP address to use when Binding container ports" ()
Opts.ListVar (&config.GraphOptions, []string{"-storage-opt"}, "storage driver options Set")


In the implementation of InstallFlags () function, the main is to define a certain type of flag parameters, and the value of the parameter is bound to the specified attributes of the config variables, such as:

Flag.StringVar (&config.Pidfile, []string{"P", "-pidfile", "/var/run/", "Path", "to use for daemon PID file"


The meaning of the above statement is:

* define a flag parameter for the String type;
* the name of the flag is "P" or "-pidfile"";
* the value of the flag is "/var/run/", and the value is bound to the variable config.Pidfile;
* the description of the flag information for the to use for Path daemon PID file".

At this point, the configuration information needed for the Daemon Docker is declared and initialized.

5.1 flag parameter check

From this section, the real entry into Daemon mainDaemon Docker () operation analysis.

The first step is the examination of the flag parameter. Specifically, that is, when the docker command is parsed by the flag parameter, the remaining parameters are judged to be 0. If 0, then docker daemon start command is correct, normal operation; not to 0, then the docker daemon is started in the incoming excess parameters at this time will output an error message and exit the program is running. Specific code is as follows:

Flag.NArg if () = 0 {
Flag.Usage ()


## **5.2 to create engine object * *

In the mainDaemon () in the process of running, flag parameters after the inspection is completed, then create a engine object, the code is as follows:

Eng: = engine.New ()


Engine is the running engine of Docker architecture, and it is also the core module of Docker. Engine plays the role of container Docker storage warehouse and manages these containers in the form of job.

stay./docker/engine/engine.goThe Engine structure is defined as follows:

Engine struct type {
Map[string]Handler handlers
Handler catchall
Hack Hack / / data for temporary hackery (see hack.go)
String ID
Io.Writer Stdout
Io.Writer Stderr
N io.Reader Stdi
Bool Logging
Sync.WaitGroup tasks
L sync.RWMutex / / lock for shutdown
Bool shutdown
OnShutdown []func (shutdown) / / handlers


Among them, the most important one is the Engine structure in the handlers structure. The handlers property for the map type, key for the string type, value for the Handler type. The definition of Handler type is as follows:

Handler func type (*Job) Status


Visible, Handler as a function of the definition. The function passed in the parameter for the Job pointer, returned to the Status state.

Introduction of Engine and Handler, and now really into the New () function of the realization of:

New *Engine () func {
Eng: = &Engine{
Make handlers: (map[string]Handler),
Utils.RandomString id: (),
Os.Stdout Stdout,
Os.Stderr Stderr,
Os.Stdin Stdin,
True Logging,
Eng.Register ("commands", func (*Job job) Status {
For _, name: = range eng.commands () {
Job.Printf ("%s\n", name)
StatusOK return
Existing global handlers / / Copy
K V, for: = globalHandlers range {
Eng.handlers[k] = v
Eng return


Analysis of the above code, you can know the New () function to return a Engine object. And the code realization part, the first work is to create an engine structure instance eng; the second is to eng object registered name commands the handler, the handler for temporary definition function func (job *Job) Status{}. The function is through job to print all registered after the command name, eventually return to the state StatusOK; the third working: all the handler defined variables globalHandlers is copied to eng object attribute to the handlers. Finally successfully returned to the eng object.

5.3 set engine signal capture

Back to the mainDaemon () function of the run, the implementation of the follow-up code:

Signal.Trap (eng.Shutdown)


The role of this part of the code is: in docker daemon running, set trap specific signal processing method, the specific signals have SIGINT, SIGTERM and sigquit; when the program is to capture SIGINT or SIGTERM signal, executive corresponding remedial operation, finally to ensure the docker daemon program exit.

The implementation of this part of the code is located in./docker/pkg/signal/trap.go. The realization of the process is divided into the following 4 steps:

* create and set a channel that is used to send a signal to the;
* define the signals array variable, the initial value is os.SIGINT, os.SIGTERM; if the environment variable DEBUG is empty, then add the os.SIGQUIT to the signals array;
* through gosignal.Notify (C, signals...) in the Notify function to achieve the received signal signal to C. Note that only signals is listed in the signal will be passed to the C, the rest of the signal will be directly ignored;
* create a goroutine to deal with specific signal signal, when the signal type or syscall.SIGTERM os.Interrupt, execute the incoming trap function of the specific implementation method, parameter for cleanup (), the argument for eng.Shutdown.

Shutdown () the definition of the function is located in./docker/engine/engine.go, mainly to do the work is for the Docker Daemon off to do some remedial work.

The aftermath is as follows:

* Daemon Docker no longer receives any new Job;
* Daemon Docker waits for all surviving Job to execute;
* Daemon Docker calling all shutdown processing methods;
* when all the handler is done, or after 15 seconds, the Shutdown () function returns.

Due to the implementation of the signal.Trap (eng.Shutdown) function in the implementation of eng.Shutdown, after the implementation of the eng.Shutdown, then the implementation ofOs.Exit (0), to complete the current program exit immediately.

5.4 load builtins

Eng set up after the Trap specific signal processing method, Daemon builtins to achieve the Docker loading. Code implementation is as follows:

Err if: = builtins.Register (Eng); err! = nil {
Log.Fatal (ERR)


The main work is to load the builtins for: engine more than a registered Handler, so that the follow-up in the implementation of the corresponding tasks, run the specified Handler. These Handler include: network initialization, API web service, event query, version view, Registry Docker validation and search. Code implementation is located in./docker/builtins/builtins.go, as follows:

Register error (*engine.Engine Eng) func {
Err if: = daemon (Eng); err! = nil {
Err return
Err if: = Remote (Eng); err! = nil {
Err return
Err if = events.New ().Install () err (Eng);! = nil {
Err return
Err if: = eng.Register ("version", dockerVersion); err! = nil {
Err return
Registry.NewService.Install () return (Eng)


The following analysis of the realization of the most important 5 parts: daemon (Eng), remote (Eng), events.New ().Install (Eng), eng.Register ("version", dockerVersion) and.Install () registry.NewService (Eng) ().

5.4.1 register initialization network driven Handler

Daemon (Eng) to achieve the process, mainly for the eng object registered a key for the "init_networkdriver" Handler, the value of the bridge.InitDriver Handler function, the code is as follows:

Daemon error (*engine.Engine Eng) func {
Eng.Register return ("init_networkdriver", bridge.InitDriver)


Need to pay attention to is that value to eng object registered handler does not represent the handler function will be run directly, such as bridge.InitDriver, and not directly run, but will bridge.InitDriver entrance to the function, written in Eng handlers to attribute.

The specific implementation of Bridge.InitDriver is located in./docker/daemon/networkdriver/bridge/driver.go, the main effect is:

* get network equipment for Docker service address; bridge *S create the specified IP address;
* configure network iptables rules;
* in addition to the eng object is registered a number of Handler, such as "allocate_interface", "release_interface", "allocate_port", "link"".

5.4.2 registered API service Handler

Remote (Eng) implementation process, mainly for the eng object registered two Handler, respectively, "serveapi" and "acceptconnections"". Code implementation is as follows:

Remote func (*engine.Engine Eng) error {err if: = eng.Register ("serveapi", apiserver.ServeApi); err! = nil {err return} eng.Register return ("acceptconnections", apiserver.AcceptConnections)}, ("") ("").


The registration of the two Handler names are "serveapi" and "acceptconnections", the corresponding implementation methods are apiserver.ServeApi and apiserver.AcceptConnections, the specific implementation is located in./docker/api/server/server.go. Which, ServeApi execution. Through the cycle of multiple protocols, create a goroutine to configure the specified http.Server. For different protocol request service; and AcceptConnections mainly in order to inform the init daemon, docker Daemon has been started, you can let the Daemon Docker process to accept the request.

5.4.3 registered events event Handler

Events.New ().Install (Eng), realization process, multiple event registered docker, function is to docker users provide API, so that the user can view the docker internal events information by the API, log information and that count information. Specific code is located in./docker/events/events.go, as follows:

Func (*Events E) Install (*engine.Engine Eng) error {
Jobs: = map[string]engine.Handler{
"Events": e.Get,
"Log": e.Log,
"Subscribers_count": e.SubscribersCount,
Name job, for: = jobs range {
Err if: = eng.Register (name, job); err! = nil {
Err return
Nil return


5.4.4 registered version of Handler

Eng.Register (the "version", dockerVersion) of the realization of the process, to eng object registration key for "version" and the value is "dockerVersion" execution method handler, dockerVersion during the execution of the will to a version of the job of the standard output write docker's version, docker API version, GIT version, go language runtime version and operating system version information. The specific implementation of dockerVersion is as follows:

DockerVersion engine.Status (*engine.Job job) func {
V: = &engine.Env{}
V.SetJson ("Version", dockerversion.VERSION)
V.SetJson ("ApiVersion", api.APIVERSION)
V.Set ("GitCommit", dockerversion.GITCOMMIT)
V.Set ("GoVersion", runtime.Version ())
V.Set ("Os", runtime.GOOS)
V.Set ("Arch", runtime.GOARCH)
If kernelVersion err (ERR); kernel.GetKernelVersion: = = = {nil
V.Set ("KernelVersion", kernelVersion.String ())
If: _, err = v.WriteTo (job.Stdout); err = nil {!
Job.Error return (ERR)
Engine.StatusOK return


5.4.5 registered Handler registry

.Install () registry.NewService (Eng) implementation process is located in./docker/registry/service.go, adding docker to the API information that is exposed to the eng object Registry information. When registry.NewService () of the success of the install installed, there are two calls can be used Eng: "auth", to the public registry for authentication; "search", in the public registry search the specified image. The specific implementation of Install is as follows:

Func (*Service s) Install (*engine.Engine Eng) error {
Eng.Register ("auth", s.Auth)
Eng.Register ("search", s.Search)
Nil return


At this point, all the loading of builtins is completed, and the eng object is registered to the Handler.

5.5 use goroutine to load the daemon object and run

Execution of the builtins load, back to the mainDaemon () execution, through a goroutine to load the daemon object and start running. The implementation of this link, mainly contains three steps:

Through the init function initializes the daemonCfg and Eng object to create a daemon object D; by daemon install function, to eng object registered numerous handler; after the docker daemon is booted and run names for "acceptconnections" job, the main work is to init daemon process to send "READY=1" signals, in order to start normal to accept the request.

Code implementation is as follows:

Func go () {
Err, D: = daemon.MainDaemon (daemonCfg, Eng)
Err if! = nil {
Log.Fatal (ERR)
Err if: = d.Install (Eng); err! = nil {
Log.Fatal (ERR)
Err if: =.Run ("acceptconnections") err (); eng.Job! = nil {
Log.Fatal (ERR)


The following are analyzed in three steps to do the work.

5.5.1 creates a daemon object

Daemon.MainDaemon (daemonCfg, Eng) is the core part of the daemon object D. A major role for initializing the docker daemon basic environment, such as handling config parameter and system validation support, configuration docker working directory, set and load a variety of driver, create graph environment verify DNS configuration.

As daemon.MainDaemon (daemonCfg, Eng) is the core part of the loaded Daemon Docker, and the length is too long, so the arrangement of the "Docker source code analysis" series of fourth articles in the analysis of this part.

5.5.2 through the daemon object for the engine registered Handler

When the daemon object is created, goroutine executes the d.Install (Eng), and the specific implementation is located in the./docker/daemon/daemon.go:

Func (*Daemon daemon) Install (*engine.Engine Eng) error {
Name method, range: = map[string]engine.Handler{for
"Attach": daemon.ContainerAttach,
"Image_delete": daemon.ImageDelete,
Err if: = eng.Register (name, method); err! = nil {
Err return
Err if = daemon.Repositories ().Install () err (Eng);! = nil {
Err return
Eng.Hack_SetGlobalVar ("httpapi.daemon", daemon)
Nil return


The realization of the above code is divided into three parts:

* register a large number of Handler objects into the eng object;
*.Install () image (Eng) to achieve the registration of multiple eng objects associated with the Handler, Install implementation is located in the daemon.Repositories./docker/graph/service.go;
* eng.Hack_SetGlobalVar ("httpapi.daemon", daemon) to eng objects in the map type of hack object to add a record, key for the "httpapi.daemon", value for daemon.

5.5.3 running job acceptconnections

In the goroutine internal last run called "acceptconnections" job, the main role is to inform the init Guardian process, Daemon Docker can begin to accept the request.

This is the first source analysis series involving the operation of the specific Job, the following simple analysis of the "acceptconnections" the operation of the job.

You can see the first implementation of the eng.Job ("acceptconnections"), the return of a Job, and then the implementation of eng.Job ("acceptconnections").Run (), that is, the implementation of the run Job function.

Eng.Job ("acceptconnections") is located in./docker/engine/engine.go, as follows:

Func (*Engine Eng) Job (string args,, string, name) *Job {
Job: = &Job{
Eng Eng,
Name Name,
Args Args,
NewInput Stdin: (),
NewOutput Stdout: (),
NewOutput Stderr: (),
&Env{} env,
Eng.Logging if {
Job.Stderr.Add (utils.NopWriteCloser (eng.Stderr))
Handler exists, if: = eng.handlers[name]; exists {
Job.handler = handler
Else if eng.catchall nil}! = = {& & name! "
Job.handler = eng.catchall
Job return


It can be seen from the above code, first create a type for the job of a job object, eng attributes in the object to the caller of the function of Eng, the name property "acceptconnections", no parameter afferents. Also in Eng object all handlers property for key "acceptconnections" recorded values, because in the loading operation builtins remote (Eng) has to eng registered a record, as the key "acceptconnections" and the value is apiserver.AcceptConnections. Therefore the handler object's job is apiserver.AcceptConnections. Finally returns the object that has been initialized job.

After the job object is created, the run () function of the job object is executed. The implementation of Run () function is located in./docker/engine/job.go, the function executes the specified job, and blocks the job before it is executed. For the job object named "acceptconnections", the running code isJob.status = job.handler (job), since the job.handler value is apiserver.AcceptConnections, the real implementation of the job.status = apiserver.AcceptConnections (job).

To enter the specific implementation of AcceptConnections, located in./docker/api/server/server.go, as follows:

AcceptConnections engine.Status (*engine.Job job) func {
Tell the init daemon we are / accepting requests
Systemd.SdNotify go ("READY=1")
ActivationLock if! = nil {
Close (activationLock)
Engine.StatusOK return


Focus on the implementation of systemd.SdNotify go ("READY=1"), located in./docker/pkg/system/sd_notify.go, the main role is to inform the init process Docker Daemon startup has been completed, the potential function is to make Daemon Docker start to accept Client API sent to the Docker request.

So far, it has been completed through the daemon to load the goroutine object and run.

5.6 print Docker version and drive information

Back to the mainDaemon () in the process of running, in the implementation of goroutine, mainDaemon () function of the internal other code will be executed concurrently.

The first implementation of the docker is shown as the version of the information, as well as the ExecDriver and GraphDriver of the two drivers of the specific information, the code is as follows:

Log.Printf ("daemon:%s%s docker;%s execdriver:;%s graphdriver",


5.7 serveapi Job creation and operation

After printing some of the Docker specific information, Daemon Docker immediately created and run called "serveapi" job, the main role for Daemon API to provide Docker access services. Implementation code is located in./docker/docker/daemon.go#L66, as follows:

Job: = eng.Job ("serveapi", flHosts...)
Job.SetenvBool ("Logging", true)
Job.SetenvBool ("EnableCors", *flEnableCors)
Job.Setenv ("Version", dockerversion.VERSION)
Job.Setenv ("SocketGroup", *flSocketGroup)
Job.SetenvBool ("Tls", *flTls)
Job.SetenvBool ("TlsVerify", *flTlsVerify)
Job.Setenv ("TlsCa", *flCa)
Job.Setenv ("TlsCert", *flCert)
Job.Setenv ("TlsKey", *flKey)
Job.SetenvBool ("BufferRequests", true)
Err if: = err (); job.Run! = nil {
Log.Fatal (ERR)


In the implementation process, the first to create a named "serveapi" job, and the value of flHosts to job.Args. The main role of flHost is to provide the Daemon Docker with the use of the address of the protocol. Subsequently, Daemon Docker set up a large number of environmental variables for the job, such as the environmental variables of the secure transport layer protocol, etc.. Finally through the job.Run () to run the job serveapi.

As in key eng for "serveapi" handler, value for apiserver.ServeApi, so the job runtime, the implementation of the apiserver.ServeApi function, is located in the./docker/api/server/server.go. The function of the ServeApi function is mainly for all the support protocols defined by the user, Docker Daemon all create a goroutine to start the corresponding http.Server, respectively, for different protocol services.

As the creation and start http.Server for the Docker architecture in the important content of the relevant Server Docker, "Docker source code analysis" series will be analyzed in fifth articles.

At this point, you can think that Daemon serveapi has completed the job initialization of the Docker. Once the acceptconnections is completed, the init will notify the job process Daemon Docker start up, you can begin to provide API services.

6 Summary

In this paper, from the source point of view of the analysis of the Daemon Docker start, focus on the analysis of the mainDaemon () to achieve.

Daemon Docker as the backbone of the Docker architecture, is responsible for the management of almost all operations within the Docker. Learning Daemon Docker of the specific implementation, you can have a more comprehensive understanding of the Docker architecture. In summary, the operation of the Docker, the carrier for the daemon, scheduling management by the engine, the task is performed by job.

7 introduction of the author

Sun Hongliang,DaoCloudNew team members, software engineers, Zhejiang University computer science graduates.

Graduate school during active in PAAS and docker open source community, in-depth study and enrich the practice of cloud foundry, good at analysis of the underlying platform code, on the platform of the distributed architecture has some experience, has written a lot of depth technology blog.

At the end of 2014 to join the DaoCloud partner to join the team, committed to the spread of Docker based container technology, to promote the pace of the application of the Internet in the container.

Welcome to exchange,

8 references

[Microsoft announced the next generation of Server Docker will introduce Windows primary support]
[sd_notify, sd_notifyf]
[analysis of Linux initialization init system, the third part: Systemd]
Os] [Package

Reference-Command Line] [Docker

Welcome to pay attention to the Docker source code analysis of the public number

step on
Guess you're looking for
View comments
* the above user comments only represent their personal views, does not represent the views or position of the CSDN website
    personal data
    • Visit85408 times
    • Integral:One thousand three hundred and sixty-three
    • Grade
    • Rank:18401st name
    • Original47
    • Reproduced:0
    • Translation:1
    • Comments:50
    Blog column
    Contact information
    Latest comments