mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-03-12 01:40:10 +08:00
geekpi
GitHub
commit
69ba5521af
@ -1,3 +1,5 @@
|
||||
translating----geekpi
|
||||
|
||||
How to find and tar files into a tar ball
|
||||
======
|
||||
|
||||
|
||||
@ -1,72 +0,0 @@
|
||||
translating---geekpi
|
||||
|
||||
What's CGManager?[][1]
|
||||
============================================================
|
||||
|
||||
CGManager is a central privileged daemon that manages all your cgroups for you through a simple D-Bus API. It's designed to work with nested LXC containers as well as accepting unprivileged requests including resolving user namespaces UIDs/GIDs.
|
||||
|
||||
# Components[][2]
|
||||
|
||||
### cgmanager[][3]
|
||||
|
||||
This daemon runs on the host, mounts cgroupfs into a separate mount namespace (so it's invisible from the host), binds /sys/fs/cgroup/cgmanager/sock for incoming D-Bus queries and generally handles all clients running directly on the host.
|
||||
|
||||
cgmanager accepts both authentication requests using D-Bus + SCM credentials used for translation of uid, gid and pid across namespaces or using simple "unauthenticated" (just the initial ucred) D-Bus for queries coming from the host level.
|
||||
|
||||
### cgproxy[][4]
|
||||
|
||||
You may see this daemon run in two cases. On the host if your kernel is older than 3.8 (doesn't have pidns attach support) or in containers (where only cgproxy runs).
|
||||
|
||||
cgproxy doesn't itself do any cgroup configuration change but instead as its name indicates, proxies requests to the main cgmanager process.
|
||||
|
||||
This is necessary so a process may talk to /sys/fs/cgroup/cgmanager/sock using straight D-Bus (for example using dbus-send).
|
||||
|
||||
cgproxy will then catch the ucred from that query and do an authenticated SCM query to the real cgmanager socket, passing the arguments through ucred structs so that they get properly translated into something cgmanager in the host namespace can understand.
|
||||
|
||||
### cgm[][5]
|
||||
|
||||
A simple command line tool which talks to the D-Bus service and lets you perform all the usual cgroup operations from the command line.
|
||||
|
||||
# Communication protocol[][6]
|
||||
|
||||
As mentioned above, cgmanager and cgproxy use D-Bus. It's recommended that external clients (so not cgproxy itself) use the standard D-Bus API and do not attempt to implement the SCM creds protocol as it's unnecessary and easy to get wrong.
|
||||
|
||||
Instead, simply assume that talking to /sys/fs/cgroup/cgmanager/sock will always do the right thing.
|
||||
|
||||
The cgmanager API is only available on that separate D-Bus socket, cgmanager itself doesn't attach to the system bus and so a running dbus daemon isn't a requirement of cgmanager/cgproxy.
|
||||
|
||||
You can read more about the D-Bus API [here][7].
|
||||
|
||||
# Licensing[][8]
|
||||
|
||||
CGManager is free software, most of the code is released under the terms of the GNU LGPLv2.1+ license, some binaries are released under the GNU GPLv2 license.
|
||||
|
||||
The default license for the project is the GNU LGPLv2.1+.
|
||||
|
||||
# Support[][9]
|
||||
|
||||
CGManager's stable release support relies on the Linux distributions and their own commitment to pushing stable fixes and security updates.
|
||||
|
||||
Commercial support for CGManager on Ubuntu LTS releases can be obtained from [Canonical Ltd][10].
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://linuxcontainers.org/cgmanager/introduction/
|
||||
|
||||
作者:[Canonical Ltd. ][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.canonical.com/
|
||||
[1]:https://linuxcontainers.org/cgmanager/introduction/#whats-cgmanager
|
||||
[2]:https://linuxcontainers.org/cgmanager/introduction/#components
|
||||
[3]:https://linuxcontainers.org/cgmanager/introduction/#cgmanager
|
||||
[4]:https://linuxcontainers.org/cgmanager/introduction/#cgproxy
|
||||
[5]:https://linuxcontainers.org/cgmanager/introduction/#cgm
|
||||
[6]:https://linuxcontainers.org/cgmanager/introduction/#communication-protocol
|
||||
[7]:https://linuxcontainers.org/cgmanager/dbus-api/
|
||||
[8]:https://linuxcontainers.org/cgmanager/introduction/#licensing
|
||||
[9]:https://linuxcontainers.org/cgmanager/introduction/#support
|
||||
[10]:http://www.canonical.com/
|
||||
70
translated/tech/20171218 Whats CGManager.md
Normal file
70
translated/tech/20171218 Whats CGManager.md
Normal file
@ -0,0 +1,70 @@
|
||||
什么是 CGManager?[][1]
|
||||
============================================================
|
||||
|
||||
CGManager 是一个核心的特权守护进程,通过一个简单的 D-Bus API 管理你所有的 cgroup。它被设计用来处理嵌套的 LXC 容器以及接受无特权的请求,包括解析用户名称空间的 UID/GID。
|
||||
|
||||
# 组件[][2]
|
||||
|
||||
### cgmanager[][3]
|
||||
|
||||
这个守护进程在主机上运行,将 cgroupfs 挂载到一个独立的挂载名称空间(所以它不能从主机上看到),绑定 /sys/fs/cgroup/cgmanager/sock 用于传入的 D-Bus 查询,并通常处理主机上直接运行的所有客户端。
|
||||
|
||||
cgmanager 同时接受使用 D-Bus + SCM 凭证的身份验证请求,用于在命名空间之间转换 uid、gid 和 pid,或者使用简单的 “unauthenticated”(只是初始的 ucred)D-Bus 来查询来自主机级别的查询。
|
||||
|
||||
### cgproxy[][4]
|
||||
|
||||
你可能会在两种情况下看到这个守护进程运行。在主机上,如果你的内核小于 3.8(没有 pidns 连接支持)或在容器中(只有 cgproxy 运行)。
|
||||
|
||||
cgproxy 本身并不做任何 cgroup 配置更改,而是如其名称所示,代理请求给主 cgmanager 进程。
|
||||
|
||||
这是必要的,所以一个进程可以直接使用 D-Bus(例如使用 dbus-send)与 /sys/fs/cgroup/cgmanager/sock 进行通信。
|
||||
|
||||
之后 cgproxy 将从该查询中得到 ucred,并对真正的 cgmanager 套接字进行经过身份验证的 SCM 查询,并通过 ucred 结构体传递参数,使它们能够正确地转换为 cgmanager 可以理解的主机命名空间 。
|
||||
|
||||
### cgm[][5]
|
||||
|
||||
一个简单的命令行工具,与 D-Bus 服务通信,并允许你从命令行执行所有常见的 cgroup 操作。
|
||||
|
||||
# 通信协议[][6]
|
||||
|
||||
如上所述,cgmanager 和 cgproxy 使用 D-Bus。建议外部客户端(所以不要是 cgproxy)使用标准的 D-Bus API,不要试图实现 SCM creds 协议,因为它是不必要的,并且容易出错。
|
||||
|
||||
相反,只要简单假设与 /sys/fs/cgroup/cgmanager/sock 的通信总是正确的。
|
||||
|
||||
cgmanager API 仅在独立的 D-Bus 套接字上可用,cgmanager 本身不连接到系统总线,所以 cgmanager/cgproxy 不要求有运行中的 dbus 守护进程。
|
||||
|
||||
你可以在[这里][7]阅读更多关于 D-Bus API。
|
||||
|
||||
# Licensing[][8]
|
||||
|
||||
CGManager 是免费软件,大部分代码是根据 GNU LGPLv2.1+ 许可条款发布的,一些二进制文件是在 GNU GPLv2 许可下发布的。
|
||||
|
||||
该项目的默认许可证是 GNU LGPLv2.1+
|
||||
|
||||
# Support[][9]
|
||||
|
||||
CGManager 的稳定版本支持依赖于 Linux 发行版以及它们自己承诺推出稳定修复和安全更新。
|
||||
|
||||
你可以从 [Canonical Ltd][10] 获得对 Ubuntu LTS 版本的 CGManager 的商业支持。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://linuxcontainers.org/cgmanager/introduction/
|
||||
|
||||
作者:[Canonical Ltd. ][a]
|
||||
译者:[geekpi](https://github.com/geekpi)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.canonical.com/
|
||||
[1]:https://linuxcontainers.org/cgmanager/introduction/#whats-cgmanager
|
||||
[2]:https://linuxcontainers.org/cgmanager/introduction/#components
|
||||
[3]:https://linuxcontainers.org/cgmanager/introduction/#cgmanager
|
||||
[4]:https://linuxcontainers.org/cgmanager/introduction/#cgproxy
|
||||
[5]:https://linuxcontainers.org/cgmanager/introduction/#cgm
|
||||
[6]:https://linuxcontainers.org/cgmanager/introduction/#communication-protocol
|
||||
[7]:https://linuxcontainers.org/cgmanager/dbus-api/
|
||||
[8]:https://linuxcontainers.org/cgmanager/introduction/#licensing
|
||||
[9]:https://linuxcontainers.org/cgmanager/introduction/#support
|
||||
[10]:http://www.canonical.com/
|
||||
Loading…
Reference in New Issue
Block a user