在 Linux 上创建第一个 Service Fabric 容器应用程序Create your first Service Fabric container application on Linux

在 Service Fabric 群集上运行 Linux 容器中的现有应用程序不需要对应用程序进行任何更改。Running an existing application in a Linux container on a Service Fabric cluster doesn't require any changes to your application. 本文逐步讲解如何创建包含 Python Flask Web 应用程序的 Docker 映像并将其部署到 Service Fabric 群集。This article walks you through creating a Docker image containing a Python Flask web application and deploying it to a Service Fabric cluster. 此外,会通过 Azure 容器注册表共享容器化的应用程序。You will also share your containerized application through Azure Container Registry. 本文假定读者对 Docker 有一个基本的了解。This article assumes a basic understanding of Docker. 阅读 Docker Overview(Docker 概述)即可了解 Docker。You can learn about Docker by reading the Docker Overview.

备注

本文适用于 Linux 开发环境。This article applies to a Linux development environment. Service Fabric 群集运行时和 Docker 运行时必须在同一 OS 上运行。The Service Fabric cluster runtime and the Docker runtime must be running on the same OS. 不能在 Windows 群集上运行 Linux 容器。You cannot run Linux containers on a Windows cluster.

必备条件Prerequisites

定义 Docker 容器Define the Docker container

基于 Docker 中心内的 Python 映像生成一个映像。Build an image based on the Python image located on Docker Hub.

在 Dockerfile 中指定 Docker 容器。Specify your Docker container in a Dockerfile. Dockerfile 包含有关在容器中设置环境、加载要运行的应用程序以及映射端口的说明。The Dockerfile consists of instructions for setting up the environment inside your container, loading the application you want to run, and mapping ports. Dockerfile 是 docker build 命令的输入,该命令用于创建映像。The Dockerfile is the input to the docker build command, which creates the image.

创建一个空目录并创建文件 Dockerfile(不带文件扩展名)。Create an empty directory and create the file Dockerfile (with no file extension). 将以下内容添加到 Dockerfile 并保存所做的更改:Add the following to Dockerfile and save your changes:

# Use an official Python runtime as a base image
FROM python:2.7-slim

# Set the working directory to /app
WORKDIR /app

# Copy the current directory contents into the container at /app
ADD . /app

# Install any needed packages specified in requirements.txt
RUN pip install -r requirements.txt

# Make port 80 available outside this container
EXPOSE 80

# Define environment variable
ENV NAME World

# Run app.py when the container launches
CMD ["python", "app.py"]

有关详细信息,请阅读 Dockerfile reference(Dockerfile 参考)。Read the Dockerfile reference for more information.

创建基本 Web 应用程序Create a basic web application

创建一个侦听端口 80 并返回“Hello World!”的 Flask Web 应用程序。Create a Flask web application listening on port 80 that returns "Hello World!". 在同一个目录中,创建文件 requirements.txtIn the same directory, create the file requirements.txt. 添加以下内容并保存所做的更改:Add the following and save your changes:

Flask

此外,创建 app.py 文件并添加以下代码片段:Also create the app.py file and add the following snippet:

from flask import Flask

app = Flask(__name__)

@app.route("/")
def hello():

    return 'Hello World!'

if __name__ == "__main__":
    app.run(host='0.0.0.0', port=80)

生成映像Build the image

运行 docker build 命令,创建运行上述 Web 应用程序的映像。Run the docker build command to create the image that runs your web application. 打开 PowerShell 窗口,导航到 c:\temp\helloworldappOpen a PowerShell window and navigate to c:\temp\helloworldapp. 运行以下命令:Run the following command:

docker build -t helloworldapp .

该命令按 Dockerfile 中的说明生成新映像,并将映像命名为(-t 表示标记)helloworldappThis command builds the new image using the instructions in your Dockerfile, naming (-t tagging) the image helloworldapp. 若要生成容器映像,首先从 Docker Hub 下载基础映像并在其上添加应用程序。To build a container image, the base image is first downloaded down from Docker Hub to which the application is added.

生成命令执行完以后,请运行 docker images 命令,查看有关新映像的信息:Once the build command completes, run the docker images command to see information on the new image:

$ docker images

REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
helloworldapp                 latest              86838648aab6        2 minutes ago       194 MB

在本地运行应用程序Run the application locally

先验证容器化应用程序是否在本地运行,并将它推送到容器注册表。Verify that your containerized application runs locally before pushing it the container registry.

运行应用程序,并将计算机的端口 4000 映射到容器的公开端口 80:Run the application, mapping your computer's port 4000 to the container's exposed port 80:

docker run -d -p 4000:80 --name my-web-site helloworldapp

name 为运行的容器(而不是容器 ID)命名。name gives a name to the running container (instead of the container ID).

连接到正在运行的容器。Connect to the running container. 打开 Web 浏览器并指向端口 4000 上返回的 IP 地址,例如“http://localhost:4000”。Open a web browser pointing to the IP address returned on port 4000, for example "http://localhost:4000". 此时会看到标题“Hello World!”You should see the heading "Hello World!" 显示在浏览器中。display in the browser.

Hello World!

若要停止容器,请运行:To stop your container, run:

docker stop my-web-site

从开发计算机中删除该容器:Delete the container from your development machine:

docker rm my-web-site

将映像推送到容器注册表Push the image to the container registry

确认应用程序在 Docker 中运行后,请将映像推送到 Azure 容器注册表中的注册表。After you verify that the application runs in Docker, push the image to your registry in Azure Container Registry.

运行 docker login,以使用注册表凭据登录到容器注册表。Run docker login to sign in to your container registry with your registry credentials.

以下示例传递了 Azure Active Directory 服务主体的 ID 和密码。The following example passes the ID and password of an Azure Active Directory service principal. 例如,在自动化方案中,可能已向注册表分配了服务主体。For example, you might have assigned a service principal to your registry for an automation scenario. 或者,可以使用注册表用户名和密码登录。Or, you could sign in using your registry username and password.

docker login myregistry.azurecr.cn -u xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -p myPassword

以下命令使用注册表的完全限定路径创建映像的标记或别名。The following command creates a tag, or alias, of the image, with a fully qualified path to your registry. 此示例将映像置于 samples 命名空间,以免注册表根目录中出现混乱。This example places the image in the samples namespace to avoid clutter in the root of the registry.

docker tag helloworldapp myregistry.azurecr.cn/samples/helloworldapp

将映像推送到容器注册表:Push the image to your container registry:

docker push myregistry.azurecr.cn/samples/helloworldapp

使用 Yeoman 打包 Docker 映像Package the Docker image with Yeoman

用于 Linux 的 Service Fabric SDK 包括 Yeoman 生成器,利用它可以轻松地创建第一个服务应用程序和添加容器映像。The Service Fabric SDK for Linux includes a Yeoman generator that makes it easy to create your application and add a container image. 让我们使用 Yeoman 创建具有单个 Docker 容器(名为 SimpleContainerApp)的应用程序。Let's use Yeoman to create an application with a single Docker container called SimpleContainerApp.

若要创建 Service Fabric 容器应用程序,请打开终端窗口并运行 yo azuresfcontainerTo create a Service Fabric container application, open a terminal window and run yo azuresfcontainer.

为应用程序命名(例如 mycontainer),以及为应用程序服务命名(例如 myservice)。Name your application (for example, mycontainer) and name the application service (for example, myservice).

对于映像名称,请提供容器映像在容器注册表中的 URL(例如“myregistry.azurecr.cn/samples/helloworldapp”)。For the image name, provide the URL for the container image in a container registry (for example, "myregistry.azurecr.cn/samples/helloworldapp").

此映像中定义了一个工作负荷入口点,因此不需显式指定输入命令(命令在容器中运行,这可以在启动后使容器保持运行)。Since this image has a workload entry-point defined, you don't need to explicitly specify input commands (commands run inside the container, which will keep the container running after startup).

指定实例计数“1”。Specify an instance count of "1".

以适当的格式指定端口映射。Specify the port mapping in the appropriate format. 对于本文,需要提供 80:4000 作为端口映射。For this article, you need to provide 80:4000 as the port mapping. 通过这样做,已将主机上到达端口 4000 的所有传入请求都重定向到容器上的端口 80。By doing this you have configured that any incoming requests coming to port 4000 on the host machine are redirected to port 80 on the container.

适用于容器的 Service Fabric Yeoman 生成器

配置隔离模式Configure isolation mode

使用 6.3 运行时版本时,Linux 容器支持 VM 隔离,从而支持两种容器隔离模式:process 和 Hyper-V。With the 6.3 runtime release, VM isolation is supported for Linux containers, thereby supporting two isolation modes for containers: process and Hyper-V. 使用 Hyper-V 隔离模式时,内核将在每个容器与容器主机之间隔离。With the Hyper-V isolation mode, the kernels are isolated between each container and the container host. 使用 Clear Containers 实现 Hyper-V 隔离。The Hyper-V isolation is implemented using Clear Containers. 在应用程序清单文件中的 ServicePackageContainerPolicy 元素内,为 Linux 群集指定了隔离模式。The isolation mode is specified for Linux clusters in the ServicePackageContainerPolicy element in the application manifest file. 可以指定的隔离模式为 processhypervdefaultThe isolation modes that can be specified are process, hyperv, and default. 默认为 process 隔离模式。The default is process isolation mode. 以下代码片段演示如何在应用程序清单文件中指定隔离模式。The following snippet shows how the isolation mode is specified in the application manifest file.

<ServiceManifestImport>
    <ServiceManifestRef ServiceManifestName="MyServicePkg" ServiceManifestVersion="1.0.0"/>
      <Policies>
        <ServicePackageContainerPolicy Hostname="votefront" Isolation="hyperv">
          <PortBinding ContainerPort="80" EndpointRef="myServiceTypeEndpoint"/>
        </ServicePackageContainerPolicy>
    </Policies>
  </ServiceManifestImport>

配置资源调控Configure resource governance

资源调控限制容器能够在主机上使用的资源。Resource governance restricts the resources that the container can use on the host. 在应用程序清单中指定的 ResourceGovernancePolicy 元素用于声明服务代码包的资源限制。The ResourceGovernancePolicy element, which is specified in the application manifest, is used to declare resource limits for a service code package. 可以为以下资源设置资源限制:内存、MemorySwap、CpuShares(CPU 相对权重)、MemoryReservationInMB、BlkioWeight(BlockIO 相对权重)。Resource limits can be set for the following resources: Memory, MemorySwap, CpuShares (CPU relative weight), MemoryReservationInMB, BlkioWeight (BlockIO relative weight). 在此示例中,服务包 Guest1Pkg 在放置它的群集节点上获得一个核心。In this example, service package Guest1Pkg gets one core on the cluster nodes where it is placed. 内存限制是绝对的,所以此代码包限制为 1024 MB 内存(和相同的软保证预留)。Memory limits are absolute, so the code package is limited to 1024 MB of memory (and a soft-guarantee reservation of the same). 代码包(容器或进程)无法分配超出此限制的内存,尝试执行此操作会引发内存不足异常。Code packages (containers or processes) are not able to allocate more memory than this limit, and attempting to do so results in an out-of-memory exception. 若要强制执行资源限制,服务包中的所有代码包均应指定内存限制。For resource limit enforcement to work, all code packages within a service package should have memory limits specified.

<ServiceManifestImport>
  <ServiceManifestRef ServiceManifestName="MyServicePKg" ServiceManifestVersion="1.0.0" />
  <Policies>
    <ServicePackageResourceGovernancePolicy CpuCores="1"/>
    <ResourceGovernancePolicy CodePackageRef="Code" MemoryInMB="1024"  />
  </Policies>
</ServiceManifestImport>

配置 docker HEALTHCHECKConfigure docker HEALTHCHECK

从 v6.1 开始,Service Fabric 自动将 docker HEALTHCHECK 事件集成到其系统运行状况报告。Starting v6.1, Service Fabric automatically integrates docker HEALTHCHECK events to its system health report. 这意味着,如果容器启用了 HEALTHCHECK,则只要容器的运行状况状态如 Docker 所报告的那样更改,Service Fabric 就会报告运行状况。This means that if your container has HEALTHCHECK enabled, Service Fabric will report health whenever the health status of the container changes as reported by Docker. health_status 为“正常” 时,会在 Service Fabric Explorer 中显示运行状况报告“正常”; 当 health_status 为“不正常”时, 会显示“警告”。An OK health report will appear in Service Fabric Explorer when the health_status is healthy and WARNING will appear when health_status is unhealthy.

从 v6.4 的最新更新版开始,可以选择指定应将 Docker HEALTHCHECK 评估报告为错误。Starting with the latest refresh release of v6.4, you have the option to specify that docker HEALTHCHECK evaluations should be reported as an error. 如果此选项已启用,当 health_status 为“正常”时,将显示“正常”运行状况报告;当 health_status 为“不正常”时,将显示“错误”运行状况报告 。If this option is enabled, an OK health report will appear when health_status is healthy and ERROR will appear when health_status is unhealthy.

生成容器映像时使用的 Dockerfile 中必须存在 HEALTHCHECK 指令,该指令指向监视容器运行状况时执行的实际检查。The HEALTHCHECK instruction pointing to the actual check that is performed for monitoring container health must be present in the Dockerfile used while generating the container image.

HealthCheckHealthy

HealthCheckUnhealthyApp

HealthCheckUnhealthyDsp

通过在 ApplicationManifest 中将 HealthConfig 选项指定为 ContainerHostPolicies 的一部分,可以为每个容器配置 HEALTHCHECK 行为。You can configure HEALTHCHECK behavior for each container by specifying HealthConfig options as part of ContainerHostPolicies in ApplicationManifest.

<ServiceManifestImport>
    <ServiceManifestRef ServiceManifestName="ContainerServicePkg" ServiceManifestVersion="2.0.0" />
    <Policies>
      <ContainerHostPolicies CodePackageRef="Code">
        <HealthConfig IncludeDockerHealthStatusInSystemHealthReport="true"
              RestartContainerOnUnhealthyDockerHealthStatus="false" 
              TreatContainerUnhealthyStatusAsError="false" />
      </ContainerHostPolicies>
    </Policies>
</ServiceManifestImport>

默认情况下,IncludeDockerHealthStatusInSystemHealthReport 设置为 trueRestartContainerOnUnhealthyDockerHealthStatus 设置为 false,而 TreatContainerUnhealthyStatusAsError 设置为 falseBy default IncludeDockerHealthStatusInSystemHealthReport is set to true, RestartContainerOnUnhealthyDockerHealthStatus is set to false, and TreatContainerUnhealthyStatusAsError is set to false.

如果 RestartContainerOnUnhealthyDockerHealthStatus 设置为 true,则会重启(可能在其他节点上进行)反复报告“不正常”的容器。If RestartContainerOnUnhealthyDockerHealthStatus is set to true, a container repeatedly reporting unhealthy is restarted (possibly on other nodes).

如果 TreatContainerUnhealthyStatusAsError 设置为 true,当容器的 health_status 为“运行不正常”时,将显示“错误”运行状况报告 。If TreatContainerUnhealthyStatusAsError is set to true, ERROR health reports will appear when the container's health_status is unhealthy.

若要禁用整个 Service Fabric 群集的 HEALTHCHECK 集成,则需将 EnableDockerHealthCheckIntegration 设置为 falseIf you want to the disable the HEALTHCHECK integration for the entire Service Fabric cluster, you will need to set EnableDockerHealthCheckIntegration to false.

部署应用程序Deploy the application

生成应用程序后,可以使用 Service Fabric CLI 将其部署到本地群集。Once the application is built, you can deploy it to the local cluster using the Service Fabric CLI.

连接到本地 Service Fabric 群集。Connect to the local Service Fabric cluster.

sfctl cluster select --endpoint http://localhost:19080

使用 https://github.com/Azure-Samples/service-fabric-containers/ 模板中提供的安装脚本可将应用程序包复制到群集的映像存储、注册应用程序类型和创建应用程序的实例。Use the install script provided in the templates at https://github.com/Azure-Samples/service-fabric-containers/ to copy the application package to the cluster's image store, register the application type, and create an instance of the application.

./install.sh

打开浏览器并导航到位于 http://localhost:19080/Explorer 的 Service Fabric Explorer(如果在 Mac OS X 上使用 Vagrant,则使用 VM 的专用 IP 替换 localhost)。Open a browser and navigate to Service Fabric Explorer at http://localhost:19080/Explorer (replace localhost with the private IP of the VM if using Vagrant on Mac OS X). 展开应用程序节点,注意现在有一个条目是用于应用程序类型,另一个条目用于该类型的第一个实例。Expand the Applications node and note that there is now an entry for your application type and another for the first instance of that type.

连接到正在运行的容器。Connect to the running container. 打开 Web 浏览器并指向端口 4000 上返回的 IP 地址,例如“http://localhost:4000”。Open a web browser pointing to the IP address returned on port 4000, for example "http://localhost:4000". 此时会看到标题“Hello World!”You should see the heading "Hello World!" 显示在浏览器中。display in the browser.

Hello World!

清理Clean up

使用模板中提供的卸载脚本从本地开发群集中删除应用程序实例并取消注册应用程序类型。Use the uninstall script provided in the template to delete the application instance from the local development cluster and unregister the application type.

./uninstall.sh

将映像推送到容器注册表以后,即可从开发计算机中删除本地映像:After you push the image to the container registry you can delete the local image from your development computer:

docker rmi helloworldapp
docker rmi myregistry.azurecr.cn/samples/helloworldapp

Service Fabric 应用程序和服务清单的完整示例Complete example Service Fabric application and service manifests

下面是本文中使用的服务和应用程序完整清单。Here are the complete service and application manifests used in this article.

ServiceManifest.xmlServiceManifest.xml

<?xml version="1.0" encoding="utf-8"?>
<ServiceManifest Name="myservicePkg"
                 Version="1.0.0"
                 xmlns="http://schemas.microsoft.com/2011/01/fabric"
                 xmlns:xsd="https://www.w3.org/2001/XMLSchema"
                 xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance">
  <ServiceTypes>
    <!-- This is the name of your ServiceType.
         The UseImplicitHost attribute indicates this is a guest service. -->
    <StatelessServiceType ServiceTypeName="myserviceType" UseImplicitHost="true" />
  </ServiceTypes>

  <!-- Code package is your service executable. -->
  <CodePackage Name="Code" Version="1.0.0">
    <EntryPoint>
      <!-- Follow this link for more information about deploying containers 
      to Service Fabric: https://aka.ms/sfguestcontainers -->
      <ContainerHost>
        <ImageName>myregistry.azurecr.cn/samples/helloworldapp</ImageName>
        <!-- Pass comma delimited commands to your container: dotnet, myproc.dll, 5" -->
        <!--Commands> dotnet, myproc.dll, 5 </Commands-->
        <Commands></Commands>
      </ContainerHost>
    </EntryPoint>
    <!-- Pass environment variables to your container: -->

    <EnvironmentVariables>
      <!--
      <EnvironmentVariable Name="VariableName" Value="VariableValue"/>
      -->
    </EnvironmentVariables>

  </CodePackage>

  <Resources>
    <Endpoints>
      <!-- This endpoint is used by the communication listener to obtain the port on which to 
           listen. Please note that if your service is partitioned, this port is shared with 
           replicas of different partitions that are placed in your code. -->
      <Endpoint Name="myServiceTypeEndpoint" UriScheme="http" Port="4000" Protocol="http"/>
    </Endpoints>
  </Resources>
</ServiceManifest>

ApplicationManifest.xmlApplicationManifest.xml

<?xml version="1.0" encoding="utf-8"?>
<ApplicationManifest ApplicationTypeName="mycontainerType"
                     ApplicationTypeVersion="1.0.0"
                     xmlns="http://schemas.microsoft.com/2011/01/fabric"
                     xmlns:xsd="https://www.w3.org/2001/XMLSchema"
                     xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance">
  <!-- Import the ServiceManifest from the ServicePackage. The ServiceManifestName and ServiceManifestVersion 
       should match the Name and Version attributes of the ServiceManifest element defined in the 
       ServiceManifest.xml file. -->
  <ServiceManifestImport>
    <ServiceManifestRef ServiceManifestName="myservicePkg" ServiceManifestVersion="1.0.0" />
    <ConfigOverrides />
    <Policies>
      <ContainerHostPolicies CodePackageRef="Code">
        <RepositoryCredentials AccountName="myregistry" Password="=P==/==/=8=/=+u4lyOB=+=nWzEeRfF=" PasswordEncrypted="false"/>
        <PortBinding ContainerPort="80" EndpointRef="myServiceTypeEndpoint"/>
      </ContainerHostPolicies>
    </Policies>
  </ServiceManifestImport>
  <DefaultServices>
    <!-- The section below creates instances of service types, when an instance of this 
         application type is created. You can also create one or more instances of service type using the 
         ServiceFabric PowerShell module.

         The attribute ServiceTypeName below must match the name defined in the imported ServiceManifest.xml file. -->
    <Service Name="myservice">
      <!-- On a local development cluster, set InstanceCount to 1. On a multi-node production 
      cluster, set InstanceCount to -1 for the container service to run on every node in 
      the cluster.
      -->
      <StatelessService ServiceTypeName="myserviceType" InstanceCount="1">
        <SingletonPartition />
      </StatelessService>
    </Service>
  </DefaultServices>
</ApplicationManifest>

将更多服务添加到现有应用程序Adding more services to an existing application

若要将其他容器服务添加到已使用 yeoman 创建的应用程序,请执行以下步骤:To add another container service to an application already created using yeoman, perform the following steps:

  1. 将目录更改为现有应用程序的根目录。Change directory to the root of the existing application. 例如 cd ~/YeomanSamples/MyApplication(如果 MyApplication 是 Yeoman 创建的应用程序)。For example, cd ~/YeomanSamples/MyApplication, if MyApplication is the application created by Yeoman.
  2. 运行 yo azuresfcontainer:AddServiceRun yo azuresfcontainer:AddService

配置在强制终止容器之前需经历的时间间隔Configure time interval before container is force terminated

可以配置一个时间间隔,目的是在启动服务删除操作(或移动到另一个节点的操作)之后,要求运行时在删除容器之前等待特定的时间。You can configure a time interval for the runtime to wait before the container is removed after the service deletion (or a move to another node) has started. 配置时间间隔时,会向容器发送 docker stop <time in seconds> 命令。Configuring the time interval sends the docker stop <time in seconds> command to the container. 有关更多详细信息,请参阅 docker stopFor more detail, see docker stop. 等待时间间隔在 Hosting 节指定。The time interval to wait is specified under the Hosting section. 以下群集清单代码片段显示了如何设置等待时间间隔:The following cluster manifest snippet shows how to set the wait interval:

{
    "name": "Hosting",
    "parameters": [
      {
            "name": "ContainerDeactivationTimeout",
            "value" : "10"
      },
      ...
    ]
}

默认时间间隔设置为 10 秒。The default time interval is set to 10 seconds. 由于此配置是动态的,因此对群集进行仅限配置的升级即可更新超时。Since this configuration is dynamic, a config only upgrade on the cluster updates the timeout.

将运行时配置为删除未使用的容器映像Configure the runtime to remove unused container images

可将 Service Fabric 群集配置为从节点删除未使用的容器映像。You can configure the Service Fabric cluster to remove unused container images from the node. 如果节点上存在过多容器映像,则可通过此配置回收磁盘空间。This configuration allows disk space to be recaptured if too many container images are present on the node. 若要启用此功能,请更新群集清单中的 Hosting 节,如以下代码片段所示:To enable this feature, update the Hosting section in the cluster manifest as shown in the following snippet:

{
    "name": "Hosting",
    "parameters": [
      {
            "name": "PruneContainerImages",
            "value": "True"
      },
      {
            "name": "ContainerImagesToSkip",
            "value": "microsoft/windowsservercore|microsoft/nanoserver|microsoft/dotnet-frameworku|..."
      }
      ...
      }
    ]
} 

对于不应删除的映像,可以在 ContainerImagesToSkip 参数下进行指定。For images that shouldn't be deleted, you can specify them under the ContainerImagesToSkip parameter.

配置容器映像下载时间Configure container image download time

Service Fabric 运行时为下载和解压缩容器映像分配了 20 分钟的时间,这适用于大多数容器映像。The Service Fabric runtime allocates 20 minutes to download and extract container images, which works for the majority of container images. 如果是大型映像,或者网络连接速度较慢,则可能必须延长中止映像下载和解压缩之前的等待时间。For large images, or when the network connection is slow, it might be necessary to increase the time to wait before aborting the image download and extraction. 此超时可以使用群集清单的 Hosting 节的 ContainerImageDownloadTimeout 属性来设置,如以下代码片段所示:This timeout is set using the ContainerImageDownloadTimeout attribute in the Hosting section of the cluster manifest as shown in the following snippet:

{
    "name": "Hosting",
    "parameters": [
      {
          "name": "ContainerImageDownloadTimeout",
          "value": "1200"
      }
    ]
}

设置容器保留策略Set container retention policy

为了帮助诊断容器启动故障,Service Fabric(6.1 或更高版本)支持保留终止的或无法启动的容器。To assist with diagnosing container startup failures, Service Fabric (version 6.1 or higher) supports retaining containers that terminated or failed to start. 此策略可以在 ApplicationManifest.xml 文件中设置,如以下代码片段所示:This policy can be set in the ApplicationManifest.xml file as shown in the following snippet:

 <ContainerHostPolicies CodePackageRef="NodeService.Code" Isolation="process" ContainersRetentionCount="2"  RunInteractive="true"> 

ContainersRetentionCount 设置指定在容器故障时需保留的容器数。The setting ContainersRetentionCount specifies the number of containers to retain when they fail. 如果指定一个负值,则会保留所有故障容器。If a negative value is specified, all failing containers will be retained. 如果不指定 ContainersRetentionCount 属性,则不会保留任何容器。When the ContainersRetentionCount attribute is not specified, no containers will be retained. ContainersRetentionCount 属性还支持应用程序参数,因此用户可以为测试性群集和生产群集指定不同的值。The attribute ContainersRetentionCount also supports Application Parameters so users can specify different values for test and production clusters. 使用此功能时可使用放置约束,将容器服务的目标设置为特定的节点,防止将容器服务移至其他节点。Use placement constraints to target the container service to a particular node when using this feature to prevent the container service from moving to other nodes. 使用此功能保留的容器必须手动删除。Any containers retained using this feature must be manually removed.

使用自定义参数启动 Docker 守护程序Start the Docker daemon with custom arguments

有了 6.2 版和更高版本的 Service Fabric 运行时,可以使用自定义参数启动 Docker 守护程序。With the 6.2 version of the Service Fabric runtime and greater, you can start the Docker daemon with custom arguments. 指定自定义参数时,Service Fabric 不会将 --pidfile 参数以外的任何其他参数传递给 docker 引擎。When custom arguments are specified, Service Fabric does not pass any other argument to docker engine except the --pidfile argument. 因此,--pidfile 不应作为参数传递。Hence, --pidfile shouldn't be passed as an argument. 此外,参数应继续让 docker 守护程序侦听 Windows 上的默认名称管道(或 Linux 上的 unix 域套接字),以便 Service Fabric 与该守护程序通信。Additionally, the argument should continue to have the docker daemon listen on the default name pipe on Windows (or unix domain socket on Linux) for Service Fabric to communicate with the daemon. 自定义参数在 ContainerServiceArgumentsHosting 节下的群集清单中指定。The custom arguments are specified in the cluster manifest under the Hosting section under ContainerServiceArguments. 以下代码片段显示了一个示例:An example is shown in the following snippet:

{ 
        "name": "Hosting", 
        "parameters": [ 
          { 
            "name": "ContainerServiceArguments", 
            "value": "-H localhost:1234 -H unix:///var/run/docker.sock" 
          } 
        ] 
} 

后续步骤Next steps