Let’s start with process number one | You call this crap cloud native

Open a shell terminal, enter ps -ef , and look from the beginning to the bottom. This is what you may see.

That may also be the case.

The former is on the Linux operating system, where you can see that process No. 1 is systemd . The latter is on the macOS system, where process No. 1 is launchd .

If you scroll down, you will find such a pattern. No matter which process, its parent process ( PPID ) must be either process 1 or its parent process's parent process... eventually also process 1. And the parent process of process 1 is process 0, which is not shown in the process list and is a mysterious existence.

Linux has evolved to so many versions, but the basic process system has not changed at all. All processes are created directly or indirectly by process 1.

Process 1 in Linux 0.11 is a hard-coded init method that eventually starts a shell process to interact with the user. It has now gradually developed into a complex systemd , but it is essentially a program that is mainly responsible for creating other processes.

Most of the processes you just saw with ps -ef are created by systemd, such as systemd-logind, which manages user login sessions, and systemd-journald, which handles system logs.

Wait, isn’t this a cloud native column? Isn’t it supposed to talk about Docker and containers? Why are we talking about all this nonsense?

Don’t worry, if you understand what I just said above, you have already mastered 50% of the principles of container technology!

Let's continue. We just learned that there are a lot of processes in Linux, and these processes are created bit by bit by the same process. Obviously, how to create a process is the most critical part.

To create a process in Linux, you can use the fork , vfork or clone system calls, and use glibc's pthread_create to create a thread (a lightweight process).

At the lowest level, all methods are implemented by calling do_fork (or clone because they are basically the same) with different parameters.

The most important parameter is clone_flags . For example, when pthread_create calls clone , it passes in quite a lot of clone_flags to indicate which resources are shared with the parent process. In Linux, this is the essential difference between processes and threads.

Many people are always afraid of the C language code for creating a process, but in fact, you can rest assured after writing it. Use the simplest fork to create a new process, just like this.

After fork is executed , the following code is forked. If the returned pid is 0, it is the child process, otherwise it is the parent process, and the returned pid is the pid of the child process.

However, the code in the child process and the parent process are mixed in an if else statement. We add a few more lines of code to replace the child process program through the classic fork + exec to achieve the effect of creating a new shell process.

After this is executed, a new shell process is actually started. The commands I enter in the command prompt below are operated in this new shell process.

Notice that I secretly added a sethostname method before the exec call, which is equivalent to executing hostname shanke in the Linux command line . Then if you look at the command prompt at the bottom, the suffix has become shanke !

Hey, do you feel something? I don't know what it is, though. Don't worry, let's take a closer look.

Since all the methods of creating a process will eventually go to do_fork , let's look directly at the kernel code. Don't be afraid, just look at the first two lines first.

You can see that do_fork does a check right after it comes in. What does it check? It requires that CLONE_NEWUSER or CLONE_NEWPID cannot exist at the same time as CLONE_THREAD or CLONE_PARENT .

Eh? If you know a little bit about the underlying principle of containers , you will know that CLONE_NEWPID is the identifier of the PID namespace , which means that the new process I created by cloning must be in an independent PID namespace.

The CLONE_THREAD flag is passed in when pthread_create creates a new thread, indicating that a thread is to be created instead of a process. One manifestation of this is that the new thread shares the same process ID as the thread that created it.

That's a coincidence. The purpose of PID namespace is to isolate the process ID, and CLONE_THREAD needs to share the same process ID with the parent process. It feels awkward to put these two parameters together, and an error will be reported directly!

You can verify it by writing a code.

Well, we have just gone through a lot of things, but in the final analysis, we can't escape from creating a process, and we also saw the shadow of the so-called Namespace technology in the creation process.

If you are confused about what Namespace is and the code details in this article, just ignore them. The technical principles of containers will be explained in detail later.

Today's article hopes to give you a feeling that as a newbie in container technology, the most confusing point about container technology must be the principles related to Linux processes.

If you have a thorough understanding of the principles of Linux processes, at least how to start a container will no longer confuse you.

The same is true for other knowledge. The basic principles of containers are related to processes, the basic principles of images are related to file systems, and the most difficult and fragmented container network knowledge is actually all basic network knowledge. There is nothing new. While learning container technology, it is equivalent to consolidating the most essential things of many technologies. It is very worthwhile!

Autumn The recruitment has already begun. If you are not well prepared, Autumn It is difficult to find a good job.

Here is a big employment gift package for everyone. You can prepare for the spring recruitment and find a good job!