AI Agent 学习笔记 – 腾讯Cube Sandbox https://skyao.net/learning-ai-agent/infra/environment/sandbox/cubesandbox/ Recent content in 腾讯Cube Sandbox on AI Agent 学习笔记 Hugo -- gohugo.io zh-cn Tue, 27 May 2025 00:00:00 +0000 Infra: 介绍 https://skyao.net/learning-ai-agent/infra/environment/sandbox/cubesandbox/introduction/ Tue, 27 May 2025 00:00:00 +0000 https://skyao.net/learning-ai-agent/infra/environment/sandbox/cubesandbox/introduction/ <h2 id="介绍">介绍</h2> <p><a href="https://github.com/TencentCloud/CubeSandbox/blob/master/README_zh.md">https://github.com/TencentCloud/CubeSandbox/blob/master/README_zh.md</a></p> <p>Cube Sandbox 是一款基于 RustVMM 与 KVM 构建的高性能、开箱即用的安全沙箱服务。它既支持单机部署,也能够很方便的扩展到多台机器的集群服务。同时对外兼容E2B SDK, 在60ms内就可以创建一个具备服务能力的硬件隔离沙箱环境,并保持着小于5M的内存开销。</p> <p>核心优势:</p> <ul> <li><strong>极致冷启动:</strong> 基于资源池化预置和快照克隆技术,直接跳过耗时初始化流程。整个沙箱服务端到端冷启动一个可服务的沙箱时间平均 &lt; 60ms</li> <li><strong>单机千例的高密部署:</strong> 基于 CoW 技术实现极致内存复用,用 Rust 重构底层极致裁剪,使得单实例内存开销低至 &lt;5MB,轻松在一台机器上跑起数千个 Agent。</li> <li><strong>真正的内核级隔离:</strong> 告别不安全的 Docker 共享内核(Namespace)。每个 Agent 拥有独立的 Guest OS 内核,杜绝容器逃逸,放心运行任何大模型生成的未知代码。</li> <li><strong>零成本迁移(E2B 完美平替):</strong> 原生兼容 E2B SDK 接口规范。只需替换一个 URL 环境变量,无需业务代码改动就可切换到免费的 Cube Sandbox,并获得更好的性能体验。</li> <li><strong>网络安全:</strong> 基于 eBPF 的 CubeVS 在内核态实现严格的沙箱间网络隔离,支持细粒度出站流量过滤策略。</li> <li><strong>开箱即用:</strong> 可一键快速部署,同时支持单机部署和集群部署。</li> <li><strong>事件级快照回滚(coming soon):</strong> 百毫秒级的高频快照回滚能力,基于快照快速创建分叉探索环境</li> <li><strong>可用于生产环境:</strong> Cube Sandbox 已在腾讯云生产环境中经历大规模的服务验证,稳定可靠。</li> </ul> <h2 id="官网">官网</h2> <p>github 代码仓库:</p> <p><a href="https://github.com/TencentCloud/CubeSandbox">https://github.com/TencentCloud/CubeSandbox</a></p> <h2 id="架构概览">架构概览</h2> <p><img src="https://github.com/TencentCloud/CubeSandbox/raw/master/docs/assets/cube-sandbox-arch.png" alt=""></p> <table> <thead> <tr> <th>组件</th> <th>职责</th> </tr> </thead> <tbody> <tr> <td><strong>CubeAPI</strong></td> <td>兼容 E2B 的 REST API 网关(Rust),替换 URL 即可从 E2B 无缝切换。</td> </tr> <tr> <td><strong>CubeMaster</strong></td> <td>编排调度器,接收 API 请求并分发到对应 Cubelet,负责资源调度与集群状态维护。</td> </tr> <tr> <td><strong>CubeProxy</strong></td> <td>反向代理,兼容 E2B 协议,将请求路由到对应沙箱。</td> </tr> <tr> <td><strong>Cubelet</strong></td> <td>计算节点本地调度组件,管理单节点所有沙箱实例的完整生命周期。</td> </tr> <tr> <td><strong>CubeVS</strong></td> <td>基于 eBPF 内核态转发的虚拟交换机,提供网络隔离与安全策略支持。</td> </tr> <tr> <td><strong>CubeHypervisor &amp; CubeShim</strong></td> <td>虚拟化层 —— CubeHypervisor 负责管理 KVM MicroVM,CubeShim 实现 containerd Shim v2 接口,将沙箱集成到容器运行时。</td> </tr> </tbody> </table> <h2 id="网络模型">网络模型</h2> <p>参考官方文档: <a href="https://github.com/TencentCloud/CubeSandbox/blob/master/docs/zh/architecture/network.md">https://github.com/TencentCloud/CubeSandbox/blob/master/docs/zh/architecture/network.md</a></p> <h2 id="资料">资料</h2> <ul> <li><a href="https://cloud.tencent.com/developer/article/2659528">腾讯云开源OpenAI、Manus同款Agent底座</a></li> </ul> Infra: 快速开始 https://skyao.net/learning-ai-agent/infra/environment/sandbox/cubesandbox/quickstart/ Tue, 27 May 2025 00:00:00 +0000 https://skyao.net/learning-ai-agent/infra/environment/sandbox/cubesandbox/quickstart/ <p><a href="https://github.com/TencentCloud/CubeSandbox/blob/master/README_zh.md#%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B">https://github.com/TencentCloud/CubeSandbox/blob/master/README_zh.md#%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B</a></p> <h2 id="准备开发环境">准备开发环境</h2> <p>安装好 ripgrep :</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install ripgrep -y </span></span></code></pre></div><p>准备目录,克隆源代码,并准备镜像文件:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>mkdir -p ~/work/code/cubesandbox/ </span></span><span style="display:flex;"><span><span style="color:#204a87">cd</span> ~/work/code/cubesandbox/ </span></span><span style="display:flex;"><span>git clone https://cnb.cool/CubeSandbox/CubeSandbox </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#204a87">cd</span> CubeSandbox/dev-env </span></span><span style="display:flex;"><span>./prepare_image.sh </span></span></code></pre></div><p>输出为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Downloading image to /root/work/code/cubesandbox/CubeSandbox/dev-env/.workdir/OpenCloudOS-GenericCloud-9.4-20251120.0.x86_64.qcow2 </span></span></code></pre></div><p>这个镜像文件有一点大,1.1GB:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>ls -lh /root/work/code/cubesandbox/CubeSandbox/dev-env/.workdir/OpenCloudOS-GenericCloud-9.4-20251120.0.x86_64.qcow2 </span></span><span style="display:flex;"><span>-rw-r--r-- <span style="color:#0000cf;font-weight:bold">1</span> root root 1.1G Apr <span style="color:#0000cf;font-weight:bold">25</span> 09:22 /root/work/code/cubesandbox/CubeSandbox/dev-env/.workdir/OpenCloudOS-GenericCloud-9.4-20251120.0.x86_64.qcow2 </span></span></code></pre></div><p>下载完成后继续:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Resizing qcow2 in place to 100G </span></span><span style="display:flex;"><span>Image resized. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Image preparation finished </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Image path: /root/work/code/cubesandbox/CubeSandbox/dev-env/.workdir/OpenCloudOS-GenericCloud-9.4-20251120.0.x86_64.qcow2 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Starting guest root disk auto-grow workflow </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> User : opencloudos </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> SSH port : <span style="color:#0000cf;font-weight:bold">10022</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Image : /root/work/code/cubesandbox/CubeSandbox/dev-env/.workdir/OpenCloudOS-GenericCloud-9.4-20251120.0.x86_64.qcow2 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Booting OpenCloudOS <span style="color:#0000cf;font-weight:bold">9</span> VM </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Image : /root/work/code/cubesandbox/CubeSandbox/dev-env/.workdir/OpenCloudOS-GenericCloud-9.4-20251120.0.x86_64.qcow2 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Login user : opencloudos </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Password : opencloudos </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> SSH : ssh -p <span style="color:#0000cf;font-weight:bold">10022</span> opencloudos@127.0.0.1 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Cube API : http://127.0.0.1:13000 -&gt; guest:3000 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> CubeProxy : http://127.0.0.1:11080 -&gt; guest:80 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> CubeProxy : https://127.0.0.1:11443 -&gt; guest:443 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Background mode: </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> PID file : /root/work/code/cubesandbox/CubeSandbox/dev-env/.workdir/qemu.pid </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>run_vm<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Serial log : /root/work/code/cubesandbox/CubeSandbox/dev-env/.workdir/qemu-serial.log </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Waiting <span style="color:#204a87;font-weight:bold">for</span> guest SSH to become ready... </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Guest SSH is ready </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Uploading grow_rootfs.sh to the guest... </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> grow_rootfs.sh uploaded </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Running grow_rootfs.sh inside the guest... </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>grow_rootfs<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Current root device : /dev/vda4 </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>grow_rootfs<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Current root filesystem : xfs </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>grow_rootfs<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Growing partition /dev/vda4 to the end of disk /dev/vda </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>grow_rootfs<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Partition already fills the disk, continuing to grow the filesystem </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>grow_rootfs<span style="color:#ce5c00;font-weight:bold">][</span>WARN<span style="color:#ce5c00;font-weight:bold">]</span> NOCHANGE: partition <span style="color:#0000cf;font-weight:bold">4</span> is size 208138207. it cannot be grown </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>grow_rootfs<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Online-growing XFS root filesystem </span></span><span style="display:flex;"><span>meta-data<span style="color:#ce5c00;font-weight:bold">=</span>/dev/vda4 <span style="color:#000">isize</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">512</span> <span style="color:#000">agcount</span><span style="color:#ce5c00;font-weight:bold">=</span>43, <span style="color:#000">agsize</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">606016</span> <span style="color:#000">blks</span> </span></span><span style="display:flex;"><span> <span style="color:#ce5c00;font-weight:bold">=</span> <span style="color:#000">sectsz</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">512</span> <span style="color:#000">attr</span><span style="color:#ce5c00;font-weight:bold">=</span>2, <span style="color:#000">projid32bit</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">1</span> </span></span><span style="display:flex;"><span> <span style="color:#ce5c00;font-weight:bold">=</span> <span style="color:#000">crc</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#000">finobt</span><span style="color:#ce5c00;font-weight:bold">=</span>1, <span style="color:#000">sparse</span><span style="color:#ce5c00;font-weight:bold">=</span>1, <span style="color:#000">rmapbt</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">1</span> </span></span><span style="display:flex;"><span> <span style="color:#ce5c00;font-weight:bold">=</span> <span style="color:#000">reflink</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#000">bigtime</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#000">inobtcount</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> <span style="color:#000">nrext64</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> </span></span><span style="display:flex;"><span><span style="color:#000">data</span> <span style="color:#ce5c00;font-weight:bold">=</span> <span style="color:#000">bsize</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">4096</span> <span style="color:#000">blocks</span><span style="color:#ce5c00;font-weight:bold">=</span>26017275, <span style="color:#000">imaxpct</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">25</span> </span></span><span style="display:flex;"><span> <span style="color:#ce5c00;font-weight:bold">=</span> <span style="color:#000">sunit</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">0</span> <span style="color:#000">swidth</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">0</span> blks </span></span><span style="display:flex;"><span><span style="color:#000">naming</span> <span style="color:#ce5c00;font-weight:bold">=</span>version <span style="color:#0000cf;font-weight:bold">2</span> <span style="color:#000">bsize</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">4096</span> ascii-ci<span style="color:#ce5c00;font-weight:bold">=</span>0, <span style="color:#000">ftype</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> </span></span><span style="display:flex;"><span><span style="color:#000">log</span> <span style="color:#ce5c00;font-weight:bold">=</span>internal log <span style="color:#000">bsize</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">4096</span> <span style="color:#000">blocks</span><span style="color:#ce5c00;font-weight:bold">=</span>16384, <span style="color:#000">version</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#000">2</span> </span></span><span style="display:flex;"><span> <span style="color:#ce5c00;font-weight:bold">=</span> <span style="color:#000">sectsz</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">512</span> <span style="color:#000">sunit</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">0</span> blks, lazy-count<span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">1</span> </span></span><span style="display:flex;"><span><span style="color:#000">realtime</span> <span style="color:#ce5c00;font-weight:bold">=</span>none <span style="color:#000">extsz</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">4096</span> <span style="color:#000">blocks</span><span style="color:#ce5c00;font-weight:bold">=</span>0, <span style="color:#000">rtextents</span><span style="color:#ce5c00;font-weight:bold">=</span><span style="color:#0000cf;font-weight:bold">0</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>grow_rootfs<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> XFS root filesystem grown </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>grow_rootfs<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Root disk expansion finished, current usage: </span></span><span style="display:flex;"><span>Filesystem Size Used Avail Use% Mounted on </span></span><span style="display:flex;"><span>/dev/vda4 100G 3.1G 97G 4% / </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Guest root filesystem expansion finished </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Uploading setup_selinux.sh to the guest... </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> setup_selinux.sh uploaded </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Switching guest SELinux to permissive... </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_selinux<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Current SELinux mode: Enforcing </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_selinux<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Switching SELinux to permissive <span style="color:#204a87;font-weight:bold">for</span> the current boot... </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_selinux<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> SELinux is now permissive at runtime </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_selinux<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Persisting <span style="color:#000">SELinux</span><span style="color:#ce5c00;font-weight:bold">=</span>permissive in /etc/selinux/config </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_selinux<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Persistent SELinux mode updated to permissive </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_selinux<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> SELinux setup finished <span style="color:#ce5c00;font-weight:bold">(</span>mode: Permissive<span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Guest SELinux is now permissive <span style="color:#ce5c00;font-weight:bold">(</span>persistent<span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Uploading setup_path.sh to the guest... </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> setup_path.sh uploaded </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Adding /usr/local/<span style="color:#ce5c00;font-weight:bold">{</span>sbin,bin<span style="color:#ce5c00;font-weight:bold">}</span> to login PATH and sudo secure_path... </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_path<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Installing login shell PATH override at /etc/profile.d/cubesandbox-path.sh </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_path<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Login shell PATH override installed </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_path<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Validating /etc/sudoers.d/00-cubesandbox-path with visudo -cf </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_path<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> sudo secure_path updated at /etc/sudoers.d/00-cubesandbox-path </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Guest PATH setup finished </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Uploading setup_banner.sh to the guest... </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> setup_banner.sh uploaded </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Installing welcome banner inside the guest... </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_banner<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Installing welcome banner at /etc/profile.d/cubesandbox-banner.sh </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_banner<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Welcome banner installed at /etc/profile.d/cubesandbox-banner.sh </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Welcome banner installed inside the guest </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Uploading setup_autostart.sh to the guest... </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> setup_autostart.sh uploaded </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Installing cube-sandbox-oneclick.service unit <span style="color:#ce5c00;font-weight:bold">(</span>not enabled<span style="color:#ce5c00;font-weight:bold">)</span>... </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_autostart<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Writing systemd unit: /etc/systemd/system/cube-sandbox-oneclick.service </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_autostart<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Unit file written </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_autostart<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Reloading systemd manager configuration... </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_autostart<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> systemd daemon-reload <span style="color:#204a87;font-weight:bold">done</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_autostart<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> cube-sandbox-oneclick.service is installed but NOT enabled. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_autostart<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Run dev-env/cube-autostart.sh from the host to turn it on. </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>setup_autostart<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Autostart unit setup finished </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Autostart unit installed inside the guest <span style="color:#ce5c00;font-weight:bold">(</span><span style="color:#204a87">enable</span> it later via dev-env/cube-autostart.sh<span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Requesting graceful shutdown from the guest... </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> Guest has shut down cleanly </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> All <span style="color:#204a87;font-weight:bold">done</span>: </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> 1. Image downloaded </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> 2. qcow2 resized to 100G </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> 3. VM booted and guest root filesystem expanded </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> 4. Guest SELinux <span style="color:#204a87">set</span> to permissive </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> 5. /usr/local/<span style="color:#ce5c00;font-weight:bold">{</span>sbin,bin<span style="color:#ce5c00;font-weight:bold">}</span> added to login PATH and sudo secure_path </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> 6. Welcome banner installed inside the guest </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> 7. cube-sandbox-oneclick.service unit installed <span style="color:#ce5c00;font-weight:bold">(</span>not enabled<span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>OK<span style="color:#ce5c00;font-weight:bold">]</span> 8. VM powered off cleanly </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>prepare_image<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> You can now run ./run_vm.sh to start the dev VM </span></span></code></pre></div><p>这个脚本 <code>./prepare_image.sh</code> 是一键构建和初始化开发环境(Virtual Machine, 虚拟机)的自动化准备脚本。</p> <p>简单来说,它的核心工作是:<strong>下载一个纯净的操作系统镜像 -&gt; 扩容 -&gt; 启动它 -&gt; 连入其中进行各种开发环境所需的系统级配置 -&gt; 最后安全关机,留下一个配置好的镜像供后续使用。</strong></p> <p>根据你的输出日志,它具体执行了以下 8 个步骤:</p> <ol> <li>下载基础系统镜像 (Image downloaded)</li> </ol> <p>脚本首先将 OpenCloudOS 9.4 的云镜像(<code>qcow2</code> 格式)下载到了你本地的 <code>.workdir</code> 隐藏目录下。这是一个纯净的初始操作系统。</p> <ol start="2"> <li>外部扩容虚拟磁盘 (qcow2 resized to 100G)</li> </ol> <p>下载的原始镜像通常很小(比如只有几 GB)。脚本使用工具(如 <code>qemu-img</code>)在宿主机层面将这个 <code>qcow2</code> 虚拟磁盘文件的<strong>最大容量上限</strong>扩展到了 100GB。</p> <ol start="3"> <li>后台启动虚拟机并映射端口 (Booting OpenCloudOS 9 VM)</li> </ol> <p>脚本使用 QEMU 在后台启动了这个虚拟机,并配置了一系列端口映射(把虚拟机的端口暴露给你当前的物理机):</p> <ul> <li><strong>SSH</strong>: 本地 <code>10022</code> 端口 -&gt; 虚拟机 <code>22</code> 端口(账号密码均为 <code>opencloudos</code>)。</li> <li><strong>Cube API</strong>: 本地 <code>13000</code> -&gt; 虚拟机 <code>3000</code>。</li> <li><strong>CubeProxy</strong>: 本地 <code>11080/11443</code> -&gt; 虚拟机 <code>80/443</code>。 启动后,脚本一直等待直到虚拟机的 SSH 服务就绪。</li> </ul> <ol start="4"> <li>内部扩展根文件系统 (Guest root filesystem expanded)</li> </ol> <p>由于第 2 步只是扩大了“物理硬盘”的容量,虚拟机系统内部的“分区”还没变大。</p> <ul> <li>脚本通过 SSH 将 <code>grow_rootfs.sh</code> 脚本传进虚拟机并运行。</li> <li>在虚拟机内部,它自动将 <code>/dev/vda4</code> 分区和 XFS 文件系统扩容。</li> <li><strong>结果</strong>:系统的根目录 <code>/</code> 成功获取了全部 100GB 的空间(目前只用了 3.1GB,剩余 97GB)。</li> </ul> <ol start="5"> <li>放宽 SELinux 权限 (Guest SELinux set to permissive)</li> </ol> <ul> <li>为了避免在开发过程中遇到复杂的权限阻碍,脚本上传并运行了 <code>setup_selinux.sh</code>。</li> <li>它将虚拟机的 SELinux 状态从严格的 <code>Enforcing</code> 改为了宽容模式 <code>Permissive</code>(只记录警告,不拦截操作)。</li> <li>并且修改了 <code>/etc/selinux/config</code> 确保以后每次重启都生效。</li> </ul> <ol start="6"> <li>配置环境变量 PATH (Guest PATH setup)</li> </ol> <ul> <li>上传并运行 <code>setup_path.sh</code>。</li> <li>它将 <code>/usr/local/sbin</code> 和 <code>/usr/local/bin</code> 添加到了用户的登录环境变量(<code>/etc/profile.d/</code>)以及 <code>sudo</code> 的安全路径(<code>/etc/sudoers.d/</code>)中。</li> <li><strong>目的</strong>:以后你自己编译或安装在这些目录下的开发工具,可以直接敲命令运行,不需要输入绝对路径。</li> </ul> <ol start="7"> <li>安装欢迎词横幅 (Welcome banner installed)</li> </ol> <ul> <li>上传并运行 <code>setup_banner.sh</code>。</li> <li>在 <code>/etc/profile.d/</code> 下配置了一个横幅(Banner)。以后只要有人通过 SSH 登录进这个虚拟机,就会看到打印出来的提示信息或 Logo。</li> </ul> <ol start="8"> <li>配置自启动服务,并安全关机 (Autostart unit installed &amp; powered off cleanly)</li> </ol> <ul> <li>上传了 <code>setup_autostart.sh</code> 并创建了一个 systemd 服务 <code>cube-sandbox-oneclick.service</code>,用于以后一键启动你的核心应用。<strong>注意:目前只是安装了,并没有激活(Not enabled)。</strong></li> <li>所有配置完成后,脚本向虚拟机发送关机指令(Graceful shutdown)。</li> <li>虚拟机安全关机。</li> </ul> <p>正如日志最后一行提示的: <code>[prepare_image][INFO] You can now run ./run_vm.sh to start the dev VM</code></p> <p>这个 100G 的、已经配置好开发环境的镜像已经准备就绪了。之后启动这个开发环境,保持此终端不关:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>./run_vm.sh </span></span></code></pre></div><p>新开一个终端,进入上一步准备好的环境:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#204a87">cd</span> work/code/cubesandbox/ </span></span><span style="display:flex;"><span><span style="color:#204a87">cd</span> CubeSandbox/dev-env <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> ./login.sh </span></span></code></pre></div><p>输出为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>login<span style="color:#ce5c00;font-weight:bold">][</span>INFO<span style="color:#ce5c00;font-weight:bold">]</span> Logging into opencloudos@127.0.0.1:10022 and switching to root <span style="color:#ce5c00;font-weight:bold">(</span>sudo -i<span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span>Warning: Permanently added <span style="color:#4e9a06">&#39;[127.0.0.1]:10022&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>ED25519<span style="color:#ce5c00;font-weight:bold">)</span> to the list of known hosts. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> ____ _ ____ _ _ </span></span><span style="display:flex;"><span> / ___<span style="color:#000;font-weight:bold">|</span> _<span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span>__ ___/ ___<span style="color:#000;font-weight:bold">|</span> __ _ _ __ __<span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span>__ _____ __ </span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#4e9a06">&#39;_ \ / _ \___ \ / _` | &#39;</span>_ <span style="color:#4e9a06">\ </span>/ _<span style="color:#4e9a06">`</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#a40000">&#39;</span>_ <span style="color:#4e9a06">\ </span>/ _ <span style="color:#4e9a06">\ \/</span> / </span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span>__<span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span>_<span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span>_<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#000;font-weight:bold">|</span> __/___<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#ce5c00;font-weight:bold">(</span>_<span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#ce5c00;font-weight:bold">(</span>_<span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span>_<span style="color:#ce5c00;font-weight:bold">)</span> <span style="color:#000;font-weight:bold">|</span> <span style="color:#ce5c00;font-weight:bold">(</span>_<span style="color:#ce5c00;font-weight:bold">)</span> &gt; &lt; </span></span><span style="display:flex;"><span> <span style="color:#4e9a06">\_</span>___<span style="color:#4e9a06">\_</span>_,_<span style="color:#000;font-weight:bold">|</span>_.__/ <span style="color:#4e9a06">\_</span>__<span style="color:#000;font-weight:bold">|</span>____/ <span style="color:#4e9a06">\_</span>_,_<span style="color:#000;font-weight:bold">|</span>_<span style="color:#000;font-weight:bold">|</span> <span style="color:#000;font-weight:bold">|</span>_<span style="color:#000;font-weight:bold">|</span><span style="color:#4e9a06">\_</span>_,_<span style="color:#000;font-weight:bold">|</span>_.__/ <span style="color:#4e9a06">\_</span>__/_/<span style="color:#4e9a06">\_\ </span></span></span><span style="display:flex;"><span><span style="color:#4e9a06"></span> </span></span><span style="display:flex;"><span>Welcome to the Cube Sandbox development environment! </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> * Guest OS : OpenCloudOS <span style="color:#0000cf;font-weight:bold">9</span> <span style="color:#ce5c00;font-weight:bold">(</span>qcow2, 100G root disk<span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> * Project repo : https://github.com/tencentcloud/CubeSandbox </span></span><span style="display:flex;"><span> * Install cmd : curl -sL https://cnb.cool/CubeSandbox/CubeSandbox/-/git/raw/master/deploy/one-click/online-install.sh <span style="color:#000;font-weight:bold">|</span> <span style="color:#000">MIRROR</span><span style="color:#ce5c00;font-weight:bold">=</span>cn bash </span></span><span style="display:flex;"><span> * Cube API : http://127.0.0.1:3000 <span style="color:#ce5c00;font-weight:bold">(</span>from guest<span style="color:#ce5c00;font-weight:bold">)</span> / http://127.0.0.1:13000 <span style="color:#ce5c00;font-weight:bold">(</span>from host<span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>This VM is a disposable dev environment<span style="color:#000;font-weight:bold">;</span> <span style="color:#204a87;font-weight:bold">do</span> not use it <span style="color:#204a87;font-weight:bold">for</span> production. </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>root@localhost ~<span style="color:#ce5c00;font-weight:bold">]</span><span style="color:#8f5902;font-style:italic"># </span> </span></span></code></pre></div><p>文档提示: 该命令会把你送进一台一次性的 Linux 环境中,后续所有安装都在这里进行,不会污染你的宿主机。</p> <p>继续启动沙箱服务:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -sL https://cnb.cool/CubeSandbox/CubeSandbox/-/git/raw/master/deploy/one-click/online-install.sh <span style="color:#000;font-weight:bold">|</span> <span style="color:#000">MIRROR</span><span style="color:#ce5c00;font-weight:bold">=</span>cn bash </span></span></code></pre></div><p>这个命令在执行时会报错:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> &gt; <span style="color:#ce5c00;font-weight:bold">[</span>cube-proxy 2/8<span style="color:#ce5c00;font-weight:bold">]</span> RUN mkdir -p /data/log/cube-proxy/ /usr/local/openresty/nginx/conf/global/ /usr/local/openresty/nginx/certs/ <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> sed -i <span style="color:#4e9a06">&#34;s#https\?://dl-cdn.alpinelinux.org/alpine#https://mirrors.tuna.tsinghua.edu.cn/alpine#g&#34;</span> /etc/apk/repositories <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> apk update <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> apk add tcpdump <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> apk add vim <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> apk add tzdata <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> apk add python3 <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> apk add py3-pip <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> apk add bpftrace busybox curl ethtool file gawk inetutils-telnet iperf iperf3 iproute2 netcat-openbsd net-tools sysstat wget <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> pip3 install -i <span style="color:#4e9a06">&#34;https://pypi.tuna.tsinghua.edu.cn/simple&#34;</span> pythonping requests <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime <span style="color:#ce5c00;font-weight:bold">&amp;&amp;</span> <span style="color:#204a87">echo</span> <span style="color:#4e9a06">&#34;Asia/Shanghai&#34;</span> &gt; /etc/timezone: </span></span><span style="display:flex;"><span>0.070 fetch https://mirrors.tuna.tsinghua.edu.cn/alpine/v3.17/main/x86_64/APKINDEX.tar.gz </span></span><span style="display:flex;"><span>0.169 ERROR: https://mirrors.tuna.tsinghua.edu.cn/alpine/v3.17/main: remote server returned error <span style="color:#ce5c00;font-weight:bold">(</span>try <span style="color:#4e9a06">&#39;apk update&#39;</span><span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span>0.169 WARNING: Ignoring https://mirrors.tuna.tsinghua.edu.cn/alpine/v3.17/main: No such file or directory </span></span><span style="display:flex;"><span>0.169 fetch https://mirrors.tuna.tsinghua.edu.cn/alpine/v3.17/community/x86_64/APKINDEX.tar.gz </span></span><span style="display:flex;"><span>0.265 ERROR: https://mirrors.tuna.tsinghua.edu.cn/alpine/v3.17/community: remote server returned error <span style="color:#ce5c00;font-weight:bold">(</span>try <span style="color:#4e9a06">&#39;apk update&#39;</span><span style="color:#ce5c00;font-weight:bold">)</span> </span></span><span style="display:flex;"><span>0.265 WARNING: Ignoring https://mirrors.tuna.tsinghua.edu.cn/alpine/v3.17/community: No such file or directory </span></span><span style="display:flex;"><span>0.265 <span style="color:#0000cf;font-weight:bold">2</span> errors<span style="color:#000;font-weight:bold">;</span> <span style="color:#0000cf;font-weight:bold">85</span> distinct packages available </span></span><span style="display:flex;"><span>------ </span></span><span style="display:flex;"><span>failed to solve: process <span style="color:#4e9a06">&#34;/bin/sh -c mkdir -p /data/log/cube-proxy/ /usr/local/openresty/nginx/conf/global/ /usr/local/openresty/nginx/certs/ &amp;&amp; sed -i \&#34;s#https\\?://dl-cdn.alpinelinux.org/alpine#</span><span style="color:#4e9a06">${</span><span style="color:#000">ALPINE_MIRROR_URL</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">#g\&#34; /etc/apk/repositories &amp;&amp; apk update &amp;&amp; apk add tcpdump &amp;&amp; apk add vim &amp;&amp; apk add tzdata &amp;&amp; apk add python3 &amp;&amp; apk add py3-pip &amp;&amp; apk add bpftrace busybox curl ethtool file gawk inetutils-telnet iperf iperf3 iproute2 netcat-openbsd net-tools sysstat wget &amp;&amp; pip3 install -i \&#34;</span><span style="color:#4e9a06">${</span><span style="color:#000">PIP_INDEX_URL</span><span style="color:#4e9a06">}</span><span style="color:#4e9a06">\&#34; pythonping requests &amp;&amp; cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &amp;&amp; echo \&#34;Asia/Shanghai\&#34; &gt; /etc/timezone&#34;</span> did not <span style="color:#204a87">complete</span> successfully: <span style="color:#204a87">exit</span> code: <span style="color:#0000cf;font-weight:bold">2</span> </span></span></code></pre></div><p>看错误日志是说 Alpine 3.17 版本太老,已经停止维护 (EOL),清华大学开源镜像站(TUNA)已经清理并下架了该版本的软件包。因此服务器返回了 remote server returned error (try &lsquo;apk update&rsquo;) 和 No such file or directory(404 )。</p> <p>给官方提交了一个 bug: <a href="https://github.com/TencentCloud/CubeSandbox/issues/85">https://github.com/TencentCloud/CubeSandbox/issues/85</a></p> <p>在正式修复之前,先看看能不能临时解决。先把脚本下载下来:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>wget https://cnb.cool/CubeSandbox/CubeSandbox/-/git/raw/master/deploy/one-click/online-install.sh -O online-install.sh </span></span></code></pre></div><p>直接执行本地已经下载好的这个 MIRROR=cn bash ./online-install.sh 脚本:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#000">MIRROR</span><span style="color:#ce5c00;font-weight:bold">=</span>cn bash ./MIRROR<span style="color:#ce5c00;font-weight:bold">=</span>cn bash ./online-install.sh </span></span></code></pre></div><p>然后发现已经更新,上面的问题解决了。继续执行,发现报错 xfs:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#ce5c00;font-weight:bold">[</span>one-click<span style="color:#ce5c00;font-weight:bold">]</span> ERROR: The filesystem that will host /data/cubelet is on <span style="color:#4e9a06">&#39;/&#39;</span> <span style="color:#ce5c00;font-weight:bold">(</span>type: ext4<span style="color:#ce5c00;font-weight:bold">)</span>, which is not XFS. </span></span><span style="display:flex;"><span> Cube Sandbox requires the /data/cubelet directory to reside on an XFS filesystem. </span></span><span style="display:flex;"><span> Options: </span></span><span style="display:flex;"><span> 1. Mount a dedicated XFS-formatted partition at /data/cubelet: </span></span><span style="display:flex;"><span> mkfs.xfs /dev/&lt;your-partition&gt; </span></span><span style="display:flex;"><span> mount /dev/&lt;your-partition&gt; /data/cubelet </span></span><span style="display:flex;"><span> 2. Ensure the parent path <span style="color:#ce5c00;font-weight:bold">(</span>/<span style="color:#ce5c00;font-weight:bold">)</span> itself is on XFS. </span></span></code></pre></div><p>我的磁盘分区如下:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>lsblk -f </span></span><span style="display:flex;"><span>NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS </span></span><span style="display:flex;"><span>nvme0n1 </span></span><span style="display:flex;"><span>│ </span></span><span style="display:flex;"><span>├─nvme0n1p1 </span></span><span style="display:flex;"><span>│ </span></span><span style="display:flex;"><span>├─nvme0n1p2 </span></span><span style="display:flex;"><span>│ vfat FAT32 560E-DDD5 1013.2M 1% /boot/efi </span></span><span style="display:flex;"><span>├─nvme0n1p3 </span></span><span style="display:flex;"><span>│ │ LVM2_m LVM2 v3SRzN-3z22-OLDA-LHRf-q5cO-uvTg-eniAqS </span></span><span style="display:flex;"><span>│ ├─pve-swap </span></span><span style="display:flex;"><span>│ │ swap <span style="color:#0000cf;font-weight:bold">1</span> 530d218b-6bf8-4bff-b5a9-8b2b09c4dcfe <span style="color:#ce5c00;font-weight:bold">[</span>SWAP<span style="color:#ce5c00;font-weight:bold">]</span> </span></span><span style="display:flex;"><span>│ └─pve-root </span></span><span style="display:flex;"><span>│ ext4 1.0 771feb17-395e-42c6-94a9-eb9f67ad888f 3.1T 5% / </span></span><span style="display:flex;"><span>└─nvme0n1p4 </span></span><span style="display:flex;"><span> ext4 1.0 85d49f17-ff26-4a67-87ed-2020014c3a8f </span></span></code></pre></div><p>目前是安装了 pve9. 准备从 771feb17-395e-42c6-94a9-eb9f67ad888f 这个 3.1T 的分区拆出来 512G,作为一个新的分区,然后格式化为 xfs 挂在到 /data/cubelet。</p> <p>先安装 parted 软件:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>apt-get update </span></span><span style="display:flex;"><span>apt-get install parted </span></span></code></pre></div>