![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2020-04-02
介紹
Snaps are applications packaged with all their dependencies to run on all popular Linux distributions from a single build.
They update automatically and roll back gracefully.
applications can be found under /snap/bin
Snap
* read only images, called snaps.
* System components and applications as self contained
(except for the most basic OS features, such as network access)
* Offers snaps a secure storage area isolated from other snaps
* snap available using the Snap Store
OS snaps
The OS snap is a repacked rootfs that contains just ‘enough’ to run and manage snaps on a read-only file system.
When you install a snap for the first time, the OS snap (ubuntu-core) gets installed first,
it’s used as the platform for subsequently installed application snaps.
(you can be confident that a snap always runs on the same core stack)
Program
- sanp - a tool for interacting with snaps
- snapd - a management environment that handles installing and updating snaps using the transactional system
Link
HomePage: https://snapcraft.io/
Store(applications): https://snapcraft.io/store
Install
# Debian 10
apt install snapd
reboot
# Centos 7(EPEL)
yum install snapd
reboot
OR
systemctl enable --now snapd.socket
# To enable classic snap support
ln -s /var/lib/snapd/snap /snap
# Check Version
snap version
snap 2.43.3 snapd 2.43.3 series 16 debian 10 kernel 4.19.0-6-amd64
# Test it
snap install hello-world
hello-world
Hello World!
# Original snap, located in /var/lib/snapd/snaps
mount | grep snap
tmpfs on /run/snapd/ns type tmpfs (rw,nosuid,noexec,relatime,size=1623812k,mode=755) /var/lib/snapd/snaps/core_8935.snap on /snap/core/8935 type squashfs (ro,nodev,relatime,x-gdu.hide) /var/lib/snapd/snaps/hello-world_29.snap on /snap/hello-world/29 type squashfs (ro,nodev,relatime,x-gdu.hide)
ps aux | grep [s]napd
root 23563 2.5 0.2 1290420 32832 ? Ssl 18:02 0:04 /usr/lib/snapd/snapd
Install Snaps
Search snap package
snap find lxd
Name Version Publisher Notes Summary lxd 3.23 canonical✓ - System container manager and API
The ✓ alongside videolan in the above output indicates that the snap publisher has been verified
Show snap package info
snap info lxd
name: lxd summary: System container manager and API publisher: Canonical✓ store-url: https://snapcraft.io/lxd contact: https://github.com/lxc/lxd/issues license: unset description: | ... commands: ... services: lxd.activate: oneshot, enabled, inactive lxd.daemon: simple, enabled, inactive snap-id: J60k4JY0HppjwOjW8dZdYc8obXKxujRu tracking: latest/stable refresh-date: today at 15:15 HKT channels: latest/stable: 3.23 2020-03-30 (14133) 70MB - ... installed: 3.23 (14133) 70MB -
Install snap ( i.e. lxd )
snap install lxd
Remark: 指定安裝某一 version
snap install lxd --channel=3.23/stable
List installed snaps on system
snap list [package]
Name Version Rev Tracking Publisher Notes core 16-2.43.3 8689 stable canonical✓ core lxd 3.23 14066 stable canonical✓ -
"core" automatically install by snapd to satisfy the requirements of other snaps.
Listing all installed revisions for a package
snap list --all lxd
Name Version Rev Tracking Publisher Notes lxd 5.0.0-b0287c1 22923 5.0/stable/… canonical✓ disabled lxd 5.0.2-838e1b2 24322 5.0/stable/… canonical✓ -
snap list --all core
Name Version Rev Tracking Publisher Notes core 16-2.43.3 8689 latest/stable canonical✓ core,disabled core 16-2.44.1 8935 latest/stable canonical✓ core
Notes:
'disabled' 即是
ls -l /snap/core
total 0 drwxr-xr-x 24 root root 321 Feb 13 01:41 8689 drwxr-xr-x 24 root root 321 Mar 22 03:18 8935 lrwxrwxrwx 1 root root 4 Mar 31 09:37 current -> 8935
Check for updates (check the channel being tracked by the snap)
snap refresh vlc
Channels
Tracks (Default: latest)
Enable snap developers to publish multiple supported releases of their application under the same snap name.
Risk-levels
stable, candidate, beta, edge
安某 channel 的 package
- snap install ---channel=beta vlc
- snap install --channel=edge vlc
轉另一個 Version
- snap switch --channel=stable vlc
i.e.
snap switch --channel=3.22/stable lxd
snap refresh lxd
snap refresh lxd
Versions and revisions
- Version: the version of the software being packaged, as assigned by the developers
- Revision: the sequence number assigned by the store when the snap file was uploaded
Revision
tree -L 1 /snap/core
/snap/core ├── 8689 ├── 8935 └── current -> 8935
Reverting an installed snap(revisions)
snap list lxd --all
Name Version Rev Tracking Publisher Notes lxd 3.23 14133 latest/stable canonical✓ disabled lxd 4.0.0 14194 latest/stable canonical✓ -
# 由 4.0.0 downgrade 回 3.23
snap revert lxd
lxd reverted to 3.23
Removing a snap
snap remove lxd
Snaps
core
The core runtime environment for snapd
ubuntu-core
...
snapd
Daemon and tooling that enable snap packages
(Install, configure, refresh and remove snap packages.)
lxd
lightweight container hypervisor
Service management
# Lists all services
snap services
Service Startup Current Notes lxd.activate enabled inactive - lxd.daemon enabled inactive socket-activated
# restart, stop, start
- snap restart lxd
- snap stop lxd
- snap start lxd
# To prevent a service from starting on the next boot
- snap stop --disable lxd
# 開機自動 start
- snap start --enable lxd
# keep log output open
snap logs lxd [-f]
Snaps updates(refresh)
Snaps update automatically, and by default, the snapd daemon checks for updates 4 times a day.
Each update check is called a refresh.
人手 update
snap refresh lxd
snap "lxd" has no updates available
Auto update time
snap refresh --time
timer: 00:00~24:00/4 last: n/a hold: today at 20:00 HKT next: today at 18:02 HKT (but held)
OR
timer: 00:00~24:00/4 last: today at 13:27 HKT next: today at 21:19 HKT
Setting
- refresh.timer: defines the refresh frequency and schedule
- refresh.hold: delays the next refresh until the defined time and date
- refresh.metered: pauses refresh updates when network connection is metered
- refresh.retain: sets how many revisions of a snap are stored on the system
i.e.
snap set system refresh.timer=4:00-7:00,19:00-22:10
snap set system refresh.timer=mon,wed # Monday and on Wednesday, at 0:00
snap set system refresh.hold="2020-05-01T00:00:00+08:00"
snap unset system refresh.hold
snap get system refresh.hold
2020-05-01T00:00:00+08:00
# To see details about what changed during the last refresh
snap changes
ID Status Spawn Ready Summary 6 Done today at 17:47 HKT today at 17:47 HKT Switch "lxd" snap to channel "5.9/stable" 7 Done today at 17:47 HKT today at 17:48 HKT Refresh "lxd" snap
Keep revisions
# maximum number of a snap's revisions stored by the system after the next refresh
snap set system refresh.retain=3
snap get system refresh.retain
3
人手清沒用的 revision
ls -l /snap/core
total 0 drwxr-xr-x 24 root root 321 Feb 13 01:41 8689 drwxr-xr-x 24 root root 321 Mar 22 03:18 8935 lrwxrwxrwx 1 root root 4 Mar 31 09:37 current -> 8935
snap remove core --revision=8689
Interface management
When a snap needs to access a resource outside of its own confinement, it uses an interface.
listing is for connected plugs and slots for all snaps in the system
snap connections [<snap>]
i.e
snap connections lxd
Interface Plug Slot Notes lxd - lxd:lxd - lxd-support lxd:lxd-support :lxd-support - network lxd:network :network - network-bind lxd:network-bind :network-bind - system-observe lxd:system-observe :system-observe -
--all to also list unconnected plugs and slots.
slot is the provider of the interface (can support multiple plug connections) while the plug is the consumer
Interfaces provided by the system begin with the : (colon) symbol and are implemented by the Core snap
# To make a connection
snap connect <snap>:<plug interface> <snap>:<slot interface>
# To disconnect an interface
snap disconnect <snap>:<plug interface> <snap>:<slot interface>
Snap Configuration
snap get SNAP
If there are no configuration options, you will see "error: snap <snap name> has no configuration"
Snapshot
# manually (creates a snapshot for all installed snaps)
# automatically when a snap is removed
# --no-wait => regaining access to your terminal
snap save [--no-wait]
Set Snap Age Version Rev Size Notes 2 core 304ms 16-2.44.1 8935 124B - 2 lxd 204ms 3.23 14133 451B -
# see the state of your system’s snapshots
snap saved [--id=2]
Set Snap Age Version Rev Size Notes 1 lxd 2d22h 3.23 14066 451B auto 2 core 22.3s 16-2.44.1 8935 124B - 2 lxd 22.2s 3.23 14133 451B -
* auto in the Notes => Automatic snapshot
# To verify the integrity of a snapshot
snap check-snapshot 2
Snapshot #2 verified successfully.
# Restoring a snapshot
snap restore 2
# Deleting a snapshot
snap forget 2
Snapshot #2 forgotten.
Automatic snapshot
* a snapshot is generated automatically when a snap is removed
# The default value is 31 days
# change to 30 hours
snap set system snapshots.automatic.retention=30h
# To Disable
snap set system snapshots.automatic.retention=no
Snapshot anatomy
Snapshots are stored as a zip file for each snap
- meta.json: describes the contents of the snapshot, alongside its configuration and checksums for the archives.
- archive.tgz: contains system data.
- user/<username>.tgz: contains any user data (for each system user).
Ubuntu-based systems: /var/lib/snapd/snapshots
snap's confinement level
the degree of isolation it has from your system.
Strict
not access your files, network, processes or any other system resource without requesting specific access via an interface
uses security features of the Linux kernel, including AppArmor, seccomp and namespaces,
to prevent applications and services accessing the wider system.
Classic
Allows access to your system 's resources in much the same way traditional packages do.
Checking
snap info --verbose lxd | grep confinement
confinement: strict
