An fara ranar 10 ga Agusta a Slurm , wanda muke nazarin shi gaba daya - daga asali na abstractions zuwa sigogi na cibiyar sadarwa.
A cikin wannan labarin za mu yi magana game da tarihin Docker da manyan abubuwan da ke tattare da shi: Hoto, Cli, Dockerfile. An yi laccar ne don masu farawa, don haka da wuya a sami sha'awar masu amfani da gogaggen. Ba za a sami jini, shafi ko zurfin nutsewa ba. Ainihin asali.
Menene Docker
Bari mu kalli ma'anar Docker daga Wikipedia.
Docker software ce don sarrafa sarrafa kai da sarrafa aikace-aikace a cikin mahalli da aka keɓe.
Babu wani abu da ya fito fili daga wannan ma'anar. Ba a san abin da “a cikin mahallin da ke goyan bayan kwantena” ke nufi ba. Don ganowa, bari mu koma cikin lokaci. Bari mu fara da zamanin da na saba kira da “Monolithic Era.”
Monolithic zamanin
Zamanin monolithic shine farkon 2000s, lokacin da duk aikace-aikacen sun kasance monolithic, tare da tarin abubuwan dogaro. Ci gaban ya ɗauki lokaci mai tsawo. A lokaci guda, babu sabobin da yawa, duk mun san su da suna kuma muna kula da su. Akwai irin wannan kwatancen ban dariya:
Dabbobin gida dabbobi ne. A zamanin monolithic, mun ɗauki sabar mu kamar dabbobin gida, masu ado da kuma waɗanda ake so, suna busa ƙura. Kuma don ingantacciyar sarrafa albarkatu, mun yi amfani da haɓakawa: mun ɗauki sabar kuma muka yanke shi cikin injunan kama-da-wane da yawa, ta haka ne muke tabbatar da keɓewar muhalli.
Tsarukan tushen gani na Hypervisor
Wataƙila kowa ya ji game da tsarin haɓakawa: VMware, VirtualBox, Hyper-V, Qemu KVM, da sauransu. Suna ba da keɓewar aikace-aikacen da sarrafa kayan aiki, amma kuma suna da rashin amfani. Don yin kama-da-wane, kuna buƙatar hypervisor. Kuma hypervisor shine babban kayan aiki. Kuma na'urar kama-da-wane da kanta yawanci colossus ce - hoto mai nauyi mai ɗauke da tsarin aiki, Nginx, Apache, da yuwuwar MySQL. Hoton yana da girma kuma injin kama-da-wane ba shi da daɗi don aiki. A sakamakon haka, yin aiki tare da injunan kama-da-wane na iya zama a hankali. Don magance wannan matsalar, an ƙirƙiri tsarin ƙirƙira a matakin kernel.
Tsarin ƙwaƙƙwaran matakin kernel
Ƙwarewar matakin kernel yana tallafawa ta OpenVZ, Systemd-nspawn, tsarin LXC. Misali mai ban mamaki na irin wannan haɓakawa shine LXC (Containers Linux).
LXC tsarin tsarin aiki ne na matakin ƙima don gudanar da keɓantattun lokuta na tsarin aiki na Linux akan kulli ɗaya. LXC baya amfani da injunan kama-da-wane, amma yana ƙirƙirar yanayi mai kama-da-wane tare da nasa sararin tsari da tari na cibiyar sadarwa.
Ainihin LXC yana ƙirƙirar kwantena. Menene bambanci tsakanin injunan kama-da-wane da kwantena?
Akwatin bai dace da tafiyar matakai ba: ana samun lahani a cikin tsarin haɓakawa a matakin kernel wanda ke ba su damar tserewa daga akwati zuwa mai masaukin baki. Don haka, idan kuna buƙatar ware wani abu, yana da kyau a yi amfani da injin kama-da-wane.
Ana iya ganin bambance-bambancen da ke tsakanin haɓakawa da ɗaukar hoto a cikin zane.
Akwai masu sarrafa kayan masarufi, hypervisors a saman OS, da kwantena.
Hardware hypervisors suna da kyau idan da gaske kuna son ware wani abu. Domin yana yiwuwa a ware a matakin shafukan ƙwaƙwalwar ajiya da na'urori masu sarrafawa.
Akwai hypervisors a matsayin shirin, kuma akwai kwantena, kuma za mu yi magana game da su gaba. Tsarin kwantena ba su da hypervisor, amma akwai Injin Kwantena wanda ke ƙirƙira da sarrafa kwantena. Wannan abu ya fi nauyi, don haka saboda aiki tare da ainihin akwai ƙarancin sama ko ɗaya ko kaɗan.
Abin da ake amfani da shi don kwantena a matakin kwaya
Babban fasahohin da ke ba ka damar ƙirƙirar akwati da ke ware daga wasu matakai sune wuraren Suna da Ƙungiyoyin Sarrafa.
Wuraren suna: PID, Sadarwar Sadarwa, Dutsen da Mai amfani. Akwai ƙari, amma don sauƙin fahimta za mu mai da hankali kan waɗannan.
PID Namespace yana iyakance matakai. Lokacin da, alal misali, muka ƙirƙiri Sunan PID kuma muka sanya tsari a can, yana zama tare da PID 1. Yawancin lokaci a cikin tsarin PID 1 ana tsara shi ko init. Saboda haka, lokacin da muka sanya tsari a cikin sabon filin suna, yana kuma karɓar PID 1.
Networking Namespace yana ba ka damar iyakance / ware cibiyar sadarwar da sanya abubuwan mu'amala naka a ciki. Dutsen ƙayyadaddun tsarin fayil ne. Mai amfani — ƙuntatawa akan masu amfani.
Ƙungiyoyin Sarrafa: Ƙwaƙwalwar ajiya, CPU, IOPS, Network - kusan saituna 12 gabaɗaya. In ba haka ba kuma ana kiran su Cgroups ("C-groups").
Ƙungiyoyin sarrafawa suna sarrafa albarkatu don akwati. Ta hanyar Ƙungiyoyin Gudanarwa za mu iya cewa bai kamata akwati ya cinye fiye da wani adadin albarkatun ba.
Don kwantena don yin aiki cikakke, ana amfani da ƙarin fasaha: Ƙarfi, Kwafi-kan-rubuta da sauransu.
Ƙarfi shine lokacin da muka gaya wa tsari abin da zai iya kuma ba zai iya yi ba. A matakin kernel, waɗannan su ne kawai bitmaps tare da sigogi da yawa. Misali, tushen mai amfani yana da cikakken gata kuma yana iya yin komai. Sabar lokaci na iya canza lokacin tsarin: yana da iko akan Time Capsule, kuma shi ke nan. Yin amfani da gata, zaku iya daidaita hane-hane don aiwatarwa, kuma ta haka ne ku kare kanku.
Tsarin Kwafi-kan-rubutu yana ba mu damar yin aiki tare da hotunan Docker kuma muyi amfani da su sosai.
Docker a halin yanzu yana da batutuwan daidaitawa tare da Cgroups v2, don haka wannan labarin yana mai da hankali musamman akan Cgroups v1.
Amma bari mu koma tarihi.
Lokacin da tsarin kama-da-wane ya bayyana a matakin kernel, an fara amfani da su sosai. Babban abin da ke kan hypervisor ya ɓace, amma wasu matsalolin sun kasance:
- manyan hotuna: suna tura tsarin aiki, dakunan karatu, gungun software daban-daban zuwa OpenVZ iri ɗaya, kuma a ƙarshe hoton ya zama babba;
- Babu ma'auni na yau da kullun don marufi da bayarwa, don haka matsalar abin dogaro ya kasance. Akwai yanayi lokacin da guda biyu na lamba suna amfani da ɗakin karatu iri ɗaya, amma tare da nau'i daban-daban. Akwai yuwuwar samun sabani a tsakaninsu.
Don magance duk waɗannan matsalolin, zamani na gaba ya zo.
Zamanin kwantena
Lokacin da Era of Containers ya isa, falsafar aiki tare da su ta canza:
- Ɗayan tsari - akwati ɗaya.
- Muna isar da duk abubuwan dogaro da tsarin ke buƙata zuwa akwati. Wannan yana buƙatar yanke monoliths zuwa microservices.
- Ƙananan hoton, mafi kyau - akwai ƙananan yiwuwar rashin lahani, yana birgima da sauri, da sauransu.
- Misalai sun zama na al'ada.
Ka tuna abin da na ce game da dabbobi da shanu? A da, al'amuran sun kasance kamar dabbobin gida, amma yanzu sun zama kamar shanu. A baya can, akwai monolith - aikace-aikace ɗaya. Yanzu yana da microservices 100, kwantena 100. Wasu kwantena na iya samun kwafi 2-3. Ya zama ƙasa da mahimmanci a gare mu mu sarrafa kowane akwati. Abin da ya fi mahimmanci a gare mu shine kasancewar sabis ɗin kanta: abin da wannan saitin kwantena yayi. Wannan yana canza hanyoyin sa ido.
A cikin 2014-2015, Docker ya haɓaka - fasahar da za mu yi magana game da ita yanzu.
Docker ya canza falsafar da daidaitaccen fakitin aikace-aikacen. Ta amfani da Docker, za mu iya haɗa aikace-aikacen, aika zuwa wurin ajiya, zazzage shi daga can, mu tura shi.
Mun sanya duk abin da muke buƙata a cikin akwati na Docker, don haka an warware matsalar dogaro. Docker yana ba da garantin sake haifuwa. Ina tsammanin mutane da yawa sun ci karo da irreproducibility: duk abin da ke aiki a gare ku, kun tura shi zuwa samarwa, kuma a can ya daina aiki. Tare da Docker wannan matsalar ta tafi. Idan kwandon Docker ɗinku ya fara kuma yayi abin da yake buƙatar yi, to tare da babban matakin yuwuwar zai fara samarwa kuma yayi daidai a can.
Digression game da wuce gona da iri
Kullum ana samun sabani game da sama da ƙasa. Wasu mutane sun yi imanin cewa Docker ba ya ɗaukar ƙarin nauyi, tun da yake yana amfani da kwaya na Linux da duk matakan da suka dace don ɗaukar kaya. Kamar, "idan kun ce Docker yana kan sama, to Linux kernel yana kan gaba."
A gefe guda, idan kun yi zurfi, hakika akwai abubuwa da yawa a cikin Docker waɗanda, tare da mikewa, ana iya cewa suna kan sama.
Na farko shine sararin sunan PID. Lokacin da muka sanya tsari a cikin filin suna, an sanya shi PID 1. A lokaci guda, wannan tsari yana da wani PID, wanda ke kan wurin sunan mai masauki, a waje da akwati. Misali, mun kaddamar da Nginx a cikin akwati, ya zama PID 1 (tsari mai mahimmanci). Kuma a kan mai masaukin yana da PID 12623. Kuma yana da wuya a faɗi yawan abin da ya wuce.
Abu na biyu shi ne Ƙungiyoyi. Bari mu ɗauki Ƙungiyoyin ta hanyar ƙwaƙwalwar ajiya, wato, ikon iyakance ƙwaƙwalwar ajiyar akwati. Lokacin da aka kunna shi, ana kunna ƙididdiga da lissafin ƙwaƙwalwar ajiya: kernel yana buƙatar fahimtar shafuka nawa aka ware da nawa ne har yanzu kyauta ga wannan akwati. Wannan mai yiyuwa ne sama da ƙasa, amma ban ga wani takamaiman bincike kan yadda yake shafar aiki ba. Kuma ni da kaina ban lura cewa aikace-aikacen da ke gudana a Docker ba zato ba tsammani ya sami babban asara a cikin aiki.
Kuma ƙarin bayanin kula game da aiki. Ana wuce wasu sigogin kwaya daga mai gida zuwa akwati. Musamman, wasu sigogi na cibiyar sadarwa. Don haka, idan kuna son gudanar da wani abu mai girma a cikin Docker, alal misali, wani abu da zai yi amfani da hanyar sadarwar rayayye, to aƙalla kuna buƙatar daidaita waɗannan sigogi. Wasu nf_conntrack, misali.
Game da manufar Docker
Docker ya ƙunshi abubuwa da yawa:
- Docker Daemon Injin Kwantena ɗaya ne; kaddamar da kwantena.
- Docker CII shine kayan aikin sarrafa Docker.
- Dockerfile - umarnin kan yadda ake gina hoto.
- Hoto - hoton da aka fitar da akwati daga ciki.
- Kwantena
- Docker rejista ma'ajiyar hoto ce.
A tsari yana kama da wani abu kamar haka:
Docker daemon yana gudana akan Docker_host kuma yana ƙaddamar da kwantena. Akwai Abokin Ciniki wanda ke aika umarni: gina hoton, zazzage hoton, ƙaddamar da akwati. Docker daemon ya je wurin yin rajista ya aiwatar da su. Abokin ciniki na Docker zai iya samun dama ga gida biyu (zuwa soket na Unix) kuma ta hanyar TCP daga mai watsa shiri mai nisa.
Bari mu shiga ta kowane bangare.
Docker daemon - wannan shine sashin uwar garke, yana aiki akan injin mai watsa shiri: zazzage hotuna da ƙaddamar da kwantena daga gare su, ƙirƙirar hanyar sadarwa tsakanin kwantena, tattara rajistan ayyukan. Sa’ad da muka ce “ka halicci siffa,” aljanin yana yin haka ma.
Farashin CLI - Docker abokin ciniki, kayan aikin wasan bidiyo don aiki tare da daemon. Na maimaita, yana iya aiki ba kawai a cikin gida ba, har ma a kan hanyar sadarwa.
Umarni na asali:
docker ps - nuna kwantena waɗanda ke gudana a halin yanzu akan mai masaukin Docker.
Hotunan docker - suna nuna hotunan da aka sauke a gida.
docker search <> - bincika hoto a cikin wurin yin rajista.
docker pull <> - zazzage hoto daga wurin yin rajista zuwa na'ura.
docker gina < > - tattara hoton.
docker run <> - kaddamar da akwati.
docker rm <> - cire akwati.
docker logs <> - rajistan ayyukan
docker start/stop/reat <> - aiki tare da akwati
Idan kun mallaki waɗannan umarni kuma kuna da kwarin gwiwa akan amfani da su, la'akari da kanku ƙware 70% a Docker a matakin mai amfani.
Dockerfile - umarnin don ƙirƙirar hoto. Kusan kowane umarnin umarni sabon layi ne. Bari mu kalli misali.
Wannan shine abin da Dockerfile yayi kama da: umarni a hagu, muhawara a dama. Kowane umarni da ke nan (kuma gabaɗaya an rubuta shi a cikin Dockerfile) yana ƙirƙirar sabon Layer a Hoto.
Ko kallon gefen hagu, za ku iya fahimtar abin da ke faruwa sosai. Mu ce: "ƙirƙira mana babban fayil" - wannan shi ne daya Layer. "Ka sanya babban fayil ɗin aiki" wani Layer ne, da sauransu. Layer cake yana sauƙaƙa rayuwa. Idan na ƙirƙiri wani Dockerfile kuma na canza wani abu a cikin layi na ƙarshe - Ina gudanar da wani abu ban da "python" "main.py", ko shigar da abin dogara daga wani fayil - to za a sake amfani da yadudduka na baya azaman cache.
image - wannan marufi ne; an ƙaddamar da kwantena daga hoton. Idan muka kalli Docker daga ra'ayi na manajan kunshin (kamar muna aiki tare da fakitin bashi ko rpm), to hoton shine ainihin kunshin rpm. Ta hanyar yum install za mu iya shigar da aikace-aikacen, mu goge shi, mu same shi a ma'ajiyar ajiya, sannan mu sauke shi. Yana da kusan iri ɗaya a nan: ana ƙaddamar da kwantena daga hoton, ana adana su a cikin rajistar Docker (kamar yum, a cikin ma'ajiyar ajiya), kuma kowane hoto yana da hash SHA-256, suna da tag.
An gina hoton bisa ga umarnin daga Dockerfile. Kowane umarni daga Dockerfile yana ƙirƙirar sabon Layer. Ana iya sake amfani da yadudduka.
Docker rajista wurin ajiyar hoton Docker ne. Kama da OS, Docker yana da daidaitattun rajista na jama'a - dockerhub. Amma kuna iya gina ma'ajiyar ku, rajistar Docker na ku.
Akwati - abin da aka kaddamar daga hoton. Mun gina hoto bisa ga umarnin daga Dockerfile, sannan mu kaddamar da shi daga wannan hoton. Wannan akwati an keɓe shi daga wasu kwantena kuma dole ne ya ƙunshi duk abin da ake buƙata don aikace-aikacen ya yi aiki. A wannan yanayin, akwati ɗaya - tsari ɗaya. Yana faruwa cewa dole ne ku yi matakai biyu, amma wannan ya ɗan bambanta da akidar Docker.
Bukatun "kwangi ɗaya, tsari ɗaya" yana da alaƙa da Sunan PID. Lokacin da tsari tare da PID 1 ya fara a cikin Namespace, idan ya mutu ba zato ba tsammani, sa'an nan dukan akwati ya mutu ma. Idan matakai guda biyu suna gudana a can: ɗayan yana da rai kuma ɗayan ya mutu, to kwandon zai ci gaba da rayuwa. Amma wannan tambaya ce mafi kyawun Ayyuka, za mu yi magana game da su a cikin wasu kayan.
Don yin nazarin fasali da cikakken shirin kwas ɗin dalla-dalla, da fatan za a bi hanyar haɗin gwiwar: "".
Marubuci: Marcel Ibraev, ƙwararren shugaba Kubernetes, injiniyan aiki a Southbridge, mai magana da haɓaka darussan Slurm.
source: www.habr.com