An shirya fassarar labarin musamman ga ɗaliban kwas ɗin . Kuna sha'awar haɓaka ta wannan hanyar? Kalli babban aji na Egor Zuev (TeamLead a InBit) kuma ku shiga rukunin kwas na gaba: farawa ranar 26 ga Satumba.
Mutane da yawa suna ƙaura zuwa AWS Lambda don haɓakawa, aiki, tanadi, da ikon ɗaukar miliyoyin ko ma tiriliyan buƙatun kowane wata. Don yin wannan, ba kwa buƙatar sarrafa kayan aikin da sabis ɗin ke gudana akan su. Kuma autoscaling yana ba ku damar yin hidimar dubban buƙatun lokaci guda a sakan daya. Ina tsammanin za a iya kiran AWS Lambda da kyau ɗaya daga cikin shahararrun sabis na AWS.
AWS Lambda
AWS Lambda sabis ne na ƙididdigewa mara izini wanda ke ba ku damar gudanar da lamba ba tare da samarwa ko sarrafa sabar ba kuma ƙara sauran ayyukan AWS ta amfani da dabaru na al'ada. Lambda ta atomatik yana amsa abubuwa daban-daban (wanda ake kira masu jawo), kamar buƙatun HTTP ta hanyar Amazon API Gateway, canje-canje zuwa bayanai a cikin buckets S3 Amazon ko tebur na Amazon DynamoDB; ko za ku iya gudanar da lambar ku ta hanyar kiran API ta amfani da AWS SDK da jujjuyawar jiha a cikin Ayyukan Mataki na AWS.
Lambda yana gudanar da lamba akan ingantaccen kayan aikin kwamfuta kuma yana da cikakken alhakin gudanar da dandamalin da ke ƙasa, gami da uwar garken da kiyaye tsarin aiki, samar da albarkatu, daidaitawa ta atomatik, saka idanu na lamba, da shiga. Wato kawai kuna buƙatar loda lambar ku kuma saita yadda da lokacin da ya kamata a aiwatar da shi. Bi da bi, sabis ɗin zai kula da ƙaddamar da shi kuma ya tabbatar da samun dama ga aikace-aikacen ku.
Yaushe zan canza zuwa Lambda?
AWS Lambda ingantaccen dandamalin kwamfuta ne wanda ya dace da nau'ikan lokuta na amfani, muddin sabis ɗin yana tallafawa yare da lokacin aiki na lambar ku. Idan kuna son mayar da hankali kan lambar ku da dabarun kasuwanci yayin fitar da kulawar uwar garken, samarwa, da ƙima a farashi mai ma'ana, AWS Lambda tabbas shine hanyar da za ku bi.
Lambda ya dace don ƙirƙirar mu'amalar shirye-shirye, kuma idan aka yi amfani da shi tare da haɗin gwiwa tare da Ƙofar API, za ku iya rage tsadar gaske da samun kasuwa cikin sauri. Akwai hanyoyi daban-daban don amfani da ayyukan Lambda da zaɓuɓɓuka don tsara tsarin gine-gine mara sabar - kowa na iya zaɓar wani abu da ya dace dangane da burinsu.
Lambda yana ba ku damar yin ayyuka da yawa. Don haka, godiya ga tallafin CloudWatch, zaku iya ƙirƙirar ayyukan da aka jinkirta kuma ku sarrafa tsarin kowane mutum. Babu wani hani akan yanayi da ƙarfin amfani da sabis ɗin (ana yin la'akari da amfani da ƙwaƙwalwar ajiya da lokaci), kuma babu abin da zai hana ku yin aiki da tsari akan cikakken sabis na microservice dangane da Lambda.
Anan zaka iya ƙirƙirar ayyuka masu dacewa da sabis waɗanda basa ci gaba da gudana. Misali na yau da kullun shine girman hoto. Ko da a yanayin tsarin rarraba, ayyukan Lambda sun kasance masu dacewa.
Don haka, idan ba kwa son yin hulɗa da rarrabawa da sarrafa albarkatun kwamfuta, gwada AWS Lambda; idan ba kwa buƙatar nauyi, ƙididdige yawan albarkatu, kuma gwada AWS Lambda; idan lambar ku tana gudana lokaci-lokaci, daidai ne, yakamata ku gwada AWS Lambda.
Tsaro
Ya zuwa yanzu babu wani korafi game da tsaro. A gefe guda, tun da yawancin matakai na ciki da fasalulluka na aiwatarwa na wannan ƙirar suna ɓoye daga mai amfani na AWS Lambda da ke sarrafa yanayin lokacin gudu, wasu ƙa'idodin da aka yarda da su na tsaro ga girgije sun zama marasa mahimmanci.
Kamar yawancin ayyukan AWS, ana ba da Lambda akan tsarin tsaro da aka raba tsakanin AWS da abokin ciniki. Wannan ka'ida ta rage nauyin aiki a kan abokin ciniki, tun da AWS yana ɗaukar ayyuka na kiyayewa, gudanarwa da kuma kula da sassan sabis - daga tsarin aiki na mai watsa shiri da ƙirar ƙira zuwa ga lafiyar jiki na dukiyar kayan aiki.
Musamman magana game da AWS Lambda, AWS yana da alhakin sarrafa kayan aikin da ke ƙasa, ayyuka masu alaƙa, tsarin aiki, da dandamali na aikace-aikace. Yayin da abokin ciniki ke da alhakin tsaro na lambar sa, adana bayanan sirri, sarrafa damar yin amfani da shi, da kuma sabis na Lambda da albarkatun (Identity and Access Management, IAM), ciki har da iyakokin ayyukan da ake amfani da su.
Hoton da ke ƙasa yana nuna samfurin alhakin da aka raba kamar yadda ya shafi AWS Lambda. Alhakin AWS orange ne kuma alhakin Abokin ciniki shudi ne. Kamar yadda kuke gani, AWS yana ɗaukar ƙarin alhakin aikace-aikacen da aka tura akan sabis ɗin.
Samfurin Nauyin Rarraba Mai Aiwatar da AWS Lambda
Lambda runtime
Babban fa'idar Lambda shine ta hanyar yin aiki a madadin ku, sabis ɗin da kansa yana keɓance abubuwan da ake buƙata. Kuna iya guje wa ɓata lokaci da ƙoƙari akan tsarin gudanarwa da mai da hankali kan dabaru na kasuwanci da coding.
An raba sabis ɗin Lambda zuwa jirage biyu. Na farko shi ne jirgin sarrafawa. A cewar Wikipedia, jirgin da ke sarrafa shi wani bangare ne na hanyar sadarwar da ke da alhakin jigilar zirga-zirgar zirga-zirga da zirga-zirga. Abu na farko shi ne ke yanke shawarar duniya game da samarwa, hidima, da rarraba ayyukan aiki. Bugu da ƙari, jirgin mai sarrafawa yana aiki a matsayin topology na cibiyar sadarwa mai samar da mafita, mai alhakin tafiyar da zirga-zirga.
Jirgin na biyu shine jirgin data. Shi, kamar jirgin sarrafawa, yana da nasa ayyuka. Jirgin sarrafawa yana ba da APIs don sarrafa ayyuka (CreateFunction, UpdateFunctionCode) kuma yana sarrafa yadda Lambda ke sadarwa tare da sauran ayyukan AWS. Jirgin bayanan yana sarrafa Invoke API, wanda ke gudanar da ayyukan Lambda. Bayan an kira wani aiki, jirgin mai sarrafawa yana keɓancewa ko zaɓi wani yanayi na lokacin aiki wanda aka riga aka shirya don wannan aikin, sannan ya aiwatar da lambar a cikinsa.
AWS Lambda yana goyan bayan yarukan shirye-shirye iri-iri, gami da Java 8, Python 3.7, Go, NodeJS 8, .NET Core 2, da sauransu, ta hanyar mahalli na lokaci guda. AWS yana sabunta su akai-akai, yana rarraba facin tsaro, kuma yana yin wasu ayyukan kulawa akan waɗannan mahalli. Lambda yana ba ku damar amfani da wasu harsuna kuma, muddin kun aiwatar da lokacin da ya dace da kanku. Sannan kuma za ku kula da kula da shi, gami da kula da lafiyarsa.
Ta yaya duk yake aiki kuma ta yaya sabis ɗin zai yi ayyukan ku?
Kowane aiki yana gudana a cikin ɗaya ko fiye da wuraren sadaukarwa, waɗanda ke wanzu don rayuwar wannan aikin kawai sannan a lalata su. Kowane mahalli yana yin kira ɗaya ne kawai a lokaci ɗaya, amma ana sake amfani da shi idan akwai kiraye-kiraye masu yawa zuwa aiki iri ɗaya. Duk mahalli na lokacin aiki suna gudana akan injunan kama-da-wane tare da ingantaccen kayan aiki - abin da ake kira microVMs. Ana sanya kowane microVM zuwa takamaiman asusun AWS kuma ana iya sake amfani da shi ta mahalli don yin ayyuka daban-daban a cikin wannan asusun. An tattara MicroVMs zuwa cikin tubalan ginin dandamalin kayan aikin Lambda Worker, wanda AWS ke da shi kuma ke sarrafa shi. Ba za a iya amfani da lokacin gudu iri ɗaya ta ayyuka daban-daban ba, haka ma microVMs ba su keɓanta da asusun AWS daban-daban ba.
AWS Lambda keɓe Model
Ana aiwatar da keɓance mahallin lokacin aiki ta amfani da hanyoyi da yawa. A saman matakin kowane mahalli akwai kwafi daban-daban na abubuwan da ke biyowa:
- Lambar aiki
- Duk wani yadudduka na Lambda da aka zaɓa don aikin
- Yanayin aiwatar da aikin
- Ƙananan sarari mai amfani bisa Amazon Linux
Ana amfani da hanyoyi masu zuwa don ware wurare daban-daban na kisa:
- ƙungiyoyi - iyakance damar yin amfani da CPU, ƙwaƙwalwar ajiya, ajiya da albarkatun cibiyar sadarwa don kowane yanayin lokacin aiki;
- wuraren suna - ID na tsari na tarawa, ID na mai amfani, mu'amalar hanyar sadarwa da sauran albarkatun da Linux kernel ke sarrafawa. Kowane lokacin gudu yana gudana a cikin sunan sa;
- seccomp-bpf - yana ƙuntata kiran tsarin da za a iya amfani dashi a cikin lokacin aiki;
- iptables da tebur na zirga-zirga - warewar yanayin aiwatarwa daga juna;
- chroot - yana ba da iyakataccen dama ga tsarin fayil ɗin da ke ƙasa.
Haɗe da fasahar keɓewar mallakar ta AWS, waɗannan hanyoyin suna tabbatar da amintaccen rabuwar lokacin gudu. Muhalli da ke ware ta wannan hanya ba za su iya samun dama ko gyara bayanai daga wasu wurare ba.
Kodayake lokuta masu yawa na asusun AWS iri ɗaya na iya gudana akan microVM guda ɗaya, a cikin kowane hali ba za a iya raba microVMs tsakanin asusun AWS daban-daban. AWS Lambda yana amfani da hanyoyi guda biyu kawai don ware microVMs: EC2 da Firecracker. Warewar baƙo a Lambda dangane da yanayin EC2 ya kasance tun 2015. Firecracker wani sabon buɗaɗɗen hypervisor ne musamman wanda AWS ya tsara don ayyukan marasa aiki kuma an gabatar dashi a cikin 2018. Ana raba kayan aikin jiki da ke tafiyar da microVMs tsakanin nauyin aiki a cikin asusu daban-daban.
Ajiye yanayi da jihohin aiwatarwa
Kodayake lokutan rundunonin Lambda sun bambanta da ayyuka daban-daban, suna iya kiran aikin iri ɗaya akai-akai, ma'ana lokacin gudu na iya rayuwa na sa'o'i da yawa kafin a lalata su.
Kowane lokacin aikin Lambda shima yana da tsarin fayil ɗin da aka rubuta wanda ake iya samun dama ta hanyar /tmp directory. Ba za a iya isa ga abubuwan da ke cikin sa daga wasu lokutan aiki ba. Dangane da dagewar yanayin aiwatarwa, fayilolin da aka rubuta zuwa /tmp suna wanzu don ɗaukacin yanayin yanayin lokacin aiki. Wannan yana ba da damar tattara sakamakon kira da yawa, wanda ke da amfani musamman ga ayyuka masu tsada kamar nau'ikan koyan na'ura.
Canja wurin bayanai
Ana iya amfani da API ɗin Kira ta hanyoyi biyu: yanayin aukuwa da yanayin amsa buƙatu. A yanayin aukuwa, ana ƙara kiran zuwa jerin gwano don aiwatarwa daga baya. A cikin yanayin amsa buƙatu, ana kiran aikin nan take tare da nauyin da aka bayar, bayan haka ana mayar da martani. A cikin duka biyun, aikin yana gudana a cikin yanayin Lambda, amma tare da hanyoyi daban-daban na biyan kuɗi.
A lokacin kiran amsa buƙatu, nauyin biyan kuɗi yana gudana daga API ɗin sarrafa buƙatun (API Caller), kamar AWS API Gateway ko AWS SDK, zuwa ma'aunin nauyi, sannan zuwa sabis ɗin kiran Lambda (Sabis ɗin Kira). Ƙarshen yana ƙayyade yanayin da ya dace don aiwatar da aikin kuma ya wuce nauyin biya a can don kammala kiran. Ma'auni mai ɗaukar nauyi yana karɓar zirga-zirgar kariya ta TLS akan Intanet. Traffic tsakanin sabis na Lambda-bayan ma'aunin nauyi-yana wucewa ta cikin VPC na ciki a cikin takamaiman yanki na AWS.
Samfurin Gudanar da Kira na AWS Lambda: Yanayin Amsa-Buƙatu
Za a iya yin kiran taron nan da nan ko ƙara zuwa jerin gwano. A wasu lokuta, ana aiwatar da jerin gwano ta amfani da Amazon SQS (Sabis ɗin Sauƙaƙan Queue na Amazon), wanda ke ba da kira zuwa sabis ɗin biyan kira na Lambda ta hanyar tsarin zabe na ciki. TLS tana kiyaye zirga-zirgar da aka watsa, kuma babu ƙarin ɓoye bayanan da aka adana a cikin Amazon SQS.
Kiran taron baya mayar da martani-Ma'aikacin Lambda kawai yayi watsi da duk wani bayanin amsawa. Kira na tushen abubuwan da suka faru daga Amazon S3, Amazon SNS, CloudWatch, da sauran kafofin ana sarrafa su ta Lambda a yanayin aukuwa. Kira daga Amazon Kinesis da rafukan DynamoDB, layin SQS, Ma'aunin Load na Aikace-aikacen, da Kiran Ƙofar API ana sarrafa su ta hanyar amsa buƙatu.
Kulawa
Kuna iya saka idanu da duba ayyukan Lambda ta amfani da hanyoyi da ayyuka iri-iri na AWS, gami da masu zuwa.
CloudWatch na Amazon
Yana tattara ƙididdiga daban-daban kamar adadin buƙatun, tsawon lokacin buƙatun, da adadin buƙatun da suka gaza.
Amazon CloudTrail
Yana ba ku damar shiga, ci gaba da saka idanu, da kula da bayanan ayyukan asusu masu alaƙa da kayan aikin AWS ɗin ku. Za ku sami cikakken tarihin ayyukan da aka yi ta amfani da AWS Management Console, AWS SDK, kayan aikin layin umarni, da sauran ayyukan AWS.
AWS X-ray
Yana ba da cikakkiyar ganuwa cikin duk matakan sarrafa buƙatun a cikin aikace-aikacen ku bisa taswirar abubuwan ciki. Yana ba ku damar yin nazarin aikace-aikace yayin haɓakawa da kuma cikin yanayin samarwa.
Tsarin AWS
Za ku iya bibiyar canje-canje zuwa tsarin aikin Lambda (gami da gogewa) da lokutan gudu, tags, sunayen mai sarrafa, girman lambar, rarraba ƙwaƙwalwar ajiya, saitunan lokacin ƙarewa da saitunan daidaitawa, da rawar aiwatar da Lambda IAM, ƙaddamarwa, da ɗaurin ƙungiyar tsaro. .
ƙarshe
AWS Lambda yana ba da ƙaƙƙarfan saiti na kayan aiki don gina amintattun aikace-aikace masu ƙima. Yawancin ayyukan tsaro da bin doka a cikin AWS Lambda iri ɗaya ne da sauran ayyukan AWS, kodayake akwai keɓantacce. Tun daga Maris 2019, Lambda ya cika da SOC 1, SOC 2, SOC 3, PCI DSS, Amincewar Inshorar Lafiya da Dokar Lantarki (HIPAA), da sauran ka'idoji. Don haka, lokacin da kuke tunanin aiwatar da aikace-aikacenku na gaba, kuyi la'akari da sabis na AWS Lambda - yana iya zama mafi dacewa da aikinku.
source: www.habr.com