Intel sabon sigar hypervisor . An gina hypervisor akan abubuwan da aka gyara
hadin gwiwa aikin , wanda, ban da Intel, Alibaba, Amazon, Google da Red Hat suma suna shiga. Rust-VMM an rubuta shi a cikin yaren Rust kuma yana ba ku damar ƙirƙira takamaiman hypervisors na ɗawainiya. Cloud Hypervisor shine irin wannan hypervisor wanda ke ba da babban matakin injin saka idanu (VMM) yana gudana akan KVM kuma an inganta shi don ayyuka na asali na girgije. Lambar aikin lasisi a ƙarƙashin Apache 2.0.
Cloud Hypervisor yana mai da hankali kan gudanar da rarrabawar Linux ta zamani ta amfani da na'urorin da ba su dace ba. Daga cikin mahimman manufofin da aka ambata sune: babban amsawa, ƙarancin amfani da ƙwaƙwalwar ajiya, babban aiki, sauƙaƙan daidaitawa da rage yiwuwar kai hari.
Taimakon kwaikwayi ana kiyaye shi zuwa mafi ƙanƙanta kuma an mai da hankali kan ƙayyadaddun abubuwa. A halin yanzu tsarin x86_64 kawai ake tallafawa, amma ana shirin tallafin AArch64. Don tsarin baƙo, ginanniyar 64-bit na Linux a halin yanzu ana tallafawa. An saita CPU, ƙwaƙwalwar ajiya, PCI da NVDIMM a matakin taro. Yana yiwuwa a yi ƙaura na'urori masu kama da juna tsakanin sabobin.
A cikin sabon sigar:
- An ci gaba da aiki a kan motsa I/O da aka keɓe don raba matakai. An ƙara ikon yin amfani da bayanan baya don yin hulɗa tare da na'urorin toshewa . Canjin yana ba ku damar haɗa na'urorin toshe dangane da tsarin mai amfani da vhost zuwa Cloud Hypervisor, kamar , a matsayin backends ga paravirtualized ajiya;
- Taimako don matsar da ayyukan cibiyar sadarwa zuwa baya, wanda aka gabatar a cikin sakin karshe , an faɗaɗa tare da sabon bayan gida dangane da direban cibiyar sadarwar kama-da-wane . An rubuta bayanan baya a cikin Rust kuma yanzu ana amfani dashi a cikin Cloud Hypervisor a matsayin babban tsarin gine-ginen cibiyar sadarwa na para-virtualized;
- Don haɓaka inganci da tsaro na sadarwa tsakanin mahalli mai masaukin baki da tsarin baƙo, ana ba da shawarar aiwatar da matakan samar da ƙwanƙwasa tare da AF_VSOCK magance (kwayoyin sadarwa na zahiri), aiki ta hanyar virtio. Aiwatar ta dogara ne akan ci gaban aikin , Amazon ya haɓaka. VSOCK yana ba ku damar amfani da daidaitattun POSIX Sockets API don hulɗa tsakanin aikace-aikace a kan baƙo da ɓangarorin masu masaukin baki, wanda ke sauƙaƙe daidaita shirye-shiryen cibiyar sadarwa na yau da kullun don irin wannan hulɗar da aiwatar da hulɗar shirye-shiryen abokin ciniki da yawa tare da aikace-aikacen uwar garken guda ɗaya;
- An ba da tallafi na farko don API ɗin gudanarwa ta amfani da ka'idar HTTP. A nan gaba, wannan API ɗin zai ba da damar fara ayyukan asynchronous akan tsarin baƙo, kamar albarkatun toshe zafi da mahallin ƙaura;
- Ƙara wani Layer tare da aiwatar da sufuri dangane da virtio MMIO (Memory mapped virtio), wanda za'a iya amfani dashi don ƙirƙirar tsarin baƙo kaɗan wanda baya buƙatar kwaikwaiyon bas na PCI;
- A matsayin wani ɓangare na yunƙurin faɗaɗa tallafi don gudanar da tsarin baƙo na gida, Cloud Hypervisor ya ƙara da ikon tura na'urorin IOMMU mara kyau ta hanyar virtio, wanda ke inganta tsaro na gida da tura na'urori kai tsaye.
- An ba da tallafi ga Ubuntu 19.10;
- Ƙara ikon gudanar da tsarin baƙo tare da fiye da 64 GB na RAM.
Bugu da ƙari, ana iya lura da shi m kama-da-wane inji duba , kuma an rubuta shi cikin Tsatsa, dangane da Rust-VMM kuma yana gudana akan KVM. Firecracker shine cokali mai yatsu na aikin , Google yana amfani da shi don ƙaddamar da aikace-aikace и a cikin ChromeOS. Ana haɓaka Firecracker ta Sabis na Yanar Gizon Yanar Gizo na Amazon don haɓaka aiki da ingantaccen dandamali na AWS Lambda da AWS Fargate.
An tsara dandalin don gudanar da injunan ƙira tare da ƙananan kayan aiki da kuma samar da kayan aiki don ƙirƙira da sarrafa keɓaɓɓen wurare da ayyuka da aka gina ta amfani da samfurin ci gaba maras sabar (aiki a matsayin sabis). Firecracker yana ba da injunan kama-da-wane masu nauyi, da ake kira microVMs, waɗanda ke amfani da fasahar sarrafa kayan aiki don samar da cikakkiyar keɓewa yayin isar da aiki da sassaucin kwantena na gargajiya. Misali, lokacin amfani da Firecracker, lokacin daga lokacin da aka ƙaddamar da microVM zuwa farkon aiwatar da aikace-aikacen bai wuce 125ms ba, wanda ke ba ku damar ƙaddamar da sabbin injunan kama-da-wane tare da ƙarfi har zuwa mahalli 150 a sakan daya.
Sabuwar saki na Firecracker yana ƙara yanayin aiki ba tare da ƙaddamar da mai sarrafa API ba ("-no-api"), yana iyakance mahalli kawai ga saitunan da aka ƙulla a cikin fayil ɗin sanyi. An ƙayyadadden ƙayyadaddun ƙayyadaddun ƙayyadaddun tsarin ta hanyar zaɓin “-config-file” kuma an ayyana shi a tsarin JSON. Daga zaɓuɓɓukan layin umarni, an ƙara goyan bayan “—” mai rarrabawa, tutocin da aka ƙayyade bayan su ana wucewa tare da sarkar ba tare da aiki ba.
Amazon, wanda ke haɓaka Firecracker, shima akan bayar da tallafi ga masu haɓaka harshen shirye-shiryen Rust. An lura cewa ana ƙara amfani da Rust a cikin ayyukan kamfanin kuma an riga an aiwatar da shi a cikin ayyuka kamar Lambda, EC2 da S3. Amazon ya ba da aikin Rust tare da kayan aikin don adana abubuwan sakewa da ginawa a cikin S3, gudanar da gwaje-gwaje na regression a cikin EC2, da kuma kula da rukunin docs.rs tare da takaddun shaida don duk fakiti daga ma'ajin crates.io.
Amazon kuma shirin , Inda ayyukan budewa za su iya samun damar yin amfani da kyauta ga ayyukan AWS waɗanda za a iya amfani da su don ajiyar albarkatu, ginawa, ci gaba da haɗin kai, da gwaji. Daga cikin ayyukan da aka riga aka amince da su don shiga cikin shirin, ban da Rust, AdopOpenJDK, Maven Central, Kubernetes, Prometheus, Wakili da Julia an lura da su. Ana karɓar ƙaddamarwa daga kowane buɗaɗɗen aikin da aka bayar a ƙarƙashin lasisin OSI.
source: budenet.ru