Hoʻomaka i ka lā 10 o ʻAukake ma Slurm , kahi mākou e hoʻopaʻa pono ai - mai nā abstractions kumu a i nā ʻāpana pūnaewele.
Ma kēia ʻatikala e kamaʻilio mākou e pili ana i ka mōʻaukala o Docker a me kāna mau abstractions nui: Image, Cli, Dockerfile. Hoʻolālā ʻia ka haʻiʻōlelo no nā poʻe hoʻomaka, no laila ʻaʻole paha e hoihoi i nā mea hoʻohana ʻike. ʻAʻohe koko, ʻokoʻa a i ʻole ka hoʻolulu hohonu. ʻO nā kumu nui loa.
He aha ka Docker
E nānā i ka wehewehe ʻana o Docker mai Wikipedia.
He polokalamu ʻo Docker no ka hoʻokaʻawale ʻana a me ka hoʻokele ʻana i nā noi ma nā wahi i hoʻopaʻa ʻia.
ʻAʻohe mea i maopopo mai kēia wehewehe. ʻAʻole maopopo loa i ke ʻano o "ma nā kaiapuni e kākoʻo ana i ka containerization". No ka ʻike, e hoʻi kāua i ka wā. E hoʻomaka kākou me ke au aʻu i kapa mau ai ʻo "Monolithic Era."
Ke au monolithic
ʻO ka wā monolithic ka 2000s mua, i ka wā i monolithic nā noi āpau, me kahi hui o nā hilinaʻi. Ua lōʻihi ka hoʻomohala ʻana. I ka manawa like, ʻaʻole nui nā kikowaena; ʻike mākou iā lākou ma ka inoa a nānā iā lākou. Aia kekahi ʻano hoʻohālikelike like ʻole:
ʻO nā holoholona ka holoholona holoholona. I ka wā monolithic, mālama mākou i kā mākou mau kikowaena e like me nā holoholona, hoʻomaʻamaʻa ʻia a aloha ʻia, e puhi ana i nā ʻāpana lepo. A no ka hoʻokele waiwai ʻoi aku ka maikaʻi, ua hoʻohana mākou i ka virtualization: lawe mākou i kahi kikowaena a ʻokiʻoki i loko o nā mīkini virtual, a laila e hōʻoiaʻiʻo ai i ka noho kaʻawale ʻana o ke kaiapuni.
ʻO nā ʻōnaehana virtualization ma luna o Hypervisor
Ua lohe paha nā kānaka a pau e pili ana i nā ʻōnaehana virtualization: VMware, VirtualBox, Hyper-V, Qemu KVM, etc. Hāʻawi lākou i ka hoʻokaʻawale noi a me ka hoʻokele waiwai, akā loaʻa iā lākou nā hemahema. No ka hana virtualization, pono ʻoe i kahi hypervisor. A ʻo ka hypervisor he kumu waiwai ma luna. A ʻo ka mīkini virtual ponoʻī he colossus holoʻokoʻa - he kiʻi kaumaha i loaʻa kahi ʻōnaehana hana, Nginx, Apache, a me MySQL paha. Nui ke kiʻi a ʻaʻole maʻalahi ka mīkini virtual e hana. ʻO ka hopena, hiki ke lohi ka hana ʻana me nā mīkini virtual. No ka hoʻoponopono ʻana i kēia pilikia, ua hana ʻia nā ʻōnaehana virtualization ma ka pae kernel.
Nā ʻōnaehana hoʻonaʻauao kiʻekiʻe kernel
Kākoʻo ʻia ʻo Kernel-level virtualization e OpenVZ, Systemd-nspawn, LXC ʻōnaehana. ʻO kahi hiʻohiʻona koʻikoʻi o ia virtualization ʻo LXC (Linux Containers).
ʻO LXC kahi ʻōnaehana virtualization pae ʻōnaehana no ka holo ʻana i nā manawa kaʻawale he nui o ka ʻōnaehana hana Linux ma hoʻokahi node. ʻAʻole hoʻohana ʻo LXC i nā mīkini maʻemaʻe, akā hana ʻo ia i kahi kaiapuni kūlohelohe me kāna wahi kaʻina hana ponoʻī a me ka waihona pūnaewele.
Hana ʻo LXC i nā ipu. He aha ka ʻokoʻa ma waena o nā mīkini virtual a me nā ipu?
ʻAʻole kūpono ka pahu no ka hoʻokaʻawale ʻana i nā kaʻina hana: ʻike ʻia nā nāwaliwali i nā ʻōnaehana virtualization ma ka pae kernel e hiki ai iā lākou ke pakele mai ka pahu i ka host. No laila, inā pono ʻoe e hoʻokaʻawale i kekahi mea, ʻoi aku ka maikaʻi o ka hoʻohana ʻana i kahi mīkini virtual.
Hiki ke ʻike ʻia nā ʻokoʻa ma waena o ka virtualization a me ka containerization i ke kiʻi.
Aia nā hypervisors hardware, hypervisors ma luna o ka OS, a me nā ipu.
Maikaʻi nā hypervisors hardware inā makemake ʻoe e hoʻokaʻawale i kekahi mea. No ka mea hiki ke hoʻokaʻawale i ka pae o nā ʻaoʻao hoʻomanaʻo a me nā mea hana.
Aia nā hypervisors ma ke ʻano he papahana, a aia nā pahu, a e kamaʻilio hou mākou e pili ana iā lākou. ʻAʻohe hypervisor nā ʻōnaehana containerization, akā aia kahi Container Engine e hana a mālama i nā ipu. ʻOi aku ka maʻalahi o kēia mea, no laila, ma muli o ka hana ʻana me ke kumu, ʻoi aku ka liʻiliʻi o ke poʻo a ʻaʻole loa.
He aha ka mea i hoʻohana ʻia no ka containerization ma ka pae kernel
ʻO nā ʻenehana nui e ʻae iā ʻoe e hana i kahi pahu i hoʻokaʻawale ʻia mai nā kaʻina hana ʻē aʻe ʻo Namespaces a me nā Pūʻulu Mana.
Namespaces: PID, Networking, Mount and User. Nui aʻe, akā no ka maʻalahi o ka hoʻomaopopo ʻana e kālele mākou i kēia mau mea.
PID Namespace nā kaʻina hana. No ka laʻana, hana mākou i kahi PID Namespace a kau i kahi kaʻina ma laila, lilo ia me PID 1. ʻO ka maʻamau i nā ʻōnaehana ʻo PID 1 ka systemd a i ʻole init. No laila, ke kau mākou i kahi kaʻina hana i kahi inoa inoa hou, loaʻa iā ia ka PID 1.
ʻAe ʻo Networking Namespace iā ʻoe e kaupalena / hoʻokaʻawale i ka pūnaewele a kau i kāu mau pilina i loko. He palena ʻōnaehana waihona ka mauna. Mea hoʻohana—ka palena i nā mea hoʻohana.
Nā Pūʻulu Mana: Hoʻomanaʻo, CPU, IOPS, Pūnaewele - ma kahi o 12 mau hoʻonohonoho i ka huina. A i ʻole, kapa ʻia lākou ʻo Cgroups ("C-groups").
Mālama nā Pūʻulu Mana i nā kumuwaiwai no kahi pahu. Ma o nā Pūʻulu Manaʻo hiki iā mākou ke ʻōlelo ʻaʻole pono e hoʻopau ka pahu ma mua o ka nui o nā kumuwaiwai.
No ka hana piha o ka containerization, hoʻohana ʻia nā ʻenehana hou aʻe: Capabilities, Copy-on-write a me nā mea ʻē aʻe.
ʻO ka hiki ke haʻi mākou i kahi kaʻina hana i ka mea hiki a hiki ʻole ke hana. Ma ka pae kernel, he mau bitmaps wale nō kēia me nā ʻāpana he nui. No ka laʻana, loaʻa i ka mea hoʻohana kumu nā pono piha a hiki ke hana i nā mea āpau. Hiki i ke kikowaena manawa ke hoʻololi i ka manawa ʻōnaehana: loaʻa iā ia nā mana ma ka Time Capsule, a ʻo ia nō. Ke hoʻohana nei i nā pono, hiki iā ʻoe ke hoʻonohonoho maʻalahi i nā palena no nā kaʻina hana, a laila e pale iā ʻoe iho.
ʻO ka ʻōnaehana Copy-on-write hiki iā mākou ke hana me nā kiʻi Docker a hoʻohana pono iā lākou.
Loaʻa iā Docker nā pilikia kūpono me Cgroups v2, no laila e pili pono ana kēia ʻatikala ma Cgroups v1.
Akā, e hoʻi kākou i ka mōʻaukala.
Ke ʻike ʻia nā ʻōnaehana virtualization ma ka pae kernel, hoʻomaka lākou e hoʻohana ikaika. Ua nalowale ke poʻo ma luna o ka hypervisor, akā ua koe kekahi mau pilikia:
- nā kiʻi nui: hoʻokuʻu lākou i kahi ʻōnaehana hana, nā hale waihona puke, kahi pūʻulu o nā polokalamu like ʻole i ka OpenVZ hoʻokahi, a ma ka hopena ke huli nei ke kiʻi i mea nui loa;
- ʻAʻohe kūlana maʻamau no ka hoʻopili ʻana a me ka lawe ʻana, no laila ke mau nei ka pilikia o nā hilinaʻi. Aia kekahi mau manawa i hoʻohana ʻia nā ʻāpana code ʻelua i ka waihona like, akā me nā ʻano like ʻole. Aia paha he paio ma waena o lākou.
No ka hoʻoponopono ʻana i kēia mau pilikia a pau, ua hiki mai ka wā e hiki mai ana.
Ke au pahu
I ka hiki ʻana mai o ka Era of Containers, ua loli ka manaʻo o ka hana ʻana me lākou:
- Hoʻokahi kaʻina hana - hoʻokahi pahu.
- Hāʻawi mākou i nā hilinaʻi āpau e pono ai ke kaʻina hana i kāna pahu. Pono kēia e ʻoki i nā monoliths i nā microservices.
- ʻO ka liʻiliʻi o ke kiʻi, ʻoi aku ka maikaʻi - ʻoi aku ka liʻiliʻi o nā nāwaliwali, ʻoi aku ka wikiwiki, a pēlā aku.
- Lilo nā manawa ephemeral.
E hoʻomanaʻo i kaʻu i ʻōlelo ai e pili ana i nā holoholona a me nā pipi? Ma mua, ua like nā ʻano me nā holoholona holoholona, akā i kēia manawa ua lilo lākou me he pipi. Ma mua, aia kahi monolith - hoʻokahi noi. I kēia manawa he 100 microservices, 100 pahu. Loaʻa i kekahi mau pahu he 2-3 replicas. Lilo ka mea nui iā mākou e hoʻomalu i kēlā me kēia pahu. ʻO ka mea nui loa iā mākou ʻo ka loaʻa ʻana o ka lawelawe ponoʻī: he aha ka hana o kēia pūʻulu pahu. Hoʻololi kēia i ke ʻano o ka nānā ʻana.
Ma 2014-2015, ua ulu ʻo Docker - ka ʻenehana a mākou e kamaʻilio ai i kēia manawa.
Ua hoʻololi ʻo Docker i ka philosophy a me ka hoʻopili palapala noi maʻamau. Ke hoʻohana nei iā Docker, hiki iā mākou ke hoʻopili i kahi noi, hoʻouna iā ia i kahi waihona, hoʻoiho iā ia mai laila, a kau iā ia.
Hoʻokomo mākou i nā mea a pau e pono ai mākou i loko o ka pahu Docker, no laila ua hoʻoholo ʻia ka pilikia hilinaʻi. Hōʻoiaʻiʻo ʻo Docker i ka reproducibility. Manaʻo wau ua loaʻa i nā poʻe he nui i ka hiki ʻole ke hana: hana nā mea āpau iā ʻoe, paʻi ʻoe iā ia i ka hana ʻana, a ma laila e pau ai ka hana. Me Docker ua pau kēia pilikia. Inā hoʻomaka kāu pahu Docker a hana i ka mea e pono ai ke hana, a laila me ke kiʻekiʻe kiʻekiʻe o ka hiki ke hoʻomaka i ka hana a hana like ma laila.
Hoʻokaʻawale e pili ana i luna
Loaʻa nā hoʻopaʻapaʻa e pili ana i nā overheads. Manaʻo kekahi poʻe ʻaʻole lawe ʻo Docker i kahi ukana ʻē aʻe, no ka mea, hoʻohana ʻo ia i ka kernel Linux a me kāna mau hana āpau e pono ai no ka containerization. E like me, "inā ʻōlelo ʻoe aia ʻo Docker ma luna o ke poʻo, a laila ma luna o ka Linux kernel."
Ma ka ʻaoʻao ʻē aʻe, inā e hele hohonu ʻoe, aia kekahi mau mea ma Docker, me kahi kikoʻī, hiki ke ʻōlelo ʻia ma luna.
ʻO ka mua ka inoa inoa PID. Ke kau mākou i kahi kaʻina hana i kahi inoa inoa, ua hāʻawi ʻia iā PID 1. I ka manawa like, loaʻa i kēia kaʻina kahi PID ʻē aʻe, aia ma ka inoa inoa host, ma waho o ka ipu. No ka laʻana, ua hoʻokuʻu mākou iā Nginx i loko o kahi pahu, ua lilo ia i PID 1 (kaʻina kumu). A ma luna o ka mea hoʻokipa he PID 12623. A he mea paʻakikī ke haʻi i ka nui o ka overhead.
ʻO ka lua o ka mea ʻo Cgroups. E lawe kāua i nā Cgroups ma ka hoʻomanaʻo, ʻo ia hoʻi, ka hiki ke kaupalena i ka hoʻomanaʻo o kahi pahu. Ke hoʻohana ʻia, hoʻāla ʻia nā helu helu a me ka helu hoʻomanaʻo: pono e hoʻomaopopo ka kernel i ka nui o nā ʻaoʻao i hoʻokaʻawale ʻia a ʻehia ka nui o nā mea i koe no kēia pahu. He luna paha kēia, akā ʻaʻole au i ʻike i nā haʻawina pololei e pili ana i ka hopena o ka hana. A ʻaʻole wau i ʻike ua loaʻa koke ka noi e holo ana ma Docker i kahi poho nui i ka hana.
A hoʻokahi ʻōlelo hou e pili ana i ka hana. Hāʻawi ʻia kekahi mau ʻāpana kernel mai ka host i ka ipu. ʻO keʻano, kekahi mau palena pūnaewele. No laila, inā makemake ʻoe e holo i kahi hana kiʻekiʻe ma Docker, no ka laʻana, kahi mea e hoʻohana ikaika i ka pūnaewele, a laila pono ʻoe e hoʻoponopono i kēia mau ʻāpana. ʻO kekahi nf_conntrack, no ka laʻana.
E pili ana i ka manaʻo Docker
Aia i Docker kekahi mau ʻāpana:
- ʻO Docker Daemon ka Container Engine like; hoʻokuʻu i nā ipu.
- ʻO Docker CII kahi pono hoʻokele Docker.
- Dockerfile - nā ʻōlelo aʻoaʻo no ke kūkulu ʻana i kiʻi.
- Kiʻi — ke kiʻi kahi i ʻōwili ʻia ai ka ipu.
- Ipu.
- ʻO Docker registry kahi waihona kiʻi.
Schematically ʻano like kēia:
Holo ʻo Docker daemon ma Docker_host a hoʻokuʻu i nā ipu. Aia kekahi Client e hoʻouna i nā kauoha: kūkulu i ke kiʻi, hoʻoiho i ke kiʻi, hoʻomaka i ka ipu. Hele ʻo Docker daemon i ka papa inoa a hoʻokō iā lākou. Hiki i ka mea kūʻai aku Docker ke komo i ka ʻāina ʻelua (i kahi socket Unix) a ma o TCP mai kahi host mamao.
E hele kāua i kēlā me kēia māhele.
Docker daemon - ʻo ia ka ʻāpana kikowaena, hana ia ma ka mīkini hoʻokipa: hoʻoiho i nā kiʻi a hoʻokuʻu i nā ipu mai lākou, hana i kahi pūnaewele ma waena o nā ipu, hōʻiliʻili i nā lāʻau. Ke ʻōlelo mākou "hana i kiʻi," ke hana nei ka daimonio.
Docker CLI - ʻO ka ʻāpana o ka mea kūʻai aku ʻo Docker, console pono no ka hana ʻana me ka daemon. Ke haʻi hou aku nei au, hiki iā ia ke hana ʻaʻole wale ma ka ʻāina, akā ma luna o ka pūnaewele.
Nā kauoha kumu:
docker ps - hōʻike i nā pahu e holo nei ma ka host Docker.
kiʻi docker - hōʻike i nā kiʻi i hoʻoiho ʻia ma ka ʻāina.
ʻimi docker <> - huli i kahi kiʻi ma ka papa inoa.
docker pull <> - hoʻoiho i kahi kiʻi mai ka papa inoa i ka mīkini.
hana hale hana < > - hōʻiliʻili i ke kiʻi.
holo docker <> - hoʻomaka i ka ipu.
docker rm <> - wehe i ka pahu.
nā lāʻau docker <> - nā pahu pahu
docker start/stop/restart <> - hana me ka ipu
Inā haku ʻoe i kēia mau kauoha a hilinaʻi i ka hoʻohana ʻana iā lākou, e noʻonoʻo ʻoe iā ʻoe iho he 70% mākaukau ma Docker ma ka pae hoʻohana.
dockerfile - nā kuhikuhi no ka hana ʻana i kiʻi. Aneane he papa hou kēlā me kēia kauoha aʻo. E nānā kākou i kekahi laʻana.
ʻO kēia ke ʻano o ka Dockerfile: nā kauoha ma ka hema, nā hoʻopaʻapaʻa ma ka ʻākau. ʻO kēlā me kēia kauoha ma aneʻi (a kākau ʻia ma ka Dockerfile) e hana i kahi papa hou ma Image.
ʻOiai e nānā ana i ka ʻaoʻao hema, hiki iā ʻoe ke hoʻomaopopo i ka mea e hana nei. 'Ōlelo mākou: "e hana i kahi waihona no mākou" - hoʻokahi papa kēia. "E hana i ka waihona" kahi papa ʻē aʻe, a pēlā aku. He maʻalahi ke ola o ka papa keke. Inā hana wau i kahi Dockerfile hou a hoʻololi i kekahi mea ma ka laina hope - holo wau i kahi mea ʻē aʻe ma mua o "python" "main.py", a i ʻole e hoʻokomo i nā hilinaʻi mai kahi faila ʻē aʻe - a laila e hoʻohana hou ʻia nā papa mua ma ke ʻano he cache.
Image - ʻo kēia ka pahu pahu; hoʻokuʻu ʻia nā ipu mai ke kiʻi. Inā mākou e nānā iā Docker mai ka manaʻo o kahi luna hoʻopihapiha (me he mea lā mākou e hana pū ana me nā deb a i ʻole rpm pūʻulu), a laila ʻo ke kiʻi ke kiʻi rpm. Ma o yum install hiki iā mākou ke hoʻokomo i ka noi, holoi iā ia, loaʻa i loko o ka waihona, a hoʻoiho iā ia. Ua like ia ma aneʻi: ua hoʻokuʻu ʻia nā pahu mai ke kiʻi, mālama ʻia lākou i loko o ka waihona Docker (e like me yum, i loko o kahi waihona), a loaʻa i kēlā me kēia kiʻi he SHA-256 hash, kahi inoa a me kahi hōʻailona.
Kūkulu ʻia ke kiʻi e like me nā kuhikuhi mai ka Dockerfile. Hoʻokumu kēlā me kēia aʻo mai ka Dockerfile i kahi papa hou. Hiki ke hoʻohana hou ʻia nā papa.
Kakau inoa Docker he waihona kiʻi Docker. E like me ka OS, loaʻa iā Docker kahi papa inoa maʻamau - dockerhub. Akā hiki iā ʻoe ke kūkulu i kāu waihona ponoʻī, kāu hoʻopaʻa inoa Docker ponoʻī.
ipu - ka mea i hoʻokuʻu ʻia mai ke kiʻi. Ua kūkulu mākou i kiʻi e like me nā kuhikuhi mai ka Dockerfile, a laila hoʻomaka mākou mai kēia kiʻi. Hoʻokaʻawale ʻia kēia pahu mai nā pahu ʻē aʻe a pono e loaʻa nā mea āpau e pono ai ka noi e hana. I kēia hihia, hoʻokahi pahu - hoʻokahi kaʻina. Pono ʻoe e hana i ʻelua kaʻina hana, akā ʻano kūʻē kēia i ka manaʻo Docker.
ʻO ke koi "hoʻokahi pahu, hoʻokahi kaʻina" pili i ka PID Namespace. Ke hoʻomaka ke kaʻina hana me PID 1 ma Namespace, inā make koke ia, a laila make pū ka pahu holoʻokoʻa. Inā ʻelua mau kaʻina e holo ana ma laila: ola kekahi a make kekahi, a laila e hoʻomau ke ola o ka pahu. Akā, he nīnau kēia no ka Best Practices, e kamaʻilio mākou e pili ana iā lākou ma nā mea ʻē aʻe.
No ke aʻo ʻana i nā hiʻohiʻona a me ka papahana piha o ka papa i nā kikoʻī hou aku, e ʻoluʻolu e hahai i ka loulou: “".
Mea kākau: Marcel Ibraev, luna hoʻomalu Kubernetes i hōʻoia ʻia, hoʻomaʻamaʻa ʻenekinia ma Southbridge, ʻōlelo a me ka mea hoʻomohala o nā papa Slurm.
Source: www.habr.com