Pib thaum Lub Yim Hli 10th hauv Slurm , nyob rau hauv uas peb txheeb xyuas nws tag nrho - los ntawm cov ntsiab lus abstractions mus rau network tsis.
Hauv tsab xov xwm no peb yuav tham txog keeb kwm ntawm Docker thiab nws cov ntsiab lus tseem ceeb: Duab, Cli, Dockerfile. Cov lus qhuab qhia yog npaj rau cov pib tshiab, yog li nws tsis zoo li yuav muaj kev txaus siab rau cov neeg siv paub txog. Yuav tsis muaj ntshav, ntxiv rau, lossis qhov tob tob. Qhov yooj yim heev.
Docker yog dab tsi
Cia peb saib lub ntsiab lus ntawm Docker los ntawm Wikipedia.
Docker yog software rau automating kev xa mus thiab kev tswj cov ntawv thov hauv qhov chaw ntim khoom.
Tsis muaj dab tsi yog qhov tseeb ntawm qhov kev txhais no. Nws yog qhov tshwj xeeb tsis paub meej tias "hauv ib puag ncig uas txhawb nqa ntim khoom" txhais tau li cas. Yuav kom paub, cia peb rov qab mus rau lub sijhawm. Cia peb pib nrog lub sijhawm uas kuv pom zoo hu ua "Monolithic Era."
Monolithic era
Lub sijhawm monolithic yog thaum ntxov 2000s, thaum txhua daim ntawv thov yog monolithic, nrog ib pawg ntawm kev vam khom. Kev loj hlob tau siv sijhawm ntev. Tib lub sijhawm, tsis muaj ntau lub servers; peb txhua tus paub lawv los ntawm lub npe thiab saib xyuas lawv. Muaj xws li kev sib piv funny:
Cov tsiaj yog cov tsiaj hauv tsev. Nyob rau hauv lub sijhawm monolithic, peb tau kho peb cov servers zoo li cov tsiaj, tu thiab tu siab, tshuab tawm cov plua plav tawm. Thiab rau kev tswj hwm cov peev txheej zoo dua, peb siv virtualization: peb muab lub server thiab txiav nws mus rau ntau lub tshuab virtual, yog li ua kom muaj kev sib cais ntawm ib puag ncig.
Hypervisor-based virtualization systems
Txhua leej txhua tus tau hnov ββββtxog cov tshuab virtualization: VMware, VirtualBox, Hyper-V, Qemu KVM, thiab lwm yam. Lawv muab cov ntawv thov cais tawm thiab kev tswj hwm cov peev txheej, tab sis lawv kuj muaj qhov tsis zoo. Txhawm rau ua virtualization, koj xav tau ib tus neeg saib xyuas. Thiab tus hypervisor yog cov khoom siv nyiaj siv ua haujlwm. Thiab lub tshuab virtual nws tus kheej feem ntau yog tag nrho cov colossus - cov duab hnyav uas muaj kev ua haujlwm, Nginx, Apache, thiab tejzaum nws yog MySQL. Cov duab loj thiab lub tshuab virtual tsis yooj yim rau kev khiav lag luam. Yog li ntawd, kev ua haujlwm nrog cov tshuab virtual tuaj yeem ua haujlwm qeeb. Txhawm rau daws qhov teeb meem no, cov tshuab virtualization tau tsim nyob rau ntawm qib ntsiav.
Kernel-level virtualization systems
Kernel-theem virtualization yog txhawb los ntawm OpenVZ, Systemd-nspawn, LXC systems. Ib qho piv txwv zoo ntawm xws li virtualization yog LXC (Linux Containers).
LXC yog ib qho kev ua haujlwm-theem virtualization system rau kev khiav ntau qhov sib cais ntawm Linux operating system ntawm ib qho ntawm ib qho. LXC tsis siv cov tshuab virtual, tab sis tsim ib puag ncig virtual nrog nws tus kheej txheej txheem chaw thiab pawg network.
Qhov tseem ceeb LXC tsim cov ntim khoom. Dab tsi yog qhov txawv ntawm cov tshuab virtual thiab ntim khoom?
Lub thawv tsis haum rau kev cais cov txheej txheem: qhov tsis muaj peev xwm pom muaj nyob hauv cov tshuab virtualization ntawm qib kernel uas tso cai rau lawv khiav tawm ntawm lub thawv mus rau tus tswv tsev. Yog li ntawd, yog tias koj xav tau cais ib yam dab tsi, nws yog qhov zoo dua los siv lub tshuab virtual.
Qhov sib txawv ntawm virtualization thiab containerization tuaj yeem pom hauv daim duab.
Muaj cov kho vajtse hypervisors, hypervisors saum toj ntawm OS, thiab ntim khoom.
Hardware hypervisors yog qhov txias yog tias koj xav cais qee yam. Vim tias nws muaj peev xwm cais tawm ntawm qib ntawm nplooj ntawv nco thiab processors.
Muaj hypervisors ua ib qho kev pab cuam, thiab muaj cov thawv ntim khoom, thiab peb yuav tham txog lawv ntxiv. Containerization systems tsis muaj hypervisor, tab sis muaj Container Engine uas tsim thiab tswj cov ntim khoom. Qhov no yog qhov hnyav dua, yog li vim kev ua haujlwm nrog cov tub ntxhais muaj tsawg dua nyiaj siv ua haujlwm lossis tsis muaj dab tsi.
Dab tsi yog siv rau containerization ntawm cov ntsiav qib
Cov thev naus laus zis tseem ceeb uas tso cai rau koj los tsim lub thawv cais los ntawm lwm cov txheej txheem yog Namespaces thiab Tswj Pawg.
Namespaces: PID, Networking, Mount thiab neeg siv. Muaj ntau, tab sis kom nkag siab yooj yim peb yuav tsom mus rau cov no.
PID Namespace txwv cov txheej txheem. Thaum, piv txwv li, peb tsim PID Namespace thiab tso cov txheej txheem rau ntawd, nws dhau los ua nrog PID 1. Feem ntau hauv cov tshuab PID 1 yog systemd lossis init. Raws li, thaum peb tso cov txheej txheem hauv lub npe tshiab, nws kuj tau txais PID 1.
Networking Namespace tso cai rau koj txwv / cais lub network thiab tso koj tus kheej interfaces sab hauv. Mount yog ib qho kev txwv cov ntaub ntawv. Cov neeg siv-kev txwv rau cov neeg siv.
Tswj Pawg: Nco, CPU, IOPS, Network - txog 12 qhov chaw hauv tag nrho. Tsis tas li ntawd lawv tseem hu ua Cgroups ("C-groups").
Tswj Pawg tswj cov peev txheej rau lub thawv. Los ntawm Cov Pab Pawg Tswj Xyuas peb tuaj yeem hais tias lub thawv yuav tsum tsis txhob haus ntau tshaj li cov peev txheej.
Rau kev ntim khoom kom ua haujlwm tag nrho, siv thev naus laus zis ntxiv: Muaj peev xwm, Luam-rau-sau thiab lwm yam.
Kev muaj peev xwm yog thaum peb qhia cov txheej txheem nws ua tau thiab ua tsis tau. Nyob rau theem kernel, cov no tsuas yog bitmap nrog ntau yam tsis muaj. Piv txwv li, tus neeg siv lub hauv paus muaj tag nrho cov cai thiab ua tau txhua yam. Lub sijhawm neeg rau zaub mov tuaj yeem hloov lub sijhawm system: nws muaj peev xwm ntawm Lub Sijhawm Capsule, thiab qhov ntawd yog nws. Siv cov cai, koj tuaj yeem hloov kho cov kev txwv rau cov txheej txheem, thiab yog li tiv thaiv koj tus kheej.
Txoj Cai Copy-on-write tso cai rau peb ua haujlwm nrog Docker dluab thiab siv tau zoo dua.
Docker tam sim no muaj teeb meem kev sib raug zoo nrog Cgroups v2, yog li tsab xov xwm no tsom tshwj xeeb rau Cgroups v1.
Tab sis cia peb rov qab mus rau keeb kwm.
Thaum cov tshuab virtualization tau tshwm sim ntawm qib ntsiav, lawv pib siv zog. Lub overhead ntawm tus hypervisor ploj mus, tab sis qee qhov teeb meem tseem nyob:
- cov duab loj: lawv thawb ib qho kev khiav hauj lwm, cov tsev qiv ntawv, ib pawg ntawm cov software sib txawv rau hauv tib lub OpenVZ, thiab thaum kawg cov duab tseem hloov mus rau qhov loj heev;
- Tsis muaj tus qauv zoo rau kev ntim khoom thiab xa khoom, yog li qhov teeb meem ntawm kev vam meej tseem nyob. Muaj cov xwm txheej thaum ob daim code siv tib lub tsev qiv ntawv, tab sis nrog cov ntawv sib txawv. Tej zaum yuav muaj kev tsis sib haum xeeb ntawm lawv.
Yuav kom daws tau tag nrho cov teeb meem no, lub sijhawm tom ntej tau los.
Thawv era
Thaum Era of Containers tuaj txog, lub tswv yim ntawm kev ua haujlwm nrog lawv hloov:
- Ib txheej txheem - ib lub thawv.
- Peb xa tag nrho cov kev vam khom cov txheej txheem xav tau rau nws lub thawv. Qhov no yuav tsum tau txiav monoliths rau hauv microservices.
- Cov duab me dua, qhov zoo dua - muaj tsawg dua qhov tsis zoo, nws yob tawm sai dua, thiab lwm yam.
- Cov xwm txheej dhau los ua ephemeral.
Nco ntsoov qhov kuv hais txog tsiaj thiab nyuj? Yav tas los, piv txwv zoo li cov tsiaj hauv tsev, tab sis tam sim no lawv tau ua zoo li nyuj. Yav dhau los, muaj monolith - ib daim ntawv thov. Tam sim no nws yog 100 microservices, 100 ntim. Qee lub thawv yuav muaj 2-3 replicas. Nws dhau los ua qhov tseem ceeb tsawg rau peb los tswj txhua lub thawv. Dab tsi yog qhov tseem ceeb tshaj rau peb yog qhov muaj ntawm cov kev pabcuam nws tus kheej: cov txheej txheem ntim khoom no ua li cas. Qhov no hloov mus rau kev saib xyuas.
Hauv 2014-2015, Docker vam meej - thev naus laus zis uas peb yuav tham txog tam sim no.
Docker tau hloov pauv lub tswv yim thiab kev ntim cov ntawv thov. Siv Docker, peb tuaj yeem ntim daim ntawv thov, xa mus rau qhov chaw cia khoom, rub tawm los ntawm qhov ntawd, thiab xa mus rau nws.
Peb muab txhua yam peb xav tau rau hauv Docker thawv, yog li qhov teeb meem kev vam khom tau daws. Docker lav kev rov tsim dua tshiab. Kuv xav tias ntau tus neeg tau ntsib irreproducibility: txhua yam ua haujlwm rau koj, koj thawb nws mus rau ntau lawm, thiab nws tsis ua haujlwm. Nrog Docker qhov teeb meem no ploj mus. Yog tias koj lub thawv Docker pib thiab ua qhov nws yuav tsum tau ua, tom qab ntawd nrog cov qib siab ntawm qhov tshwm sim nws yuav pib hauv kev tsim khoom thiab ua tib yam nyob ntawd.
Digression ntawm overhead
Ib txwm muaj kev tsis sib haum xeeb txog cov nyiaj siv ua haujlwm. Qee tus neeg ntseeg tias Docker tsis nqa ib qho ntxiv, vim nws siv Linux ntsiav thiab tag nrho nws cov txheej txheem tsim nyog rau kev ntim khoom. Zoo li, "yog tias koj hais tias Docker yog nyiaj siv ua haujlwm, ces Linux ntsiav yog nyiaj siv ua haujlwm."
Ntawm qhov tod tes, yog tias koj nkag mus tob dua, muaj tseeb ntau yam hauv Docker uas, nrog kev ncab, tuaj yeem hais tias yog nyiaj siv ua haujlwm.
Thawj yog PID namespace. Thaum peb tso cov txheej txheem rau hauv lub npe chaw, nws tau muab PID 1. Tib lub sijhawm, cov txheej txheem no muaj lwm qhov PID, uas nyob ntawm lub host namespace, sab nraum lub thawv. Piv txwv li, peb pib Nginx hauv ib lub thawv, nws tau los ua PID 1 (tus txheej txheem tswv). Thiab ntawm tus tswv tsev nws muaj PID 12623. Thiab nws nyuaj rau hais tias ntau npaum li cas ntawm cov nyiaj siv ua haujlwm nws yog.
Qhov thib ob yog Cgroups. Cia peb coj Cgroups los ntawm kev nco, uas yog, lub peev xwm los txwv lub cim xeeb ntawm lub thawv. Thaum nws qhib, cov txee thiab lub cim xeeb tau qhib: cov ntsiav yuav tsum nkag siab tias muaj pes tsawg nplooj ntawv tau faib thiab pes tsawg tus tseem pub dawb rau lub thawv no. Qhov no tej zaum yog ib qho nyiaj siv ua haujlwm, tab sis kuv tsis tau pom cov kev tshawb fawb meej txog qhov nws cuam tshuam li cas rau kev ua haujlwm. Thiab kuv tus kheej tsis tau pom tias daim ntawv thov khiav hauv Docker dheev ntsib kev poob qis hauv kev ua haujlwm.
Thiab ib qho ntxiv txog kev ua haujlwm. Qee qhov kev txwv tsis pub dhau los ntawm tus tswv tsev mus rau lub thawv. Hauv particular, qee qhov kev sib txuas network. Yog li ntawd, yog tias koj xav khiav ib yam dab tsi ua tau zoo hauv Docker, piv txwv li, ib yam dab tsi uas yuav nquag siv lub network, ces tsawg kawg koj yuav tsum tau kho cov kev txwv no. Ib co nf_conntrack, piv txwv.
Hais txog Docker tswvyim
Docker muaj ntau yam khoom siv:
- Docker Daemon yog tib lub Thawv Cav; launches ntim.
- Docker CII yog Docker tswj kev siv hluav taws xob.
- Dockerfile - cov lus qhia yuav ua li cas los tsim ib daim duab.
- Duab - daim duab uas lub thawv tau dov tawm.
- Ntim.
- Docker sau npe yog ib qho chaw khaws duab.
Schematically nws zoo li ib yam dab tsi zoo li no:
Docker daemon khiav ntawm Docker_host thiab tso cov thawv. Muaj ib tug Client uas xa cov lus txib: tsim cov duab, rub tawm cov duab, tso lub thawv. Docker daemon mus rau lub npe thiab tua lawv. Tus neeg siv khoom Docker tuaj yeem nkag mus rau hauv ob qho tib si hauv zos (rau Unix socket) thiab ntawm TCP los ntawm tus tswv tsev nyob deb.
Cia peb mus dhau ntawm txhua yam.
Docker dab - qhov no yog tus neeg rau zaub mov, nws ua haujlwm ntawm lub tshuab ua haujlwm: rub tawm cov duab thiab xa cov thawv los ntawm lawv, tsim kev sib txuas ntawm cov thawv ntim, sau cov cav. Thaum peb hais tias "tsim ib daim duab," dab kuj ua li ntawd thiab.
Docker CLI - Docker tus neeg siv khoom, console kev siv hluav taws xob rau kev ua haujlwm nrog daemon. Kuv rov hais dua, nws tuaj yeem ua haujlwm tsis yog hauv zos xwb, tab sis kuj dhau lub network.
Basic commands:
docker ps - qhia cov thawv uas tam sim no khiav ntawm Docker host.
docker duab - qhia cov duab rub tawm hauv zos.
docker search <> - nrhiav ib daim duab hauv daim ntawv teev npe.
docker rub <> - rub tawm cov duab los ntawm kev sau npe mus rau lub tshuab.
docker tsim < > - sau cov duab.
docker khiav <> - tso lub thawv.
docker rm <> - tshem lub thawv.
docker cav <> - thawv cav
docker start/stop/restart <> - ua hauj lwm nrog lub thawv
Yog tias koj paub cov lus txib no thiab muaj kev ntseeg siab hauv kev siv lawv, xav txog koj tus kheej 70% txawj ntse hauv Docker ntawm cov neeg siv.
Dockerfile - cov lus qhia rau kev tsim duab. Yuav luag txhua qhov kev qhia qhia yog txheej tshiab. Cia peb saib ib qho piv txwv.
Qhov no yog qhov Dockerfile zoo li: cov lus txib ntawm sab laug, kev sib cav ntawm sab xis. Txhua qhov lus txib uas nyob ntawm no (thiab feem ntau sau rau hauv Dockerfile) tsim ib txheej tshiab hauv Duab.
Txawm saib sab laug, koj tuaj yeem nkag siab zoo li cas tshwm sim. Peb hais tias: "tsim ib daim nplaub tshev rau peb" - qhov no yog ib txheej. "Ua kom lub nplaub tshev ua haujlwm" yog lwm txheej, thiab lwm yam. Txheej ncuav mog qab zib ua rau lub neej yooj yim dua. Yog tias kuv tsim lwm Dockerfile thiab hloov ib yam dab tsi hauv kab kawg - Kuv khiav ib yam dab tsi uas tsis yog "python" "main.py", los yog nruab dependencies los ntawm lwm cov ntaub ntawv - ces cov khaubncaws sab nraud povtseg yuav rov qab siv dua li cache.
duab - qhov no yog lub thawv ntim khoom; ntim tau pib los ntawm daim duab. Yog tias peb saib Docker los ntawm qhov pom ntawm tus thawj tswj pob (xws li yog peb tau ua haujlwm nrog deb lossis rpm pob), ces daim duab yog qhov tseem ceeb ntawm pob rpm. Los ntawm yum nruab peb tuaj yeem nruab daim ntawv thov, rho tawm nws, nrhiav nws hauv qhov chaw cia khoom, thiab rub nws. Nws yog hais txog tib yam ntawm no: ntim tau tsim los ntawm daim duab, lawv tau khaws cia rau hauv Docker npe (zoo ib yam li yum, hauv qhov chaw cia khoom), thiab txhua daim duab muaj SHA-256 hash, lub npe thiab daim ntawv lo.
Duab yog tsim raws li cov lus qhia los ntawm Dockerfile. Txhua cov lus qhia los ntawm Dockerfile tsim ib txheej tshiab. Cov txheej yuav rov qab siv tau.
Docker sau npe yog Docker duab repository. Zoo ib yam li OS, Docker muaj cov qauv sau npe pej xeem - dockerhub. Tab sis koj tuaj yeem tsim koj tus kheej qhov chaw cia, koj tus kheej Docker npe.
Thawv - dab tsi yog launched los ntawm daim duab. Peb tsim cov duab raws li cov lus qhia los ntawm Dockerfile, tom qab ntawd peb tso tawm los ntawm daim duab no. Lub thawv no cais tawm ntawm lwm lub thawv thiab yuav tsum muaj txhua yam tsim nyog rau daim ntawv thov ua haujlwm. Hauv qhov no, ib lub thawv - ib txheej txheem. Nws tshwm sim tias koj yuav tsum ua ob txheej txheem, tab sis qhov no yog qhov tsis sib xws rau Docker lub tswv yim.
Qhov xav tau "ib lub thawv, ib txheej txheem" ββmuaj feem xyuam nrog PID Namespace. Thaum tus txheej txheem nrog PID 1 pib hauv Namespace, yog tias nws dheev tuag, ces tag nrho lub thawv tuag ib yam nkaus. Yog tias ob txoj kev khiav mus rau qhov ntawd: ib qho tseem muaj sia nyob thiab lwm qhov tuag, ces lub thawv yuav tseem nyob mus ntxiv. Tab sis qhov no yog ib lo lus nug ntawm Qhov Zoo Tshaj Plaws, peb yuav tham txog lawv hauv lwm cov ntaub ntawv.
Txhawm rau kawm cov yam ntxwv thiab tag nrho cov kev kawm ntawm chav kawm kom ntxaws ntxiv, thov ua raws li qhov txuas: "".
Tus sau: Marcel Ibraev, tus thawj tswj hwm Kubernetes tau lees paub, tus kws tshaj lij ntawm Southbridge, tus hais lus thiab tus tsim tawm ntawm Slurm cov chav kawm.
Tau qhov twg los: www.hab.com