Peb tau ua raws li lub ntsiab lus ntawm kev siv systemd hauv cov thawv rau lub sijhawm ntev. Rov qab rau xyoo 2014, peb tus kws tshaj lij kev ruaj ntseg Daniel Walsh tau sau ib tsab xov xwm , thiab ob peb xyoos tom qab - lwm, uas tau hu ua , nyob rau hauv uas nws tau hais tias qhov xwm txheej tsis tau txhim kho ntau. Tshwj xeeb, nws tau sau tias "hmoov, txawm tias ob xyoos tom qab, yog tias koj google "Docker system", thawj qhov uas tshwm sim yog nws cov ntawv qub qub. Yog li nws yog lub sijhawm los hloov qee yam. " Ntxiv rau, peb twb tau tham txog .
Hauv tsab xov xwm no peb yuav qhia txog dab tsi tau hloov pauv raws sijhawm thiab yuav ua li cas Podman tuaj yeem pab peb hauv qhov teeb meem no.
Muaj ntau yam laj thawj los khiav systemd hauv lub thawv, xws li:
- Multiservice ntim - Ntau tus neeg xav rub lawv daim ntawv thov kev pabcuam ntau yam tawm ntawm lub tshuab virtual thiab khiav lawv hauv ntim. Nws yuav zoo dua, tau kawg, txhawm rau ua cov ntawv thov no rau hauv microservices, tab sis tsis yog txhua tus paub yuav ua li cas los yog tsis muaj sijhawm. Yog li ntawd, khiav cov ntawv thov xws li cov kev pabcuam tsim los ntawm systemd los ntawm chav tsev cov ntaub ntawv ua rau muaj kev nkag siab zoo.
- Systemd Unit Files - Feem ntau cov ntawv thov khiav hauv cov thawv yog tsim los ntawm cov lej uas yav dhau los tau khiav ntawm lub tshuab virtual lossis lub cev. Cov ntawv thov no muaj cov ntaub ntawv sau npe rau cov ntawv thov no thiab nkag siab tias lawv yuav tsum tau pib li cas. Yog li nws tseem zoo dua los pib cov kev pabcuam siv cov kev txhawb nqa, es tsis yog nyiag koj tus kheej qhov kev pabcuam.
- Systemd yog tus thawj tswj txheej txheem. Nws tswj cov kev pabcuam (kaw, rov pib cov kev pabcuam, lossis tua cov txheej txheem zombie) zoo dua li lwm yam cuab yeej.
Uas tau hais tias, muaj ntau yam laj thawj tsis khiav systemd hauv ntim. Lub ntsiab yog qhov systemd / journald tswj cov zis ntawm cov thawv, thiab cov cuab yeej zoo li los yog cia siab tias cov thawv sau cov cav ncaj qha rau stdout thiab stderr. Yog li ntawd, yog tias koj yuav tswj cov thawv los ntawm cov cuab yeej orchestration zoo li cov uas tau hais los saum toj no, koj yuav tsum xav txog kev siv cov ntim khoom raws li systemd. Tsis tas li ntawd, Docker thiab Moby cov neeg tsim khoom feem ntau tau tawm tsam kev siv systemd hauv ntim.
Kev Los Ntawm Podman
Peb zoo siab tshaj tawm tias qhov xwm txheej tau hloov mus tom ntej thaum kawg. Pab neeg ua haujlwm rau kev khiav ntim ntawm Red Hat txiav txim siab los tsim . Nws tau lub npe thiab muaj tib txoj kab hais kom ua interface (CLI) li Docker. Thiab yuav luag tag nrho Docker cov lus txib tuaj yeem siv hauv Podman tib txoj kev. Peb feem ntau ua seminars, uas tam sim no hu ua , thiab thawj tus swb hu rau kev sau ntawv: alias docker = podman.
Coob leej ua li no.
Kuv Podman thiab kuv nyob rau hauv tsis muaj txoj kev tawm tsam systemd-raws li ntim. Tom qab tag nrho, Systemd yog qhov feem ntau siv Linux init subsystem, thiab tsis tso cai rau nws ua haujlwm kom zoo hauv cov thawv ntawv txhais tau tias tsis quav ntsej txog ntau txhiab tus neeg siv cov thawv ntim.
Podman paub yuav ua li cas thiaj li ua kom systemd ua haujlwm zoo hauv lub thawv. Nws xav tau tej yam xws li mounting tmpfs ntawm /khiav thiab /tmp. Nws nyiam kom muaj qhov "containerized" ib puag ncig tau qhib thiab cia siab tias yuav sau ntawv tso cai rau nws ib feem ntawm cgroup directory thiab mus rau /var/log/journald folder.
Thaum koj pib lub thawv uas thawj cov lus txib yog init lossis systemd, Podman cia li teeb tsa tmpfs thiab Cgroups kom ntseeg tau tias systemd pib tsis muaj teeb meem. Txhawm rau thaiv qhov pib pib hom no, siv qhov kev xaiv --systemd=false. Thov nco ntsoov tias Podman tsuas yog siv hom systemd thaum nws pom tias nws yuav tsum tau khiav ib qho systemd lossis init hais kom ua.
Ntawm no yog ib qho excerpt los ntawm phau ntawv:
txiv neej podman khiav
...-systemd=true|false
Khiav lub thawv hauv systemd hom. Enabled los ntawm lub neej ntawd.
Yog tias koj khiav ib qho systemd lossis init cov lus txib hauv lub thawv, Podman yuav teeb tsa tmpfs mount cov ntsiab lus hauv cov npe hauv qab no:
/run, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal
Tsis tas li ntawd lub teeb liab nres yuav yog SIGRTMIN + 3.
Tag nrho cov no tso cai rau systemd khiav hauv lub thawv kaw yam tsis muaj kev hloov kho.
CEEB TOOM: systemd sim sau rau cgroup filesystem. Txawm li cas los xij, SELinux tiv thaiv cov thawv los ntawm kev ua qhov no los ntawm lub neej ntawd. Txhawm rau txhawm rau sau ntawv, qhib lub container_manage_cgroup boolean parameter:
setsebool -P container_manage_cgroup tseeb
Tam sim no saib seb Dockerfile zoo li cas rau kev khiav systemd hauv lub thawv siv Podman:
# cat Dockerfile
FROM fedora
RUN dnf -y install httpd; dnf clean all; systemctl enable httpd
EXPOSE 80
CMD [ "/sbin/init" ]
Yog txhua yam.
Tam sim no peb sib sau ua ke lub thawv:
# podman build -t systemd .
Peb qhia SELinux tso cai rau systemd hloov kho Cgroups configuration:
# setsebool -P container_manage_cgroup true
Los ntawm txoj kev, ntau tus neeg tsis nco qab txog cov kauj ruam no. Hmoov zoo, qhov no tsuas yog yuav tsum tau ua ib zaug thiab qhov chaw tau txais kev cawmdim tom qab rebooting lub system.
Tam sim no peb nyuam qhuav pib lub thawv:
# podman run -ti -p 80:80 systemd
systemd 239 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
Detected virtualization container-other.
Detected architecture x86-64.
Welcome to Fedora 29 (Container Image)!
Set hostname to <1b51b684bc99>.
Failed to install release agent, ignoring: Read-only file system
File /usr/lib/systemd/system/systemd-journald.service:26 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)
[ OK ] Listening on initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Reached target Slices.
β¦
[ OK ] Started The Apache HTTP Server.
Ntawd yog nws, qhov kev pabcuam tau nce thiab ua haujlwm:
$ curl localhost
<html xml_lang="en" lang="en">
β¦
</html>
CEEB TOOM: Tsis txhob sim qhov no ntawm Docker! Tseem muaj koj tseem yuav tau seev cev nrog lub tambourine kom tso cov thawv ntim no los ntawm daemon. (Ntxiv cov teb thiab cov pob khoom yuav tsum tau ua kom tag nrho qhov no ua haujlwm seamlessly hauv Docker, lossis nws yuav tsum tau khiav hauv lub thawv uas muaj cai. Yog xav paub ntxiv, saib .)
Ob peb yam txias ntxiv txog Podman thiab systemd
Podman ua haujlwm zoo dua li Docker hauv systemd cov ntaub ntawv
Yog tias cov thawv yuav tsum tau pib thaum lub kaw lus khau raj, koj tuaj yeem yooj yim ntxig Podman cov lus txib kom tsim nyog rau hauv cov ntaub ntawv systemd unit, uas yuav pib qhov kev pabcuam thiab saib xyuas nws. Podman siv tus qauv fork-exec qauv. Hauv lwm lo lus, cov txheej txheem ntim khoom yog cov menyuam yaus ntawm cov txheej txheem Podman, yog li systemd tuaj yeem saib xyuas lawv yooj yim.
Docker siv tus neeg siv-neeg rau zaub mov qauv, thiab Docker CLI cov lus txib tuaj yeem muab tso ncaj qha rau hauv cov ntaub ntawv chav tsev. Txawm li cas los xij, thaum Docker tus neeg siv txuas mus rau Docker daemon, nws (tus neeg siv khoom) tsuas yog lwm cov txheej txheem ua stdin thiab stdout. Nyob rau hauv lem, systemd tsis muaj lub tswv yim txog kev sib txuas ntawm Docker tus neeg siv khoom thiab lub thawv uas khiav hauv kev tswj hwm ntawm Docker daemon, thiab yog li ntawd, nyob rau hauv cov qauv no, systemd hauv paus tsis tuaj yeem saib xyuas cov kev pabcuam.
Activating systemd ntawm lub qhov (socket).
Podman tswj kev ua kom zoo ntawm lub qhov (socket) kom raug. Vim tias Podman siv lub fork-exec qauv, nws tuaj yeem xa lub qhov (socket) rau nws cov txheej txheem ntim me nyuam. Docker tsis tuaj yeem ua qhov no vim nws siv tus qauv siv tus neeg siv khoom.
Qhov kev pabcuam varlink uas Podman siv los sib txuas lus nrog cov neeg siv khoom nyob deb nroog rau cov thawv ntim tau qhib los ntawm lub qhov (socket). Lub pob cockpit-podman, sau rau hauv Node.js thiab ib feem ntawm qhov project cockpit, tso cai rau tib neeg los cuam tshuam nrog Podman ntim los ntawm lub vev xaib interface. Lub vev xaib daemon khiav cockpit-podman xa lus mus rau varlink qhov (socket) uas systemd mloog. Systemd ces qhib qhov kev pab cuam Podman kom tau txais cov lus thiab pib tswj cov thawv. Activating systemd hla lub qhov (socket) tshem tawm qhov xav tau rau ib txwm khiav daemon thaum siv tej thaj chaw deb APIs.
Tsis tas li ntawd, peb tab tom tsim lwm tus neeg siv khoom Podman hu ua podman-remote, uas siv tib lub Podman CLI tab sis hu varlink kom khiav ntim. Podman-remote tuaj yeem ua haujlwm rau sab saum toj ntawm SSH ntu, tso cai rau koj kom muaj kev cuam tshuam nrog cov ntim ntawm ntau lub tshuab. Sij hawm dhau mus, peb npaj yuav pab kom podman-chaw taws teeb los txhawb MacOS thiab Windows nrog rau Linux, kom cov neeg tsim khoom ntawm cov platforms tuaj yeem khiav Linux virtual tshuab nrog Podman varlink khiav thiab muaj tag nrho cov kev paub uas ntim tau khiav ntawm lub tshuab hauv zos.
SD_NOTIFY
Systemd tso cai rau koj ncua sijhawm tso tawm cov kev pabcuam pabcuam kom txog thaum cov kev pabcuam ntim khoom uas lawv xav tau pib. Podman tuaj yeem xa mus rau SD_NOTIFY lub qhov (socket) mus rau qhov kev pabcuam ntim khoom kom cov kev pabcuam ceeb toom rau qhov systemd tias nws tau npaj ua haujlwm. Thiab dua, Docker, uas siv tus qauv siv tus neeg siv khoom, tsis tuaj yeem ua qhov no.
Hauv cov phiaj xwm
Peb npaj yuav ntxiv cov lus txib podman tsim systemd CONTAINERID, uas yuav tsim cov ntaub ntawv systemd los tswj cov thawv tshwj xeeb. Qhov no yuav tsum ua hauj lwm nyob rau hauv ob qho tib si hauv paus thiab rootless hom rau unprivileged ntim. Peb twb tau pom ib qho kev thov rau OCI-tshaj systemd-nspawn runtime.
xaus
Kev khiav systemd hauv lub thawv yog qhov xav tau nkag siab. Thiab ua tsaug rau Podman, peb thaum kawg muaj lub thawv ntim uas tsis cuam tshuam nrog systemd, tab sis ua rau nws yooj yim siv.
Tau qhov twg los: www.hab.com