ProHoster > Ua tib zoo xav ua ntej siv Docker-in-Docker rau CI lossis ib puag ncig kev sim

Ua tib zoo xav ua ntej siv Docker-in-Docker rau CI lossis ib puag ncig kev sim

Ua tib zoo xav ua ntej siv Docker-in-Docker rau CI lossis ib puag ncig kev sim

Docker-in-Docker yog virtualized Docker daemon ib puag ncig khiav hauv lub thawv nws tus kheej los tsim cov duab ntim. Lub hom phiaj tseem ceeb ntawm kev tsim Docker-in-Docker yog los pab tsim Docker nws tus kheej. Ntau tus neeg siv nws los khiav Jenkins CI. Qhov no zoo li qub thaum xub thawj, tab sis tom qab ntawd teeb meem tshwm sim uas tuaj yeem zam tau los ntawm kev txhim kho Docker hauv Jenkins CI thawv. Kab lus no qhia koj yuav ua li cas. Yog tias koj txaus siab rau qhov kev daws teeb meem kawg uas tsis muaj cov ntsiab lus, tsuas yog nyeem tshooj kawg ntawm tsab xov xwm, "Kev daws qhov teeb meem."

Ua tib zoo xav ua ntej siv Docker-in-Docker rau CI lossis ib puag ncig kev sim

Docker-in-Docker: "Zoo"

Ntau tshaj ob xyoos dhau los kuv muab tso rau hauv Docker chij -privileged thiab sau thawj version ntawm dind. Lub hom phiaj yog los pab pab pawg tseem ceeb txhim kho Docker sai dua. Ua ntej Docker-in-Docker, lub voj voog kev loj hlob zoo li no:

  • hack kev ua si;
  • tsim;
  • nres qhov khiav Docker daemon;
  • tso tawm Docker daemon tshiab;
  • kuaj;
  • rov ua lub voj voog.

Yog tias koj xav ua kom zoo nkauj, rov ua dua los ua ke (uas yog, hauv ib lub thawv), ces nws tau dhau los ua qhov sib txawv:

  • hack kev ua si;
  • xyuas kom meej tias qhov ua haujlwm ntawm Docker tab tom khiav;
  • tsim Docker tshiab nrog Docker qub;
  • nres Docker daemon;
  • pib Docker daemon tshiab;
  • xeem;
  • nres Docker daemon tshiab;
  • rov ua dua.

Nrog rau qhov tshwm sim ntawm Docker-in-Docker, cov txheej txheem tau dhau los ua yooj yim:

  • hack kev ua si;
  • sib dhos + tso tawm hauv ib theem;
  • rov ua lub voj voog.

Nws tsis zoo npaum li no?

Ua tib zoo xav ua ntej siv Docker-in-Docker rau CI lossis ib puag ncig kev sim

Docker-in-Docker: "Tsis zoo"

Txawm li cas los xij, tsis zoo li kev ntseeg nrov, Docker-in-Docker tsis yog 100% hnub qub, ponies thiab unicorns. Qhov kuv txhais tau yog tias muaj ntau yam teeb meem uas tus tsim tawm yuav tsum paub txog.

Ib qho ntawm lawv txhawj xeeb txog LSMs (Linux kev ruaj ntseg modules) xws li AppArmor thiab SELinux: thaum khiav lub thawv, "internal Docker" yuav sim siv cov ntaub ntawv kev ruaj ntseg uas yuav tsis sib haum xeeb lossis tsis meej pem "sab nraud Docker". Qhov no yog qhov teeb meem nyuaj tshaj plaws los daws tau thaum sim sib koom ua ke thawj qhov kev siv ntawm -privileged chij. Kuv cov kev hloov pauv tau ua haujlwm thiab txhua qhov kev sim yuav dhau ntawm kuv lub tshuab Debian thiab Ubuntu xeem VMs, tab sis lawv yuav tsoo thiab hlawv ntawm Michael Crosby lub tshuab (nws muaj Fedora raws li kuv nco qab). Kuv tsis nco qab qhov tseeb ntawm qhov teeb meem, tab sis nws yuav yog vim Mike yog ib tug txiv neej txawj ntse uas ua hauj lwm nrog SELINUX = enforce (Kuv siv AppArmor) thiab kuv cov kev hloov pauv tsis coj SELinux profiles rau hauv tus account.

Docker-in-Docker: "Kev phem"

Qhov teeb meem thib ob yog nrog Docker cia tsav tsheb. Thaum koj khiav Docker-in-Docker, sab nraud Docker khiav nyob rau sab saum toj ntawm cov ntaub ntawv tsis tu ncua (EXT4, BTRFS, lossis txhua yam koj muaj) thiab Docker sab hauv sau rau saum cov ntawv theej-on-sau (AUFS, BTRFS, Device Mapper , thiab lwm yam). Qhov no tsim ntau qhov sib xyaw ua ke uas yuav tsis ua haujlwm. Piv txwv li, koj yuav tsis tuaj yeem khiav AUFS rau saum AUFS.

Yog tias koj khiav BTRFS nyob rau sab saum toj ntawm BTRFS, nws yuav tsum ua haujlwm thaum xub thawj, tab sis ib zaug muaj cov nested subvolumes, rho tawm niam txiv subvolume yuav ua tsis tiav. Lub Device Mapper module tsis muaj lub npe chaw, yog li yog tias ntau qhov Docker piv txwv tab tom khiav nws ntawm tib lub tshuab, lawv txhua tus yuav tuaj yeem pom (thiab cuam tshuam) cov duab ntawm ib leeg thiab ntawm lub thawv thaub qab. Qhov no phem.

Muaj ntau txoj hauv kev los daws ntau yam teeb meem no. Piv txwv li, yog tias koj xav siv AUFS hauv Docker sab hauv, tsuas yog tig lub /var/lib/docker folder rau hauv ntim thiab koj yuav zoo. Docker tau ntxiv qee qhov chaw hauv lub hauv paus rau Device Mapper lub hom phiaj lub npe kom yog tias ntau Docker hu tau khiav ntawm tib lub tshuab, lawv yuav tsis nqis ib leeg.

Txawm li cas los xij, xws li kev teeb tsa tsis yog txhua qhov yooj yim, raws li pom tau los ntawm cov no cov ntawv nyob rau hauv lub repository ntawm GitHub.

Docker-in-Docker: Nws zuj zus

Yuav ua li cas yog lub build cache? Qhov no kuj yuav nyuaj heev. Cov neeg feem ntau nug kuv tias "yog tias kuv tab tom khiav Docker-in-Docker, kuv tuaj yeem siv cov duab tuav ntawm kuv tus tswv tsev es tsis rub txhua yam rov qab rau hauv kuv Docker sab hauv"?

Qee cov neeg lag luam tau sim khi /var/lib/docker los ntawm tus tswv tsev mus rau Docker-in-Docker thawv. Qee zaum lawv sib koom /var/lib/docker nrog ntau lub thawv.

Ua tib zoo xav ua ntej siv Docker-in-Docker rau CI lossis ib puag ncig kev sim
Koj puas xav corrupt koj cov ntaub ntawv? Vim tias qhov no yog qhov yuav ua rau koj cov ntaub ntawv puas tsuaj!

Docker daemon tau tsim kom meej meej kom muaj kev nkag mus rau /var/lib/docker. Tsis muaj dab tsi ntxiv yuav tsum "kov, poke, lossis prod" cov ntaub ntawv Docker nyob hauv daim nplaub tshev no.

Vim li cas qhov no? Vim tias qhov no yog qhov tshwm sim ntawm ib qho ntawm cov kev kawm nyuaj tshaj plaws thaum tsim dotCloud. Lub dotCloud thawv cav khiav los ntawm muaj ntau yam txheej txheem nkag /var/lib/dotcloud ib txhij. Cunning tricks xws li hloov cov ntaub ntawv atomic (tshwj tsis yog hauv qhov chaw kho), peppering code nrog kev tawm tswv yim thiab yuav tsum tau xauv, thiab lwm yam kev sim nrog kev ruaj ntseg xws li SQLite thiab BDB tsis tas yuav ua haujlwm. Thaum peb tab tom hloov kho peb lub cav ntim khoom, uas thaum kawg tau los ua Docker, ib qho kev txiav txim siab tsim loj yog los sib sau ua ke tag nrho cov thawv ntim khoom ua haujlwm nyob rau hauv ib tus daemon kom tshem tawm tag nrho cov concurrency nonsense.

Tsis txhob ua rau kuv yuam kev: nws yog ib qho ua tau kom ua tau ib yam dab tsi zoo, txhim khu kev qha thiab nrawm uas muaj ntau yam txheej txheem thiab niaj hnub tswj kev sib luag. Tab sis peb xav tias nws yooj yim dua thiab yooj yim dua los sau thiab tswj cov cai siv Docker ua tib tus neeg ua si.

Qhov no txhais tau hais tias yog tias koj qhia /var/lib/docker directory ntawm ntau Docker piv txwv, koj yuav muaj teeb meem. Tau kawg, qhov no tuaj yeem ua haujlwm, tshwj xeeb tshaj yog nyob rau theem pib ntawm kev sim. "Mloog, Ma, Kuv tuaj yeem khiav ubuntu ua tus docker!" Tab sis sim ua ib yam dab tsi ntau dua, zoo li rub tib daim duab los ntawm ob qhov sib txawv, thiab koj yuav pom lub ntiaj teb hlawv.

Qhov no txhais tau hais tias yog tias koj qhov CI system ua haujlwm tsim thiab rov tsim kho dua, txhua zaus koj rov pib koj lub thawv Docker-in-Docker, koj pheej hmoo poob rau hauv nws lub cache. Qhov no tsis txias kiag li!

Tshawb Fawb

Cia peb rov qab los. Koj puas xav tau Docker-in-Docker tiag tiag lossis koj puas tsuas yog xav kom muaj peev xwm khiav Docker thiab tsim thiab khiav ntim thiab cov duab los ntawm koj qhov system CI thaum lub kaw lus CI nws tus kheej nyob hauv lub thawv?

Kuv twv feem ntau cov neeg xav tau qhov kev xaiv tom kawg, txhais tau tias lawv xav tau CI system zoo li Jenkins tuaj yeem khiav ntim. Thiab qhov yooj yim tshaj plaws los ua qhov no yog kom yooj yim ntxig Docker socket rau hauv koj lub thawv CI thiab koom nrog tus chij -v.

Cias muab, thaum koj khiav koj lub thawv CI (Jenkins lossis lwm yam), tsis txhob nyiag qee yam nrog rau Docker-in-Docker, pib nws nrog kab:

docker run -v /var/run/docker.sock:/var/run/docker.sock ...

Lub thawv no tam sim no yuav nkag mus rau Docker socket thiab yog li tuaj yeem khiav cov thawv. Tsuas yog tias es tsis txhob khiav "me nyuam" ntim, nws yuav tso "sibling" ntim.

Sim qhov no siv cov duab docker official (uas muaj Docker binary):

docker run -v /var/run/docker.sock:/var/run/docker.sock 
           -ti docker

Nws zoo nkaus li thiab ua haujlwm zoo li Docker-in-Docker, tab sis nws tsis yog Docker-in-Docker: thaum lub thawv no tsim cov thawv ntxiv, lawv yuav raug tsim nyob rau sab saum toj-theem Docker. Koj yuav tsis hnov ​​​​qhov kev mob tshwm sim ntawm kev ua zes thiab kev sib dhos cache yuav raug muab faib rau ntau qhov kev hu.

Nco tseg: Cov ntawv dhau los ntawm tsab xov xwm no tau qhia txuas Docker binary los ntawm tus tswv tsev mus rau lub thawv. Qhov no tam sim no tau dhau los ua qhov tsis ntseeg siab vim tias Docker lub cav tsis npog cov tsev qiv ntawv zoo li qub lossis ze li qub.

Yog li, yog tias koj xav siv Docker los ntawm Jenkins CI, koj muaj 2 txoj kev xaiv:
txhim kho Docker CLI siv cov txheej txheem ntim cov duab yooj yim (piv txwv li yog tias koj cov duab raws li Debian, siv .deb pob), siv Docker API.

Ib co ads πŸ™‚

Ua tsaug uas koj tau nyob nrog peb. Koj puas nyiam peb cov ntawv? Xav pom cov ntsiab lus nthuav ntxiv? Txhawb nqa peb los ntawm kev tso ib qho kev txiav txim lossis qhia rau cov phooj ywg, huab VPS rau cov tsim tawm los ntawm $ 4.99, ib qho tshwj xeeb analogue ntawm nkag-theem servers, uas tau tsim los ntawm peb rau koj: Qhov tseeb tag nrho txog VPS (KVM) E5-2697 v3 (6 Cores) 10GB DDR4 480GB SSD 1Gbps los ntawm $ 19 los yog yuav ua li cas faib cov server? (muaj nrog RAID1 thiab RAID10, mus txog 24 cores thiab mus txog 40GB DDR4).

Dell R730xd 2x pheej yig dua hauv Equinix Tier IV data center hauv Amsterdam? Tsuas yog nyob ntawm no 2 x Intel TetraDeca-Core Xeon 2x E5-2697v3 2.6GHz 14C 64GB DDR4 4x960GB SSD 1Gbps 100 TV los ntawm $ 199 hauv Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - los ntawm $ 99! Nyeem txog Yuav ua li cas tsim infrastructure Corp. chav kawm nrog kev siv Dell R730xd E5-2650 v4 servers muaj nqis 9000 euros rau ib lub nyiaj?

Tau qhov twg los: www.hab.com

Ntxiv ib saib