Ganizirani mosamala musanagwiritse ntchito Docker-in-Docker ya CI kapena malo oyeserera

Docker-in-Docker ndi malo owoneka bwino a Docker daemon omwe akuyenda mkati mwa chidebe chomwe kuti apange zithunzi zachidebe. Cholinga chachikulu chopanga Docker-in-Docker chinali kuthandiza kupanga Docker yokha. Anthu ambiri amagwiritsa ntchito kuyendetsa Jenkins CI. Izi zikuwoneka ngati zachilendo poyamba, koma pakabuka mavuto omwe amatha kupewedwa ndikuyika Docker mu chidebe cha Jenkins CI. Nkhaniyi ikufotokoza mmene mungachitire zimenezi. Ngati mukufuna yankho lomaliza popanda tsatanetsatane, ingowerengani gawo lomaliza la nkhaniyi, "Kuthetsa vutoli."

Docker-in-Docker: "Zabwino"

Zoposa zaka ziwiri zapitazo ndidayika ku Docker mbendera -mwayi ndi kulemba mtundu woyamba wa dind. Cholinga chake chinali kuthandiza gulu lalikulu kupanga Docker mwachangu. Pamaso pa Docker-in-Docker, kuzungulira kwachitukuko kumawoneka motere:

• kuthyolako kuthyolako;
• kumanga;
• kuyimitsa daemon ya Docker;
• запуск нового Docker-демон;
• kuyesa;
• bwerezani kuzungulira.

Ngati mukufuna kupanga msonkhano wokongola, wobwereketsa (ndiko kuti, mumtsuko), ndiye umakhala wovuta kwambiri:

• kuthyolako kuthyolako;
• onetsetsani kuti mtundu wa Docker ukuyenda;
• pangani Docker yatsopano ndi Docker yakale;
• kuyimitsa daemon ya Docker;
• yambitsani daemon yatsopano ya Docker;
• kuyesa;
• kuyimitsa daemon yatsopano ya Docker;
• kubwereza.

Ndikubwera kwa Docker-in-Docker, njirayi yakhala yosavuta:

• kuthyolako kuthyolako;
• msonkhano + yambitsani gawo limodzi;
• bwerezani kuzungulira.

Sizili bwino kwambiri motere?

Docker-in-Docker: "Zoyipa"

Komabe, mosiyana ndi zomwe anthu ambiri amakhulupirira, Docker-in-Docker si 100% nyenyezi, mahatchi ndi unicorns. Zomwe ndikutanthauza ndikuti pali zinthu zingapo zomwe wopanga ayenera kudziwa.

Chimodzi mwazokhudza ma LSM (ma module achitetezo a Linux) monga AppArmor ndi SELinux: poyendetsa chidebe, "Docker wamkati" atha kuyesa kugwiritsa ntchito mbiri yachitetezo yomwe ingasokoneze kapena kusokoneza "Docker yakunja". Ili ndiye vuto lovuta kwambiri kuthana nalo poyesa kuphatikiza kukhazikitsa koyambirira kwa -privileged flag. Kusintha kwanga kunagwira ntchito ndipo mayesero onse amadutsa pa makina anga a Debian ndi Ubuntu test VMs, koma amawotchera ndikuwotcha pa makina a Michael Crosby (anali ndi Fedora monga ndikukumbukira). Sindikukumbukira chomwe chimayambitsa vutoli, koma mwina chifukwa Mike ndi munthu wanzeru yemwe amagwira ntchito ndi SELINUX = kulimbikitsa (Ndinagwiritsa ntchito AppArmor) ndipo kusintha kwanga sikunatengere mbiri ya SELinux.

Docker-in-Docker: "Zoyipa"

Nkhani yachiwiri ili ndi madalaivala osungira a Docker. Mukathamanga Docker-in-Docker, Docker yakunja imathamanga pamwamba pa fayilo yokhazikika (EXT4, BTRFS, kapena chirichonse chomwe muli nacho) ndipo Docker yamkati imayendetsa pamwamba pa makina olembera (AUFS, BTRFS, Device Mapper). , etc.). , kutengera zomwe zakonzedwa kuti zigwiritse ntchito Docker yakunja). Izi zimapanga zosakaniza zambiri zomwe sizingagwire ntchito. Mwachitsanzo, simungathe kuyendetsa AUFS pamwamba pa AUFS.

Ngati muthamanga BTRFS pamwamba pa BTRFS, iyenera kugwira ntchito poyamba, koma pakakhala ma subvolumes, kuchotsa gawo la kholo lidzalephera. Magawo a Device Mapper alibe malo, kotero ngati ma Docker angapo akuyendetsa pamakina omwewo, onse azitha kuwona (ndi kukopa) zithunzi wina ndi mnzake komanso pazida zosunga zosungira. Izi ndi zoipa.

Есть обходные пути для решения многих из этих проблем. Например, если вы хотите использовать AUFS во внутреннем Docker, просто превратите папку /var/lib/docker в том, и все будет в порядке. Docker добавил некоторые базовые пространства имен к целевым именам Device Mapper, так что если несколько вызовов Docker будут выполняться на одной машине, они не станут «наступать» друг на друга.

Komabe, kukhazikitsa koteroko sikophweka konse, monga momwe tingawonere kuchokera ku izi zolemba m'malo osungiramo dind pa GitHub.

Docker-in-Docker: Zikukulirakulira

Nanga bwanji cache yomanga? Izi zingakhalenso zovuta. Anthu nthawi zambiri amandifunsa kuti "ngati ndikuyendetsa Docker-in-Docker, ndingagwiritse ntchito bwanji zithunzi zomwe ndimakhala nazo m'malo mokokera zonse ku Docker yanga yamkati"?

Anthu ena ochita chidwi ayesa kumanga /var/lib/docker kuchokera kwa wolandirayo kupita ku chidebe cha Docker-in-Docker. Nthawi zina amagawana /var/lib/docker ndi zotengera zingapo.

Kodi mukufuna kuipitsa deta yanu? Chifukwa izi ndi zomwe zingawononge deta yanu!

Daemon ya Docker idapangidwa bwino kuti ikhale ndi mwayi wopezeka /var/lib/docker. Palibe china chomwe chiyenera "kukhudza, kugwedeza, kapena kutulutsa" mafayilo aliwonse a Docker omwe ali mufodayi.

N’chifukwa chiyani zili choncho? Chifukwa izi ndi zotsatira za imodzi mwamaphunziro ovuta kwambiri omwe aphunziridwa mukupanga dotCloud. Injini ya chidebe cha dotCloud idathamanga pokhala ndi njira zingapo zofikira /var/lib/dotcloud nthawi imodzi. Machenjerero achinyengo monga kusintha mafayilo a atomiki (m'malo mosintha m'malo), peppering code yokhala ndi upangiri ndi maloko ovomerezeka, ndi zoyeserera zina zotetezedwa monga SQLite ndi BDB sizinagwire ntchito nthawi zonse. Pamene timapanganso injini yathu yotengera chidebe, yomwe pamapeto pake idakhala Docker, chimodzi mwazosankha zazikulu chinali kuphatikiza magwiridwe antchito onse pansi pa daemon imodzi kuti athetse zamkhutu zonse.

Osandilakwitsa: ndizotheka kupanga chinthu chabwino, chodalirika komanso chachangu chomwe chimaphatikizapo njira zingapo komanso kuwongolera kwamakono kofananira. Koma tikuganiza kuti ndizosavuta komanso zosavuta kulemba ndikusunga ma code pogwiritsa ntchito Docker ngati wosewera yekhayo.

Izi zikutanthauza kuti ngati mugawana /var/lib/docker chikwatu pakati pa ma Docker angapo, mudzakhala ndi mavuto. Inde, izi zikhoza kugwira ntchito, makamaka kumayambiriro kwa mayesero. "Mverani, Mayi, nditha kuyendetsa ubuntu ngati doko!" Koma yesani china chovuta kwambiri, monga kukoka chithunzi chomwecho kuchokera ku zochitika ziwiri zosiyana, ndipo mudzawona dziko likuyaka.

Izi zikutanthauza kuti ngati dongosolo lanu la CI likuchita zomanga ndikumanganso, nthawi iliyonse mukayambitsanso chidebe chanu cha Docker-in-Docker, mumakhala pachiwopsezo choponya nuke mu cache yake. Izi sizabwino konse!

Kuthetsa mavuto

Tiyeni tibwerere mmbuyo. Kodi mukufunikiradi Docker-in-Docker kapena mukungofuna kuyendetsa Docker ndikupanga ndikuyendetsa zotengera ndi zithunzi kuchokera ku CI system yanu pomwe dongosolo la CI liri mu chidebe?

Ndikubetcha kuti anthu ambiri akufuna njira yotsirizayi, kutanthauza kuti akufuna kachitidwe ka CI ngati Jenkins kuti azitha kuyendetsa zotengera. Ndipo njira yosavuta yochitira izi ndikungoyika socket ya Docker mu chidebe chanu cha CI ndikuchiphatikiza ndi -v mbendera.

Mwachidule, mukayendetsa chidebe chanu cha CI (Jenkins kapena china), m'malo mobera china chake ndi Docker-in-Docker, yambani ndi mzere:

docker run -v /var/run/docker.sock:/var/run/docker.sock ...

Chidebechi tsopano chikhala ndi mwayi wolowera ku socket ya Docker motero mutha kuyendetsa zotengera. Kupatula kuti m'malo moyendetsa zotengera za "mwana", imatsegula zotengera za "abale".

Yesani izi pogwiritsa ntchito chithunzi cha docker (chomwe chili ndi Binary ya Docker):

docker run -v /var/run/docker.sock:/var/run/docker.sock 
           -ti docker

Imawoneka ndikugwira ntchito ngati Docker-in-Docker, koma si Docker-in-Docker: chidebe ichi chikapanga zotengera zowonjezera, zidzapangidwa mu Docker yapamwamba. Simudzakumana ndi zotsatirapo za kuyika zisa ndipo posungira msonkhano udzagawidwa pama foni angapo.

Chidziwitso: Mitundu yam'mbuyomu ya nkhaniyi idalangiza kulumikiza Binary ya Docker kuchokera kwa omwe adalandirayo kupita ku chidebe. Izi tsopano zakhala zosadalirika chifukwa injini ya Docker sikhalanso ndi malaibulale osasunthika kapena oyandikira-static.

Chifukwa chake, ngati mukufuna kugwiritsa ntchito Docker kuchokera ku Jenkins CI, muli ndi zosankha ziwiri:
kukhazikitsa Docker CLI pogwiritsa ntchito makina opangira zithunzi (i.e. ngati chithunzi chanu chimachokera ku Debian, gwiritsani ntchito phukusi la .deb), pogwiritsa ntchito Docker API.

Zotsatsa zina 🙂

Zikomo chifukwa chokhala nafe. Kodi mumakonda zolemba zathu? Mukufuna kuwona zambiri zosangalatsa? Tithandizeni potipatsa oda kapena kulimbikitsa anzathu, mtambo VPS kwa opanga kuchokera ku $ 4.99, ma analogi apadera a ma seva olowera, omwe adakupangirani inu: Chowonadi chonse chokhudza VPS (KVM) E5-2697 v3 (6 Cores) 10GB DDR4 480GB SSD 1Gbps kuchokera $19 kapena momwe mungagawire seva? (ikupezeka ndi RAID1 ndi RAID10, mpaka 24 cores mpaka 40GB DDR4).

Dell R730xd 2x yotsika mtengo ku Equinix Tier IV data center ku Amsterdam? Pokhapokha 2 x Intel TetraDeca-Core Xeon 2x E5-2697v3 2.6GHz 14C 64GB DDR4 4x960GB SSD 1Gbps 100 TV kuchokera $199 ku Netherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - kuchokera $99! Werengani za Momwe mungamangire Infrastructure Corp. kalasi pogwiritsa ntchito ma seva a Dell R730xd E5-2650 v4 ofunika ma euro 9000 pa khobiri?

Source: www.habr.com