Yakatanga muna Nyamavhuvhu 10 muSlurm , umo isu tinoiongorora zvizere - kubva kune yekutanga abstractions kune network parameters.
Muchinyorwa chino tichataura nezve nhoroondo yeDocker uye mabiko ayo makuru: Mufananidzo, Cli, Dockerfile. Hurukuro iyi inoitirwa vanotanga, saka hazvibviri kufarira vashandisi vane ruzivo. Hapazovi neropa, apendikisi kana kunyudzwa kwakadzika. Izvo chaizvo zvekutanga.
Chii chinonzi Docker
Ngatitarisei tsananguro yeDocker kubva kuWikipedia.
Docker isoftware yekugadzira otomatiki kutumira uye manejimendi ekushandisa munzvimbo dzakasungirirwa.
Hapana chakajeka kubva mutsanangudzo iyi. Hazvinyatso kujeka kuti "munzvimbo dzinotsigira kutakura" zvinorevei. Kuti tizive, ngatidzokerei shure munguva. Ngatitange nenguva iyo yandinodaidza kuti "Monolithic Era."
Monolithic nguva
Nguva yemonolithic ndeyekutanga 2000s, apo zvese zvikumbiro zvaive zvemonolithic, paine boka rekutsamira. Budiriro yakatora nguva refu. Panguva imwecheteyo, pakanga pasina maseva mazhinji; tese taivaziva nemazita uye taivatarisa. Pane kuenzanisa kunonakidza kwakadaro:
Mhuka dzinopfuyiwa nemhuka. Munguva yemonolithic, takabata maseva edu semhuka dzinovaraidza, dzakashongedzwa uye dzinodiwa, tichifuridza guruva. Uye kune zvirinani zviwanikwa manejimendi, isu takashandisa virtualization: isu takatora sevha tikaicheka kuita akati wandei machina emuchina, nekudaro tichiva nechokwadi chekuparadzaniswa kwezvakatipoteredza.
Hypervisor-based virtualization systems
Wese munhu angangove akanzwa nezve virtualization masisitimu: VMware, VirtualBox, Hyper-V, Qemu KVM, etc. Vanopa application yekuzviparadzanisa nevamwe uye zviwanikwa manejimendi, asi ivo vanewo zvisingabatsiri. Kuti uite virtualization, unoda hypervisor. Uye iyo hypervisor ibasa repamusoro. Uye iyo chaiyo muchina pachayo inowanzova yakazara colossus - inorema mufananidzo une inoshanda sisitimu, Nginx, Apache, uye pamwe MySQL. Mufananidzo wacho wakakura uye muchina chaiwo hausi nyore kushanda. Nekuda kweizvozvo, kushanda nemichina chaiyo inogona kunonoka. Kugadzirisa dambudziko iri, masisitimu ekuonana akagadzirwa padanho re kernel.
Kernel-level virtualization masisitimu
Kernel-level virtualization inotsigirwa neOpenVZ, Systemd-nspawn, LXC masisitimu. Muenzaniso unoshamisa weiyo virtualization ndeye LXC (Linux Containers).
LXC is an operating system-level virtualization system yekushandisa akawanda ega ega eLinux system yekushandisa pane imwechete node. LXC haishandise machina chaiwo, asi inogadzira nharaunda chaiyo ine yayo yega process space uye network stack.
Chaizvoizvo LXC inogadzira midziyo. Ndeupi musiyano uripo pakati pemakina chaiwo uye midziyo?
Iyo mudziyo haina kukodzera kutsaura maitiro: kusasimba kunowanikwa mune virtualization masisitimu pane kernel level inovabvumidza kutiza kubva mumudziyo kuenda kune muenzi. Saka, kana iwe uchida kuparadzanisa chimwe chinhu, zviri nani kushandisa muchina chaiwo.
Misiyano pakati pe virtualization uye containerization inogona kuoneka mudhayagiramu.
Kune hardware hypervisors, hypervisors pamusoro peOS, uye midziyo.
Hardware hypervisors inotonhorera kana iwe uchida chaizvo kuparadzanisa chimwe chinhu. Nekuti zvinogoneka kuzviparadzanisa pamwero wemapeji ekurangarira uye processors.
Kune hypervisors sechirongwa, uye kune midziyo, uye isu tichazotaura nezvazvo zvakare. Containerization masisitimu haana hypervisor, asi kune Container Injini inogadzira uye inogadzirisa midziyo. Chinhu ichi chakanyanya kureruka, saka nekuda kwekushanda nechepakati pane zvishoma pamusoro kana hapana zvachose.
Chii chinoshandiswa kugadzira midziyo padanho re kernel
Iwo makuru matekinoroji anokutendera iwe kuti ugadzire mudziyo wakaparadzaniswa kubva kune mamwe maitiro Mazita eMazita uye Kudzora Mapoka.
Mazita enzvimbo: PID, Networking, Mount uye Mushandisi. Kune zvimwe, asi kuti tive nyore kunzwisisa tichatarisa pane izvi.
PID Namespace miganhu maitiro. Apo, semuenzaniso, isu tinogadzira PID Namespace uye toisa nzira ipapo, inova nePID 1. Kazhinji muhurongwa PID 1 is systemd kana init. Saizvozvo, kana isu tikaisa maitiro munzvimbo nyowani yezita, inogamuchirawo PID 1.
Networking Namespace inokutendera iwe kudzikamisa / kupatsanura network uye nekuisa yako wega nzvimbo mukati. Mount is a file system limitation. Mushandisi-kurambidzwa kune vashandisi.
Kudzora Mapoka: Memory, CPU, IOPS, Network - angangoita gumi nemaviri marongero. Zvikasadaro anodaidzwawo kuti Mapoka (βC-groupsβ).
Kudzora Mapoka anogadzirisa zviwanikwa zvemudziyo. Kuburikidza neKudzora Mapoka tinogona kutaura kuti mudziyo haufanire kushandisa zvinopfuura huwandu hwezviwanikwa.
Kuti mudziyo ushande zvizere, mamwe matekinoroji anoshandiswa: Kugona, Copy-on-write uye vamwe.
Kugona ndiko kana isu tichitaura maitiro zvaanogona uye zvaasingakwanise kuita. Pa kernel level, aya angori bitmaps ane akawanda ma paramita. Semuenzaniso, mudzi wemushandisi ane ropafadzo dzakazara uye anogona kuita zvese. Iyo nguva sevha inogona kushandura nguva yehurongwa: ine hunyanzvi paNguva Capsule, uye ndizvozvo. Uchishandisa ropafadzo, unogona kugadzirisa zvirambidzo zvemaitiro, uye nokudaro uzvidzivirire.
Iyo Copy-on-write system inotibvumira kushanda neDocker mifananidzo uye tishandise zvakanyanya.
Docker parizvino ine nyaya dzekuenderana neCgroups v2, saka chinyorwa ichi chinotarisisa paCgroups v1.
Asi ngatidzokere kunhoroondo.
Apo virtualization systems yakaonekwa pa kernel level, yakatanga kushandiswa zvakasimba. Iyo yepamusoro pa hypervisor yakanyangarika, asi mamwe matambudziko akasara:
- mifananidzo mikuru: vanosundira sisitimu yekushandisa, maraibhurari, boka remasoftware akasiyana mune imwecheteyo OpenVZ, uye pakupedzisira mufananidzo wacho uchiri kuita kunge wakakura;
- Iko hakuna chiyero chakajairwa chekurongedza uye kuendesa, saka dambudziko rekutsamira rinoramba riripo. Pane mamiriro ezvinhu apo zvidimbu zviviri zvekodhi zvinoshandisa raibhurari imwechete, asi neshanduro dzakasiyana. Panogona kunge paine kusawirirana pakati pavo.
Kugadzirisa matambudziko ese aya, nguva inotevera yasvika.
Container nguva
Pakasvika Era yeContainers, huzivi hwekushanda navo hwakachinja:
- Imwe nzira - imwe mudziyo.
- Isu tinoendesa zvese zvinotsamira iyo nzira inoda kumudziyo wayo. Izvi zvinoda kucheka monoliths kuita microservices.
- Iyo diki iyo mufananidzo, zviri nani - kune mashoma anogoneka kusasimba, inobuda nekukurumidza, zvichingodaro.
- Mamiriro anoita ephemeral.
Rangarira zvandakataura pamusoro pemhuka dzinovaraidza vs mombe? Kare, zviitiko zvaiita sezvipfuwo, asi iye zvino zvave kuita semombe. Pakutanga, pakanga paine monolith - imwe application. Ikozvino yave zana microservices, zana midziyo. Mimwe midziyo inogona kunge iine 100-100 replicas. Zvinova zvishoma kukosha kwatiri kudzora mudziyo wega wega. Chinonyanya kukosha kwatiri kuwanikwa kwesevhisi pachayo: izvo seti yemidziyo inoita. Izvi zvinoshandura nzira dzekutarisa.
Muna 2014-2015, Docker yakabudirira - tekinoroji yatichataura nezvayo ikozvino.
Docker akachinja huzivi uye yakamisikidzwa application kurongedza. Tichishandisa Docker, tinogona kurongedza application, kuitumira kune repository, kuidhawunirodha kubva ipapo, uye kuiendesa.
Isu tinoisa zvese zvatinoda mumudziyo weDocker, saka dambudziko rekutsamira rinogadziriswa. Docker inovimbisa kuberekazve. Ini ndinofunga vanhu vazhinji vasangana nekusaberekana: zvese zvinoshanda kwauri, unozvisundidzira kugadzira, uye ipapo zvinomira kushanda. NaDocker dambudziko iri rinopera. Kana mudziyo wako weDocker ukatanga uye woita zvaunofanirwa kuita, saka nehupamhi hwepamusoro hunotanga mukugadzira uye kuita zvimwe chete ipapo.
Digression pamusoro pepamusoro
Pane nguva dzose kukakavara pamusoro pepamusoro. Vamwe vanhu vanotenda kuti Docker haina kutakura mumwe mutoro, sezvo inoshandisa iyo Linux kernel uye maitiro ayo ese anodiwa pakuisa mudziyo. Senge, "kana iwe ukati Docker iri pamusoro, saka iyo Linux kernel iri pamusoro."
Kune rimwe divi, kana ukapinda zvakadzika, zvechokwadi kune zvinhu zvakati wandei muDocker izvo, nekutambanudza, zvinogona kunzi zviri pamusoro.
Yekutanga iPID namespace. Apo patinoisa chirongwa munzvimbo yezita, inopiwa PID 1. Panguva imwecheteyo, iyi nzira ine imwe PID, iyo iri panzvimbo yezita rezita, kunze kwemudziyo. Semuenzaniso, isu takatanga Nginx mumudziyo, yakava PID 1 (master process). Uye pamubati ane PID 12623. Uye zvakaoma kutaura kuti yakawanda sei pamusoro pepamusoro.
Chinhu chechipiri maCgroups. Ngatitore maCgroups nendangariro, ndiko kuti, kugona kudzikamisa ndangariro yemudziyo. Kana yavhurwa, zviverengero uye ndangariro accounting zvinovhurwa: kernel inoda kunzwisisa kuti mapeji mangani akagoverwa uye kuti mangani achiri emahara emudziyo uyu. Izvi zvinogona kunge zviri pamusoro, asi ini handisati ndaona chero zvidzidzo chaizvo zvekuti zvinokanganisa sei kuita. Uye ini pachangu handina kuona kuti application iri kushanda muDocker yakangoerekana yaona kurasikirwa kwakanyanya mukuita.
Uye imwezve chinyorwa pamusoro pekuita. Mamwe ma kernel ma paramita anopfuudzwa kubva kumuridzi kuenda kumudziyo. Kunyanya, mamwe ma network parameters. Naizvozvo, kana iwe uchida kumhanyisa chimwe chinhu chepamusoro muDocker, semuenzaniso, chimwe chinhu chinoshingairira kushandisa network, saka iwe unofanirwa kugadzirisa aya maparameter. Vamwe nf_contrack, semuenzaniso.
Nezve iyo Docker pfungwa
Docker ine akati wandei zvinhu:
- Docker Daemon ndiyo yakafanana Container Injini; inovhura midziyo.
- Docker CII ndeye Docker manejimendi yekushandisa.
- Dockerfile - mirayiridzo yekuti ungagadzira sei mufananidzo.
- Mufananidzo - mufananidzo kubva kune iyo mudziyo unoputirwa kunze.
- Mudziyo.
- Docker registry ndeye mufananidzo repository.
Schematically inotaridzika seizvi:
Docker daemon inomhanya paDocker_host uye inotanga midziyo. Pane Mutengi anotumira mirairo: gadzira mufananidzo, dhawunirodha mufananidzo, vhura mudziyo. Docker daemon inoenda kune registry uye inovaita. Mutengi weDocker anogona kuwana zvese munharaunda (kune Unix socket) uye kuburikidza neTCP kubva kune ari kure.
Ngatiende kuburikidza nechikamu chimwe nechimwe.
Docker daemon - ichi ndicho chikamu cheseva, chinoshanda pamushini wekutambira: kurodha mifananidzo uye kuvhura midziyo kubva kwavari, inogadzira network pakati pemidziyo, inounganidza matanda. Patinoti βgadzira mufananidzo,β dhimoni rinenge richizviitawo.
Docker CLI -Docker mutengi chikamu, console utility yekushanda nedaemon. Ndinodzokorora, inogona kushanda kwete chete munharaunda, asiwo pamusoro pemambure.
Basic commands:
docker ps - ratidza midziyo iri kushanda paDocker host.
docker mifananidzo - ratidza mifananidzo yakatorwa munharaunda.
docker tsvaga <> - tsvaga mufananidzo mune registry.
docker dhonza <> - dhawunirodha mufananidzo kubva kune registry kuenda kumuchina.
docker kuvaka < > - unganidza mufananidzo.
docker run <> - vhura mudziyo.
docker rm <> - bvisa mudziyo.
docker matanda <> - matanda emidziyo
docker kutanga / kumisa / kutangazve <> - kushanda nemudziyo
Kana iwe uchigona iyi mirairo uye uine chivimbo mukuishandisa, zvitore iwe 70% nyanzvi muDocker padanho remushandisi.
dockerfile - mirairo yekugadzira mufananidzo. Inenge yese mirairo yekuraira idanho idzva. Ngatitarisei muenzaniso.
Izvi ndizvo zvinoita Dockerfile: mirairo kuruboshwe, nharo kurudyi. Murairo wega wega uri pano (uye kazhinji wakanyorwa muDockerfile) unogadzira dhizaini nyowani muMufananidzo.
Kunyange kutarisa kuruboshwe, unogona kunzwisisa zviri kuitika. Isu tinoti: "tigadzirire dhairekitori" - iyi nhanho imwe. "Ita kuti folda ishande" imwe nhanho, zvichingodaro. Layer keke inoita kuti hupenyu huve nyore. Kana ndikagadzira imwe Dockerfile uye ndikachinja chimwe chinhu mumutsara wekupedzisira - ndinomhanyisa chimwe chinhu kunze kwe "python" "main.py", kana kuisa zvinotsamira kubva kune rimwe faira - ipapo iwo akapfuura maseru anozoshandiswa zvakare secache.
mufananidzo - Uku kurongedza kwemidziyo; midziyo inotangwa kubva pamufananidzo. Kana tikatarisa Docker kubva pakuona kwemaneja wepakeji (sokunge isu taishanda nedeb kana rpm mapakeji), saka chifananidzo chinenge chiri rpm package. Kuburikidza neyum install tinogona kuisa iyo application, kuibvisa, kuiwana mune repository, uye kuidhawunirodha. Zvakafanana pano: midziyo inotangwa kubva pamufananidzo, inochengetwa muDocker registry (yakafanana neyum, mune repository), uye mufananidzo wega wega une SHA-256 hashi, zita uye tag.
Mufananidzo unovakwa zvinoenderana nemirairo kubva kuDockerfile. Murairo wega wega kubva kuDockerfile unogadzira dhizaini nyowani. Matanho anogona kushandiswa zvakare.
Docker registry ndeye Docker mufananidzo repository. Zvakafanana neiyo OS, Docker ine yeruzhinji yakajairika registry - dockerhub. Asi iwe unogona kuvaka yako repository, yako wega Docker registry.
Container - chii chinotangwa kubva pamufananidzo. Isu takavaka chifananidzo zvinoenderana nemirairo kubva kuDockerfile, tobva taitanga kubva pamufananidzo uyu. Chigaba ichi chakaparadzaniswa nemamwe midziyo uye chinofanirwa kunge chine zvese zvinodiwa kuti application ishande. Muchiitiko ichi, imwe mudziyo - imwe nzira. Zvinoitika kuti iwe unofanirwa kuita maitiro maviri, asi izvi zvinopesana neiyo Docker ideology.
Iyo "mudziyo mumwe, imwe nzira" inodiwa ine hukama nePID Namespace. Kana maitiro ane PID 1 atanga muNamespace, kana ikangoerekana yafa, ipapo mudziyo wese unofawo. Kana maitiro maviri ari kushanda ipapo: imwe mupenyu uye imwe yakafa, ipapo mudziyo ucharamba uchirarama. Asi uyu mubvunzo weBest Practices, tichataura nezvazvo mune zvimwe zvinhu.
Kuti udzidze maficha uye yakazara chirongwa chekosi zvakadzama, ndapota tevera chinongedzo: "".
Munyori: Marcel Ibraev, ane Chitupa Kubernetes maneja, anodzidzira mainjiniya kuSouthbridge, mutauri uye mugadziri wezvidzidzo zveSlurm.
Source: www.habr.com