ProHoster > Blog > Utongi > Detailed ongororo yeAWS Lambda

Detailed ongororo yeAWS Lambda

Kuturikirwa kwechinyorwa kwakagadzirirwa zvakananga vadzidzi vekosi "Cloud services". Unofarira kusimudzira munzira iyi? Tarisa kirasi yatenzi naEgor Zuev (TeamLead paInBit) "AWS EC2 sevhisi" uye ubatane neboka rinotevera rekosi: rinotanga munaGunyana 26.

Detailed ongororo yeAWS Lambda

Vanhu vazhinji vari kutamira kuAWS Lambda kune scalability, kuita, kuchengetedza, uye kugona kubata mamirioni kana matiririyoni ezvikumbiro pamwedzi. Kuti uite izvi, haufanire kutonga zvivakwa izvo sevhisi inomhanya. Uye autoscaling inokutendera kuti ushumire zviuru zvezvikumbiro panguva imwe chete pasekondi. Ini ndinofunga AWS Lambda inogona kunzi imwe yeanonyanya kufarirwa AWS masevhisi.

AWS Lambda

AWS Lambda ndeye chiitiko-inotyairwa serverless komputa sevhisi iyo inokutendera iwe kumhanya kodhi pasina kupa kana kutonga maseva uye kuwedzera mamwe masevhisi eAWS uchishandisa tsika logic. Lambda inopindura zvakananga kune zviitiko zvakasiyana-siyana (zvinonzi zvinokonzera), zvakadai sezvikumbiro zveHTTP kuburikidza neAmazon API Gateway, kuchinja kune data muAmazon S3 mabhakiti kana Amazon DynamoDB matafura; kana iwe unogona kumhanyisa kodhi yako kuburikidza neAPI mafoni uchishandisa iyo AWS SDK uye nyika shanduko muAWS Nhanho Mabasa.

Lambda inomhanyisa kodhi pane inowanikwa zvakanyanya komputa zvivakwa uye ine mutoro wakazara wekutonga pasi pepuratifomu, kusanganisira sevha uye inoshanda sisitimu yekuchengetedza, kupa zviwanikwa, auto-scaling, kodhi yekutarisa, uye matanda. Ndokunge, iwe unongoda kurodha kodhi yako uye kugadzirisa kuti uye riini inofanira kuitwa. Nekudaro, iyo sevhisi ichatarisira kuvhurwa kwayo uye ive nechokwadi chekuwanikwa kwepamusoro kwekushandisa kwako.

Nguva yekuchinjira kuLambda?

AWS Lambda ipuratifomu yekombuta yakakodzera kune akasiyana siyana ekushandisa, chero bedzi mutauro uye nguva yekumhanya yekodhi yako ichitsigirwa nesevhisi. Kana iwe uchida kutarisa pane yako kodhi uye bhizinesi logic paunenge uchibvisa server kuchengetedza, kupa, uye kuyera nemutengo unonzwisisika, AWS Lambda ndiyo nzira yekuenda nayo.

Lambda yakanakira kugadzira hurongwa hwekupindirana, uye kana yakashandiswa pamwe chete neAPI Gateway, unogona kuderedza zvakanyanya mutengo uye kusvika pamusika nekukurumidza. Pane nzira dzakasiyana dzekushandisa Lambda mabasa uye sarudzo dzekuronga serverless architecture - munhu wese anogona kusarudza chinhu chakakodzera zvichienderana nechinangwa chavo.

Lambda inokutendera iwe kuti uite akawanda akasiyana emabasa. Saka, nekuda kwerutsigiro rweCloudWatch, unogona kugadzira mabasa akamisikidzwa uye otomatiki maitiro emunhu. Iko hakuna zvirambidzo pachimiro uye kusimba kwekushandiswa kwesevhisi (yekuyeuka yekushandisa uye nguva inotariswa), uye hapana chinokutadzisa kubva mukurongeka kushanda pane yakazara-yakazara microservice yakavakirwa paLambda.

Pano unogona kugadzira zviito zvinonangana nesevhisi izvo zvisingarambe zvichimhanya. Muenzaniso wakajairika ndeyekuyera mufananidzo. Kunyangwe mune iyo nyaya yeakagoverwa masisitimu, mabasa eLambda anoramba akakodzera.

Saka, kana iwe usingade kubata nekugovera uye kutonga zviwanikwa zvekombuta, edza AWS Lambda; kana iwe usingade zvinorema, zviwanikwa-zvakanyanya kuverenga, edzawo AWS Lambda; kana kodhi yako ichimhanya nguva nenguva, ndizvozvo, unofanira kuedza AWS Lambda.

Chengetedzo

Kusvika pari zvino hapana zvichemo pamusoro pekuchengeteka. Kune rimwe divi, sezvo akawanda emukati maitirwo uye mashandisirwo emhando iyi akavanzwa kubva kumushandisi weAWS Lambda inochengetedzwa nguva yekumhanyisa nharaunda, mimwe mitemo inogashirwa yekuchengetedzwa kwegore inove isina basa.

Kufanana neazhinji masevhisi eAWS, Lambda inopihwa pane yakagovaniswa chengetedzo uye yekuteerera hwaro pakati peAWS nemutengi. Iyi nheyo inoderedza mutoro wekushanda pamutengi, sezvo AWS inotora mabasa ekuchengetedza, kutarisira uye kutarisa zvikamu zvebasa - kubva kune iyo host operating system uye virtualization layer kune kuchengetedzwa kwepanyama kwezvinhu zvezvivako.

Kunyanya kutaura nezve AWS Lambda, AWS ine basa rekugadzirisa zviri pasi pezvivakwa, zvine chekuita nesevhisi masevhisi, sisitimu yekushandisa, uye chikuva chekushandisa. Nepo mutengi aine basa rekuchengetedza kodhi yake, kuchengetedza chakavanzika data, kudzora kupinda kwairi, pamwe neiyo Lambda sevhisi uye zviwanikwa (Identity uye Access Management, IAM), kusanganisira mukati memiganhu yemabasa anoshandiswa.

Dhiagiramu iri pazasi inoratidza iyo yakagovaniswa mutoro modhi sezvainoshanda kune AWS Lambda. Basa reAWS nderorenji uye Basa reMutengi ndeyebhuruu. Sezvauri kuona, AWS inotora mutoro wakawanda wezvikumbiro zvakaiswa pasevhisi.

Detailed ongororo yeAWS Lambda

Yakagovaniswa Responsibility Model Inoshanda kune AWS Lambda

Lambda nguva yekumhanya

Mukana mukuru weLambda nderekuti nekuita basa pachinzvimbo chako, iyo sevhisi pachayo inogovera zviwanikwa zvinodiwa. Iwe unogona kudzivirira kutambisa nguva uye kushanda nesimba pane system manejimendi uye tarisa pane bhizinesi logic uye coding.

Basa reLambda rakakamurwa kuita ndege mbiri. Yokutanga ndiyo ndege inodzora. Sekureva kweWikipedia, ndege yekudzora ndiyo chikamu chetiweki inobata kutakura kusaina traffic uye nzira. Ndicho chikamu chekutanga chinoita sarudzo dzepasi rose nezvekupa, kushandira, uye kugovera mabasa. Uye zvakare, iyo ndege yekudzora inoita senge mhinduro inopa network topology, ine basa rekufambisa uye kutonga traffic.

Ndege yechipiri ndiyo data data. Iyo, kufanana nendege inodzora, ine mabasa ayo. Iyo ndege inodzora inopa APIs ekugadzirisa mabasa (GadziraFunction, UpdateFunctionCode) uye inodzora matauriro anoita Lambda nemamwe masevhisi eAWS. Iyo ndege yedata inodzora iyo Invoke API, iyo inoshandisa Lambda mabasa. Mushure mekudanwa kwebasa, ndege yekutonga inogovera kana kusarudza iripo yekumhanya nharaunda iyo yakafanogadzirirwa basa iro, uye yozoita iyo kodhi mairi.

AWS Lambda inotsigira mitauro yakasiyana-siyana yepurogiramu, kusanganisira Java 8, Python 3.7, Go, NodeJS 8, .NET Core 2, nemamwe, kuburikidza nemamiriro avo ekugadzirisa nguva. AWS inogara ichizvivandudza, inogovera zvigamba zvekuchengetedza, uye inoita mamwe mabasa ekugadzirisa pane idzi nharaunda. Lambda inokutendera kuti ushandise mimwe mitauro zvakare, chero iwe ukashandisa iyo yakakodzera nguva yekumhanya iwe pachako. Uye ipapo iwe uchafanirwa kutarisira kuchengetedza kwayo, kusanganisira kutarisa kuchengetedzwa kwayo.

Zvose zvinoshanda sei uye sevhisi ichaita sei mabasa ako?

Basa rega rega rinomhanya mune imwechete kana kupfuura yakatsaurirwa nharaunda, iyo inongove yehupenyu hweiyo basa uye inobva yaparadzwa. Yese nharaunda inongofona kamwe chete panguva, asi inoshandiswa zvakare kana paine akawanda serial mafoni kune imwechete basa. Yese nharaunda yekumhanya inomhanya pamakina chaiwo ane hardware virtualization - inonzi microVMs. Imwe neimwe microVM inopihwa kune chaiyo AWS account uye inogona kushandiswazve nenharaunda kuita mabasa akasiyana mukati meiyo account. MicroVMs dzakaiswa muzvivharo zvekuvaka zveLambda Worker Hardware platform, iyo ndeye uye inoshandiswa neAWS. Iyoyo nguva yekumhanya haigone kushandiswa neakasiyana mabasa, kana mamicroVM akasiyana kune akasiyana maAWS maakaundi.

Detailed ongororo yeAWS Lambda

AWS Lambda Isolation Model

Kuparadzaniswa kwenzvimbo dzekumhanya kunoitwa pachishandiswa nzira dzakawanda. Padanho repamusoro renzvimbo yega yega kune akaparadzana makopi ezvinotevera zvikamu:

  • Basa rekodhi
  • Chero maLambda layers akasarudzirwa basa racho
  • Basa rekuita nharaunda
  • Minimal mushandisi nzvimbo yakavakirwa paAmazon Linux

Nzira dzinotevera dzinoshandiswa kupatsanura nzvimbo dzakasiyana dzekuuraya:

  • cgroups - kudzikisira kupinda kuCPU, ndangariro, kuchengetedza uye network zviwanikwa kune yega yekumhanya nharaunda;
  • namespaces - mapoka maitiro IDs, maID ID, network interface uye zvimwe zviwanikwa zvinotungamirwa neLinux kernel. Imwe neimwe yekumhanya inomhanya munzvimbo yayo yezita;
  • seccomp-bpf - inorambidza nharembozha dzinogona kushandiswa munguva yekumhanya;
  • iptables uye routing matafura - kuparadzaniswa kwenzvimbo dzekuuraya kubva kune mumwe;
  • chroot - inopa mukana wekuwana kune iri pasi faira system.

Yakasanganiswa neAWS proprietary isolation tekinoroji, aya masisitimu anovimbisa yakavimbika runtime kupatsanurwa. Nzvimbo dzakaparadzaniswa nenzira iyi hadzigone kuwana kana kugadzirisa data kubva kune dzimwe nharaunda.

Kunyangwe akawanda ekumhanya eiyo imwechete AWS account anogona kumhanya pane imwechete microVM, pasina mamiriro ezvinhu anogona mamicroVM anogona kugovaniswa pakati akasiyana maakaundi eAWS. AWS Lambda inoshandisa nzira mbiri chete kuparadzanisa microVMs: EC2 zviitiko uye Firecracker. Kusarudzika kwevaenzi muLambda zvichibva paEC2 zviitiko zvavepo kubvira 2015. Firecracker inyowani yakavhurika sosi hypervisor yakanyatso gadzirwa neAWS yebasa risina basa uye yakaunzwa muna 2018. Iyo yemuviri Hardware inomhanya microVMs inogovaniswa pakati pemitoro yebasa mumaakaundi akasiyana.

Kuchengetedza nharaunda uye process states

Kunyangwe nguva dzekumhanya dzeLambda dzakasarudzika kumabasa akasiyana, dzinogona kudana basa rimwe chete kakawanda, zvichireva kuti nguva yekumhanya inogona kurarama kwemaawa akati wandei isati yaparadzwa.

Imwe neimwe Lambda yekumhanya ine zvakare inonyorwa faira system inowanikwa kuburikidza ne /tmp dhairekitori. Zvirimo hazvigone kuwanikwa kubva kune dzimwe nguva dzekumhanya. Nezve hurongwa hwekushingirira hune chekuita, mafaera akanyorerwa ku /tmp aripo ehupenyu hwese kutenderera kwenzvimbo yekumhanya. Izvi zvinobvumira mhedzisiro yekufona kwakawanda kuti iunganidzwe, izvo zvinonyanya kubatsira kune zvinodhura mashandiro senge kurodha mamodhi ekudzidza muchina.

Dana kutumira data

Iyo Invoke API inogona kushandiswa mumamodhi maviri: chiitiko modhi uye yekukumbira-mhinduro modhi. Mune chiitiko modhi, kufona kunowedzerwa kumutsara wekuzoitwa gare gare. Muchikumbiro-mhinduro mode, basa racho rinodanwa pakarepo nemubhadharo wakapiwa, mushure mokunge mhinduro yacho inodzorerwa. Mune ese ari maviri, basa rinomhanya munzvimbo yeLambda, asi iine nzira dzakasiyana dzekubhadhara.

Panguva yekufona-yekupindura mafoni, mubhadharo unoyerera uchibva kune chikumbiro chekugadzirisa API (API Caller), senge AWS API Gateway kana AWS SDK, kune inoremedza balancer, uyezve kuLambda yekufona sevhisi (Invoke Service). Iyo yekupedzisira inosarudza nharaunda yakakodzera yekuita basa uye inopfuudza mubhadharo ipapo kuti upedze kufona. Iyo inoremedza balancer inogamuchira TLS-yakachengetedzwa traffic paInternet. Traffic mukati mesevhisi yeLambda-mushure mekuremerwa kwemutoro-inopfuura nepakati VPC mune chaiyo AWS dunhu.

Detailed ongororo yeAWS Lambda

AWS Lambda Call Processing Model: Chikumbiro-Response Mode

Kufona kwechiitiko kunogona kuitwa nekukasira kana kuwedzerwa pamutsetse. Mune zvimwe zviitiko, mutsara unoitwa uchishandisa Amazon SQS (Amazon Simple Queue Service), iyo inopfuudza mafoni kuLambda yekuzadzisa kufona sevhisi kuburikidza neyemukati poller maitiro. Iyo traffic inofambiswa inodzivirirwa neTLS, uye hapana yekuwedzera encryption yedata yakachengetwa muAmazon SQS.

Kufona kwechiitiko hakudzore mhinduro-Mushandi weLambda anongofuratira chero ruzivo rwemhinduro. Chiitiko-chakavakirwa mafoni kubva kuAmazon S3, Amazon SNS, CloudWatch, uye mamwe masosi anogadziriswa neLambda mune chiitiko modhi. Kufona kubva kuAmazon Kinesis uye DynamoDB hova, SQS mitsara, Application Load Balancer, uye API Gateway mafoni anogadziriswa nenzira yekukumbira-mhinduro.

Kuongorora

Iwe unogona kutarisa uye kuongorora mabasa eLambda uchishandisa akasiyana maAWS masisitimu nemasevhisi, kusanganisira anotevera.

Amazon CloudWatch
Inounganidza nhamba dzakasiyana-siyana dzakadai senhamba yezvikumbiro, nguva yezvikumbiro, uye nhamba yezvikumbiro zvakakundikana.

Amazon CloudTrail
Inokutendera kuti utore, urambe uchitarisisa, uye uchengetedze ruzivo rwechiitiko cheakaundi chine chekuita neako AWS zvivakwa. Iwe uchave uine nhoroondo yakazara yezviito zvakaitwa uchishandisa iyo AWS Management Console, AWS SDK, mitsara yekuraira maturusi, uye mamwe masevhisi eAWS.

AWS X-Ray
Inopa kuoneka kuzere mumatanho ese ekukumbira kugadzirisa mune yako application zvichibva pamepu yezvayo zvemukati zvikamu. Inokutendera kuti uongorore maapplication panguva yekusimudzira uye munzvimbo dzekugadzira.

AWS Config
Iwe unozogona kuteedzera shanduko kuLambda basa kumisikidzwa (kusanganisira kudzima) uye nguva dzekumhanya, ma tag, mazita emubati, saizi yekodhi, kugoverwa kwendangariro, nguva yekumisikidzwa uye concurrency marongero, pamwe chete neLambda IAM execution basa, subnetting, uye kuchengetedza boka rekuchengetedza. .

mhedziso

AWS Lambda inopa yakasimba seti yezvishandiso zvekuvaka zvakachengeteka uye zvinokatyamadza zvikumbiro. Mazhinji ekuchengetedza uye kutevedzera maitiro muAWS Lambda akafanana mune mamwe masevhisi eAWS, kunyangwe paine zvisizvo. Kubva munaKurume 2019, Lambda inoenderana neSOC 1, SOC 2, SOC 3, PCI DSS, Health Insurance Portability uye Accountability Act (HIPAA) kutevedzera, nemimwe mitemo. Saka, kana iwe uchifunga nezvekushandisa yako inotevera application, funga iyo AWS Lambda sevhisi - inogona kunge iri yakanyanya kukodzera basa rako.

Source: www.habr.com

Voeg