Isu tanga tichitevera nyaya yekushandisa systemd mumidziyo kwenguva yakareba. Kudzoka muna 2014, injiniya wedu wekuchengetedza Daniel Walsh akanyora chinyorwa , uye makore mashoma gare gare - imwe, iyo yakadanwa , umo akataura kuti mamiriro ezvinhu akanga asina kunyatsonaka. Kunyanya, akanyora kuti "zvinosuruvarisa, kunyange makore maviri gare gare, kana iwe google "Docker system", chinhu chekutanga chinouya ndicho chinyorwa chake chekare. Saka yave nguva yekuchinja chimwe chinhu. " Mukuwedzera, takatotaura nezvazvo .
Muchikamu chino ticharatidza zvakachinja nekufamba kwenguva uye kuti Podman angatibatsira sei munyaya iyi.
Pane zvikonzero zvakawanda zvekumhanya systemd mukati memudziyo, senge:
- Multiservice midziyo - vanhu vazhinji vanoda kudhonza ma-multi-service application kubva mumashini chaiwo uye voamhanyisa mumidziyo. Zvingave zviri nani, hongu, kutyora zvikumbiro zvakadaro kuita mamicroservices, asi havasi vese vanoziva maitiro ekuita izvi parizvino kana kungoti haana nguva. Naizvozvo, kumhanyisa maapplication akadai semasevhisi akatangwa nesystemd kubva kumayuniti mafaira ane musoro wakakwana.
- Systemd Unit Files -Mazhinji maapplication ari mukati memidziyo anovakwa kubva kukodhi yaimboshanda pamashini chaiwo kana emuviri. Zvikumbiro izvi zvine faira reyuniti rakanyorerwa zvikumbiro izvi uye rinonzwisisa kuti rinofanira kutangwa sei. Saka zvichiri nani kutanga masevhisi uchishandisa nzira dzinotsigirwa, pane kubira yako init sevhisi.
- Systemd ndeye process maneja. Iyo inobata masevhisi (kudzima, kutangazve masevhisi, kana kuuraya zombie maitiro) zvirinani kupfuura chero chishandiso.
Izvo zvakati, pane zvikonzero zvakawanda zvekusamhanya systemd mumidziyo. Chikuru ndechekuti systemd/journald inodzora kubuda kwemidziyo, uye maturusi akadai kana tarisira kuti midziyo inyore log zvakananga kune stdout uye stderr. Naizvozvo, kana iwe uchizobata midziyo kuburikidza nematurusi ekuridza senge ataurwa pamusoro, iwe unofanirwa kufunga nezve kushandisa systemd-based containers. Pamusoro pezvo, vanogadzira Docker neMoby vanowanzo pikisa zvakanyanya kushandisa systemd mumidziyo.
Kuuya kwePodman
Tinofara kushuma kuti mamiriro ezvinhu akazofambira mberi. Chikwata chine chekuita nekumhanyisa midziyo paRed Hat chakafunga kusimudzira . Akawana zita uye inopa yakafanana yekuraira mutsara interface (CLI) seDocker. Uye inenge yese Docker mirairo inogona kushandiswa muPodman nenzira imwechete. Tinowanzo itisa masemina, ayo ave kunzi , uye yekutanga siraidhi inodaidzira kunyora: alias docker=podman.
Vanhu vazhinji vanoita izvi.
Ini nePodman yangu hatisi kuzopesana nemidziyo-yakavakirwa systemd. Mushure mezvose, Systemd ndiyo inonyanya kushandiswa Linux init subsystem, uye kusaibvumira kuti ishande nemazvo mumidziyo zvinoreva kuregeredza kuti zviuru zvevanhu zvakajairwa sei kumhanyisa midziyo.
Podman anoziva zvekuita kuti systemd ishande nemazvo mumudziyo. Inoda zvinhu zvakaita sekukwira tmpfs pa/run uye /tmp. Iye anofarira kuve ne "containerized" nharaunda inogoneswa uye anotarisira kunyora mvumo kune yake chikamu cheboka rekodhi uye kune / var/log/journald folda.
Paunotanga mudziyo mune yekutanga rairo init kana systemd, Podman inogadzirisa otomatiki tmpfs uye Cgroups kuti ive nechokwadi chekuti systemd inotanga pasina matambudziko. Kuvhara iyi otomatiki yekuvhura modhi, shandisa iyo --systemd=false sarudzo. Ndokumbira utarise kuti Podman inongoshandisa systemd modhi kana yaona kuti inoda kumhanya systemd kana init command.
Heino chidimbu kubva mubhuku rekushandisa:
murume podman run
...-systemd=chokwadi|nhema
Kumhanyisa mudziyo mu systemd mode. Inogoneswa ne default.
Kana iwe uchimhanyisa systemd kana init command mukati memudziyo, Podman inogadzirisa tmpfs mount point mune anotevera madhairekitori:
/ run, / run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/journal
Zvakare iyo yekumira yekumira chiratidzo ichave SIGRTMIN +3.
Zvese izvi zvinobvumira systemd kuti imhanye mumudziyo wakavharwa pasina chero shanduko.
CHERECHEDZA: systemd inoedza kunyorera kune cgroup filesystem. Nekudaro, SELinux inodzivirira midziyo kubva pakuita izvi nekukasira. Kugonesa kunyora, gonesa container_manage_cgroup boolean parameter:
setsebool -P mudziyo_manage_cgroup chokwadi
Zvino tarisa kuti Dockerfile inotaridzika sei yekumhanyisa systemd mumudziyo uchishandisa Podman:
# cat Dockerfile
FROM fedora
RUN dnf -y install httpd; dnf clean all; systemctl enable httpd
EXPOSE 80
CMD [ "/sbin/init" ]
Ndizvo zvose.
Iye zvino tinounganidza mudziyo:
# podman build -t systemd .
Isu tinoudza SELinux kubvumidza systemd kugadzirisa iyo Cgroups kumisikidza:
# setsebool -P container_manage_cgroup true
Nenzira, vanhu vazhinji vanokanganwa nezvedanho iri. Neraki, izvi zvinongoda kuitwa kamwe chete uye kuseta kunochengetwa mushure mekutangazve sisitimu.
Iye zvino tinongotanga mudziyo:
# podman run -ti -p 80:80 systemd
systemd 239 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
Detected virtualization container-other.
Detected architecture x86-64.
Welcome to Fedora 29 (Container Image)!
Set hostname to <1b51b684bc99>.
Failed to install release agent, ignoring: Read-only file system
File /usr/lib/systemd/system/systemd-journald.service:26 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)
[ OK ] Listening on initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Reached target Slices.
β¦
[ OK ] Started The Apache HTTP Server.
Ndizvozvo, sevhisi iri kusimuka uye inoshanda:
$ curl localhost
<html xml_lang="en" lang="en">
β¦
</html>
CHERECHEDZA: Usayedze izvi paDocker! Ikoko iwe uchiri kuda kutamba netamborini kuti utange idzi mhando dzemidziyo kuburikidza nedhimoni. (Dzimwe minda nemapakeji zvichadikanwa kuita kuti zvese izvi zvishande zvisina mutsetse muDocker, kana kuti zvinozoda kufambiswa mumudziyo wakasarudzika. Kuti uwane rumwe ruzivo, ona .)
Zvimwe zvinhu zviviri zvinotonhorera nezvePodman uye systemd
Podman inoshanda zvirinani pane Docker mune systemd unit mafaira
Kana midziyo ichida kutangwa kana system bhutsu, saka unogona kungoisa yakakodzera Podman mirairo mu systemd unit file, iyo inotanga sevhisi nekuitarisa. Podman inoshandisa yakajairwa fork-exec modhi. Mune mamwe mazwi, zvigadziriso zvemidziyo vana vePodman process, saka systemd inogona kuvatarisa zviri nyore.
Docker inoshandisa mutengi-server modhi, uye Docker CLI mirairo inogona zvakare kuiswa yakananga muyuniti faira. Nekudaro, kana mutengi weDocker angobatana neDocker daemon, iyo (mutengi) inova imwe nzira yekubata stdin uye stdout. Nekudaro, systemd haina ruzivo nezve kubatana pakati peDocker mutengi uye mudziyo unomhanya pasi pekutonga kweDocker daemon, uye nekudaro, mukati meiyi modhi, systemd zvakanyanya haigone kutarisa sevhisi.
Activating systemd kuburikidza ne socket
Podman inobata activation kuburikidza nesocket nenzira kwayo. Nekuti Podman inoshandisa iyo fork-exec modhi, inogona kutumira socket kune yayo yemidziyo yemwana maitiro. Docker haigone kuita izvi nekuti inoshandisa mutengi-server modhi.
Iyo varlink sevhisi iyo Podman inoshandisa kutaurirana nevatengi vari kure kune midziyo inonyatso itwa kuburikidza nesoketi. Iyo cockpit-podman package, yakanyorwa muNode.js uye chikamu cheiyo cockpit purojekiti, inobvumira vanhu kudyidzana nePodman midziyo kuburikidza newebhu interface. Iyo daemon yewebhu inomhanyisa cockpit-podman inotumira mameseji kune varlink socket iyo systemd inoteerera. Systemd yobva yamisa chirongwa chePodman kugamuchira mameseji uye kutanga kubata midziyo. Kushandisa systemd pamusoro pesokisi kunobvisa kudiwa kwedaemon inogara ichimhanya paunenge uchiita maAPI ari kure.
Pamusoro pezvo, tiri kugadzira imwe Podman mutengi inonzi podman-remote, iyo inoshandisa iyo yakafanana Podman CLI asi inodaidza varlink kumhanya midziyo. Podman-remote inogona kumhanya pamusoro peSSH zvikamu, zvichikubvumidza kuti uwirirane zvakachengeteka nemidziyo pamakina akasiyana. Nekufamba kwenguva, isu tinoronga kugonesa podman-remote kutsigira MacOS neWindows padivi peLinux, kuitira kuti vanogadzira pamapuratifomu aya vakwanise kumhanyisa Linux virtual muchina une Podman varlink uchimhanya uye uve neruzivo rwakakwana rwekuti midziyo iri kushanda pamushini wemuno.
SD_NOTIFY
Systemd inokutendera kuti unonoke kuvhurwa kwemasevhisi ekubatsira kudzamara iyo midziyo sevhisi yavanoda yatanga. Podman inogona kutumira iyo SD_NOTIFY socket kune iyo midziyo sevhisi kuitira kuti sevhisi izive systemd kuti yagadzirira kushanda. Uye zvakare, Docker, inoshandisa mutengi-server modhi, haigone kuita izvi.
Muzvirongwa
Isu tinoronga kuwedzera iyo yekuraira podman gadzira systemd CONTINERID, iyo inoburitsa systemd unit faira kubata chaiyo mudziyo wakataurwa. Izvi zvinofanirwa kushanda mune ese ari maviri midzi uye isina midzi modhi yemidziyo isina njodzi. Takatoona chikumbiro cheOCI-inoenderana systemd-nspawn runtime.
mhedziso
Kumhanya systemd mumudziyo chinhu chinonzwisisika chinodiwa. Uye nekuda kwePodman, isu pakupedzisira tine mudziyo wekumhanyisa nguva usingapokane ne systemd, asi inoita kuti zvive nyore kushandisa.
Source: www.habr.com