Ke khale re latela sehlooho sa ho sebelisa systemd ka lijaneng. Morao koana 2014, moenjiniere oa rona oa tšireletso Daniel Walsh o ngotse sengoloa , 'me lilemo tse' maloa hamorao - e 'ngoe, e neng e bitsoa , moo a ileng a bolela hore boemo ha boa ka ba ntlafala hakaalo. Ka ho khetheha, o ile a ngola hore "ka bomalimabe, esita le lilemo tse peli hamorao, haeba u google "Docker system", ntho ea pele e hlahang ke sehlooho sa hae sa khale. Kahoo ke nako ea ho fetola ntho e itseng. ” Ho phaella moo, re se re buile ka .
Sehloohong sena re tla bontša se fetohileng ha nako e ntse e ea le hore na Podman e ka re thusa joang tabeng ena.
Ho na le mabaka a mangata a ho tsamaisa systemd ka har'a setshelo, joalo ka:
- Lijana tsa litšebeletso tse ngata - batho ba bangata ba batla ho hula lits'ebetso tsa bona tsa lits'ebeletso tse ngata ho tsoa mecheng ea sebele ebe ba li tsamaisa ka lijaneng. Ho ka ba molemo, ehlile, ho arola lits'ebetso tse joalo ka li-microservices, empa ha se motho e mong le e mong ea tsebang ho etsa sena kapa ha a na nako. Ka hona, ho sebetsa lits'ebetso tse joalo ka lits'ebeletso tse hlahisitsoeng ke systemd ho tsoa ho lifaele tsa yuniti hoa utloahala.
- Lifaele tsa Systemd Unit - Lisebelisoa tse ngata tse kenang ka har'a lijana li hahiloe ho tsoa ho khoutu eo pele e neng e sebetsa ka mechini ea sebele kapa ea 'mele. Lisebelisoa tsena li na le faele ea yuniti e neng e ngoletsoe lits'ebetso tsena mme e utloisisa hore na li lokela ho qalisoa joang. Kahoo ho ntse ho le molemo ho qala lits'ebeletso u sebelisa mekhoa e tšehetsoeng, ho e-na le ho senya tšebeletso ea hau ea init.
- Systemd ke molaoli oa tšebetso. E laola lits'ebeletso (ho koala, ho qala lits'ebeletso bocha, kapa ho bolaea lits'ebetso tsa zombie) ho feta sesebelisoa leha e le sefe.
Ho boletse joalo, ho na le mabaka a mangata a hore u se ke ua tsamaisa systemd ka lijaneng. E kholo ke hore systemd/journald e laola tlhahiso ea lijana, le lisebelisoa tse joalo kapa lebella hore lijana li ngole log ka kotloloho ho stdout le stderr. Ka hona, haeba u il'o laola lijana ka lisebelisoa tsa orchestration tse kang tse boletsoeng ka holimo, u lokela ho nahana ka botebo ka ho sebelisa li-container tse thehiloeng ho systemd. Ho feta moo, baetsi ba Docker le Moby hangata ba 'nile ba hanyetsa ka matla ho sebelisa systemd ka lijaneng.
Ho tla ha Podman
Re thabela ho tlaleha hore qetellong boemo bo tsoetse pele. Sehlopha se ikarabellang bakeng sa ho tsamaisa lijana ho Red Hat se nkile qeto ea ho nts'etsapele . O na le lebitso mme e fana ka sebopeho se tšoanang sa taelo ea taelo (CLI) joalo ka Docker. Mme hoo e ka bang litaelo tsohle tsa Docker li ka sebelisoa ho Podman ka tsela e ts'oanang. Re atisa ho tšoara lithupelo, tseo hona joale li bitsoang , 'me slide ea pele e hloka ho ngoloa: alias docker=podman.
Batho ba bangata ba etsa sena.
'Na le Podman ea ka ha re khahlanong le lijana tse thehiloeng ho systemd. Ntle le moo, Systemd ke sistimi e sebelisoang ka ho fetesisa ea Linux init, mme ho se e lumelle ho sebetsa hantle ka har'a lijana ho bolela ho iphapanyetsa hore na batho ba likete ba tloaetse ho tsamaisa lijana joang.
Podman o tseba seo a lokelang ho se etsa ho etsa hore systemd e sebetse hantle ka har'a setshelo. E hloka lintho tse kang ho kenya tmpfs ho /run le /tmp. O rata ho etsa hore tikoloho ea "containerized" e khonehe 'me o lebeletse tumello ea ho ngola karolong ea hae ea sehlopha sa lihlopha le ho /var/log/journald foldareng.
Ha o qala setshelo moo taelo ea pele e leng init kapa systemd, Podman e iketsetsa tmpfs le Cgroups ho netefatsa hore systemd e qala ntle le mathata. Ho thibela mokhoa ona oa ho qala ka boiketsetso, sebelisa --systemd=false kgetho. Ka kopo hlokomela hore Podman e sebelisa mokhoa oa systemd feela ha e bona hore e hloka ho tsamaisa taelo ea systemd kapa init.
Mona ke mantsoe a qotsitsoeng bukeng ea litaelo:
monna podman matha
...-systemd=nnete| bohata
Ho tsamaisa setshelo ka mokhoa oa systemd. E lumelletsoe ke kamehla.
Haeba o tsamaisa taelo ea systemd kapa init ka har'a setshelo, Podman e tla hlophisa lintlha tsa tmpfs ho li-directory tse latelang:
/ matha, /run/lock, /tmp, /sys/fs/cgroup/systemd, /var/lib/jeurnal
Hape lets'oao la kamehla la ho emisa e tla ba SIGRTMIN+3.
Sena sohle se lumella systemd ho sebetsa ka har'a setshelo se koetsoeng ntle le liphetoho.
HLOKOMELA: systemd e leka ho ngolla cgroup filesystem. Leha ho le joalo, SELinux e thibela lijana ho etsa sena ka boiketsetso. Ho nolofalletsa ho ngola, lumella "container_manage_cgroup" parameter ea boolean:
setsebool -P container_manage_cgroup nnete
Joale sheba hore na Dockerfile e shebahala joang bakeng sa ho tsamaisa systemd ka setshelo o sebelisa Podman:
# cat Dockerfile
FROM fedora
RUN dnf -y install httpd; dnf clean all; systemctl enable httpd
EXPOSE 80
CMD [ "/sbin/init" ]
Ke phetho.
Hona joale re bokella setshelo:
# podman build -t systemd .
Re bolella SELinux ho lumella systemd ho fetola tlhophiso ea Cgroups:
# setsebool -P container_manage_cgroup true
Ka tsela, batho ba bangata ba lebala ka mohato ona. Ka lehlohonolo, sena se hloka ho etsoa hanngoe feela mme maemo a bolokoa kamora ho qala sistimi hape.
Joale re qala feela setshelo:
# podman run -ti -p 80:80 systemd
systemd 239 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
Detected virtualization container-other.
Detected architecture x86-64.
Welcome to Fedora 29 (Container Image)!
Set hostname to <1b51b684bc99>.
Failed to install release agent, ignoring: Read-only file system
File /usr/lib/systemd/system/systemd-journald.service:26 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling.
Proceeding WITHOUT firewalling in effect! (This warning is only shown for the first loaded unit using IP firewalling.)
[ OK ] Listening on initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Reached target Slices.
…
[ OK ] Started The Apache HTTP Server.
Ke hona, tšebeletso e ntse e tsoela pele:
$ curl localhost
<html xml_lang="en" lang="en">
…
</html>
HLOKOMELA: Se ke oa leka sena ho Docker! Ha u le moo, u ntse u hloka ho tantša ka moropa ho hlahisa mefuta ena ea lijana ka daemon. (Makarolo le liphutheloana tse ling li tla hlokoa ho etsa hore sena sohle se sebetse ka mokhoa o tsitsitseng ho Docker, kapa se tla hloka ho tsamaisoa ka har'a setshelo se khethehileng. Bakeng sa lintlha, bona .)
Lintho tse ling tse 'maloa tse monate ka Podman le systemd
Podman e sebetsa hantle ho feta Docker ho lifaele tsa unitd tsa systemd
Haeba lijana li hloka ho qalisoa ha sistimi e qala, o ka kenya feela litaelo tse nepahetseng tsa Podman faeleng ea yuniti ea systemd, e tla qala ts'ebeletso le ho e beha leihlo. Podman e sebelisa mohlala o tloaelehileng oa fork-exec. Ka mantsoe a mang, lits'ebetso tsa setshelo ke bana ba ts'ebetso ea Podman, kahoo systemd e ka li beha leihlo habonolo.
Docker e sebelisa mohlala oa seva sa bareki, 'me litaelo tsa Docker CLI le tsona li ka beoa ka kotloloho faeleng ea yuniti. Leha ho le joalo, hang ha moreki oa Docker a hokahana le daemon ea Docker, eona (moreki) e fetoha mokhoa o mong feela oa ho sebetsana le stdin le stdout. Ka lehlakoreng le leng, systemd ha e na leseli mabapi le khokahano lipakeng tsa moreki oa Docker le setshelo se tsamaeang tlasa taolo ea daemon ea Docker, ka hona, ka har'a mofuta ona, systemd ha e le hantle e ke ke ea beha ts'ebeletso leihlo.
Ho kenya tshebetsong systemd ka socket
Podman e sebetsana le ts'ebetso ka socket ka nepo. Hobane Podman e sebelisa mohlala oa fork-exec, e ka fetisetsa sokete ho lits'ebetso tsa sejana sa bana. Docker ha e khone ho etsa sena hobane e sebelisa mohlala oa seva sa bareki.
Ts'ebeletso ea varlink eo Podman a e sebelisang ho buisana le bareki ba hole ho lijana e hlile e sebelisoa ka sokete. Sephutheloana sa cockpit-podman, se ngotsoeng ho Node.js le karolo ea morero oa cockpit, se lumella batho ho sebelisana le lijana tsa Podman ka sebopeho sa websaete. Daemon ea webo e tsamaisang cockpit-podman e romella melaetsa ho varlink socket eo systemd e e mamelang. Systemd ebe e kenya tšebetsong lenaneo la Podman ho amohela melaetsa le ho qala ho laola lijana. Ho kenya tšebetsong systemd holim'a sokete ho felisa tlhoko ea daemon e lulang e sebetsa ha o kenya tšebetsong li-API tse hole.
Ho feta moo, re ntse re nts'etsapele moreki e mong oa Podman ea bitsoang podman-remote, e sebelisang Podman CLI e tšoanang empa e bitsa varlink ho tsamaisa lijana. Podman-remote e ka sebetsa ka holim'a linako tsa SSH, e u lumella ho sebelisana ka mokhoa o sireletsehileng le lijana tsa mechini e fapaneng. Ha nako e ntse e ea, re rera ho thusa podman-remote ho tšehetsa MacOS le Windows haufi le Linux, e le hore baetsi ba sethaleng ba ka tsamaisa mochine o sebetsang oa Linux o nang le Podman varlink e sebetsang 'me ba be le phihlelo e feletseng ea hore lijana li sebetsa mochine oa lehae.
SD_TSEBISA
Systemd e u lumella ho chechisetsa morao ho qala lits'ebeletso tse thusang ho fihlela ts'ebeletso e nang le setshelo eo ba e hlokang e qala. Podman e ka fetisetsa sokete ea SD_NOTIFY ho ts'ebeletso e kentsoeng e le hore ts'ebeletso e tsebise systemd hore e se e loketse ho sebetsa. Hape, Docker, e sebelisang mohlala oa seva sa bareki, e ke ke ea etsa sena.
Meralong
Re rera ho eketsa taelo ea podman generate systemd CONTAINERID, e tla hlahisa file ea unit ea systemd ho laola setshelo se itseng se boletsoeng. Sena se lokela ho sebetsa ka mekhoa ea metso le e se nang metso bakeng sa lijana tse se nang monyetla. Re bile re bone kopo ea nako ea ho sebetsa ea OCI e lumellanang le systemd-nspawn.
fihlela qeto e
Ho matha systemd ka har'a setshelo ke tlhoko e utloisisoang. 'Me ka lebaka la Podman, qetellong re na le nako ea ho sebetsa ea setshelo e sa hohlaneng le systemd, empa e etsa hore ho be bonolo ho e sebelisa.
Source: www.habr.com