Izikhongozeli luguqulelo olukhaphukhaphu lwesithuba somsebenzisi wenkqubo yeLinux - eneneni, bubuncinane obungenanto. Nangona kunjalo, iseyinkqubo yokusebenza epheleleyo, kwaye ngoko umgangatho wesi sixhobo ngokwawo ubaluleke kakhulu njengenkqubo epheleleyo yokusebenza. Yiyo loo nto ixesha elide sinikezela , ukuze abasebenzisi babe neziqulathi eziqinisekisiweyo, zale mihla, nezihlaziyiweyo zebakala leshishini. Qalisa (imifanekiso yesikhongozeli) i-RHEL kwi-container hosts RHEL ibonelela ngokuhambelana nokuphatheka phakathi kwemekobume, singasathethi ke ngokuba ezi sele zizixhobo eziqhelekileyo. Noko ke, kwakukho ingxaki enye. Awungekhe uwunike omnye umntu lo mfanekiso, nokuba ibingumthengi okanye iqabane eliqhuba iRed Hat Enterprise Linux.
Kodwa ngoku yonke into itshintshile
Ngokukhutshwa kwe-Red Hat Universal Base Image (UBI), ngoku unokufumana ukuthembeka, ukhuseleko, kunye nokusebenza okulindeleyo kwimifanekiso yesikhongozeli esisemthethweni se-Red Hat, nokuba unobhaliso okanye awukho. Oku kuthetha ukuba unokwakha isicelo esifakwe kwisikhongozeli kwi-UBI, usibeke kwindawo yobhaliso lwesikhongozeli ozikhethele sona, kwaye wabelane ngaso nehlabathi. I-Red Hat Universal Base Image ikuvumela ukuba wakhe, wabelane, kwaye usebenzisane kwi-container yesicelo kuyo nayiphi na imeko-apho ufuna khona.
Nge-UBI, unokupapasha kwaye usebenzise usetyenziso lwakho phantse kuso nasiphi na isiseko. Kodwa ukuba uyaziqhuba kumaqonga e-Red Hat njenge-Red Hat OpenShift kunye ne-Red Hat Enterprise Linux, unokufumana izibonelelo ezongezelelweyo (igolide engakumbi!). Kwaye ngaphambi kokuba siqhubele phambili kwinkcazo ethe kratya ye-UBI, mandinikeze i-FAQ emfutshane malunga nokuba kutheni ukubhaliswa kwe-RHEL kufuneka. Ke, kwenzeka ntoni xa uqhuba umfanekiso we-UBI kwiqonga le-RHEL/OpenShift?
Kwaye ngoku ukuba sonwabile ngokuthengisa, makhe sithethe ngakumbi nge-UBI
Izizathu zokusebenzisa i-UBI
Kufuneka uzive njani ukwazi ukuba i-UBI iya kukunceda:
- Eyam phuhlisi ufuna ukusebenzisa imifanekiso yesikhongozeli enokuthi isasazwe kwaye iqhutywe kuyo nayiphi na imeko-bume
- Iqela lam Imisebenzi ufuna umfanekiso osisiseko oxhaswayo kunye nomjikelo wobomi bomgangatho weshishini
- Eyam abayili bezakhiwo ufuna ukunikela kubathengi bam / abasebenzisi bokugqibela
- Eyam abathengi abafuni ukuvuthuza iingqondo zabo ngenkxaso yenqanaba loshishino kuyo yonke indawo yabo yeRed Hat
- Eyam uluntu ifuna ukwabelana, iqhube, ipapashe usetyenziso oluqulathiweyo ngokwenyani kuyo yonke indawo
Ukuba ubuncinci bemeko enye iyakufanela, kuya kufuneka ujonge i-UBI ngokuqinisekileyo.
Ngaphezu komfanekiso osisiseko
I-UBI incinci kune-OS epheleleyo, kodwa i-UBI inezinto ezintathu ezibalulekileyo:
- Iseti yemifanekiso emithathu esisiseko (ubi, ubi-minimal, ubi-init)
- Imifanekiso enendawo esele zilungiselelwe ixesha lokusebenza kwiilwimi ezahlukeneyo zokucwangcisa (i-nodejs, iruby, ipython, php, perl, njl.
- Iseti yeepakethe eziyeleleneyo kwindawo yogcino lweYUM enezona xhomekeko ziqhelekileyo
I-UBI yadalwa njengesiseko somthonyama welifu kunye nezicelo zewebhu eziphuhlisiwe kwaye zihanjiswe kwizikhongozeli. Wonke umxholo kwi-UBI yinxalenye ye-RHEL. Zonke iipakethe kwi-UBI zihanjiswa ngeeshaneli ze-RHEL kwaye zixhaswa ngokufanayo ne-RHEL xa zisebenza kwiiplatifti ezixhaswayo ze-Red Hat ezifana ne-OpenShift kunye ne-RHEL.
Ukuqinisekisa inkxaso ekumgangatho ophezulu kwizikhongozeli kufuna umgudu omkhulu ovela kwiinjineli, iingcali zokhuseleko kunye nezinye izixhobo ezongezelelweyo. Oku akufuni nje ukuvavanya imifanekiso esisiseko, kodwa nokuhlalutya ukuziphatha kwabo kuyo nayiphi na inginginya exhaswayo.
Ukunceda ukunciphisa umthwalo wokuphucula, i-Red Hat iphuhlisa ngokukhawuleza kwaye ixhasa ukuze i-UBI 7 ikwazi ukuqhuba kwi-RHEL 8 hosts, umzekelo, kunye ne-UBI 8 inokusebenza kwi-RHEL 7 hosts Oku kunika abasebenzisi ukuguquguquka, ukuzithemba, kunye noxolo ingqondo abayidingayo ngexesha lenkqubo , umzekelo, uhlaziyo lweqonga kwimifanekiso yesikhongozeli okanye iinginginya ezisetyenzisiweyo. Ngoku konke oku kunokwahlulwa kwiiprojekthi ezimbini ezizimeleyo.
Imifanekiso emithathu esisiseko
Ubuncinci - benzelwe usetyenziso olunokuxhomekeka kuzo zonke (Python, Node.js, .NET, njl.)
- Ubuncinci iseti yesiqulatho esifakwe ngaphambili
- Akukho suid executable
- Izixhobo zomphathi wepakethe ezincinci (ufakelo, uhlaziyo kunye nokususwa)
Iqonga β kuzo naziphi na izicelo ezisebenza kwi-RHEL
- I-OpenSSL ye-Cryptographic Stack eManyeneyo
- Isitaki se-YUM esipheleleyo
- Izinto eziluncedo ezisisiseko ze-OS ezibandakanyiweyo (tar, gzip, vi, njl.)
Iinkonzo ezininzi-yenza kube lula ukuqhuba iinkonzo ezininzi kwisikhongozeli esinye
- Iqwalaselwe ukuze kuqhutywe inkqubo kwisiqalo
- Ukukwazi ukwenza iinkonzo zisebenze kwinqanaba lokwakha
Imifanekiso yesikhongozeli eneendawo zokuqhutywa kolwimi lwenkqubo esele zenziwe
Ukongeza kwimifanekiso esisiseko ekuvumela ukuba ufake inkxaso yolwimi lwenkqubo, ii-UBI zibandakanya imifanekiso eyakhiwe kwangaphambili eneendawo ezilungele ukusetyenziswa kwenani leelwimi zeprogram. Abaphuhlisi abaninzi banokubamba nje umfanekiso kwaye baqale ukusebenza kwisicelo abasenzayo.
Ngokusungulwa kwe-UBI, i-Red Hat inikezela ngeeseti ezimbini zemifanekiso - esekelwe kwi-RHEL 7 kwaye isekelwe kwi-RHEL 8. Zazisekelwe kwi-Red Hat Software Collections (RHEL 7) kunye ne-Application Streams (RHEL 8), ngokulandelanayo. La maxesha okusebenza agcinwa esexesheni kwaye afumana uhlaziyo oluya kuthi ga kwezine ngonyaka njengomgangatho, ngoko uhlala uqhuba ezona nguqulelo zamva nje nezizinzileyo.
Nalu uluhlu lwemifanekiso yesikhongozeli se-UBI 7:
Nalu uluhlu lwemifanekiso yesikhongozeli se-UBI 8:
Iiphakheji ezihambelanayo
Ukusebenzisa imifanekiso esele yenziwe ngenene kulula kakhulu. I-Red Hat igcina ihlaziyiwe kwaye ihlaziya ngokukhutshwa kwenguqulo entsha ye-RHEL, kunye naxa uhlaziyo olubalulekileyo lwe-CVE lufumaneka ngokuhambelana nomgaqo-nkqubo wohlaziyo. ukuze ukwazi ukuthatha enye yale mifanekiso kwaye ngoko nangoko uqale ukusebenza kwisicelo.
Kodwa ngamanye amaxesha, xa usenza isicelo, unokufuna ngequbuliso iphakheji eyongezelelweyo. Okanye, ngamanye amaxesha, ukwenza isicelo sisebenze, kufuneka uhlaziye enye okanye enye ipakethe. Yiyo loo nto imifanekiso ye-UBI iza neseti yee-RPM ezifumaneka nge-yum, kwaye ezisasazwa kusetyenziswa inethiwekhi yokuhanjiswa komxholo ekhawulezayo nefumanekayo kakhulu (unayo ipakethe!). Xa uqhuba uhlaziyo lwe-yum kwi-CI / CD yakho kuloo ndawo ebalulekileyo yokukhululwa, unokuqiniseka ukuba iya kusebenza.
I-RHEL sisiseko
Asize sidinwe ukuphinda ukuba i-RHEL isisiseko sayo yonke into. Ngaba uyazi ukuba ngawaphi amaqela e-Red Hat asebenza ekudaleni imifanekiso esisiseko? Umzekelo ezi:
- Iqela lobunjineli elinoxanduva lokuqinisekisa ukuba amathala eencwadi angundoqo afana ne-glibc kunye ne-OpenSSL, kunye namaxesha okusetyenziswa kolwimi afana nePython kunye neRuby, abonelela ngokusebenza okungaguqukiyo kwaye aqhube ngokuthembekileyo imithwalo yomsebenzi xa esetyenziswa kwizikhongozeli.
- Iqela lokhuseleko lwemveliso linoxanduva lokulungiswa kwangethuba kweempazamo kunye nemiba yokhuseleko kumathala eencwadi nakwiindawo zolwimi, ukusebenza kakuhle komsebenzi wabo kuvavanywa kusetyenziswa isalathiso esikhethekileyo. .
- Iqela labaphathi beemveliso kunye neenjineli zizinikele ekongezeni izinto ezintsha kunye nokuqinisekisa umjikelo omde wemveliso, kukunika ukuzithemba kutyalo-mali lwakho ukuze wakhe phezu kwayo.
I-Red Hat Enterprise Linux yenza inginginya egqwesileyo kunye nomfanekiso wezikhongozeli, kodwa abaphuhlisi abaninzi bayakuxabisa ukukwazi ukusebenza kunye nenkqubo kwiifomathi ezahlukeneyo, ezinye zazo ezinokuba ngaphandle kweemeko zokusetyenziswa ezixhaswayo zenkqubo yeLinux. Apha kulapho imifanekiso ye-UBI yendalo yonke isiza khona.
Masithi ngoku, kweli nqanaba, ujonge umfanekiso osisiseko ukuze uqale ukusebenza kwisicelo esilula esinezikhongozeli. Okanye ngaba sele ukufutshane nekamva kwaye usuka kwizikhongozeli ezizimeleyo ezisebenza kwi-injini yesikhongozeli ukuya kwimbali yendalo yamafu usebenzisa isakhiwo kunye nokuqinisekisa ii-Operators ezisebenza kwi-OpenShift. Kwimeko nayiphi na into, i-UBI iya kubonelela ngesiseko esihle kakhulu soku.
Izikhongozeli ziquka uguqulelo olukhaphukhaphu lwesithuba somsebenzisi wenkqubo yokusebenza kwindlela entsha yokupakisha. Ukukhutshwa kwemifanekiso ye-UBI kumisela umgangatho omtsha woshishino wophuhliso lwezikhongozeli, ukwenza izikhongozeli zodidi lweshishini zifumaneke kuye nawuphi na umsebenzisi, abaphuhlisi besoftware abazimeleyo, kunye noluntu oluvulelekileyo. Ngokukodwa, abaphuhlisi besoftware banokubeka umgangatho weemveliso zabo usebenzisa isiseko esinye, esiqinisekisiweyo sazo zonke izicelo zabo eziqulathiweyo, kubandakanya . Iinkampani zophuhliso ezisebenzisa i-UBI zikwanakho nokufikelela kwiSiqinisekiso seSigqoko seRed Hat kunye neSiqinisekiso soMsebenzi we-OpenShift se-OpenShift, nto leyo evumela ukuqinisekiswa okuqhubekayo kwesoftware esebenza kwiiplatifti ze-Red Hat ezifana ne-OpenShift.
Ukuqala njani ukusebenza ngomfanekiso
Ngamafutshane, ilula kakhulu. I-Podman ayifumaneki kuphela kwi-RHEL, kodwa nakwi-Fedora, i-CentOS kunye nezinye izinikezelo zeLinux. Ekuphela kwento ekufuneka uyenzile kukukhuphela umfanekiso kwenye yogcino olulandelayo kwaye ulungile ukuba uhambe.
Nge-UBI 8:
podman pull registry.access.redhat.com/ubi8/ubi
podman pull registry.access.redhat.com/ubi8/ubi-minimal
podman pull registry.access.redhat.com/ubi8/ubi-init
Nge-UBI 7:
podman pull registry.access.redhat.com/ubi7/ubi
podman pull registry.access.redhat.com/ubi7/ubi-minimal
podman pull registry.access.redhat.com/ubi7/ubi-init
Ewe, jonga iSikhokelo soMfanekiso weSiseko esipheleleyo se-Universal Base
umthombo: www.habr.com