I-Docker-in-Docker yindawo yedaemon ye-Docker ebonakalayo esebenza ngaphakathi kwesikhongozeli ngokwayo ukwakha imifanekiso yesikhongozeli. Eyona njongo iphambili yokudala iDocker-in-Docker yayikukunceda ukuphuhlisa iDocker ngokwayo. Abantu abaninzi bayisebenzisa ukuqhuba iJenkins CI. Oku kubonakala kuqhelekile ekuqaleni, kodwa emva koko kuvela iingxaki ezinokuthintelwa ngokufaka i-Docker kwisitya se-Jenkins CI. Eli nqaku likuxelela indlela yokwenza oku. Ukuba unomdla kwisisombululo sokugqibela ngaphandle kweenkcukacha, funda nje icandelo lokugqibela lenqaku, "UkuSombulula Ingxaki."
I-Docker-in-Docker: "Kuhle"
Ngaphezu kweminyaka emibini edlulileyo ndafaka kwiDocker -unelungelo kwaye wabhala . Injongo yayikukunceda iqela eliphambili liphuhlise iDocker ngokukhawuleza. Ngaphambi kweDocker-in-Docker, umjikelo wophuhliso oqhelekileyo ujongeka ngolu hlobo:
- i-hackity hack;
- ukwakha;
- ukumisa i-daemon ye-Docker esebenzayo;
- usungula i-daemon entsha yeDocker;
- uvavanyo;
- phinda umjikelo.
Ukuba ufuna ukwenza indibano entle, enokuphinda iphindwe (oko kukuthi, kwisitya), yaba nzima ngakumbi:
- i-hackity hack;
- qiniseka ukuba uguqulelo olusebenzayo lweDocker luyasebenza;
- yakha iDocker entsha ngeDocker endala;
- yeka iDaemon yeDocker;
- qala i-daemon entsha yeDocker;
- uvavanyo;
- yeka i-daemon entsha yeDocker;
- phinda.
Ngokufika kweDocker-in-Docker, inkqubo iye yaba lula:
- i-hackity hack;
- indibano + qalisa kwinqanaba elinye;
- phinda umjikelo.
Ngaba akukho ngcono kakhulu ngale ndlela?
I-Docker-in-Docker: "Kubi"
Nangona kunjalo, ngokuchasene nenkolelo edumileyo, i-Docker-in-Docker ayiyona i-100% yeenkwenkwezi, iiponi kunye neeunicorns. Into endiyithethayo kukuba kukho imiba emininzi ekufuneka umphuhlisi ayazi.
Enye yazo ixhalabele ii-LSM (iimodyuli zokhuseleko zeLinux) ezinje ngeAppArmor kunye ne-SELinux: xa uqhuba isikhongozeli, i-"Docker yangaphakathi" inokuzama ukusebenzisa iiprofayili zokhuseleko eziya kungqubana okanye zibhidekise "iDocker yangaphandle". Le yeyona ngxaki inzima ukuyisombulula xa uzama ukudibanisa umiliselo lwakuqala lweflegi enelungelo. Utshintsho lwam lwasebenza kwaye zonke iimvavanyo ziya kudlula kumatshini wam we-Debian kunye novavanyo lwe-Ubuntu VMs, kodwa babeza kuphazamiseka kwaye batshise kumatshini kaMichael Crosby (wayeneFedora njengoko ndikhumbulayo). Andikhumbuli oyena nobangela wengxaki, kodwa kusenokwenzeka ukuba kwakungenxa yokuba uMike yindoda elumkileyo esebenza nge-SELINUX = ukunyanzeliswa (ndisebenzise i-AppArmor) kwaye utshintsho lwam aluzange luthathele ingqalelo iiprofayili ze-SELinux.
I-Docker-in-Docker: "Ububi"
Umcimbi wesibini unabaqhubi be-Docker yokugcina. Xa usenza iDocker-in-Docker, iDocker yangaphandle ibaleka phezu kwenkqubo yefayile eqhelekileyo (EXT4, BTRFS, okanye nantoni na onayo) kunye neDocker yangaphakathi isebenza phezu kwenkqubo yokukhuphela-ngokubhala (AUFS, BTRFS, Mapper yeSixhobo). , njl.). , kuxhomekeke kwinto emiselweyo ukusebenzisa iDocker yangaphandle). Oku kudala imidibaniso emininzi engayi kusebenza. Umzekelo, awuyi kukwazi ukuqhuba i-AUFS ngaphezulu kwe-AUFS.
Ukuba usebenzisa i-BTRFS ngaphezulu kwe-BTRFS, kufuneka isebenze ekuqaleni, kodwa nje ukuba kukho imiqulu esezantsi ebekwe kwindlwana, ukucima i-subvolume yomzali kuya kusilela. Imodyuli yeMaphu yesiXhobo ayinayo indawo yamagama, ke ukuba iimeko ezininzi zeDocker ziyayiqhuba kumatshini omnye, bonke baya kukwazi ukubona (kwaye babe nefuthe) imifanekiso enye kwenye kunye nakwizixhobo zokugcina isikhongozeli. Oku kubi.
Kukho iindlela zokusebenza zokusombulula uninzi lwezi ngxaki. Umzekelo, ukuba ufuna ukusebenzisa i-AUFS kwiDocker yangaphakathi, jika nje i-/var/lib/docker ifolda ibe yivolumu kwaye uya kulunga. UDocker wongeze izithuba zamagama esiseko kumagama ekujoliswe kuwo kwiSixhobo seMapper ukuze ukuba iifowuni ezininzi zeDocker zisebenza kumatshini omnye, azinakunyathelana.
Nangona kunjalo, ukuseta okunjalo akukho lula konke konke, njengoko kunokubonwa kwezi kwindawo yokugcina i-dind kwi-GitHub.
I-Docker-in-Docker: Iya iba mandundu
Kuthekani nge-cache yokwakha? Oku kunokuba nzima kakhulu. Abantu bahlala bendibuza ukuba "ukuba ndiqhuba i-Docker-in-Docker, ndingayisebenzisa njani imifanekiso ebanjelwe kumamkeli wam endaweni yokutsalela yonke into kwi-Docker yam yangaphakathi"?
Abanye abantu abasakhasayo bazamile ukubopha /var/lib/docker ukusuka kumamkeli ukuya kwisikhongozeli seDocker-in-Docker. Ngamanye amaxesha babelana /var/lib/docker ngezikhongozeli ezininzi.
Ngaba ufuna ukonakalisa idatha yakho? Kuba yiloo nto kanye eya konakalisa idatha yakho!
Idaemon yeDocker yayiyilwe ngokucacileyo ukuba ibe nofikelelo olukhethekileyo /var/lib/docker. Akukho nto iyenye ekufuneka "ichukumise, ixhokonxe, okanye ivelise" naziphi na iifayile zeDocker ezikule folda.
Kutheni kunjalo nje? Kuba esi sisiphumo sesinye sezona zifundo zinzima zifundwe ngelixa uphuhlisa i-dotCloud. Injini yesikhongozeli sedotCloud iqhube ngokuba neenkqubo ezininzi zokufikelela /var/lib/dotcloud ngaxeshanye. Amaqhinga anobuqili afana nokutshintshwa kwefayile yeathom (endaweni yokuhlelwa kwendawo), ikhowudi yepeppering enengcebiso kunye nezitshixo ezinyanzelekileyo, kunye nezinye iimvavanyo ezineenkqubo ezikhuselekileyo ezifana neSQLite kunye neBDB ayizange ihlale isebenza. Xa sasiyiyila ngokutsha injini yethu yesikhongozeli, eyathi ekugqibeleni yaba yiDocker, esinye sezigqibo zoyilo olukhulu yayikukuhlanganisa yonke imisebenzi yeekhonteyina phantsi kwedaemon enye ukuze kupheliswe bonke ubuvuvu be-concurrency.
Ungandivi kakubi: kuyenzeka ngokupheleleyo ukwenza into elungileyo, ethembekileyo kwaye ekhawulezayo ebandakanya iinkqubo ezininzi kunye nolawulo oluhambelanayo lwangoku. Kodwa sicinga ukuba kulula kwaye kulula ukubhala kunye nokugcina ikhowudi usebenzisa iDocker njengokuphela komdlali.
Oku kuthetha ukuba ukuba wabelana nge/var/lib/docker ulawulo phakathi kweemeko ezininzi zeDocker, uya kuba neengxaki. Ewe, oku kunokusebenza, ngakumbi kumanqanaba okuqala ovavanyo. βMamela, Ma, ndingaqhuba ubuntu njengedokhi!β Kodwa zama into entsokothileyo ngakumbi, njengokutsala umfanekiso ofanayo ukusuka kumaxesha amabini ahlukeneyo, kwaye uyakubona umhlaba uvutha.
Oku kuthetha ukuba ukuba inkqubo yakho ye-CI yenza ukwakha kwaye yakha kwakhona, ngalo lonke ixesha uqalisa kwakhona isikhongozeli sakho seDocker-in-Docker, usengozini yokulahla i-nuke kwi-cache yayo. Oku akupholile kwaphela!
Uluhlu lweengxaki
Masithathe umva. Ngaba ufuna ngokwenene i-Docker-in-Docker okanye ufuna ukukwazi ukuqhuba i-Docker kwaye wakhe kwaye uqhube izikhongozeli kunye nemifanekiso esuka kwinkqubo yakho ye-CI ngelixa inkqubo yeCI ngokwayo ikwisikhongozeli?
Ndibheja uninzi lwabantu lufuna ukhetho lokugqibela, oku kuthetha ukuba bafuna inkqubo yeCI efana neJenkins ukuba ikwazi ukuqhuba izikhongozeli. Kwaye eyona ndlela ilula yokwenza oku kukufaka ngokulula i-Docker socket kwisikhongozeli sakho se-CI kwaye uyinxulumanise ne--v iflegi.
Ukubeka nje, xa uqala isikhongozeli sakho seCI (iJenkins okanye enye), endaweni yokuqweqwedisa into kunye neDocker-in-Docker, yiqale ngomgca:
docker run -v /var/run/docker.sock:/var/run/docker.sock ...Esi sikhongozeli ngoku siya kuba nokufikelela kwi-socket ye-Docker kwaye ke ngoko sikwazi ukuqhuba izikhongozeli. Ngaphandle kokuba endaweni yokusebenzisa izikhongozeli βzabantwanaβ, iya kuphehlelela izikhongozeli βzabantakwenuβ.
Zama oku usebenzisa umfanekiso wedocker osemthethweni (oqulathe iDocker yokubini):
docker run -v /var/run/docker.sock:/var/run/docker.sock
-ti dockerIjongeka kwaye isebenza njengeDocker-in-Docker, kodwa ayisiyiyo iDocker-in-Docker: xa esi sikhongozeli sisenza izikhongozeli ezongezelelweyo, ziya kwenziwa kwinqanaba eliphezulu leDocker. Awuyi kuba neziphumo ebezingalindelekanga zokuzalela kwaye i-cache yendibano iya kwabelwana ngazo kwiifowuni ezininzi.
Qaphela: Iinguqulelo zangaphambili zeli nqaku zicetyiswe ukudibanisa i-Docker yokubini ukusuka kumamkeli ukuya kwisingxobo. Oku ngoku akuthembekanga njengoko injini yeDocker ingasawagqumi amathala eencwadi amileyo okanye akufutshane.
Ke, ukuba ufuna ukusebenzisa iDocker evela kwiJenkins CI, unokhetho olu-2:
ukufaka i-Docker CLI usebenzisa inkqubo yokupakisha yomfanekiso esisiseko (okt ukuba umfanekiso wakho usekelwe kwiDebian, sebenzisa .deb packages), usebenzisa iDocker API.
Ezinye iintengiso π
Enkosi ngokuhlala nathi. Ngaba uyawathanda amanqaku ethu? Ngaba ufuna ukubona umxholo onomdla ngakumbi? Sixhase ngokufaka iodolo okanye ngokucebisa abahlobo, , i-analogue eyodwa yeeseva zomgangatho wokungena, eyenzelwe wena: (ifumaneka nge-RAID1 kunye ne-RAID10, ukuya kuthi ga kwi-24 cores kunye ne-40GB DDR4).
Dell R730xd 2x ngexabiso eliphantsi kwiziko ledatha le-Equinix Tier IV eAmsterdam? Kuphela apha eNetherlands! Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - ukusuka $99! Funda malunga
umthombo: www.habr.com