Iqale ngo-Agasti 10 e-Slurm , lapho siyihlaziya ngokuphelele - kusukela ekunqanyulweni okuyisisekelo kuya kumingcele yenethiwekhi.
Kulesi sihloko sizokhuluma ngomlando we-Docker kanye nezifinyezo zayo eziyinhloko: Image, Cli, Dockerfile. Inkulumo ihloselwe abasaqalayo, ngakho-ke cishe ngeke ibe nentshisekelo kubasebenzisi abanolwazi. Ngeke kube khona igazi, i-appendix noma ukucwiliswa okujulile. Izisekelo kakhulu.
Yini i-Docker
Ake sibheke incazelo ye-Docker evela ku-Wikipedia.
I-Docker isofthiwe yokwenza ngokuzenzakalelayo ukuthunyelwa nokuphathwa kwezinhlelo zokusebenza ezindaweni ezifakwe iziqukathi.
Akukho okucacile kule ncazelo. Akukacaci kahle ukuthi kusho ukuthini "ezindaweni ezisekela ukufakwa kwamabhokisi". Ukuze sithole impendulo, ake sibuyele emuva. Ake siqale ngenkathi engivame ukuyibiza ngokuthi βinkathi ye-Monolithic.β
Isikhathi se-Monolithic
Inkathi ye-monolithic ingasekuqaleni kwawo-2000, lapho zonke izinhlelo zokusebenza zaziyi-monolithic, zinenqwaba yokuncika. Intuthuko ithathe isikhathi eside. Ngaso leso sikhathi, abengekho amaseva amaningi; sonke sasiwazi ngamagama futhi siwaqaphe. Kukhona ukuqhathanisa okuhlekisayo:
Izilwane ezifuywayo ziyizilwane ezifuywayo. Enkathini ye-monolithic, sasiphatha amaseva ethu njengezilwane ezifuywayo, ezilungisiwe futhi ezaziswa, siqhumisa izintuli zothuli. Futhi ekuphathweni okungcono kwezinsiza, sasebenzisa i-virtualization: sathatha iseva futhi sayisika emishini eminingana ebonakalayo, ngaleyo ndlela siqinisekisa ukuhlukaniswa kwemvelo.
Amasistimu we-virtualization asuselwa ku-Hypervisor
Wonke umuntu cishe uzwile mayelana nezinhlelo ze-virtualization: VMware, VirtualBox, Hyper-V, Qemu KVM, njll. Bahlinzeka ngokuhlukaniswa kwezinhlelo zokusebenza nokuphathwa kwezinsiza, kodwa futhi banezinkinga. Ukuze wenze i-virtualization, udinga i-hypervisor. Futhi i-hypervisor iyisisetshenziswa esiphezulu. Futhi umshini obonakalayo ngokwawo uvamise ukuba yi-colossus yonke - isithombe esisindayo esiqukethe isistimu yokusebenza, i-Nginx, i-Apache, futhi mhlawumbe ne-MySQL. Isithombe sikhulu futhi umshini obonakalayo awuhambisani nokusebenza. Ngenxa yalokho, ukusebenza ngemishini ebonakalayo kungase kuhambe kancane. Ukuxazulula le nkinga, amasistimu e-virtualization adalwe ezingeni le-kernel.
Amasistimu we-virtualization wezinga le-Kernel
I-virtualization yezinga le-Kernel isekelwa i-OpenVZ, i-Systemd-nspawn, izinhlelo ze-LXC. Isibonelo esimangalisayo sokubonwa okunjalo yi-LXC (Iziqukathi zeLinux).
I-LXC iwuhlelo lokusebenza lwezinga lesistimu yokusebenza lokusebenzisa izimo eziningi ezingazodwa zesistimu yokusebenza ye-Linux endaweni eyodwa. I-LXC ayisebenzisi imishini ebonakalayo, kodwa yakha indawo ebonakalayo enendawo yayo yenqubo kanye nesitaki senethiwekhi.
Empeleni i-LXC idala iziqukathi. Uyini umehluko phakathi kwemishini ebonakalayo neziqukathi?
Isiqukathi asizilungele izinqubo zokuhlukanisa: ubungozi butholakala kumasistimu e-virtualization ezingeni le-kernel eliwavumela ukuba abaleke esiqukathini aye kumsingathi. Ngakho-ke, uma udinga ukuhlukanisa okuthile, kungcono ukusebenzisa umshini obonakalayo.
Umehluko phakathi kwe-virtualization kanye ne-containation ungabonakala kumdwebo.
Kukhona ama-hypervisors wehadiwe, ama-hypervisors ngaphezulu kwe-OS, neziqukathi.
Ama-hypervisors e-Hardware apholile uma ufuna ngempela ukuhlukanisa okuthile. Ngoba kungenzeka ukuhlukanisa ezingeni lamakhasi ememori namaphrosesa.
Kukhona ama-hypervisors njengohlelo, futhi kukhona iziqukathi, futhi sizokhuluma ngazo ngokuqhubekayo. Izinhlelo ze-Containerization azinayo i-hypervisor, kodwa kune-Container Engine eyakha futhi ilawule iziqukathi. Le nto ilula kakhulu, ngakho-ke ngenxa yokusebenza ngomongo kukhona okungaphezulu noma akukho nhlobo.
Yini esetshenziselwa ukufakwa kweziqukathi ezingeni le-kernel
Ubuchwepheshe obuyinhloko obukuvumela ukuthi udale isiqukathi esihlukanisiwe kwezinye izinqubo Izikhala Zamagama kanye Namaqembu Okulawula.
Izikhala zamagama: PID, Networking, Mount and User. Kuningi, kodwa ukuze kube lula ukuqonda sizogxila kulokhu.
Izinqubo zokukhawulela i-PID Namespace. Uma, ngokwesibonelo, sidala i-PID Namespace futhi sibeka inqubo lapho, iba nge-PID 1. Ngokuvamile kumasistimu i-PID 1 i-systemd noma i-init. Ngokunjalo, lapho sibeka inqubo endaweni entsha yegama, iphinde ithole i-PID 1.
I-Network Namespace ikuvumela ukuthi ukhawulele/uhlukanise inethiwekhi futhi ubeke okwakho ukuxhumana ngaphakathi. I-Mount iwumkhawulo wesistimu yefayela. Umsebenzisiβumkhawulo kubasebenzisi.
Amaqembu Okulawula: Imemori, i-CPU, i-IOPS, Inethiwekhi - cishe izilungiselelo eziyi-12 sezizonke. Ngaphandle kwalokho abuye abizwe ngokuthi Amaqembu (βC-groupsβ).
Amaqembu Okulawula aphatha izinsiza zesiqukathi. Ngama-Control Groups singasho ukuthi isiqukathi akufanele sidle ngaphezu kwenani elithile lezinsiza.
Ukuze ukufakwa kweziqukathi kusebenze ngokugcwele, kusetshenziswa ubuchwepheshe obengeziwe: Amakhono, Kopisha-ukubhala nokunye.
Amakhono yilapho sitshela inqubo ukuthi yini engakwazi ukuyenza nengakwazi ukuyenza. Ezingeni le-kernel, lawa ama-bitmaps anamapharamitha amaningi. Isibonelo, umsebenzisi wempande unamalungelo agcwele futhi angenza yonke into. Iseva yesikhathi ingashintsha isikhathi sohlelo: inamandla ku-Time Capsule, futhi yilokho. Usebenzisa amalungelo, ungakwazi ukuhlela kalula imikhawulo yezinqubo, futhi ngaleyo ndlela uzivikele.
Uhlelo lwe-Copy-on-write lusivumela ukuthi sisebenze nezithombe ze-Docker futhi sizisebenzise ngokuphumelelayo.
I-Docker njengamanje inezinkinga zokuhambisana nama-Cgroups v2, ngakho-ke lesi sihloko sigxile kakhulu ku-Cgroups v1.
Kodwa ake sibuyele emlandweni.
Lapho izinhlelo ze-virtualization zivela ezingeni le-kernel, zaqala ukusetshenziswa ngenkuthalo. I-overhead ku-hypervisor yanyamalala, kodwa ezinye izinkinga zasala:
- izithombe ezinkulu: bacindezela isistimu yokusebenza, imitapo yolwazi, inqwaba yesofthiwe ehlukene ku-OpenVZ efanayo, futhi ekugcineni isithombe sisabonakala sikhulu impela;
- Alikho izinga elijwayelekile lokupakishwa nokulethwa, ngakho inkinga yokuncika isekhona. Kunezimo lapho izingcezu ezimbili zekhodi zisebenzisa umtapo wolwazi ofanayo, kodwa ngezinguqulo ezihlukene. Kungase kube nokungqubuzana phakathi kwabo.
Ukuxazulula zonke lezi zinkinga, inkathi elandelayo isifikile.
Isikhathi sesitsha
Lapho iNkathi Yeziqukathi ifika, ifilosofi yokusebenza nabo yashintsha:
- Inqubo eyodwa - isitsha esisodwa.
- Siletha konke ukuncika inqubo edingekayo esitsheni sayo. Lokhu kudinga ukusika ama-monoliths abe ama-microservices.
- Isithombe esincane, singcono - kukhona ubuthakathaka obuncane obungenzeka, siphuma ngokushesha, njalonjalo.
- Izimo ziba yi-ephemeral.
Khumbula ukuthi ngathini mayelana nezilwane ezifuywayo vs izinkomo? Ngaphambili, izimo zazifana nezilwane ezifuywayo, kodwa manje sezifana nezinkomo. Ngaphambilini, kwakukhona i-monolith - isicelo esisodwa. Manje inama-microservices ayi-100, iziqukathi eziyi-100. Ezinye iziqukathi zingase zibe nezifaniso ezingu-2-3. Kubaluleka kancane ukuthi silawule zonke iziqukathi. Okubaluleke kakhulu kithina ukutholakala kwesevisi ngokwayo: ukuthi le sethi yeziqukathi yenzani. Lokhu kushintsha izindlela zokuqapha.
Ngo-2014-2015, i-Docker yachuma - ubuchwepheshe esizokhuluma ngabo manje.
I-Docker ishintshe ifilosofi kanye nokupakishwa kohlelo lokusebenza okujwayelekile. Sisebenzisa i-Docker, singapakisha uhlelo lokusebenza, siluthumele endaweni yokugcina, siyilande lapho, bese siyithumela.
Sifaka konke esikudingayo esitsheni se-Docker, ukuze inkinga yokuncika ixazululwe. I-Docker iqinisekisa ukukhiqizwa kabusha. Ngicabanga ukuthi abantu abaningi bahlangabezane nokungakhiqizeki kabusha: yonke into ikusebenzela, uyiphushela ekukhiqizeni, futhi lapho iyayeka ukusebenza. Nge-Docker le nkinga iyaphela. Uma isiqukathi sakho se-Docker siqala futhi senza lokho okudingeka sikwenze, khona-ke ngezinga eliphezulu lamathuba sizoqala ekukhiqizeni futhi senze okufanayo lapho.
Ukuhlehla mayelana nokuphezulu
Kuhlale kunezingxabano mayelana nama-overheads. Abanye abantu bakholelwa ukuthi i-Docker ayithwali umthwalo owengeziwe, ngoba isebenzisa i-Linux kernel kanye nazo zonke izinqubo zayo ezidingekayo ukuze kufakwe iziqukathi. Njengokuthi, "uma uthi i-Docker iphezulu, i-Linux kernel ingaphezulu."
Ngakolunye uhlangothi, uma ujula, kunezinto ezimbalwa ngempela ku-Docker, okuthi, ngokwelula, kushiwo ukuthi zingaphezulu.
Eyokuqala indawo yegama le-PID. Uma sibeka inqubo endaweni yegama, inikezwa i-PID 1. Ngesikhathi esifanayo, le nqubo inenye i-PID, etholakala endaweni yegama lomsingathi, ngaphandle kwesiqukathi. Isibonelo, sethule i-Nginx esitsheni, yaba yi-PID 1 (inqubo eyinhloko). Futhi kumsingathi une-PID 12623. Futhi kunzima ukusho ukuthi kungakanani okungaphezulu.
Into yesibili i-Cgroups. Ake sithathe ama-Cgroups ngenkumbulo, okungukuthi, ikhono lokukhawulela inkumbulo yesiqukathi. Uma ivuliwe, izinto zokubala kanye nokubalwa kwememori kuyasebenza: i-kernel idinga ukuqonda ukuthi mangaki amakhasi abelwe futhi mangaki asamahhala kulesi siqukathi. Lokhu kungenzeka ukuthi kuyi-overhead, kodwa angikaze ngibone noma yiziphi izifundo ezinembile zokuthi zikuthinta kanjani ukusebenza. Futhi mina angizange ngiqaphele ukuthi uhlelo lokusebenza olusebenza e-Docker luvele lwalahlekelwa kakhulu ekusebenzeni.
Futhi enye inothi mayelana nokusebenza. Amanye amapharamitha e-kernel adluliswa esuka kumsingathi aye esitsheni. Ikakhulukazi, amanye amapharamitha enethiwekhi. Ngakho-ke, uma ufuna ukusebenzisa okuthile okusebenzayo okuphezulu ku-Docker, isibonelo, into ezosebenzisa inethiwekhi ngenkuthalo, khona-ke udinga okungenani ukulungisa le mingcele. Abanye nf_contrack, isibonelo.
Mayelana nomqondo we-Docker
I-Docker iqukethe izingxenye eziningana:
- I-Docker Daemon iyiNjini yesiqukathi efanayo; wethula iziqukathi.
- I-Docker CII iyinsiza yokuphatha i-Docker.
- I-Dockerfile - imiyalo yokuthi ungakha kanjani isithombe.
- Image β isithombe lapho isitsha siphuma kuso.
- Isitsha.
- I-Docker registry iyindawo yokugcina izithombe.
Ngokohlelo kubukeka kanjena:
I-docker daemon isebenza ku-Docker_host futhi yethula iziqukathi. Kukhona iKlayenti elithumela imiyalo: yakha isithombe, landa isithombe, vula isitsha. I-docker daemon iya kurejista futhi ibenze. Iklayenti le-Docker lingakwazi ukufinyelela kukho kokubili endaweni yangakini (kusokhethi le-Unix) nange-TCP lisuka kumsingathi oqhelile.
Ake sidlule ingxenye ngayinye.
I-Docker daemon - lena yingxenye yeseva, isebenza emshinini wokusingathwa: ukulanda izithombe futhi iqalise iziqukathi ezivela kuzo, idala inethiwekhi phakathi kweziqukathi, iqoqa izingodo. Lapho sithi βdala isithombe,β idemoni liyakwenza lokho nalo.
I-Docker CLI - Ingxenye yeklayenti le-Docker, insiza yekhonsoli yokusebenza ne-daemon. Ngiyaphinda, ayikwazi ukusebenza endaweni yangakini kuphela, kodwa naphezu kwenethiwekhi.
Imiyalo eyisisekelo:
i-docker ps - bonisa iziqukathi ezisebenzayo njengamanje kumsingathi we-Docker.
izithombe ze-docker - bonisa izithombe ezilandiwe endaweni.
usesho lwe-docker <> - sesha isithombe kurejista.
i-docker pull <> - landa isithombe kusuka kurejista kuya emshinini.
ukwakha i-docker < > - qoqa isithombe.
i-docker run <> - vula isitsha.
i-docker rm <> - susa isitsha.
amalogi we-docker <> - izingodo zesitsha
i-docker iqala/yima/qala kabusha <> - ukusebenza nesiqukathi
Uma uyayazi le miyalo futhi uqiniseka ngokuyisebenzisa, zibone unolwazi ngo-70% ku-Docker ezingeni lomsebenzisi.
I-Dockerfile - imiyalelo yokudala isithombe. Cishe yonke imiyalo yeziqondiso iyisendlalelo esisha. Ake sibheke isibonelo.
Yilokhu i-Dockerfile ebukeka ngayo: imiyalo ngakwesobunxele, izimpikiswano kwesokudla. Umyalo ngamunye olapha (futhi ngokuvamile obhalwe ku-Dockerfile) udala isendlalelo esisha ku-Image.
Ngisho ubheka kwesokunxele, ungakwazi cishe ukuqonda ukuthi kwenzekani. Sithi: βsidalele ifoldaβ - lena isendlalelo esisodwa. "Yenza ifolda isebenze" ingenye isendlalelo, njalonjalo. Ikhekhe le-layer lenza impilo ibe lula. Uma ngakha enye i-Dockerfile futhi ngishintsha okuthile kulayini wokugcina - ngisebenzisa enye into ngaphandle kokuthi βpythonβ βmain.pyβ, noma ngifake okuncikile kwelinye ifayela - khona-ke izendlalelo zangaphambilini zizophinda zisetshenziswe njengenqolobane.
isithombe - lokhu ukupakishwa kwesitsha; iziqukathi zethulwa esithombeni. Uma sibheka i-Docker ngokombono womphathi wephakheji (njengokungathi sisebenza ngamaphakheji we-deb noma we-rpm), isithombe-ke empeleni siyiphakheji ye-rpm. Ngokufaka i-yum singafaka uhlelo lokusebenza, silususe, siluthole endaweni yokugcina, futhi siyilande. Kucishe kufane lapha: iziqukathi ziqaliswa kusuka esithombeni, zigcinwa kurejista ye-Docker (efana ne-yum, endaweni yokugcina), futhi isithombe ngasinye sine-SHA-256 hash, igama nomaka.
Isithombe sakhiwe ngokulandela imiyalelo evela ku-Dockerfile. Umyalelo ngamunye ovela ku-Dockerfile udala isendlalelo esisha. Izendlalelo zingasetshenziswa kabusha.
Irejista ye-Docker iyinqolobane yezithombe ze-Docker. Ngokufanayo ne-OS, i-Docker inokubhaliswa okujwayelekile okusesidlangalaleni - i-dockerhub. Kepha ungazakhela eyakho indawo yokugcina, eyakho i-Docker registry.
Isiqukathi - yini eyethulwa esithombeni. Sakhe isithombe ngokwemiyalelo evela ku-Dockerfile, bese siyasethula kulesi sithombe. Lesi sitsha sihlukanisiwe kwezinye iziqukathi futhi kufanele siqukathe yonke into edingekayo ukuze isicelo sisebenze. Kulokhu, isitsha esisodwa - inqubo eyodwa. Kuyenzeka ukuthi wenze izinqubo ezimbili, kepha lokhu kuphambene nombono we-Docker.
Imfuneko "yesitsha esisodwa, inqubo eyodwa" ihlobene ne-PID Namespace. Lapho inqubo ene-PID 1 iqala ku-Namespace, uma ifa ngokuzumayo, sonke isiqukathi siyafa. Uma izinqubo ezimbili zisebenza lapho: eyodwa iyaphila futhi enye ifile, khona-ke isiqukathi sisazoqhubeka siphila. Kodwa lo ngumbuzo we-Best Practices, sizokhuluma ngawo kwezinye izinto.
Ukuze ufunde kabanzi ngezici nohlelo olugcwele lwezifundo, sicela ulandele isixhumanisi: β".
Umbhali: U-Marcel Ibraev, umlawuli we-Kubernetes oqinisekisiwe, unjiniyela oqeqeshelwe e-Southbridge, isikhulumi kanye nomthuthukisi wezifundo ze-Slurm.
Source: www.habr.com