I-ProHoster > Cabanga ngokucophelela ngaphambi kokusebenzisa i-Docker-in-Docker ye-CI noma indawo yokuhlola

Cabanga ngokucophelela ngaphambi kokusebenzisa i-Docker-in-Docker ye-CI noma indawo yokuhlola

Cabanga ngokucophelela ngaphambi kokusebenzisa i-Docker-in-Docker ye-CI noma indawo yokuhlola

I-Docker-in-Docker iyindawo yedaemon ye-Docker eyenziwe ngokoqobo esebenza ngaphakathi kwesiqukathi ngokwaso ukuze kwakhiwe izithombe zesiqukathi. Inhloso enkulu yokudala i-Docker-in-Docker kwakuwukusiza ukuthuthukisa i-Docker ngokwayo. Abantu abaningi bayisebenzisela ukusebenzisa i-Jenkins CI. Lokhu kubonakala kujwayelekile ekuqaleni, kodwa bese kuvela izinkinga ezingagwenywa ngokufaka i-Docker esitsheni se-Jenkins CI. Lesi sihloko sikutshela ukuthi ungakwenza kanjani lokhu. Uma uthanda isixazululo sokugcina ngaphandle kwemininingwane, vele ufunde isigaba sokugcina sendatshana, "Ukuxazulula inkinga."

Cabanga ngokucophelela ngaphambi kokusebenzisa i-Docker-in-Docker ye-CI noma indawo yokuhlola

I-Docker-in-Docker: "Kuhle"

Eminyakeni engaphezu kwemibili edlule ngifake ku-Docker ifulege -nenhlanhla futhi wabhala inguqulo yokuqala ye-dind. Inhloso bekuwukusiza iqembu eliwumgogodla ukuthuthukisa i-Docker ngokushesha. Ngaphambi kwe-Docker-in-Docker, umjikelezo wokuthuthukiswa ojwayelekile wawubukeka kanje:

  • i-hackity hack;
  • ukwakha;
  • ukumisa i-daemon ye-Docker esebenzayo;
  • kwethula i-daemon entsha ye-Docker;
  • ukuhlola;
  • phinda umjikelezo.

Uma ufuna ukwenza umhlangano omuhle, okwazi ukukhiqiza kabusha (okungukuthi, esitsheni), bese kuba nzima kakhulu:

  • i-hackity hack;
  • qiniseka ukuthi inguqulo esebenzayo ye-Docker iyasebenza;
  • yakha i-Docker entsha nge-Docker endala;
  • misa i-Docker daemon;
  • qala i-daemon entsha ye-Docker;
  • ukuhlolwa;
  • misa i-daemon entsha ye-Docker;
  • phinda.

Ngokufika kwe-Docker-in-Docker, inqubo isiye yaba lula:

  • i-hackity hack;
  • ukuhlangana + kwethulwa esigabeni esisodwa;
  • phinda umjikelezo.

Akungcono kakhulu ngale ndlela?

Cabanga ngokucophelela ngaphambi kokusebenzisa i-Docker-in-Docker ye-CI noma indawo yokuhlola

I-Docker-in-Docker: "Kubi"

Nokho, ngokuphambene nenkolelo evamile, i-Docker-in-Docker ayizona izinkanyezi ezingu-100%, amaponi nama-unicorn. Engikushoyo ukuthi kunezinkinga ezimbalwa unjiniyela okudingeka aziqaphele.

Enye yazo iphathelene nama-LSM (amamojula okuphepha e-Linux) afana ne-AppArmor ne-SELinux: lapho usebenzisa isiqukathi, "i-Docker yangaphakathi" ingase izame ukusebenzisa amaphrofayili okuphepha azongqubuzana noma aphambanise "i-Docker yangaphandle". Lena inkinga enzima kakhulu ukuyixazulula uma uzama ukuhlanganisa ukuqaliswa kwasekuqaleni kwefulegi -ilungelo. Izinguquko zami zasebenza futhi zonke izivivinyo zizodlula emshinini wami we-Debian kanye ne-Ubuntu test VMs, kodwa zazizophahlazeka zishise emshinini kaMichael Crosby (wayene-Fedora njengoba ngikhumbula). Angikhumbuli imbangela yangempela yenkinga, kodwa kungenzeka ukuthi kwakungenxa yokuthi uMike ungumfana ohlakaniphile osebenza ne-SELINUX=enforce (ngasebenzisa i-AppArmor) futhi izinguquko zami azizange zicabangele amaphrofayela e-SELinux.

I-Docker-in-Docker: "Okubi"

Udaba lwesibili lunabashayeli be-Docker storage. Uma usebenzisa i-Docker-in-Docker, i-Docker yangaphandle isebenza phezu kwesistimu yefayela evamile (EXT4, BTRFS, nanoma yini onayo) futhi i-Docker yangaphakathi isebenza phezu kwesistimu yokukopisha-phezu kokubhala (AUFS, BTRFS, Device Mapper). , njll.). , kuya ngokuthi yini ehlelelwe ukusebenzisa i-Docker yangaphandle). Lokhu kudala inhlanganisela eminingi engeke isebenze. Isibonelo, ngeke ukwazi ukusebenzisa i-AUFS ngaphezulu kwe-AUFS.

Uma usebenzisa i-BTRFS phezu kwe-BTRFS, kufanele iqale isebenze, kodwa uma sekunamavolumu amancane afakwe esidlekeni, ukususa ivolomu engezansi yomzali kuzohluleka. Imojuli ye-Device Mapper ayinaso isikhala samagama, ngakho-ke uma izimo eziningi ze-Docker ziyisebenzisa emshinini ofanayo, bonke bazokwazi ukubona (futhi babe nomthelela) izithombe komunye nomunye nakumadivayisi asekelayo esiqukathi. Kubi lokhu.

Kukhona ama-workarounds ukuxazulula eziningi zalezi zinkinga. Isibonelo, uma ufuna ukusebenzisa i-AUFS ku-Docker yangaphakathi, vele uguqule ifolda /var/lib/docker ibe yivolumu futhi uzolunga. I-Docker yengeze izikhala zamagama eziyisisekelo emagameni aqondiswe ku-Device Mapper ukuze uma izingcingo eziningi ze-Docker zisebenza emshinini ofanayo, zinganyathelani.

Nokho, ukusetha okunjalo akulula neze, njengoba kungabonakala kulezi izihloko endaweni yokugcina ye-dind ku-GitHub.

I-Docker-in-Docker: Kuba kubi kakhulu

Kuthiwani ngenqolobane yokwakha? Lokhu kungase futhi kube nzima impela. Abantu bavame ukungibuza ukuthi “uma ngisebenzisa i-Docker-in-Docker, ngingazisebenzisa kanjani izithombe ezisingathwe kumsingathi wami esikhundleni sokudonsela yonke into ku-Docker yami yangaphakathi”?

Abanye abantu abahlakaniphile bazamile ukuhlanganisa /var/lib/docker kusuka kumsingathi kuya esitsheni se-Docker-in-Docker. Kwesinye isikhathi babelana /var/lib/docker ngeziqukathi eziningi.

Cabanga ngokucophelela ngaphambi kokusebenzisa i-Docker-in-Docker ye-CI noma indawo yokuhlola
Ingabe ufuna ukonakalisa idatha yakho? Ngoba yilokhu kanye okuzolimaza idatha yakho!

I-Docker daemon yayiklanywe ngokusobala ukuthi ibe nokufinyelela okukhethekile ku-/var/lib/docker. Ayikho enye into okufanele "ithinte, igxaze, noma ikhiqize" noma imaphi amafayela e-Docker atholakala kule folda.

Kungani lokhu kunjalo? Ngoba lokhu kuwumphumela wesinye sezifundo ezinzima kakhulu ezifundwe ngenkathi kuthuthukiswa i-dotCloud. Injini yesiqukathi se-dotCloud isebenze ngokuba nezinqubo eziningi ezifinyelela ku-/var/lib/dotcloud kanyekanye. Amaqhinga ahlakaniphile afana nokushintshwa kwefayela le-athomu (esikhundleni sokuhlela endaweni), ikhodi ye-peppering enezikhiye zokweluleka kanye nezikhiye eziyisibopho, nokunye ukuhlola okunezinhlelo ezivikelekile njenge-SQLite ne-BDB akuzange kusebenze njalo. Ngenkathi siklama kabusha injini yethu yeziqukathi, eyagcina isiphenduke i-Docker, esinye sezinqumo ezinkulu zokuklama kwaba ukuhlanganisa yonke imisebenzi yamakhonteyina ngaphansi kwe-daemon eyodwa ukuze kuqedwe wonke umbhedo wokusebenzisana.

Ungangizwa kabi: kungenzeka ngokuphelele ukwenza into enhle, ethembekile futhi esheshayo ebandakanya izinqubo eziningi kanye nokulawula okufanayo kwesimanje. Kodwa sicabanga ukuthi kulula futhi kulula ukubhala nokugcina ikhodi usebenzisa i-Docker njengokuphela komdlali.

Lokhu kusho ukuthi uma wabelana ngemibhalo /var/lib/docker phakathi kwezimo eziningi ze-Docker, uzoba nezinkinga. Yiqiniso, lokhu kungasebenza, ikakhulukazi ezigabeni zokuqala zokuhlolwa. “Lalela, Ma, ngingasebenzisa ubuntu njengedokhi!” Kodwa zama okuthile okuyinkimbinkimbi, njengokudonsa isithombe esifanayo ezimweni ezimbili ezihlukene, futhi uzobona umhlaba uvutha.

Lokhu kusho ukuthi uma uhlelo lwakho lwe-CI lwenza ukwakha futhi lwakha kabusha, ngaso sonke isikhathi uma uqala kabusha isitsha sakho se-Docker-in-Docker, usengozini yokuphonsa i-nuke kunqolobane yayo. Lokhu akupholile neze!

Ukuxazulula izinkinga

Ake sibuyele emuva. Ingabe udinga ngempela i-Docker-in-Docker noma ufuna nje ukwazi ukusebenzisa i-Docker futhi wakhe futhi usebenzise iziqukathi nezithombe kusuka ohlelweni lwakho lwe-CI kuyilapho lolo hlelo lwe-CI ngokwalo lukusitsha?

Ngibheja abantu abaningi bafuna inketho yokugcina, okusho ukuthi bafuna uhlelo lwe-CI olufana noJenkins ukuthi lukwazi ukusebenzisa iziqukathi. Futhi indlela elula yokwenza lokhu ukufaka isokhethi le-Docker esitsheni sakho se-CI bese usihlobanisa nefulegi -v.

Kalula nje, lapho uqala isitsha sakho se-CI (iJenkins noma enye), esikhundleni sokugebenga okuthile kanye ne-Docker-in-Docker, siqale ngomugqa:

docker run -v /var/run/docker.sock:/var/run/docker.sock ...

Lesi sitsha manje sesizokwazi ukufinyelela kusokhethi le-Docker ngakho-ke sizokwazi ukusebenzisa iziqukathi. Ngaphandle kokuthi esikhundleni sokusebenzisa iziqukathi “zengane”, izokwethula iziqukathi “zezelamani”.

Zama lokhu usebenzisa isithombe sedokhu esisemthethweni (esiqukethe kanambambili ye-Docker):

docker run -v /var/run/docker.sock:/var/run/docker.sock 
           -ti docker

Ibukeka futhi isebenza njenge-Docker-in-Docker, kodwa akuyona i-Docker-in-Docker: uma lesi siqukathi sidala iziqukathi ezengeziwe, zizokwakhiwa ku-Docker yezinga eliphezulu. Ngeke ube nemiphumela engemihle yokuzalela futhi inqolobane yomhlangano izokwabiwa kuzo zonke izingcingo eziningi.

Qaphela: Izinguqulo zangaphambilini zalesi sihloko ziye zeluleka ukuxhumanisa kanambambili ye-Docker kusuka kumsingathi kuya esitsheni. Lokhu manje akusathembekile njengoba injini ye-Docker ingasafaki imitapo yolwazi emile noma eseduze ne-static.

Ngakho-ke, uma ufuna ukusebenzisa i-Docker evela ku-Jenkins CI, unezinketho ezi-2:
ukufaka i-Docker CLI usebenzisa isistimu yokupakisha yesithombe eyisisekelo (okungukuthi, uma isithombe sakho sisekelwe ku-Debian, sebenzisa amaphakheji we-.deb), usebenzisa i-Docker API.

Ezinye izikhangiso 🙂

Siyabonga ngokuhlala nathi. Uyazithanda izindatshana zethu? Ufuna ukubona okuqukethwe okuthakaselayo okwengeziwe? Sisekele ngokufaka i-oda noma ngokuncoma kubangani, I-VPS yefu yonjiniyela kusuka ku-$4.99, i-analogue ehlukile yamaseva ezinga lokungena, esungulwe yithi ngenxa yakho: Lonke iqiniso nge-VPS (KVM) E5-2697 v3 (6 Cores) 10GB DDR4 480GB SSD 1Gbps kusuka ku-$19 noma ukwabelana ngeseva? (itholakala nge-RAID1 kanye ne-RAID10, kufika kuma-cores angu-24 kuze kufike ku-40GB DDR4).

I-Dell R730xd 2x ishibhile esikhungweni sedatha se-Equinix Tier IV e-Amsterdam? Lapha kuphela 2 x Intel TetraDeca-Core Xeon 2x E5-2697v3 2.6GHz 14C 64GB DDR4 4x960GB SSD 1Gbps 100 TV kusukela ku-$199 eNetherlands! I-Dell R420 - 2x E5-2430 2.2Ghz 6C 128GB DDR3 2x960GB SSD 1Gbps 100TB - isuka ku-$99! Funda mayelana Indlela yokwakha ingqalasizinda corp. ikilasi ngokusetshenziswa kwe-Dell R730xd E5-2650 v4 amaseva abiza u-9000 euros ngepeni?

Source: www.habr.com

Engeza amazwana