Intel inguqulo entsha ye-hypervisor . I-hypervisor yakhelwe nxazonke zezingxenye
iphrojekthi ehlanganyelwe , lapho, ngaphezu kwe-Intel, i-Alibaba, i-Amazon, i-Google ne-Red Hat nayo ibambe iqhaza. I-Rust-VMM ibhalwe ngolimi lwe-Rust futhi ikuvumela ukuthi udale ama-hypervisors aqondene nomsebenzi. I-Cloud Hypervisor ingesinye se-hypervisor esihlinzeka ngemonitha yomshini wezinga eliphezulu (i-VMM) egijima phezu kwe-KVM futhi elungiselelwe imisebenzi yamafu. Ikhodi Yephrojekthi ilayisensi ngaphansi kwe-Apache 2.0.
I-Cloud Hypervisor igxile ekusebenziseni ukusabalalisa kwe-Linux yesimanje kusetshenziswa izinto zikagesi ezisuselwa ku-virtio-based paravirtualized. Phakathi kwemisebenzi ebalulekile eshiwo yilena: ukusabela okuphezulu, ukusetshenziswa kwememori okuphansi, ukusebenza okuphezulu, ukumisa okwenziwe lula kanye nokunciphisa ama-vectors okuhlasela okungenzeka.
Ukwesekwa kokulingisa kugcinwa kukuncane futhi kugcizelelwa ekwenzeni i-paravirtualization. Okwamanje kuphela amasistimu we-x86_64 asekelwayo, kodwa usekelo lwe-AArch64 lusendleleni. Kumasistimu ezivakashi, kusekelwa kuphela ukwakhiwa kwe-Linux engamabhithi angu-64 okwamanje. Izilungiselelo ze-CPU, inkumbulo, i-PCI kanye ne-NVDIMM zenziwa esigabeni sokwakha. Kungenzeka ukuthutha imishini ebonakalayo phakathi kwamaseva.
Enguqulweni entsha:
- Umsebenzi waqhubeka wokuhambisa i-Paravirtualized I/O ukuze ihlukanise izinqubo. Kwengezwe amandla okusebenzisa ama-backends ukuze uhlanganyele namadivayisi wokuvimba . Ushintsho lukuvumela ukuthi uxhume amadivayisi wokuvimba ngokusekelwe kumojula ye-vhost-user ku-Cloud Hypervisor, njenge , njengezindawo ezingemuva zokugcinwa kwe-paravirtualized;
- Kwethulwe ekukhishweni kokugcina, usekelo lokuhambisa imisebenzi yenethiwekhi kuma-backend , inwetshwe nge-backend entsha ngokusekelwe kumshayeli wenethiwekhi ebonakalayo . I-backend ibhalwe ku-Rust futhi manje isetshenziswa ku-Cloud Hypervisor njengesakhiwo esiyinhloko senethiwekhi ye-paravirtualized;
- Ukuze kukhuliswe ukusebenza kahle nokuvikeleka kokuxhumana phakathi kwendawo yokusingatha kanye nesistimu yesivakashi, kuhlongozwa ukuqaliswa okuyingxube kwamasokhethi anekheli le-AF_VSOCK (amasokhethi enethiwekhi abonakalayo) asebenza nge-virtio. Ukuqaliswa kusekelwe ekuthuthukisweni kwephrojekthi ithuthukiswe yi-Amazon. I-VSOCK ikuvumela ukuthi usebenzise i-POSIX Sockets API ejwayelekile yokusebenzelana phakathi kwezinhlelo zokusebenza ezisohlangothini lwesistimu yezivakashi kanye nomsingathi, okwenza kube lula ukulungisa izinhlelo ezijwayelekile zenethiwekhi zokusebenzelana okunjalo futhi usebenzise ukusebenzisana kwezinhlelo zamaklayenti amaningana ngohlelo lokusebenza olulodwa lweseva;
- Usekelo lokuqala lwe-API yokuphatha esebenzisa iphrothokholi ye-HTTP lunikeziwe. Ngokuzayo, le API izovumela ukuqalisa ukusebenza okuvumelanayo kumasistimu ezivakashi, njengezinsiza zokuxhuma ezishisayo nezindawo ezifudukayo;
- Kwengezwe isendlalelo sokusebenzisa ezokuthutha esisekelwe ku-virtio MMIO (Memory mapped virtio), engasetshenziswa ukudala amasistimu ezivakashi amancane angadingi ukulingisa ibhasi le-PCI;
- Njengengxenye yesinyathelo sokwandisa usekelo lokuqalisa amasistimu wezihambeli ezifakwe esidlekeni ku-Cloud Hypervisor, amandla okudlulisela phambili amadivayisi e-IOMMU e-paravirtualized ngokusebenzisa i-virtio lengeziwe, okukuvumela ukuthi ukhuphule ukuvikeleka kokudlulisela phambili idivayisi evalelwe futhi eqondile.
- Ihlinzekwe ngosekelo lwe-Ubuntu 19.10;
- Kwengezwe amandla okusebenzisa amasistimu wezihambeli ezingaphezu kuka-64 GB we-RAM.
Ukwengeza, kungaphawulwa eduze umshini wokuqapha obonakalayo , futhi ibhalwe nge-Rust, esekelwe ku-Rust-VMM futhi isebenza phezu kwe-KVM. I-Firecracker iyimfoloko yephrojekthi esetshenziswa i-Google ukuqalisa izinhlelo zokusebenza и ku-ChromeOS. I-Firecracker ithuthukiswa yi-Amazon Web Services ukuze ithuthukise ukusebenza nokusebenza kahle kwe-AWS Lambda kanye ne-AWS Fargate platform.
Inkundla iklanyelwe ukusebenzisa imishini ebonakalayo ene-overhead encane futhi ihlinzeka ngamathuluzi okudala nokuphatha izindawo ezingazodwa kanye nezinsizakalo ezakhiwe kusetshenziswa imodeli yokuthuthukiswa engenasiphakeli (umsebenzi njengesevisi). I-Firecracker inikeza imishini ebonakalayo engasindi, ebizwa ngama-microVM, esebenzisa ubuchwepheshe be-Hardware be-virtualization ukuze ibahlukanise ngokuphelele, nokho inikeze ukusebenza nokuguquguquka kweziqukathi ezivamile. Isibonelo, uma usebenzisa i-Firecracker, isikhathi kusukela ekuqaleni kwe-microVM kuya ekuqaleni kwesicelo aseqi ku-125ms, okukuvumela ukuthi uqalise imishini emisha ebonakalayo enamandla afinyelela kwezingu-150 ngomzuzwana.
Ukukhishwa okusha kwe-Firecracker kungeze imodi yokusebenza ngaphandle kokusebenzisa isibambi se-API ("--no-api"), esikhawulela indawo ezungezile kuzilungiselelo ezinekhodi eqinile kuphela kufayela lokumisa. Ukucushwa okumile kucaciswa ngenketho ethi "--config-file" futhi kuchazwa ngefomethi ye-JSON. Ezinkethweni zomugqa womyalo, ukusekelwa kwe-delimiter ethi "-" kuye kwanezelwa, ngemva kwalokho amafulegi adluliswa eceleni kweketango ngaphandle kokucubungula.
I-Firecracker kanjiniyela i-Amazon nayo ngoxhaso lwabathuthukisi bolimi lokuhlela lweRust. Kuyaphawuleka ukuthi i-Rust isetshenziswa kakhulu kumaphrojekthi wenkampani futhi intuthuko kuyo isivele isetshenziswe ezinsizeni ezifana ne-Lambda, EC2 kanye ne-S3. I-Amazon inikeze iphrojekthi ye-Rust nengqalasizinda yokugcina ukukhishwa nokwakhiwa ku-S3, iqhube izivivinyo zokuhlehla ku-EC2, futhi igcine isayithi le-docs.rs elinemibhalo yawo wonke amaphakheji asuka endaweni yokugcina i-crates.io.
I-Amazon futhi uhlelo , lapho amaphrojekthi avuliwe angathola ukufinyelela kwamahhala kumasevisi e-AWS angasetshenziselwa ukugcinwa kwensiza, ukwakha, ukuhlanganiswa okuqhubekayo, nokuhlola. Kumaphrojekthi asevele avunyelwe ukubamba iqhaza ohlelweni, ngaphezu kweRust, AdoptOpenJDK, Maven Central, Kubernetes, Prometheus, Envoy kanye noJulia kuyaphawulwa. Izicelo zamukelwa kunoma imaphi amaphrojekthi omthombo ovulekile ahlinzekwa ngaphansi kwamalayisensi agunyazwe i-OSI.
Source: opennet.ru