Intel
iphrojekthi ehlanganyelwe
I-Cloud Hypervisor igxile ekusebenziseni ukusabalalisa kwe-Linux yesimanje kusetshenziswa izinto zikagesi ezisuselwa ku-virtio-based paravirtualized. Phakathi kwemisebenzi ebalulekile eshiwo yilena: ukusabela okuphezulu, ukusetshenziswa kwememori okuphansi, ukusebenza okuphezulu, ukumisa okwenziwe lula kanye nokunciphisa ama-vectors okuhlasela okungenzeka.
Ukwesekwa kokulingisa kugcinwa kukuncane futhi kugcizelelwa ekwenzeni i-paravirtualization. Okwamanje kuphela amasistimu we-x86_64 asekelwayo, kodwa usekelo lwe-AArch64 lusendleleni. Kumasistimu ezivakashi, kusekelwa kuphela ukwakhiwa kwe-Linux engamabhithi angu-64 okwamanje. Izilungiselelo ze-CPU, inkumbulo, i-PCI kanye ne-NVDIMM zenziwa esigabeni sokwakha. Kungenzeka ukuthutha imishini ebonakalayo phakathi kwamaseva.
Enguqulweni entsha:
- Umsebenzi waqhubeka wokuhambisa i-Paravirtualized I/O ukuze ihlukanise izinqubo. Kwengezwe amandla okusebenzisa ama-backends ukuze uhlanganyele namadivayisi wokuvimba
vhost-umsebenzisi-blk . Ushintsho lukuvumela ukuthi uxhume amadivayisi wokuvimba ngokusekelwe kumojula ye-vhost-user ku-Cloud Hypervisor, njengeI-SPDK , njengezindawo ezingemuva zokugcinwa kwe-paravirtualized; - Kwethulwe ekukhishweni kokugcina, usekelo lokuhambisa imisebenzi yenethiwekhi kuma-backend
vhost-umsebenzisi-net , inwetshwe nge-backend entsha ngokusekelwe kumshayeli wenethiwekhi ebonakalayoTAP . I-backend ibhalwe ku-Rust futhi manje isetshenziswa ku-Cloud Hypervisor njengesakhiwo esiyinhloko senethiwekhi ye-paravirtualized; - Ukuze kukhuliswe ukusebenza kahle nokuvikeleka kokuxhumana phakathi kwendawo yokusingatha kanye nesistimu yesivakashi, kuhlongozwa ukuqaliswa okuyingxube kwamasokhethi anekheli le-AF_VSOCK (amasokhethi enethiwekhi abonakalayo) asebenza nge-virtio. Ukuqaliswa kusekelwe ekuthuthukisweni kwephrojekthi
I-Firecracker ithuthukiswe yi-Amazon. I-VSOCK ikuvumela ukuthi usebenzise i-POSIX Sockets API ejwayelekile yokusebenzelana phakathi kwezinhlelo zokusebenza ezisohlangothini lwesistimu yezivakashi kanye nomsingathi, okwenza kube lula ukulungisa izinhlelo ezijwayelekile zenethiwekhi zokusebenzelana okunjalo futhi usebenzise ukusebenzisana kwezinhlelo zamaklayenti amaningana ngohlelo lokusebenza olulodwa lweseva; - Usekelo lokuqala lwe-API yokuphatha esebenzisa iphrothokholi ye-HTTP lunikeziwe. Ngokuzayo, le API izovumela ukuqalisa ukusebenza okuvumelanayo kumasistimu ezivakashi, njengezinsiza zokuxhuma ezishisayo nezindawo ezifudukayo;
- Kwengezwe isendlalelo sokusebenzisa ezokuthutha esisekelwe ku-virtio MMIO (Memory mapped virtio), engasetshenziswa ukudala amasistimu ezivakashi amancane angadingi ukulingisa ibhasi le-PCI;
- Njengengxenye yesinyathelo sokwandisa usekelo lokuqalisa amasistimu wezihambeli ezifakwe esidlekeni ku-Cloud Hypervisor, amandla okudlulisela phambili amadivayisi e-IOMMU e-paravirtualized ngokusebenzisa i-virtio lengeziwe, okukuvumela ukuthi ukhuphule ukuvikeleka kokudlulisela phambili idivayisi evalelwe futhi eqondile.
- Ihlinzekwe ngosekelo lwe-Ubuntu 19.10;
- Kwengezwe amandla okusebenzisa amasistimu wezihambeli ezingaphezu kuka-64 GB we-RAM.
Ukwengeza, kungaphawulwa
Inkundla iklanyelwe ukusebenzisa imishini ebonakalayo ene-overhead encane futhi ihlinzeka ngamathuluzi okudala nokuphatha izindawo ezingazodwa kanye nezinsizakalo ezakhiwe kusetshenziswa imodeli yokuthuthukiswa engenasiphakeli (umsebenzi njengesevisi). I-Firecracker inikeza imishini ebonakalayo engasindi, ebizwa ngama-microVM, esebenzisa ubuchwepheshe be-Hardware be-virtualization ukuze ibahlukanise ngokuphelele, nokho inikeze ukusebenza nokuguquguquka kweziqukathi ezivamile. Isibonelo, uma usebenzisa i-Firecracker, isikhathi kusukela ekuqaleni kwe-microVM kuya ekuqaleni kwesicelo aseqi ku-125ms, okukuvumela ukuthi uqalise imishini emisha ebonakalayo enamandla afinyelela kwezingu-150 ngomzuzwana.
Ukukhishwa okusha kwe-Firecracker kungeze imodi yokusebenza ngaphandle kokusebenzisa isibambi se-API ("--no-api"), esikhawulela indawo ezungezile kuzilungiselelo ezinekhodi eqinile kuphela kufayela lokumisa. Ukucushwa okumile kucaciswa ngenketho ethi "--config-file" futhi kuchazwa ngefomethi ye-JSON. Ezinkethweni zomugqa womyalo, ukusekelwa kwe-delimiter ethi "-" kuye kwanezelwa, ngemva kwalokho amafulegi adluliswa eceleni kweketango ngaphandle kokucubungula.
I-Firecracker kanjiniyela i-Amazon nayo
I-Amazon futhi
Source: opennet.ru