阿里巴巴正式開(kāi)源其自研容器技術(shù)Pouch
日前漱竖,在2017中國(guó)開(kāi)源年會(huì)上,阿里巴巴自研容器技術(shù) Pouch 宣布開(kāi)源。在雙十一買(mǎi)買(mǎi)買(mǎi)的狂潮之后媚媒,阿里選擇第一時(shí)間將 Pouch 技術(shù)開(kāi)源篓像,無(wú)疑动知,這又一次吸引無(wú)數(shù)開(kāi)發(fā)者的目光。而擔(dān)任阿里 Pouch 技術(shù)的開(kāi)源負(fù)責(zé)人员辩,《Docker源碼分析》的作者孫宏亮大神前幾個(gè)月從Daocloud跳到了阿里盒粮,為阿里將自研容器技術(shù) Pouch 開(kāi)源提供了契機(jī)。
Pouch前世今身
提到Pouch,不得不提到阿里的T4,T4 是阿里在2011年的時(shí)候基于 Linux Container(LXC) 開(kāi)發(fā)的容器技術(shù)基礎(chǔ)設(shè)施奠滑。相比 Docker 的模式和理念丹皱,T4 其實(shí)更適合阿里內(nèi)部的運(yùn)維現(xiàn)狀。T4 是從阿里內(nèi)部的資源管理和日常運(yùn)維中土生土長(zhǎng)出來(lái)的產(chǎn)品宋税,在誕生的第一天就針對(duì)內(nèi)部基礎(chǔ)設(shè)施摊崭、運(yùn)維工具甚至是運(yùn)維習(xí)慣做了很多特別的設(shè)計(jì)。因此杰赛,在阿里內(nèi)部進(jìn)行容器管理時(shí)爽室,融合 T4 的 Pouch 技術(shù)比起 Docker 來(lái)說(shuō)會(huì)稍勝一籌。
在去年2016年的雙11狂歡節(jié)晚會(huì)上,每秒交易量幾十萬(wàn)峰值就是通過(guò)這個(gè)產(chǎn)物進(jìn)行實(shí)現(xiàn)的(詳細(xì)可以看看阿里的《雙11背后的故事》有一章節(jié)專(zhuān)門(mén)講到了T4)將很多核心的業(yè)務(wù)都放在了T4容器里面運(yùn)行阔墩。Pouch 的前身就是T4嘿架,它的實(shí)現(xiàn)是剔除了T4核心業(yè)務(wù)的開(kāi)元版本。阿里內(nèi)部之所以可以做到業(yè)務(wù)100%容器化啸箫,主要是借助阿里巴巴集團(tuán)系統(tǒng)軟件部對(duì)業(yè)務(wù)系統(tǒng)的了解耸彪,與容器技術(shù) Pouch 的不斷優(yōu)化。
這句話轉(zhuǎn)載自知乎周毅
Pouch是對(duì)Docker和T4都做了一些修改整合后忘苛,將兩者融合為了一個(gè)產(chǎn)品蝉娜,相當(dāng)于既讓T4具備了Docker的鏡像能力,又讓Docker具備了T4對(duì)內(nèi)部運(yùn)維體系的友好性扎唾,并且能夠運(yùn)行在內(nèi)部早期的AliOS5u和2.6內(nèi)核上召川。這個(gè)產(chǎn)品在內(nèi)部稱為AliDocker,在去年8月份推出了第一個(gè)雛形版本胸遇。
Pouch 在2017年雙11的接近一年時(shí)間內(nèi)荧呐,投入了巨大精力提升 Pouch 的穩(wěn)定性,同時(shí)對(duì)穩(wěn)定性的指標(biāo)要求也是不斷在提高纸镊。直到今年雙11倍阐,1682億交易額背后擁有百萬(wàn)級(jí)容器規(guī)模的支撐集群,也極大的驗(yàn)證了穩(wěn)定性的戰(zhàn)役取得了不小的成績(jī)逗威。
Pouch與T4的三生三世
可以看看 阿里中間件團(tuán)隊(duì)博客
集團(tuán)AliDocker化雙11總結(jié)
可以看看孫洪亮本人對(duì)Pouch的理解
更有興趣的大佬
可以看看簡(jiǎn)書(shū)中“云棲大會(huì)”發(fā)布的文章:阿里巴巴正式開(kāi)源其自研容器技術(shù)Pouch
Pouch 的代碼也已經(jīng)在 GitHub 公開(kāi),大家可以點(diǎn)擊
https://github.com/alibaba/pouch
查看詳情凯旭。
談?wù)剛€(gè)人的理解把
Pouch是阿里T4容器的開(kāi)源實(shí)現(xiàn)概耻,很多核心的業(yè)務(wù)層已經(jīng)剔除掉了,相當(dāng)于基于LXC技術(shù)重新實(shí)現(xiàn)了容器引擎罐呼。好比國(guó)人自主研發(fā)了一款類(lèi)似于Docker的原生產(chǎn)品鞠柄。具體Pouch能走多遠(yuǎn)我們不知道,但是我更希望也能創(chuàng)造出一個(gè)Pouch生態(tài)圈弄贿,擁抱云原生.
個(gè)人理解春锋,不喜勿噴,多多贖罪.(>-<)
Installation
先說(shuō)一下Pouch的安裝部署把差凹,Pouch 的安裝還真是讓我折騰了許久期奔,fork&clone下來(lái)后,發(fā)現(xiàn)其官方文檔還是挺缺失的危尿,畢竟也是新產(chǎn)品呐萌,還是原諒下啦~
接下來(lái)進(jìn)入正題:
https://github.com/alibaba/pouch/blob/master/INSTALLATION.md
Ubuntu&&Centos系都支持,這里筆者采用Centos7.2最小化安裝系統(tǒng)來(lái)進(jìn)行部署(其實(shí)就是ecs >-<)
Pre
首先谊娇,你的host需要滿足
* Linux Kernel 3.10+
* Go 1.9.0+
* containerd: 1.0.0-beta.3
* runc: 1.0.0-rc4
* runv: 1.0.0 (option)
Prerequisites Installation預(yù)安裝
安裝必要的軟件包
yum update -y
yum install automake autoconf git pkg-config make gcc golang qemu aclocal libseccomp-devel -y
In order to enable seccomp support you will need to install libseccomp on your platform.
e.g. libseccomp-devel for CentOS, or libseccomp-dev for Ubuntu
Go環(huán)境1.9.x+
$ wget https://redirector.gvt1.com/edgedl/go/go1.9.2.linux-amd64.tar.gz
$ tar -C /usr/local -xzf go1.9.2.linux-amd64.tar.gz
$ vim /etc/profile
#Add GOROOT Lines
export GOROOT=/usr/local/go
export PATH=$PATH:$GOROOT/bin
#Add GOPATH Lines
export GOPATH=/root/go
export PATH=$PATH:$GOPATH/bin
$ source /etc/profile
$ go version
- containerd: an industry-standard container runtime;
- runc: a CLI tool for spawning and running containers according to the OCI specification;
- runv: a hypervisor-based runtime for OCI.
安裝containerd
# install containerd
$ wget https://github.com/containerd/containerd/releases/download/v1.0.0-beta.3/containerd-1.0.0-beta.3.linux-amd64.tar.gz
$ tar -xzvf containerd-1.0.0-beta.3.linux-amd64.tar.gz -C /usr/local
$
安裝runc
# 官方模式肺孤,由于眾所周知的原因未安裝成功
$ wget https://github.com/opencontainers/runc/releases/download/v1.0.0-rc4/runc.amd64 -P /usr/local/bin
$ chmod +x /usr/local/bin/runc.amd64
$ mv /usr/local/bin/runc.amd64 /usr/local/bin/runc
# 我的做法!我的做法!我的做法!
mkdir -p $GOPATH/src/github.com/opencontainers/
cd $GOPATH/src/github.com/opencontainers/
git clone https://github.com/opencontainers/runc
cd runc/
make
make install
runc
安裝runV
mkdir -p $GOPATH/src/github.com/hyperhq
cd $GOPATH/src/github.com/hyperhq
git clone https://github.com/hyperhq/runv/
cd runv/
./autogen.sh
./configure --without-xen
make
make install
在運(yùn)行runV之前,你需要安裝一些依賴
#Install qemu
yum install -y qemu qemu-kvm
#Install hyperstart
cd $GOPATH/src/github.com
git clone https://github.com/hyperhq/hyperstart.git
cd hyperstart/
./autogen.sh
./configure
make
mkdir /var/lib/hyper
cp build/hyper-initrd.img /var/lib/hyper/
cp build/kernel_patch/0001-HACK-9P-always-use-cached-inode-to-fill-in-v9fs_vfs_.patch /var/lib/hyper/
安裝Pouch
mkdir -p $GOPATH/src/github.com/alibaba/
cd $GOPATH/src/github.com/alibaba/
git clone https://github.com/alibaba/pouch.git
cd pouch/
make install
重要的事情說(shuō)三遍!重要的事情說(shuō)三遍赠堵!重要的事情說(shuō)三遍小渊!記得運(yùn)行Pouchd
pouchd
然后你就可以享受pouch帶來(lái)的基本命令了
[root@VM_58_62_centos github.com]# pouch
An efficient container engine
Usage:
pouch [command]
Available Commands:
create Create a new container with specified image
exec Exec a process in a running container
help Help about any command
images List all images
ps List all containers
pull Pull an image from registry
start Start a created or stopped container
stop Stop a running container
version Print versions about Pouch CLI and Pouchd
volume Manage pouch volumes
Flags:
-h, --help help for pouch
-H, --host string Specify connecting address of Pouch CLI (default "unix:///var/run/pouchd.sock")
--tlscacert string Specify CA file of TLS
--tlscert string Specify cert file of TLS
--tlskey string Specify key file of TLS
--tlsverify Use TLS and verify remote
Use "pouch [command] --help" for more information about a command.
[root@VM_58_62_centos github.com]# cd
[root@VM_58_62_centos ~]# pouch
An efficient container engine
Usage:
pouch [command]
Available Commands:
create Create a new container with specified image
exec Exec a process in a running container
help Help about any command
images List all images
ps List all containers
pull Pull an image from registry
start Start a created or stopped container
stop Stop a running container
version Print versions about Pouch CLI and Pouchd
volume Manage pouch volumes
Flags:
-h, --help help for pouch
-H, --host string Specify connecting address of Pouch CLI (default "unix:///var/run/pouchd.sock")
--tlscacert string Specify CA file of TLS
--tlscert string Specify cert file of TLS
--tlskey string Specify key file of TLS
--tlsverify Use TLS and verify remote
Use "pouch [command] --help" for more information about a command.
[root@VM_58_62_centos ~]#
注意一下
現(xiàn)在pouch暫時(shí)只是支持docker.io Registry的鏡像,Pouch其他Registry鏡像會(huì)報(bào)錯(cuò)
[root@VM_58_62_centos ~]# pouch pull awesomedocker/centos7-sshd
awesomedocker/centos7-sshd:latest: resolving |--------------------------------------|
elapsed: 0.0 s total: 0.0 B (0.0 B/s)
failed to pull image: failed to do request: Head https://awesomedocker/v2/centos7-sshd/manifests/latest: dial tcp: lookup awesomedocker on 10.225.30.223:53: no such host
[root@VM_58_62_centos ~]# pouch pull docker.io/library/hello-world:latest
docker.io/library/hello-world:latest: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:be0cd392e45be79ffeffa6b05338b98ebb16c87b255f48e297ec7f98e123905c: exists |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:8072a54ebb3bc136150e2f2860f00a7bf45f13eeb917cca2430fcd0054c8e51b: exists |++++++++++++++++++++++++++++++++++++++|
layer-sha256:ca4f61b1923c10e9eb81228bd46bee1dfba02b9c7dac1844527a734752688ede: exists |++++++++++++++++++++++++++++++++++++++|
config-sha256:f2a91732366c0332ccd7afd2a5c4ff2b9af81f549370f7a19acd460f87686bc7: exists |++++++++++++++++++++++++++++++++++++++|
elapsed: 2.0 s total: 0.0 B (0.0 B/s)
[root@VM_58_62_centos ~]#
提供給你們的小test,可以試試
pouch create docker.io/library/nginx:alpine
pouch start [containerID]
pouch exec -it [containerID] /bin/sh
提交了兩個(gè)issue 哈哈哈~
能得到allencloud的回復(fù),真是榮幸(容我在旁邊激動(dòng)一下>-<)
犯了個(gè)基礎(chǔ)上的錯(cuò)誤茫叭,大神們很耐心的回答呢~
借用孫宏亮大神的一句話"
后續(xù)會(huì)有補(bǔ)充酬屉,不到之處,還望各位提出斧正揍愁。"
-< >-< >-< >-< >-< >-< >-< >-<
在這里 預(yù)祝阿里孫宏亮團(tuán)隊(duì)的Pouch越做越好~