iSula是一种生活在中南美洲亚马逊丛林的蚂蚁,被称为子弹蚁,据说被咬一口像被子弹打过一样疼,华为开源的容器引擎就使用这种强大的昆虫的名字,iSula是使用MuLan协议下使用C和C++开发的一种轻量级的容器,支持ARM和X86等体系架构,相较于Go语言实现的Docker的容器运行时,iSula的底层开销更小,是被设计用来在IOT等场景下的容器运行时。
iSula的基本信息如下所示:
项目 说明 使用说明 iSula使用官方链接 开源/闭源 开源 开源协议 MulanPSL-2.0 开发语言 C/C++ 代码管理地址 https://gitee.com/openeuler/iSulad 下载地址 https://gitee.com/openeuler/iSulad/releases 当前版本 2.0.7(2020/11/23) iSula架构
从中可以看到这样几个特点:
- 对于HASEN的特定支持以及对于Kubernetes的CRI的通用性支持
- 除了CLI还有GRPC和REST两种内部通信方式
- Engine中也是氛围Image管理和运行时管理,前者通过Content服务和Rootfs服务来完成后者通过Execution服务来支持
- 服务的具体实现都是通过Plugin的模式来进行
事前安装openEuler,本文以目前最新版本20.09为例进行说明
- Linux内核版本
[root@liumiaocn ~]# uname -a Linux liumiaocn 4.19.140-2009.4.0.0048.oe1.x86_64 #1 SMP Thu Sep 24 09:39:46 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@liumiaocn ~]#
- openEuler版本
[root@liumiaocn ~]# cat /etc/openEuler-release openEuler release 20.09 [root@liumiaocn ~]#
- openEuler的简介与安装准备可参看:https://liumiaocn.blog.csdn.net/article/details/110255783
今年openEuler峰会有个主题是“openEuler与centOS无关”,为什么有这个疑问,就是很多使用者可能会觉得好像再使用centOS的错觉,实际上Linux发行版大同小异,内核相同在此基础上开发者直接使用较多的往往是yum或者dnf这样包管理工具,而这些不同的发型版有的时候使用的都是相同的,比如systemd。而对于iSula,同样的主题可能是“iSula与docker无关”,抛开这个到底是什么,初学者或者初用者可以考虑两条基本原则:
- 像使用centOS那样使用openEuler,碰到不一致的情况参看openEuler使用文档
- 像使用docker一样使用iSula,碰到不一致的情况参看iSula的使用文档
这里直接使用OpenEuler提供的repo源进行安装,执行命令如下所示:
执行命令:yum install iSulad
[root@liumiaocn ~]# yum install iSulad OS 5.3 kB/s | 3.8 kB 00:00 everything 5.7 kB/s | 3.8 kB 00:00 EPOL 4.5 kB/s | 2.9 kB 00:00 debuginfo 5.8 kB/s | 3.8 kB 00:00 source 5.8 kB/s | 3.8 kB 00:00 Dependencies resolved. ======================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================== Installing: iSulad x86_64 2.0.5-20200923.100811.git275398ce.oe1 OS 2.6 M Installing dependencies: c-ares x86_64 1.16.1-1.oe1 OS 96 k clibcni x86_64 2.0.3-20200904.104745.git413e6757.oe1 OS 37 k emacs-filesystem noarch 1:26.3-1.oe1 OS 8.0 k gflags x86_64 2.2.2-1.oe1 OS 95 k gperftools-libs x86_64 2.8-2.oe1 OS 271 k gpm-libs x86_64 1.20.7-21.oe1 OS 18 k grpc x86_64 1.30.2-1.oe1 OS 5.6 M http-parser x86_64 2.9.4-1.oe1 OS 30 k lcr x86_64 2.0.3-20200904.101728.git8b4641a4.oe1 OS 312 k libunwind x86_64 1.4.0-1.oe1 OS 55 k libwebsockets x86_64 4.0.20-2.oe1 OS 217 k lxc x86_64 4.0.3-2020092501.oe1 OS 179 k lxc-libs x86_64 4.0.3-2020092501.oe1 OS 411 k protobuf x86_64 3.12.3-14.oe1 OS 951 k protobuf-devel x86_64 3.12.3-14.oe1 OS 3.3 M rsync x86_64 3.2.1-1.oe1 OS 289 k vim-common x86_64 2:8.2-4.oe1 OS 6.8 M vim-enhanced x86_64 2:8.2-4.oe1 OS 1.4 M vim-filesystem noarch 2:8.2-4.oe1 OS 10 k yajl x86_64 2.1.0-12.oe1 OS 34 k zlib-devel x86_64 1.2.11-17.oe1 OS 90 k Transaction Summary ======================================================================================================================================== Install 22 Packages Total download size: 23 M Installed size: 99 M Is this ok [y/N]: y ...省略
和docker缺省的安装相比,确实会发现明显少很多依赖
启动iSula执行命令:systemd start isulad
查看iSula执行命令:systemd status isulad
[root@liumiaocn ~]# systemctl status isulad
● isulad.service - iSulad Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/isulad.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-12-01 06:35:31 CST; 11min ago
Main PID: 1275 (isulad)
Tasks: 13 (limit: 12523)
Memory: 21.4M
CGroup: /system.slice/isulad.service
└─1275 /usr/bin/isulad
12月 01 06:35:30 liumiaocn systemd[1]: Starting iSulad Application Container Engine...
12月 01 06:35:31 liumiaocn systemd[1]: Started iSulad Application Container Engine.
[root@liumiaocn ~]#
可以看到此进程的父进程为1号进程
[root@liumiaocn ~]# ps -ef |grep 1275 |grep -v grep root 1275 1 0 06:35 ? 00:00:00 /usr/bin/isulad [root@liumiaocn ~]#
1号进程的详细信息如下
[root@liumiaocn ~]# ps -ef |grep -w systemd |grep -v grep root 1 0 0 06:35 ? 00:00:01 /usr/lib/systemd/systemd --switched-root --system --deserialize 16 root 547 1 0 06:35 ? 00:00:00 /usr/lib/systemd/systemd-journald root 568 1 0 06:35 ? 00:00:00 /usr/lib/systemd/systemd-udevd dbus 1079 1 0 06:35 ? 00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 1086 1 0 06:35 ? 00:00:00 /usr/lib/systemd/systemd-logind systemd+ 1249 1 0 06:35 ? 00:00:00 /usr/lib/systemd/systemd-networkd root 1608 1 0 06:35 ? 00:00:00 /usr/lib/systemd/systemd-userdbd root 1613 1 0 06:35 ? 00:00:00 /usr/lib/systemd/systemd --user root 1698 1608 0 06:45 ? 00:00:00 systemd-userwork root 1699 1608 0 06:45 ? 00:00:00 systemd-userwork root 1700 1608 0 06:45 ? 00:00:00 systemd-userwork [root@liumiaocn ~]#
虽然说openEuler和centOS无关,从这个角度说,systemd也与Linux发行版无关,这些无论是哪个发行版,使用起来都是一样的,只要使用的是systemd而不是init.d。
版本确认前面说过,虽然不懂iSula,但是还是了解docker的,虽然iSula和docker无关,但是可以考虑像使用docker那样大体的来使用iSula,比如进行版本确认
[root@liumiaocn ~]# isula version Client: Version: 2.0.5 Git commit: f84000843bf2ba98adea547721b235e3b77168e1 Built: 2020-09-27T17:45:13.009126010+00:00 Server: Version: 2.0.5 Git commit: f84000843bf2ba98adea547721b235e3b77168e1 Built: 2020-09-27T17:45:13.009126010+00:00 OCI config: Version: 1.0.1 Default file: /etc/default/isulad/config.json [root@liumiaocn ~]#镜像操作
- 确认当前镜像
[root@liumiaocn ~]# isula images REPOSITORY TAG IMAGE ID CREATED SIZE [root@liumiaocn ~]#
- 拉取nginx镜像
[root@liumiaocn ~]# isula pull nginx Image "nginx" pulling Failed to pull image nginx with error: Invalid image name, no host found [root@liumiaocn ~]#配置文件
可以看到上述镜像拉取操作中出现了错误,
- 错误原因:提示其实不清晰,是需要设定私库或者docker的官方库,安装之后需要手动设定。
- iSula配置文件:/etc/isulad/daemon.json
- 缺省配置:
[root@liumiaocn ~]# cat /etc/isulad/daemon.json { "group": "isulad", "default-runtime": "lcr", "graph": "/var/lib/isulad", "state": "/var/run/isulad", "engine": "lcr", "log-level": "ERROR", "pidfile": "/var/run/isulad.pid", "log-opts": { "log-file-mode": "0600", "log-path": "/var/lib/isulad", "max-file": "1", "max-size": "30KB" }, "log-driver": "stdout", "hook-spec": "/etc/default/isulad/hooks/default.json", "start-timeout": "2m", "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ], "registry-mirrors": [ ], "insecure-registries": [ ], "pod-sandbox-image": "", "native.umask": "secure", "network-plugin": "", "cni-bin-dir": "", "cni-conf-dir": "", "image-layer-check": false, "use-decrypted-key": true, "insecure-skip-verify-enforce": false } [root@liumiaocn ~]#
- 对应方法:设定上述json中的registry-mirrors即可,比如修改内容如下
"registry-mirrors": [ "docker.io" ],
然后重启iSula服务,即可拉取镜像了
[root@liumiaocn ~]# systemctl restart isulad [root@liumiaocn ~]# isula pull nginx Image "nginx" pulling Image "bc9a0695f5712dcaaa09a5adc415a3936ccba13fc2587dfd76b1b8aeea3f221c" pulled [root@liumiaocn ~]# isula images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest bc9a0695f571 2020-11-25 08:30:19 126.716 MB [root@liumiaocn ~]#运行服务
- 没有-p选项映射端口
[root@liumiaocn ~]# isula run -p 80:80 nginx Unkown flag found:'p' [root@liumiaocn ~]#
- 普通方式启动
[root@liumiaocn ~]# isula run -d --name nginx nginx 71e54ad3cd8f5f3899caef06856cac9aa2139bdc81e20264e3de7f9e14f253c6 [root@liumiaocn ~]#
- 容器确认
[root@liumiaocn ~]# isula ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 71e54ad3cd8f nginx "/docker-entrypoin..." 3 seconds ago Up 3 seconds nginx [root@liumiaocn ~]#
- 进入容器确认
[root@liumiaocn ~]# isula exec -it nginx sh # which curl /usr/bin/curl # curl localhost Welcome to nginx! Welcome to nginx!If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to nginx.org. Commercial support is available at nginx.com.
Thank you for using nginx.
#
可以看到nginx容器已经正常运行了
参考内容https://openeuler.org/zh/docs/20.09/docs/Container/iSula%E5%AE%B9%E5%99%A8%E5%BC%95%E6%93%8E.html
