Disclosure of Invention
An object of the embodiments of the present application is to provide a container creation method and apparatus, an electronic device, and a storage medium, so as to solve a problem that a container in a running state cannot run normally when a new container is created based on an existing container image file update method. The specific technical scheme is as follows:
in a first aspect, the present application provides a container creating method, where the method is applied to a physical host, where a virtual machine is deployed in the physical host, and the method includes:
responding to a container creating instruction, and acquiring a new agent file to be updated;
and mounting the new agent side file to a first virtual machine directory in the virtual machine, so that the virtual machine can obtain the new agent side file according to the first virtual machine directory and operate a container based on the new agent side file.
Optionally, the mounting the new agent file to a first virtual machine directory in the virtual machine includes:
mounting the new agent side file to a container resource directory corresponding to the virtual machine to obtain a host directory of the new agent side file in the container resource directory;
mapping the host directory to a first one of the virtual machines.
Optionally, the mapping the host directory to a first virtual machine directory in the virtual machines includes:
mapping the host directory to a first one of the virtual machines based on a directory sharing file system.
In a second aspect, the present application further provides a container creation method, where the method is applied to a virtual machine deployed in a physical host, and the method includes:
in response to the fact that the physical host mounts a new agent file to be updated to a first virtual machine directory in the virtual machine, acquiring the new agent file according to the first virtual machine directory;
and running a container based on the new agent side file.
Optionally, the running the container based on the new agent file includes:
mounting the new agent side file into a root file system of the virtual machine to obtain a second virtual machine directory;
acquiring the new agent file according to the second virtual machine directory;
and executing the new agent file to create a container.
Optionally, after the new agent file is mounted to the root file system of the virtual machine and a second virtual machine directory is obtained, the method further includes:
and uninstalling the first virtual machine directory.
In a third aspect, the present application further provides a container creating apparatus, where the apparatus is applied to a physical host, where a virtual machine is deployed in the physical host, and the apparatus includes:
the acquisition module is used for responding to the container creation instruction and acquiring a new agent file to be updated;
and the mounting module is used for mounting the new agent file to a first virtual machine directory in the virtual machine so that the virtual machine can obtain the new agent file according to the first virtual machine directory and operate a container based on the new agent file.
Optionally, the mount module includes:
the mounting submodule is used for mounting the new agent side file to a container resource directory corresponding to the virtual machine to obtain a host directory of the new agent side file under the container resource directory;
and the mapping submodule is used for mapping the host directory to a first virtual machine directory in the virtual machine.
Optionally, the mapping sub-module is configured to map the host directory to a first virtual machine directory in the virtual machines based on a directory shared file system.
In a fourth aspect, the present application further provides a container creation apparatus, which is applied to a virtual machine deployed in a physical host, and includes:
the acquisition module is used for responding to the fact that the physical host mounts a new agent file to be updated to a first virtual machine directory in the virtual machine, and acquiring the new agent file according to the first virtual machine directory;
and the operation module is used for operating the container based on the new agent side file.
Optionally, the operation module includes:
the mounting submodule is used for mounting the new agent side file into a root file system of the virtual machine to obtain a second virtual machine directory;
the obtaining submodule is used for obtaining the new agent side file according to the second virtual machine directory;
and the execution submodule is used for executing the new agent side file to create a container.
Optionally, the operation module further includes:
and the unloading submodule is used for unloading the first virtual machine directory.
In a fifth aspect, the present application further provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
a processor adapted to perform the method steps of any of the first aspect or any of the second aspect when executing a program stored in the memory.
In a sixth aspect, the present application further provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method steps of any of the first aspects, or any of the second aspects.
In a seventh aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method steps of any of the first aspects, or any of the second aspects, described above.
The embodiment of the application has the following beneficial effects:
the embodiment of the application provides a container creating method and device, electronic equipment and a storage medium, wherein a physical host can respond to a container creating instruction to obtain an agent file to be updated, and then the physical host can mount the new agent file to a first virtual machine directory in a virtual machine, so that the virtual machine can obtain the new agent file according to the first virtual machine directory and operate a container based on the new agent file.
Because the container image file stored in the physical host does not need to be replaced, the update of the agent file can be realized, and therefore, in the update process of the container image file, the virtual machine can normally transmit data with the physical host, and the container can normally run.
Of course, not all advantages described above need to be achieved at the same time in the practice of any one product or method of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a container creation method, which can be applied to a physical host, wherein the physical host can be any electronic device with a virtual machine. The physical host may have a container image file stored therein, and the physical host may create a container in the virtual machine based on the container image file.
In the embodiment of the present application, one virtual machine may be deployed in the physical host, or a plurality of virtual machines may be deployed in the physical host. When a plurality of virtual machines are deployed in a physical host, the physical host may update a container image file in the virtual machine by using the container creation method provided in the embodiment of the present application for each virtual machine, and create a container based on the updated container image file.
A container creation method provided in the embodiments of the present application will be described in detail below with reference to specific embodiments, as shown in fig. 1, and includes the following specific steps:
step 101, responding to a container creating instruction, and acquiring a new agent file to be updated.
In implementation, when the container image file needs to be updated, a developer may store a new agent file to be updated in the physical host, and then, the developer may perform a preset action, so that the physical host detects a container creation instruction. The preset action may be inputting a command code indicating updating the container image file, or clicking an update icon indicating updating the container image file in the preset control page.
In response to the container creation instruction, the physical host may obtain the new agent file to be updated in a variety of ways.
In a feasible implementation manner, the new agent file may be stored in the physical host, the container creation instruction may carry a storage address of the new agent file in the physical host, and the physical host may read the new agent file according to the storage address. In another possible implementation manner, the new agent file may be stored in a preset database, the container creation instruction may carry a file identifier of the new agent file, and the physical host may obtain the new agent file from the preset database according to the file identifier.
And 102, mounting the new agent side file to a first virtual machine directory in the virtual machine.
In an implementation, the physical host may determine a virtual machine to be subject to a container image file update.
In the embodiment of the application, when the number of the virtual machines is 1, the virtual machine is a virtual machine to be subjected to updating of the container image file. When the number of the virtual machines is multiple, the physical host may determine the virtual machine to be subjected to the update of the container image file in multiple ways.
In a feasible implementation manner, the container creation instruction may carry a target virtual machine identifier, where the target virtual machine identifier is an identifier of a virtual machine to be subjected to updating of the container image file. The physical host may determine, according to the target virtual machine identifier, a virtual machine to be subjected to update of the container image file among the deployed multiple virtual machines. In another feasible implementation manner, the physical host may store a corresponding relationship between the container and the virtual machine, and the physical host may determine the virtual machine in which the container is deployed according to the corresponding relationship, and then the physical host may use the determined virtual machine as the virtual machine to be subjected to the update of the container image file.
After determining the virtual machine that needs to update the container image file, the physical host may mount the new agent file to the first virtual machine directory in the virtual machine for the determined virtual machine, and a detailed description will be made later on a specific mounting process.
Then, the virtual machine may update the container image file based on the new agent file, and the detailed processing procedure will be described later.
In this embodiment of the application, the physical host may obtain the agent file to be updated in response to the container creation instruction, and then the physical host may mount the new agent file to a first virtual machine directory in the virtual machine, so that the virtual machine obtains the new agent file according to the first virtual machine directory, and runs the container based on the new agent file.
Because the update of the agent file can be realized without replacing the container mirror image file stored in the physical host, the virtual machine can normally transmit data with the physical host and the container can normally run in the update process of the agent file.
Optionally, for each virtual machine, the physical host may store a container resource directory corresponding to the virtual machine. Under the container resource directory, a file or a directory of required files required by the virtual machine starting container can be loaded, and the file required by the virtual machine starting container is, for example: root file system (root file system) of a container.
The physical host may mount the new agent file to a first virtual machine directory of the virtual machine based on the container resource directory corresponding to the virtual machine, as shown in fig. 2, where the specific processing procedure includes:
step 201, mounting the new agent file to a container resource directory corresponding to the virtual machine, and obtaining a host directory of the new agent file in the container resource directory.
In implementation, the physical host may mount the new agent file to a container resource directory corresponding to the virtual machine, and obtain a directory of the new agent file in the container resource directory, that is, a host directory of the new agent file in the physical host.
For example, the new agent file to be updated is kata-agent, the identifier of the virtual machine to be subjected to the update of the container image file is de0eb57 effbe, and the container resource directory corresponding to the virtual machine in the physical host is/run/kata-associates/shared/sandboxes/de 0eb57 effbe.
The physical host may mount the new agent file kata-agent to a container resource directory/run/kata-associates/shared/sandboxes/de 0eb57 effbe corresponding to the virtual machine, so as to obtain a directory of the new agent file in the container resource directory, that is, the host directory is: /run/kata-associates/shared/sandboxes/de 0eb57 effbe/kata-agent.
Step 202, mapping the host directory to a first virtual machine directory in the virtual machines.
In an implementation, a physical host may map a host directory to be under a first one of the virtual machines. Therefore, the virtual machine can acquire the new agent file based on the mapped first virtual machine directory and run the container based on the new agent file. The process of the virtual machine obtaining the new agent file based on the first virtual machine directory will be described in detail later.
Optionally, the physical host may map the host directory to any non-system directory in the virtual machine, for example, the physical host may map the host directory to any/tmp directory in the virtual machine, i.e., the first virtual machine directory may be/tmp.
Or, the physical host may map the host directory to a preset directory in the virtual machine, for example, the virtual machine stores a preset directory/run/kata-contacts/shared/contacts, and the resource files required for starting the container are all loaded in the preset directory. The physical host may map the host directory to the preset directory, that is, the first virtual machine directory is/run/kata-contacts/shared/contacts.
In this embodiment of the application, the physical host may mount the new agent file to the container resource directory corresponding to the virtual machine to obtain a host directory, and then map the host directory to the first virtual machine directory in the virtual machine. Because the new agent file is mounted to the first virtual machine directory of the virtual machine based on the container resource directory corresponding to the virtual machine, the physical host can conveniently and quickly transfer the new agent file to the virtual machine.
Optionally, an embodiment of the present application further provides an implementation manner in which a physical host maps a host directory to a first virtual machine directory in a virtual machine, where the implementation manner includes: the host directory is mapped to a first one of the virtual machines based on the directory-shared file system. The directory sharing file system may be 9pfs (plan 9file system, 9 project file system), virtio-fs.
Because the host directory is mapped to the first virtual machine directory in the virtual machine based on the directory sharing system, the virtual machine can access the new agent side file mounted under the host directory by accessing the first virtual machine directory, thereby realizing data sharing between the physical host and the virtual machine.
Optionally, the physical host may also select another manner to perform data sharing with the virtual machine, for example, the physical host may mount the container image file stored in the physical host into the virtual machine based on the nvidmm characteristic of the kernel, and use the container image file as a block device mounted in the virtual machine.
Based on the same technical concept, the embodiment of the application also provides a container creation method, and the method can be applied to virtual machines deployed in a physical host.
A detailed description will be given below of a container creation method provided in the embodiments of the present application with reference to specific embodiments, as shown in fig. 3, the specific steps are as follows:
step 301, in response to the physical host mounting a new agent file to be updated to a first virtual machine directory in the virtual machine, obtaining the new agent file according to the first virtual machine directory.
Wherein, the new agent file is acquired by the physical host in response to the container creation instruction.
In implementation, when the container image file needs to be updated, the physical host may obtain a new agent file in response to the container creation instruction, and mount the new agent file in the first virtual machine directory in the virtual machine, where the specific processing process may refer to the processing processes in step 101 to step 102, and details are not described here.
After the physical host mounts the new agent file to the first virtual machine directory, the virtual machine may obtain the first virtual machine directory, and then the virtual machine may obtain the new agent file to be updated from the physical host according to the first virtual machine directory.
Optionally, the virtual machine may obtain the first virtual machine directory in multiple ways, and in a feasible implementation manner, the first virtual machine directory is a preset directory in the virtual machine, and the virtual machine may obtain the first virtual machine directory stored in advance locally. In another possible implementation, the physical host may send the first virtual machine directory to the virtual machine after mapping the host directory into the virtual machine.
Step 302, the container is operated based on the new agent side file.
In implementation, the virtual machine may run the container based on the new agent file in various ways, and in a feasible implementation manner, the virtual machine may mount the new agent file in a root file system of the virtual machine, and then implement creation and management of the container by executing the new agent file mounted in the root file system.
Or the virtual machine may directly execute the new agent file acquired according to the first virtual machine directory, thereby implementing creation and management of the container.
In this embodiment of the application, in response to the physical host mounting a new agent file to be updated to a first virtual machine directory in the virtual machine, the virtual machine may obtain the new agent file according to the first virtual machine directory, and then the virtual machine may run a container based on the new agent file. Because the update of the agent file can be realized without changing the container mirror image file stored in the physical host, the virtual machine can normally transmit data with the electronic equipment and the container can normally run in the update process of the agent file.
Optionally, an embodiment of the present application further provides an implementation manner for creating a container based on a new agent file, as shown in fig. 4, including the following steps:
step 401, mount the new agent file to the root file system of the virtual machine, and obtain a second virtual machine directory.
In implementation, the virtual machine may mount the new agent file to a root file system of the virtual machine, so as to obtain the second virtual machine directory.
For example, the virtual machine may mount the new agent end file kata-agent to the root file system of the virtual machine, resulting in a second virtual machine directory/usr/bin/kata-agent.
And step 402, acquiring a new agent file according to the second virtual machine directory.
Step 403, executing the new agent file to create a container.
The process of the virtual machine executing the new agent file to create the container is similar to the process of the virtual machine executing the kata-agent file to create the container in the related art, and details are not repeated here.
In this embodiment of the application, the virtual machine may mount the new agent file to a root file system of the virtual machine to obtain a second virtual machine directory. The virtual machine may then retrieve the new broker file from the second virtual machine directory, after which the virtual machine may execute the new broker file to create the container. Therefore, the container can be created based on the updated new agent file.
Optionally, after obtaining the second virtual machine directory, the virtual machine may further uninstall the first virtual machine directory.
For example, after the new agent-side file kata-agent is mounted into the root file system of the virtual machine, the virtual machine may unload the first virtual machine directory/run/kata-contacts/shared/contacts/.
In the embodiment of the application, the virtual machine mounts the new agent file into the root file system of the virtual machine and unloads the first virtual machine directory, so that the problem that the new agent file cannot be accessed due to repeated mounting of the new agent file can be avoided, and the updating stability of the new agent file is improved.
Optionally, an example diagram for updating a container image file provided in an embodiment of the present application is shown in fig. 5, and includes the following steps:
step 501, the physical host responds to the container creation instruction to acquire a new agent file to be updated.
In the implementation, the processing procedure of this step may refer to the processing procedure of step 101, and is not described herein again.
Step 502, the physical host mounts the new agent file to the container resource directory corresponding to the virtual machine, and obtains a host directory of the new agent file in the container resource directory.
In implementation, the processing procedure of this step may refer to the processing procedure of step 201, and is not described herein again.
Step 503, the physical host maps the host directory to a first virtual machine directory in the virtual machines based on the directory sharing file system.
Step 504, the virtual machine obtains a new agent file according to the first virtual machine directory.
In implementation, the processing procedure of this step may refer to the processing procedure of step 301, and is not described herein again.
And 505, the virtual machine mounts the new agent file into a root file system of the virtual machine to obtain a second virtual machine directory.
In implementation, the processing procedure of this step may refer to the processing procedure of step 401, and is not described herein again.
Step 506, the virtual machine obtains the new agent file according to the second virtual machine directory.
Step 507, the virtual machine executes the new agent file to create a container.
Optionally, as shown in fig. 6, a schematic flow chart of updating a container image file provided in this embodiment of the present application is shown, where 610 denotes a physical host, 620 denotes a virtual machine, kata-containers.
When configuring the virtual machine 620, the physical host 610 may mount the container image file kata-containers, img, into the virtual machine 620 based on nvidmm characteristics of the kernel, as a block device mounted to the virtual machine 620, which may be denoted as/dev/pmem 0p 1. After the virtual machine 620 is started, the kernel is started, and then the kernel can mount/dev/pmem 0p1 into the virtual machine as the rootfs (root file system) of the virtual machine. That is, the directory of the container image file kata-contacts.img is set as the root directory of the virtual machine 620, and the program script included in the container image file kata-contacts.img is executed in the virtual machine 620 in accordance with the root directory.
If the container image file needs to be updated, the physical host 610 may mount the new agent end file kata-agent to be updated to the container resource directory/run/kata-associates/shared/$ site corresponding to the virtual machine in a bind mount manner through the kata-run, to obtain the host directory/run/kata-associates/shared/sid/kata-agent. Physical host 610 may then map the host directory to the first virtual machine directory/run/kata-contacts/shared/contacts in virtual machine vm through directory-shared file system 9 pfs.
During the running of the virtual machine, the kernel will start the system d process, and the system d process can execute step S1 to pull the preinit process. The preinit process may perform step S2, accessing the new agent file kata-agent under the first virtual machine directory/run/kata-associates/shared/associates. Then, the preinit process may execute step S3 to copy the new agent end file kata-agent to the second virtual machine directory/usr/bin. Thereafter, the system process may run the kata-agent program by executing the kata-agent file, and the physical host 610 may perform step S4, commanding the kata-agent program to perform container creation through the kata-runtime, grpc api. The kata-agent program may perform step S5 to create a container in virtual machine 620.
Optionally, an embodiment of the present application further provides a method for updating a container image file, including: the physical host can decompress the locally stored container image file to obtain a decompressed directory when the virtual machine is configured. The physical host may then map the decompressed directory into the virtual machine based on the directory-shared file system, after which the physical host may set the decompressed directory as the root file system of the virtual machine. For the convenience of distinguishing, the agent file contained in the container image file is called an original agent file, and the agent file to be updated is called a new agent file.
Subsequently, when updating the container image file, the physical host may map the new agent file into the virtual machine based on the directory-shared file system. The virtual machine may then replace the primary proxy file in the decompressed directory with a new proxy file.
Based on the same technical concept, the present application further provides a container creating apparatus, where the apparatus is applied to a physical host, and a virtual machine is deployed in the physical host, as shown in fig. 7, and the apparatus includes:
an obtaining module 710, configured to obtain, in response to a container creation instruction, a new agent file to be updated;
the mounting module 720 is configured to mount the new agent file to a first virtual machine directory in the virtual machine, so that the virtual machine obtains the new agent file according to the first virtual machine directory, and runs a container based on the new agent file.
Optionally, the mount module includes:
the mounting submodule is used for mounting the new agent side file to a container resource directory corresponding to the virtual machine to obtain a host directory of the new agent side file under the container resource directory;
and the mapping submodule is used for mapping the host directory to a first virtual machine directory in the virtual machine.
Optionally, the mapping sub-module is configured to map the host directory to a first virtual machine directory in the virtual machines based on a directory shared file system.
In this embodiment of the application, the physical host may obtain the agent file to be updated in response to the container creation instruction, and then the physical host may mount the new agent file to a first virtual machine directory in the virtual machine, so that the virtual machine obtains the new agent file according to the first virtual machine directory, and runs the container based on the new agent file.
Because the container image file stored in the physical host does not need to be replaced, the update of the agent file can be realized, and therefore, in the update process of the container image file, the virtual machine can normally transmit data with the physical host, and the container can normally run.
Based on the same technical concept, the present application further provides a container creation apparatus, which is applied to a virtual machine deployed in a physical host, as shown in fig. 8, and includes:
an obtaining module 810, configured to respond to that the physical host mounts a new agent file to be updated to a first virtual machine directory in the virtual machine, and obtain the new agent file according to the first virtual machine directory;
and an executing module 820, configured to execute a container based on the new agent file.
Optionally, the operation module includes:
the mounting submodule is used for mounting the new agent side file into a root file system of the virtual machine to obtain a second virtual machine directory;
the obtaining submodule is used for obtaining the new agent side file according to the second virtual machine directory;
and the execution submodule is used for executing the new agent side file to create a container.
Optionally, the operation module further includes:
and the unloading submodule is used for unloading the first virtual machine directory.
In this embodiment of the application, in response to the physical host mounting a new agent file to be updated to a first virtual machine directory in the virtual machine, the virtual machine may obtain the new agent file according to the first virtual machine directory, and then the virtual machine may run a container based on the new agent file. Because the update of the agent file can be realized without changing the container mirror image file stored in the physical host, the virtual machine can normally transmit data with the electronic equipment and the container can normally run in the update process of the agent file.
Based on the same technical concept, the embodiment of the present application further provides an electronic device, as shown in fig. 9, including a processor 901, a communication interface 902, a memory 903 and a communication bus 904, where the processor 901, the communication interface 902, and the memory 903 are configured to communicate with each other through the communication bus 904,
a memory 903 for storing computer programs;
the processor 901 is configured to implement any of the above container creation method steps executed by the physical host or any of the above container creation method steps executed by the virtual machine when executing the program stored in the memory 903.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
In yet another embodiment provided by the present application, there is further provided a computer-readable storage medium having stored therein a computer program, which when executed by a processor, implements the steps of any of the above-described container creation methods.
In yet another embodiment provided by the present application, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform any of the container creation methods of the above embodiments.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is merely exemplary of the present application and is presented to enable those skilled in the art to understand and practice the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.