Disclosure of Invention
An object of the embodiments of the present application is to provide a method, an apparatus, an electronic device, and a storage medium for creating a container, so as to solve a problem that a container in an operation state cannot operate normally when a new container is created based on an existing container image file updating method. The specific technical scheme is as follows:
in a first aspect, the present application provides a container creation method, where the method is applied to a physical host, and the physical host has a virtual machine deployed therein, and the method includes:
responding to a container creation instruction, and acquiring a new agent file to be updated;
and mounting the new agent file under a first virtual machine directory in the virtual machine, so that the virtual machine can acquire the new agent file according to the first virtual machine directory, and running a container based on the new agent file.
Optionally, the mounting the new proxy file to the first virtual machine directory in the virtual machine includes:
mounting the new agent file under a container resource directory corresponding to the virtual machine to obtain a host directory of the new agent file under the container resource directory;
mapping the host directory to a first virtual machine directory in the virtual machine.
Optionally, the mapping the host directory to a first virtual machine directory in the virtual machine includes:
the host directory is mapped under a first one of the virtual machines based on a directory sharing file system.
In a second aspect, the present application further provides a container creation method, the method being applied to a virtual machine deployed in a physical host, the method comprising:
responding to the physical host to mount a new agent file to be updated under a first virtual machine directory in the virtual machine, and acquiring the new agent file according to the first virtual machine directory;
and running the container based on the new agent side file.
Optionally, the running container based on the new proxy file includes:
mounting the new agent end file into a root file system of the virtual machine to obtain a second virtual machine directory;
acquiring the new agent file according to the second virtual machine directory;
executing the new proxy file to create a container.
Optionally, after the mounting the new proxy file to the root file system of the virtual machine to obtain the second virtual machine directory, the method further includes:
and unloading the first virtual machine directory.
In a third aspect, the present application further provides a container creation apparatus applied to a physical host having a virtual machine deployed therein, the apparatus comprising:
the acquisition module is used for responding to the container creation instruction and acquiring a new agent file to be updated;
and the mounting module is used for mounting the new agent file under a first virtual machine directory in the virtual machine so that the virtual machine can acquire the new agent file according to the first virtual machine directory and run a container based on the new agent file.
Optionally, the mounting module includes:
the mounting sub-module is used for mounting the new agent file under the container resource directory corresponding to the virtual machine to obtain a host directory of the new agent file under the container resource directory;
and the mapping sub-module is used for mapping the host directory to a first virtual machine directory in the virtual machines.
Optionally, the mapping sub-module is configured to map the host directory to a first virtual machine directory in the virtual machines based on a directory sharing file system.
In a fourth aspect, the present application further provides a container creation apparatus applied to a virtual machine deployed in a physical host, the apparatus comprising:
the acquisition module is used for responding to the fact that the physical host mounts a new agent file to be updated under a first virtual machine directory in the virtual machine, and acquiring the new agent file according to the first virtual machine directory;
and the operation module is used for operating the container based on the new agent side file.
Optionally, the operation module includes:
the mounting sub-module is used for mounting the new agent end file into a root file system of the virtual machine to obtain a second virtual machine directory;
the obtaining submodule is used for obtaining the new agent end file according to the second virtual machine directory;
and the execution sub-module is used for executing the new proxy file to create a container.
Optionally, the operation module further includes:
and the unloading submodule is used for unloading the first virtual machine directory.
In a fifth aspect, the present application further provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
a processor configured to implement any of the method steps of the first aspect, or any of the second aspect, when executing a program stored on a memory.
In a sixth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements any of the first aspect, or any of the method steps of the second aspect.
In a seventh aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method steps of any of the first aspects, or any of the second aspects, above.
The beneficial effects of the embodiment of the application are that:
the embodiment of the application provides a container creation method, a device, electronic equipment and a storage medium, wherein a physical host can respond to a container creation instruction to acquire a proxy file to be updated, and then the physical host can mount a new proxy file under a first virtual machine directory in a virtual machine so that the virtual machine can acquire the new proxy file according to the first virtual machine directory and operate the container based on the new proxy file.
Because the update of the proxy-side file can be realized without replacing the container image file stored in the physical host, the virtual machine can normally transmit data with the physical host in the process of updating the container image file, and the container can normally operate.
Of course, not all of the above-described advantages need be achieved simultaneously in practicing any one of the products or methods of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The embodiment of the application provides a container creation method, which can be applied to a physical host, wherein the physical host can be any electronic device with a virtual machine deployed. The physical host may have a container image stored therein, and the physical host may create a container in the virtual machine based on the container image.
In this embodiment of the present application, one virtual machine may be deployed in a physical host, or a plurality of virtual machines may be deployed in a physical host. When a plurality of virtual machines are deployed in a physical host, the physical host may update a container image file in the virtual machine by adopting the container creation method provided in the embodiment of the present application for each virtual machine, and create a container based on the updated container image file.
The following will describe a detailed description of a method for creating a container provided in the embodiment of the present application with reference to the specific embodiment, as shown in fig. 1, and the specific steps are as follows:
and step 101, responding to a container creation instruction, and acquiring a new agent file to be updated.
In an implementation, when the container image file needs to be updated, a developer may store a new proxy file to be updated in the physical host, and then the developer may perform a preset action to enable the physical host to detect the container creation instruction. The preset action may be to input a command code representing updating the container image file, or click an update icon representing updating the container image file in a preset control page.
In response to the container creation instruction, the physical host may obtain the new proxy file to be updated in a variety of ways.
In one possible implementation, the new proxy file may be stored in the physical host, and the container creation instruction may carry a storage address of the new proxy file in the physical host, and the physical host may read the new proxy file according to the storage address. In another possible implementation manner, the new proxy file may be stored in a preset database, the container creation instruction may carry a file identifier of the new proxy file, and the physical host may obtain the new proxy file from the preset database according to the file identifier.
And 102, mounting the new agent file to a first virtual machine directory in the virtual machine.
In implementations, the physical host may determine a virtual machine to be subjected to a container image file update.
In this embodiment of the present application, when the number of virtual machines is 1, the virtual machines are the virtual machines to be updated with the container image files. When the number of virtual machines is plural, the physical host can determine the virtual machines to be subjected to the update of the container image file in various ways.
In one possible implementation, the container creation instruction may carry a target virtual machine identification, which is an identification of the virtual machine to be updated with the container image file. The physical host may determine a virtual machine to be updated with the container image file from among the deployed plurality of virtual machines according to the target virtual machine identification. In another possible implementation manner, the physical host may store a correspondence between the container and the virtual machine, and the physical host may determine, according to the correspondence, the virtual machine in which the container is deployed, and then, the physical host may use the determined virtual machine as the virtual machine to be updated with the container image file.
After determining the virtual machine that needs to update the container image file, the physical host may mount the new proxy file to the first virtual machine directory in the virtual machine for the determined virtual machine, where the specific mounting process will be described in detail later.
The virtual machine may then update the container image file based on the new proxy file, as will be described in more detail later.
In this embodiment of the present application, a physical host may respond to a container creation instruction to obtain a proxy file to be updated, and then, the physical host may mount the new proxy file under a first virtual machine directory in a virtual machine, so that the virtual machine obtains the new proxy file according to the first virtual machine directory, and runs the container based on the new proxy file.
Because the update of the proxy file can be realized without replacing the container image file stored in the physical host, the virtual machine can normally transmit data with the physical host in the update process of the proxy file, and the container can normally run.
Optionally, for each virtual machine, a container resource directory corresponding to the virtual machine may be stored in the physical host. The container resource directory may be loaded with files required for the virtual machine to start the container or a directory of the required files, where the files required for starting the container are as follows: rootfs (root file system) of the container.
The physical host may mount the new proxy file under the first virtual machine directory of the virtual machine based on the container resource directory corresponding to the virtual machine, as shown in fig. 2, and the specific processing procedure includes:
step 201, mounting the new agent file under the container resource directory corresponding to the virtual machine, and obtaining a host directory of the new agent file under the container resource directory.
In implementation, the physical host may mount the new proxy file under the container resource directory corresponding to the virtual machine, to obtain a directory of the new proxy file under the container resource directory, that is, a host directory of the new proxy file in the physical host.
For example, the new agent file to be updated is a kata-agent, the identifier of the virtual machine to be updated with the container image file is de0eb57efdbe, and the container resource directory corresponding to the virtual machine in the physical host is/run/kata-containers/shared/sadbox/de 0eb57efdbe.
The physical host can mount the new agent file kata-agent to the corresponding container resource catalog/run/kata-containers/shared/sadbox/de 0eb57efdbe of the virtual machine to obtain the catalog of the new agent file under the container resource catalog, namely, the host catalog is: a/run/kata-containers/shared/sadbox/de 0eb57efdbe/kata-agent.
Step 202, mapping the host directory to a first virtual machine directory in the virtual machine.
In implementations, the physical host may map a host directory under a first virtual machine directory in the virtual machine. Thus, the virtual machine can acquire the new agent file based on the mapped first virtual machine directory, and run the container based on the new agent file. The process by which the virtual machine obtains the new proxy file based on the first virtual machine directory will be described in detail later.
Alternatively, the physical host may map the host directory to any non-system directory in the virtual machine, e.g., the physical host may map the host directory to any/tmp directory in the virtual machine, i.e., the first virtual machine directory may be/tmp.
Alternatively, the physical host may map the host directory to a preset directory in the virtual machine, for example, the preset directory/run/kata-containers/shared/containers are stored in the virtual machine, and resource files required for starting the container are all mounted in the preset directory. The physical host may map the host directory to the preset directory, i.e., the first virtual machine directory is/run/kata-containers/shared/containers.
In this embodiment of the present application, the physical host may mount the new proxy file under the container resource directory corresponding to the virtual machine, to obtain a host directory, and then map the host directory under the first virtual machine directory in the virtual machine. Because the new agent file is mounted under the first virtual machine directory of the virtual machine based on the container resource directory corresponding to the virtual machine, the physical host can conveniently and quickly transmit the new agent file to the virtual machine.
Optionally, the embodiment of the present application further provides an implementation manner of mapping a host directory to a first virtual machine directory in a virtual machine by a physical host, including: the host directory is mapped under a first virtual machine directory in the virtual machines based on the directory sharing file system. The directory sharing file system may be 9pfs (plan 9file system), or virtio-fs.
Because the host directory is mapped under the first virtual machine directory in the virtual machines based on the directory sharing system, the virtual machines can access the new proxy files mounted under the host directory by accessing the first virtual machine directory, thereby realizing data sharing between the physical hosts and the virtual machines.
Alternatively, the physical host may also select other manners to share data with the virtual machine, for example, the physical host may mount the container image file stored in the physical host into the virtual machine as a block device mounted on the virtual machine based on nvidmm characteristics of the kernel.
Based on the same technical concept, the embodiment of the application also provides a container creation method, which can be applied to virtual machines deployed in physical hosts.
The following will describe a detailed description of a method for creating a container provided in the embodiment of the present application with reference to the specific embodiment, as shown in fig. 3, and the specific steps are as follows:
step 301, in response to the physical host mounting the new proxy file to be updated under a first virtual machine directory in the virtual machine, acquiring the new proxy file according to the first virtual machine directory.
The new agent file is acquired by the physical host in response to the container creation instruction.
In implementation, when the container image file needs to be updated, the physical host may obtain the new proxy file in response to the container creation instruction, and mount the new proxy file under the first virtual machine directory in the virtual machine, and the specific processing procedure may refer to the processing procedures of the steps 101 to 102, which are not described herein.
After the physical host mounts the new agent file under the first virtual machine directory, the virtual machine can acquire the first virtual machine directory, and then the virtual machine can acquire the new agent file to be updated from the physical host according to the first virtual machine directory.
Optionally, the virtual machine may acquire the first virtual machine directory in a plurality of manners, and in a feasible implementation manner, the first virtual machine directory is a preset directory in the virtual machine, and the virtual machine may acquire the first virtual machine directory that is locally pre-stored. In another possible implementation, the physical host may send the first virtual machine directory to the virtual machine after mapping the host directory into the virtual machine.
Step 302, running the container based on the new agent side file.
In an implementation, the manner in which the virtual machine runs the container based on the new agent file may be varied, and in a possible implementation, the virtual machine may mount the new agent file into the root file system of the virtual machine, and then implement creation and management of the container by executing the new agent file mounted in the root file system.
Or, the virtual machine can directly execute the new agent file acquired according to the first virtual machine directory, thereby realizing the creation and management of the container.
In the embodiment of the application, in response to the fact that the physical host mounts the new agent file to be updated under a first virtual machine directory in the virtual machine, the virtual machine can acquire the new agent file according to the first virtual machine directory, and then the virtual machine can operate the container based on the new agent file. The update of the proxy file can be realized without changing the container image file stored in the physical host, so that the virtual machine can normally transmit data with the electronic equipment in the update process of the proxy file, and the container can normally operate.
Optionally, the embodiment of the present application further provides an implementation manner of creating a container based on the new proxy file, as shown in fig. 4, including the following steps:
and 401, mounting the new agent end file into a root file system of the virtual machine to obtain a second virtual machine directory.
In implementation, the virtual machine may mount the new proxy file into a root file system of the virtual machine to obtain the second virtual machine directory.
For example, the virtual machine may mount the new agent file kata-agent into the root file system of the virtual machine, resulting in a second virtual machine directory/usr/bin/kata-agent.
And step 402, acquiring a new agent file according to the second virtual machine directory.
Step 403, executing the new proxy file to create a container.
The process of the virtual machine executing the new agent file to create the container is similar to the process of the virtual machine executing the kata-agent file to create the container in the related art, and will not be repeated here.
In the embodiment of the application, the virtual machine may mount the new proxy file to a root file system of the virtual machine to obtain the second virtual machine directory. The virtual machine may then obtain the new proxy file from the second virtual machine directory, after which the virtual machine may execute the new proxy file to create a container. Thus, the creation of a container based on the updated new proxy file can be realized.
Optionally, after obtaining the second virtual machine directory, the virtual machine may further uninstall the first virtual machine directory.
For example, after the new agent side file kata-agent is mounted into the root file system of the virtual machine, the virtual machine may uninstall the first virtual machine directory/run/kata-containers/shared/containers/.
In the embodiment of the application, the virtual machine mounts the new proxy file into the root file system of the virtual machine and uninstalls the first virtual machine directory, so that the problem that the new proxy file cannot be accessed due to repeated mounting of the new proxy file can be avoided, and the updating stability of the new proxy file is improved.
Optionally, an exemplary diagram of updating a container image file provided in an embodiment of the present application, as shown in fig. 5, includes the following steps:
in step 501, the physical host responds to a container creation instruction to acquire a new proxy file to be updated.
In implementation, the processing of this step may refer to the processing of step 101, which is not described herein.
Step 502, the physical host mounts the new agent file under the container resource directory corresponding to the virtual machine, and obtains a host directory of the new agent file under the container resource directory.
In implementation, the processing procedure of this step may refer to the processing procedure of step 201, which is not described herein.
In step 503, the physical host maps the host directory to a first virtual machine directory in the virtual machines based on the directory sharing file system.
And 504, the virtual machine acquires a new agent file according to the first virtual machine directory.
In implementation, the processing of this step may refer to the processing of step 301, which is not described herein.
And 505, the virtual machine mounts the new agent end file into a root file system of the virtual machine to obtain a second virtual machine directory.
In implementation, the processing of this step may refer to the processing of step 401, which is not described herein.
And step 506, the virtual machine acquires the new agent file according to the second virtual machine directory.
In step 507, the virtual machine executes the new proxy file to create a container.
Optionally, as shown in fig. 6, a flow chart of updating a container image file is provided in an embodiment of the present application, where 610 represents a physical host, 620 represents a virtual machine, kata-containers, img represents a container image file stored in the physical host, kata-run represents an application program for performing container management, and kata-agent represents a new agent file.
Physical host 610, when configuring virtual machine 620, may mount container image files kata-containers.img into virtual machine 620 based on the nvidmm characteristics of the kernel, as a block device that is mounted to virtual machine 620, which may be denoted as/dev/pmem 0p1. After the virtual machine 620 is started, the kernel is started, and then the kernel can mount/dev/pmem 0p1 into the virtual machine as rootfs (root file system) of the virtual machine. That is, the directory of the container image file kata-containers, img is used as the root directory of the virtual machine 620, and the program script included in the container image file kata-containers, img is executed in the virtual machine 620 according to the root directory.
If the container image file needs to be updated, the physical host 610 may mount the new agent file kata-agent to be updated under the container resource directory/run/kata-containers/shared/sendboxes/$sid corresponding to the virtual machine in a bind mount manner to obtain a host directory/run/kata-containers/shared/sendboxes/$sild/kata-agent. Then, the physical host 610 may map the host directory to the first virtual machine directory/run/kata-containers/shared/containers in the virtual machine vm through the directory sharing file system 9 pfs.
During the running process of the virtual machine, the kernel starts a system md process, and the system md process may execute step S1 to pull up the reinitiate process. The preinit process may execute step S2 to access a new agent file kata-agent under the first virtual machine directory/run/kata-containers/shared/containers. Then, the preinit process may perform step S3 to copy the new agent file kata-agent under the second virtual machine directory/usr/bin. Thereafter, the system md process may run the kata-agent program by executing the kata-agent file, and the physical host 610 may perform step S4 to command the kata-agent program for container creation through the kata-run, grpc api. The kata-agent program may perform step S5 to create a container in the virtual machine 620.
Optionally, the embodiment of the present application further provides a method for updating a container image file, including: the physical host can decompress the locally stored container image file when configuring the virtual machine to obtain a decompressed catalog. The physical host may then map the decompressed directory into the virtual machine based on the directory shared file system, after which the physical host may set the decompressed directory as the root file system of the virtual machine. For convenience of distinction, the proxy file contained in the container image file is referred to as an original proxy file, and the proxy file to be updated is referred to as a new proxy file.
Subsequently, when the container image file is updated, the physical host may map the new proxy file into the virtual machine based on the directory shared file system. Then, the virtual machine can replace the original proxy file in the decompressed directory with a new proxy file.
Based on the same technical concept, the present application also provides a container creation apparatus applied to a physical host having a virtual machine deployed therein, as shown in fig. 7, the apparatus comprising:
an obtaining module 710, configured to obtain a new proxy file to be updated in response to the container creation instruction;
and the mounting module 720 is configured to mount the new proxy file under a first virtual machine directory in the virtual machine, so that the virtual machine obtains the new proxy file according to the first virtual machine directory, and runs a container based on the new proxy file.
Optionally, the mounting module includes:
the mounting sub-module is used for mounting the new agent file under the container resource directory corresponding to the virtual machine to obtain a host directory of the new agent file under the container resource directory;
and the mapping sub-module is used for mapping the host directory to a first virtual machine directory in the virtual machines.
Optionally, the mapping sub-module is configured to map the host directory to a first virtual machine directory in the virtual machines based on a directory sharing file system.
In this embodiment of the present application, a physical host may respond to a container creation instruction to obtain a proxy file to be updated, and then, the physical host may mount the new proxy file under a first virtual machine directory in a virtual machine, so that the virtual machine obtains the new proxy file according to the first virtual machine directory, and runs the container based on the new proxy file.
Because the update of the proxy-side file can be realized without replacing the container image file stored in the physical host, the virtual machine can normally transmit data with the physical host in the process of updating the container image file, and the container can normally operate.
Based on the same technical concept, the present application also provides a container creation apparatus applied to a virtual machine deployed in a physical host, as shown in fig. 8, the apparatus comprising:
an obtaining module 810, configured to obtain, in response to the physical host mounting a new proxy file to be updated under a first virtual machine directory in the virtual machine, the new proxy file according to the first virtual machine directory;
and the operation module 820 is used for operating the container based on the new agent file.
Optionally, the operation module includes:
the mounting sub-module is used for mounting the new agent end file into a root file system of the virtual machine to obtain a second virtual machine directory;
the obtaining submodule is used for obtaining the new agent end file according to the second virtual machine directory;
and the execution sub-module is used for executing the new proxy file to create a container.
Optionally, the operation module further includes:
and the unloading submodule is used for unloading the first virtual machine directory.
In the embodiment of the application, in response to the fact that the physical host mounts the new agent file to be updated under a first virtual machine directory in the virtual machine, the virtual machine can acquire the new agent file according to the first virtual machine directory, and then the virtual machine can operate the container based on the new agent file. The update of the proxy file can be realized without changing the container image file stored in the physical host, so that the virtual machine can normally transmit data with the electronic equipment in the update process of the proxy file, and the container can normally operate.
Based on the same technical concept, the embodiment of the present application further provides an electronic device, as shown in fig. 9, including a processor 901, a communication interface 902, a memory 903, and a communication bus 904, where the processor 901, the communication interface 902, and the memory 903 perform communication with each other through the communication bus 904,
a memory 903 for storing a computer program;
the processor 901 is configured to implement any of the above container creation method steps executed by the physical host or any of the above container creation method steps executed by the virtual machine when executing the program stored in the memory 903.
The communication bus mentioned above for the electronic devices may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the electronic device and other devices.
The Memory may include random access Memory (Random Access Memory, RAM) or may include Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processing, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In yet another embodiment provided herein, there is also provided a computer readable storage medium having stored therein a computer program which when executed by a processor implements the steps of any of the container creation methods described above.
In yet another embodiment provided herein, there is also provided a computer program product containing instructions that, when run on a computer, cause the computer to perform any of the container creation methods of the above embodiments.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is merely a specific embodiment of the application to enable one skilled in the art to understand or practice the application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.