CN112256387B - Container migration method in container cloud platform - Google Patents

Container migration method in container cloud platform Download PDF

Info

Publication number
CN112256387B
CN112256387B CN202011082140.XA CN202011082140A CN112256387B CN 112256387 B CN112256387 B CN 112256387B CN 202011082140 A CN202011082140 A CN 202011082140A CN 112256387 B CN112256387 B CN 112256387B
Authority
CN
China
Prior art keywords
node
computing
load
representing
container
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011082140.XA
Other languages
Chinese (zh)
Other versions
CN112256387A (en
Inventor
谭一鸣
徐斌
史安生
张智鹏
齐璇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kirin Software Co Ltd
Original Assignee
Kirin Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kirin Software Co Ltd filed Critical Kirin Software Co Ltd
Priority to CN202011082140.XA priority Critical patent/CN112256387B/en
Publication of CN112256387A publication Critical patent/CN112256387A/en
Application granted granted Critical
Publication of CN112256387B publication Critical patent/CN112256387B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

A container migration method in a container cloud platform selects a target computing node for container migration by combining integrity, reliability, availability and system security level except considering the performance and type of the target computing node when the container is migrated, wherein the measurement of the reliability of the computing node is evaluated from the aspects of direct reliability and recommended reliability, and a container reliability migration algorithm meeting performance constraint is designed. According to experimental results, compared with the traditional algorithm, the method provided by the application has the advantages that the standard deviation is reduced by 51.7% in the aspect of the load value of each calculation node, the range is reduced by 52%, and the number of additional container migration caused by downtime of the calculation nodes is reduced by 48.4%.

Description

Container migration method in container cloud platform
Technical Field
The invention belongs to the technical field of container cloud platforms, and particularly relates to a container migration method in a container cloud platform.
Background
In the running process of the container cloud platform, the situation that load among a plurality of computing nodes is unbalanced, or one computing node fails, or a part or all of containers on one computing node need to be migrated to other computing nodes due to personalized requirements of users often occurs, and the core problem of container migration is how to select a target computing node. The current container migration algorithm only considers the requirements of the container on the type of the computing node, for example, a compute intensive container will be dispatched to a computing node with a stronger processor capability, a network intensive container will be dispatched to a node with a larger network bandwidth, a memory intensive container will be dispatched to a computing node with a hard disk being an SSD hard disk, and the main index for measuring whether the target computing node is suitable is whether the load of the whole cluster is balanced or not and whether the processing performance of the container is efficient or not.
However, the security characteristics of the target node are not considered during container migration in the container cloud platform at present, and the security level of the computing node is not considered by different computing tasks.
Disclosure of Invention
In order to solve the above problems, the present invention provides a method for migrating a container in a container cloud platform, the method comprising the steps of:
acquiring a container to be migrated and all computing nodes in a container cloud platform;
calculating the direct credibility and the recommended credibility of each calculation node;
calculating the comprehensive credibility and the average value of the comprehensive credibility of each calculation node according to the direct credibility and the recommended credibility;
acquiring the load condition corresponding to each computing node;
dividing all the computing node correspondence into a light load node set, a medium load node set or a heavy load node set according to the load condition;
judging whether the light load node set is not empty or not;
if yes, a first computing node with the minimum load and the integrated reliability larger than the integrated reliability average value in the light-load node set is obtained, and the container is migrated to the first computing node;
if not, judging whether the medium-load node set is not empty;
if yes, acquiring a second computing node with the highest comprehensive reliability in the medium-load node set, and migrating the container to the second computing node;
if not, judging whether the heavy load node set is not empty;
if yes, acquiring a third computing node with the smallest load in the heavy load node set, and migrating the container to the third computing node;
and if not, returning to the step of judging whether the light load node set is not empty.
Preferably, the expression of the direct confidence is:
Figure GDA0004222787440000021
wherein t is i ' representing a computing node c i Direct confidence of (in) i Representing a computing node c i Is de i Representing a computing node c i Reliability of (av) i Representing a computing node c i Availability of se i Representing a computing node c i Is a i (i=1, 2,3, 4) represents a weight, and
Figure GDA0004222787440000022
preferably, the expression of the recommendation credibility is:
Figure GDA0004222787440000023
wherein t is i "represents computing node c i Recommendation credibility, id of (c) i Representing a computing node c i EXP () represents an exponential function based on e, w i Representing a computing node c j To computing node c i The weight of the edge.
Preferably, the expression of the integrated reliability is:
Figure GDA0004222787440000031
wherein t is i Representing a computing node c i Alpha represents a trusted factor, alpha e [0,1 ]],t i ' representing a computing node c i Is the direct confidence level, t i "represents computing node c i Is recommended credibility of (1).
Preferably, the expression of the integrated reliability average value is:
Figure GDA0004222787440000032
wherein, the liquid crystal display device comprises a liquid crystal display device,
Figure GDA0004222787440000033
representing the integrated reliability average value, t, of all computing nodes i Representing a computing node c i And N represents the total number of compute nodes.
Preferably, the step of dividing all the computing nodes into a light load node set, a medium load node set or a heavy load node set according to the load condition includes the following steps:
preset node light load threshold l light And node overload threshold l heavy The method comprises the steps of carrying out a first treatment on the surface of the Wherein 0 < l light <l heavy <1;
Presetting a first empty set C light Second empty set C normal And a third empty set C heavy The method comprises the steps of carrying out a first treatment on the surface of the Judging whether the load corresponding to each computing node is smaller than or equal to the node light load threshold value or not;
if yes, dividing the computing nodes into the first empty set and obtaining the light-load node set;
if not, judging whether the load corresponding to each computing node is greater than or equal to the node reload threshold;
if yes, dividing the computing node into the third empty set and obtaining the reload node set;
if not, dividing the computing node into the second empty set and obtaining the medium-load node set.
Preferably, the expression of the light load node set is:
C light ={c j |1≤j≤N,0≤l j ≤l light },
wherein C is light Representing a light load node set, c j Represents the number of the computing nodes, j represents the number of the computing nodes, N represents the total number of the computing nodes, and l j Representing node c j Load conditions of l light Representing the node light load threshold.
Preferably, the expression of the medium node set is:
C normal ={c j |1≤j≤N,l light <l j <l heavy },
wherein C is normal Representing a set of medium-load nodes, c j Represents the number of the computing nodes, j represents the number of the computing nodes, N represents the total number of the computing nodes, and l j Representing node c j Load conditions of l light Representing the light load threshold value of the node, l heavy Representing a node reload threshold.
Preferably, the expression of the heavy load node set is:
C heavy ={c j |1≤j≤N,l heavy ≤l j ≤1},
wherein C is heavy Representing a set of overloaded nodes, c j Represents the number of the computing nodes, j represents the number of the computing nodes, N represents the total number of the computing nodes, and l j Representing node c j Load conditions of l heavy Representing a node reload threshold.
The application proposes that when a container is migrated, the target computing node of the container is selected by combining the integrity, the reliability, the availability and the system security level except considering the performance and the type of the target computing node, wherein the measurement of the reliability of the computing node is evaluated from the aspects of direct reliability and recommended reliability. And a container trusted migration algorithm is designed that satisfies performance constraints. According to experimental results, compared with the traditional algorithm, the method provided by the application has the advantages that the standard deviation is reduced by 51.7% in the aspect of the load value of each calculation node, the range is reduced by 52%, and the number of additional container migration caused by downtime of the calculation nodes is reduced by 48.4%.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained from these drawings without inventive faculty for a person skilled in the art.
FIG. 1 is a schematic flow chart of a method for migrating a container in a container cloud platform according to the present invention;
fig. 2 is a schematic diagram of a comparison between a container migration method and a TPMA algorithm in a container cloud platform provided by the present invention;
fig. 3 is a schematic diagram of comparison between a container migration method and a TTMA algorithm in a container cloud platform provided by the present invention.
Detailed Description
The objects, technical solutions and advantages of the present invention will become more apparent by the following detailed description of the present invention with reference to the accompanying drawings. It should be understood that the description is only illustrative and is not intended to limit the scope of the invention. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the present invention.
Referring to fig. 1, in an embodiment of the present application, the present invention provides a method for migrating a container in a container cloud platform, where the method includes the steps of:
s1: acquiring a container to be migrated and all computing nodes in a container cloud platform;
s2: calculating the direct credibility and the recommended credibility of each calculation node;
s3: calculating the comprehensive credibility and the average value of the comprehensive credibility of each calculation node according to the direct credibility and the recommended credibility;
s4: acquiring the load condition corresponding to each computing node;
s5: dividing all the computing node correspondence into a light load node set, a medium load node set or a heavy load node set according to the load condition;
s6: judging whether the light load node set is not empty or not;
s7: if yes, a first computing node with the minimum load and the integrated reliability larger than the integrated reliability average value in the light-load node set is obtained, and the container is migrated to the first computing node;
s8: if not, judging whether the medium-load node set is not empty;
s9: if yes, acquiring a second computing node with the highest comprehensive reliability in the medium-load node set, and migrating the container to the second computing node;
s10: if not, judging whether the heavy load node set is not empty;
s11: if yes, acquiring a third computing node with the smallest load in the heavy load node set, and migrating the container to the third computing node;
s12: and if not, returning to the step of judging whether the light load node set is not empty.
When the method is used for migrating the container in the container cloud platform, firstly, the container to be migrated and all computing nodes in the container cloud platform are obtained, and the direct credibility and the recommended credibility of each computing node are calculated; then, calculating the comprehensive credibility and the average value of the comprehensive credibility of each calculation node according to the direct credibility and the recommended credibility; then, obtaining a load condition corresponding to each computing node, and dividing the corresponding computing nodes into a light load node set, a medium load node set or a heavy load node set according to the load condition; when a container is migrated, firstly considering a light-load node set, judging whether the light-load node set is not empty at the moment, and when the light-load node set is not empty, acquiring a first computing node with the minimum load and the integrated reliability larger than the integrated reliability average value in the light-load node set at the moment, and migrating the container to the first computing node; when the light load node set is an empty set, the medium load node set is preferentially considered at the moment, whether the medium load node set is not empty is judged, and when the medium load node set is not the empty set, a second computing node with the maximum comprehensive reliability in the medium load node set is acquired at the moment, and the container is migrated to the second computing node; when the medium load node set is an empty set, considering the reload node set at the moment, and judging whether the reload node set is not empty; when the reloading node set is not an empty set, acquiring a third computing node with the smallest load in the reloading node set, and migrating the container to the third computing node; and when the heavy load node set is an empty set, returning to the step of judging whether the light load node set is not empty or not, and circulating the operation.
In the embodiment of the present application, the expression of the direct reliability in step S2 is:
Figure GDA0004222787440000061
wherein t is i ' representing a computing node c i Direct confidence of (in) i Representing a computing node c i Is de i Representing a computing node c i Reliability of (av) i Representing a computing node c i Availability of se i Representing a computing node c i Is a i (i=1, 2,3, 4) represents a weight, and
Figure GDA0004222787440000062
in the embodiment of the present application, the expression of the recommendation reliability in step S2 is:
Figure GDA0004222787440000063
wherein t is i "represents computing node c i Recommendation credibility, id of (c) i Representing a computing node c i EXP () represents an exponential function based on e, w j Representing a computing node c j To computing node c i The weight of the edge.
In the embodiment of the present application, the expression of the integrated reliability in step S3 is:
Figure GDA0004222787440000071
wherein t is i Representing a computing node c i Alpha represents a trusted factor, alpha e [0,1 ]],t i ' representing a computing node c i Is the direct confidence level, t i "represents computing node c i Is recommended credibility of (1).
In the embodiment of the present application, the expression of the integrated reliability average value in step S3 is:
Figure GDA0004222787440000072
wherein, the liquid crystal display device comprises a liquid crystal display device,
Figure GDA0004222787440000073
representing the integrated reliability average value, t, of all computing nodes i Representing a computing node c i And N represents the total number of compute nodes.
In this embodiment of the present application, the classifying, according to the load condition, all the computing node correspondence in step S5 into a light load node set, a medium load node set or a heavy load node set includes the steps of:
preset node light load threshold l light And node overload threshold l heavy The method comprises the steps of carrying out a first treatment on the surface of the Wherein 0 < l light <l heavy <1;
Presetting a first empty set C light Second empty set C normal And a third empty set C heavy
Judging whether the load corresponding to each computing node is smaller than or equal to the node light load threshold value or not;
if yes, dividing the computing nodes into the first empty set and obtaining the light-load node set;
if not, judging whether the load corresponding to each computing node is greater than or equal to the node reload threshold;
if yes, dividing the computing node into the third empty set and obtaining the reload node set;
if not, dividing the computing node into the second empty set and obtaining the medium-load node set.
In the embodiment of the application, a node light load threshold value l is preset first light And node overload threshold l heavy And a first empty set, a second empty set, and a third empty set, wherein 0 < l light <l heavy < 1; then, the load corresponding to each calculation node is respectively connected with the node light load threshold value l ligh And node overload threshold l heavy Comparing the sizes, and when the load is smaller than the node light load threshold value l light Dividing the computing node corresponding to the load into a first empty set; when the load is greater than the node overload threshold l heavy Dividing the computing node corresponding to the load into a third empty set; when the load is between the node light load threshold l light And node overload threshold l heavy And when the load is in the middle, the computing nodes corresponding to the load are divided into a second empty set. After the above operations are completed for all the computing nodes, the first empty set, the second empty set and the third empty set become a light load node set, a medium load node set and a heavy load node set respectively.
In this embodiment of the present application, the expression of the light load node set is:
C light ={c j |1≤j≤N,0≤l j ≤l light },
wherein C is light Representing a light load node set, c j Represents the number of the computing nodes, j represents the number of the computing nodes, N represents the total number of the computing nodes, and l j Representing node c j Load conditions of l light Representing the node light load threshold.
In this embodiment of the present application, the expression of the intermediate node set is:
C normal ={c j |1≤j≤N,l light <l j <l heavy },
wherein C is normal Representing a set of medium-load nodes, c j Represents the number of the computing nodes, j represents the number of the computing nodes, N represents the total number of the computing nodes, and l j Representing node c j Load conditions of l light Representing the light load threshold value of the node, l heavy Representing a node reload threshold.
In this embodiment of the present application, the expression of the heavy load node set is:
C heavy ={c j |1≤j≤N,l heavy ≤l j ≤1},
wherein C is heavy Representing a set of overloaded nodes, c j Represents the number of the computing nodes, j represents the number of the computing nodes, N represents the total number of the computing nodes, and l j Representing node c j Load conditions of l heavy Representing a node reload threshold.
Some of the terms in this application are explained below, specifically as follows:
a container: the method is a lightweight virtualization technology capable of realizing computing resources of an operating system, and a container packages application software and a dependent running environment, so that isolation of resources such as a processor, a memory, a file system and the like is controllable.
Trusted: a computing node is trusted in the sense that the behavior of the computing node always behaves in the expected manner, and a highly trusted node should have high integrity, high reliability, high availability and high security level.
Integrity: integrity refers to the degree to which information such as system software configuration information, user core data and the like of a computing node is destroyed or tampered with, and the computing node c i The integrity of (a) can be expressed as in i And 0.ltoreq.in i 1, in particular when not destroyed or tampered with i =1; when part of non-critical information is destroyed or tampered with, 0<in i <1, a step of; in when critical configuration information, core system software and critical user data are tampered with or corrupted i =0。
Reliability degree: reliability refers to the probability that a computing system will operate smoothly without failure for a specified period of time. Assuming that the probability of failure of the computing node obeys the exponential distribution, computing node c i Reliability of (1) can be expressed as de i =e -λt Wherein lambda represents failure rate, t represents normal operation time of the computing node, t 0 Indicating the moment of the last failure of a computing node, t x For unreliable time threshold, i.e. calculating node running time t.ltoreq.t x At this time de i =0;t y Is a safety threshold, i.e. the running time t of the computing node is more than or equal to t y At this time de i =1; when t x <t<t y Time, 0<de i <1。
Availability degree: availability means the time ratio occupied by the node in a certain period of time for normally providing service, node c i Availability of (C) can be expressed as
Figure GDA0004222787440000091
And 0.ltoreq.av i And is less than or equal to 1. Wherein MF is i Representing node c i Mean time between failure, MR i Representing node c i Is used for the average recovery time of (a). In particular, when node c i When the service can be stably provided within a certain period of time, av i =1。
Security level: the security level refers to the capability level of computer system security protection, node c i Can be expressed as se i . According to the standard, the security class of the computer system is classified into 5 classes and 5 classes time-base i =1; level 4 time se i =0.75; level 3 time se i =0.5; level 2 time se i =0.25; level 1 time se i =0.1。
Direct confidence level: direct trust refers to reflecting the computing node c i The degree of self integrity, reliability, availability, and security level can be expressed as: t is t i ' and 0.ltoreq.t i ′≤1。
In the cloud platform, if node c i Container on migration to node c j Above, node c can be referred to as i And node c j A trust relationship occurs. Also, if node c j Migrate the container thereon to node c k Slave node c i To node c j To node c k A chain of trust is formed. When all computing nodes are considered, a trust network is formed according to the locus of container migration.
Trust network: in a cloud platform, a trust network refers to a logical trust relationship graph formed from trajectories of container migration on computing nodes. The trust network may be represented as a directed weighted graph, which may be represented as g= (C, T', E, W). Wherein the point set c= { C 1 ,c 2 ,…,c N -represents a set of computing nodes in the cloud, vertex number |c|=n; t' ={t 1 ′,t′ 2 ,…,t′ k ) Representing a set of direct trustworthiness of a compute node, where t i ' node c i Is a direct confidence level of (2). Edge set e= { E 1 ,e 2 ,…,e K The trust relation set between nodes is E, C x C, and the edge number is E T |=K;W={w 1 ,w 2 ,…,w K ) A set of weights representing edges, where w i For edge e i The weight of (2) indicates the number of container transitions along the direction of the directed edge. In particular, node c i And node c j The directional edges between may be bi-directional.
Migrating into a node set: in the trust network G, a node c i The set of migrating nodes of (a) refers to the set of migrating nodes denoted as c i For migration purposes, with node c i Node set with migration relationship and node c i The set of migrating nodes of (1) may be represented as
Figure GDA0004222787440000101
And->
Figure GDA0004222787440000102
Migration degree: c is set forth in i To migrate a target, migrate a set of nodes
Figure GDA0004222787440000103
The number of the middle nodes is called node c i Is represented as id i I.e. +.>
Figure GDA0004222787440000104
In practice, the trust network is dynamic, and the weights on the edges of the trust network also change dynamically, so that the trust network reflects the trust relationship of the computing nodes in the cloud platform at the current moment.
Recommendation confidence level: node c i Recommendation credibility of (c) means that all sum nodes c in the cloud platform i Node-to-node c where migration relationship occurs i Evaluation of the degree of trust, and node c i Is expressed as recommended credibility of (1):t i "and 0.ltoreq.t i ″≤1。
Comprehensive credibility: the comprehensive credibility means a comprehensive evaluation of the credibility of the computing node by combining the direct credibility and the recommended credibility, and the computing node c i The integrated confidence level of (c) may be expressed as t i I.e. t i =f(t i ′,t i ″),0≤t i ≤1。
Container migration method (TVM) in container cloud platform provided by the application 2 PC) is described as follows:
Figure GDA0004222787440000111
Figure GDA0004222787440000121
the method provided in the present application is described below with specific examples.
To verify a container migration method (container trusted migration algorithm meeting performance constraint, TVM) in a container cloud platform provided in the present application 2 PC), the application uses a Matlab discrete event simulation tool to perform simulation experiments, and related parameters and values or value ranges related to experimental environments are as follows: the number of containers to be migrated is m=1600, the total number of computing nodes in the cloud platform is n=16, namely, each node is provided with 100 containers initially, and all the containers are numbered sequentially, namely vm 1 ,vm 2 ,…,vm 1600 . Computing node c i Is the integrated confidence level t of (2) i The initial value is in the range of 0,1]Random generation is carried out, the comprehensive credibility of each node is dynamically changed along with the change of the operation environment, and the node c is calculated i Initial load degree l of (2) j Also in the range [0,1 ]]Random generation, trusted factor alpha=0.6, light load threshold l light =0.3, heavy duty threshold l heavy =0.8。
In the experiment, in order to simulate the authenticity of the experiment, the container is randomly selected to be migrated each time, and is provided withThe time interval between two container transfers was set to 5 seconds. Also for the authenticity of the simulation experiment, 1 physical compute node was randomly selected to fail 3 times, and the time interval of the physical compute node failure was assumed to follow the exponential distribution, and the time interval could pass through a negative exponential distribution function
Figure GDA0004222787440000122
The mobility λ represents the number of containers to be migrated per unit time. In order to ensure the correctness of the experimental process, according to the mobility lambda, different values are taken, lambda= {1,2,3,4,5}, 5 groups of experiments are carried out, and the experimental results are the average value of the experimental results of 5 groups.
In order to verify a container migration method (TVM) in a container cloud platform provided by the application 2 PC) in terms of performance, the present application devised a trusted preferential migration algorithm (Trusted Priority Migration Algorithm, TPMA) as a control, the algorithm idea of which is: when the container is to be migrated, the container is migrated to the node with the highest comprehensive credibility. And combining TPMA and TVM 2 The PC compares the load conditions of all the computing nodes, and the comparison of the test results is shown in FIG. 2.
From the experimental results of fig. 2, it was found that the algorithm (TVM 2 PC), the load between each computing node tends to be balanced, and when a Trusted Priority Migration Algorithm (TPMA) is adopted, the load between each computing node appears a phenomenon of large rise and fall. In particular, TVM is adopted 2 In the PC algorithm, the standard deviation of the load values of all the calculation nodes is about 0.1, and the range is about 0.36; the standard deviation of TPMA is about 0.21, with a range of about 0.75. I.e. the standard deviation is reduced by 51.7% and the range is reduced by 52%. As shown in fig. 2, the TVM2PC algorithm is adopted to better ensure load balance between computing nodes.
In addition, in order to verify the algorithm (TVM 2 PC) in terms of trustworthiness and correctness, TVM 2 The PC is compared with a conventional trusted migration algorithm (Tradition Trusted Migration Algorithm, TTMA), the main idea of which is: determining the trustworthiness of a node based on integrityIf the container is to be migrated, the container is migrated to a node which is not overloaded and has good integrity, and the comparison of test results is shown in fig. 3 regardless of factors such as reliability, availability and the like.
In the cloud platform, when node failure occurs, all containers on the cloud platform need to be migrated to other nodes, and a large amount of additional container migration is caused, namely, in addition to 1600 container migration set in an experiment, container migration caused by computing node failure is also required. From the experimental results of FIG. 3, it was found that TVM was used in 5 experiments 2 In the PC algorithm, the number of additional container migration times is significantly smaller than that of the conventional trusted migration algorithm (TTMA), and the number of 5 migration times is respectively: 187 times, 125 times, 216 times, 89 times, 146 times; when the TTMA algorithm is adopted, the migration times for 5 times are respectively as follows: 337 times, 297 times, 317 times, 216 times, 287 times. The number of five additional container transfers was reduced by 48.4% on average. As shown in fig. 3. The analysis reason is that the TTMA algorithm does not consider the reliability of the migration target computing node, but replaces the reliability by the integrity, which is one of the main shortfalls of the current trusted computing. While TVM 2 The PC algorithm considers the reliability of the nodes, when one computing node is down, and when the operation time t of the computing node is smaller than the unreliable time threshold tx, the comprehensive reliability of the node is known to be 0 according to the comprehensive reliability formula, so that containers on other nodes cannot migrate to the node within the unreliable time threshold tx, and if the node is down again, a large number of additional container migration can be avoided. Thus, TVM 2 The PC algorithm greatly reduces the occurrence of migration-needed situations of a large number of containers caused by unreliable nodes.
The application proposes that when a container is migrated, the target computing node of the container is selected by combining the integrity, the reliability, the availability and the system security level except considering the performance and the type of the target computing node, wherein the measurement of the reliability of the computing node is evaluated from the aspects of direct reliability and recommended reliability. And a container trusted migration algorithm is designed that satisfies performance constraints. According to experimental results, compared with the traditional algorithm, the method provided by the application has the advantages that the standard deviation is reduced by 51.7% in the aspect of the load value of each calculation node, the range is reduced by 52%, and the number of additional container migration caused by downtime of the calculation nodes is reduced by 48.4%.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explanation of the principles of the present invention and are in no way limiting of the invention. Accordingly, any modification, equivalent replacement, improvement, etc. made without departing from the spirit and scope of the present invention should be included in the scope of the present invention. Furthermore, the appended claims are intended to cover all such changes and modifications that fall within the scope and boundary of the appended claims, or equivalents of such scope and boundary.

Claims (5)

1. A method of container migration in a container cloud platform, the method comprising the steps of:
acquiring a container to be migrated and all computing nodes in a container cloud platform;
calculating the direct credibility and the recommended credibility of each calculation node;
calculating the comprehensive credibility and the average value of the comprehensive credibility of each calculation node according to the direct credibility and the recommended credibility;
acquiring the load condition corresponding to each computing node;
dividing all the computing node correspondence into a light load node set, a medium load node set or a heavy load node set according to the load condition;
judging whether the light load node set is not empty or not;
if yes, a first computing node with the minimum load and the integrated reliability larger than the integrated reliability average value in the light-load node set is obtained, and the container is migrated to the first computing node;
if not, judging whether the medium-load node set is not empty;
if yes, acquiring a second computing node with the highest comprehensive reliability in the medium-load node set, and migrating the container to the second computing node;
if not, judging whether the heavy load node set is not empty;
if yes, acquiring a third computing node with the smallest load in the heavy load node set, and migrating the container to the third computing node;
if not, returning to the step of judging whether the light load node set is not empty;
wherein, the liquid crystal display device comprises a liquid crystal display device,
a container: the method is a lightweight virtualization technology capable of realizing computing resources of an operating system, and a container packages application software and a dependent running environment, so that isolation and control of resources such as a processor, a memory, a file system and the like are realized;
trusted: a computing node is trusted means that the behavior of the computing node always behaves in the expected manner, a highly trusted node should have high integrity, high reliability, high availability and high security level;
integrity: integrity refers to the degree to which information such as system software configuration information, user core data and the like of a computing node is destroyed or tampered with, and the computing node c i The integrity of (a) can be expressed as in i And 0.ltoreq.in i 1, in particular when not destroyed or tampered with i =1; when part of non-critical information is destroyed or tampered with, 0<in i <1, a step of; in when critical configuration information, core system software and critical user data are tampered with or corrupted i =0;
Reliability degree: reliability refers to the probability of a computing system running smoothly without failure within a specified time; assuming that the probability of failure of the computing node obeys the exponential distribution, computing node c i Reliability of (1) can be expressed as de i =e -λt Wherein lambda represents failure rate, t represents normal operation time of the computing node, t 0 Indicating the moment of the last failure of a computing node, t x For unreliable time threshold, i.e. calculating node running time t.ltoreq.t x At this time de i =0;t y Is a safety threshold, i.e. the running time t of the computing node is more than or equal to t y At this time de i =1; when t x <t<t y Time, 0<de i <1;
Availability degree: availability means the time ratio occupied by the node in a certain period of time for normally providing service, node c i Availability of (C) can be expressed as
Figure QLYQS_1
And 0.ltoreq.av i Is less than or equal to 1; wherein MF is i Representing node c i Mean time between failure, MR i Representing node c i Average recovery time of (2); in particular, when node c i When the service can be stably provided within a certain period of time, av i =1;
Security level: the security level refers to the capability level of computer system security protection, node c i Can be expressed as se i The method comprises the steps of carrying out a first treatment on the surface of the According to the standard, the security class of the computer system is classified into 5 classes and 5 classes time-base i =1; level 4 time se i =0.75; level 3 time se i =0.5; level 2 time se i =0.25; level 1 time se i =0.1;
Direct trust refers to reflecting the computing node c i The degree of self integrity, reliability, availability, and security level can be expressed as: t is t i ' and 0.ltoreq.t i ′≤1;
The expression of the direct credibility is as follows:
Figure QLYQS_2
wherein t' i Representing a computing node c i Direct confidence of (in) i Representing a computing node c i Is de i Representing a computing node c i Reliability of (av) i Representing a computing node c i Availability of se i Representing a computing node c i Is a i (i=1, 2,3, 4) represents a weight, and
Figure QLYQS_3
recommendation credibility refers to all sum nodes c in the cloud platform i Node-to-node c where migration relationship occurs i Evaluation of the degree of trust, and node c i The recommendation credibility of (1) is expressed as: t is t i "and 0.ltoreq.t i ″≤1;
The expression of the recommendation credibility is as follows:
Figure QLYQS_4
wherein t is i "represents computing node c i Recommendation credibility, id of (c) i Representing a computing node c i EXP () represents an exponential function based on e, w j Representing a computing node c j To computing node c i The weight of the edge;
the comprehensive credibility means a comprehensive evaluation of the credibility of the computing node by combining the direct credibility and the recommended credibility, and the computing node c i The integrated confidence level of (c) may be expressed as t i I.e. t i =f(t i ′,t i ″),0≤t i ≤1;
The expression of the comprehensive credibility is as follows:
Figure QLYQS_5
wherein t is i Representing a computing node c i Alpha represents a trusted factor, alpha e [0,1 ]],t i ' representing a computing node c i Is the direct confidence level, t i "representing compute node c i Is recommended credibility of (1);
the expression of the integrated reliability average value is:
Figure QLYQS_6
wherein, the liquid crystal display device comprises a liquid crystal display device,
Figure QLYQS_7
representing the integrated reliability average value, t, of all computing nodes i And (5) representing the comprehensive credibility of the computing nodes, and N represents the total number of the computing nodes.
2. The method for migrating containers in a container cloud platform according to claim 1, wherein the step of classifying all the computing node correspondences into a light-load node set, a medium-load node set, or a heavy-load node set according to the load condition comprises the steps of:
preset node light load threshold l light And node overload threshold l heavy The method comprises the steps of carrying out a first treatment on the surface of the Wherein 0 < l light <l heavy <1;
Presetting a first empty set C light Second empty set C normal And a third empty set C heavy
Judging whether the load corresponding to each computing node is smaller than or equal to the node light load threshold value or not;
if yes, dividing the computing nodes into the first empty set and obtaining the light-load node set;
if not, judging whether the load corresponding to each computing node is greater than or equal to the node reload threshold;
if yes, dividing the computing node into the third empty set and obtaining the reload node set;
if not, dividing the computing node into the second empty set and obtaining the medium-load node set.
3. The method for migrating a container in a container cloud platform according to claim 2, wherein the expression of the light-load node set is:
C light ={c j |1≤j≤N,0≤l j ≤l light },
wherein C is light Representing a light load node set, c j Represents the number of the computing nodes, j represents the number of the computing nodes, N represents the total number of the computing nodes, and l j Representing node c j Load conditions of l light Representing node lightAnd (5) loading a threshold value.
4. The method for migrating containers in a container cloud platform according to claim 2, wherein the expression of the medium-load node set is:
C normal ={c j |1≤j≤N,l light <l j <l heavy },
wherein C is normal Representing a set of medium-load nodes, c j Represents the number of the computing nodes, j represents the number of the computing nodes, N represents the total number of the computing nodes, and l j Representing node c j Load conditions of l light Representing the light load threshold value of the node, l heavy Representing a node reload threshold.
5. The method for migrating containers in a container cloud platform according to claim 2, wherein the expression of the heavy-duty node set is:
C heavy ={c j |1≤j≤N,l heavy ≤l j ≤1},
wherein C is heavy Representing a set of overloaded nodes, c j Represents the number of the computing nodes, j represents the number of the computing nodes, N represents the total number of the computing nodes, and l j Representing node c j Load conditions of l heavy Representing a node reload threshold.
CN202011082140.XA 2020-10-12 2020-10-12 Container migration method in container cloud platform Active CN112256387B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011082140.XA CN112256387B (en) 2020-10-12 2020-10-12 Container migration method in container cloud platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011082140.XA CN112256387B (en) 2020-10-12 2020-10-12 Container migration method in container cloud platform

Publications (2)

Publication Number Publication Date
CN112256387A CN112256387A (en) 2021-01-22
CN112256387B true CN112256387B (en) 2023-06-27

Family

ID=74242006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011082140.XA Active CN112256387B (en) 2020-10-12 2020-10-12 Container migration method in container cloud platform

Country Status (1)

Country Link
CN (1) CN112256387B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8208637B2 (en) * 2007-12-17 2012-06-26 Microsoft Corporation Migration of computer secrets
CN106095532A (en) * 2016-06-12 2016-11-09 北京大学 A kind of virtual machine load balancing sacurity dispatching method in cloud environment
CN110134495A (en) * 2019-05-21 2019-08-16 山东大学 A kind of container is across the online moving method of host, storage medium and terminal device
CN110888713A (en) * 2019-11-15 2020-03-17 西安石油大学 Trusted virtual machine migration algorithm for heterogeneous cloud data center
CN111190688A (en) * 2019-12-19 2020-05-22 西安交通大学 Cloud data center-oriented Docker migration method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8208637B2 (en) * 2007-12-17 2012-06-26 Microsoft Corporation Migration of computer secrets
CN106095532A (en) * 2016-06-12 2016-11-09 北京大学 A kind of virtual machine load balancing sacurity dispatching method in cloud environment
CN110134495A (en) * 2019-05-21 2019-08-16 山东大学 A kind of container is across the online moving method of host, storage medium and terminal device
CN110888713A (en) * 2019-11-15 2020-03-17 西安石油大学 Trusted virtual machine migration algorithm for heterogeneous cloud data center
CN111190688A (en) * 2019-12-19 2020-05-22 西安交通大学 Cloud data center-oriented Docker migration method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于可信计算的虚拟机在线迁移机制;汤琳琳 于治楼;《信息技术与信息化》;20170331;全文 *

Also Published As

Publication number Publication date
CN112256387A (en) 2021-01-22

Similar Documents

Publication Publication Date Title
US10924535B2 (en) Resource load balancing control method and cluster scheduler
WO2018000991A1 (en) Data balancing method and device
US20210211492A1 (en) Pairwise comparison for load balancing
US20140082202A1 (en) Method and Apparatus for Integration of Virtual Cluster and Virtual Cluster System
CN112988398B (en) Micro-service dynamic scaling and migration method and device
US7475217B2 (en) Method of managing storage capacity in storage system, a storage device and a computer system
US20140059559A1 (en) Intellegent tiering
WO2016128049A1 (en) Method for running a virtual machine
CN109189552B (en) Virtual network function capacity expansion and capacity reduction method and system
CN106133693A (en) The moving method of virtual machine, device and equipment
CN106528270A (en) Automatic migration method and system of virtual machine based on OpenStack cloud platform
WO2021141875A1 (en) Automated local scaling of compute instances
CN109191287A (en) A kind of sharding method, device and the electronic equipment of block chain intelligence contract
CN111381928A (en) Virtual machine migration method, cloud computing management platform and storage medium
CN111290699A (en) Data migration method, device and system
CN111913670A (en) Load balancing processing method and device, electronic equipment and storage medium
US20120054762A1 (en) Scheduling apparatus and method for a multicore device
CN108089918B (en) Graph computation load balancing method for heterogeneous server structure
CN107861873B (en) Test case priority adjusting method based on two-attribute hierarchical adjustment
US10616064B2 (en) Soft reservation techniques and systems for virtualized environments
CN112256387B (en) Container migration method in container cloud platform
US20230393898A1 (en) Pre-emptive scheduling of workloads to enable improved sharing of resources
US10860254B2 (en) Throttling resynchronization operations in a data store cluster based on I/O bandwidth limits
CN112130927A (en) Reliability-enhanced mobile edge computing task unloading method
CN107368355B (en) Dynamic scheduling method and device of virtual machine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant