CN117667296A - Restarting method and device of target container - Google Patents

Restarting method and device of target container Download PDF

Info

Publication number
CN117667296A
CN117667296A CN202211041299.6A CN202211041299A CN117667296A CN 117667296 A CN117667296 A CN 117667296A CN 202211041299 A CN202211041299 A CN 202211041299A CN 117667296 A CN117667296 A CN 117667296A
Authority
CN
China
Prior art keywords
target
program
target program
unpacking
container
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211041299.6A
Other languages
Chinese (zh)
Inventor
刘超
赵国庆
蒋宁
曾琳铖曦
杜晓宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mashang Xiaofei Finance Co Ltd
Original Assignee
Mashang Xiaofei Finance Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mashang Xiaofei Finance Co Ltd filed Critical Mashang Xiaofei Finance Co Ltd
Priority to CN202211041299.6A priority Critical patent/CN117667296A/en
Publication of CN117667296A publication Critical patent/CN117667296A/en
Pending legal-status Critical Current

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Stored Programmes (AREA)

Abstract

The application provides a restarting method and device of a target container, wherein the method comprises the following steps: responding to a restarting instruction of a target container, acquiring an execution parameter of the target program from a preset starting node of the target program in the target container, wherein the target program is used for storing confidential information on line, the preset starting node is a node for starting to unseal the target program in the process of restarting the target program, the execution parameter is used for indicating a target storage position of the unsealing program of the target program, and the target storage position is positioned in a data storage unit of a container cluster where the target container is positioned; according to the execution parameters, obtaining an unpacking program at a target storage position, wherein the unpacking program is used for unlocking the locking state of the target program; operating an unpacking program to obtain unpacking information of the target program; and unsealing the target program according to the unsealing information so as to restart the target container. According to the method and the device, the automatic deblocking of the target program is realized, the deblocking time is shortened, and the restarting processing efficiency of the target container is improved.

Description

Restarting method and device of target container
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a restarting method and device of a target container.
Background
In order to ensure information security, it is important to store online confidential information such as database passwords, certificates, application programming interface (Application Programming Interface, API) keys, system general account passwords, and the like. The preservation of common online confidential information may be accomplished by a confidential tool program.
In the related art, when the confidential tool is deployed, a plurality of physical machines can be used as nodes of a plurality of confidential tools, one of the nodes is used as a main node, the other nodes are used as standby nodes, and the main node can synchronize data to the standby nodes. When the main node fails, the service can be continuously improved by switching to the standby node.
However, in order to ensure the security of the confidential information in the confidential tool program, when the confidential tool program fails and needs to be restarted, the confidential tool program in each node is in a locked state, and needs to be manually unsealed, which is time-consuming and labor-consuming, and thus has low usability.
Disclosure of Invention
The embodiment of the application provides a restarting method and device for a target container, which realize automatic deblocking of the target program, shorten the deblocking time of the target program and further improve the restarting processing efficiency of the target container.
In a first aspect, an embodiment of the present application provides a method for restarting a target container, where the method includes:
responding to a restarting instruction of a target container, acquiring an execution parameter of a target program in the target container from a preset starting node of the target program, wherein the target program is used for storing confidential information online, the preset starting node is a node for starting to unseal the target program in the process of restarting the target program, the execution parameter is used for indicating a target storage position of an unsealing program of the target program, and the target storage position is positioned in a data storage unit of a container cluster where the target container is positioned;
acquiring the unpacking program from the target storage position according to the execution parameters, wherein the unpacking program is used for unlocking the locking state of the target program;
running the unpacking program to obtain unpacking information of the target program;
and unsealing the target program according to the unsealing information so as to restart the target container.
In a second aspect, embodiments of the present application provide a restarting device of a target container, where the device includes:
the device comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for responding to a restarting instruction of a target container, acquiring execution parameters of a target program in the target container from a preset starting node of the target program, wherein the target program is used for storing confidential information on line, the preset starting node is a node for starting to unseal the target program in the process of restarting the target program, the execution parameters are used for indicating a target storage position of an unsealing program of the target program, and the target storage position is positioned in a data storage unit of a container cluster where the target container is positioned; the method comprises the steps of executing a target program, acquiring an execution parameter of the target program, and acquiring an unpacking program in the target storage position according to the execution parameter, wherein the unpacking program is used for unpacking the locking state of the target program;
The operation module is used for operating the unpacking program to acquire unpacking information of the target program;
and the unpacking module is used for unpacking the target program according to the unpacking information so as to restart the target container.
In a third aspect, embodiments of the present application provide a computer device, comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executes computer-executable instructions stored by the memory, causing the at least one processor to perform a method of restarting a target container as designed in the first aspect above.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored therein computer executable instructions that, when executed by a processor, implement a method for restarting a target container as designed in the first aspect above.
In a fifth aspect, embodiments of the present application provide a computer program product comprising computer instructions which, when executed by a processor, implement a method of restarting a target container as designed in the first aspect above.
According to the method and the device for restarting the target container, as the target storage position of the data storage unit corresponding to the container cluster stores the unpacking program of the target program, the unpacking program can be directly acquired from the target storage position of the data storage unit through the execution parameter of the target storage position when restarting the target program in any container of the container cluster, and the unpacking information of the target program is acquired through callback execution of the unpacking program, so that the target program is restarted, the automatic unpacking of the target program is realized, the unpacking time of the target program is shortened, the target container can be restarted after the target program is unpacked, and the restarting processing efficiency of the target container is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, a brief description will be given below of the drawings that are needed in the embodiments or the prior art descriptions, it being obvious that the drawings in the following description are some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1 is a schematic diagram of a deployment of a confidential tool provided in an embodiment of the present application;
FIG. 2 is a schematic diagram of another deployment of a confidential tool provided by an embodiment of the present application;
fig. 3 is a flow chart of a method for restarting a target container according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a container cluster according to an embodiment of the present disclosure;
FIG. 5 is a flowchart illustrating another method for restarting a target container according to an embodiment of the present disclosure;
fig. 6 is a flowchart of a method for restarting a target container according to another embodiment of the present application;
fig. 7 is a block diagram of a restarting device of a target container according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure have been shown in the accompanying drawings, it is to be understood that the present disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein, but are provided to provide a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the present disclosure are for illustration purposes only and are not intended to limit the scope of the present disclosure.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
The term "including" and variations thereof as used herein are intended to be open-ended, i.e., including, but not limited to. The term "based on" is based at least in part on. The term "one embodiment" means "at least one embodiment"; the term "another embodiment" means "at least one additional embodiment"; the term "some embodiments" means "at least some embodiments. Related definitions of other terms will be given in the description below.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
In order to ensure information security, it is important to store online confidential information such as database passwords, certificates, application programming interface (Application Programming Interface, API) keys, system general account passwords, and the like. The preservation of common online confidential information may be accomplished by a confidential tool program (e.g., vault).
The usual confidential tool program has the following characteristics:
first, any key/value or other confidential information may be stored in the confidential tool program. The secret information may be encrypted by a secret utility before being written to persistent storage, which may include disk, data clusters (Consul), etc. By encrypting before storing, when accessing the confidential information, the confidential information needs to be provided with corresponding rights, thereby improving the security of the confidential information.
Second, the confidential tool program may generate secrets for certain systems on demand, e.g., different types of databases. For example, when an application needs to access buckets corresponding to different types of databases, credentials may be solicited from a confidential tool program that will generate key pairs with valid rights as needed. It should be noted that, after creating dynamic confidential information, the confidential tool program will also automatically revoke after the lease expires.
Again, the confidential tool can encrypt and decrypt data without storing the data. Based on this, the security team can define encryption parameters and store the encryption parameters in a database or the like without having to redesign the corresponding encryption method.
Again, all confidential information in the confidential facility has a lease associated with it. At the end of the lease time period, the confidential tool program will automatically revoke the confidential information. Accordingly, the user may update the lease through a built-in update application program interface (Application Programming Interface, API).
Finally, the confidential tool has built-in support for revocation of confidential information. The confidential tools may not only revoke individual confidential information, but also revoke confidential trees. Illustratively, all confidential information that may be read by a particular user, or all confidential information of a particular type. Revocation facilitates key scrolling and locking the system in case of intrusion.
With respect to the confidential tools described above, several common deployment approaches are described below.
FIG. 1 is a schematic diagram of a deployment method of a confidential tool program according to an embodiment of the present application. As shown in fig. 1, a plurality of physical machines (e.g., three) may be used as nodes of a plurality of confidential tools, one as a Master (Master) and the other as a standby (Slave).
The primary node and all the standby nodes may form a high availability cluster (High Availability Cluster, HA). The high availability cluster refers to a server cluster with the aim of reducing service interruption time. A master node in the high availability cluster may run the confidential tool program and send the operating data generated by running the confidential tool program to the application and synchronize to the standby node. When the main node fails, the high-availability cluster can be switched to the standby node to run the confidential tool program in real time, and the service interruption time when the main node fails can be reduced because the main node already synchronizes the running data to the standby node.
However, the deployment of the confidential tool program shown in FIG. 1 may have the following problems.
First, the primary node may have a delay in synchronizing the data to the backup node. Accordingly, during the master-slave switching process, data may be lost. Second, prior to master-slave switching, the standby node cannot provide read-write services and also cannot provide load balancing of traffic among multiple nodes. Again, after each master-slave switch is sent, the data synchronization policy needs to be reconfigured to avoid data inconsistency caused by failure to achieve subsequent data synchronization. Finally, after the master-slave switching or restarting is performed after the fault occurs, the confidential tool program can normally provide access after manual deblocking is needed.
FIG. 2 is a schematic diagram of another deployment of a confidential tool provided in an embodiment of the present application. As shown in FIG. 2, multiple instances are deployed in a container between an application and a database as nodes of a confidential tool program, and the data store corresponding to the confidential tool program is saved by using additional middleware, so that each node can provide read-write services.
However, the deployment of the confidential tools illustrated in FIG. 2 requires additional resource costs to build up middleware or database clusters. Moreover, after the container is restarted, the container still cannot be automatically unsealed, and manual unsealing is needed, so that the usability is not high.
After the confidential tool program with different deployment modes is restarted after faults occur, the confidential tool program can be in a locking state, and a key generated during initialization is needed to unlock the service and provide access to the outside.
Furthermore, the unsealing mode of the confidential tool program after restarting is realized by replacing authority attributes or adopting an engine of another confidential tool program by relying on external services except manual unsealing, so that the unsealing process is complicated, time and labor are consumed, and the resource cost is increased, and the usability of the confidential tool program is low.
In order to solve the above problems, the embodiments of the present application provide a method and an apparatus for restarting a target container, where a target storage location in a data storage unit of a container cluster stores an unpacking program of the target program, so that when any container of the container cluster is restarted, the unpacking program can be directly obtained from the target storage location in the data storage unit by an execution parameter indicating a target parameter location, and unpacking information of the target program is obtained by executing the unpacking program in a callback manner, so as to restart the target program, thereby implementing automatic unpacking of the target program and improving processing efficiency of restarting the target container.
It should be appreciated that the container to which embodiments of the present application relate may be a standard software package that bundles together relevant data of configuration files, libraries, running environments, etc. of an application for seamless deployment of the application across environments.
The following describes an application scenario of the method for restarting the target container provided in the present disclosure.
In some embodiments, the method for restarting the target container provided by the application may be applied to application scenarios of confidential tools such as Vault. When the confidential tool program fails, the unsealing program of the confidential tool program can be acquired at the target storage position in the data storage unit of the container cluster where the target container is located, so that the unsealing information is determined through the unsealing program, and the confidential tool program is unsealed.
It should be noted that the application scenario is not limited to the application, and the method for restarting the target container provided in the application may be applied to any scenario in which program deblocking is performed.
It may be understood that the above method for restarting the target container may be implemented by the apparatus for restarting the target container provided in the embodiment of the present application, and the apparatus for restarting the target container may include part or all of computer equipment
The technical solutions of the embodiments of the present application are described in detail below with specific embodiments. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.
Referring to fig. 3, fig. 3 is a flowchart of a method for restarting a target container according to an embodiment of the present application. The execution body of the present embodiment may include a computer device, and the present embodiment relates to a process of how to restart a target container. The restarting method of the target container comprises the following steps:
s201: and responding to a restarting instruction of the target container, and acquiring the execution parameters of the target program at a preset starting node of the target program in the target container.
The target program is used for storing confidential information on line, the preset starting node is a node for starting to unseal the target program in the process of restarting the target program, the execution parameter is used for indicating a target storage position of the unsealing program of the target program, and the target storage position is located in a data storage unit of a container cluster where a target container is located.
In the application, when a target program in a target container in a container cluster fails, the target container can be instructed to restart by a restart instruction, and in the process of restarting the target container, the target program needs to be firstly unpacked. Correspondingly, when the computer equipment restarts after receiving the restart instruction of the target container, the starting node can be preset to acquire the execution parameters of the target program, thereby acquiring the unsealing program.
The container clusters according to the embodiments of the present application will be described below.
Fig. 4 is a schematic diagram of a container cluster according to an embodiment of the present application. As shown in fig. 4, the container cluster includes one data storage unit and a plurality of mirror containers; the image containers are all stored with target programs, operation data generated by the target programs in each image container are stored in the data storage unit, the operation data comprise data corresponding to the unpacking programs of the target programs, and the target container is any image container in the container cluster. Wherein the target program may be a confidential tool program.
Since the programs in the containers in the container cluster are mirror images of the target program. An application may access a target program in any target container in the cluster of containers and may use the target program in one container to provide a service when the target program fails.
With continued reference to fig. 4, the containers in the container cluster are all mounted on the same data storage unit, and the data storage unit can be used as a storage unit shared by a plurality of mirror image containers, and the running data generated by the target program in each mirror image container can be stored in the data storage unit, so that after the mirror image container is switched, the target program in the mirror image container after the switching can still query the running data of the target program in the mirror image container before the switching, thereby realizing seamless switching between the mirror image containers. Accordingly, the decapsulation program related to the embodiment of the present application may also be stored in a target storage location on the data storage unit, so that each container may be obtained during decapsulation.
It should be understood that, in the embodiment of the present application, the target storage location is not limited, and may be specifically set according to the actual situation, and only need to be on the data storage unit.
According to the method and the device, the containers in the container cluster share the same data storage unit, so that when the target program fails and the target program in the mirror image container needs to be switched, the loss of data is avoided. Meanwhile, by storing the unpacking program in the target storage position in the data storage unit, the unpacking program can be quickly acquired by the target program during unpacking, and the unpacking speed of the target program is improved.
The embodiment of the application does not limit the triggering mode of the restarting instruction, and in some embodiments, the restarting instruction may be manually triggered by a user or may be automatically triggered when the target program fails. In some embodiments, the restart instruction may instruct the target program in the failed target container to restart, in other embodiments, if the target program is deployed in a plurality of mirror containers, when the target program fails, the mirror container of the container in which the failed target program is located may also be the target container, and the target program therein is restarted by the restart instruction.
It should be appreciated that embodiments of the present application are not limited to the above-described target program, which may be a confidential tool program, such as Vault, in some embodiments.
It should be noted that, the preset starting node of the target program may be a callback executing node of the target container. In some embodiments, a callback execution command of a life cycle before starting (preSatrt) is added in the deployment information of the target container, so that the target program can automatically acquire the execution parameters of the target program at the callback execution node when restarting, thereby acquiring the unpacking program.
It should be understood that the embodiments of the present application do not limit the above-mentioned execution parameters, and in some embodiments, the execution parameters may be parameters of a callback execution command, which are set by a user when deploying a target container, and through which the routing information of the target storage location may be indicated.
For example, if the execution parameter is "sh/home/value/data/unseal. Sh", the target storage location is determined by the execution parameter to obtain the decapsulation program.
S202: and acquiring an unpacking program from the target storage position according to the execution parameters, wherein the unpacking program is used for unlocking the locking state of the target program.
In this step, when the computer device obtains the execution parameter of the target program at the preset starting node of the target program, the computer device may obtain the decapsulation program at the target storage location by using the execution parameter, so as to decapsulate the target program, because the execution parameter may indicate the target storage location of the decapsulation program in the data storage unit of the container cluster.
In some embodiments, the execution parameter may be a parameter of a callback execution command, which is used to indicate routing information of a target storage location, and the execution parameter may determine the routing information of the target storage location, so as to obtain the decapsulation program at the target storage location in the data storage unit of the container cluster.
S203: and running the unpacking program to obtain unpacking information of the target program.
In the step, after the computer device obtains the decapsulation program at the target storage location, the decapsulation program may be run to obtain the decapsulation information of the target program.
It should be understood that the embodiment of the present application does not limit the type of the decapsulation program, and may be an executable script. In some embodiments, the decapsulation program may include at least one decapsulation instruction, where the decapsulation instruction may be written in advance to corresponding decapsulation information, and by executing the decapsulation instruction, the computer device may obtain the corresponding decapsulation information.
In other embodiments, the decapsulation program may contain other instructions prior to execution of the decapsulation instructions. By way of example, query instructions, judgment instructions, detection instructions, and the like may be included. The query instruction is used for querying the process of the target program, the detection instruction is used for detecting the use state of the target program, and the judging instruction is used for judging whether the process of the target program is started or not, or judging whether the use state of the target program is in an unpacking state or not.
It should be understood that when the unpacking program includes a plurality of instructions, such as an unpacking instruction and a query instruction, each instruction may be triggered at different running nodes of the unpacking program, so as to obtain unpacking information of the target program.
The unpacking program may include an unpacking instruction, a first query instruction and a second unpacking instruction, where the unpacking instruction is used to obtain unpacking information, the first query instruction is used to query a restart state of the target program, and the second query instruction is used to query a use state of the target program. Correspondingly, when the unpacking program is running, the unpacking instruction can be triggered at a first running node, the first query instruction is triggered at a second running node, and the second query instruction is triggered at a third running node. Wherein the third operational node is subsequent to the second operational node and prior to the first operational node.
For example, when running the decapsulation program, the computer device may first trigger a first query instruction at the second running node to query the restart state of the target program. And then triggering a second query instruction at the third running node to query the use state of the target program. If the target program is in a restarting state and the using state of the target program is in a locking state, triggering an unpacking instruction at a first running node, and extracting unpacking information in the unpacking program. If the target program is not in the restarting state or the using state of the target program is not in the locking state, the deblocking program is terminated, and the deblocking instruction is not triggered any more.
It should be noted that, in the embodiments of the present application, the type of the decapsulation information is not limited, and in some embodiments, the decapsulation information includes an decapsulation key of the target program.
It should be understood that the target program may include a plurality of deblocking keys, each deblocking key may correspondingly generate a deblocking instruction in the deblocking program, and the target program may be deblocked by executing a preset number of deblocking instructions to obtain a preset number of deblocking keys. The preset number may be specifically set according to the actual situation, for example, five deblocking keys may be set to three.
It should be understood that the embodiment of the present application does not limit how to obtain the unpacking information, and in some embodiments, the unpacking information of the target program may be obtained by initializing the target program of any mirror image container in the container cluster, and then generating the unpacking program according to the unpacking information.
The initialization of the target program of any mirror image container in the container cluster can be realized by restoring the setting parameters of the target program to the initial setting values. After the initialization of the target program is completed, the unpacking information generated by the target program after the initialization is completed can be obtained, and the unpacking information generated after the initialization contains the secret key for unlocking the locking state of the target program.
For example, if the target program is a confidential tool program (e.g., a program), by initializing the target program, the target program may be reset and the decapsulation information of the target program may be generated, e.g., 5 decapsulation keys K1, K2, K3, K4, and K5 may be generated. Subsequently, a preset program template may be acquired. The program template comprises preset inquiry instructions, judgment instructions, detection instructions and other instructions, and an unpacking instruction comprising a position to be filled. The decapsulation program may be generated by populating the decapsulation information into the population locations of the decapsulation instructions.
In some embodiments, after the decapsulation program is generated, the decapsulation program may be saved in the target storage location, and the authority of the decapsulation program is set accordingly. For example, the unpacking program can be set to have modification and viewing rights for an administrator, and other users have execution rights, so that the safety of unpacking information is ensured.
S204: and unsealing the target program according to the unsealing information so as to restart the target container.
It should be understood that, in the embodiments of the present application, how to unseal the target program according to the unsealing information is not limited, and in some embodiments, the locked state of the target program may be released by inputting the unsealing information into the target program, so that the user may normally access the target program.
It should be understood that in the embodiment of the present application, restarting the target container is equivalent to restarting the target program in the target container, and unsealing the target program is equivalent to restarting the target program, because the target program will automatically restart after unsealing the target program.
According to the restarting method of the target container, firstly, in response to a restarting instruction of the target container, an execution parameter of the target program is obtained from a preset starting node of the target program in the target container, wherein the target program is used for storing confidential information on line, the preset starting node is a node for starting to unseal the target program in the process of restarting the target program, the execution parameter is used for indicating a target storage position of the unsealing program of the target program, and the target storage position is located in a data storage unit of a container cluster where the target container is located. And secondly, acquiring an unpacking program at the target storage position according to the execution parameters, wherein the unpacking program is used for unlocking the locking state of the target program. And thirdly, the running unpacking program obtains unpacking information of the target program. Finally, the target program is unpacked according to the unpacking information so as to restart the target container. According to the method and the device for restarting the target container, as the target storage position in the data storage unit of the container cluster stores the unpacking program of the target program, the target program in any container of the container cluster can directly acquire the unpacking program from the target storage position in the data storage unit during restarting, and the unpacking information of the target program is acquired through callback execution of the unpacking program, so that the target program is unpacked, and the target program is restarted. The automatic unpacking of the target program is realized, and the usability of the target program is improved.
On the basis of the above-described embodiment, a description will be given below of how to generate the decapsulation program. Fig. 5 is a flowchart of another method for restarting a target container according to an embodiment of the present application. The restarting method of the target container comprises the following steps:
s301: and acquiring an application package of the target program.
In this application, when the target program needs to be deployed, the computer device may first acquire an application inclusion of the target program.
Wherein the target program is used to store confidential information online, embodiments of the present application are not limited to target applications, which may be confidential tools, such as, for example, a vault, in some embodiments.
It should be understood that the embodiments of the present application are not limited to how to obtain the application package of the target program. In some embodiments, the computer device may send an acquisition request to the database, acquiring the application package of the target program by the identification of the target program contained in the acquisition request. In other embodiments, the application package of the target program may be entered directly by the user.
S302: a plurality of mirror containers are generated by using the application package, and a container cluster formed by the mirror containers is obtained.
Wherein a plurality of mirrored containers, e.g., two, three, etc., may be included in the container cluster. In the embodiment of the present application, the mirror image container may be a container in which the programs contained therein are identical mirror image programs.
It should be understood that the embodiments of the present application are not limited to the type of container cluster, and may be specifically set according to practical situations, and in some embodiments, the container cluster may be a K8S container cluster.
In the application, as the plurality of mirror image containers are arranged in the container cluster, when the target program fails, the target containers in other mirror image containers can be restarted to serve as backups, so that the availability and stability of the target program are improved.
It should be appreciated that embodiments of the present application are not limited in how application packages may be used to generate multi-mirrored containers, and in some embodiments, a computer device may first obtain routing information for a data storage unit. And secondly, according to the routing information of the data storage unit, modifying the storage parameters in the application package. And thirdly, generating a plurality of mirror image packages of the target program according to the modified storage parameters and preset mirror image mounting configuration information. Finally, a plurality of mirror containers are created using the plurality of mirror packages.
The data storage unit can be a data storage position shared by the mirror image containers, and through setting the data storage unit, the running data of the target programs of different mirror image containers in the running process can be stored in the data storage unit, so that data loss can not be caused when the containers are switched.
It should be understood that the storage parameters in the application package of the target program need to be modified when the target program is deployed, where the storage parameters are used to indicate the data storage manner of the target program. For example, the storage parameters may be modified to a local storage mode when the target program is deployed. Accordingly, if the target storage location is "/home/program/data", the storage target of the running data of the target program in the mirror container may be set to "/home/program/data".
In some embodiments, after the storage parameters in the application package of the target program are modified, the modified application package may be placed in a preset mirror package, and preset mirror mounting configuration information is added, so as to generate mirror mounting configuration information. The mirror mount configuration information is used to indicate the shared storage resources (i.e., data storage units) on which the mirror container is mounted. Then, a plurality of mirror image containers are created by the mirror image package according to the preset number of mirror image containers.
It should be noted that, in the embodiment of the present application, after the creation of the mirror image containers is completed, the data storage locations of the multiple mirror image containers may also be set as the data storage units, so that the target programs in different mirror image containers share the data storage.
S303: initializing a target program of any mirror image container in the container cluster, and obtaining the unpacking information of the target program.
It should be understood that, since the unpacking information of the target program is only generated when the target program is initialized, after the deployment of the target program is completed, the target program of any mirror image container may be initialized, so as to obtain the unpacking information of the target program.
For example, the target program of any mirror container in the container cluster may be initialized by restoring the set parameters of the target program to the initial set values. Then, the unpacking information generated by the target program after the initialization is completed can be obtained, and the unpacking information generated after the initialization contains the key for unlocking the locking state of the target program.
S304: and generating an unpacking program according to the unpacking information.
It should be understood that the embodiments of the present application are not limited to how to generate the decapsulation program, and in some embodiments, the decapsulation information may be filled into a target location in a preset program template to generate the decapsulation program.
The program template comprises a first data unit, wherein the target position is located in the first data unit, and the first data unit is used for triggering an unpacking instruction for acquiring unpacking information at a first running node of an unpacking program.
It should be noted that, the first data unit in the program template lacks critical decapsulation information at the target position, and a complete decapsulation instruction can be formed by filling in the decapsulation information at the specific position. Subsequently, in the process of running the unpacking program, the unpacking information in the unpacking program can be obtained by triggering the unpacking instruction, so that the unpacking of the target program is completed.
In some embodiments, the program template further comprises a second data unit and a third data unit. The second data unit is used for triggering a first query instruction of the target program at a second running node of the unpacking program, and the first query instruction is used for querying the restarting state of the target program. The third data unit is used for triggering a second query instruction of the target program at a third running node of the unpacking program, and the second query instruction is used for querying the use state of the target program. Wherein the third operational node is subsequent to the second operational node and prior to the first operational node.
Accordingly, when the target program is unpacked, the process of the target program can be inquired through the first inquiry instruction, so that whether the target program is restarted or not is determined. The second query instruction can detect the use state of the target program, and when the use state is the locking state, the target program can be unpacked by executing the unpacking instruction according to the unpacking instruction.
It should be understood that, in the embodiments of the present application, there is no limitation on how to execute the unpacking instruction to unpack the target program, in some embodiments, the unpacking instruction may input unpacking information into the target program, and when the unpacking information input into the target program is correct and the number of unpacking information exceeds the preset number, the target program may complete unpacking.
The preset data may be specifically set based on actual situations, and may be, for example, 60%, 40% or the like of the number of the decapsulation information. For example, if the unpacking information includes 5 unpacking keys K1, K2, K3, K4 and K5, and the preset number is 3, if the input unpacking keys of the target program are correct and the number is greater than or equal to 3, the target program is unpacked.
According to the restarting method of the target container, the plurality of mirror image containers are deployed, so that the application throughput, the reading and writing capability and the portability are improved, the plurality of mirror image containers can serve as nodes to provide the reading and writing capability, and the flow load balancing is achieved. Meanwhile, the target program is automatically unsealed when restarted by using the unsealing program, so that manual unsealing is not needed, and the high availability of the target program is realized.
On the basis of the above-described embodiment, a description will be given below of how to execute the decapsulation procedure. Fig. 6 is a flowchart of another method for restarting a target container according to an embodiment of the present application. The restarting method of the target container comprises the following steps:
S401: and searching the process of the target program according to the first query instruction triggered by the unpacking program.
S402: and determining whether the target program is restarted according to the process of the target program.
It should be appreciated that if a process in which the target program exists is queried, a target program restart may be determined. If the process of the target program is not queried, the target program can be determined not to be restarted.
If yes, step S404 is executed, and if no, step S403 is executed.
S403: waiting for a first preset time period.
The first preset duration may be specifically set according to practical situations, for example, 2 seconds and 3 seconds.
After step S403, step S401 is performed.
S404: and detecting the use state of the target program according to a second query instruction triggered by the unpacking program.
The usage state may be an unsealed state and a locked state.
S405: it is determined whether the use state of the target program is a locked state.
If not, step S407 is executed, and if yes, step S406 is executed.
S406, according to the deblocking instruction triggered by the deblocking program, obtaining deblocking information to deblock the target program.
After step S406, step S407 is performed.
S407: and running the target program.
According to the embodiment of the application, the target program is automatically unpacked through the unpacking program, so that the problem that service cannot be provided to the outside after restarting is avoided, the problem that the target program cannot be used due to untimely manual intervention is avoided, and the usability of the target program is improved.
Those skilled in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Fig. 7 is a block diagram of a restarting device of a target container according to an embodiment of the present application, corresponding to the voice recognition method of the above embodiment. The restarting means of the target container may be, for example, a computer device as described above. For convenience of explanation, only portions relevant to the embodiments of the present application are shown. Referring to fig. 7, the restarting device 500 of the target container includes: an acquisition module 501, a run module 502 and a decapsulation module 503.
The obtaining module 501 is configured to respond to a restart instruction of a target container, and obtain, at a preset start node of a target program in the target container, an execution parameter of the target program, where the target program is configured to store confidential information online, the preset start node is a node that starts unpacking the target program in a process of restarting the target program, and the execution parameter is configured to indicate a target storage location of an unpacking program of the target program, where the target storage location is located in a data storage unit of a container cluster where the target container is located; the method comprises the steps of obtaining an unpacking program at a target storage position according to an execution parameter, wherein the unpacking program is used for unlocking a locking state of the target program;
The operation module 502 is configured to operate the decapsulation program to obtain decapsulation information of the target program;
the unpacking module 503 is configured to unpack the target program according to the unpacking information, so as to restart the target container.
In some alternative embodiments, a container cluster includes one data storage unit and a plurality of mirrored containers; the image containers are all stored with target programs, operation data generated by the target programs in each image container are stored in the data storage unit, the operation data comprise data corresponding to the unpacking programs of the target programs, and the target container is any image container in the container cluster.
In some optional embodiments, the running module 502 is further configured to obtain an application package of the target program; generating a plurality of mirror image containers by using an application package to obtain a container cluster consisting of the mirror image containers; initializing a target program of any mirror image container in the container cluster, and obtaining unpacking information of the target program; and generating an unpacking program according to the unpacking information.
In some optional embodiments, the operation module 502 is specifically configured to initialize the target program of any mirror container in the container cluster by restoring the setting parameters of the target program to the initial setting values; and obtaining the unpacking information generated by the target program after the initialization is completed, wherein the unpacking information generated after the initialization comprises a key for releasing the locking state of the target program.
In some optional embodiments, the operation module 502 is specifically configured to obtain routing information of the data storage unit; modifying storage parameters in the application package according to the routing information of the data storage unit; generating a plurality of mirror image packages of the target program according to the modified storage parameters and preset mirror image mounting configuration information; multiple mirror containers are created using multiple mirror packages.
In some optional embodiments, the operation module 502 is further configured to receive an operation instruction for the target program input by a user; operating the target program according to the operation instruction in any mirror image container in the container cluster to generate operation data of the target program; the operation data of the target program is stored in the data storage unit.
In some optional embodiments, the operation module 502 is specifically configured to fill the decapsulation information into a target location in a preset program template, and generate an decapsulation program; the program template comprises a first data unit, wherein the target position is located in the first data unit, and the first data unit is used for triggering an unpacking instruction for acquiring unpacking information at a first running node of an unpacking program.
In some alternative embodiments, the program template further comprises a second data unit and a third data unit; the second data unit is used for triggering a first query instruction of the target program at a second running node of the unpacking program, and the first query instruction is used for querying the restarting state of the target program; the third data unit is used for triggering a second query instruction of the target program at a third running node of the unpacking program, and the second query instruction is used for querying the use state of the target program; wherein the third operational node is subsequent to the second operational node and prior to the first operational node.
In some optional embodiments, the operation module 502 is specifically configured to trigger a first query instruction at the second operation node to query a restart state of the target program; triggering a second query instruction at a third operation node to query the use state of the target program; if the target program is in a restarting state and the using state of the target program is in a locking state, triggering an unpacking instruction at a first running node, and extracting unpacking information in the unpacking program.
The restarting device of the target container provided in this embodiment may be used to execute the technical solution of the foregoing method embodiment, and its implementation principle and technical effects are similar, and this embodiment is not repeated here.
Fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 8, the computer device 600 may include: a plurality of processors 601 and a memory 602. Fig. 8 shows a computer device using a processor as an example.
A memory 602 for storing programs. In particular, the program may include program code including computer-operating instructions.
The memory 602 may include high-speed RAM memory or may further include non-volatile memory (non-volatile memory), such as multiple disk memory.
The processor 601 is configured to execute computer-executable instructions stored in the memory 602 to implement the method for restarting the target container described above.
The processor 601 may be a processor (Central Processing Unit, abbreviated as CPU), or a specific integrated circuit (Application Specific Integrated Circuit, abbreviated as ASIC), or one or more integrated circuits configured to implement embodiments of the present application.
Alternatively, in a specific implementation, if the communication interface, the memory 602, and the processor 601 are implemented independently, the communication interface, the memory 602, and the processor 601 may be connected to each other through a bus and perform communication with each other. The bus may be an industry standard architecture (Industry Standard Architecture, abbreviated ISA) bus, an external device interconnect (Peripheral Component, abbreviated PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated EISA) bus, among others. Buses may be divided into address buses, data buses, control buses, etc., but do not represent only one bus or one type of bus.
Alternatively, in a specific implementation, if the communication interface, the memory 602, and the processor 601 are integrated on a chip, the communication interface, the memory 602, and the processor 601 may complete communication through an internal interface.
The embodiment of the application also provides a chip, which comprises a processor and an interface. Wherein the interface is used for inputting and outputting data or instructions processed by the processor. The processor is configured to perform the method of restarting the target container provided in the method embodiment above.
The present application also provides a computer-readable storage medium, which may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, an optical disk, or other various media capable of storing program codes, and specifically, the computer-readable storage medium stores program information for the above-mentioned method for restarting the target container.
The present application also provides a computer program product comprising a computer program which, when executed by a processor, implements a method of restarting a target container as described above.
The application also provides a computer program, which enables a computer to execute the method for restarting the target container.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present invention are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.) means from one website, computer, server, or data center. Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc., that contain an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.

Claims (12)

1. A method of restarting a target container, the method comprising:
responding to a restarting instruction of a target container, acquiring an execution parameter of a target program in the target container from a preset starting node of the target program, wherein the target program is used for storing confidential information online, the preset starting node is a node for starting to unseal the target program in the process of restarting the target program, the execution parameter is used for indicating a target storage position of an unsealing program of the target program, and the target storage position is positioned in a data storage unit of a container cluster where the target container is positioned;
Acquiring the unpacking program from the target storage position according to the execution parameters, wherein the unpacking program is used for unlocking the locking state of the target program;
running the unpacking program to obtain unpacking information of the target program;
and unsealing the target program according to the unsealing information so as to restart the target container.
2. The method of claim 1, wherein the cluster of containers comprises one data storage unit and a plurality of mirrored containers;
the plurality of mirror image containers are all stored with the target program, operation data generated by the target program in each mirror image container are stored in the data storage unit, the operation data comprise data corresponding to an unpacking program of the target program, and the target container is any mirror image container in the container cluster.
3. The method of claim 2, wherein before the obtaining, at the preset starting node of the target program in the target container, the execution parameters of the target program in response to the restart instruction of the target container, the method further comprises:
acquiring an application package of the target program;
generating the plurality of mirror image containers by using the application package to obtain the container cluster consisting of the plurality of mirror image containers;
Initializing a target program of any mirror image container in the container cluster, and obtaining unpacking information of the target program;
and generating the unpacking program according to the unpacking information.
4. A method according to claim 3, wherein initializing a target program of any mirror container in the container cluster, and obtaining the unpacking information of the target program comprises:
initializing the target program of any mirror image container in the container cluster by restoring the setting parameters of the target program to initial setting values;
and obtaining the unsealing information generated by the target program after the initialization is completed, wherein the unsealing information generated after the initialization comprises a key for releasing the locking state of the target program.
5. The method of claim 3, wherein the generating the plurality of mirror containers using the application package comprises:
acquiring the routing information of the data storage unit;
modifying storage parameters in the application package according to the routing information of the data storage unit;
generating a plurality of mirror image packages of the target program according to the modified storage parameters and preset mirror image mounting configuration information;
Creating the plurality of mirror containers using the plurality of mirror packages.
6. The method of claim 4, wherein after said generating said plurality of mirrored containers using said application package results in said container cluster comprised of said plurality of mirrored containers, said method further comprises:
receiving an operation instruction aiming at the target program, which is input by a user;
running the target program according to the operation instruction in any mirror image container in the container cluster to generate running data of the target program;
and storing the operation data of the target program in the data storage unit.
7. The method of claim 4, wherein generating the decapsulation program based on the decapsulation information comprises:
filling the unpacking information into a target position in a preset program template to generate the unpacking program;
the program template comprises a first data unit, the target position is located in the first data unit, and the first data unit is used for triggering an unpacking instruction for acquiring the unpacking information at a first running node of the unpacking program.
8. The method of claim 7, wherein the program template further comprises a second data unit and a third data unit;
The second data unit is used for triggering a first query instruction of the target program at a second running node of the unpacking program, and the first query instruction is used for querying the restarting state of the target program;
the third data unit is used for triggering a second query instruction of the target program at a third running node of the unpacking program, and the second query instruction is used for querying the use state of the target program;
wherein the third operational node is subsequent to the second operational node and prior to the first operational node.
9. The method of claim 8, wherein the running the decapsulation program to obtain the decapsulation information of the target program comprises:
triggering the first query instruction at the second running node to query the restarting state of the target program;
triggering the second query instruction at the third operation node to query the use state of the target program;
and if the target program is in the restarting state and the using state of the target program is in the locking state, triggering the unpacking instruction at the first operation node, and extracting the unpacking information from the unpacking program.
10. A device for restarting a target container, the device comprising:
the device comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for responding to a restarting instruction of a target container, acquiring execution parameters of a target program in the target container from a preset starting node of the target program, wherein the target program is used for storing confidential information on line, the preset starting node is a node for starting to unseal the target program in the process of restarting the target program, the execution parameters are used for indicating a target storage position of an unsealing program of the target program, and the target storage position is positioned in a data storage unit of a container cluster where the target container is positioned; the method comprises the steps of executing a target program, acquiring an execution parameter of the target program, and acquiring an unpacking program in the target storage position according to the execution parameter, wherein the unpacking program is used for unpacking the locking state of the target program;
the operation module is used for operating the unpacking program to acquire unpacking information of the target program;
and the unpacking module is used for unpacking the target program according to the unpacking information so as to restart the target container.
11. A computer device, comprising: at least one processor and memory;
The memory stores computer-executable instructions;
the at least one processor executing computer-executable instructions stored in the memory causes the at least one processor to perform the method of any one of claims 1 to 9.
12. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor implement the method of any one of claims 1 to 9.
CN202211041299.6A 2022-08-29 2022-08-29 Restarting method and device of target container Pending CN117667296A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211041299.6A CN117667296A (en) 2022-08-29 2022-08-29 Restarting method and device of target container

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211041299.6A CN117667296A (en) 2022-08-29 2022-08-29 Restarting method and device of target container

Publications (1)

Publication Number Publication Date
CN117667296A true CN117667296A (en) 2024-03-08

Family

ID=90064819

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211041299.6A Pending CN117667296A (en) 2022-08-29 2022-08-29 Restarting method and device of target container

Country Status (1)

Country Link
CN (1) CN117667296A (en)

Similar Documents

Publication Publication Date Title
US10798218B2 (en) Environment isolation method and device
CN109710317B (en) System starting method and device, electronic equipment and storage medium
CN108073423B (en) Accelerator loading method and system and accelerator loading device
US10235048B2 (en) Data processing method and smart device
CN110602136B (en) Cluster access method and related product
US11860776B2 (en) Concurrent memory recycling for collection of servers
CN112162825A (en) Equipment configuration method, device, equipment and storage medium
CN113342711A (en) Page table updating method, device and related equipment
CN108062239B (en) Accelerator loading method and system and accelerator loading device
CN108352995B (en) SMB service fault processing method and storage device
US20140041053A1 (en) Data block access control
US9794351B2 (en) Distributed management with embedded agents in enterprise apps
CN103019847A (en) Method and system for migrating data of virtual machine
CN110032448B (en) Terminal unlocking control method and device and computer readable storage medium
US10977069B2 (en) Systems and methods for performing virtual machine updates without rebuild of distributed databases thereon
JP2022501733A (en) Data management methods and devices and servers
CN117667296A (en) Restarting method and device of target container
CN110704249A (en) Method, device and system for ensuring application consistency
CN115905271B (en) Virus library updating method and device and multi-engine detection system
JP7327057B2 (en) CONTAINER CONTROL DEVICE, CONTAINER CONTROL METHOD, AND CONTAINER CONTROL PROGRAM
CN117177246B (en) Method for locking electronic equipment, electronic equipment and server
US11762961B2 (en) Management of software licenses for deployed images
US20130318215A1 (en) Server, management server, method of setting network device in computer system
KR20070103590A (en) Method of managing authorization session safely in the tpm software stack
CN112379845A (en) Cluster capacity expansion method and device, computing equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination