Yadda ake Sarrafa Kwantena Ta amfani da Podman da Skopeo a cikin RHEL 8


Ofaya daga cikin ƙalubalen da masu haɓaka suka fuskanta a baya shine samun aikace-aikace don gudanar da abin dogara cikin ƙididdigar hanyoyin sarrafa abubuwa da yawa. Sau da yawa, aikace-aikace ba suyi aiki kamar yadda aka zata ba ko kuma sun ci karo da kurakurai kuma sun gaza gaba ɗaya. Kuma a nan ne aka haife ma'anar kwantena.

Menene Hotunan Kwantena?

Hotunan akwati fayilolin tsaye waɗanda ke jigilar tare da lambar zartarwa wacce ke gudana a keɓance wuri. Hoton kwantena ya ƙunshi dakunan karatu na tsarin, masu dogaro da sauran saitunan dandamali waɗanda aikace-aikacen ke buƙata don gudana a cikin yanayi daban-daban.

Red Hat Linux tana ba da saitin kayan aikin kwantena masu amfani waɗanda zaku iya amfani dasu don yin aiki kai tsaye tare da kwantena na Linux ta amfani da umarnin docker. Wadannan sun hada da:

  • Podman - Wannan injin ne mai ƙarancin kwantena don gudanar da gudanar da kwantena na OCI a cikin ko dai tushe ko yanayin rashin tushe. Podman yayi kama da Docker kuma yana da zaɓuɓɓukan umarni iri ɗaya banda cewa Docker ƙazamar riba ce. Kuna iya jan, gudu, da sarrafa hotunan kwantena ta amfani da adama kamar yadda zakuyi tare da Docker. Podman ya zo tare da manyan fasalolin ci gaba, yana haɗe tare da tsarin, kuma yana ba mai amfani tallafin Namespace wanda ya haɗa da kwantena masu gudana ba tare da buƙatar mai amfani tushen ba.
  • Skopeo: Wannan kayan aikin layin umarni ne da ake amfani da shi don yin kwafin hotunan kwantena daga rajista ɗaya zuwa wani. Kuna iya amfani da Skopeo don kwafin hotuna zuwa da kuma daga wani runduna da kwafin hotuna zuwa wani wurin yin rajista ko muhalli. Baya yin kwafin hotuna, zaku iya amfani da shi don bincika hotuna daga rajista daban-daban kuma kuyi amfani da sa hannu don ƙirƙirar da tabbatar da hotuna.
  • Buildah: Wannan jerin kayan aikin layin umarni ne da ake amfani dasu don ƙirƙira da sarrafa hotunan OCI na kwantena ta amfani da fayilolin Docker.

A cikin wannan labarin, zamu mai da hankali kan Gudanar da kwantena ta amfani da podman da Skopeo.

Binciken Hotunan Kwantena daga Rijistar Nesa

Umurnin bincike na podman yana ba ku damar bincika zaɓaɓɓun rajista masu nisa don hotunan ganga. Jerin tsoffin rajista an bayyana a cikin registries.conf fayil dake cikin/sauransu/kwantena/shugabanci.

An bayyana rajistar ta sassa 3.

  • [registries.search] - Wannan ɓangaren ya ƙayyade tsoffin rajista waɗanda ɗaliban ɗari da ɗari za su iya bincika hotunan kwantena. Yana bincika hoton da aka nema a cikin registry.access.redhat.com, registry.redhat.io, da kuma rajistar docker.io.

  • [registries.insecure] - Wannan ɓangaren yana ƙayyade rajista waɗanda ba sa aiwatar da ɓoyayyen TLS watau rajista marasa tsaro. Ta tsohuwa, ba a kayyade shigarwar ba.

  • [registries.block] - Wannan ya toshe ko ya hana samun damar yin rajistar daga tsarin yankinku. Ta tsohuwa, ba a kayyade shigarwar ba.

A matsayinka na mai amfani (wanda bashi da tushe) wanda yake gudanar da umarnin podman, zaka iya ayyana fayil dinka na registries.conf a cikin kundin adireshin gidanka ($HOME/.config/containers/registries.conf) don shawo kan saitunan tsarin gaba daya.

Yayin da kake tantance rajistar, ka tuna da masu zuwa:

  • Kowane rajista yakamata a rufe shi da maganganu guda.
  • Za a iya ƙayyade masu rajista ta amfani da sunan mai masauki ko adireshin IP.
  • Idan an kayyade rajista da yawa, to ya kamata a raba su da waƙafi.
  • Idan rajista ta yi amfani da tashar da ba ta daidaitacce ba - ko dai tashar tashar TCP 443 don amintacce kuma 80 don rashin tsaro, - ya kamata a ƙayyade lambar tashar tare da sunan rajista misali. rajista.example.com:5566.

Don bincika rajista don hoton akwati ta amfani da rubutun:

# podman search registry/container_image

Misali, don neman hoton Redis a cikin rajista.redhat.io rajista, kira umarnin:

# podman search registry.redhat.io/redis

Don bincika hoton hoton MariaDB.

# podman search registry.redhat.io/mariadb

Don samun cikakken bayanin hoto na akwati, yi amfani da zaɓi --no-trunc kafin sunan hoton akwatin daga sakamakon da kuka samu. Misali, zamuyi kokarin samun cikakken kwatancen hoton kwandon MariaDB kamar yadda aka nuna:

# podman search --no-trunc registry.redhat.io/rhel8/mariadb-103

Jawo Hotunan Kwantena

Ja ko kwato hotunan kwantena daga rajista mai nisa yana buƙatar ka fara tantancewa kafin komai. Misali, don dawo da hoton marubiyar MariaDB, fara shiga rajista ta Redhat:

# podman login

Bayar da sunan mai amfani da kalmar wucewa kuma danna 'SAMU' a kan madanninku. Idan komai ya tafi daidai, yakamata ku sami saƙon tabbatarwa cewa shiga cikin rajista yayi nasara.

Login Succeeded!

Yanzu, zaku iya cire hoton ta amfani da rubutun da aka nuna:

# podman pull <registry>[:<port>]/[<namespace>/]<name>:<tag>

<rajista> yana nufin mai watsa shiri na nesa ko rajista wanda ke ba da wurin ajiyar hotunan kwantena akan TCP <port>. da kuma <name> gabaɗaya saka hoton akwati bisa ga a wurin rajista. A ƙarshe, zaɓin <tag> ƙayyade sigar hoton akwatin. Idan babu wanda aka bayyana, tsoho tag - sabo - ana amfani.

A koyaushe ana ba da shawarar ƙara rajista masu amintattu, wannan shine waɗanda ke ba da ɓoyewa kuma ba su ƙyale masu amfani da ba a san su ba da lissafi tare da bazuwar sunaye ba.

Don cire hoton MariaDB, gudanar da umarnin:

# podman pull registry.redhat.io/rhel8/mariadb-103

  • The\lambar> - rajista.redhat.io
  • The\lambar> - rhel8
  • The> lambar> - MariaDB
  • The> lambar> <> lambar> - 103

Don hotunan kwantenan da ke tafe, ba a buƙatar ƙarin shiga tunda an riga an tabbatar da ku. Don cire hoton akwatin Redis, kawai gudu:

# podman pull registry.redhat.io/rhscl/redis-5-rhel7

Jerin Hotunan Kwantena

Da zarar kun gama ja hotunan, zaku iya kallon hotunan da ke kan mai gidanku a halin yanzu ta hanyar aiwatar da umarnin hotunan hotuna.

# podman images

Duba Hotunan Kwantena

Kafin gudanar da akwati, yana da kyau koyaushe a bincika hoton kuma a fahimci abin da yake yi. Podman yana bincikar buga umarni yana fitar da tekun metadata game da kwantena kamar OS da Architecture.

Don bincika hoto, gudanar da aikin duba fayil ɗin wanda biyo bayan ID ɗin hoto ko ma'aji.

# podman inspect IMAGE ID
OR
# podman inspect REPOSITORY

A cikin misalin da ke ƙasa, muna duba akwatin MariaDB.

# podman inspect registry.redhat.io/rhel8/mariadb-103

Don cire takamaiman metadata don kwandon wucewa zaɓi --format zaɓi wanda metadata da asalin akwatin (ID ɗin hoto ko suna).

A cikin misalin da ke ƙasa, muna maido da bayani game da gine-gine da bayanin kwandon tushe na RHEL 8 wanda ya faɗi a ƙarƙashin ɓangaren 'Labels'.

# podman inspect --format=’{{.Labels.architecture}}’ image ID
# podman inspect --format=’{{.Labels.description}}’ image ID

Don bincika hoto mai nisa daga wani wurin yin rajista, yi amfani da skopeo na duba umarnin. A cikin misalin da ke ƙasa, muna bincika hoton hoto na RHEL 8 wanda aka shirya akan Docker.

# skopeo inspect docker://registry.redhat.io/rhel8-beta/rhel-init

Tagging Hotunan akwati

Kamar yadda wataƙila kuka lura, sunayen hoto yawanci suna a cikin yanayi. Misali, an yi wa hoton redis alama:

registry.redhat.io/rhscl/redis-5-rhel7

Sawa hotuna alama yana basu ingantaccen suna don fahimtar abin da suka ƙunsa. Ta yin amfani da umarnin tag na tambarin, za ka iya ƙirƙirar alamar hoto wanda ainihin sunan laƙabi ne ga sunan hoto wanda ya ƙunshi sassa daban-daban.

Wadannan su ne:

registry/username/NAME:tag

Misali, don canza sunan asalin hoton Redis wanda yake da ID na 646f2730318c, zamu aiwatar da umarnin:

# podman tag 646f2730318c myredis

Don daɗa alama a ƙarshen haɗe cikakken mulkin mallaka wanda lambar alama ta biyo baya:

# podman tag 646f2730318c myredis:5.0

Ba tare da ƙara lambar alamar ba, za a sanya masa sifa mafi sabo.

Gudun Hotunan Kwantena

Don gudanar da akwati, yi amfani da umarnin gudu na podman. Misali:

# podman run image_id

Don gudanar da akwati da shiru a bango azaman sabis ɗin daemon amfani da zaɓi -d kamar yadda aka nuna.

# podman run -d image_id

Misali, don gudanar da hoton redis tare da ID 646f2730318c, zamu kira umarnin:

# podman run -d 646f2730318c

Idan kuna gudanar da akwati bisa ga tsarin aiki kamar su RHEL 8 hoton tushe, zaku iya samun damar zuwa harsashi ta amfani da umarnin -it . Zaɓin -i ƙirƙirar zaman tattaunawa yayin da -t ke haifar da zaman ƙarshe. Zaɓin --suna zaɓi sunan akwati zuwa mybash yayin da id ne ecbc6f53bba0 id image na tushe.

# podman run -it --name=mybash ecbc6f53bba0

Bayan haka, zaku iya gudanar da duk wani umarnin harsashi. A cikin misalin da ke ƙasa, muna tabbatar da sigar OS na hoton akwati.

# cat /etc/os-release

Don fita daga akwatin, kawai kira umarnin fita.

# exit

Da zarar an fita da akwatin, sai ya tsaya kai tsaye. Don sake fara amfani da akwatin, yi amfani da umarnin farawa na farawa daga tutar -ai kamar yadda aka nuna.

# podman start -ai mybash

Har yanzu, wannan yana ba ku damar yin amfani da harsashi.

Lissafin Gudun Kwantena Hotunan

Don lissafin kwantena masu gudana a yanzu, yi amfani da umarnin podman ps kamar yadda aka nuna.

# podman ps

Don duba duk kwantena ciki har da waɗanda suka fice bayan gudu, yi amfani da umarnin:

# podman ps -a

Sanya Hotunan Kwantena don Fara atomatik Karkashin Sabis ɗin Systemd

A cikin wannan ɓangaren, muna mai da hankali kan yadda za'a iya saita kwantena don tafiya kai tsaye a kan tsarin RHEL azaman sabis ɗin tsari.

Da farko, sami hoton da kuka fi so. A wannan yanayin, mun ja hoton Redis daga tashar docker:

# podman pull docker.io/redis

Idan kana da SELinux da ke gudana a cikin tsarinka, kana buƙatar kunna container_manage_cgroup boolean don gudanar da kwantena da systemd.

# setsebool -p container_manage_cgroup on

Bayan haka, gudanar da hoton akwatin a bango kuma sanya shi zuwa sunan hoton da kuka fi so. A cikin wannan misalin, mun sanya sunan hoton mu redis_server kuma munyi taswirar tashar ta 6379 daga kwantena zuwa mai masaukin mu RHEL 8

# podman run -d --name redis_server -p 6379:6379 redis

Gaba, zamu ƙirƙiri fayil ɗin tsari na tsari don redis a cikin/etc/systemd/system/directory.

# vim /etc/systemd/system/redis-container.service

Manna abubuwan da ke ƙasa zuwa fayil ɗin.

[Unit]
Description=Redis container

[Service]
Restart=always
ExecStart=/usr/bin/podman start -a redis_server
ExecStop=/usr/bin/podman stop -t 2 redis_server

[Install]
WantedBy=local.target

Adana kuma ka fita fayil din.

Na gaba, saita akwati don farawa ta atomatik akan bootup.

# systemctl enable redis-container.service

Na gaba, fara akwatin kuma tabbatar da yanayin yadda yake gudana.

# systemctl start redis-container.service
# systemctl status redis-container.service

Sanya Tsayayyen Ma'aji don Hotunan Kwantena

Lokacin gudanar da kwantena, yana da hankali don saita tsayayyen ajiyar waje akan mai masaukin. Wannan yana ba da kariya idan akwati ya faɗi ko cirewa ba zato ba tsammani.

Don ci gaba da bayanan, za mu zana taswirar kundin adireshin da ke cikin mahaɗan zuwa kundin adireshi a cikin akwatin.

$ podman run --privileged -it -v /var/lib/containers/backup_storage:/mnt registry.redhat.io/ubi8/ubi /bin/bash

Zaɓin - keɓaɓɓu an wuce lokacin da aka saita SELinux don aiwatarwa. Zaɓin -v ƙayyade ƙarar waje wanda yake kan mahalarta. Thearar akwatinan nan shine/mnt directory.

Da zarar mun isa ga harsashi, zamu ƙirƙiri samfurin gwajin file.txt a cikin adireshin/mnt kamar yadda aka nuna.

$ echo "This tests persistent external storage" > /mnt/testing.txt

Daga nan za mu fita daga cikin akwatin mu bincika ko fayel ɗin ɗin ya wanzu a cikin maɓallin ajiyar waje wanda yake masaukin

# exit
# cat /var/lib/containers/backup_storage/testing.txt

Fitarwa ⇒ Wannan yana gwada adana ajiyar waje.

Tsayawa da Cire Kwantena

Da zarar kun gama tare da tafiyar da akwatin ku, zaku iya dakatar da shi ta amfani da umarnin dakatar da podman wanda aka biyo ta id-container wanda zaku iya samu daga umarnin podman ps.

# podman stop container-id

Don cire kwantena waɗanda baku buƙatar buƙata, da farko, tabbatar cewa kun dakatar da shi sannan kuma ku yi kira ga umarnin podman rm wanda id ko sunan akwatin yake bi a matsayin zaɓi.

# podman rm container-id

Don cire kwantena da yawa a tafiya a cikin umarni ɗaya, saka ids ɗin akwatin da aka raba ta sarari.

# podman rm container-id-1 container-id-2 container-id-3

Don share duk kwantena, gudanar da umarnin:

# podman rm -a

Cire Hoto

Don cire hoto, da farko, tabbatar cewa duk kwantenan da aka zana daga hotunan an dakatar da cire su kamar yadda aka tattauna a cikin ƙaramin batun da ya gabata.

Na gaba, ci gaba da gudanar da adana fayil ɗin -rmi umarni biye da ID na hoton kamar yadda aka nuna:

# podman -rmi image-id

Kammalawa

Wannan ya ƙare wannan babin kan sarrafawa da aiki tare da kwantena a cikin RHEL 8. Muna fatan wannan jagorar ya ba da kyakkyawar fahimtar kwantena da yadda zaku iya hulɗa da sarrafa su akan tsarin RHEL ɗin ku ta amfani da podman da Skopeo.