Shulou(Shulou.com)06/02 Report--

Draw the key points

This article will explain the rich container technology from three angles: what the rich container is, the applicable scenario of the rich container, and the realization of the rich container technology. at the same time, students who are interested in rich containers can scan the QR code at the end of the article to participate in the technical discussion on rich containers. Sun Hongliang, author of the PouchContainer team, scans the QR code for more information to see the real person.

PouchContainer is Alibaba Group's open source efficient, lightweight enterprise-level rich container engine technology, with strong isolation, high portability, low resource consumption and other features. It can help enterprises to quickly realize the containment of inventory business, and at the same time improve the utilization of physical resources in super-large-scale data centers.

PouchContainer originates from Alibaba's internal scene. In the early days of its birth, Alibaba engineers devoted themselves to the design of how to protect Internet applications. The technical features of PouchContainer, such as strong isolation and rich containers, are the best proof. Under the mass scale of Alibaba, the support of PouchContainer for business has been tested by double 11. After open source, Ali Container has become an inclusive technology, which is positioned to "help enterprises quickly realize the containment of inventory business".

When he first came into contact with container technology, Alibaba had an astonishing scale of inventory business. How to quickly containerize the stock business through technology was a key problem when Ali Container Technology was rolled out internally that year. Today, open source container technology is becoming more and more popular. in the face of landing, it is believed that many enterprises with a large number of stock businesses are also worried about how to containerize these businesses. In the field of cloud native, most of the advanced ideas advocated by the CNCF Foundation are based on the containerization of the business. If the enterprise business does not step on the right step in terms of cloud native containerization, it will be impossible to talk about the subsequent open source technology dividends in industries such as container orchestration and Service Mesh.

Through seven years of practical experience, Alibaba Container Technology PouchContainer uses facts to convey such a message to the industry that rich containers are the preferred technology to realize the rapid containerization of enterprise stock business.

What is a rich container?

Rich container is a kind of container mode adopted by enterprises in the process of packaging business applications and realizing business containerization. This model can help enterprise IT technicians package business applications with little effort. Business applications packaged through rich container technology can achieve the following two purposes:

Container image to realize the rapid delivery of business

Container environment is compatible with the original operation and maintenance system of enterprises.

From a technical point of view, rich containers provide an effective path to help businesses package more business OPS kits and system services in a single container image in addition to the business application itself. At the same time, compared with relatively simple single-process containers, rich containers also have great changes in the process organization structure: systemd and other butler processes are automatically run inside the container. In this way, applications in rich container mode have the ability to run exactly like a physical machine without changing any business code or operation and maintenance code. It can be said that this is a more general "application-oriented" model.

In other words, while ensuring the efficiency of business delivery, rich containers are not intrusive to applications in the development and operation layer, so they have the ability to help IT personnel focus more on business innovation.

Applicable scenario

Rich containers can be used in a wide range of scenarios. It can be said that almost all the stock business of the enterprise can adopt rich container as the first choice of containerization scheme. For nearly two decades before container technology became popular, enterprise IT services ran in bare metal or virtual machines. A great deal of credit for the stable operation of enterprise business comes from the work of operation and maintenance, if subdivided, including "infrastructure operation and maintenance" and "business operation and maintenance". All applications run on physical resources; all business stability depends on monitoring systems, log services and other operation and maintenance systems. Then, we have reason to believe that in the process of business containerization, enterprises must not ignore the operation and maintenance system, otherwise the consequences can be imagined.

Therefore, in the process of containerization of inventory business, we need to consider the scenarios that are compatible with the original operation and maintenance system of enterprises, which are all within the scope of the use of PouchContainer rich container technology.

Implementation of rich container technology

Since the business is compatible with the original operation and maintenance system, what kind of technology is used to realize the rich container technology? The following figure clearly describes the interior of rich container technology.

Rich container technology is fully compatible with the OCI image of the community, and the container starts with the mirrored file system as the container's rootfs. In the running mode, at the functional level, in addition to running the process internally, it also includes hook methods (prestart hook and poststop hook) when the container starts and stops.

The process runs inside the rich container

If we look at PouchContainer's rich container technology from the perspective of internal running processes, we can divide internal running processes into four categories:

Init process of pid=1

CMD of container image

System service process inside the container

User-defined operation and maintenance components

Init process of pid=1

The most obvious difference between the rich container technology and the traditional container is that an init process runs inside the container, while the traditional container (such as the docker container) takes the CMD specified in the container image as the pid=1 process in the container. PouchContainer's rich container mode can be run from three init processes:

Systemd

Sbin/init

Dumb-init

As we all know, the traditional container as an independent running environment, there are some disadvantages in the management of internal processes, such as the inability to recover zombie processes, resulting in the container consuming too many processes and extra memory, etc.; for example, it is unable to manage the system service processes inside the container amicably, resulting in the lack of basic capabilities required by some business applications, such as cron system services, syslogd system services, etc. For example, it is impossible to support the normal operation of some system applications, mainly because some system applications need to call systemd to install the RPM package.

In the operation and maintenance mode, the rich container init process can undoubtedly solve the above problems and bring a better experience to the application. The init process adds the ability to wait the dying process at design time, that is, it can easily solve the Zombie zombie process born during the running of the business process in the figure above; at the same time, managing system services is also one of its duties. If, on the one hand, some of the most basic traditional operation and maintenance capabilities, the init process will help users solve most of the problems, laying a solid foundation for the operation and maintenance system.

CMD of container image

The CMD of the container image, that is, the business that we want to run inside the container in the traditional sense. For example, when you package a Golang business system into an image, you will definitely specify the startup command of the business system as CMD in the Dockerfile, so as to ensure that the CMD command will be executed to run the business system from the container running through the image in the future.

Of course, the CMD of the container image represents the business application and is the core part of the rich container. All the operation and maintenance adaptations are to ensure the more stable operation of the business application.

In-container system service process

Server programming has been developed for decades, and many business system development models are based on the Linux operating system on bare metal or the Linux environment in a virtualized environment. In the long run, the development paradigm of many business applications will interact with the system service process very frequently. For example, applications written in the Java programming language are likely to configure log management through log4j, or redirect application logs to syslogd in the running environment through log4j.properties configuration. If there is no syslogd running in the application running environment, it is very likely to affect the startup and operation of the business. For example, business applications need to manage periodic tasks needed by the business through crond. If there is no crond system daemon in the application running environment, it is impossible for business applications to configure periodic tasks through crontab. For example, the sshd system service system inside the container can quickly help operation and maintenance engineers make rapid progress of the application run site, locate and solve problems, and so on.

PouchContainer's rich container model takes into account a large number of applications with demand and system service delivery in the industry, and the init process inside the rich container has the ability to natively manage a variety of system service processes.

User-defined operation and maintenance components

The existence of system services can assist the normal operation of the business, but in many cases this is not enough. The enterprise's own operation and maintenance components for infrastructure and applications play the role of escorting the business at the same time. For example, the enterprise operation and maintenance team needs to uniformly configure monitoring components for business applications; the operation and maintenance team must manage the application logs inside the container through a custom log agent; and the operation and maintenance team needs to customize its own basic operation and maintenance tools to require the application running environment to meet the internal audit requirements.

Because there is an init process in the rich container, the user-defined OPS components can run healthily and stably as usual, providing OPS capabilities.

Rich containers start and stop execution of hook

In the end, the task process running inside the rich container can ensure that the runtime of the application is stable and normal. however, for the operation and maintenance team, the scope of responsible content is often much wider than that of a single runtime. Generally speaking, the responsibility of operation and maintenance also needs to cover the preparation of the environment before the runtime and the aftermath after the end of the runtime. For applications, we usually refer to prestart hook and poststop hook.

PouchContainer's rich container mode allows users to easily specify the start and stop of the application to execute hook: prestart hook and poststop hook. The prestart hook specified by the operation and maintenance team can help the application do some initialization operations within the container that meet the needs of operation and maintenance before running, such as initializing the network routing table, obtaining the permission to execute the application, downloading the certificates required by the runtime, and so on. The operation and maintenance team assigns poststop hook to help applications perform unified follow-up work after the end of operation or abnormal exit, for example, cleaning up intermediate data to provide a clean environment for the next startup; if it is an abnormal exit, it can immediately report error messages to meet the needs of operation and maintenance.

We can find that the start and stop hook inside the rich container has increased the container's operation and maintenance capability, greatly releasing the flexible management ability of the operation and maintenance team to the application.

Summary

Tempered by a large number of businesses within Alibaba, PouchContainer has helped super-large Internet companies to realize the containerization of all their online business. There is no doubt that the rich container technology is the most practical and without any intrusive technology for application development and operation and maintenance.

Open source PouchContainer hopes that technology can benefit the industry, help a large number of enterprises in the containerization of inventory business, win their own time, quickly embrace cloud native technology, and make great strides towards digital transformation.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.