Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with thisAccompanying drawing in bright embodiment, is clearly and completely described the technical scheme in the embodiment of the present invention,Obviously, described embodiment is a part of embodiment of the present invention rather than whole embodiments.Based onEmbodiment in the present invention, those of ordinary skill in the art are obtained under not making creative work premiseThe every other embodiment obtained, broadly falls into the scope of protection of the invention.
The present invention is directed to container Intel Virtualization Technology in increasingly extensive application, but to the environment of application service beDuring container (container), it is impossible to the resource that effective monitoring acquisition applications is run in container usesThis problem of situation, it is provided that a kind of monitoring method and system to the container that docker1.0 creates,These monitoring method and system can extract the metric (metric data) of container, these packetsInclude but be not limited to CPU, hard disk, internal memory, network etc..The method and system of the present invention provide collection numberAccording to will gather two solutions of the containerization of method and system own, realization to containerData acquisition on the basis of, be also convenient for cluster management system call this monitoring capture program.
The present invention is further detailed explanation below in conjunction with the accompanying drawings.
Fig. 1 show schematically show the side of the monitoring container according to one embodiment of the present inventionMethod.As it is shown in figure 1, the method includes:
Step S101: communicate with docker daemon, obtains on current hosts node all ofThe id information of container.
First, set up with docker daemon (after docker framework operates in by the agreement of dockerThe finger daemon of platform) communication.After being successfully established communication, directly invoke the REST that daemon providesThe API id information of all of container on this node (this API can directly return), obtains thisThe id information of all of container on main frame (HOST) node.
Step S102: read on the current hosts node that kernel is derived by the interface of proc file systemThe filec descriptor of the NameSpace of all container.
To current monitoring application program, give its authority reading proc catalogue.Enter proc catalogue,The interface accessing system kernel data provided by proc file system, are read on this node that kernel is derivedThe filec descriptor of NameSpace of all container.Due to LXC (Linux Container) instituteThe isolation realized is mainly from the namespace NameSpace of kernel, namespace NameSpace bagIncluding pid, net, ipc, mnt, uts etc., it is by the process of container, network, message, file systemThe hostname with main frame that unites keeps apart, and provides the Virtual Space being independent of each other for each container, because ofThis, by obtaining the filec descriptor of the NameSpace of each container, i.e. can be described by this documentSymbol enters into the network namespace of the container of correspondence and obtains information.Such as, read under proc catalogueTake the filec descriptor of the NameSpace of container, current namespace NameSpace can be shownUnder the NameSpace that comprises and corresponding descriptor, as display NameSpace includes ipc, mnt, net, pidAnd uts, the filec descriptor of its correspondence can be ipc:[4026532300 at control station output display respectively],mnt:[4026532298]、net:[4026532301]、pid:[4026532351]、uts:[4026532299]。
Wherein, proc catalogue is that the one that linux kernel provides passes through the internal number of file system access kernelThe mechanism arranged according to structure, amendment kernel.Proc file system is a pseudo file system, in only existingIn the middle of depositing, provide interface in the mode of file system for accessing system kernel data.User and application programThe information of system can be obtained, it is possible to change some parameter of kernel by proc.Letter due to systemBreath is dynamically to change, when user or application program read proc file, proc file system be dynamically fromSystem kernel reads required fileinfo and submits to.
Step S103: gather CPU, internal memory and the metric data of hard disk.
Id information according to the container got, by calling cgroup (control group, LXCUsing cgroup to realize the management to the resource that each container can use, cgroup provides similar literary compositionThe interface of part realizes the quota to resource and tolerance) api interface to obtain each id information correspondingThe asset data information of container, includes but not limited to CPU, internal memory, hard disk etc..
Such as, when the id information of a certain container got it is“f2e602ba3e5662a8280ccb25b777e6eea405df98bdc791d9587ee0cbc9f315e4”Time, if needing to gather the metric data of the CPU of this container, then can be in conjunction with cgroup'sCorresponding api interface, gets corresponding metric by corresponding order, if desired for the shape gathering CPUDuring the metric of state information, can be by order " cat/cgroup/cpuacct/lxc/f2e602ba3e5662a8280ccb25b777e6eea405df98bdc791d9587ee0cbc9f315e4/cpuacCt.stat ", get CPU in conjunction with the corresponding api interface of cgroup and the cpuacct.stat attribute of cpuacctCorresponding state information (as display result be " user0system0 ", then can get the degree of this stateMagnitude data), if desired for the metric of the situation that takes up room gathering CPU, then can be by order " cat/cgroup/cpuacct/lxc/f2e602ba3e5662a8280ccb25b777e6eea405df98bdc791d9587ee0cbc9f315e4/cpuacCt.usage ", obtain the value that takes up room of the cpuacct.usage attribute of CPU (as display result is“12011199”).If needing to gather the internal memory metric data of this container, then can be in conjunction withThe corresponding api interface of cgroup and property value obtain corresponding metric, as passed through order " cat/cgroup/memory/lxc/f2e602ba3e5662a8280ccb25b777e6eea405df98bdc791d9587ee0cbc9f315e4/memOry.limit_in_bytes " obtain the restriction space size of the EMS memory occupation of container corresponding to this id information(if display result is " 2147483648 ").And if needing to gather the hard disk tolerance of this containerValue Data, then can obtain corresponding metric in conjunction with the corresponding api interface of cgroup and property value, asCan be by order " cat/cgroup/blkio/lxc/f2e602ba3e5662a8280ccb25b777e6eea405df98bdc791d9587ee0cbc9f315e4/blkio.Io_serviced " obtain the hard disk of container corresponding to this id information input-output equipment take situationStatistical result (as display result be " Total 0 ").
Step S104: obtain the network namespace of corresponding container, reads the network naming obtainedCorresponding data information in space.
The filec descriptor of the container by getting, calls can obtain in conjunction with namespace systemGet network namespace corresponding to this container, e.g., by " ns f2e-bash-4.1 "To the network namespace that filec descriptor is the container that " f2e-bash-4.1 " is corresponding.Obtain eachA completely self-contained network protocol stack, this network is included on the network namespace of the container obtainedProtocol stack includes the letters such as network device interface, IPv4 or IPv6 protocol stack, IP route table, firewall ruleBreath.Called by namespace system and enter into the network namespace of container with filec descriptorAfter in, use order " ifconfig " that the every net in the network namespace of this container can be obtainedNetwork data message, and for example, at the network naming of the container that filec descriptor is " f2e-bash-4.1 "In space, i.e. obtain corresponding data message by " ifconfig " order.
By the method for the present embodiment, it is possible to realize all of container created based on docker1.0Resource use monitoring collection, and can collect exactly by Paas (platform-as-a-service,Platform i.e. services) the resource service condition of container that is created that of cloud.
Meanwhile, the method for the present invention supports containerize (containerization), i.e. can will realize the present inventionThe application deployment of method, in container, is issued on container and is run, realize in containerAcquisition monitoring to other container on this main frame (host).Wherein, the inventive method will be realizedApplication deployment method in container identical with prior art container dispositions method, different existAfter disposing, need container is carried out the setting of proc read right, and other operation be allCarrying out in container, the mode being in accordance with container itself processes, as at containerCommunicate with docker daemon, obtain the id information of other container, hold at containerObtained the filec descriptor of other container by the interface of proc file system in device,Calling by cgroup and namespace in container, obtains the corresponding tolerance of other containerValue Data information.The whole capture program realizing the inventive method is disposed in a reservoir, it is possible to achieve wholeThe containerization of individual capture program, thus whole capture program is issued as a common container,After issue, by the cluster management system of corresponding container, monitoring capture program can be scheduling portionAdministration.And program is issued in the way of container and manages, it is possible to enjoy the institute of containerHave superiority, convenient efficiently.
The method of the present invention, it is provided that the resource of the business that a kind of brand-new collection is deployed in containerThe implementation of service condition.By cgroup and namespace system call interfaces, at kernel dataOn the basis of structure, obtain the bottom-up information of container, at user's space by corresponding interface, readTake the data of corresponding kernel spacing, it is achieved that the metric collection to container, for container'sBottom data collection provides effective and feasible solution.
Fig. 2 show schematically show the system of the monitoring container based on docker establishment of the present inventionA kind of frame diagram of embodiment.As in figure 2 it is shown, during implementing, by the frame of this systemStructure is designed as including configuring module (configfile) 40, load-on module (bee) 41, log pattern (log)45, monitoring agent module (collector) 44, control module (controller) 43 and supervising data storage42 6 functional modules of module (handle).Wherein, configuration module 40 part is used for loading and resolve wholeThe configuration file of individual system.Load-on module 41 is the daemon of system, configures for being responsible for loadingMonitoring agent module (collector) 44, control module (controller) 43 and the monitoring number that file is specifiedAccording to memory module (handle) 42, and by the running state information of whole system by calling log pattern45 export in the file specified.Monitoring agent module 44 is for acquisition monitoring data.Control module 43For realizing the functional realiey of the control container part of system.Supervising data storage module 42 is used forRealize data and process the interface of storage part, be responsible for the monitoring data collected are pressed into different data basesIn.The data base of the embodiment of the present invention can be existing Universal Database (such as mysql etc.), thisPreferred influxdb data base in the framework of embodiment, the relevant configuration of data base and output can pass through itUser interface granfana is configured and shows.Wherein, load-on module 41 also includes monitoring and guards listUnit 411 and monitoring service unit 412, monitoring service unit 412 is for carrying out with monitoring agent module 44Communication, obtains the monitoring data gathered, stores different data bases by supervising data storage module 42.Monitoring guards unit 411 for receiving the request of data of user, by supervising data storage module 42 from numberExport to user according to storehouse is read monitoring data.
Configuration module (configfile) 40 in present system, load-on module (bee) 41, daily record mouldBlock (log) 45, control module (controller) 43 and the tool of supervising data storage module (handle)Body realizes process, is referred to prior art and realizes.Monitoring agent module 44 in system then needsTechnical scheme according to embodiments of the present invention realizes, to complete the container's that docker createsData acquisition.Specifically, as in figure 2 it is shown, monitoring agent module 44 include id information acquiring unit 441,Descriptor acquiring unit 442 and data acquisition unit 443.Id information acquiring unit 441 be configured toDocker daemon communicates, and obtains owning in current hosts by the API of daemonThe id information of container.Descriptor acquiring unit 442 is configured to proc file system is arranged readingAuthority, the interface accessing kernel data provided by proc file system, obtain the current of kernel derivationThe filec descriptor of the NameSpace of all container on main frame.Data acquisition unit 443 configuresFor the metric data according to id information and filec descriptor timing acquiring container.Wherein, numberResource data acquisition unit 4431 and network data acquisition unit 4432 is included again according to collecting unit 443.Network data acquisition unit 4432 is for adjusting by the filec descriptor of container and namespace systemWith, gather the metric information of network.Resource data acquisition unit 4431 is for according to container'sId information, is called by cgroup, gathers CPU, internal memory and the metric information of hard disk.Data acquisitionConcrete grammar process, can refer to the method shown in Fig. 1, do not repeat them here.It should be noted thatThe embodiment of the present invention can realize related function module by hardware processor.
Fig. 3 show schematically show shown in Fig. 2 monitoring based on docker create container beThe sequential chart of system.As it is shown on figure 3, this system include monitoring agent module 44, monitoring service unit 412,Unit 411 is guarded in supervising data storage module 42 and monitoring.Monitoring agent module 44 timing acquiring monitorsData are sent to monitor service unit 412, and the monitoring data received are sent by monitoring service unit 412To corresponding supervising data storage module 42, it is pressed into different data by supervising data storage module 42Storehouse stores.When user 50 request monitoring data, monitoring is guarded unit 411 and is received asking of userSeek the information of monitoring data, from supervising data storage module 42, obtain the data of response according to solicited messageInformation, returns to user 50.
The system of the monitoring container of the present invention, it is possible to achieve to the resource service condition of containerAccurate acquisition.And system can dispose in the way of container and issue, and disposes and issuesMode is referred to the process that the existing deployment of container is issued, and difference is when disposing to need systemCarry is under proc file system, it is achieved the read right to proc, to obtain on this main frame that kernel is derivedThe filec descriptor of NameSpace of every other container, with in the container of monitoring systemUtilize id and the filec descriptor of other container, the data of other container are monitoredGather, thus the bottom data collection for container provides effective solution.As the present invention it isWhen system is disposed in container mode and issued, monitoring system itself is also in compliance with the complete life of containerIn the cycle, monitoring system also becomes a container, and this is on the published method of monitoring system, is onePlant new mode.By (i.e. disposing in container after issuing) after monitoring system containerization, pass throughMonitoring system just can be scheduling disposing by corresponding container cluster management system, concentrates containerVarious advantages, transplantability is more preferable, it is achieved that it is right to solve the most conveniently and efficiently with a kind of new wayThe problem that the monitoring of container gathers.
Device embodiment described above is only schematically, wherein said illustrates as separating componentUnit can be or may not be physically separate, the parts shown as unit can be orPerson may not be physical location, i.e. may be located at a place, or can also be distributed to multiple networkOn unit.Some or all of module therein can be selected according to the actual needs to realize the present embodimentThe purpose of scheme.Those of ordinary skill in the art are not in the case of paying performing creative labour, the most permissibleUnderstand and implement.
Through the above description of the embodiments, those skilled in the art is it can be understood that arrive each realityThe mode of executing can add the mode of required general hardware platform by software and realize, naturally it is also possible to by firmlyPart.Based on such understanding, the portion that prior art is contributed by technique scheme the most in other wordsDividing and can embody with the form of software product, this computer software product can be stored in computer canRead in storage medium, such as ROM/RAM, magnetic disc, CD etc., including some instructions with so that oneComputer equipment (can be personal computer, server, or the network equipment etc.) performs each to be implementedThe method described in some part of example or embodiment.
Last it is noted that above example is only in order to illustrate technical scheme, rather than to itLimit;Although the present invention being described in detail with reference to previous embodiment, the ordinary skill of this areaPersonnel it is understood that the technical scheme described in foregoing embodiments still can be modified by it, orPerson carries out equivalent to wherein portion of techniques feature;And these amendments or replacement, do not make corresponding skillThe essence of art scheme departs from the spirit and scope of various embodiments of the present invention technical scheme.