File system resource isolation method for Docker container

A docker container and file system technology, applied in the field of virtualized systems, can solve the problem of inability to solve the problem of shared kernel isolation, isolation is not suitable for Docker containers, etc., to achieve the effect of simple and flexible isolation mechanism, small modification, and improved isolation

Active Publication Date: 2019-08-13
HUAZHONG UNIV OF SCI & TECH
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] As can be seen from the above, the existing performance isolation methods of Docker containers are directly related to hardware-related performance isolation, which cannot solve the isolation problem caused by the shared kernel.
The technical means to solve the isolation problem caused by the shared kernel are not applicable to Docker containers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • File system resource isolation method for Docker container
  • File system resource isolation method for Docker container
  • File system resource isolation method for Docker container

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] Aiming at the isolation problem caused by the lock competition in the container sharing kernel and the file system resource competition, the present invention proposes a file system resource isolation system for Docker containers. The system analyzes the locks used in the file system operation and finds out A set number of coarse-grained locks can be issued, and a fine-grained lock can be assigned to each container as a copy of the coarse-grained lock, thereby avoiding the problem of multiple containers competing for the same coarse-grained lock. At the same time, the above modification will not bring about consistency problems. Allocate file system resources to each container file system instance to avoid sharing, thereby preventing performance interference caused by competition and improving isolation.

[0042] Specifically, such as figure 1 As shown, the file system resource isolation system includes at least several containers 1 , a file operating system calling mo...

Embodiment 2

[0049] This embodiment is a further improvement on Embodiment 1, and repeated content will not be repeated here.

[0050] The present invention also provides a method for isolating file system resources facing Docker containers, which at least includes the following steps:

[0051] S1: The file system resource allocation module 302c allocates the host file system resources according to the requirements of the container 1, and distinguishes the containers allocated with different host file system resources by marking the containers.

[0052] Specifically, when a container is created by, for example, Docker, a requirement for file system resources will be proposed according to the characteristics of the load run by the container. Different containers have different needs for file system resources. For example, when a container runs intensive loads such as database or web server I / O, the container will perform a large number of file creation operations, so that the container req...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a file system resource isolation method for a Docker container. The method includes: allocating host file system resources according to the access request of the container anddetermining a lock resource corresponding to the access request, the file system resource isolation method at least comprises the following steps: dividing a lock resource into a first lock capable of being refined and a second lock incapable of being refined based on the granularity of the lock resource, and creating a plurality of new containers in a manner of configuring refined copies of thefirst lock to form independent locks; allocating the host file system resources according to the file resource request parameters required by the new containers, and dividing the plurality of new containers into a first marking container and a second marking container based on the allocation result; and controlling the execution of the file system operation according to the use amount of the filesystem resources allocated to the first marking container or the second marking container under the condition that the lock competition exists or the file system resources need to be used when the first marking container or the second marking container executes the file system operation.

Description

technical field [0001] The invention belongs to the technical field of virtualization systems, and in particular relates to a method for isolating file system resources oriented to Docker containers. Background technique [0002] Currently, virtualization is a key technical means to improve device utilization in a cloud computing environment. The emergence of Docker has promoted the development of operating system-level virtualization technology. With its high performance, fast startup, low overhead, and isolation, containers have begun to replace virtual machines and occupy an increasingly important position in the cloud computing environment. However, although containers have certain advantages over virtual machines in terms of performance, they are worse than virtual machines in terms of isolation. The essential reason is that containers share the same operating system kernel. At the same time, since containers are lighter than virtual machines, more containers can be d...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/60
CPCH04L63/02G06F21/60G06F2009/45587G06F9/45558G06F2009/45579G06F2009/45562G06F16/17G06F9/5011
Inventor 吴松金海陈希明
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap