您现在的位置是:主页 > 真人充钱提现的牛牛app > 騰訊開源開年紅!TencentOS內核正式開源

騰訊開源開年紅!TencentOS內核正式開源
2020-01-11 18:45   来源:  www.oceanofgameso.com   评论:0 点击:

騰訊開源開年紅!TencentOS內核正式開源1月9日,腾讯正式开源其云原生操作系统内核TencentOSKernel(GitHub

1月9日,腾讯正式开源其云原生操作系统内核TencentOSKernel(GitHub地址:///Tencent/TencentOS-kernel),笔者看到,在GitHub上发布几小时后,该项目已经获得了近百个Star。

On january 9th tencent officially opened its cloud-based operating system kernel, tencent os kernel (github address:\/\/\/teencent\/tencent os-kernel), and the author saw that the project had received nearly 100 stars hours after it was released on github.

在十年前,业界普遍流传着一句话叫做“代码正在吞没世界”,后来又说“互联网世界的一切源自开源”。而直到最近,人们才真正醒悟,原来云原生才是背后的那个大BOSS,凡是不使用云的都将落后,都无法做到敏捷,跟不上时代。

A decade ago, there was a widespread buzzword for the industry that \"code is engulfing the world\" and later that \"everything in the internet world comes from open source \". And until recently, people really realized that the original cloud is behind the big boss, all do not use the cloud will lag behind, cannot achieve agility, cannot keep up with the times.

TencentOSKernel恰恰是开源 云原生的典范,其定制于Linux社区长期支持的版本,在资源调度弹性、容器支持、系统性能及安全等层面,都做了深度优化。

Vincent OS Kernel is exactly open source The model of cloud origin, a version of the Linux community's long-term support, has been deeply optimized for resource scheduling flexibility, container support, system performance, and security.

该系统的开源,可以帮助行业大幅提升云上资源的利用效率、降低运营成本,同时获得更加安全可靠的业务运行环境。

The system's open source can help the industry significantly improve the use of resources on the cloud, reduce operating costs, and achieve a more secure and reliable business environment.

在2019年腾讯Techo开发者大会上,腾讯正式宣布将朝着“自下而上”与“自上而下”相结合的目标,推进开源工作。

At Tencent's Techo developer conference in 2019, Tencent officially announced that it would advance open source work towards the goal of combining \"bottom-up\" with \"top-down \".

腾讯还将建立对外开源管理办公室,对开源项目进行指导和帮助,为开发者提供社区合作交流机会,建设以开源为核心的技术生态圈。

Tencent will also set up an external open source management office to guide and help open source projects, provide developers with community cooperation and exchange opportunities, and build an open source-centred technology ecosystem.

笔者刚刚在GitHub上做了一下统计,截止1月9日下午,腾讯在GitHub上发布的总项目数达到95个,Star数近27万;而且其开源项目很多都堪称重磅,比如腾讯把以性能RPC开发框架TARS及轻量化服务方案TSeer,捐赠给Linux基金会,而微信Web服务框架WeUI,一经发布就广受好评。

I've just done a few stats on GitHub. As of the afternoon of January 9th, Tencent had 95 projects on GitHub and nearly 270,000 stars. And many of its open source projects, such as Tencent's donation of its RPC development framework, TARS and lightweight services, to the Linux Foundation, and WeChat's Web service framework, WeUI, have been well received.

腾讯在操作系统方面,也是动作不断,比如TencentOSKernel的兄弟——TencentOSTiny,这个才刚刚问世的IoT操作系统,凭借其低功耗、低资源占用、模块化、安全可靠等特点,目前在GitHub上获得3700颗Star。

Tencent is also constantly moving in terms of operating systems, such as Vincent OS Kernel's brother, the just-released IoT operating system, which now has 3,700 stars on GitHub for its low-power, low-resource footprint, modularity, and security.

在目前超大规模计算的时代,提升效率、降低成本是最基本的诉求。而云原生最大的特点,就是可持续交付和微服务化,将容器打造成微服务的运行载体。

In the current era of large-scale computing, efficiency and cost reduction are the most basic demands. The biggest feature of cloud origin is the sustainable delivery and micro-service, which makes the container a carrier of micro-service.

但是,现在的通用Linux系统内核,并不是为容器 微服务的云原生架构所设计,在很多方面,甚至不太合适云原生,但是TencentOSKernel做了很多直面痛点的优化工作:

However, the current universal Linux kernel is not a container The cloud-based architecture of microservices is designed to be, in many ways, even less suitable for cloud-based origin, but Tencent OS Kernel has done a lot of work to optimise the pain:

ARM64架构的内核热补丁方案:内核热补丁技术是一种无需重启服务器,即可实现修改内核运行时代码的技术。基于该技术,可以在不影响业务正常运行的情况下,修复内核Bug或者安全漏洞,以提高运营效率、底层平台的稳定性和可用性,并使得业务运营体验有效提升。

The kernel heat patch scheme of ARM64 architecture: kernel heat patch technology is a technology that can modify the kernel running time code without restarting the server. Based on this technology, the kernel Bug or security vulnerabilities can be fixed without affecting the normal operation of the business, so as to improve the operational efficiency, the stability and availability of the underlying platform, and make the business operation experience effective.

目前,面向互联网的云服务,每天都会面对数量众多的攻击事件,及时针对内核漏洞进行热补丁升级,是云服务安全运营的最低要求。

At present, the Internet-oriented cloud services, every day will face a large number of attacks, timely kernel vulnerabilities to make up for the upgrade, is the minimum requirements for the safe operation of cloud services.

可是,当下其它Linux内核,针对在云计算中被广泛应用的ARM架构设备,还缺乏热补丁支持,不过TencentOSKernel填补了这个空白。

However, the current Linux kernel, for the widely used ARM architecture devices in cloud computing, there is no hot patch support, but Vincent OS Kernel fills the gap.

TencentOSKernel基于Kpatch框架,开发了ARM64热补丁特性。Kpatch在内核中,是基于ftrace实现内核函数的替换,类似于ftrace的动态探测点,不过不是统计某些运行数据,而是修改函数的运行序列:在函数运行某些额外的代码之后,略过旧函数代码,并跳转至新函数。

Tencent OS Kernel developed the ARM64 thermal patch feature based on the Kpatch framework. In the kernel, kpatch implements the substitution of kernel functions based on frace, similar to the dynamic probe point of frace, but not counting some running data, but modifying the running sequence of the function: after the function runs some additional code, skip the old function code and jump to the new function.

而在用户态中,则通过Kernel源码编译内核,打上补丁后再次编译内核,通过分析两次目标文件的变动情况,生成,并通过解析生成最终的,有关这个方面的实现,令人拍案叫绝,笔者后续计划专文详述此部分原理。

In the user state, the kernel is compiled through Kernel source code, and the kernel is compiled again after patching, by analyzing the change of the target file twice, generating, and by parsing the final, the implementation of this aspect is amazing, and the author's follow-up plan details this part of the principle.

由于容器是特殊的进程,不同容器之间,并不能像同一操作系统下的进程间,那样进行共享,安全隔离始终是容器平台的核心问题。

Because containers are special processes, security isolation is always a central issue for container platforms, not shared as between processes under the same operating system.

而其它版本的Linux内核提供的隔离特性,远远不能满足容器隔离的实际需求内核中,/proc文件系统中,大部分信息没有实现namespace功能,隔离性根本无从谈起。

The isolation feature provided by other versions of the linux kernel is far from meeting the actual requirements for container isolation. In the \/ proc file system, most of the information does not implement the namespace function.

TencentOSKernel从容器角度出发对于cpuinfo、stat、loadavg、meminfo、vmstat、diskstats、uptime等进行了隔离增强,保证容器中的应用,能获得正确的系统状态信息。

tencent oskernel has isolated enhancements to cpuinfo, stat, loadavg, meminfo, vmstat, diskstats, uptime and so on from a container perspective to ensure that applications in the container can get the correct system status information.

并且针对容器内外进程PID对应关系的痛点,做出了优化,在内核参数_host_pid=1时,容器内可以通过读取/proc/self/hostinfo文件,来获取容器内进程在容器外的真实pid。

The real pid of the container process outside the container can be obtained by reading the \/proc\/self\/hostinfo file when the kernel parameter _host_pid =1.

更重要的是,TencentOSKernel待Push的版本中,还特别提到,将提供包括NVMeIO隔离等特性,这将彻底解决IO控制组在多队列设备场景资源利用率低,不支持按比例隔离等问题,保证了不同场景下的IO隔离效果。

more importantly, tencent os kernel to push ' s version also mentions in particular that features such as nvme io isolation will be provided, which will completely solve the problem of low resource utilization of io control group in multi-query device scenarios and not support proportional isolation, which ensures the io isolation effect in different scenarios.

笔者看到,其离线调度算法也即将Push,在不影响在线业务质量的前提下,整机的CPU利用率最高提升了3倍,部分业务场景下可将整机CPU利用率提升至90%。

The author sees that its off-line scheduling algorithm is also about to push, without affecting the quality of online business, the CPU utilization of the whole machine has increased by up to three times, and the CPU utilization of the whole machine can be increased to 90% under some business scenarios.

性能方面,TencentOSKernel针对计算、存储和网络子系统均经过独有的优化,例如PAGECACHELIMIT功能,限制PageCache的使用率,尽量使系统剩余的内存能够满足业务的需求;TencentOSKernel还新增多个sysctl/proc控制接口,内核启动参数等来优化用户体验。

In terms of performance, Tencent OS Kernel optimizes computing, storage, and network subsystems uniquely, such as PAGE CACHELIMIT, which limits PageCache usage and makes the system's remaining memory meet business needs as much as possible; and Tencent OS Kernel adds new sysctl\/proc control interfaces, kernel startup parameters, and more to optimize the user experience.

IT业与传统行业最大的不同,就是其背后还隐藏着侠义江湖的影子,笔者相信腾讯此次怀着巨大诚意开源的TencentOSKernel,也必将能从开源社区中,得到中肯的意见与支持。

The biggest difference between the IT industry and the traditional industry is that there is still a chivalrous shadow behind it, the author believes that Tencent this time with great sincerity and open source of Tencent OS Kernel, but also from the open source community, will be able to get pertinent advice and support.

开源是武林高手下场比武,这种不断交流切磋的过程,必将提高各门派的武功水准。在此笔者也由衷希望,腾讯今后能开源更多优质的项目,推动行业良性发展。

Open source is a martial arts master, this process of continuous exchanges and exchanges, will certainly improve the martial arts standards. In this I also sincerely hope that Tencent in the future can open source more quality projects, promote the healthy development of the industry.


相关热词搜索:

上一篇:法國研究機構亞裔高考通過率高女生成績更優秀
下一篇:没有了

分享到: