背景
Dragonfly是一個基於P2P的智能文件分發系統,用於解決大規模文件分發場景下分發耗時、成功率低、帶寬浪費等難題。大幅提升發佈部署、數據預熱、大規模容器鏡像分發等業務能力。為了提高容器鏡像分發能力,我們選擇了Dragonfly。
本文主要基於Dragonfly來介紹一下:配合Harbor如何搭建自己的支持P2P的鏡像倉庫服務(文件系統分發本文不做介紹)。
特 性
基於P2P文件分發
支持各種容器化技術
主機級別限速策略
利用CDN機制避免遠程重複下載
強一致性
-
磁盤保護,高效的IO處理
高性能
異常自動隔離
降低文件來源服務器壓力
支持標準的Http Header
使用簡單
架構介紹
整體流程
block下載過程
流程解析:
當執行docker pull操作時,dfget-proxy會攔截docker pull請求。將請求轉發給CM(cluster manager)。
cm的地址已經在client主機的/etc/dragonfly.conf文件中配置好了。另外上文中提到的dfget-proxy其實就是df-daemon。Dragonfly中有三個項目,client端:getter(python)、daemon(golang),docker pull時,df-daemon攔截到請求並通過dfget進行文件拉取,server端:supernode(java)。
df-daemon啟動的時候帶了registry參數,並且通過dfget傳給服務端supernode。supernode解析參數到對應的鏡像倉庫獲取鏡像並以block的形式返回給客戶端。如果再次拉取鏡像時,supernode就會檢測哪一個client存在和鏡像文件對應的block,如果存在直接從該client下載,如果不存在就通過server端到鏡像倉庫拉取鏡像。
安 裝
install server
Dragonfly官方支持基於Docker和Physical Machine兩種方案部署server。為了快速搭建,本文基於Docker的方式來安裝server。也可參考官方文檔進行安裝
1.clone
git clone https://github.com/alibaba/Dragonfly.git
2. build image
cd dragonfly
docker build -t "dragonfly:supernode" . -f ./build/supernode/Dockerfile
3.run dragonfly container
docker run -d -p 8001:8001 -p 8002:8002 dragonfly:supernode
由於基於源碼構建的鏡像比較大,比較耗時。為了使用方便,我基於源碼構建了一個公有的鏡像置於阿里雲鏡像倉庫服務器.不想自己構建鏡像的小夥伴可以直接使用如下方式啟動server。
docker run -d -p 8001:8001 -p 8002:8002 --restart=always registry.cn-hangzhou.aliyuncs.com/p2p-service/dragonfly-server
install client
1.下載
wget https://github.com/alibaba/Dragonfly/raw/master/package/df-client.linux-amd64.tar.gz
tar -zxvf df-client.linux-amd64.tar.gz -C install
install為解壓的目錄,稍後會將這個目錄添加到環境變量。
2.設置環境變量path
echo $SHELL (get which shell using, current shell is bash)
source ~/.bashrc
vi ~/.bashrc
退出vi並執行以下命令
將下面的設置添加到~/.bashrc文件末
PATH=$PATH:xxx/xxx/install/df-client
3.驗證df-client安裝是否正確
dfget -husage: dfget [-h] [--url URL] [--output OUTPUT] [--md5 MD5] [--callsystem CALLSYSTEM] [--notbs] [--locallimit LOCALLIMIT] [--totallimit TOTALLIMIT] [--identifier IDENTIFIER] [--timeout TIMEOUT] [--filter FILTER] [--showbar] [--pattern {p2p,cdn}] [--version] [--node NODE] [--console] [--header HEADER] [--dfdaemon]dragonfly is a file distribution system based p2poptional arguments: -h, --help show this help message and exit
--output OUTPUT, -O OUTPUT, -o OUTPUT
--url URL, -u URL will download a file from this url
Harbor搭建
基於在線方式的安裝, 本文采用http的方式配置Harbor。Harbor版本為1.2.2
1.下載
wget https://github.com/vmware/harbor/releases/download/v1.2.2/harbor-online-installer-v1.2.2.tgz
tar -zxvf harbor-online-installer-v1.2.2.tgz -C install
2.修改配置
cd install/harbor
vi harbor.cfghostname=xx.xx.xx.xx //設置為當前主機ip
3.安裝並啟動harbor服務
sh install.sh
服務啟動以後,如果需要管理Harbor服務的生命週期,可以直接通過docker-compose來管理
git clone https://github.com/alibaba/Dragonfly.git
說明: 執行以上腳本做了一下幾件事情
根據harbor.cfg配置和template模板生成對應的配置文件到common目錄下
調用docker-compose up -d 啟動harbor相關服務。第一執行會自動下載相關鏡像
4.直接訪問 http://xx.xx.xx.xx 默認賬號為 admin:Harbor12345
使用指南
1.在client主機上通過配置文件指定CM(cluster manager)節點
vi /etc/dragonfly.conf內容:
[node]address=cm node host ip
2.由於當前Dragonfly暫不支持harbor認證。如果按照官網配置"configure daemon mirror"來拉取鏡像會提示授權失敗。為了繞過這個問題可以採用docker proxy的方式來解決。具體步驟如下:
(1)vi /etc/systemd/system/docker.service.d/http-proxy.conf,沒有該文件就直接創建該文件。通過添加proxy,在拉取鏡像時將會通過下面的配置地址轉發到目標機。
[Service]
Environment="HTTP_PROXY=http://127.0.0.1:65001"
(2)更新變更
systemctl daemon-reload
(3)驗證配置是否生效
systemctl show --property=Environment docker
Environment=GOTRACEBACK=crash DOCKER_HTTP_HOST_COMPAT=1 PATH=/usr/libexec/docker:/usr/bin:/usr/sbin HTTP_PROXY=http://127.0.0.1:65001
輸出:
3.在client機上添加harbor的insecure地址
(1)vi /etc/docker/daemon.json
把harbor地址添加到標紅模塊處
(2)重啟docker
systemctl restart docker
4.驗證inscure是否生效
docker login --username=admin xx.xx.xx.xx
登錄成功說明inscure設置生效。
5.啟動client服務
df-daemon --registry http://xx.xx.xx.xx
6.驗證
1.tcpdump -i lo port 65001
2. docker pull xx.xx.xx.xx/repo/image:tag //拉取鏡像
效果(有數據經過65001端口):
09:56:54.380443 IP localhost.56894 > localhost.65001: Flags [P.], seq 1:1762, ack 1, win 342, options [nop,nop,TS val 3956769309 ecr 3956769308], length 176109:56:54.380466 IP localhost.65001 > localhost.56894: Flags [.], ack 1762, win 1365, options [nop,nop,TS val 3956769309 ecr 3956769309], length 009:56:54.412983 IP localhost.65001 > localhost.56894: Flags [P.], seq 1:4097, ack 1762, win 1365, options [nop,nop,TS val 3956769341 ecr 3956769309], length 409609:56:54.413001 IP localhost.56894 > localhost.65001: Flags [.], ack 4097, win 1365, options [nop,nop,TS val 3956769341 ecr 3956769341], length 009:56:54.413022 IP localhost.65001 > localhost.56894: Flags [P.], seq 4097:4352, ack 1762, win 1365, options [nop,nop,TS val 3956769341 ecr 3956769341], length 25509:56:54.413029 IP localhost.56894 > localhost.65001: Flags [.], ack 4352, win 1429, options [nop,nop,TS val 3956769341 ecr 3956769341], length 009:56:54.413049 IP localhost.65001 > localhost.56894: Flags [F.], seq 4352, ack 1762, win 1365, options [nop,nop,TS val 3956769341 ecr 3956769341], length 009:56:54.413192 IP localhost.56894 > localhost.65001: Flags [F.], seq 1762, ack 4353, win 1429, options [nop,nop,TS val 3956769341 ecr 3956769341], length 009:56:54.413212 IP localhost.65001 > localhost.56894: Flags [.], ack 1763, win 1365, options [nop,nop,TS val 3956769341 ecr 3956769341], length 009:56:54.413791 IP localhost.56896 > localhost.65001: Flags [S], seq 2279785798, win 43690, options [mss 65495,sackOK,TS val 3956769342 ecr 0,nop,wscale 7], length 016:35:45.400349 IP localhost.65001 > localhost.56896: Flags [S.], seq 127072263, ack 2279785799, win 43690, options [mss 65495,sackOK,TS val 3956769342 ecr 3956769342,nop,wscale 7], length 009:56:54.413819 IP localhost.56896 > localhost.65001: Flags [.], ack 1, win 342, options [nop,nop,TS val 3956769342 ecr 3956769342], length 009:56:54.413984 IP localhost.56896 > localhost.65001: Flags [P.], seq 1:374, ack 1, win 342, options [nop,nop,TS val 3956769342 ecr 3956769342], length 37309:56:54.413995 IP localhost.65001 > localhost.56896: Flags [.], ack 374, win 350, options [nop,nop,TS val 3956769342 ecr 3956769342], length 009:56:54.444136 IP localhost.65001 > localhost.56896: Flags [P.], seq 1:1230, ack 374, win 350, options [nop,nop,TS val 3956769372 ecr 3956769342], length 122909:56:54.444153 IP localhost.56896 > localhost.65001: Flags [.], ack 1230, win 1365, options [nop,nop,TS val 3956769372 ecr 3956769372], length 009:56:54.444180 IP localhost.65001 > localhost.56896: Flags [F.], seq 1230, ack 374, win 350, options [nop,nop,TS val 3956769372 ecr 3956769372], length 009:56:54.444360 IP localhost.56896 > localhost.65001: Flags [F.], seq 374, ack 1231, win 1365, options [nop,nop,TS val 3956769373 ecr 3956769372], length 009:56:54.444379 IP localhost.65001 > localhost.56896: Flags [.], ack 375, win 350, options [nop,nop,TS val 3956769373 ecr 3956769373], length 009:56:54.444695 IP localhost.56898 > localhost.65001: Flags [S], seq 3831704766, win 43690, options [mss 65495,sackOK,TS val 3956769373 ecr 0,nop,wscale 7], length 016:37:58.544366 IP localhost.65001 > localhost.56898: Flags [S.], seq 3015556728, ack 3831704767, win 43690, options [mss 65495,sackOK,TS val 3956769373 ecr 3956769373,nop,wscale 7], length 009:56:54.444718 IP localhost.56898 > localhost.65001: Flags [.], ack 1, win 342, options [nop,nop,TS val 3956769373 ecr 3956769373], length 009:56:54.444835 IP localhost.56898 > localhost.65001: Flags [P.], seq 1:1692, ack 1, win 342, options [nop,nop,TS val 3956769373 ecr 3956769373], length 169109:56:54.444849 IP localhost.65001 > localhost.56898: Flags [.], ack 1692, win 1365, options [nop,nop,TS val 3956769373 ecr 3956769373], length 009:56:54.477140 IP localhost.65001 > localhost.56898: Flags [P.], seq 1:4097, ack 1692, win 1365, options [nop,nop,TS val 3956769405 ecr 3956769373], length 409609:56:54.477158 IP localhost.56898 > localhost.65001: Flags [.], ack 4097, win 1365, options [nop,nop,TS val 3956769405 ecr 3956769405], length 009:56:54.477172 IP localhost.65001 > localhost.56898: Flags [P.], seq 4097:4352, ack 1692, win 1365, options [nop,nop,TS val 3956769405 ecr 3956769405], length 255
如果要看日誌可以在根目錄.small-dragonfly/logs下查看
閱讀更多 睿雲智合Wise2C 的文章
