随着5G时代的临近,低延迟网络、AI硬件算力提升、和智能化应用快速发展,一个万物智联的时代必将到来。我们需要将智能决策、实时处理能力从云延展到边缘和IoT设备端。阿里云容器服务推出了边缘容器,支持云-边-端应用一体协同。在IoT和边缘计算场景,我们不但需要支持X86芯片也要提供对ARM架构芯片的支持。此外随着国产ARM CPU的快速发展,也需要我们在产品测提供ARM版本的容器产品支持。本文将介绍一些简单的技术来加速 ARM 容器应用的开发和测试流程。
X86环境构建ARM架构Docker镜像
今年4月24日,Docker公司与ARM公司宣布合作伙伴计划,为Docker的工具优化面向ARM平台的开发者体验。Docker开发者可以在x86桌面端为ARM设备构建容器镜像,并可将容器应用部署至云端、边缘以及物联网设备。整个容器构建流程非常简单,无需任何交叉编译步骤。
Docker Desktop 是 macOS 和 Windows平台的容器开发环境。Docker会借助宿主机操作系统的虚拟化技术,如Windows的Hyper-V和 macOS的HyperKit,来运行Docker开发环境。在最新的Docker版本中,LinuxKit作为面向容器的操作系统,增加了QEMU模拟器,可以支持ARM架构CPU。现在可以支持 arm/v6, arm/v7 和 arm64 架构应用。架构图如下:
首先安装最新edge版本的 Docker Desktop,Docker Engine版本需要大于 19.03。
在Docker Desktop中,选择 "Preference..." > "Command Line" > "Enable experimental features" 开启实验特性。
Docker新增加了 docker buildx
命令
$ docker buildx --help
Usage: docker buildx COMMAND
Build with BuildKit
Management Commands:
imagetools Commands to work on images in registry
Commands:
bake Build from a file
build Start a build
create Create a new builder instance
inspect Inspect current builder instance
ls List builder instances
rm Remove a builder instance
stop Stop builder instance
use Set the current builder instance
version Show buildx version information
Run 'docker buildx COMMAND --help' for more information on a command.
我们可以查看一下当前builder的状态
$ docker buildx ls
NAME/NODE DRIVER/ENDPOINT STATUS PLATFORMS
default * docker
default default running linux/amd64, linux/arm64, linux/arm/v7, linux/arm/v6
创建一个 mybuilder 实例,设置为默认构建器并激活ARM构建能力
$ docker buildx create --name mybuilder
mybuilder
$ docker buildx use mybuilder
$ docker buildx inspect --bootstrap
[+] Building 20.2s (1/1) FINISHED
=> [internal] booting buildkit 20.2s
=> => pulling image moby/buildkit:master 19.6s
=> => creating container buildx_buildkit_mybuilder0 0.6s
Name: mybuilder
Driver: docker-container
Nodes:
Name: mybuilder0
Endpoint: unix:///var/run/docker.sock
Status: running
Platforms: linux/amd64, linux/arm64, linux/arm/v7, linux/arm/v6
从Github获取测试应用
$ git clone https://github.com/adamparco/helloworld
$ cd helloworld
在Docker Hub创建一个测试Repository
自从Docker registry v2.3和Docker 1.10开始,Docker通过支持新的image Media 类型 manifest list 实现了Multi-architecture Docker镜像功能,支持在一个镜像中同时包含多种CPU体系架构的镜像层。
为测试应用构建多CPU体系架构镜像,包含x86, ARM 64和ARM v7支持,并推送到 Docker Hub
$ docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 -t denverdino/multiarch --push .
.
[+] Building 26.1s (31/31) FINISHED
...
=> [linux/arm64 internal] load metadata for docker.io/library/python:3.7-alpine 2.9s
=> [linux/arm/v7 internal] load metadata for docker.io/library/python:3.7-alpine 3.2s
=> [linux/amd64 internal] load metadata for docker.io/library/python:3.7-alpine 2.9s
...
=> exporting to image 22.8s
=> => exporting layers 1.0s
=> => exporting manifest sha256:f8739d2eb9f1b043e5d44e962c79d353261a257ffa6c8332b762b5d811d54c1a 0.0s
=> => exporting config sha256:528fc30a95957bf3c6c1bb4ea77793a2a484c0c5b87f3efad6bbc9dbc2df6a90 0.0s
=> => exporting manifest sha256:b52df7ab39acbe3ebb8b5d9e6a8069b9c916f1811b81aa84dd3b9dd9b4304536 0.0s
=> => exporting config sha256:9712542f20d1dd16c7332f664432a1b37c6254fefe7d4cb7806b74997467da07 0.0s
=> => exporting manifest sha256:698969718e9a316003a7fb4c2fe26216c95672e3e92372d25b01a6db5295e9e7 0.0s
=> => exporting config sha256:f636eaa8cec74fa574f99318cddd01b37a9e7c21708f94e11ae6575b34ca18f7 0.0s
=> => exporting manifest list sha256:3da22eea857f889ade3c85a2d41ed17db727385f78096e3dcf74ae039f164281 0.0s
=> => pushing layers 18.3s
=> => pushing manifest for docker.io/denverdino/multiarch:latest
我们可以在Docker Hub查看镜像信息
在Mac上面执行构建出来的镜像,
$ docker run -p5000:5000 denverdino/multiarch
* Serving Flask app "hello" (lazy loading)
* Environment: production
WARNING: Do not use the development server in a production environment.
Use a production WSGI server instead.
* Debug mode: off
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
访问 http://0.0.0.0:5000/ 可以看到当前CPU架构为 x86_64
登录到树莓派(Raspbian基于ARMv7),执行如下命令,运行同样的容器镜像
pi@raspberrypi:~ $ docker run -p5000:5000 denverdino/multiarch
* Serving Flask app "hello" (lazy loading)
* Environment: production
WARNING: Do not use the development server in a production environment.
Use a production WSGI server instead.
* Debug mode: off
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
打开浏览器访问 raspberrypi:5000
,可以看到当前CPU架构为 armv7l
X86环境执行ARM架构Docker镜像
我们首先构建一个ARMv7版本的镜像
docker buildx build --platform linux/arm/v7 -t denverdino/multiarch:armv7 --push .
[+] Building 67.9s (13/13) FINISHED
...
=> => pushing layers 8.5s
=> => pushing manifest for docker.io/denverdino/multiarch:armv7
Linux 内核中 binfmt_misc 允许注册一个“解释器”,在运行可执行文件的时候调用自定义解释器。Linux 4.8 版本在 binfmt_misc
中增加了 F flag
使内核可以在配置时加载解释器而非在运行时 Lazy load,通过这个方法我们可以利用一个容器来注册和运行ARM指令集的解释器。
$ docker run --rm --privileged npmccallum/qemu-register
在Mac上运行如下命令,无需任何修改就可以启动一个ARM镜像
$ docker run -p5000:5000 denverdino/multiarch:armv7
* Serving Flask app "hello" (lazy loading)
* Environment: production
WARNING: Do not use the development server in a production environment.
Use a production WSGI server instead.
* Debug mode: off
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
访问 http://0.0.0.0:5000/ , 可以看到当前CPU架构变成为 armv7l。意外不意外?惊不惊喜?:-)
总结
利用容器、操作系统和虚拟化技术,我们可以轻松在X86平台构建和测试ARM应用,简化了多CPU体系架构应用的支持。
参考
https://engineering.docker.com/2019/04/multi-arch-images/
http://collabnix.com/building-arm-based-docker-images-on-docker-desktop-made-possible-using-buildx/