Munguva pfupi yapfuura kutangwa kwakaziviswa yeshanduro itsva yekugovera Linux "Bottlerocket 1.7.0", yakagadziridzwa nekutora chikamu kweAmazon, kumhanya midziyo yakavharirwa zvakanaka uye zvakachengeteka.
Kune avo vatsva kuBottlerocket, iwe unofanirwa kuziva kuti uku kugovera kunopa otomatiki atomu-kusvika-date indivisible system mufananidzo unosanganisira iyo Linux kernel uye yakaderera system nharaunda iyo inosanganisira chete zvinhu zvinodiwa kumhanyisa midziyo.
Nezve Bottlerocket
Nzvimbo inoshandisa systemd system maneja, Glibc raibhurari, iyo Buildroot kuvaka chishandiso, iyo GRUB boot loader, iyo sandbox runtime yekumhanya, iyo Kubernetes mudziyo orchestration chikuva, iyo aws-iam authenticator, uye Amazon ECS mumiriri.
Maturusi emidziyo yemidziyo anouya mune yakaparadzana manejimendi mudziyo unogoneswa nekusarudzika uye unotungamirwa kuburikidza neAWS SSM mumiriri uye API. Mufananidzo wepasi hauna ganda rekuraira, sevha yeSSH, uye mitauro yakadudzirwa (semuenzaniso, Python kana Perl): maturusi ekutonga uye ekugadzirisa zvinofambiswa kune imwe mudziyo webasa wakasiyana, unovharwa nekusarudzika.
Musiyano wakakosha kubva pakugovera kwakafanana seFedora CoreOS, CentOS / Red Hat Atomic Host ndiyo inonyanya kutariswa pakupa kuchengetedzwa kwakanyanya muchirevo chekusimbisa kuchengetedzwa kwehurongwa kubva kune zvinogona kutyisidzira, izvo zvinokanganisa kushandiswa kwehutera muzvikamu zvehutano hwekushanda uye kuwedzera kuparadzaniswa kwemudziyo.
Midziyo inogadzirwa uchishandisa yakajairwa Linux kernel maitiro: mapoka, mazita enzvimbo, uye seccomp. Kuti uwedzere kuparadzaniswa, kugovera kunoshandisa SELinux mu "application" mode.
Root partition yakaiswa kuverenga-chete uye kupatsanurwa ne / etc kumisikidza yakaiswa mu tmpfs uye yakadzoserwa kune yayo yekutanga mamiriro mushure mekutangazve. Kugadzirisa zvakananga mafaira mu /etc directory, zvakadai se /etc/resolv.conf uye /etc/containerd/config.toml, haitsigirwi; kuchengetedza gadziriro zvachose, unofanira kushandisa API kana kufambisa kushanda kuparadzanisa midziyo.
Nezve cryptographic verification yekuvimbika kwemudzi wechikamu, iyo dm-verity module inoshandiswa, uye kana kuyedza kugadzirisa data padanho redhijitari yakaonekwa, sisitimu inotangwazve.
Zvizhinji zvezvikamu zvehurongwa zvakanyorwa muRust, iyo inopa ndangariro-yakachengeteka maturusi ekudzivirira kusakuvara kunokonzerwa nekugadzirisa ndangariro nzvimbo mushure mekunge yasunungurwa, dereference null pointers, uye buffer mafashama.
Paunenge uchigadzira, iyo "-enable-default-pie" uye "-enable-default-ssp" mamodhi ekuunganidza anoshandiswa nekusarudzika kugonesa kugonesa kero nzvimbo (PIE) randomisation uye stack kuchengetedzwa kwekufashukira kuburikidza necanary tag substitution.
Chii chitsva muBottlerocket 1.7.0?
Mune iyi vhezheni nyowani yekugovera iyo inounzwa, imwe yekuchinja inomira pachena ndeyekuti paunenge uchiisa RPM mapakeji, inopihwa kuti igadzire runyorwa rwezvirongwa muJSON fomati uye woikwidziridza kumudziyo wekugamuchira se /var/lib/bottlerocket/inventory/application.json faira kuti uwane ruzivo nezvemapakeji aripo.
Zvakare inoratidzwa muBottlerocket 1.7.0 ndiyo kugadzirisa "admin" uye "control" midziyo, pamwe neshanduro dzepakeji uye zvinoenderana neGo uye Rust.
Kune rumwe rutivi, zvakakosha yakagadziridzwa vhezheni yemapakeji ane yechitatu-bato zvirongwa, zvakare yakagadziriswa tmpfilesd configuration issues for kmod-5.10-nvidia uye kana kuisa tuftool dependency versions dzakabatana.
Pakupedzisira kune avo vari Kufarira kudzidza zvakawanda nezvazvo nezve kugovera uku, iwe unofanirwa kuziva kuti iyo toolkit uye yekugovera kutonga zvikamu zvakanyorwa muRust uye zvakagoverwa pasi peMIT uye Apache 2.0 marezinesi.
bottlerocket inotsigira kumhanya Amazon ECS, VMware, uye AWS EKS Kubernetes masumbu, pamwe nekugadzira masikirwo ekuvaka uye editions anogonesa akasiyana orchestrations uye yekumhanyisa maturusi emidziyo.
Unogona kutarisa ruzivo, Mune inotevera chinongedzo.