Search

CN-121979617-A - Container-based Hongmon atomic service operation method based on isolation domain elastic boundary

CN121979617ACN 121979617 ACN121979617 ACN 121979617ACN-121979617-A

Abstract

The invention discloses a containerized hong atomic service operation method based on an isolation domain elastic boundary, which comprises the steps of analyzing historical operation data to obtain an association table to set an isolation boundary in a container starting stage, monitoring the whole processes of starting, process creation and the like in real time in the atomic service initialization starting stage to form a log, acquiring dynamic dependency adjustment container related configuration, periodically monitoring the state, health degree, performance parameters and consistency of the container isolation boundary of an atomic service according to the communication object elastic adjustment isolation boundary in a service operation stage, executing a differential restoration strategy according to abnormality, cooperatively adjusting equipment access, resource quota and network authority of the container according to state transition of a service foreground and background, recovering the container isolation boundary to an initial value when the atomic service exits, collecting the whole life cycle operation data and incorporating the historical operation data, and providing data support for subsequent strategy optimization.

Inventors

  • WEN YAN

Assignees

  • 北京麟卓信息科技有限公司

Dates

Publication Date
20260505
Application Date
20260403

Claims (10)

  1. 1. A containerized Hongmon atomic service operation method based on an isolation domain elastic boundary is characterized by comprising the following steps: verifying the effectiveness of the atomic service when the hong Mongolian container is started, establishing a correlation table among the dependency type, the isolation parameters, the missing configuration and the abnormal probability, and defining an isolation domain in the container to determine the isolation parameters to set an isolation boundary according to the correlation table; When the atomic service is initialized, an initialization log is formed, and dynamic dependence of the atomic service in running is obtained to modify the process naming space, map required equipment and add network route of hong Mongolian equipment; when the atomic service operates, the isolation boundary is modified according to the communication object, and when the communication object serves the local system, the corresponding target process is added into the naming space of the container process; Inputting the real-time load of the atomic service and the container resource use data into a resource prediction model to obtain a predicted value of resources required by the atomic service operation after the set time, wherein the predicted value comprises a CPU use rate and a memory use amount, and adjusting a CPU quota, a memory upper limit or a GPU scheduling priority according to the predicted value; When the atomic service performance is abnormal, the scheduling priority of the process is increased, the upper limit threshold of the resource quota is increased, the service state of the atomic service is switched to lose focus, when the container is in isolation failure, the isolation boundary is reset to be selected configuration within a set time, and the dynamic dependency configuration isolation boundary is identified when the container is restored to be in an active state, when the atomic service is dead, the container is in isolation failure, the standby container is started, the state data are synchronized, when the atomic service is changed from background operation to activation, the access to the equipment is restored, the resource quota is increased, the network port is opened, when the atomic service is changed from activation to background operation, the access to the equipment is closed, the resource quota is reduced, the network port is closed, only the UDP port is reserved, when the atomic service is withdrawn, the initial value of the isolation boundary is restored, and the operation data are added into the history operation data.
  2. 2. The method for operating the containerized HongMonte atomic service according to claim 1, wherein the method for establishing the association table among the dependency types, the isolation parameters, the missing configuration and the anomaly probability is to establish the association table by using the historical operating data of the K-means cluster analysis atomic service.
  3. 3. The method for operating a containerized simmons atomic service of claim 1, wherein the atomic service is started by monitoring a start state, adjusting a process namespace or remapping a required device based on a failure cause if a number of start failures is less than a threshold, and otherwise starting the atomic service by enabling a pre-created redundant standby container.
  4. 4. The method for operating a containerized buddhist atomic service according to claim 1, wherein for an atomic service, a service state record state transition timestamp is periodically obtained, a heartbeat packet is sent to the atomic service, the heartbeat packet is marked as a dead service when no heartbeat response is received more than a set number of times, performance parameters of the atomic service are monitored to include inter-process communication delay and user interface thread frame rate, the performance parameters are marked as abnormal performance when the performance parameters exceed a threshold, for a container where the atomic service is located, whether a mapping relation between a thread PID and a host thread PID in the container is correct or not, whether routing and port rules required for cross-domain communication exist or not are periodically monitored, whether current resource usage is within an adjusted quota range or not, and if any item is not satisfied, the container is marked as an isolation failure.
  5. 5. The method for running the container HongMonte atomic service according to claim 1, wherein the method for forming an initialization log during the initialization of the atomic service is characterized in that the whole process of the atomic service starting, the process creation, the inter-process communication and the device access is monitored in real time, the service name of the atomic service and the hong Monte device ID of the service are obtained, the system creates the process PID, the starting parameters and the service type of the process for the atomic service, the communication interface and the capability calling of the atomic service and the external device accessed by the atomic service form the initialization log by the data.
  6. 6. The method of claim 1, wherein the real-time load of atomic services includes user interface thread frame rate, cross-process call delay and service state, and the container resource usage data includes CPU usage, memory usage, disk IOPS and network throughput.
  7. 7. The method for operating the containerized HongMonte atomic service according to claim 1, wherein the resource prediction model is constructed by adopting an LSTM prediction model and consists of an input layer, an LSTM layer and a two-dimensional output full-connection layer, a training data set is constructed by adopting historical operation data, and training of the resource prediction model is completed by adopting the training data set.
  8. 8. The method for running a containerized simmons atomic service according to claim 1, wherein the isolation domain includes a core domain, a shared domain and a resource domain, wherein the core domain is a region for fixing a user namespace and isolating a system directory, the shared domain is a minimum set for configuring a process namespace, a network namespace and mapping devices, and the resource domain is a region for allocating CPU, memory and disk IO upper limits based on historical data.
  9. 9. The method for operating the containerized simmons atomic service according to claim 1, wherein the dependency type is a fault type or a device, authority and resource on which the service depends, the isolation parameter is a constraint configuration of the container, the missing configuration is a specific configuration lacking under the isolation parameter, and the abnormal probability is a probability of calculating that the atomic service fails when the missing configuration exists in the current dependency type.
  10. 10. The method of claim 1, wherein the dynamic dependencies include services, processes, devices to map, and hong-Menu devices.

Description

Container-based Hongmon atomic service operation method based on isolation domain elastic boundary Technical Field The invention belongs to the technical field of computer software development, and particularly relates to a containerized hong Monte atom service running method based on an isolation domain elastic boundary. Background OpenHarmony atomic services are used as core carriers for lightweight and distributed applications, and the operation of the atomic services depends on the bottom technical stack of a OpenHarmony operating system, and the atomic services comprise a Binder-based inter-process communication (IPC) mechanism, a distributed soft bus device discovery and data transmission protocol, a Ability framework life cycle management, dynamic resource scheduling, device resource access and the like. When OpenHarmony is deployed in a Linux environment in a container form, the container realizes isolation of resources such as processes, networks, mounts, users and the like through the namespaces of Linux kernels, and the rigid limitation of the use of the resources is realized through a control group so as to ensure the environmental independence and the safety among the containers. However, the characteristics of the atomic service and the container isolation mechanism have multi-dimensional and deep conflicts, and mainly comprise that firstly, process identification isolation conflicts exist, inter-process cooperation of the atomic service depends on consistency of global process PID, isolation of PID namespaces can lead to independent number spaces formed by the PID in the container and host PID, errors which do not exist in a target process are caused when inter-process communication call is caused, secondly, network protocol stack isolation conflicts exist, distributed soft bus dependence UDP broadcast is used for device discovery and TCP long connection is used for data transmission, isolation of the network namespaces can lead to interception of protocol packets of the cross-container or host, service discovery success rate is lower than 30%, resource demand dynamic conflicts with static limit conflicts, thirdly, static quota of atomic service easily cause contradiction between resource shortage and service blocking or resource idling and waste, fourthly, state synchronization depends on isolation conflicts with mounting, life cycle states of the atomic service need to be managed through state files and meta-energy (AbilityManagerService), isolation of the mount namespaces can lead to file invisibility, transition can cause file failure, and resource demand conflicts can be caused by five-state isolation conflicts, and the node nodes can not access the physical devices of the atomic service. The existing solution has the following limitations that the static closing isolation function can damage the isolation safety of the container, so that the authority escape risk is increased by more than 50%, the isolation exception configuration based on the preset rule can not adapt to the dynamic dependence of the atomic service, the exception rate is still up to 25%, and the modification OpenHarmony of the kernel to adapt to the container interface (such as replacing Binder to Linux IPC) can damage the system primitiveness, so that the ecological compatibility with the existing atomic service is reduced to 60%. Disclosure of Invention In view of the above, the invention provides a method for running containerized hong Mongolian atomic service based on an isolation domain elastic boundary, which covers the atomic service full life cycle monitoring service and the container, acquires resource dependence and dynamic dependence, dynamically adjusts the isolation boundary of the container in combination with the monitoring result, and realizes high-stability running of OpenHarmony atomic service in the container. The invention provides a containerized hong Monte atom service running method based on an isolation domain elastic boundary, which specifically comprises the following steps: verifying the effectiveness of the atomic service when the hong Mongolian container is started, establishing a correlation table among the dependency type, the isolation parameters, the missing configuration and the abnormal probability, and defining an isolation domain in the container to determine the isolation parameters to set an isolation boundary according to the correlation table; When the atomic service is initialized, an initialization log is formed, and dynamic dependence of the atomic service in running is obtained to modify the process naming space, map required equipment and add network route of hong Mongolian equipment; when the atomic service operates, the isolation boundary is modified according to the communication object, and when the communication object serves the local system, the corresponding target process is added into the naming space of the container process; Inputting the real-time load of the a