Bottlerocket 1.0.0, distro Amazon dabere na igbe mkpuchi

Ebe mgbaba

Febọchị ole na ole gara aga Amazon weputara mwepu nke mbụ ịrịba version nke Ihe mkpuchi mgbanaka 1.0.0, nke bụ nkesa Linux pụrụ iche e mere iji na-agba ọsọ ndị dịpụrụ adịpụ rụọ ọrụ nke ọma na n'enweghị nsogbu.

Sistemụ arụmọrụ A haziri ya iji rụọ ọrụ na Amazon ECS na AWS EKS Kubernetes ụyọkọ. A na-enye ngwa ọrụ maka ịmepụta mgbakọ na patch nke gị, nke ndị ọzọ na-eji oge arụ ọrụ, kernel, na orchestration.

Nkesa na-enye Linux kernel na ntakịrị usoro gburugburu ebe obibi, que na-agụnye naanị ihe akụrụngwa chọrọ iji rụọ akpa.

Otu n'ime ngwungwu ndị metụtara ọrụ a bụ onye njikwa sistemụ sistemụ, Glibc na ọba akwụkwọ, ụlọ ọrụ mgbakọ nke Buildroot, GRUB network ọjọọ bootloader configurator, oge maka ihe ndị dịpụrụ adịpụ na akpa, usoro ihe nkiri Kubernetes Container Authenticator aws-iam-authenticator agent na Amazon ECS.

A na-emelite nhazi ahụ n'ụzọ atọm ma wepụta ya dị ka onyonyo sistemu a na - ekewasị. E kenyere akụkụ diski abụọ maka sistemụ ahụ, otu n'ime ha nwere sistemu arụmọrụ ma melite mmelite ahụ na nke abụọ.

Ozugbo emejuputara mmelite ahụ, a na-arụ ọrụ nke abụọ, na nke mbụ, ruo mgbe mmelite ọzọ ga-abịarute, a na-echekwa ụdị nke sistemụ gara aga, nke enwere ike ịlaghachi na ya ma ọ bụrụ na enwere nsogbu. A na-etinye mmelite na akpaghị aka na-enweghị ntinye aka nchịkwa.

Isi ihe dị iche na nkesa ndị yiri ya dị ka Fedora CoreOS, CentOS / Red Hat Atomic Host bụ isi na-elekwasị anya n'ịhụ oke nchekwa n'ihe metụtara nchebe nchebe megide ihe egwu nwere ike, na-eme ka nrigbu nke enweghị ike na arụmọrụ sistemụ arụmọrụ yana ikewapụ akpa iwe.

A na-eji ihe eji emepụta Linux kernel eme ihe n'ime akpa: cgroups, aha oghere, na seccomp. Maka iche iche, nkesa na-eji SELinux na "ngwa" mode na dm-verity modul a na-eji maka nyocha cryptographic nke iguzosi ike n'ezi ihe nke mgbọrọgwụ nkebi.

Ọ bụrụ na achọpụtara iji gbanwee data na ọkwa ngwaọrụ ngọngọ, usoro ahụ ga-amaliteghachi.

Mgbọrọgwụ nkebi na-n'ịnyịnya na-agụ-na na nhazi nhazi / wdg etinyere na tmpfs ma weghachite ya na steeti ya na reboot.

A naghị akwado ndezi faịlụ na ndekọ ndekọ / wdg, dị ka /etc/resolv.conf na /etc/containerd/config.toml, iji chekwaa nhazi ahụ kpamkpam, jiri API, ma ọ bụ bugharịa arụmọrụ iji kewaa akpa.

Edere ọtụtụ akụkụ sistemu na asụsụ nchara, nke na-enye ụzọ iji chekwaa ncheta nchekwa iji zere adịghị ike nke ịnweta site na ebe nchekwa mgbe emechara ya, deferencing null pointers, na jubiga ókè nchekwa.

Mgbe ị na-achịkọta, a na-eji usoro mmechi "-enable-default-pie" na "-enable-default-ssp" rụọ ọrụ iji rụọ ọrụ iji rụọ ọrụ nke oghere adreesị a ga - ewepụ (PIE) ma chebe onwe ya site na iji akara Canary .

Maka nchịkọta edere na C / C ++, ọkọlọtọ "-Wall", "-Werror = format-nche", "-Wp, -D_FORTIFY_SOURCE = 2", "-Wp, -D_GLIBCXX_ASSERTIONS" na "-fstack-clashes - nchedo ".

Ngwa egwu Site na arịa zigara na akpa njikwa dị iche nke enyere ndabara ma jikwaa ya site n'aka ndi AWS SSM na API.

Ihe oyiyi ahụ enweghị shei iwu, ihe nkesa SSH, ma sụgharịa asụsụ (dịka ọmụmaatụ, enweghị Python ma ọ bụ Perl) - a na-akwaga ngwaọrụ ndị nchịkwa na ngwaọrụ debugging na akpa ọrụ dị iche, nke nwere nkwarụ n'ụzọ ndabara.

Nweta Bottlerocket 1.0.0

Edere nkesa yana ihe nchịkwa nkesa na Rust ma kesaa ya n'okpuru ikikere MIT na Apache 2.0. A na-arụ ọrụ ahụ na GitHub ọ dịkwa maka isonye obodo.

A na-ewepụta onyonyo usoro maka x86_64 na Aarch64 architectures.

Maka ozi ndị ọzọ, ị nwere ike ịkpọ njikọ na-esonụ. 


Bụrụ onye mbụ ịza ajụjụ

Hapu okwu gi

Adreesị email gị agaghị bipụtara. Chọrọ ubi na-akara na *

*

*

  1. Na-ahụ maka data: AB Internet Networks 2008 SL
  2. Nzube nke data: Nchịkwa SPAM, njikwa okwu.
  3. Ikike: Nkwenye gị
  4. Nkwurịta okwu nke data: Agaghị agwa ndị ọzọ data ahụ ma ọ bụghị site na iwu.
  5. Nchekwa data: Ebe nchekwa data nke Occentus Networks (EU) kwadoro
  6. Ikike: Oge obula inwere ike igbachi, weghachite ma hichapụ ihe omuma gi.