Mazuva mashoma apfuura Amazon yakaburitsa kuburitswa kwe yekutanga yakakosha vhezheni ye Bottlerocket 1.0.0, inova yakasarudzika Linux kugovera yakagadzirirwa kumhanyisa midziyo yakasarudzika zvakanaka uye zvakachengeteka.
The operating system Iyo yakagadzirirwa kumhanya paAmazon ECS uye AWS EKS Kubernetes masumbu. Zvishandiso zvinopihwa kuti ugadzire ako ega magungano uye zvigamba, izvo zvinogona kushandiswa neimwe midziyo nguva yekumhanya, kernel, uye orchestration maturusi.
Kugovera kunopa Linux kernel uye diki system nharaunda, , que inosanganisira chete izvo zvinodiwa kuti umhanye midziyo.
Pakati pemapakeji aibatanidzwa muchirongwa chaive systemd system maneja, iyo Glibc kuraibhurari, iyo Buildroot gungano maturusi, GRUB network yakaipa bootloader configurator, iyo nguva yekumhanyisa yezvimedu zvakasara mumidziyo, iyo orchestration chikuva Kubernetes Container Authenticator aws-iam-authenticator mumiriri uye Amazon ECS.
Iyo dhizaini inogadziridzwa neatomiki uye inounzwa seyakajeka system mufananidzo. Zvikamu zviviri zve disk zvakapihwa iyo sisitimu, imwe yacho iine inoshanda system uye iyo yekudzokorora inoteedzerwa kune yechipiri.
Kana iko kugadzirisa kwangoitwa, chikamu chechipiri chashandurwa, uye chekutanga, kudzamara rinotevera rinouya, vhezheni yapfuura yesystem ichengetedzwa, kwainogona kudzoserwa kana paine matambudziko. Mhinduro dzinoiswa otomatiki pasina maneja kupindira.
Musiyano wakakosha kubva kune zvakagoverwa zvakafanana seFedora CoreOS, CentOS / Red Hat Atomic Host ndiyo inonyanya kukoshesa kuverengera zvakanyanya kuchengetedzeka mune yekusimbisa kuchengetedzwa yeiyo system kurwisa kutyisidzira kunogona kuitika, kuomesa kushandiswa kwekushomeka muzvinhu zvehurongwa hwekushandisa uye kuwedzera kusarudzika kwemidziyo.
Midziyo inogadzirwa uchishandisa yakajairwa Linux kernel nzira: mapoka, namespaces, uye seccomp. Zvekuwedzera kuzviparadzanisa, kugovera kunoshandisa SELinux mu "application" modhi uye iyo dm-chokwadi module inoshandiswa pakujekesa cryptographic yechokwadi chekuparadzanisa midzi.
Kana kuyedza kushandura data kukaonekwa padanho rekuvharira mudziyo, iyo system inotangazve.
Iyo midzi yekuparadzanisa yakaiswa kuverenga-chete uye iyo / etc yekumisikidza partition yakaiswa mu tmpfs uye yakadzoreredzwa kune yayo yekutanga mamiriro pane reboot.
- Direct modification yemafaira mu / etc dhairekitori haina kutsigirwa, senge /etc/resolv.conf uye /etc/containerd/config.toml, kuchengetedza zvachose kumisikidzwa, shandisa API, kana kufambisa mashandiro kupatsanura midziyo.
Mazhinji ezvikamu zvehurongwa zvakanyorwa mumutauro weRust, iyo inopa nzira yechengetedzo yekurangarira yekudzivirira kudzivirira kusagadzikana kunokonzerwa nekuwana nzvimbo yekurangarira mushure mekusunungurwa, kuregedza kunongedzera null, uye kufashukira iyo buffer miganho.
Kana uchinyora, iyo "- inogoneka-default-pie" uye "- inogoneka-default-ssp" nzira dzekuumbiridza dzinoshandiswa nekumisikidza kuita kuti iratidzike yenzvimbo inoitisa kero (PIE) uye kudzivirira pakuramba kufashukira nekushandisa kutsiviwa kweCanary mavara .
Zvemapakeji akanyorwa muC / C ++, mireza "-Wall", "-Werror = fomati-chengetedzo", "-Wp, -D_FORTIFY_SOURCE = 2", "-Wp, -D_GLIBCXX_ASSERTIONS" uye "-ststack-clash - kuchengetedzwa ".
Zvishandiso zveOrchestration Kubva mumidziyo anotumirwa mune rakasiyana manejimendi mudziyo iyo inogoneswa nekutadza uye inotarisirwa kuburikidza neAWS SSM mumiriri uye API.
Mufananidzo wepasi unoshaya rairaira shell, SSH server, uye mitauro inodudzirwa (semuenzaniso, hapana Python kana Perl) - maturusi ekushandisa uye ekugadzirisa madhiragi anoendeswa kune rakasiyana masevhisi mudziyo, iyo yakaremara nenzira yakasarudzika.
Tora Bottlerocket 1.0.0
Ose ari maviri ekuparadzira pamwe nezvikamu zvekudzivirira zvekuparadzira zvakanyorwa muRust uye zvinogoverwa pasi peMIT neApache 2.0 marezinesi. Iyo purojekiti iri kuvandudzwa paGitHub uye inowanikwa mukutora chikamu kwenharaunda.
Iyo system yekuendesa mufananidzo inogadzirwa iyo x86_64 uye Aarch64 zvivakwa.
Kuti uwane rumwe ruzivo, unogona kubvunza chinotevera chinongedzo.