What is Torcx?(Torcx到底是什么?)
Torcx is a new boot-time addon manager designed specifically for Container Linux.
- Torcx是特意为CoreOS容器操作系统设计的新型系统启动时插件管理器。
At the most basic level, it is a tool for applying ephemeral changes to an immutable system during early boot.
- 它最基本的功能,就是在一个不可变系统在启动初期做一些短暂的修改。
This includes providing third-party binary addons and installing systemd units, which can vary across environments and boots.
- 这些修改包含提供第三方二进制插件,以及安装systemd units服务,根据环境和引导不同而不同。
On every boot, Torcx reads its configuration from local disk and propagates specific assets provided by addon packages (which must be available in local stores).
- 在每次系统启动时,Torcx从本地磁盘读取自己的配置,并且根据插件包增加特定的资产文件目录(插件包必须存在本地存储)。
Torcx overview(概览)
Torcx complements both the Ignition provisioning utility and systemd.
Torcx实现了Ignition和systemd两种方式。
Torcx allows customization of Container Linux systems without requiring the compilation of custom system images.
- Torcx允许没有编译系统镜像就能定制容器操作系统。
This goal is achieved by following two main principles: customizations are ephemeral, and they are applied exactly once per boot. Torcx also has a very simple design, with the aim of providing a small low-level system utility which can be driven by more advanced and higher-level tools.
- 完成这个目标主要通过遵循两条原则:1、定制是短暂的;2、每次启动就会应用定制内容。Torcx也有一种非常简单的设计,以提供一个能被更高级的工具驱动的小的低级系统工具。
Torcx execution model and systemd generators(Torcx执行模型和systemd生成器)
Early in the boot process, execution starts in a minimal initramfs environment where systemd, Ignition, and other boot utilities run.
- 在启动进程的早期,torcx在一个最小initramfs环境启动,systemd、Ignition以及其他启动工具都在该环境下运行。
Once up, execution continues by pivoting into the real root file system and by running all systemd generators, including the main torcx component,
- 一旦启动,torcx执行器通过运行所有的systemd生成器,包括最主要的torcx组件,转变成真正的根文件系统继续运行。
torcx-generator. torcx-generator runs serially before any other service starts to guarantee it does not race with other startup processes.
- torcx生成器:torcx生成器在所有service启动前持续运行,确保它不会与其他启动进程竞争。
However, this restricts Torcx to using only local resources. Torcx cannot access configuration or addons from remote file systems or network locations.
- 但是这样会限制Torcx只能使用本地资源,而不能使用远程的文件系统或者网络资源。
Profiles and addons
Torcx customizations are applied via local addon packages, which are referenced by profiles. Addons are simple tar-gzipped archives containing binary assets and a manifest. A user profile (upper profile) can be supplied by the administrator to be merged on top of hard-coded vendor and OEM profiles (lower profiles). Torcx will take care of computing and applying the resulting list of addons on the system.
- Torcx定制通过本地插件包应用,在profile里被引用。插件就是包含二进制资产文件和清单文件的tar.-gzip包。用户的Profile可以由管理员提供,用于合并到硬编码提供商和OEM profile的上层。Torcx会计算出插件清单并应用到系统上。
Boot-time customizations(启动时定制)
Torcx guarantees that customizations are applied at most once per boot, before any other service has been considered for startup.
- Torcx确保定制内容在开机启动最多只会被应用一次,并且是在其它服务启动之前。
This provides a mechanism to customize most aspects of a Container Linux system in a reliable way, and avoids runtime upgrading/downgrading issues.
- 这样便能以可靠方式提供一种可以定制容器操作系统各个方面的机制,并可以避免运行时更新/下载的问题。
Changes applied by Torcx are not persisted to disk, and therefore last exactly for the lifetime of a single boot of an instance.
- Torcx应用的变更不会持久化到磁盘,只会存在于一个系统启动的生命周期。
By the same token, this should be read as a warning against abusing Torcx in the role of a general purpose container, service, or package manager. Torcx’s boot-transient model consumes memory with each addon, and, worse, would require system reboots for even simple upgrades.
- 出于这种原因,应该理解为这是不能滥用Torcx的警告,比如使用于容器、service或者包管理器。Torcx瞬时启动模型会因为每一个插件消耗内存,并且,更糟糕的时,每次简单的更新都会重启系统。
Further design details (长远设计细节)
For further details on design and goals, Torcx repository contains extensive developer documentation.