[go: up one dir, main page]

WO2019127971A1 - Image synchronization method for image registry, system, device, and storage medium - Google Patents

Image synchronization method for image registry, system, device, and storage medium Download PDF

Info

Publication number
WO2019127971A1
WO2019127971A1 PCT/CN2018/082251 CN2018082251W WO2019127971A1 WO 2019127971 A1 WO2019127971 A1 WO 2019127971A1 CN 2018082251 W CN2018082251 W CN 2018082251W WO 2019127971 A1 WO2019127971 A1 WO 2019127971A1
Authority
WO
WIPO (PCT)
Prior art keywords
mirror
warehouse
data access
access request
proxy server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/082251
Other languages
French (fr)
Chinese (zh)
Inventor
刘俊杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Publication of WO2019127971A1 publication Critical patent/WO2019127971A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Definitions

  • the present application relates to the field of Docker technology, and in particular, to a mirror synchronization method, system, device and storage medium of a mirror warehouse.
  • Docker (Docker Is an open source application container engine that allows developers to package their applications and dependencies into a portable container and then publish them to any popular Linux On the machine, virtualization can also be implemented.
  • the container technology provided allows several containers to be run on the same host or virtual machine, each container being a separate virtual environment or application.
  • Container from Docker Image which can be generated by the user or submitted by the running container. After the image is generated, it can be pushed to the image repository for saving, or pulled from the mirror repository. Go to the local to run the container.
  • Docker provides an official image repository (Docker hub), while allowing users to build their own private image repository (private Registry). For most organizations and organizations, it is necessary to use a private image repository to protect the mirrored content and use of the repository.
  • Mirrors are stored in the file system as tiered storage. Different images may share some layers to save storage space. For warehouse construction involving multi-regional user access, mirror synchronization is a must-have when unified management of the image is required to ensure that the scope of the image used by the user is not limited to a certain area.
  • Mirror synchronization can be implemented by multiple schemes, one of which is shared storage, that is, a registry of multiple areas mounts a shared network storage disk, so that each time a mirror is pushed to a certain area of the registry. All the warehouses are immediately synchronized. However, sometimes the multi-region registry cannot share storage, and the networks between the regions cannot access each other, that is, the regions are isolated.
  • the present application provides a mirror synchronization method, system, device and storage medium for a mirror warehouse, which mainly solves the problem that the existing Docker images cannot be synchronized in real time.
  • a mirror synchronization method for a mirror warehouse comprising the following steps:
  • the host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area;
  • the cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror pull request When you pull the required image from the cloud management area warehouse to the available area.
  • the method before the step of the host client in the available area to initiate a data access request to the cloud management area warehouse by using the proxy server of the available area, the method further includes:
  • the step of the host client in the available area initiating a data access request to the cloud management area warehouse by using the proxy server of the available area includes:
  • the host client in the available zone accesses the proxy server of the available zone through the domain name;
  • the proxy server performs secure transport layer protocol authentication according to the domain name, and sends the data access request of the host client to the cloud management area warehouse after the verification is passed.
  • the cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server, and determining data access
  • the steps of pulling the required image from the cloud management area repository to the available area include:
  • the cloud management area warehouse receives a data access request sent by the proxy server and parses the data access request;
  • the host client of the available area is notified to push the image to the cloud management area warehouse through the proxy server; if the data access request is a mirror pull request, the image required by the request is searched, and the request is sent.
  • the proxy server pulls the image into the host client of the Availability Zone where the proxy server is located.
  • the mirror synchronization method of the mirror warehouse further includes:
  • the proxy server When the proxy server pushes the image to the cloud management area warehouse or the cloud management area warehouse to pull the image to the proxy server, the proxy server analyzes the size of the mirrored data, and prompts the mirror transmission failure when the mirrored data is larger than the upper limit of the data size preset by the proxy server. .
  • the number of the available areas is at least one, and each of the available areas is deployed with a set of proxy servers.
  • the domain name, certificate, and key of the proxy server for each Availability Zone are the same.
  • a mirror synchronization system of a mirror warehouse includes:
  • a host client and a proxy server, the host client being configured to initiate a data access request to the cloud management area repository through the proxy server of the available area;
  • the cloud management area warehouse is configured to parse the data access request, and when determining that the data access request is a mirror push request, notify the host client of the available area to push the image to the cloud management area warehouse through the proxy server; and determine that the data access request is When the image pull request is requested, the required image is pulled from the cloud management area repository to the available area for sending the request.
  • the host client is further configured to receive a mirroring event initiated by a user terminal of an available area where the host client is located, and generate a data access request according to the mirroring time, where the mirroring event includes Mirror push events and image pull events.
  • the proxy server is specifically configured to perform a secure transport layer protocol authentication according to the domain name when the host client accesses the proxy server of the available area through the domain name, and the host client is verified after the verification is passed.
  • the data access request of the end is sent to the cloud management area warehouse.
  • a mirror synchronization device of a mirrored warehouse comprising a processor, a memory, and a mirror synchronization program stored on the memory and executable by the processor, the image synchronization program being When executed, implement the following steps:
  • the host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area;
  • the cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror pull request When you pull the required image from the cloud management area warehouse to the available area.
  • a storage medium storing a mirror synchronization program, the mirror synchronization program being executed by a processor, implementing the following steps:
  • the host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area;
  • the cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror pull request When you pull the required image from the cloud management area warehouse to the available area.
  • the present application discloses a mirror synchronization method, system, device and storage medium of a mirror warehouse, and a host client of an available area initiates a data access request to a cloud management area warehouse through a proxy server of the available area; and then, the cloud management area warehouse parses the data. Accessing the request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; when determining that the data access request is a mirror pull request, the cloud management area warehouse Pull the desired image into the Availability Zone.
  • the present invention uniformly manages the mirroring of the available area by setting a centralized mirror warehouse in the cloud management area, so that no cross-area mirror synchronization is required, and various problems caused by other methods for synchronous mirroring are avoided. It does not cause the problem that the mirrored by the available area mirror library is not sent out, and only a mirrored warehouse is deployed in the cloud management area. Only one proxy server needs to be deployed in each available area, which saves deployment costs.
  • FIG. 1 is a flowchart of a preferred embodiment of a mirror synchronization method of a mirrored warehouse provided by the present application
  • step S100 is a flowchart of a preferred embodiment of step S100 in the mirror synchronization method of the mirrored warehouse provided by the present application;
  • step S200 is a flowchart of a preferred embodiment of step S200 in the mirror synchronization method of the mirrored warehouse provided by the present application;
  • FIG. 4 is a functional block diagram of a mirror synchronization system of a mirror warehouse provided by the present application.
  • the present application provides a mirror image synchronization method and system for a mirrored warehouse.
  • the objects, technical solutions, and advantages of the present application will be more clearly and clarified, and the present application will be further described in detail below with reference to the accompanying drawings. It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting.
  • FIG. 1 is a flowchart of a preferred embodiment of a mirror synchronization method of a mirrored warehouse provided by the present application.
  • the mirror synchronization method of the mirror warehouse according to the preferred embodiment of the present application has the following steps:
  • the host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area.
  • a cloud management area and a plurality of available areas are set in the system, and the cloud management area is a centralized management area, and a cloud management area warehouse is deployed in the cloud management area, and is configured to manage all the mirrors, and each available area passes the proxy.
  • the server accesses the cloud management area warehouse, wherein each of the available areas is deployed with a set of proxy servers, and the host client of an available area can only access the cloud management area warehouse through the proxy server of the available area, wherein the proxy server is an Nginx proxy server.
  • Each available area can be set in different locations, such as Beijing, Shanghai, and Shenzhen.
  • Each available area can communicate with the cloud management area, but each available area is isolated from each other. This application does not have a mirror in each available area.
  • the proxy server is set in each available area, and the host clients of each available area access the cloud management area warehouse through the proxy server, thereby realizing the unified management of the mirror, so no cross-region mirror synchronization is required, and the deployment is saved. Cost, and does not result in mirroring due to the original Availability Zone Image Repository Issue caused the problem can not be synchronized.
  • the method further includes: receiving, by the host client in the available area, a mirroring event initiated by the user terminal of the available area, and generating a data access request according to the mirroring time, wherein the mirroring event includes a mirroring push event and Mirror pull event.
  • the user terminal initiates a mirroring event to the host client in the available area, specifically, pushing the image to the host user of the available area or initiating the image pull request, and the host client in the available area receives the image event and determines
  • the mirroring event is a mirroring event or a mirroring event, and generates a data access request. If it is a mirroring push event, the image is pushed to the cloud management area warehouse through the proxy server. If the image is pulled, the image is accessed through the proxy server. Warehouse, pull the required image from the cloud management warehouse.
  • Step S101 The host client in the available area accesses the proxy server of the available area by using a domain name
  • Step S102 The proxy server performs secure transport layer protocol authentication according to the domain name, and sends the data access request of the host client to the cloud management area warehouse after the verification is passed.
  • the host client in the available zone accesses the proxy server of the available zone through the domain name, and the DNS server resolves the domain name to the proxy server, and then the proxy server performs secure transport layer protocol verification (TLS authentication), and after the verification is passed,
  • TLS authentication secure transport layer protocol verification
  • the data access request is forwarded by the proxy server to the cloud management area warehouse, wherein the domain name, the certificate, and the key used by the proxy server of each available area are the same, and the certificate and the key pair are generated according to the domain name and the like, and when performing TLS verification, That is, if the verification certificate and the key pair are correct, and the verification is successful, the cloud management area warehouse can be accessed through the proxy server.
  • This application sets the domain name, certificate, and key of the proxy server of each available area to be consistent, thereby making each available area
  • the domain name accessed by the host client is the same, and there is only one TLS certificate key pair.
  • the actual mirror storage is only one, so the consistency of the system is guaranteed.
  • Step S200 The cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror When pulling the request, pull the required image from the cloud management area repository to the available area.
  • the mirrored warehouse of the cloud management area parses the data access request when receiving the data access request of the proxy server, performs corresponding operations according to the request type, and notifies the available area when the access request is a mirror push request.
  • the host client pushes the image to the cloud management area warehouse through the proxy server.
  • the other available areas can directly invoke the pushed image from the cloud management area.
  • the cloud management area warehouse stores the image.
  • the host in the Beijing area can initiate a mirror pull request to the cloud management area warehouse through the proxy server in the area, so that the host client in the Beijing area can directly pull the image pushed by the Shenzhen area from the cloud management area warehouse.
  • the data access request includes at least a specific number of the available area and a type of the access, and the type of the access includes a mirror push and a mirror pull.
  • each available area is preset with a number. For example, the Shenzhen area is set to 001, the Guangzhou area is set to 002, and so on, and the number of each of the available areas is inconsistent, so that the cloud management area warehouse cannot determine which available area to send the data access request.
  • the cloud management area warehouse needs to initiate The host client is authenticated.
  • the data access request further carries a user name and a password, and the user terminal accesses the host client of the available area by using the login user name and password, and the host client uses the user.
  • the name and password are placed in the data access request, packaged and sent to the proxy server, and then further sent to the cloud management area warehouse through the proxy server.
  • the cloud management area warehouse After the host client sends the data access request to the cloud management area warehouse through the proxy server, the cloud management area warehouse first decodes the data access request, verifies the user name and password in the data access request, and reads the data after the verification is passed. Accessing the available area number in the request, and then determining the type of the data access, and analyzing whether the data access request is reasonable.
  • the cloud management area warehouse is provided with a control unit, and the cloud management area warehouse is controlled by the control unit.
  • the data access request decodes and verifies the username and password and determines the type of the data access request.
  • the cloud management warehouse When determining the mirror push request, the cloud management warehouse sends a data push notification to the host client of the corresponding numbered Availability Zone, the host client is After receiving the data push notification sent by the cloud management area warehouse, the image can be pushed to the cloud management area warehouse through the proxy server.
  • the data access request further needs to carry the type and name of the image to be pulled
  • the cloud management area warehouse is further Split into multiple mirrored storage units that store different types of mirrors.
  • the control unit of the cloud management area warehouse parses the type and name of the image to be pulled, first finds the image storage unit that stores the image of the type, and then traverses the image storage unit, if the name of the image to be pulled is found.
  • the image is pulled to the host client of the available area for sending the request, and is delivered by the host client to the user terminal; if the name of the image to be pulled is not found, the prompt message is sent to the host client through the proxy server. Prompt the host client to have no such mirror and verify that the name of the mirror is correct.
  • the application authenticates the host client, ensures data security of the cloud management area warehouse, avoids malicious access of the cloud management area warehouse, and avoids the cloud management area by processing each available area number.
  • the name of the Availability Zone for sending data access requests cannot be known, ensuring normal mirror synchronization.
  • the present invention does not need to have a mirrored warehouse in the available area and the cloud management area.
  • the mirror synchronization consumes less time, and does not need to pass user push, notification, and cloud management area components.
  • Call Docker API pull image, cloud management area component calls Docker The API pushes the image to the various Availability Zones, and since there is no need to push the image to the cloud zone in an available zone and then push the image to each Availability Zone, there is no probability of failure due to the native notification mechanism of the cloud zone warehouse. After the push mirror is sent, the notification is not sent, causing the problem that synchronization cannot be started.
  • there is only one centralized mirror library there is no problem of mirror synchronization loopback.
  • FIG. 3 is a flowchart of a preferred embodiment of step S200 in the image synchronization method of the mirror warehouse provided by the present application.
  • the step S200 includes:
  • Step S201 The cloud management area warehouse receives a data access request sent by the proxy server and parses the data access request;
  • Step S202 determining whether the data access request is a mirror push request or a mirror pull request
  • Step S203 If the data access request is a mirror push request, notify the host client of the available area to push the image to the cloud management area warehouse through the proxy server; if the data access request is a mirror pull request, find the image required by the request, and pass the The proxy server that sent the request pulls the image into the host client of the Availability Zone where the proxy server is located.
  • the data access request is sent to the mirrored warehouse through the proxy server, and the cloud management area warehouse pulls the stored image to the available area.
  • the mirror is sent to the host client of the available area through the proxy server, and then the host client feeds back to the user terminal, and the mirror of all the available areas is uniformly managed by adopting a mirror library, so that the warehouse push is not caused by the available area.
  • the image is not sent out and the problem cannot be synchronized. You do not need to push the image to the cloud zone warehouse in an available area, and then synchronize the image to all available areas. You only need to store the image. When the zone needs to be called synchronously, it only needs to access the cloud management zone to obtain the image.
  • the synchronization method is simple and the system consistency is ensured.
  • the mirror synchronization method of the mirror warehouse further includes:
  • the proxy server When the proxy server pushes the image to the cloud management area warehouse or the cloud management area warehouse to pull the image to the proxy server, the proxy server analyzes the size of the mirrored data, and prompts the mirror transmission failure when the mirrored data is larger than the upper limit of the data size preset by the proxy server. .
  • the default size of the request data is small (1M) after using the Nginx proxy server, and some mirror layers are larger (about 100+M) when the image is pushed, the pushed image passes through the proxy server.
  • the size of the mirrored data needs to be analyzed.
  • the mirrored data is larger than the upper limit of the data size preset by the proxy server, the image transmission fails.
  • the user can modify the configuration of the Nginx proxy server to set the size of the preset request data.
  • the upper limit is set to infinity to continue the transfer.
  • the number of available zones is at least one, and each of the available zones is deployed with a set of proxy servers, and the host clients of each available zone access the cloud zone warehouse through the proxy servers of the available zones.
  • the domain name, the certificate, and the key of the proxy servers in the respective Availability Zones are the same, so that the domain names accessed by the host clients of the available zones are the same, and only one copy of the TLS certificate key pair is used. There is only one mirror storage, so the consistency of the system is guaranteed.
  • This application provides a unified management method for mirroring.
  • There is only one centralized mirror library which has the following advantages: because there is only one mirror library, there is no need to perform any cross-region mirror synchronization, avoiding the synchronization of mirroring by other methods.
  • Various problems The domain name of the mirror library accessed by all hosts in all areas is the same.
  • There is only one TLS certificate key pair and there is only one actual mirror storage, which maintains the consistency of the system.
  • Only the centralized management area needs to deploy a Registry (mirror repository) to store the image. In other areas, only one proxy server needs to be deployed, which saves deployment costs.
  • Registry mirror repository
  • the application also provides a mirror synchronization system of a mirror warehouse. As shown in FIG. 4, the device includes:
  • the cloud management area warehouse 2 is configured to parse the data access request, and when determining that the data access request is a mirror push request, notify the host client 11 of the available area to push the image to the cloud management area warehouse 2 through the proxy server 12, When the data access request is a mirror pull request, the required image is pulled from the cloud management area repository 2 to the available area for sending the request.
  • the data access request is a mirror pull request
  • the required image is pulled from the cloud management area repository 2 to the available area for sending the request.
  • the host client 11 is further configured to receive a mirroring event initiated by a user terminal of an available area where the host client 11 is located, and generate a data access request according to the mirroring time, where the mirroring Events include mirror push events and mirror pull events.
  • the mirroring Events include mirror push events and mirror pull events.
  • the proxy server is specifically configured to perform a secure transport layer protocol authentication according to the domain name when the host client accesses the proxy server of the available zone through the domain name, and the host client is verified after the verification is passed.
  • the data access request of the end is sent to the cloud management area warehouse.
  • the present application uniformly manages the mirroring of the available area by setting a centralized mirror warehouse in the cloud management area, so that no cross-area mirror synchronization is required, and the synchronization is achieved by other methods.
  • the various problems will not cause the problem that the mirrors pushed by the available area mirror library are not sent out, and only a mirrored warehouse is deployed in the cloud management area. Only one proxy server needs to be deployed in each free area, saving Deployment costs.
  • the private image inside the tenant can also be synchronized to each available area in time, so that in any available area, the user has no indiscriminate access to the public image and the user under the tenant for the private image inside the tenant.
  • the present application also provides a mirror synchronization device of a mirrored warehouse, the rights authentication device including a processor, a memory, and a mirror synchronization program stored on the memory and executable by the processor, the image synchronization program When executed by the processor, the steps of the image synchronization method as described above are implemented.
  • the present application also provides a storage medium storing a mirror synchronization program that, when executed by a processor, implements the steps of the image synchronization method as described above.
  • a computer program to instruct related hardware (such as a processor, a controller, etc.), and the program can be stored in one.
  • the program when executed, may include the processes of the various method embodiments as described above.
  • the storage medium described therein may be a memory, a magnetic disk, an optical disk, or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Disclosed in the present application are an image synchronization method for an image registry, a system, a device and a storage medium. The image synchronization method comprises: a host client in an available area firstly initiating, by means of a proxy server in the available area, a data access request to a cloud management area registry; and then the cloud management area registry parsing the data access request, notifying, when it is determined that the data access request is an image push request, the host client of the available area to push the image by means of the proxy server, and pulling, when it is determined that the data access request is an image pull request, the required image from the cloud management area registry to the available area.

Description

镜像仓库的镜像同步方法、系统、设备及存储介质  Mirror synchronization method, system, device and storage medium of mirror warehouse

本申请要求于2017年12月29日提交中国专利局、申请号为201711476883.3、发明名称为“Docker镜像仓库的镜像同步方法和镜像同步系统”的中国专利申请的优先权,其全部内容通过引用结合在申请中。This application claims the priority of the Chinese Patent Application filed on Dec. 29, 2017, the Chinese Patent Application No. PCT Application No. In the application.

技术领域Technical field

本申请涉及Docker技术领域,具体涉及镜像仓库的镜像同步方法、系统、设备及存储介质。The present application relates to the field of Docker technology, and in particular, to a mirror synchronization method, system, device and storage medium of a mirror warehouse.

背景技术Background technique

Docker(Docker 是一个开源的应用容器引擎,让开发者可以打包他们的应用以及依赖包到一个可移植的容器中,然后发布到任何流行的 Linux 机器上,也可以实现虚拟化)提供的容器技术允许在同一台主机或虚拟机上运行若干个容器(container),每个容器就是一个独立的虚拟环境或应用。Docker (Docker Is an open source application container engine that allows developers to package their applications and dependencies into a portable container and then publish them to any popular Linux On the machine, virtualization can also be implemented. The container technology provided allows several containers to be run on the same host or virtual machine, each container being a separate virtual environment or application.

容器来源于Docker 镜像(image),而镜像可以由用户自制或由运行中的容器提交来生成,镜像生成后,可以推送(push)到镜像仓库(registry)中进行保存,也可以从镜像仓库拉取(pull)到本地以运行容器。Container from Docker Image, which can be generated by the user or submitted by the running container. After the image is generated, it can be pushed to the image repository for saving, or pulled from the mirror repository. Go to the local to run the container.

Docker提供了官方镜像仓库(Docker hub),同时允许用户自行搭建私有镜像仓库(private registry)。对于大多数机构和组织,使用私有镜像仓库是很有必要的,用以保护仓库的镜像内容及使用。 Docker provides an official image repository (Docker hub), while allowing users to build their own private image repository (private Registry). For most organizations and organizations, it is necessary to use a private image repository to protect the mirrored content and use of the repository.

镜像以分层存储的形式保存于文件系统中,不同的镜像可能共用某些层(layer),以节省存储空间。对于涉及多区域用户访问的仓库搭建,当需要统一管理镜像时,镜像同步是一项必须的工作,以确保用户使用的镜像范围不局限于某个区域。Mirrors are stored in the file system as tiered storage. Different images may share some layers to save storage space. For warehouse construction involving multi-regional user access, mirror synchronization is a must-have when unified management of the image is required to ensure that the scope of the image used by the user is not limited to a certain area.

镜像同步可以由多种方案实现,其中一种是共享存储,即多个区域的仓库(registry)挂载一块共享的网络存储盘,从而可以保证每次有镜像推送至某区域的仓库(registry)时,所有的仓库(registry)都能立即同步。但有时,多区域的registry无法共享存储,且各区域间的网络无法互相访问,即各个区域之间是隔离的。Mirror synchronization can be implemented by multiple schemes, one of which is shared storage, that is, a registry of multiple areas mounts a shared network storage disk, so that each time a mirror is pushed to a certain area of the registry. All the warehouses are immediately synchronized. However, sometimes the multi-region registry cannot share storage, and the networks between the regions cannot access each other, that is, the regions are isolated.

在多租户环境下使用Docker镜像时,租户下的用户通常被限制为只能访问各个可用区的公共服务区内部署的镜像仓库(Registry)。而对于公共镜像,需要在各个可用区的镜像仓库内同步;对于租户内部的私有镜像,也需要将镜像同步到各个可用区。对于用户来说,其所能看到的各个可用区内的镜像应该是一致的,而同时各个可用区的云存储不能跨区域共享,不能分发镜像事件至其它可用区,因此不能借助共享存储的方式来实现同步,而只能使用实时同步。When using a Docker image in a multi-tenant environment, users under the tenant are typically restricted to access only the mirrored repository deployed in the public service area of each Availability Zone. For public mirroring, you need to synchronize in the mirrored warehouse of each available area; for private mirrors inside the tenant, you also need to synchronize the mirror to each available area. For the user, the images in each available area that they can see should be consistent, while the cloud storage of each available area cannot be shared across areas, and the mirrored events cannot be distributed to other available areas, so the shared storage cannot be used. The way to achieve synchronization, and only use real-time synchronization.

因此,现有技术还有待于改进和发展。Therefore, the prior art has yet to be improved and developed.

申请内容Application content

针对现有技术的上述缺陷,本申请提供一种镜像仓库的镜像同步方法、系统、设备及存储介质,主要解决现有Docker镜像不能实时同步的问题。For the above-mentioned defects of the prior art, the present application provides a mirror synchronization method, system, device and storage medium for a mirror warehouse, which mainly solves the problem that the existing Docker images cannot be synchronized in real time.

本申请解决技术问题所采用的技术方案如下:The technical solution adopted by the present application to solve the technical problem is as follows:

一种镜像仓库的镜像同步方法,所述镜像同步方法包括如下步骤:A mirror synchronization method for a mirror warehouse, the image synchronization method comprising the following steps:

可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求;The host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area;

云管区仓库解析该数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至该可用区。The cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror pull request When you pull the required image from the cloud management area warehouse to the available area.

可选地,所述可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求的步骤之前还包括:Optionally, before the step of the host client in the available area to initiate a data access request to the cloud management area warehouse by using the proxy server of the available area, the method further includes:

由可用区内的主机客户端接收该可用区的用户终端发起的镜像事件并根据该镜像时间生成数据访问请求,其中所述镜像事件包括镜像推送事件和镜像拉取事件。Receiving, by the host client in the available area, a mirroring event initiated by the user terminal of the available area, and generating a data access request according to the mirroring time, where the mirroring event includes a mirroring push event and a mirroring pull event.

可选地,所述可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求的步骤包括:Optionally, the step of the host client in the available area initiating a data access request to the cloud management area warehouse by using the proxy server of the available area includes:

可用区内的主机客户端通过域名访问该可用区的代理服务器;The host client in the available zone accesses the proxy server of the available zone through the domain name;

代理服务器根据域名进行安全传输层协议认证,并在验证通过后将主机客户端的数据访问请求发送至云管区仓库。The proxy server performs secure transport layer protocol authentication according to the domain name, and sends the data access request of the host client to the cloud management area warehouse after the verification is passed.

可选地,所述云管区仓库解析该数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库,在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至该可用区的步骤包括: Optionally, the cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server, and determining data access When requesting a mirror pull request, the steps of pulling the required image from the cloud management area repository to the available area include:

所述云管区仓库接收代理服务器发送的数据访问请求并对其进行解析;The cloud management area warehouse receives a data access request sent by the proxy server and parses the data access request;

判断该数据访问请求为镜像推送请求还是镜像拉取请求;Determining whether the data access request is a mirror push request or a mirror pull request;

若数据访问请求为镜像推送请求,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;若数据访问请求为镜像拉取请求,查找请求所需的镜像,并通过发送请求的代理服务器将该镜像拉取至该代理服务器所在的可用区的主机客户端中。If the data access request is a mirror push request, the host client of the available area is notified to push the image to the cloud management area warehouse through the proxy server; if the data access request is a mirror pull request, the image required by the request is searched, and the request is sent. The proxy server pulls the image into the host client of the Availability Zone where the proxy server is located.

可选地,所述的镜像仓库的镜像同步方法还包括:Optionally, the mirror synchronization method of the mirror warehouse further includes:

代理服务器在推送镜像至云管区仓库或者云管区仓库拉取镜像至代理服务器中时,代理服务器分析镜像数据的大小,并在镜像数据大于超过代理服务器预设的数据大小上限时,提示镜像传输失败。When the proxy server pushes the image to the cloud management area warehouse or the cloud management area warehouse to pull the image to the proxy server, the proxy server analyzes the size of the mirrored data, and prompts the mirror transmission failure when the mirrored data is larger than the upper limit of the data size preset by the proxy server. .

可选地,所述可用区的数量至少为1个,每一个可用区均部署有一套代理服务器。Optionally, the number of the available areas is at least one, and each of the available areas is deployed with a set of proxy servers.

可选地,各个可用区的代理服务器的域名、证书和密钥均相同。Optionally, the domain name, certificate, and key of the proxy server for each Availability Zone are the same.

一种镜像仓库的镜像同步系统,所述镜像同步系统包括:A mirror synchronization system of a mirror warehouse, the image synchronization system includes:

若干个可用区,包括主机客户端和代理服务器,所述主机客户端设置为通过该可用区的代理服务器向云管区仓库发起数据访问请求;a plurality of available areas, including a host client and a proxy server, the host client being configured to initiate a data access request to the cloud management area repository through the proxy server of the available area;

云管区仓库,设置为解析所述数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至发送请求的可用区。The cloud management area warehouse is configured to parse the data access request, and when determining that the data access request is a mirror push request, notify the host client of the available area to push the image to the cloud management area warehouse through the proxy server; and determine that the data access request is When the image pull request is requested, the required image is pulled from the cloud management area repository to the available area for sending the request.

所述的镜像仓库的镜像同步系统中,所述主机客户端还设置为接收主机客户端所在的可用区的用户终端发起的镜像事件并根据该镜像时间生成数据访问请求,其中所述镜像事件包括镜像推送事件和镜像拉取事件。In the mirror synchronization system of the mirrored warehouse, the host client is further configured to receive a mirroring event initiated by a user terminal of an available area where the host client is located, and generate a data access request according to the mirroring time, where the mirroring event includes Mirror push events and image pull events.

所述的镜像仓库的镜像同步系统中,所述代理服务器具体设置为当主机客户端通过域名访问该可用区的代理服务器时,根据域名进行安全传输层协议认证,并在验证通过后将主机客户端的数据访问请求发送至云管区仓库。In the mirror synchronization system of the mirror warehouse, the proxy server is specifically configured to perform a secure transport layer protocol authentication according to the domain name when the host client accesses the proxy server of the available area through the domain name, and the host client is verified after the verification is passed. The data access request of the end is sent to the cloud management area warehouse.

一种镜像仓库的镜像同步设备,所述镜像同步设备包括处理器、存储器、以及存储在所述存储器上并可被所述处理器执行的镜像同步程序,所述镜像同步程序被所述处理器执行时,实现以下步骤:A mirror synchronization device of a mirrored warehouse, the mirror synchronization device comprising a processor, a memory, and a mirror synchronization program stored on the memory and executable by the processor, the image synchronization program being When executed, implement the following steps:

可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求;The host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area;

云管区仓库解析该数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至该可用区。The cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror pull request When you pull the required image from the cloud management area warehouse to the available area.

一种存储介质,所述存储介质存储有镜像同步程序,所述镜像同步程序被处理器执行时,实现以下步骤:A storage medium storing a mirror synchronization program, the mirror synchronization program being executed by a processor, implementing the following steps:

可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求;The host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area;

云管区仓库解析该数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至该可用区。The cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror pull request When you pull the required image from the cloud management area warehouse to the available area.

本申请公开了一种镜像仓库的镜像同步方法、系统、设备及存储介质,可用区的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求;之后,云管区仓库解析该数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至该可用区。本申请通过在云管区设置集中式的镜像仓库来对所用可用区的镜像进行统一管理,因此不需要进行任何跨区域的镜像同步,避开了通过其它方法来同步镜像而产生的各种问题,不会导致由于可用区镜像库推送的镜像未发出而造成无法同步的问题,而且只有云管区部署了一套镜像仓库,各可用区只需要部署一份代理服务器即可,节省了部署成本。 The present application discloses a mirror synchronization method, system, device and storage medium of a mirror warehouse, and a host client of an available area initiates a data access request to a cloud management area warehouse through a proxy server of the available area; and then, the cloud management area warehouse parses the data. Accessing the request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; when determining that the data access request is a mirror pull request, the cloud management area warehouse Pull the desired image into the Availability Zone. The present invention uniformly manages the mirroring of the available area by setting a centralized mirror warehouse in the cloud management area, so that no cross-area mirror synchronization is required, and various problems caused by other methods for synchronous mirroring are avoided. It does not cause the problem that the mirrored by the available area mirror library is not sent out, and only a mirrored warehouse is deployed in the cloud management area. Only one proxy server needs to be deployed in each available area, which saves deployment costs.

附图说明DRAWINGS

图1为本申请提供的镜像仓库的镜像同步方法的较佳实施例的流程图;1 is a flowchart of a preferred embodiment of a mirror synchronization method of a mirrored warehouse provided by the present application;

图2为本申请提供的镜像仓库的镜像同步方法中步骤S100的较佳实施例的流程图;2 is a flowchart of a preferred embodiment of step S100 in the mirror synchronization method of the mirrored warehouse provided by the present application;

图3为本申请提供的镜像仓库的镜像同步方法中步骤S200的较佳实施例的流程图;3 is a flowchart of a preferred embodiment of step S200 in the mirror synchronization method of the mirrored warehouse provided by the present application;

图4为本申请提供的镜像仓库的镜像同步系统的功能原理框图。FIG. 4 is a functional block diagram of a mirror synchronization system of a mirror warehouse provided by the present application.

具体实施方式Detailed ways

本申请提供一种镜像仓库的镜像同步方法及系统,为使本申请的目的、技术方案及优点更加清楚、明确,以下参照附图并举实施例对本申请进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。The present application provides a mirror image synchronization method and system for a mirrored warehouse. The objects, technical solutions, and advantages of the present application will be more clearly and clarified, and the present application will be further described in detail below with reference to the accompanying drawings. It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting.

请参阅图1,其为本申请提供的镜像仓库的镜像同步方法的较佳实施例的流程图。如图1所示,本申请较佳实施例所述的镜像仓库的镜像同步方法以下步骤:Please refer to FIG. 1 , which is a flowchart of a preferred embodiment of a mirror synchronization method of a mirrored warehouse provided by the present application. As shown in FIG. 1 , the mirror synchronization method of the mirror warehouse according to the preferred embodiment of the present application has the following steps:

S100、可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求。S100. The host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area.

本实施例中,在系统中设置有一个云管区和多个可用区,云管区即为集中管理区,在云管区部署有一个云管区仓库,设置为管理所有的镜像,各个可用区则通过代理服务器访问云管区仓库,其中每个可用区均部署有一套代理服务器,某一可用区的主机客户端只能通过该可用区的代理服务器访问云管区仓库,其中所述代理服务器为Nginx代理服务器,各可用区可设置在不同的地点,例如北京区、上海区和深圳区等等,各可用区均可与云管区通讯,但是各个可用区相互之间隔离,本申请没有在各个可用区设置镜像仓库,而是通过在各个可用区设置代理服务器,各个可用区的主机客户端均通过代理服务器访问云管区仓库,实现了镜像的统一管理,因此不需要进行任何跨区域的镜像同步,节省了部署成本,而且不会导致由于原来的可用区镜像仓库推送的镜像未发出而造成无法同步的问题。In this embodiment, a cloud management area and a plurality of available areas are set in the system, and the cloud management area is a centralized management area, and a cloud management area warehouse is deployed in the cloud management area, and is configured to manage all the mirrors, and each available area passes the proxy. The server accesses the cloud management area warehouse, wherein each of the available areas is deployed with a set of proxy servers, and the host client of an available area can only access the cloud management area warehouse through the proxy server of the available area, wherein the proxy server is an Nginx proxy server. Each available area can be set in different locations, such as Beijing, Shanghai, and Shenzhen. Each available area can communicate with the cloud management area, but each available area is isolated from each other. This application does not have a mirror in each available area. The warehouse, but the proxy server is set in each available area, and the host clients of each available area access the cloud management area warehouse through the proxy server, thereby realizing the unified management of the mirror, so no cross-region mirror synchronization is required, and the deployment is saved. Cost, and does not result in mirroring due to the original Availability Zone Image Repository Issue caused the problem can not be synchronized.

较佳地,在步骤S100之前还包括:由可用区内的主机客户端接收该可用区的用户终端发起的镜像事件并根据该镜像时间生成数据访问请求,其中所述镜像事件包括镜像推送事件和镜像拉取事件。Preferably, before step S100, the method further includes: receiving, by the host client in the available area, a mirroring event initiated by the user terminal of the available area, and generating a data access request according to the mirroring time, wherein the mirroring event includes a mirroring push event and Mirror pull event.

具体实施时,由用户终端向可用区的主机客户端发起镜像事件,具体为向可用区用户主机客户端推送镜像或发起镜像拉取请求,可用区的主机客户端接收到该镜像事件后,判断该镜像事件为镜像推送事件还是镜像拉取事件,并生成数据访问请求,如果是镜像推送事件,则通过代理服务器将镜像推送至云管区仓库,如果是镜像拉取事件,则通过代理服务器访问镜像仓库,从云管区仓库中拉取所需的镜像。During the specific implementation, the user terminal initiates a mirroring event to the host client in the available area, specifically, pushing the image to the host user of the available area or initiating the image pull request, and the host client in the available area receives the image event and determines The mirroring event is a mirroring event or a mirroring event, and generates a data access request. If it is a mirroring push event, the image is pushed to the cloud management area warehouse through the proxy server. If the image is pulled, the image is accessed through the proxy server. Warehouse, pull the required image from the cloud management warehouse.

进一步地实施例中,如图2所示,所述步骤S100包括:In a further embodiment, as shown in FIG. 2, the step S100 includes:

步骤S101、可用区内的主机客户端通过域名访问该可用区的代理服务器;Step S101: The host client in the available area accesses the proxy server of the available area by using a domain name;

步骤S102、代理服务器根据域名进行安全传输层协议认证,并在验证通过后将主机客户端的数据访问请求发送至云管区仓库。Step S102: The proxy server performs secure transport layer protocol authentication according to the domain name, and sends the data access request of the host client to the cloud management area warehouse after the verification is passed.

具体实施时,可用区内的主机客户端通过域名访问该可用区的代理服务器,DNS服务器将域名解析到代理服务器,然后代理服务器进行安全传输层协议验证(TLS验证),并在验证通过后,由代理服务器将数据访问请求转发至云管区仓库,其中,各个可用区的代理服务器使用的域名、证书和密钥均相同,证书和密钥对是根据域名等信息生成,在进行TLS验证时,即验证证书和密钥对是否正确,验证成功后才能通过代理服务器访问云管区仓库,本申请通过将各个可用区的代理服务器的域名、证书和密钥均设置为一致,从而使得各个可用区的主机客户端访问的域名都是同一个,TLS证书密钥对也只有一份,实际的镜像存储也只有一个,所以保证了系统的一致性。During specific implementation, the host client in the available zone accesses the proxy server of the available zone through the domain name, and the DNS server resolves the domain name to the proxy server, and then the proxy server performs secure transport layer protocol verification (TLS authentication), and after the verification is passed, The data access request is forwarded by the proxy server to the cloud management area warehouse, wherein the domain name, the certificate, and the key used by the proxy server of each available area are the same, and the certificate and the key pair are generated according to the domain name and the like, and when performing TLS verification, That is, if the verification certificate and the key pair are correct, and the verification is successful, the cloud management area warehouse can be accessed through the proxy server. This application sets the domain name, certificate, and key of the proxy server of each available area to be consistent, thereby making each available area The domain name accessed by the host client is the same, and there is only one TLS certificate key pair. The actual mirror storage is only one, so the consistency of the system is guaranteed.

步骤S200、云管区仓库解析该数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至该可用区。Step S200: The cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror When pulling the request, pull the required image from the cloud management area repository to the available area.

本实施例中,云管区的镜像仓库在接收到代理服务器的数据访问请求时即对该数据访问请求进行解析,根据请求类型进行相应的操作,当访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库,在该可用区的主机客户端将镜像推送到云管区仓库后,其它可用区可以直接从云管区中调用推送的镜像,具体来说,当深圳区的主机客户端通过该区的代理服务器推送一镜像时,云管区仓库将该镜像存储,若其它区需要调用该镜像,例如北京区的用户终端需要调用该镜像,则北京区的主机客户端可通过该区的代理服务器向云管区仓库发起镜像拉取请求,使得北京区的主机客户端可以直接从云管区仓库中拉取出深圳区推送的该镜像。In this embodiment, the mirrored warehouse of the cloud management area parses the data access request when receiving the data access request of the proxy server, performs corresponding operations according to the request type, and notifies the available area when the access request is a mirror push request. The host client pushes the image to the cloud management area warehouse through the proxy server. After the host client of the available area pushes the image to the cloud management area warehouse, the other available areas can directly invoke the pushed image from the cloud management area. Specifically, When the host client in Shenzhen pushes an image through the proxy server in the area, the cloud management area warehouse stores the image. If the other area needs to invoke the image, for example, the user terminal in Beijing needs to invoke the image, then the host in the Beijing area The client can initiate a mirror pull request to the cloud management area warehouse through the proxy server in the area, so that the host client in the Beijing area can directly pull the image pushed by the Shenzhen area from the cloud management area warehouse.

进一步来说,所述数据访问请求中至少包括可用区的具体编号和访问的类型,所述访问的类型包括镜像推送和镜像拉取,在具体实施时,每个可用区都预先设置有编号,例如将深圳区设置为001号,将广州区设置为002号等等,每一个所述可用区的编号均不一致,避免云管区仓库无法判断发送数据访问请求的是哪一个可用区。Further, the data access request includes at least a specific number of the available area and a type of the access, and the type of the access includes a mirror push and a mirror pull. In the specific implementation, each available area is preset with a number. For example, the Shenzhen area is set to 001, the Guangzhou area is set to 002, and so on, and the number of each of the available areas is inconsistent, so that the cloud management area warehouse cannot determine which available area to send the data access request.

所述主机客户端在生成数据访问请求时,需将所述该主机客户端的具体编号放置在数据访问请求中,另外,为了避免对云管区仓库进行恶意访问,所述云管区仓库还需对发起访问的主机客户端进行身份验证,优选的实施例中,所述数据访问请求中还携带有用户名和密码,用户终端通过登录用户名和密码访问可用区的主机客户端,所述主机客户端将用户名和密码放置于数据访问请求中,打包发送至代理服务器,然后进一步通过代理服务器将数据访问请求发送至云管区仓库。When the host client generates the data access request, the specific number of the host client needs to be placed in the data access request. In addition, in order to avoid malicious access to the cloud management area warehouse, the cloud management area warehouse needs to initiate The host client is authenticated. In a preferred embodiment, the data access request further carries a user name and a password, and the user terminal accesses the host client of the available area by using the login user name and password, and the host client uses the user. The name and password are placed in the data access request, packaged and sent to the proxy server, and then further sent to the cloud management area warehouse through the proxy server.

在主机客户端通过代理服务器将数据访问请求发送至云管区仓库后,云管区仓库首先将所述数据访问请求进行解码,对数据访问请求中的用户名和密码进行验证,在验证通过后读取数据访问请求中的可用区编号,然后再判断数据访问的类型,并分析所述数据访问请求是否合理,具体实施时,所述云管区仓库设置有控制单元,所述云管区仓库通过控制单元来对数据访问请求进行解码并验证用户名和密码以及判断数据访问请求的类型,在判断为镜像推送请求时,云管区仓库则发出数据推送通知至相应编号的可用区的主机客户端,该主机客户端在接收到云管区仓库发送的数据推送通知后才能将通过代理服务器将镜像推送至云管区仓库。After the host client sends the data access request to the cloud management area warehouse through the proxy server, the cloud management area warehouse first decodes the data access request, verifies the user name and password in the data access request, and reads the data after the verification is passed. Accessing the available area number in the request, and then determining the type of the data access, and analyzing whether the data access request is reasonable. In the specific implementation, the cloud management area warehouse is provided with a control unit, and the cloud management area warehouse is controlled by the control unit. The data access request decodes and verifies the username and password and determines the type of the data access request. When determining the mirror push request, the cloud management warehouse sends a data push notification to the host client of the corresponding numbered Availability Zone, the host client is After receiving the data push notification sent by the cloud management area warehouse, the image can be pushed to the cloud management area warehouse through the proxy server.

进一步地实施例中,所述主机客户端在向所述云管区发送镜像拉取请求时,所述数据访问请求中还需携带需拉取的镜像的类型和名称,所述云管区仓库还被分割为多个存储有不同类型的镜像的镜像存储单元。所述云管区仓库的控制单元在解析出需拉取的镜像的类型和名称后,首先查找出存储该类型镜像的镜像存储单元,再遍历镜像存储单元,如果查找到需拉取的镜像的名称,则将该镜像拉取至发送请求的可用区的主机客户端,由主机客户端输送给用户终端;如果未找到需拉取的镜像的名称,则通过代理服务器发送提示信息至主机客户端,提示主机客户端无此镜像并验证镜像的名称是否正确。In a further embodiment, when the host client sends a mirror pull request to the cloud management area, the data access request further needs to carry the type and name of the image to be pulled, and the cloud management area warehouse is further Split into multiple mirrored storage units that store different types of mirrors. After the control unit of the cloud management area warehouse parses the type and name of the image to be pulled, first finds the image storage unit that stores the image of the type, and then traverses the image storage unit, if the name of the image to be pulled is found. , the image is pulled to the host client of the available area for sending the request, and is delivered by the host client to the user terminal; if the name of the image to be pulled is not found, the prompt message is sent to the host client through the proxy server. Prompt the host client to have no such mirror and verify that the name of the mirror is correct.

本申请通过在主机客户端访问云管区仓库时,对主机客户端进行身份验证,保证了云管区仓库的数据安全,避免云管区仓库被恶意访问,而且通过将各个可用区编号处理,避免云管区无法知晓发送数据访问请求的可用区的名称,保证了镜像同步的正常进行。When the host client accesses the cloud management area warehouse, the application authenticates the host client, ensures data security of the cloud management area warehouse, avoids malicious access of the cloud management area warehouse, and avoids the cloud management area by processing each available area number. The name of the Availability Zone for sending data access requests cannot be known, ensuring normal mirror synchronization.

本申请相较于现有的镜像同步方法,不需要在可用区和云管区均设置有镜像仓库,在进行镜像同步时,镜像同步消耗的时间少,不需要经过用户推送、通知、云管区组件调用Docker API拉取镜像、云管区组件调用Docker API推送镜像到各个可用区等步骤,而且由于不需要在某一可用区推送镜像至云管区后再将镜像推送至各个可用区,所以不会出现因为云管区仓库原生的通知机制的失败概率而导致推送镜像后通知未发出,造成无法开始同步的问题,另外由于只有一个集中式的镜像库,所以也不会出现镜像同步回环的问题。Compared with the existing image synchronization method, the present invention does not need to have a mirrored warehouse in the available area and the cloud management area. When performing mirror synchronization, the mirror synchronization consumes less time, and does not need to pass user push, notification, and cloud management area components. Call Docker API pull image, cloud management area component calls Docker The API pushes the image to the various Availability Zones, and since there is no need to push the image to the cloud zone in an available zone and then push the image to each Availability Zone, there is no probability of failure due to the native notification mechanism of the cloud zone warehouse. After the push mirror is sent, the notification is not sent, causing the problem that synchronization cannot be started. In addition, since there is only one centralized mirror library, there is no problem of mirror synchronization loopback.

请参阅图3,其为本申请提供的镜像仓库的镜像同步方法中步骤S200的较佳实施例的流程图。Please refer to FIG. 3 , which is a flowchart of a preferred embodiment of step S200 in the image synchronization method of the mirror warehouse provided by the present application.

如图3所示,所述步骤S200包括:As shown in FIG. 3, the step S200 includes:

步骤S201、所述云管区仓库接收代理服务器发送的数据访问请求并对其进行解析;Step S201: The cloud management area warehouse receives a data access request sent by the proxy server and parses the data access request;

步骤S202、判断该数据访问请求为镜像推送请求还是镜像拉取请求;Step S202, determining whether the data access request is a mirror push request or a mirror pull request;

步骤S203、若数据访问请求为镜像推送请求,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;若数据访问请求为镜像拉取请求,查找请求所需的镜像,并通过发送请求的代理服务器将该镜像拉取至该代理服务器所在的可用区的主机客户端中。Step S203: If the data access request is a mirror push request, notify the host client of the available area to push the image to the cloud management area warehouse through the proxy server; if the data access request is a mirror pull request, find the image required by the request, and pass the The proxy server that sent the request pulls the image into the host client of the Availability Zone where the proxy server is located.

本实施例中,所述可用区的主机客户端在访问云管区仓库时,通过代理服务器将数据访问请求发送至镜像仓库,所述云管区仓库在将存储的镜像拉取至可用区时,也是通过代理服务器将镜像发送至可用区的主机客户端,再由主机客户端反馈至用户终端,通过采用一个镜像库来对所有可用区的镜像进行统一管理,所以不会导致出现由于可用区仓库推送的镜像未发出而造成无法同步的问题,不需要再在某一可用区将镜像推送至云管区仓库后立刻将该镜像同步至所有的可用区,只需要将该镜像存储即可,当其它可用区需要同步调用时,只需访问云管区即可获取该镜像,同步方法简单,而且保证了系统的一致性。In this embodiment, when the host client of the available area accesses the cloud management area warehouse, the data access request is sent to the mirrored warehouse through the proxy server, and the cloud management area warehouse pulls the stored image to the available area. The mirror is sent to the host client of the available area through the proxy server, and then the host client feeds back to the user terminal, and the mirror of all the available areas is uniformly managed by adopting a mirror library, so that the warehouse push is not caused by the available area. The image is not sent out and the problem cannot be synchronized. You do not need to push the image to the cloud zone warehouse in an available area, and then synchronize the image to all available areas. You only need to store the image. When the zone needs to be called synchronously, it only needs to access the cloud management zone to obtain the image. The synchronization method is simple and the system consistency is ensured.

进一步地实施例中,所述镜像仓库的镜像同步方法还包括:In a further embodiment, the mirror synchronization method of the mirror warehouse further includes:

代理服务器在推送镜像至云管区仓库或者云管区仓库拉取镜像至代理服务器中时,代理服务器分析镜像数据的大小,并在镜像数据大于超过代理服务器预设的数据大小上限时,提示镜像传输失败。When the proxy server pushes the image to the cloud management area warehouse or the cloud management area warehouse to pull the image to the proxy server, the proxy server analyzes the size of the mirrored data, and prompts the mirror transmission failure when the mirrored data is larger than the upper limit of the data size preset by the proxy server. .

本实施例中,由于使用Nginx代理服务器后,由于请求数据的默认大小较小(1M),而镜像推送时,有些镜像的层较大(约100+M),因此在推送的镜像经过代理服务器时,还需分析镜像数据的大小,在镜像数据大于超过代理服务器预设的数据大小上限时,提示镜像传输失败,此时用户可通过修改Nginx代理服务器的配置,将预设的请求数据的大小上限设置为无限大即可继续进行传输。In this embodiment, since the default size of the request data is small (1M) after using the Nginx proxy server, and some mirror layers are larger (about 100+M) when the image is pushed, the pushed image passes through the proxy server. At the same time, the size of the mirrored data needs to be analyzed. When the mirrored data is larger than the upper limit of the data size preset by the proxy server, the image transmission fails. In this case, the user can modify the configuration of the Nginx proxy server to set the size of the preset request data. The upper limit is set to infinity to continue the transfer.

优选的实施例中,所述可用区的数量至少为1个,每一个可用区均部署有一套代理服务器,每一个可用区的主机客户端均通过该可用区的代理服务器访问云管区仓库。In a preferred embodiment, the number of available zones is at least one, and each of the available zones is deployed with a set of proxy servers, and the host clients of each available zone access the cloud zone warehouse through the proxy servers of the available zones.

进一步来说,各个可用区的代理服务器的域名、证书和密钥均相同,本从而使得个可用区的主机客户端访问的域名都是同一个,TLS证书密钥对也只有一份,实际的镜像存储也只有一个,所以保证了系统的一致性。Further, the domain name, the certificate, and the key of the proxy servers in the respective Availability Zones are the same, so that the domain names accessed by the host clients of the available zones are the same, and only one copy of the TLS certificate key pair is used. There is only one mirror storage, so the consistency of the system is guaranteed.

本申请提供了一个对镜像的统一管理方法,只有一个集中式的镜像库,有如下优点:因为只有一个镜像库,因此不需要进行任何跨区域的镜像同步,避开了通过其他方法同步镜像的各种问题。所有区域中所有主机访问的镜像库的域名都是同一个,TLS证书密钥对也只有一份,实际的镜像存储也只有一个,保持了系统的一致性。只有集中管理区需要部署一份Registry(镜像仓库)用以存储镜像,其他区域只需要部署一份代理服务器即可,节省了部署成本。This application provides a unified management method for mirroring. There is only one centralized mirror library, which has the following advantages: because there is only one mirror library, there is no need to perform any cross-region mirror synchronization, avoiding the synchronization of mirroring by other methods. Various problems. The domain name of the mirror library accessed by all hosts in all areas is the same. There is only one TLS certificate key pair, and there is only one actual mirror storage, which maintains the consistency of the system. Only the centralized management area needs to deploy a Registry (mirror repository) to store the image. In other areas, only one proxy server needs to be deployed, which saves deployment costs.

本申请还提供了一种镜像仓库的镜像同步系统,如图4所示,所述装置包括:The application also provides a mirror synchronization system of a mirror warehouse. As shown in FIG. 4, the device includes:

若干个可用区1,包括主机客户端11和代理服务器12,所述主机客户端11设置为通过该可用区的代理服务器12向云管区仓库发起数据访问请求,所述代理服务器12设置为为所述主机客户端11和云管区仓库建立连接;A plurality of Availability Zones 1, including a Host Client 11 and a Proxy Server 12, the Host Client 11 being arranged to initiate a data access request to the cloud zone repository through the proxy server 12 of the Availability Zone, the proxy server 12 being configured to The host client 11 and the cloud management area warehouse establish a connection;

云管区仓库2,设置为解析所述数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端11通过代理服务器12将镜像推送至云管区仓库2,在判断数据访问请求为镜像拉取请求时,从云管区仓库2中拉取所需的镜像至发送请求的可用区。具体请参阅上述方法对应的实施例。The cloud management area warehouse 2 is configured to parse the data access request, and when determining that the data access request is a mirror push request, notify the host client 11 of the available area to push the image to the cloud management area warehouse 2 through the proxy server 12, When the data access request is a mirror pull request, the required image is pulled from the cloud management area repository 2 to the available area for sending the request. For details, please refer to the corresponding embodiment of the above method.

本申请的镜像仓库的镜像同步系统中,所述主机客户端11还设置为接收主机客户端11所在的可用区的用户终端发起的镜像事件并根据该镜像时间生成数据访问请求,其中所述镜像事件包括镜像推送事件和镜像拉取事件。具体请参阅上述方法对应的实施例。In the mirror synchronization system of the mirror warehouse of the present application, the host client 11 is further configured to receive a mirroring event initiated by a user terminal of an available area where the host client 11 is located, and generate a data access request according to the mirroring time, where the mirroring Events include mirror push events and mirror pull events. For details, please refer to the corresponding embodiment of the above method.

本申请的镜像仓库的镜像同步系统中,所述代理服务器具体设置为当主机客户端通过域名访问该可用区的代理服务器时,根据域名进行安全传输层协议认证,并在验证通过后将主机客户端的数据访问请求发送至云管区仓库。具体请参阅上述方法对应的实施例。In the mirror synchronization system of the mirror warehouse of the present application, the proxy server is specifically configured to perform a secure transport layer protocol authentication according to the domain name when the host client accesses the proxy server of the available zone through the domain name, and the host client is verified after the verification is passed. The data access request of the end is sent to the cloud management area warehouse. For details, please refer to the corresponding embodiment of the above method.

综上所述,本申请通过在云管区设置集中式的镜像仓库来对所用可用区的镜像进行统一管理,因此不需要进行任何跨区域的镜像同步,避开了通过其它方法来同步镜像而产生的各种问题,不会导致由于可用区镜像库推送的镜像未发出而造成无法同步的问题,而且只有云管区部署了一套镜像仓库,各可用区只需要部署一份代理服务器即可,节省了部署成本。使租户内部的私有镜像也能及时同步到各个可用区,从而保证在任意可用区内,用户对于公共镜像以及租户下的用户对于租户内部的私有镜像无能无差别地访问。In summary, the present application uniformly manages the mirroring of the available area by setting a centralized mirror warehouse in the cloud management area, so that no cross-area mirror synchronization is required, and the synchronization is achieved by other methods. The various problems will not cause the problem that the mirrors pushed by the available area mirror library are not sent out, and only a mirrored warehouse is deployed in the cloud management area. Only one proxy server needs to be deployed in each free area, saving Deployment costs. The private image inside the tenant can also be synchronized to each available area in time, so that in any available area, the user has no indiscriminate access to the public image and the user under the tenant for the private image inside the tenant.

本申请还提供了一种镜像仓库的镜像同步设备,所述权限认证设备包括处理器、存储器、以及存储在所述存储器上并可被所述处理器执行的镜像同步程序,所述镜像同步程序被所述处理器执行时,实现如上述的镜像同步方法的步骤。The present application also provides a mirror synchronization device of a mirrored warehouse, the rights authentication device including a processor, a memory, and a mirror synchronization program stored on the memory and executable by the processor, the image synchronization program When executed by the processor, the steps of the image synchronization method as described above are implemented.

其中,镜像同步程序被执行时所实现的方法可参照本申请镜像同步方法的各个实施例,此处不再赘述。For the method that is implemented when the image synchronization program is executed, refer to various embodiments of the image synchronization method of the present application, and details are not described herein again.

本申请还提供了一种存储介质,所述存储介质存储有镜像同步程序,所述镜像同步程序被处理器执行时,实现如上述的镜像同步方法的步骤。The present application also provides a storage medium storing a mirror synchronization program that, when executed by a processor, implements the steps of the image synchronization method as described above.

其中,镜像同步程序被执行时所实现的方法可参照本申请镜像同步方法的各个实施例,此处不再赘述。For the method that is implemented when the image synchronization program is executed, refer to various embodiments of the image synchronization method of the present application, and details are not described herein again.

当然,本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关硬件(如处理器,控制器等)来完成,所述的程序可存储于一计算机可读取的存储介质中,该程序在执行时可包括如上述各方法实施例的流程。其中所述的存储介质可为存储器、磁碟、光盘等。Certainly, those skilled in the art can understand that all or part of the processes in the foregoing embodiments can be implemented by a computer program to instruct related hardware (such as a processor, a controller, etc.), and the program can be stored in one. In a computer readable storage medium, the program, when executed, may include the processes of the various method embodiments as described above. The storage medium described therein may be a memory, a magnetic disk, an optical disk, or the like.

应当理解的是,本申请的应用不限于上述的举例,对本领域普通技术人员来说,可以根据上述说明加以改进或变换,所有这些改进和变换都应属于本申请所附权利要求的保护范围。It should be understood that the application of the present application is not limited to the above-described examples, and those skilled in the art can make modifications and changes in accordance with the above description, all of which are within the scope of the appended claims.

Claims (20)

一种镜像仓库的镜像同步方法,其中,所述镜像同步方法包括如下步骤: A mirror synchronization method for a mirror warehouse, wherein the image synchronization method comprises the following steps: 可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求;The host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area; 云管区仓库解析该数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至该可用区。The cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror pull request When you pull the required image from the cloud management area warehouse to the available area. 根据权利要求1所述的镜像仓库的镜像同步方法,其中,所述可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求的步骤之前还包括:The image synchronization method of the mirrored warehouse according to claim 1, wherein the step of the host client in the available area to initiate a data access request to the cloud management area warehouse through the proxy server of the available area further comprises: 由可用区内的主机客户端接收该可用区的用户终端发起的镜像事件并根据该镜像时间生成数据访问请求,其中所述镜像事件包括镜像推送事件和镜像拉取事件。Receiving, by the host client in the available area, a mirroring event initiated by the user terminal of the available area, and generating a data access request according to the mirroring time, where the mirroring event includes a mirroring push event and a mirroring pull event. 根据权利要求1所述的镜像仓库的镜像同步方法,其中,所述可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求的步骤包括:The mirror synchronization method of the mirror warehouse according to claim 1, wherein the step of the host client in the available area initiating a data access request to the cloud management area warehouse through the proxy server of the available area comprises: 可用区内的主机客户端通过域名访问该可用区的代理服务器;The host client in the available zone accesses the proxy server of the available zone through the domain name; 代理服务器根据域名进行安全传输层协议认证,并在验证通过后将主机客户端的数据访问请求发送至云管区仓库。The proxy server performs secure transport layer protocol authentication according to the domain name, and sends the data access request of the host client to the cloud management area warehouse after the verification is passed. 根据权利要求3所述的镜像仓库的镜像同步方法,其中,所述云管区仓库解析该数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至该可用区的步骤包括:The mirror synchronization method of the mirror warehouse according to claim 3, wherein the cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area through the proxy server Pushing the image to the cloud management area warehouse; when determining that the data access request is a mirror pull request, the steps of pulling the required image from the cloud management area warehouse to the available area include: 所述云管区仓库接收代理服务器发送的数据访问请求并对其进行解析;The cloud management area warehouse receives a data access request sent by the proxy server and parses the data access request; 判断该数据访问请求为镜像推送请求还是镜像拉取请求;Determining whether the data access request is a mirror push request or a mirror pull request; 若数据访问请求为镜像推送请求,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;若数据访问请求为镜像拉取请求,查找请求所需的镜像,并通过发送请求的代理服务器将该镜像拉取至该代理服务器所在的可用区的主机客户端中。If the data access request is a mirror push request, the host client of the available area is notified to push the image to the cloud management area warehouse through the proxy server; if the data access request is a mirror pull request, the image required by the request is searched, and the request is sent. The proxy server pulls the image into the host client of the Availability Zone where the proxy server is located. 根据权利要求3所述的镜像仓库的镜像同步方法,其中,还包括:The mirror synchronization method of the mirror warehouse according to claim 3, further comprising: 代理服务器在推送镜像至云管区仓库或者云管区仓库拉取镜像至代理服务器中时,代理服务器分析镜像数据的大小,并在镜像数据大于超过代理服务器预设的数据大小上限时,提示镜像传输失败。When the proxy server pushes the image to the cloud management area warehouse or the cloud management area warehouse to pull the image to the proxy server, the proxy server analyzes the size of the mirrored data, and prompts the mirror transmission failure when the mirrored data is larger than the upper limit of the data size preset by the proxy server. . 根据权利要求1所述的镜像仓库的镜像同步方法,其中,所述可用区的数量至少为1个,每一个可用区均部署有一套代理服务器。The mirror synchronization method of the mirror warehouse according to claim 1, wherein the number of the available areas is at least one, and each of the available areas is deployed with a set of proxy servers. 根据权利要求6所述的镜像仓库的镜像同步方法,其中,各个可用区的代理服务器的域名、证书和密钥均相同。The mirror synchronization method of the mirror warehouse according to claim 6, wherein the domain name, the certificate, and the key of the proxy servers of the respective available areas are the same. 一种镜像仓库的镜像同步系统,其中,所述镜像同步系统包括:A mirror synchronization system of a mirror warehouse, wherein the mirror synchronization system includes: 若干个可用区,包括主机客户端和代理服务器,所述主机客户端设置为通过该可用区的代理服务器向云管区仓库发起数据访问请求;a plurality of available areas, including a host client and a proxy server, the host client being configured to initiate a data access request to the cloud management area repository through the proxy server of the available area; 云管区仓库,设置为解析所述数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至发送请求的可用区。The cloud management area warehouse is configured to parse the data access request, and when determining that the data access request is a mirror push request, notify the host client of the available area to push the image to the cloud management area warehouse through the proxy server; and determine that the data access request is When the image pull request is requested, the required image is pulled from the cloud management area repository to the available area for sending the request. 根据权利要求8所述的镜像仓库的镜像同步系统,其中,所述主机客户端还设置为接收主机客户端所在的可用区的用户终端发起的镜像事件并根据该镜像时间生成数据访问请求,其中所述镜像事件包括镜像推送事件和镜像拉取事件。The mirror synchronization system of the mirrored warehouse according to claim 8, wherein the host client is further configured to receive a mirroring event initiated by a user terminal of an available area where the host client is located, and generate a data access request according to the mirroring time, wherein The mirroring event includes a mirror push event and a mirror pull event. 根据权利要求8所述的镜像仓库的镜像同步系统,其中,所述代理服务器具体设置为当主机客户端通过域名访问该可用区的代理服务器时,根据域名进行安全传输层协议认证,并在验证通过后将主机客户端的数据访问请求发送至云管区仓库。The mirror synchronization system of the mirror warehouse according to claim 8, wherein the proxy server is specifically configured to perform a secure transport layer protocol authentication according to the domain name when the host client accesses the proxy server of the available area through the domain name, and is verified. After passing, the host client's data access request is sent to the cloud management area warehouse. 根据权利要求10所述的镜像仓库的镜像同步系统,其中,所述云管区仓库具体设置为接收代理服务器发送的数据访问请求并对其进行解析;判断该数据访问请求为镜像推送请求还是镜像拉取请求;若数据访问请求为镜像推送请求,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;若数据访问请求为镜像拉取请求,查找请求所需的镜像,并通过发送请求的代理服务器将该镜像拉取至该代理服务器所在的可用区的主机客户端中。The mirror synchronization system of the mirror warehouse according to claim 10, wherein the cloud management area warehouse is specifically configured to receive and parse a data access request sent by the proxy server; and determine whether the data access request is a mirror push request or a mirror pull If the data access request is a mirror push request, the host client of the available area is notified to push the image to the cloud management area warehouse through the proxy server; if the data access request is a mirror pull request, the image required by the request is searched and passed. The proxy server that sent the request pulls the image into the host client of the Availability Zone where the proxy server is located. 根据权利要求10所述的镜像仓库的镜像同步系统,其中,所述镜像同步系统还包括:The mirror synchronization system of the mirror warehouse according to claim 10, wherein the image synchronization system further comprises: 代理服务器,设置为在推送镜像至云管区仓库或者云管区仓库拉取镜像至代理服务器中时,代理服务器分析镜像数据的大小,并在镜像数据大于超过代理服务器预设的数据大小上限时,提示镜像传输失败。The proxy server is configured to analyze the size of the mirrored data when the mirroring is sent to the cloud management area warehouse or the cloud management area warehouse to the mirror server, and the prompting data is larger than the upper limit of the data size preset by the proxy server. Image transfer failed. 根据权利要求8所述的镜像仓库的镜像同步系统,其中,所述可用区的数量至少为1个,每一个可用区均部署有一套代理服务器。The mirror synchronization system of the mirror warehouse according to claim 8, wherein the number of the Availability Zones is at least one, and each of the Availability Zones is deployed with a set of proxy servers. 根据权利要求13所述的镜像仓库的镜像同步系统,其中,各个可用区的代理服务器的域名、证书和密钥均相同。The mirror synchronization system of the mirror warehouse according to claim 13, wherein the domain name, the certificate, and the key of the proxy servers of the respective available areas are the same. 一种镜像仓库的镜像同步设备,其中,所述镜像同步设备包括处理器、存储器、以及存储在所述存储器上并可被所述处理器执行的镜像同步程序,所述镜像同步程序被所述处理器执行时,实现以下步骤:A mirror synchronization device of a mirrored warehouse, wherein the mirror synchronization device includes a processor, a memory, and a mirror synchronization program stored on the memory and executable by the processor, the image synchronization program being When the processor executes, the following steps are implemented: 可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求;The host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area; 云管区仓库解析该数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至该可用区。The cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror pull request When you pull the required image from the cloud management area warehouse to the available area. 如权利要求15所述的镜像同步设备,其中,所述镜像同步程序被所述处理器执行时,还实现以下步骤:A mirror synchronization device according to claim 15, wherein when said mirror synchronization program is executed by said processor, the following steps are further implemented: 由可用区内的主机客户端接收该可用区的用户终端发起的镜像事件并根据该镜像时间生成数据访问请求,其中所述镜像事件包括镜像推送事件和镜像拉取事件。Receiving, by the host client in the available area, a mirroring event initiated by the user terminal of the available area, and generating a data access request according to the mirroring time, where the mirroring event includes a mirroring push event and a mirroring pull event. 如权利要求15所述的镜像同步设备,其中,所述可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求的步骤包括:The image synchronization device of claim 15, wherein the step of the host client in the available area initiating a data access request to the cloud management area repository by the proxy server of the available area comprises: 可用区内的主机客户端通过域名访问该可用区的代理服务器;The host client in the available zone accesses the proxy server of the available zone through the domain name; 代理服务器根据域名进行安全传输层协议认证,并在验证通过后将主机客户端的数据访问请求发送至云管区仓库。The proxy server performs secure transport layer protocol authentication according to the domain name, and sends the data access request of the host client to the cloud management area warehouse after the verification is passed. 一种存储介质,其中,所述存储介质存储有镜像同步程序,所述镜像同步程序被处理器执行时,实现以下步骤:A storage medium, wherein the storage medium stores a mirror synchronization program, and when the image synchronization program is executed by the processor, the following steps are implemented: 可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求;The host client in the available area initiates a data access request to the cloud management area warehouse through the proxy server of the available area; 云管区仓库解析该数据访问请求,并在判断数据访问请求为镜像推送请求时,通知该可用区的主机客户端通过代理服务器将镜像推送至云管区仓库;在判断数据访问请求为镜像拉取请求时,从云管区仓库中拉取所需的镜像至该可用区。The cloud management area warehouse parses the data access request, and when determining that the data access request is a mirror push request, notifying the host client of the available area to push the image to the cloud management area warehouse through the proxy server; determining that the data access request is a mirror pull request When you pull the required image from the cloud management area warehouse to the available area. 如权利要求18所述的存储介质,其中,所述镜像同步程序被所述处理器执行时,还实现以下步骤:The storage medium of claim 18, wherein when said mirror synchronization program is executed by said processor, the following steps are further implemented: 由可用区内的主机客户端接收该可用区的用户终端发起的镜像事件并根据该镜像时间生成数据访问请求,其中所述镜像事件包括镜像推送事件和镜像拉取事件。Receiving, by the host client in the available area, a mirroring event initiated by the user terminal of the available area, and generating a data access request according to the mirroring time, where the mirroring event includes a mirroring push event and a mirroring pull event. 如权利要求18所述的存储介质,其中,所述可用区内的主机客户端通过该可用区的代理服务器向云管区仓库发起数据访问请求的步骤包括:The storage medium of claim 18, wherein the step of the host client in the available area initiating a data access request to the cloud management area repository by the proxy server of the available area comprises: 可用区内的主机客户端通过域名访问该可用区的代理服务器;The host client in the available zone accesses the proxy server of the available zone through the domain name; 代理服务器根据域名进行安全传输层协议认证,并在验证通过后将主机客户端的数据访问请求发送至云管区仓库。 The proxy server performs secure transport layer protocol authentication according to the domain name, and sends the data access request of the host client to the cloud management area warehouse after the verification is passed.
PCT/CN2018/082251 2017-12-29 2018-04-09 Image synchronization method for image registry, system, device, and storage medium Ceased WO2019127971A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711476883.3 2017-12-29
CN201711476883.3A CN108200155A (en) 2017-12-29 2017-12-29 The mirror image synchronization method in Docker mirror images warehouse and mirror image synchronization system

Publications (1)

Publication Number Publication Date
WO2019127971A1 true WO2019127971A1 (en) 2019-07-04

Family

ID=62586248

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/082251 Ceased WO2019127971A1 (en) 2017-12-29 2018-04-09 Image synchronization method for image registry, system, device, and storage medium

Country Status (2)

Country Link
CN (1) CN108200155A (en)
WO (1) WO2019127971A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111190547A (en) * 2019-12-30 2020-05-22 中国电子科技集团公司信息科学研究院 A distributed container image storage and distribution system and method
CN112000740A (en) * 2020-08-24 2020-11-27 浪潮云信息技术股份公司 Script-based Git and Harbor data synchronization method and system
CN113110917A (en) * 2021-04-28 2021-07-13 北京链道科技有限公司 Data discovery and security access method based on Kubernetes
CN113596162A (en) * 2021-07-30 2021-11-02 北京快乐茄信息技术有限公司 Mirror image file processing method and device, network equipment and storage medium

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109062663B (en) * 2018-07-19 2020-07-17 北京百度网讯科技有限公司 Mirror image distribution method, device and storage medium
CN109688232B (en) * 2019-01-28 2021-09-21 杭州涂鸦信息技术有限公司 Mirror image backtracking method, mirror image backtracking system and proxy server
CN110187954B (en) * 2019-04-23 2023-08-18 平安科技(深圳)有限公司 Application image pushing method and device, computer equipment and storage medium
CN111291017B (en) * 2020-03-03 2024-04-05 中国工商银行股份有限公司 Mirror image storage and extraction method and device of mirror image warehouse
CN111294410B (en) * 2020-05-11 2020-08-14 杭州朗澈科技有限公司 Method for uploading local mirror image file to multi-region private mirror image warehouse
CN111917856A (en) * 2020-07-27 2020-11-10 平安证券股份有限公司 Mirror image file delivery method and related equipment
CN112231052B (en) * 2020-09-29 2024-06-18 中山大学 High-performance distributed container mirror image distribution system and method
CN112800070A (en) * 2020-12-28 2021-05-14 杭州涂鸦信息技术有限公司 Mirror image warehouse system
CN113572619B (en) * 2021-09-22 2021-12-07 银河麒麟软件(长沙)有限公司 Container cloud mirror image credible implementation method and system based on nottry
CN115941704A (en) * 2022-12-07 2023-04-07 山石网科通信技术股份有限公司 Mirror synchronization method and device, electronic equipment, storage medium
CN116339910B (en) * 2023-02-16 2025-05-16 西安雷风电子科技有限公司 An improved method for cluster mirror synchronization based on shared storage

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9569180B1 (en) * 2015-10-29 2017-02-14 International Business Machines Corporation Application development in cloud based environment
CN106469083A (en) * 2015-08-19 2017-03-01 三星Sds株式会社 Container mirror-image safety inspection method and its device
WO2017067016A1 (en) * 2015-10-23 2017-04-27 Huawei Technologies Co., Ltd. Extension of resource constraints for service-defined containers
CN106933635A (en) * 2017-03-15 2017-07-07 北京搜狐新媒体信息技术有限公司 Docker mirror images generation method and Docker containers
CN107105054A (en) * 2017-05-17 2017-08-29 郑州云海信息技术有限公司 A kind of mirror image garbage-cleaning system and method towards docker mirror images warehouse
CN107247793A (en) * 2017-06-21 2017-10-13 平安科技(深圳)有限公司 The mirror image synchronization method and mirror image synchronization system in Docker mirror images warehouse

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106331045B (en) * 2015-07-02 2019-12-31 北京京东尚科信息技术有限公司 Method and system for realizing Docker mirror image service
CN106790663A (en) * 2017-01-22 2017-05-31 济南浪潮高新科技投资发展有限公司 The implementation method of the network store system based on Docker
CN107105033B (en) * 2017-04-21 2020-08-18 北京奇安信科技有限公司 Cloud application access method, cloud proxy server and cloud application access system
CN107239688B (en) * 2017-06-30 2019-07-23 平安科技(深圳)有限公司 The purview certification method and system in Docker mirror image warehouse

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106469083A (en) * 2015-08-19 2017-03-01 三星Sds株式会社 Container mirror-image safety inspection method and its device
WO2017067016A1 (en) * 2015-10-23 2017-04-27 Huawei Technologies Co., Ltd. Extension of resource constraints for service-defined containers
US9569180B1 (en) * 2015-10-29 2017-02-14 International Business Machines Corporation Application development in cloud based environment
CN106933635A (en) * 2017-03-15 2017-07-07 北京搜狐新媒体信息技术有限公司 Docker mirror images generation method and Docker containers
CN107105054A (en) * 2017-05-17 2017-08-29 郑州云海信息技术有限公司 A kind of mirror image garbage-cleaning system and method towards docker mirror images warehouse
CN107247793A (en) * 2017-06-21 2017-10-13 平安科技(深圳)有限公司 The mirror image synchronization method and mirror image synchronization system in Docker mirror images warehouse

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111190547A (en) * 2019-12-30 2020-05-22 中国电子科技集团公司信息科学研究院 A distributed container image storage and distribution system and method
CN111190547B (en) * 2019-12-30 2023-02-24 中国电子科技集团公司信息科学研究院 Distributed container mirror image storage and distribution system and method
CN112000740A (en) * 2020-08-24 2020-11-27 浪潮云信息技术股份公司 Script-based Git and Harbor data synchronization method and system
CN113110917A (en) * 2021-04-28 2021-07-13 北京链道科技有限公司 Data discovery and security access method based on Kubernetes
CN113110917B (en) * 2021-04-28 2024-03-15 北京链道科技有限公司 Data discovery and security access method based on Kubernetes
CN113596162A (en) * 2021-07-30 2021-11-02 北京快乐茄信息技术有限公司 Mirror image file processing method and device, network equipment and storage medium

Also Published As

Publication number Publication date
CN108200155A (en) 2018-06-22

Similar Documents

Publication Publication Date Title
WO2019127971A1 (en) Image synchronization method for image registry, system, device, and storage medium
WO2019128007A1 (en) Container logon method, application server, system, and storage medium
US10505733B2 (en) Generating and managing a composite identity token for multi-service use
WO2019127973A1 (en) Authority authentication method, system and device for mirror repository, and storage medium
WO2020189926A1 (en) Method and server for managing user identity by using blockchain network, and method and terminal for user authentication using blockchain network-based user identity
US20200329121A1 (en) Remote provisioning and enrollment of enterprise devices with on-premises domain controllers
WO2022050652A1 (en) Method, apparatus, and computer readable storage medium for controlling account
WO2014007516A1 (en) Single certificate service system and operational method thereof
KR20160129852A (en) Secure hardware for cross-device trusted applications
WO2018076841A1 (en) Data sharing method, apparatus, storage medium and server
WO2016169410A1 (en) Login method and device, server and login system
WO2016082143A1 (en) Virtual network policy configuration method and system, as well as virtual network element and network management system thereof
WO2015018243A1 (en) Ios device based webpage blocking method and device
WO2020189927A1 (en) Method and server for managing identity of user by using blockchain network, and method and terminal for authenticating user by using user identity on basis of blockchain network
WO2017054443A1 (en) Remote control method, server and network attached storage
WO2018120680A1 (en) Virtual disk backup system, method, apparatus, service host and storage medium
WO2018233352A1 (en) Data transmission method, device, terminal and computer readable storage medium
WO2018098881A1 (en) Access processing method and device for application
US20210099297A1 (en) Secure reusable access tokens
WO2020017767A1 (en) Method and device for controlling access of application
WO2018076863A1 (en) Data storage method, apparatus, storage medium, server and system
WO2023090755A1 (en) System for controlling network access of virtualization instance, and method therefor
WO2018076881A1 (en) Data synchronization method and device, storage medium and server
WO2023163514A1 (en) Controller-based network access control system and method therefor
WO2023033588A1 (en) System for controlling data flow in virtualization terminal, and method thereof

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 07/10/2020)

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18897855

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 18897855

Country of ref document: EP

Kind code of ref document: A1