The present invention relates to methods and computing devices for assembling executable image files for execution as software containers. In particular, but not exclusively, the present invention relates to a methodology for assembling an executable image file dynamically and according to the needs of a specific self-service terminal or point of sale terminal. The executable image file is assembled from a plurality of predefined modular image files, each having specific layer(s) that represent the executable instructions needed to make up the overall executable image file.
It is known that self-service terminals (SSTs) and/or Point of Sale (POS) terminals are used from time to time in the retail industry. SSTs and POS terminals are typically used to enable a customer to conduct transactions with a retail establishment. Each SST or POS terminal in any retail establishment may be connected to different peripheral devices. Each SST or POS terminal may also execute different software, such as having different underlying operating systems (Linux, Windows etc.) and different software applications. This is typically dependent upon the retail establishment where the SST or POS terminal is used, and the intended use of the SST or POS terminal in the retail establishment. From time to time, the software executing on the SST or POS terminal may also be upgraded or the connected peripheral devices may change.
Due to the variations that are often present from terminal to terminal, software developers have started making use of software containers that contain the software that needs to be executed on an SST or POS terminal. Software containers isolate the running software thus helping to avoid complex platform dependencies. That is to say that they are able to execute on one or more processors of a terminal independent of the computing environment of that terminal. This is because a software container contains all of the software (application code as well as any software dependencies) it needs to be executable in any computing environment. Additionally, as these containers operate in their own isolated computing environment (except for certain predefined communication pathways with other software/hardware (such as access to specific files, specific ports) outside the software container), this also makes them particularly secure. Software containers are thus an effective way of packaging and distributing software for use on SSTs and POS terminals. When a software or hardware upgrade is performed on a terminal, a new software container can be executed on the terminal that accounts for these upgrades. Also, since the containers can be pre-built, this can help avoid complex builds on every terminal. It is noted that software containers are different to virtual machines in that they do not require a hypervisor to be installed on the computing device. Software containers are also typically more lightweight and run faster than virtual machines. Furthermore, whereas virtual machines virtualize the entire computer system, software containers virtualize the operating system. Software containers also share a single operating system whereas each virtual machine has its own operating system.
When deploying a software container, a container engine (such as docker, RKT, CRI-O, and LXD or the like) is utilized. The container engine can accept user requests or requests from an API server of a container orchestrator (such as Kubernetes, Swarm, Mesos, or the like), pull image files (in a particular image format) from a registry, prepare a container mount point, prepare metadata that is needed to execute a software container and call a container runtime. The container runtime is a part of the container engine. The container runtime (such as runc, containerd, crun, railcar, katacontainers, or the like) uses the mount point and the metadata provided by the container engine and communicates with the kernel (of a host OS) running on the computing device in order to execute a container image file and thereby create a software container.
When implementing multiple containers across multiple computing devices, a software container orchestrator platform is often used. These platforms are able to schedule container workloads across multiple computing devices (e.g., SSTs or POS terminals) and are also able to provide a standardized application definition file (e.g., kube YAML, docker compose, or the like). Kubernetes is an example of a container orchestration platform.
A Kubernetes container orchestration platform is a cluster of units, including a controlling unit called the Kubernetes master, which manages the cluster, and at least one node (or worker) which runs workloads (containers). One part of the Kubernetes orchestrator platform is the kubelet. The kubelet is an agent that runs on every worker which is part of the Kubernetes system. During operation, the kubelet receives commands (from an API server on a Kubernetes master) that informs the kubelet what container(s) should be running on a computing device. In Kubernetes, these containers are provided within ‘pods’. Typically a single pod includes a single container although it is possible to include multiple containers within a pod. The kubelet passes information regarding what container(s) should be running on a computing device to a container engine (e.g., via a Container Runtime Interface (CRI)) for execution of a software container via a container runtime within the container engine.
A software container is created when a container runtime executes an executable container image file. As such, a software container is essentially a runtime instance of an associated executable container image file. In this sense, an executable container image file is an image file that has all of the software it needs to at least be executable as a software container element. In more detail, a container image file is typically a binary file that includes all the necessary requirements for running a software container, in addition to any metadata describing needs and capabilities of the software container. The container image file itself is made up of several layers that define the executable instructions needed for running the software container. For example, a container image file may include several layer(s) which define a software application(s) executable code, several layers(s) defining code for any software dependencies upon which the software application(s) rely, and several layer(s) defining code for any required configuration settings. Container image files are often stored in a container image registry. Each container image file is stored in a particular container image format that defines the layers and metadata within a container image file. For example, the Open Container Initiative (OCI) image format defines the image file as tar files for each layer and a manifest file in JSON format which specifies the metadata associated with the image file.
When deploying software containers on SSTs and POS terminals, if customized container images are built by end users (e.g., staff associated with a retail establishment) from scratch according to the needs of a specific terminal, this can result in knowledge of how to build the containers being propagated further than it should and introduces the risk that problems during the build process result in container images that do not function as expected. Taking this approach also often does not adapt well to real-world changes, which can only be accommodated by building a new container image.
Thus, pre-built container image files can be prepared in advance. In order to provide pre-built container image files to users that should work for any terminal, a single container image file could be created that includes all software that might possibly be needed independent of the hardware/software running on any given terminal. Alternatively, a series of unique container image files could be created, with each unique image file including a permutation of a subset of possible software from all of the possible software that might be needed on a terminal.
However, creating a single container image file presents problems in that it results in a container image (and thus a running container) that is suboptimal from a resource perspective (disk, RAM, etc.). For example, if a different portion of code was needed for each of 10 specific peripheral devices that are connectable to a terminal, then to ensure a software container image file has everything it needs independent of the hardware/software running on a specific terminal, all 10 portions of code would need to be included within the image file. This results in a container image file with a size which is much larger than it needs to be for many terminals (e.g., for a terminal that only has one peripheral device). Having such a size may result in the speed at which the image file can be downloaded and upgraded and the speed at which the container runs being slower than if the container image file only included the code needed for a specific terminal. In reality, there are many different peripheral devices (much more than 10) that could be connected to a terminal and so the size of the pre-built single image file may have to be significantly large.
If a container image file is created for each real-world permutation of the software that might be needed on a specific terminal, this presents problems in that many container images may need to be built, distributed and managed. For example, if a different portion of code was needed for each of 10 specific peripheral devices that are connectable to a terminal, then to ensure there is a custom image file for each real-world combination, there would need to be a unique image file created each including a permutation of a subset of the 10 portions of code (e.g., image 1−portion 1, image 2−portion 1+portion 2, image 3−portion 1+portion 3 etc.). This would result in approximately 1000 different image files. In reality, there are many different peripheral devices (much more than 10) that could be connected to a terminal and so the number of unique container images that would be needed may be significantly more than 1000.
In the resource constrained ‘edge’ environment of a retail store neither of these approaches may be tenable.
It is an aim of the present invention to at least partly mitigate one or more of the above-mentioned problems.
It is an aim of certain embodiments of the present invention to help dynamically assemble an executable image file for execution as a software container element.
It is an aim of certain embodiments of the present invention to help avoid having to build specific container images for each terminal installation (terminal type, peripheral device set, product etc.).
It is an aim of certain embodiments of the present invention to help optimize the way in which container image files are assembled according to the specific needs of an SST or POS terminal.
It is an aim of certain embodiments of the present invention to help provide a method of assembling image files which can adapt quickly to any changes in hardware or software on a terminal.
It is an aim of certain embodiments of the present invention to help provide a container registry which includes a plurality of predefined modular image files, each modular image file including a single layer that includes executable instructions that might be needed in an executable image file for execution as a software container to be executed on an SST or POS terminal.
It is an aim of certain embodiments of the present invention to help provide a plurality of predefined modular image files, each respective modular image file including at least one layer defining executable instructions for communicating with a respective peripheral device that is connectable to an SST and/or POS terminal.
It is an aim of certain embodiments of the present invention to help provide a proxy that is communicatively disposed between a container engine and a container registry, the proxy being configured to create a container image manifest that enables the container engine to assemble the executable image file from a plurality of predefined modular image files.
It is an aim of certain embodiments of the present invention to help provide a proxy that communicates with a container engine and a container registry, the proxy being configured to dynamically create a container image manifest ‘on the fly’ according to container requirements.
According to a first aspect of the present invention there is provided a computer-implemented method for assembling an executable image file for execution as a software container element, comprising the steps of: assembling an executable image file, for execution as a software container element, from a plurality of predefined modular image files, each predefined modular image file comprising at least one layer defining executable instructions.
Aptly, the method further comprises assembling the executable image file from at least one first predefined modular image file of said a plurality of predefined modular image files and at least one second predefined modular image file of said a plurality of predefined modular image files, whereby at least one of or each said first predefined modular image file comprises at least one layer defining executable instructions that cannot be executed as the software container element without executable instructions defined by at least one layer of at least one said second predefined modular image file.
Aptly, the method further comprises providing the at least one first predefined modular image file as at least one peripheral device driver image file; and providing the at least one second predefined modular image file as at least one base operating system image file and at least one software dependencies image file.
Aptly, the method further comprises providing the at least one peripheral device driver image file as a scanner driver image file and/or a printer driver image file and/or a scale driver image file and/or a laser scanner driver image file.
Aptly, the method further comprises providing the software dependencies image file as an image file comprising a driver layer and/or a common layer and/or a utilities layer.
Aptly, the method further comprises responsive to executing the executable image file, providing the software container element as an element that contains executable software defined by the executable image file and that is executable on one or more processors of a computing device.
Aptly, the method further comprises providing the executable software as software that is executable independent of computing environment.
Aptly, the method further comprises via the software container element, executing the executable software in an isolated computing environment.
Aptly, the method further comprises prior to the assembling, via a container engine element that is configured to execute executable image files, requesting an executable image file for execution as the software container element.
Aptly, the method further comprises transmitting the request for the executable image file to a container image registry or to a proxy that is configured to communicate with the container runtime element and the container image registry.
Aptly, the container image registry and/or the proxy is stored in local memory on a computing device and/or on at least one server.
Aptly, the method further comprises receiving, at the container engine element, a container image manifest that defines each predefined modular image file to be included within the executable image file.
Aptly, the method further comprises receiving the container image manifest from a proxy that is configured to communicate with the container engine element and the container image registry.
Aptly, the method further comprises responsive to receiving the container image manifest, via the container engine element, assembling the executable image file.
Aptly, the method further comprises at the container engine element, receiving each predefined modular image file needed to assemble the executable image file from a container image registry; and assembling the executable image file.
According to a second aspect of the present invention there is provided a computing device comprising one or more processors configured to execute executable software, wherein the executable software, when executed, is configured to: assemble an executable image file, for execution as a software container element, from a plurality of predefined modular image files, each predefined modular image file comprising at least one layer defining executable instructions.
Aptly, the computing device is a point of sale terminal or self-service terminal.
According to a third aspect of the present invention there is provided a computer-implemented method for assembling an executable image file for execution as a software container element, comprising the steps of: receiving a request for an executable image file from a container engine element that is configured to execute executable image files; and responsive to determining that each of a plurality of predefined modular image files usable to assemble the executable image file is accessible in memory, providing a container image manifest, that defines each predefined modular image file to be included within the executable image file, to the container engine element for assembly of the executable image file.
According to a fourth aspect of the present invention there is provided a computing device comprising one or more processors configured to execute executable software, wherein the executable software, when executed, is configured to: receive a request for an executable image file from a container engine element that is configured to execute executable image files; and responsive to determining that each of a plurality of predefined modular image files usable to assemble the executable image file is accessible in memory, provide a container image manifest, that defines each predefined modular image file to be included within the executable image file, to the container engine element for assembly of the executable image file.
According to a fifth aspect of the present invention there is provided a computer program comprising instructions which, when executed by a computing device, cause the computing device to carry out the steps of the method defined by the first aspect or the third aspect of the present invention.
Certain embodiments of the present invention help provide a methodology for assembling a container image file ‘on the fly’ according to the needs of a software container that is to be executed on an SST or POS terminal.
Certain embodiments of the present invention help provide a plurality of predefined modular image files that are usable for assembling an executable image file, wherein each of the plurality of predefined modular image files includes a single image layer defining executable instructions.
Certain embodiments of the present invention help provide an executable image file having a plurality of image layers defining the executable instructions that are needed according to the requirements of a software container that is to be executed on an SST or POS terminal. Each respective image layer of the executable image file corresponds to a single layer that is included within a respective predefined modular image file.
Certain embodiments of the present invention help provide a container image manifest which enables a container engine to assemble an executable image file from a plurality of predefined modular image files stored in a container registry.
Certain embodiments of the present invention help provide a computing device that executes software thereby resulting in the assembly of an executable image file.
Certain embodiments of the present invention help provide a computing device that executes software thereby resulting in the provision of a container image manifest that enables the assembly of an executable image file.
Certain embodiments of the present invention help provide a methodology for dynamically assembling an executable image file according to the software/hardware requirements of a specific SST or POS terminal, which avoids the need to have a unique image file for the specific terminal or an image file having all software that might be needed on any terminal.
Embodiments of the present invention will now be described hereinafter, by way of example only, with reference to the accompanying drawings in which:
In the drawings like reference numerals refer to like parts.
The Kubernetes master 215 which runs on the server 210 includes an API server 216 that manages the Kubernetes cluster. The API server 216 issues commands based on information it receives from other internal components of the master 215 and interfaces with external components such as kubectl 212 and kubelets (such as kubelet 231 on SST22202) which are running on Kubernetes workers 2301, 2302. Etcd 217 is a distributed database for the Kubernetes cluster which stores information such as the configuration of the cluster. Etcd 217 also stores the desired state of the Kubernetes workers 2301, 230¬2 and the actual state of the Kubernetes workers 2301¬, 230¬2. A state may be understood as being an indication of the pods (such as Pod 3235 on SST22202) and their containers (such as container 236 in Pod 235) that are running on each Kubernetes worker 2301, 230¬2 in the cluster. A scheduler 218 monitors when new pods are to be run on a Kubernetes worker and then decides which Kubernetes worker to deploy them on. A controller-manager 219 runs controller processes which attempt to move the actual state of the Kubernetes workers 2301, 230¬2 closer to the desired state specified on etcd 217. The master 215 also contains kubectl 212, a command-line tool for communicating with the Kubernetes cluster via the API server 216, and an operator interface 211.
Each Kubernetes worker 2301, 230¬¬2 located within the Kubernetes cluster runs on an SST. According to certain embodiments of the present invention, the worker may run on a virtual machine of the SST. The worker 230 is able to communicate with other workers 230 and the master 215 through the network 205. Each worker 230 has a kubelet that manages the operation of the worker 230. The kubelet (such as kubelet 231 on SST 2202) issues commands to the other components of the worker 2302, monitors the pods running on the worker (such as pod 235) and their containers (such as container 236), and communicates with the API server 216. The kubelet 231 receives deployment files and ensures that the containers 236 described in those deployment files are running and healthy. A kube-proxy (such as kube-proxy 232) is a network proxy which enables pods, in both the same Kubernetes worker and a different worker to communicate. A container engine (such as engine 233) runs and manages containers, receiving commands from the kubelet and container images from a registry. The container engine prepares container metadata which is passed on to a container runtime (such as container runtime 234), that is responsible for the running of the containers within the Kubernetes worker that the runtime is located within.
A pod exists within any Kubernetes worker after the pod is deployed to a Kubernetes worker by the API server 216 of the Kubernetes master 215. The pod commonly includes a single container although the pod may comprise multiple containers with similar functions, which will share storage and network resources. The pod is able to request access to specific resources available to the worker through the kubelet, or to communicate with other pods by using the kube-proxy.
Turning now to
During operation of the SST 400, each of these pods/containers are executed by a container runtime (not shown) of a container engine (not shown). The image file associated with each of these containers may be assembled as described herein. Alternatively, in certain embodiments of the present invention, image files for select containers (e.g., the device server container) may be assembled as described herein whereas the other image files for the other containers within the SST may be stored in a container image registry and received directly at the SST without the need for any assembly. The methodology for assembling an executable image file for a software container is described in
A deployment file provides one way of specifying which layers are to be assembled for an executable image file. The deployment file can achieve this by encoding the layers in the name of the container. For example, each element of the name may be the name of a layer to include. Other ways of defining the layers to assemble could be used—for example a ConfigMap could list the layers and give the list of layers a name and then the name could be referenced as the image name.
A deployment file may be utilized by a Kubernetes master or a container engine running on an SST in order to prompt some of the steps discussed in
In the back end 820, there is a server pair 870. It will be appreciated that in certain other embodiments of the present invention, there may be only a single server or more than a pair of servers. Each server of the server pair has one or more processors (not shown) and at least one memory (not shown) which stores executable instructions for execution by the processors of the server pair. The executable software of the server pair includes a dynamic container proxy 880 and an upstream container registry 890. The proxy and the registry are executed on different servers of the server pair although it will be appreciated that in certain other embodiments of the present invention they may execute on the same server. The proxy and registry are also each provided as software containers within the Kubernetes framework. The proxy is responsible for handling requests for container image files from the container engine (not shown) running on the SST. The container registry is responsible for storing a plurality of predefined modular image files that are accessible by the container engine of the SST. The modular image files may be referred to as micro-container image files or just micro-containers (μ-containers). On startup of the SST (when no containers are executing), the container engine is executed on the processors of the SST and the container engine then sends a request to the proxy 980 for an executable image file. This request includes a name of an image defining a list of predefined modular image files that are required to assemble the executable image file. In response to this, the proxy communicates with the registry to determine whether the predefined modular image files required for the executable image file are stored therein. It does this by pulling an image manifest for each of the predefined modular image files stored in the registry and then checking that an image manifest is present for each of the predefined modular image files needed for the executable image file. If the proxy determines that all necessary modular image files are stored in the registry, then the proxy creates a new image manifest which defines each of the predefined modular image files the container engine will need to assemble the executable image file.
The proxy then sends this manifest to the container engine. In response to receiving this manifest, the container engine processes the manifest and communicates with the registry to pull or obtain the predefined modular image files it needs to assemble the executable image file. The container engine knows which modular image files it needs as this is defined in the image manifest created by the proxy. Once all necessary modular image files are received, the container engine then assembles these into a single executable image file. This is possible as the modular image files are additive. Thereafter, the container engine executes the executable image file in order to provide a software container element.
It will be appreciated that peripheral virtualization may be used to enable integration of drivers associated with different OS s (e.g., Linux and Windows) such that devices that are connected to a POS running Linux may be made available on a Windows virtual machine, or vice versa.
A next step S1110 is powering on the SST. This occurs for example when the terminal is first used that day, for example after a period when a store is closed. It could also occur at other times such as when the terminal is restarted. The software on the SST, including the host OS and the Kubernetes worker configuration, is then loaded from the memory of the SST and executed by processors of the SST. Thereafter, a next step S1115 involves detecting, by a controller-manager of the Kubernetes master, a difference between the pods that should be executing on a Kubernetes worker associated with the SST as specified according to the etcd database and the pods that are actually executing on the SST. The available resources on the Kubernetes worker will also be checked to determine that the resources required by a pod are available on the Kubernetes worker. Responsive to detecting that pods that should be executing on the SST are not, and that suitable resources are available, the API server of the Kubernetes master sends information to a kubelet on the SST to resolve this inconsistency. This information includes a deployment file for each pod that is to be executed on the SST. It will be appreciated that according to certain other embodiments of the present invention that do not use the Kubernetes orchestration platform, containers may be executed without the need for being run within pods (which are a particular feature of the Kubernetes system). A next step S1120 involves receiving, by the kubelet, the information from the API server and passing deployment files to a container engine element.
A next step S1125 involves reading, by the container engine, the deployment files and requesting an executable image file by transmitting the request to a dynamic container proxy that is communicatively disposed between the container engine and a container registry (which stores a plurality of predefined modular image files). The request includes the name of the image file (from the deployment file) which defines a list of image files needed for the executable image file. The proxy and the registry may be stored in memory on a server and/or on a local memory of the SST. A next step S1130 involves parsing, by the dynamic container proxy, the name of the image file to check which predefined modular image files are needed for the executable image file. This can be achieved since the name of the image file is effectively an encoded list of the names of the required predefined modular image files. The proxy then performs a step (not shown) of checking that all specified predefined modular image files needed for the executable image file are available in memory. The proxy performs this checking step by receiving the manifests associated with each predefined modular image file from an upstream container registry and determining whether a corresponding manifest exists for each predefined modular image file represented in the name of the image file sent from the container engine to the proxy.
If the proxy determines that a manifest exists for each image file represented in the name sent to the proxy and thus that all necessary predefined modular image files are present in the registry, a next step S1135 involves dynamically creating, by the proxy, a container image manifest that defines each predefined modular image file to be included within the executable image file. These modular image files defined by the manifest are those which the deployment file specifies are needed for the executable image file. A next step S1140 then involves transmitting, by the proxy, the image manifest so that it is received by the container engine. It will be appreciated that the steps performed by the proxy may be performed by the SST or by the container registry according to certain other embodiments of the present invention.
Once the image manifest has been received by the container engine, a next step S1145 involves receiving, by the container engine, each of the predefined modular image files needed to assemble the executable image file. These modular image files are received from the container registry. The predefined modular image files received are those that have been defined in the image manifest received by the container engine. The receiving of the modular image files may also be referred to as ‘pulling’ the image files. Once the modular image files have been received by the container engine, a next step S1150 involves assembling the executable image file using each of the predefined modular image files received. The assembled executable image file can be executed as a software container element. The image file is thus executable in the sense that it has the capability of being executed as a software container. This contrasts with many of the predefined modular image files which cannot be executed as a software container on their own (i.e., without being assembled with other predefined modular image files). A next step (not shown) involves, executing, by the container engine, the executable image file to provide an instance of the executable image file as a software container element. The software container element thus contains executable software that can be executed on a processor (or multiple processors) of the SST. It will be appreciated that the steps described above which are performed by the container engine may be performed specifically by the container runtime of the container engine in certain embodiments of the present invention.
Another step (not shown) involves storing the executable image file in a memory of the SST and/or of the container registry. The executable image file then does not need to be assembled as described above every time the SST is restarted. However, if it is desired not to use memory for storing the image file, the executable image file may be assembled as described above each time the SST is started.
It will be appreciated that whilst certain embodiments of the present invention described above describe the assembly of a device server image file for a retail environment, certain other embodiments of the present invention may be used to assemble non-retail specific image files. The present invention can be used for any software that has a ‘plugin architecture’ where the plugins can be created as layers and assembled dynamically into a runnable container containing different combinations of the plugins.
Throughout the description and claims of this specification, the words “comprise” and “contain” and variations of them mean “including but not limited to” and they are not intended to (and do not) exclude other moieties, additives, components, integers or steps. Throughout the description and claims of this specification, the singular encompasses the plural unless the context otherwise requires. In particular, where the indefinite article is used, the specification is to be understood as contemplating plurality as well as singularity, unless the context requires otherwise.
Although the present disclosure has been particularly shown and described with reference to the preferred embodiments and various aspects thereof, it will be appreciated by those of ordinary skill in the art that various changes and modifications may be made without departing from the spirit and scope of the disclosure. It is intended that the appended claims be interpreted as including the embodiments described herein, the alternatives mentioned above, and all equivalents thereto.
Features, integers, characteristics or groups described in conjunction with a particular aspect, embodiment or example of the invention are to be understood to be applicable to any other aspect, embodiment or example described herein unless incompatible therewith. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and/or all of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of the features and/or steps are mutually exclusive. The invention is not restricted to any details of any foregoing embodiments. The invention extends to any novel one, or novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings), or to any novel one, or any novel combination, of the steps of any method or process so disclosed.