pouchcontainer · Naville · Jul 31, 2018 · Jul 31, 2018 · Jul 31, 2018 · Jul 31, 2018
diff --git a/Images/login.png b/Images/login.png
diff --git a/Images/pouchrun.png b/Images/pouchrun.png
diff --git a/Images/pouchrun2.png b/Images/pouchrun2.png
diff --git a/Images/vb.png b/Images/vb.png
diff --git a/Images/vb2.png b/Images/vb2.png
diff --git a/Images/vb3.png b/Images/vb3.png
diff --git a/Images/vbdone.png b/Images/vbdone.png
diff --git a/Images/vdi.png b/Images/vdi.png
diff --git a/blog-cn/PouchContainer与普罗米修斯.md b/blog-cn/PouchContainer与普罗米修斯.md
@@ -0,0 +1,76 @@
+# PouchContainer与Prometheus
+
+PouchContainer 通过[普罗米修斯](https://prometheus.io/)来支持各式各样的监视度量标准。 现在我们已经具备了基本的Go语言运行时和一些API延迟度量单位，我们计划未来在如下两个主要的方向增加新的机制:
+
+* 重要的pouchd监视度量
+* 在监视过程中的完整的API调用列表
+
+## 如何添加新的衡量标准
+
+在PouchContainer中我们倾向于使用普罗米修斯的 [度量和标签命名法则](https://prometheus.io/docs/practices/naming) 最佳实践. 所以当你需要添加新的度量时, 请务必遵循度量和标签命名法则。
+
+我们使用普罗米修斯 [go-sdk](https://github.com/prometheus/client_golang) 来监视pouchd. 它支持计数器, 测量仪和总结性的测量类型. 如需获取更多信息, 请参阅 [度量类型](https://prometheus.io/docs/concepts/metric_types/).
+
+## How to use
+
+用户可以通过 `pouchd -l tcp://0.0.0.0:4243` 来在 `0.0.0.0:4243`启动pouchd监听, 然后发出`GET http://127.0.0.1:4243/metrics` 请求来获取普罗米修斯格式化的度量输出的完整列表
+
+```
+# HELP go_gc_duration_seconds A summary of the GC invocation durations.
+# TYPE go_gc_duration_seconds summary
+go_gc_duration_seconds{quantile="0"} 0.000111176
+go_gc_duration_seconds{quantile="0.25"} 0.000198062
+go_gc_duration_seconds{quantile="0.5"} 0.000269599
+go_gc_duration_seconds{quantile="0.75"} 0.000474291
+go_gc_duration_seconds{quantile="1"} 0.002013351
+go_gc_duration_seconds_sum 0.021835193
+go_gc_duration_seconds_count 52
+# HELP go_goroutines Number of goroutines that currently exist.
+# TYPE go_goroutines gauge
+go_goroutines 22
+# HELP go_info Information about the Go environment.
+# TYPE go_info gauge
+go_info{version="go1.9"} 1
+...
+# HELP http_request_size_bytes The HTTP request sizes in bytes.
+# TYPE http_request_size_bytes summary
+http_request_size_bytes{handler="prometheus",quantile="0.5"} NaN
+http_request_size_bytes{handler="prometheus",quantile="0.9"} NaN
+http_request_size_bytes{handler="prometheus",quantile="0.99"} NaN
+http_request_size_bytes_sum{handler="prometheus"} 0
+http_request_size_bytes_count{handler="prometheus"} 0
+# HELP http_response_size_bytes The HTTP response sizes in bytes.
+# TYPE http_response_size_bytes summary
+http_response_size_bytes{handler="prometheus",quantile="0.5"} NaN
+http_response_size_bytes{handler="prometheus",quantile="0.9"} NaN
+http_response_size_bytes{handler="prometheus",quantile="0.99"} NaN
+http_response_size_bytes_sum{handler="prometheus"} 0
+http_response_size_bytes_count{handler="prometheus"} 0
+# HELP pouch_image_pull_latency_microseconds Latency in microseconds to pull a image.
+# TYPE pouch_image_pull_latency_microseconds summary
+pouch_image_pull_latency_microseconds{image="docker.io/library/ubuntu:latest",quantile="0.5"} 3.7803132e+07
+pouch_image_pull_latency_microseconds{image="docker.io/library/ubuntu:latest",quantile="0.9"} 3.7803132e+07
+pouch_image_pull_latency_microseconds{image="docker.io/library/ubuntu:latest",quantile="0.99"} 3.7803132e+07
+pouch_image_pull_latency_microseconds_sum{image="docker.io/library/ubuntu:latest"} 3.7803132e+07
+pouch_image_pull_latency_microseconds_count{image="docker.io/library/ubuntu:latest"} 1
+# HELP process_cpu_seconds_total Total user and system CPU time spent in seconds.
+# TYPE process_cpu_seconds_total counter
+process_cpu_seconds_total 4.78
+# HELP process_max_fds Maximum number of open file descriptors.
+# TYPE process_max_fds gauge
+process_max_fds 1024
+# HELP process_open_fds Number of open file descriptors.
+# TYPE process_open_fds gauge
+process_open_fds 9
+# HELP process_resident_memory_bytes Resident memory size in bytes.
+# TYPE process_resident_memory_bytes gauge
+process_resident_memory_bytes 3.4521088e+07
+# HELP process_start_time_seconds Start time of the process since unix epoch in seconds.
+# TYPE process_start_time_seconds gauge
+process_start_time_seconds 1.51064406778e+09
+# HELP process_virtual_memory_bytes Virtual memory size in bytes.
+# TYPE process_virtual_memory_bytes gauge
+process_virtual_memory_bytes 4.91610112e+08
+```
+
+然后我们可以设置一个新的Target来在普罗米修斯中爬取这个度量点的数据即可完工。
diff --git a/blog-cn/PouchContainer插件化.md b/blog-cn/PouchContainer插件化.md
@@ -0,0 +1,156 @@
+# PouchContainer with plugin
+
+为了运行在某些点引起的由用户提供的自定义代码，我们提供了了一个介绍golang 1.8的插入框架。此时在插入框架中我们能够让用户在文件点中加入自定义代码。
+
+
+* 守护进程开始之前
+* 守护进程结束前
+* 容器创建前
+* 容器开始前
+* 容器创建结束前
+
+以上四点是由两个插入界面提供的，分别是DaemonPlugin和ContainerPlugin，定义如下：
+
+
+```
+// DaemonPlugin defines in which place does pouchd support plugin
+type DaemonPlugin interface {
+    // PreStartHook is invoked by pouchd before real start, in this hook user could start dfget proxy or other
+    // standalone process plugins
+    PreStartHook() error
+
+    // PreStopHook is invoked by pouchd before daemon process exit, not a promise if daemon is killed, in this
+    // hook user could stop the process or plugin started by PreStartHook
+    PreStopHook() error
+}
+
+// ContainerPlugin defines places where a plugin will be triggered in container lifecycle
+type ContainerPlugin interface {
+  // PreCreate defines plugin point where receives an container create request, in this plugin point user
+  // could change the container create body passed-in by http request body
+  PreCreate(io.ReadCloser) (io.ReadCloser, error)
+
+  // PreStart returns an array of priority and args which will pass to runc, the every priority
+  // used to sort the pre start array that pass to runc, network plugin hook always has priority value 0.
+  PreStart(interface{}) ([]int, [][]string, error)
+
+  //NetworkGenericParams accepts the container id and env of this container and returns the priority of this endpoint
+  // and if this endpoint should enable resolver and a map which will be used as generic params to create endpoints of
+  // this container
+  PreCreateEndpoint(string, []string) (priority int, disableResolver bool, genericParam map[string]interface{})
+}
+
+```
+
+这两个插入符号会被记为分享的目标文件中的‘DaemonPlugin’(后台运行插件)和‘ContainerPlugin’(容器插件），示例如下：
+
+```
+p, _ := plugin.Open("path_to_shared_object_file")
+daemonPlugin, _ := p.Lookup("DaemonPlugin")
+containerPlugin, _ := p.Lookup("ContainerPlugin")
+```
+
+## example
+
+定义两个只在对应点处打印某些日志在的插入符号
+
+```
+package main
+
+import (
+    "fmt"
+    "io"
+)
+
+var ContainerPlugin ContPlugin
+
+type ContPlugin int
+
+var DaemonPlugin DPlugin
+
+type DPlugin int
+
+func (d DPlugin) PreStartHook() error {
+    fmt.Println("pre-start hook in daemon is called")
+    return nil
+}
+
+func (d DPlugin) PreStopHook() error {
+    fmt.Println("pre-stop hook in daemon is called")
+    return nil
+}
+
+func (c ContPlugin) PreCreate(in io.ReadCloser) (io.ReadCloser, error) {
+    fmt.Println("pre create method called")
+    return in, nil
+}
+
+func (c ContPlugin) PreStart(interface{}) ([]int, [][]string, error) {
+    fmt.Println("pre start method called")
+    // make this pre-start hook run after network in container setup
+    return []int{-4}, [][]string{{"/usr/bin/touch", "touch", "/tmp/pre_start_hook"}}, nil
+}
+
+func (c ContPlugin) PreCreateEndpoint(string, []string) (priority int, disableResolver bool, genericParam map[string]interface{}) {
+    fmt.Println("pre create endpoint")
+    return
+}
+
+func main() {
+    fmt.Println(ContainerPlugin, DaemonPlugin)
+}
+```
+
+然后建立某些命令行，如下所示：
+
+```
+go build -buildmode=plugin -ldflags "-pluginpath=plugins_$(date +%s)" -o hook_plugin.so
+```
+
+利用生成的分享目标文件，开始封装其中带有旗标的`--plugin=path_to_hook_plugin.so`，然后当你开始结束守护进程和创建容器的时候，在某些日志中会像如下这样：
+
+
+```
+pre-start hook in daemon is called
+pre create method called
+pre-stop hook in daemon is called
+```
+
+当你开始一个容器时，config.json文件（位置在$home_dir/containerd/state/io.containerd.runtime.v1.linux/default/$container_id/config.json）会包含预开始外挂脚本，特别在上述代码中，例如：
+
+```
+    "hooks": {
+        "prestart": [
+            {
+                "args": [
+                    "libnetwork-setkey",
+                    "f67df14e96fa4b94a6e386d0795bdd2703ca7b01713d48c9567203a37b05ae3d",
+                    "8e3d8db7f72a66edee99d4db6ab911f8d618af057485731e9acf24b3668e25b6"
+                ],
+                "path": "/usr/local/bin/pouchd"
+            },
+            {
+                "args": [
+                    "touch",
+                    "/tmp/pre_start_hook"
+                ],
+                "path": "/usr/bin/touch"
+            }
+        ]
+    }
+```
+
+如果你准确的运用上诉代码，每一次你打开一个容器，在/tmp/pre_start_hook的文件会被触达。
+
+
+## usage
+
+* 在守护进程开始之前，你可以开始帮助进程，比如被pouchd以及生命周期跟pouchd一样的进程所需要的帮助进程，比如网络插件和网络代理。
+
+* 在守护进程结束前，你可以优雅地结束帮助进程，但是这个事件并不一定会被触发，因为pouchd可能会被SIGKILL信号终止。
+
+* 在容器创建前，你可以根据某些规则改变输入流，在某些公司他们会有一些编配编排系统，这些系统利用env去传递一些Pouch容器中的限制，然后你可以利用这些事件去转换env中的值转换到PouchContainer创建api中的ContainerConfig或HostConfig的属性。
+
+* 在容器开始之前，你可以创建更多预开始钩子用于oci容器，其中在容器入口开始之前，你可以做一些具体的事情。优先级决定钩子的执行顺序。libnetwork钩子优先级为0，所以在容器设置中，如果钩子被期望在网络的容器之前设置，你需要设置优先级为一个大于0的数，反之亦然。
+
+* 在容器创建停止之前，你可以返回这个停止点的优先级，如果这个停止点需要解析器和这个停止点的通用参数。