[go: up one dir, main page]

CN113268252B - Image production method, system and storage medium based on virtualized chemical control equipment - Google Patents

Image production method, system and storage medium based on virtualized chemical control equipment Download PDF

Info

Publication number
CN113268252B
CN113268252B CN202110366754.9A CN202110366754A CN113268252B CN 113268252 B CN113268252 B CN 113268252B CN 202110366754 A CN202110366754 A CN 202110366754A CN 113268252 B CN113268252 B CN 113268252B
Authority
CN
China
Prior art keywords
virtual
service
network
control equipment
mirror image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110366754.9A
Other languages
Chinese (zh)
Other versions
CN113268252A (en
Inventor
栗维勋
马斌
杨立波
孙广辉
马添鑫
王丹
刘锦利
计士禹
徐萌
张广文
刘新龙
修增哲
杨泽宇
彭俏君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Hebei Electric Power Co Ltd
Beijing Kedong Electric Power Control System Co Ltd
Original Assignee
State Grid Hebei Electric Power Co Ltd
Beijing Kedong Electric Power Control System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Hebei Electric Power Co Ltd, Beijing Kedong Electric Power Control System Co Ltd filed Critical State Grid Hebei Electric Power Co Ltd
Priority to CN202110366754.9A priority Critical patent/CN113268252B/en
Publication of CN113268252A publication Critical patent/CN113268252A/en
Application granted granted Critical
Publication of CN113268252B publication Critical patent/CN113268252B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/63Image based installation; Cloning; Build to order
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5022Mechanisms to release resources
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5077Logical partitioning of resources; Management or configuration of virtualized resources
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

本发明公开了虚拟化安全防护技术领域的一种基于虚拟化工控设备的镜像制作方法、系统及存储介质,包括:基于搭建的虚拟实验室,在虚拟化工控设备基本镜像的基础上,安装cloud‑init插件;对计算服务进行二次封装开发以完善调用计算服务提供的API接口,实现基于Openstack的计算服务在创建的过程中对于cloud‑init的服务对接;通过Openstack的镜像服务将动态加载文件及用户数据后的虚拟化工控设备实例导出,完成镜像制作。虚拟化工控设备在镜像制作过程中可以动态引入执行自定义文件、自定义用户数据、自定义脚本;简化镜像制作过程,降低成本,提高生产效率。

The present invention discloses a method, system and storage medium for making an image based on a virtualized chemical control device in the field of virtualization security protection technology, including: installing a cloud-init plug-in based on a basic image of a virtualized chemical control device based on a constructed virtual laboratory; performing secondary packaging development on a computing service to improve the API interface provided by the calling computing service, and realizing the service docking of cloud-init with the computing service based on Openstack during the creation process; exporting the virtualized chemical control device instance after dynamically loading files and user data through the image service of Openstack to complete the image making. The virtualized chemical control device can dynamically introduce and execute custom files, custom user data and custom scripts during the image making process; simplifying the image making process, reducing costs and improving production efficiency.

Description

Mirror image manufacturing method, system and storage medium based on virtual chemical control equipment
Technical Field
The invention belongs to the technical field of virtualization safety protection, and particularly relates to a mirror image manufacturing method, a mirror image manufacturing system and a storage medium based on virtualization control equipment.
Background
In recent years, the number of network security events is geometrically increased, and the security situation of power system information is increasingly severe. The training of information security professional skills is more and more paid attention to in the electric power system, but due to the specificity of the industry, the existing service system and the internal equipment of the protection system are more, and manufacturers and model types of host equipment, network equipment, general security equipment, special security equipment and the like are more complex, so that the learning cost of the security protection system in the existing electric power system is higher when relevant training is organized. Virtual laboratories implemented based on cloud computing and virtualization technologies support creation of various network devices therein, including virtual switches, virtual routers, virtual firewalls, virtual power vertical devices and virtual power isolation devices, and hosts (Windows, linux, x systems, kylin systems) of various virtual industrial control devices, and can provide networking and configuration of various network devices in a power environment, and simulate real network scenarios. The prior art has the defects that: the number of mirror images manufactured by the virtual chemical control equipment is various, so that the manufacturing time is long; the mirror image manufactured by the prior virtual chemical control equipment has poor expandability, and is difficult to meet the requirements of a virtual laboratory on the script files or user data, and the early deployment and later maintenance costs are high.
Disclosure of Invention
In order to solve the defects in the prior art, the invention provides a mirror image manufacturing method, a system and a storage medium based on a virtual chemical control device, which solve the problems of large mirror image manufacturing quantity, large mirror image quantity and difficult deployment and maintenance caused by dynamically introducing and executing custom files, custom user data and custom scripts in the mirror image manufacturing process of the virtual chemical control device.
In order to achieve the above purpose, the technical scheme adopted by the invention is as follows:
In a first aspect, a method for manufacturing a mirror image based on a virtualization control device is provided, including: based on the built virtual laboratory, a cloud-init plug-in is installed on the basis of the basic mirror image of the virtual chemical control equipment; performing secondary encapsulation development on the computing service to perfect and call an API interface provided by the computing service, and realizing the service butt joint of the computing service based on Openstack for closed-init in the process of creating; and exporting the virtualized control equipment instance after dynamically loading the file and the user data through an mirror image service of Openstack to finish mirror image manufacture.
Further, the method for constructing the virtual laboratory comprises the following steps: constructing a cloud platform service based on OpenStack by using a hardware server, and providing basic cloud environment support for a virtual laboratory; based on OpenStack, a virtualized version of a given system host is manufactured, and virtual component support of industrial control equipment is provided for a virtual laboratory; and constructing a manager of the virtual laboratory and externally releasing the calling interface.
Further, in the virtual laboratory, a virtual machine of the industrial control device is created by mirroring the service-managed virtual vertical file.
Further, at least two hardware servers with the same configuration are built into a network through a switch, wherein one hardware server is used as a control node of OpenStack and used for controlling, managing and scheduling resources and component services of a cloud platform, and the services specifically deployed by the control node comprise network services, authentication services, graphical services and mirror image services; the rest of the hardware servers are all used as computing nodes of OpenStack and used for scheduling and processing computing resources, and the specifically deployed services of the computing nodes comprise computing services and network agents.
Further, the first network card of the control node is used as a management network for communication among the nodes, and the second network card of the control node is used as OverLay network for accessing the control node management network through the flow IP; the first network card of the computing node is used as a management network for the control node to directly communicate with each computing node, and the second network card of the computing node is used as a tunnel network for communicating between virtual machines on different computing nodes.
Further, the preparing a virtualized version of a given system host based on OpenStack provides a virtual component support of an industrial control device for a virtual laboratory, including: making a basic mirror image of the virtual chemical control equipment, and obtaining a basic mirror image file; dividing a management network for the virtualized control equipment, and managing the virtualized security equipment by connecting a management network port of the virtualized control equipment; dividing a service network for the virtual chemical control equipment, and connecting corresponding services according to the requirements of users; and installing built-in services of the affiliated virtual laboratory for the virtual chemical control equipment.
Further, the virtual laboratory manager operates in a Web service mode on a control node, the back end adopts Django to realize Web service, uWsgi +Nginx is used as a Web container and access scheduling, and MySQL database+Redis is used as data storage/cache service; the front end is implemented using HTML5+ cs3 + act.
In a second aspect, a mirror image making system based on a virtualization control device is provided, including a processor and a storage device, where the storage device stores a plurality of instructions for loading and executing the steps of the method in the first aspect by the processor.
In a third aspect, a computer readable storage medium is provided, the computer readable storage medium comprising a stored computer program, wherein the computer program, when executed by a processor, controls a device in which the storage medium is located to perform the method according to the first aspect.
Compared with the prior art, the invention has the beneficial effects that: according to the invention, the virtual laboratory built based on OpenStack is used for manufacturing the image file, so that the virtual chemical control equipment can dynamically introduce and execute the custom file, the custom user data and the custom script in the image manufacturing process; simplifying the mirror image manufacturing process, reducing the cost and improving the production efficiency.
Drawings
FIG. 1 is a schematic diagram of a system architecture of a virtual laboratory in an embodiment of the present invention;
FIG. 2 is a schematic diagram of a process for manufacturing a mirror image of a virtualized control device in accordance with the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present invention, and are not intended to limit the scope of the present invention.
Embodiment one:
As shown in fig. 1 and 2, a mirror image manufacturing method based on a virtualization control device includes: based on the built virtual laboratory, a cloud-init plug-in is installed on the basis of the basic mirror image of the virtual chemical control equipment; performing secondary encapsulation development on the computing service to perfect and call an API interface provided by the computing service, and realizing the service butt joint of the computing service based on Openstack for closed-init in the process of creating; and exporting the virtualized control equipment instance after dynamically loading the file and the user data through an mirror image service of Openstack to finish mirror image manufacture.
The virtual laboratory for dynamically constructing the safety protection model of the power monitoring system aims at designing and configuring a cloud computing system for providing experiment, teaching and attack and defense exercise services for the power system in an economic and cost-effective manner. In contrast to the system architecture in fig. 1, the specific construction method of the virtual laboratory includes: constructing a cloud platform service based on OpenStack by using a hardware server, and providing basic cloud environment support for a virtual laboratory; based on OpenStack, a virtualized version of a given system host is manufactured, and virtual component support of industrial control equipment is provided for a virtual laboratory; building a manager of a virtual laboratory and externally releasing and calling interfaces:
1. building a cloud platform service based on OpenStack by using a hardware server, and providing basic cloud environment support for a virtual laboratory:
And (3) modifying the network topology on the basis of a native OpenStack (Queens version) network service (Neutron) to realize virtual-real intercommunication network scene (namely, interconnection and intercommunication between the cloud internal virtual equipment and the cloud external physical equipment). This platform will provide basic cloud environment support for virtual laboratories.
OpenStack is an open-source cloud computing management platform, and specific work is completed by combining a plurality of components, so that a cloud computing platform which is simple to implement, can be expanded in a large scale, is rich and has unified standards is provided, and a solution of basic setting as a service (IaaS) is provided through various complementary services.
The virtual laboratory builds a cloud platform based on OpenStack (Queens version), and the specific services mainly utilized are as follows: computing services (Nova), web services (Neutron), authentication services (Keystone), graphics services (horizons), and mirror services (Glance).
The main deployment mode is as follows:
1) The required hardware: a plurality of (more than or equal to 2) hardware servers with the same configuration (the servers at least comprise a processor, a memory, a disk and network cards, the number of the network cards is more than or equal to 3, and a Centigrade OS 7 operating system is installed on the servers); the switches are used for cooperating with the hardware servers to build a network;
2) One of the plurality of hardware servers is used as an OpenStack control node for controlling, managing and scheduling resources of the cloud platform and other component services, and the specific deployment service of the control node is as follows: network service, authentication service, graphic service and mirror service (mirror service is used for managing mirror files required by a virtual laboratory, mainly virtual power portrait file, mirror file is a special file, specific files are manufactured into a single file according to a certain format, so that users can download and use the file conveniently, and the file can be identified and loaded by a specific program, and in the virtual laboratory, a virtual machine of an industrial control device can be created by the virtual portrait file managed by the mirror service. The first network card (eth 0) of the control node is used as a management network (used for communication among nodes), the second network card (eth 1) is used as OverLay network (namely a cross network: a communication network inside the cloud is vertical to virtual power, and the virtual power is vertical to the management network of the control node through a Float IP);
3) The rest of the plurality of hardware servers are all used as OpenStack computing nodes for scheduling and processing computing resources (CPU, memory, disk, network, etc.). The specific deployment services of each computing node are as follows: the system comprises computing services and network agents (DHCP agents, virtual switch agents and virtual router agents), wherein each agent is managed by the network services of control nodes, and finally realizes specific functions, the DHCP agents realize the functions of a DHCP server side and a client side, the virtual switch agents realize the functions of a two-layer switch, and the virtual router agents realize the functions of a three-layer route. The first network card (eth 0) of the computing node is used as a management network (the same control node management network is used for the direct communication between the control node and each computing node), and the second network card (eth 1) is used as a tunnel network (used for the communication between the power longitudinal cross computing nodes, namely the communication between the virtual machines on different computing nodes).
2. Based on OpenStack, a virtualized version of a given system host is made, and virtual component support of industrial control equipment is provided for a virtual laboratory:
Virtualization of industrial control equipment:
The industrial control equipment generally refers to a host server deployed by a congesting and kylin operating system used in an electric power system, and the industrial control equipment is used in a virtual laboratory and needs to be modified into virtual equipment (virtual industrial control equipment);
The transformation process is as follows:
Firstly, making a basic mirror image of virtual chemical control equipment, wherein the making process is as follows: uploading an image file of an ISO format (a file of an image format) of a required industrial control equipment version in Openstack, creating an example of the image by using a proper example type, installing a corresponding operating system on a console of the example after the example is successfully created, completing corresponding configuration such as a time zone, a network card, a disk and the like, and acquiring a basic image file of the example by using an ID (identification) of the example by using an image service of Openstack after the system is installed, wherein the type of the image file is qcow2 (a disk image format);
secondly, dividing a management network for the virtual chemical control equipment, setting a first network card (eth 0) of the virtual chemical control equipment as the management network, if the network card name of the operating system is not eth0, modifying a network card guide configuration file of the operating system, setting the network card guide configuration file as an eth mode, and in the application of a virtual laboratory, connecting a management network port of the virtual security equipment by using the management network of the virtual chemical control equipment to manage the management network port;
thirdly, dividing a service network for the virtual chemical control equipment, wherein a second network card (eth 1) of the virtual chemical control equipment is set as the service network, and the service network is connected with corresponding services according to specific requirements of users in the application of a virtual laboratory;
Finally, in the use of the virtual laboratory, the virtual laboratory self built-in service is required to be installed, including the division of the network in the virtual laboratory (whether the DHCP mode is used for acquiring the IP or the static mode), the specific network functions are realized among the components of each network type, the built-in service programs are copied to the catalog corresponding to the background of the virtual laboratory control equipment, and the built-in service programs are set to be started automatically, namely, the built-in service programs of the industrial control equipment automatically run in the form of daemon after the virtual machine is started.
3. Building a manager of a virtual laboratory and externally releasing and calling interfaces: constructing a manager of a virtual laboratory and an external release calling interface by utilizing various Web technologies; the method and the device provide convenience and flexible operation experience for users; at the same time, an adjustable interface is provided for external third party applications;
An important role of virtual laboratory management is to provide users with virtualized components in a power security scenario, including but not limited to virtual power portrait, virtual power quarantine, virtual UKey, virtual hosts (Windows 7, centOS 7), virtual routers, virtual switches, virtual network lines, etc.; the virtual laboratory manager has the other important function of providing a set of laboratory graphical management tool for users, the users can access by utilizing a browser and complete construction and configuration of classical electric power security topology experiment scenes, virtual-real intercommunication scenes, experimental case calling, attack and defense exercise and the like through flexible and convenient operation, and an experiment platform is provided for the users to know and proficiently construct and configure electric power proprietary service security scenes; the third role of the manager is to enable the laboratory to flexibly embed other third party platforms and provide a complete API (Application Programming Interface );
The virtual laboratory manager (running in the form of Web service on a control node) adopts Django (Python Web framework) to realize Web service at the back end, uWsgi +Nginx is used as a Web container and access scheduling, and MySQL (database) +Redis (NoSQL) is used as data storage/cache service; the front-end is implemented using the currently popular HTML5+ css3+ practice.
The method for manufacturing the virtual chemical control equipment mirror image by the custom file and the custom user data comprises the following steps:
Firstly, on the basis of the basic mirror image of the virtualized control equipment, a group-init plug-in (which is an application program which applies some self-defined configuration to a client in the initialization process) is installed, the plug-in is currently based on a Linux operating system, the installation mode can be installed in a YUM mode, and after the installation is completed, the virtualized control equipment currently has the function of defining some configuration independent of the operating system in the initialization process. A cloud host provider needs to initialize thousands of virtual hosts for clients every day, and these machines may use different operating systems, may set different IP addresses, different SSH keys, and set different host names according to the needs of the clients, so how to do this is required, and the group-init is born to solve this problem;
Secondly, to realize the butt joint of the computing service of Openstack to the service of closed-init in the process of creating, the computing service needs to be subjected to secondary encapsulation development to perfect the API interface provided by calling the computing service, the parameter processing of-files and-userdata is added to meet the loading of dynamic files and dynamic user data, the-files parameter realizes that the virtualization control equipment writes corresponding examples in the form of byte streams in the process of creating, the loading of files is realized, the-userdata realizes that the user data (comprising user-defined scripts or programs) is executed in the process of creating by the virtualization control equipment, and the same as-files, the transmitted user data is loaded into the examples in the form of byte streams and is executed;
Finally, exporting the virtualized control equipment instance after the file and the user data are dynamically loaded in the last step into a qcow 2-format mirror image through an Openstack mirror image service; after the virtual control device is created by the virtual laboratory, the instance created by the created image file qcow2 is internally provided with the file dynamically loaded by the user and the user data information of the loading execution. The virtual chemical control device can dynamically introduce and execute custom files, custom user data and custom scripts in the mirror image manufacturing process. Simplifying the mirror image manufacturing process, reducing the cost and improving the production efficiency.
Embodiment two:
The embodiment provides a mirror image manufacturing system based on a virtualization control device, which comprises a processor and a storage device, wherein a plurality of instructions are stored in the storage device and are used for loading and executing the steps of the method in the embodiment.
Embodiment III:
Based on the first and second embodiments, the present embodiment provides a computer readable storage medium, where the computer readable storage medium includes a stored computer program, where the computer program when executed by a processor controls a device where the storage medium is located to execute the method described in the first embodiment.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

Claims (4)

1. A mirror image manufacturing method based on virtual chemical control equipment is characterized by comprising the following steps:
Based on the built virtual laboratory, a cloud-init plug-in is installed on the basis of the basic mirror image of the virtual chemical control equipment;
Performing secondary encapsulation development on the computing service to perfect and call an API interface provided by the computing service, and realizing the service butt joint of the computing service based on Openstack for closed-init in the process of creating;
Exporting the virtual chemical control equipment instance after dynamically loading the file and the user data through an mirror image service of Openstack to finish mirror image manufacture;
the method for constructing the virtual laboratory comprises the following steps:
Constructing a cloud platform service based on OpenStack by using a hardware server, and providing basic cloud environment support for a virtual laboratory;
based on OpenStack, a virtualized version of a given system host is made that provides virtual component support for an industrial control device for a virtual laboratory, comprising:
Making a basic mirror image of the virtual chemical control device, wherein the obtaining the basic mirror image file comprises the following steps: uploading an ISO format image file of a required industrial control equipment version in Openstack, creating an instance of the image, installing a corresponding operating system on a console of the instance to complete corresponding configuration, and acquiring a basic image file of the instance through an ID of the instance by using an OpenStack image service, wherein the type of the image file is qcow2;
Dividing a management network for the virtualized control equipment, wherein the management network is used for connecting a management network port of the virtualized security equipment to manage the virtualized security equipment, and comprises the following steps: setting a first network card of the virtual chemical control equipment as a management network, and if the network card name of the operating system is not eth0, modifying a network card guide configuration file of the operating system, and setting the network card guide configuration file as an eth mode;
Dividing a service network for the virtual chemical control device, wherein the service network is used for connecting corresponding services according to the requirements of users, and comprises the following steps: setting a second network card of the virtual chemical control equipment as a service network;
Installing built-in services of a affiliated virtual laboratory for a virtual chemical control device, comprising: dividing a network in a virtual laboratory, realizing specific network functions among components of each network type, copying the built-in service programs to a catalog corresponding to a background of the virtual chemical control equipment, and setting the built-in service programs to be started automatically, namely, automatically running the built-in service programs of the industrial control equipment in a daemon mode after the virtual machine is started;
Building a manager of a virtual laboratory and an external release calling interface, wherein the manager of the virtual laboratory operates in a Web service mode on a control node, the back end adopts Django to realize Web service, uWsgi +Nginx is used as a Web container and access scheduling, and MySQL database+Redis is used as data storage/cache service; adopting HTML 5+CSS3+React to realize the front end;
the method for manufacturing the virtual chemical control equipment mirror image by the custom file and the custom user data comprises the following steps:
Firstly, on the basis of the basic mirror image of the virtual chemical control equipment, a group-init plug-in is installed and used for setting different IP addresses, different SSH keys and different host names for virtual hosts using different operating systems;
Secondly, performing secondary encapsulation development on the computing service to perfect and call an API interface provided by the computing service, wherein the API interface is used for realizing the butt joint of the computing service of Openstack to the service of closed-init in the creation process, adding-files and-userdata parameter processing to meet the loading of dynamic files and dynamic user data, writing-files parameter into a corresponding example in the form of byte stream in the creation process of the virtualization control equipment, realizing the loading of the files, and-userdata realizing the execution of the user data in the creation process of the virtualization control equipment, wherein the transmitted user data is loaded into the example in the form of byte stream and is executed as well as-files;
Finally, exporting the virtualized control equipment instance after the file and the user data are dynamically loaded in the last step into a qcow 2-format mirror image through an Openstack mirror image service; after the virtual control equipment is created by a virtual laboratory, the instance created by the created image file qcow2 is internally provided with files dynamically loaded by a user and user data information for loading and executing; the virtual chemical control equipment dynamically introduces and executes a custom file, custom user data and custom scripts in the mirror image manufacturing process;
at least two hardware servers with the same configuration are built into a network through a switch, wherein one hardware server is used as a control node of an OpenStack and used for controlling, managing and scheduling resources and component services of a cloud platform, and the services specifically deployed by the control node comprise network services, authentication services, graphical services and mirror image services; the rest of the hardware servers are all used as computing nodes of OpenStack and are used for scheduling and processing computing resources, and the specifically deployed services of each computing node comprise computing services and network agents;
The first network card of the control node is used as a management network for communication among the nodes, and the second network card of the control node is used as OverLay network for accessing the control node management network through the Float IP; the first network card of the computing node is used as a management network for the control node to directly communicate with each computing node, and the second network card of the computing node is used as a tunnel network for communicating between virtual machines on different computing nodes.
2. The method for creating a mirror image based on a virtual machine control device according to claim 1, wherein a virtual machine of the virtual machine control device is created in the virtual laboratory from a virtual vertical file managed by a mirror image service.
3. A mirror image manufacturing system based on a virtualized control device, comprising a processor and a storage device, wherein a plurality of instructions are stored in the storage device, and are used for loading and executing the steps of the method according to any one of claims 1-2 by the processor.
4. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored computer program, wherein the computer program, when run by a processor, controls a device in which the storage medium is located to perform the method according to any one of claims 1-2.
CN202110366754.9A 2021-04-06 2021-04-06 Image production method, system and storage medium based on virtualized chemical control equipment Active CN113268252B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110366754.9A CN113268252B (en) 2021-04-06 2021-04-06 Image production method, system and storage medium based on virtualized chemical control equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110366754.9A CN113268252B (en) 2021-04-06 2021-04-06 Image production method, system and storage medium based on virtualized chemical control equipment

Publications (2)

Publication Number Publication Date
CN113268252A CN113268252A (en) 2021-08-17
CN113268252B true CN113268252B (en) 2024-08-30

Family

ID=77227910

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110366754.9A Active CN113268252B (en) 2021-04-06 2021-04-06 Image production method, system and storage medium based on virtualized chemical control equipment

Country Status (1)

Country Link
CN (1) CN113268252B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114139157B (en) * 2021-12-01 2024-10-29 浙江国利网安科技有限公司 Virtual interconnection isolation system and industrial control virus analysis method
CN116339761B (en) * 2023-05-29 2024-03-08 天翼云科技有限公司 Method, system, storage medium and equipment for automatically constructing mirror image template

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109391688A (en) * 2018-09-29 2019-02-26 郑州云海信息技术有限公司 The acquisition methods and device of image file in cloud computing system
CN111049686A (en) * 2019-12-20 2020-04-21 北京科东电力控制系统有限责任公司 Safety protection virtual laboratory of power monitoring system and construction method thereof

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580519B (en) * 2015-01-29 2017-11-28 福建师范大学福清分校 A kind of method of rapid deployment openstack cloud computing platforms
CN109687987A (en) * 2017-10-19 2019-04-26 北京金山云网络技术有限公司 A kind of cloud platform dispositions method, device, electronic equipment and readable storage medium storing program for executing
CN110661831B (en) * 2018-06-29 2021-11-02 复旦大学 A Secure Initialization Method of Big Data Proving Ground Based on Trusted Third Party
CN110928554A (en) * 2019-10-31 2020-03-27 北京浪潮数据技术有限公司 Deployment method, device, equipment and storage medium
CN111538561B (en) * 2020-03-27 2023-10-31 上海仪电(集团)有限公司中央研究院 OpenStack large-scale cluster deployment test method and system based on KVM virtualization technology

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109391688A (en) * 2018-09-29 2019-02-26 郑州云海信息技术有限公司 The acquisition methods and device of image file in cloud computing system
CN111049686A (en) * 2019-12-20 2020-04-21 北京科东电力控制系统有限责任公司 Safety protection virtual laboratory of power monitoring system and construction method thereof

Also Published As

Publication number Publication date
CN113268252A (en) 2021-08-17

Similar Documents

Publication Publication Date Title
CN107580083B (en) Method and system for allocating container IP addresses
US9838294B2 (en) Network development and testing as a cloud service
US10324709B2 (en) Apparatus and method for validating application deployment topology in cloud computing environment
CN115292026A (en) Container cluster management method, apparatus, device, and computer-readable storage medium
CN111049686B (en) A virtual laboratory for safety protection of power monitoring system and its construction method
US20210288885A1 (en) Simulation and testing of infrastucture as a service scale using a container orchestration engine
US10447656B2 (en) Enforcing per-application VPN policies for applications delivered in virtualized computing environments
CN109168328B (en) Method, device and virtualization system for virtual machine migration
US20160117231A1 (en) Complex Network Modeling For Disaster Recovery
CN107632937B (en) Method and device for testing virtual machine cluster and readable storage medium
CN103986662A (en) Cross-virtualization-platform virtual router achieving method
CN112333011A (en) A method, device, electronic device, and storage medium for generating a network topology map
CN110995561A (en) Virtual network data communication interaction method and system based on container technology
CN109743205B (en) Cloud platform OS network management method and device and server
CN103685441B (en) A kind of remote desktop control system based on Loongson terminal
CN111459606A (en) Method for quickly creating virtual machine under virtualization and server
CN113268252B (en) Image production method, system and storage medium based on virtualized chemical control equipment
CN109995814A (en) Moving method and device, communication equipment, the storage medium of cloud host resource
CN106844008A (en) A kind of method of data manipulation, equipment and system
CN107181634A (en) A kind of server Explore of Unified Management Ideas and system
US10467078B2 (en) Crash dump extraction of guest failure
CN113285983A (en) Virtual experiment system supporting multiple virtualized security devices to share single encryption card
CN106557354A (en) The method and computer equipment of the property parameters of privately owned mirror image are set
CN114138261A (en) Podman-based desktop cloud terminal creation and operation method and system
CN115879095A (en) Password reset method, device, computing device and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant