WO2025162296A1

WO2025162296A1 - Cloud service request processing method and system

Info

Publication number: WO2025162296A1
Application number: PCT/CN2025/074840
Authority: WO
Inventors: 张伟; 王泽锋; 方志宁
Original assignee: Huawei Cloud Computing Technologies Co Ltd
Current assignee: Huawei Cloud Computing Technologies Co Ltd
Priority date: 2024-01-31
Filing date: 2025-01-24
Publication date: 2025-08-07
Anticipated expiration: 2026-07-31
Also published as: CN120407035A

Abstract

The present application relates to the technical field of cloud services, and discloses a cloud service request processing method and system. The cloud service request processing system comprises an interaction component, a plug-in framework, plug-in management components and at least one plug-in. The interaction component is used for acquiring a cloud service request sent by a tenant and providing the cloud service request for the plug-in framework, the cloud service request being used for requesting a server to provide a cloud service for the tenant; the plug-in framework is used for operating on the basis of the cloud service request and sending a plug-in access request to the plug-in management components, wherein the plug-in access request indicates access to a first plug-in used for processing the cloud server request, and the first plug-in is one of the at least one plug-in; the plug-in management components are used for accessing the first plug-in on the basis of the plug-in access request to obtain access results, and feeding back the access results to the plug-in framework; and the plug-in framework is further used for obtaining a processing result for the cloud service request on the basis of the access results. The present application ensures the operation security and stability of the plug-in framework.

Description

Cloud service request processing method and system

本申请要求于2024年1月31日提交的申请号为202410137693.2、发明名称为“云服务插件的管理系统”的中国专利申请的优先权，以及于2024年02月29日提交的申请号为202410231608.9、发明名称为“云服务请求处理方法及系统”的中国专利申请的优先权，其全部内容通过引用结合在本申请中。This application claims priority to Chinese patent application No. 202410137693.2, filed on January 31, 2024, with the invention name “Management system for cloud service plug-ins”, and priority to Chinese patent application No. 202410231608.9, filed on February 29, 2024, with the invention name “Cloud service request processing method and system”, the entire contents of which are incorporated by reference into this application.

Technical Field

本申请涉及云服务技术领域，特别涉及一种云服务请求处理方法及系统。The present application relates to the field of cloud service technology, and in particular to a cloud service request processing method and system.

Background Art

在云服务领域中，租户需要服务器向其提供云服务时，可通过其使用的客户端向服务器发送云服务请求。服务器接收该云服务请求后，能够对云服务请求进行处理，并基于经过处理的云服务请求向租户提供云服务。In the cloud service field, when a tenant needs a server to provide cloud services, they can send a cloud service request to the server through their client. After receiving the cloud service request, the server can process the cloud service request and provide cloud services to the tenant based on the processed cloud service request.

目前，服务器通常使用插件框架和插件对云服务请求进行处理。例如，服务器采用边车代理对云服务请求的处理，通常使用插件框架和插件实现。插件框架使用的插件与插件框架是静态链接的。Currently, servers typically use plugin frameworks and plugins to process cloud service requests. For example, servers using sidecar proxies to process cloud service requests typically use plugin frameworks and plugins. Plugins used by plugin frameworks are statically linked to the plugin framework.

在这样的情况下，如果需要对插件进行修改，如动态加载或更新插件，在修改插件后需要重启整个插件框架，会影响正在依赖插件框架运行的业务。In this case, if you need to modify the plug-in, such as dynamically loading or updating the plug-in, you need to restart the entire plug-in framework after modifying the plug-in, which will affect the business that is relying on the plug-in framework.

Summary of the Invention

本申请提供了一种云服务请求处理方法及系统。本申请将插件框架与框架隔离，使得插件框架与插件之间不会互相影响，保证了插件框架运行的安全性和稳定性。本申请提供的技术方案如下：This application provides a cloud service request processing method and system. This application isolates the plug-in framework from the framework, so that the plug-in framework and plug-ins do not affect each other, ensuring the security and stability of the plug-in framework operation. The technical solutions provided by this application are as follows:

第一方面，本申请提供了一种云服务请求处理系统。该云服务请求处理系统部署于云管理平台管理的服务器中。云管理平台用于管理提供云服务的基础设施。基础设施包括多个服务器。该云服务请求处理系统包括：交互组件、插件框架、插件管理组件和与插件框架关联的至少一个插件。交互组件用于获取租户发送的云服务请求，并向插件框架提供云服务请求，云服务请求用于请求服务器向租户提供云服务；插件框架用于基于云服务请求运行，并向插件管理组件发送插件访问请求，插件访问请求指示对用于处理云服务器请求的第一插件进行访问，第一插件为至少一个插件中的一个；插件管理组件用于基于插件访问请求对第一插件进行访问，得到访问结果，并向插件框架反馈访问结果；插件框架还用于基于访问结果，得到针对云服务请求的处理结果。In a first aspect, the present application provides a cloud service request processing system. The cloud service request processing system is deployed in a server managed by a cloud management platform. The cloud management platform is used to manage the infrastructure for providing cloud services. The infrastructure includes multiple servers. The cloud service request processing system includes: an interactive component, a plug-in framework, a plug-in management component, and at least one plug-in associated with the plug-in framework. The interactive component is used to obtain the cloud service request sent by the tenant and provide the cloud service request to the plug-in framework. The cloud service request is used to request the server to provide cloud services to the tenant; the plug-in framework is used to run based on the cloud service request and send a plug-in access request to the plug-in management component. The plug-in access request indicates access to a first plug-in used to process cloud server requests. The first plug-in is one of at least one plug-in; the plug-in management component is used to access the first plug-in based on the plug-in access request, obtain an access result, and feedback the access result to the plug-in framework; the plug-in framework is also used to obtain a processing result for the cloud service request based on the access result.

在该云服务请求处理系统对云服务请求进行处理的过程中，由于插件由插件管理组件管理，在需要运行插件时，需要插件框架先向插件管理组件发送插件访问请求。插件管理组件接收到插件访问请求后，再基于该插件访问请求对插件进行访问。这样一来，插件框架的运行和插件的运行属于不同的进程，相当于实现了插件框架与插件之间的隔离，使得插件框架与插件之间不会互相影响，保证了插件框架运行的安全性和稳定性。当租户需要对插件进行修改时，如动态加载或更新插件时，无需重启整个插件框架，使得对插件进行修改的行为不会对其他插件管理组件管理的插件产生影响，进而不会对依赖该其他插件运行的租户业务产生影响。类似的，当某个插件运行异常时，也不会影响插件框架，不会对插件框架关联的其他插件管理组件管理的插件造成影响。In the process of processing cloud service requests by the cloud service request processing system, since the plug-in is managed by the plug-in management component, when the plug-in needs to be run, the plug-in framework needs to first send a plug-in access request to the plug-in management component. After receiving the plug-in access request, the plug-in management component accesses the plug-in based on the plug-in access request. In this way, the operation of the plug-in framework and the operation of the plug-in belong to different processes, which is equivalent to achieving isolation between the plug-in framework and the plug-in, so that the plug-in framework and the plug-in will not affect each other, ensuring the security and stability of the plug-in framework operation. When a tenant needs to modify a plug-in, such as dynamically loading or updating a plug-in, there is no need to restart the entire plug-in framework, so that the behavior of modifying the plug-in will not affect the plug-ins managed by other plug-in management components, and will not affect the tenant business that relies on the other plug-ins to run. Similarly, when a plug-in runs abnormally, it will not affect the plug-in framework, and will not affect the plug-ins managed by other plug-in management components associated with the plug-in framework.

在一种可能的实现方式中，该云服务请求处理系统还包括：访问代理组件。插件框架具体用于向访问代理组件发送插件访问请求，使得访问代理组件向插件管理组件发送插件访问请求。当插件框架与插件管理组件之间的交互通过访问代理组件实现时，该访问代理组件将插件框架与插件管理组件进行了隔离，在插件启动失败或运行出现错误时，插件管理组件会向访问代理组件返回指示执行出现错误的信息，而不会导致访问代理组件出现问题，更不会波及插件框架，能够进一步保证插件框架运行的安全性和稳定性。In one possible implementation, the cloud service request processing system further includes an access proxy component. The plug-in framework is specifically configured to send plug-in access requests to the access proxy component, which in turn causes the access proxy component to send plug-in access requests to the plug-in management component. When interaction between the plug-in framework and the plug-in management component is implemented through the access proxy component, the access proxy component isolates the plug-in framework from the plug-in management component. If a plug-in fails to start or encounters an error during operation, the plug-in management component returns an error message to the access proxy component without causing any problems with the access proxy component or affecting the plug-in framework, thereby further ensuring the security and stability of the plug-in framework's operation.

在一种可能的实现方式中，交互组件还用于获取租户的插件加载请求，并向插件管理组件转发插件加载请求，插件加载请求指示加载第一插件；插件管理组件还用于基于插件加载请求，加载第一插件。由于该第一插件由插件管理组件加载，插件框架的运行和插件的运行属于不同的进程，相当于实现了插件框架与插件之间的隔离，使得加载插件的过程不会影响插件框架的运行，进而加载插件的过程不会对其他插件管理组件管理的插件产生影响，能够实现插件的动态加载。In one possible implementation, the interaction component is further configured to obtain a tenant's plugin loading request and forward the plugin loading request to the plugin management component, the plugin loading request instructing the loading of a first plugin; the plugin management component is further configured to load the first plugin based on the plugin loading request. Because the first plugin is loaded by the plugin management component, the operation of the plugin framework and the operation of the plugin are separate processes, effectively isolating the plugin framework from the plugin. This ensures that the plugin loading process does not affect the operation of the plugin framework, and furthermore, the plugin loading process does not affect other plugins managed by the plugin management component, thus enabling dynamic loading of plugins.

在一种可能的实现方式中，该云服务请求处理系统还包括：其他插件管理组件。此时，插件管理组件具体用于：基于插件加载请求，向插件注册组件发送插件获取请求，插件获取请求指示获取第一插件，插件注册组件用于存储对云服务请求进行处理所需的所有插件；接收插件注册组件发送的插件获取响应，插件获取响应携带有其他插件管理组件的指示信息，或者，插件获取响应携带有第一插件在插件注册组件中的存储地址的指示信息；基于插件获取响应的指示，获取第一插件，并加载第一插件。In one possible implementation, the cloud service request processing system further includes: another plug-in management component. In this case, the plug-in management component is specifically configured to: send a plug-in acquisition request to the plug-in registration component based on the plug-in loading request, the plug-in acquisition request indicating the acquisition of a first plug-in, the plug-in registration component being used to store all plug-ins required to process cloud service requests; receive a plug-in acquisition response from the plug-in registration component, the plug-in acquisition response carrying indication information of another plug-in management component, or the plug-in acquisition response carrying indication information of the storage address of the first plug-in in the plug-in registration component; and acquire the first plug-in based on the indication in the plug-in acquisition response, and load the first plug-in.

当插件管理组件从该其他插件管理组件中下载第一插件的可执行代码时，能够减小插件注册组件的下载压力，减小插件注册组件的网络流量。当云服务请求处理系统包括的插件管理组件的数量越多时，该效果表现的越明显。When the plug-in management component downloads the executable code of the first plug-in from the other plug-in management components, it can reduce the download pressure of the plug-in registration component and reduce the network traffic of the plug-in registration component. The more plug-in management components the cloud service request processing system includes, the more obvious this effect is.

在一种可能的实现方式中，插件管理组件还用于：获取指示对第一插件进行更新的更新请求；基于更新请求从其他插件管理组件获取第一插件的更新版本，或者，从插件注册组件获取更新版本；基于更新版本对第一插件进行更新。In one possible implementation, the plug-in management component is further used to: obtain an update request indicating an update to the first plug-in; obtain an updated version of the first plug-in from other plug-in management components based on the update request, or obtain an updated version from the plug-in registration component; and update the first plug-in based on the updated version.

当插件管理组件从该其他插件管理组件中下载第一插件的更新版本时，能够减小插件注册组件的下载压力，减小插件注册组件的网络流量。当云服务请求处理系统包括的插件管理组件的数量越多时，该效果表现的越明显。When the plug-in management component downloads the updated version of the first plug-in from the other plug-in management components, it can reduce the download pressure of the plug-in registration component and reduce the network traffic of the plug-in registration component. When the cloud service request processing system includes more plug-in management components, this effect is more obvious.

在一种可能的实现方式中，更新请求由插件注册组件发送。示例的，插件注册组件在存储有第一插件的更新版本后，自发地向插件管理组件发送更新请求，以提示插件管理组件对第一插件进行更新。In a possible implementation, the update request is sent by the plug-in registration component. For example, after storing the updated version of the first plug-in, the plug-in registration component spontaneously sends an update request to the plug-in management component to prompt the plug-in management component to update the first plug-in.

在另一种实现方式中，更新请求由交互组件向插件注册组件发送。示例的，交互组件能够接收租户的插件更新指示，并在获取租户的插件更新指示后，基于插件更新指示向插件管理组件发送更新请求。该插件更新指示用于指示对第一插件进行更新。In another implementation, the update request is sent by the interaction component to the plug-in registration component. For example, the interaction component can receive a plug-in update instruction from a tenant and, after receiving the tenant's plug-in update instruction, send an update request to the plug-in management component based on the plug-in update instruction. The plug-in update instruction is used to instruct an update of the first plug-in.

在一种可能的实现方式中，插件管理组件还用于在插件管理组件基于更新版本对第一插件进行更新之前，向第一插件发送更新通知，更新通知指示需要更新第一插件；第一插件还用于基于更新通知，向插件管理组件提供第一插件的运行信息；插件管理组件还用于存储运行信息；插件管理组件还用于在插件管理组件基于更新版本对第一插件进行更新之后，向第一插件提供运行信息；第一插件还用于基于运行信息运行。In one possible implementation, the plug-in management component is further used to send an update notification to the first plug-in before the plug-in management component updates the first plug-in based on the updated version, the update notification indicating that the first plug-in needs to be updated; the first plug-in is further used to provide the plug-in management component with running information of the first plug-in based on the update notification; the plug-in management component is further used to store the running information; the plug-in management component is further used to provide the first plug-in with running information after the plug-in management component updates the first plug-in based on the updated version; the first plug-in is further used to run based on the running information.

在对第一插件进行更新前，通过插件管理组件保存第一插件的运行信息，使得在完成第一插件的更新后，第一插件能够继续按照更新前的运行状态运行，能够保证第一插件更新前后的运行状态连续，使得租户和业务对该更新过程无感知。Before updating the first plug-in, the running information of the first plug-in is saved through the plug-in management component, so that after the update of the first plug-in is completed, the first plug-in can continue to run according to the running state before the update, and the running state of the first plug-in before and after the update can be guaranteed to be continuous, so that tenants and businesses are unaware of the update process.

在一种可能的实现方式中，当插件管理组件从该其他插件管理组件中下载第一插件的可执行代码时，插件管理组件与该其他插件管理组件用于对同一租户的插件进行管理。这样一来，用于对属于同一租户的插件管理组件之间能够互相下载插件的可执行代码，属于不同租户的插件管理组件之间不能够互相下载插件的可执行代码，能够保证不同租户间插件的隔离。In one possible implementation, when a plug-in management component downloads the executable code of a first plug-in from another plug-in management component, the plug-in management component and the other plug-in management component are used to manage plug-ins belonging to the same tenant. This allows plug-in management components belonging to the same tenant to download the executable code of each other's plug-ins, while plug-in management components belonging to different tenants cannot download the executable code of each other's plug-ins, thereby ensuring the isolation of plug-ins between different tenants.

在一种可能的实现方式中，其他插件管理组件与插件管理组件之间的传输时延小于插件注册组件与插件管理组件之间的传输时延。这样一来，能够便于插件管理组件就近下载第一插件的可执行代码，缩短加载第一插件的耗时，进而缩短第一插件的准备时间和减小租户的访问时延。In one possible implementation, the transmission delay between other plug-in management components and the plug-in management component is shorter than the transmission delay between the plug-in registration component and the plug-in management component. This allows the plug-in management component to download the executable code of the first plug-in locally, shortening the time it takes to load the first plug-in, thereby shortening the preparation time of the first plug-in and reducing tenant access delays.

在一种可能的实现方式中，插件注册组件包括系统注册子组件和租户注册子组件，该云服务请求处理系统注册子组件用于存储该云服务请求处理系统插件的可执行代码，租户注册子组件用于存储租户插件的可执行代码，且租户不具有对该云服务请求处理系统注册子组件的访问权限。这样就能够对系统插件和租户插件分开管理，并将系统插件设置为具有较高的安全级别，以避免恶意租户篡改受信任的系统插件，进而保证系统插件的安全性。In one possible implementation, the plugin registration component includes a system registration subcomponent and a tenant registration subcomponent. The cloud service request processing system registration subcomponent is used to store the executable code of the cloud service request processing system plugin, while the tenant registration subcomponent is used to store the executable code of the tenant plugin. Tenants do not have access to the cloud service request processing system registration subcomponent. This allows for separate management of system plugins and tenant plugins, and sets a higher security level for system plugins to prevent malicious tenants from tampering with trusted system plugins, thereby ensuring the security of system plugins.

在一种可能的实现方式中，该云服务请求处理系统用于对多个租户的云服务请求进行处理，该云服务请求处理系统包括与多个租户对应的多个插件管理组件，插件管理组件用于对属于对应租户的插件进行管理，且任一插件管理组件管理的所有插件属于同一个租户。也即是，每个租户有属于自己的插件管理组件，任一租户拥有的插件管理组件用于对属于该租户的插件进行管理，属于不同租户的插件管理组件用于对不同租户的插件进行管理。这样一来，由于不同的插件管理组件运行在不同的进程中，使得不同的插件管理组件管理的插件属于不同的进程，实现了属于不同租户的插件之间的隔离，使得一个租户的插件无法访问其他租户的插件，提高了多租户情况下的访问安全性。In one possible implementation, the cloud service request processing system is used to process cloud service requests from multiple tenants. The cloud service request processing system includes multiple plug-in management components corresponding to the multiple tenants. The plug-in management components are used to manage the plug-ins belonging to the corresponding tenants, and all plug-ins managed by any plug-in management component belong to the same tenant. That is, each tenant has its own plug-in management component. The plug-in management component owned by any tenant is used to manage the plug-ins belonging to the tenant, and the plug-in management components belonging to different tenants are used to manage the plug-ins of different tenants. In this way, since different plug-in management components run in different processes, the plug-ins managed by different plug-in management components belong to different processes, which achieves isolation between plug-ins belonging to different tenants, making it impossible for a plug-in of one tenant to access the plug-ins of other tenants, thereby improving access security in a multi-tenant situation.

在一种可能的实现方式中，插件框架用于对多个云服务的云服务请求进行处理，对目标云服务的云服务请求进行处理通过运行插件框架和目标云服务对应的插件实现，目标云服务为多个云服务中的任一个。此时，多个云服务共用该插件框架，并通过动态加载该插件框架关联的插件，使得该插件框架的启动内存很小，且加载插件的耗时短，减小了对用户访问时延的影响。In one possible implementation, a plug-in framework is used to process cloud service requests from multiple cloud services. Cloud service requests for a target cloud service are processed by running the plug-in framework and the corresponding plug-in for the target cloud service, which can be any of the multiple cloud services. In this case, multiple cloud services share the plug-in framework, and by dynamically loading the plug-in associated with the plug-in framework, the plug-in framework's startup memory usage is minimal, and the time required to load plug-ins is shortened, thereby reducing the impact on user access latency.

在一种可能的实现方式中，该云服务请求处理系统包括多个插件框架和属于同一租户的至少一个插件管理组件，多个插件框架用于实现相同的功能，响应于该云服务请求处理系统包括同一租户的一个插件管理组件，多个插件框架共用一个插件管理组件。此时，该插件管理组件被该服务器中不同的插件框架共享。在这种情况下，由于多个插件框架对被共享的插件管理组件管理的插件的调用均由该插件管理组件记录，能够保证该多个插件框架的状态统一。响应于该云服务请求处理系统包括同一租户的多个插件管理组件，多个插件框架中至少部分单独使用一个插件管理组件。此时，实现了插件框架对插件管理组件的独享。In one possible implementation, the cloud service request processing system includes multiple plug-in frameworks and at least one plug-in management component belonging to the same tenant, and the multiple plug-in frameworks are used to implement the same function. In response to the cloud service request processing system including a plug-in management component of the same tenant, multiple plug-in frameworks share one plug-in management component. At this time, the plug-in management component is shared by different plug-in frameworks in the server. In this case, since the calls of multiple plug-in frameworks to the plug-ins managed by the shared plug-in management component are all recorded by the plug-in management component, the status of the multiple plug-in frameworks can be guaranteed to be unified. In response to the cloud service request processing system including multiple plug-in management components of the same tenant, at least some of the multiple plug-in frameworks use one plug-in management component separately. At this time, the plug-in framework has exclusive use of the plug-in management component.

第二方面，本申请提供了一种云服务请求处理方法。该云服务请求处理方法应用于云服务请求处理系统。该云服务请求处理系统部署于云管理平台管理的服务器中。云管理平台用于管理提供云服务的基础设施。基础设施包括多个服务器。该云服务请求处理系统包括：交互组件、插件框架、插件管理组件和与插件框架关联的至少一个插件。该云服务请求处理方法包括：交互组件获取租户发送的云服务请求，并向插件框架提供云服务请求，云服务请求用于请求服务器向租户提供云服务；插件框架基于云服务请求运行，并向插件管理组件发送插件访问请求，插件访问请求指示对用于处理云服务器请求的第一插件进行访问，第一插件为至少一个插件中的一个；插件管理组件基于插件访问请求对第一插件进行访问，得到访问结果，并向插件框架反馈访问结果；插件框架基于访问结果，得到针对云服务请求的处理结果。In a second aspect, the present application provides a cloud service request processing method. The cloud service request processing method is applied to a cloud service request processing system. The cloud service request processing system is deployed in a server managed by a cloud management platform. The cloud management platform is used to manage the infrastructure for providing cloud services. The infrastructure includes multiple servers. The cloud service request processing system includes: an interactive component, a plug-in framework, a plug-in management component, and at least one plug-in associated with the plug-in framework. The cloud service request processing method includes: the interactive component obtains the cloud service request sent by the tenant and provides the cloud service request to the plug-in framework, the cloud service request is used to request the server to provide cloud services to the tenant; the plug-in framework runs based on the cloud service request and sends a plug-in access request to the plug-in management component, the plug-in access request indicates access to a first plug-in used to process cloud server requests, the first plug-in being one of at least one plug-in; the plug-in management component accesses the first plug-in based on the plug-in access request, obtains an access result, and feeds back the access result to the plug-in framework; the plug-in framework obtains a processing result for the cloud service request based on the access result.

在一种可能的实现方式中，该云服务请求处理系统还包括：访问代理组件，插件框架向插件管理组件发送插件访问请求，包括：插件框架向访问代理组件发送插件访问请求，使得访问代理组件向插件管理组件发送插件访问请求。In one possible implementation, the cloud service request processing system also includes: an access proxy component, and the plug-in framework sends a plug-in access request to the plug-in management component, including: the plug-in framework sends a plug-in access request to the access proxy component, so that the access proxy component sends a plug-in access request to the plug-in management component.

在一种可能的实现方式中，在插件管理组件基于插件访问请求对第一插件进行访问之前，该云服务请求处理方法还包括：交互组件获取租户的插件加载请求，并向插件管理组件转发插件加载请求，插件加载请求指示加载第一插件；插件管理组件基于插件加载请求，加载第一插件。In one possible implementation, before the plug-in management component accesses the first plug-in based on the plug-in access request, the cloud service request processing method also includes: the interactive component obtains the tenant's plug-in loading request and forwards the plug-in loading request to the plug-in management component, where the plug-in loading request indicates loading the first plug-in; the plug-in management component loads the first plug-in based on the plug-in loading request.

在一种可能的实现方式中，该云服务请求处理系统还包括：其他插件管理组件。插件管理组件基于插件加载请求，加载第一插件，包括：插件管理组件基于插件加载请求，向插件注册组件发送插件获取请求，插件获取请求指示获取第一插件，插件注册组件用于存储对云服务请求进行处理所需的所有插件；插件管理组件接收插件注册组件发送的插件获取响应，插件获取响应携带有其他插件管理组件的指示信息，或者，插件获取响应携带有第一插件在插件注册组件中的存储地址的指示信息；插件管理组件基于插件获取响应的指示，获取第一插件，并加载第一插件。In one possible implementation, the cloud service request processing system further includes: other plug-in management components. The plug-in management component loads the first plug-in based on the plug-in loading request, including: the plug-in management component sends a plug-in acquisition request to the plug-in registration component based on the plug-in loading request, the plug-in acquisition request instructing to acquire the first plug-in, and the plug-in registration component is used to store all plug-ins required to process the cloud service request; the plug-in management component receives a plug-in acquisition response sent by the plug-in registration component, the plug-in acquisition response carries indication information of other plug-in management components, or the plug-in acquisition response carries indication information of the storage address of the first plug-in in the plug-in registration component; the plug-in management component acquires the first plug-in based on the indication of the plug-in acquisition response and loads the first plug-in.

在一种可能的实现方式中，在插件管理组件加载第一插件之后，该云服务请求处理方法还包括：插件管理组件获取指示对第一插件进行更新的更新请求；插件管理组件基于更新请求从其他插件管理组件获取第一插件的更新版本，或者，从插件注册组件获取更新版本；插件管理组件基于更新版本对第一插件进行更新。In one possible implementation, after the plug-in management component loads the first plug-in, the cloud service request processing method further includes: the plug-in management component obtains an update request indicating an update to the first plug-in; the plug-in management component obtains an updated version of the first plug-in from other plug-in management components based on the update request, or obtains the updated version from the plug-in registration component; and the plug-in management component updates the first plug-in based on the updated version.

在一种可能的实现方式中，更新请求由插件注册组件发送；或者，该云服务请求处理方法还包括：交互组件获取租户的插件更新指示，基于插件更新指示向插件管理组件发送更新请求，插件更新指示用于指示对第一插件进行更新。In one possible implementation, the update request is sent by the plug-in registration component; or, the cloud service request processing method also includes: the interaction component obtains the tenant's plug-in update indication, and sends an update request to the plug-in management component based on the plug-in update indication, where the plug-in update indication is used to indicate an update to the first plug-in.

在一种可能的实现方式中，在插件管理组件基于更新版本对第一插件进行更新之前，该云服务请求处理方法还包括：插件管理组件向第一插件发送更新通知，更新通知指示需要更新第一插件；第一插件基于更新通知，向插件管理组件提供第一插件的运行信息；插件管理组件存储运行信息。在插件管理组件基于更新版本对第一插件进行更新之后，该云服务请求处理方法还包括：插件管理组件向第一插件提供运行信息；第一插件基于运行信息运行。In one possible implementation, before the plug-in management component updates the first plug-in based on the updated version, the cloud service request processing method further includes: the plug-in management component sending an update notification to the first plug-in, the update notification indicating that the first plug-in needs to be updated; the first plug-in providing the plug-in management component with operating information of the first plug-in based on the update notification; and the plug-in management component storing the operating information. After the plug-in management component updates the first plug-in based on the updated version, the cloud service request processing method further includes: the plug-in management component providing the operating information to the first plug-in; and the first plug-in running based on the operating information.

在一种可能的实现方式中，插件管理组件与其他插件管理组件用于对同一租户的插件进行管理。In a possible implementation, the plug-in management component and other plug-in management components are used to manage plug-ins of the same tenant.

在一种可能的实现方式中，其他插件管理组件与插件管理组件之间的传输时延小于插件注册组件与插件管理组件之间的传输时延。In a possible implementation, the transmission delay between other plug-in management components and the plug-in management component is smaller than the transmission delay between the plug-in registration component and the plug-in management component.

在一种可能的实现方式中，插件注册组件包括系统注册子组件和租户注册子组件，该云服务请求处理系统注册子组件用于存储该云服务请求处理系统插件的可执行代码，租户注册子组件用于存储租户插件的可执行代码，且租户不具有对该云服务请求处理系统注册子组件的访问权限。In one possible implementation, the plug-in registration component includes a system registration sub-component and a tenant registration sub-component. The cloud service request processing system registration sub-component is used to store the executable code of the cloud service request processing system plug-in, and the tenant registration sub-component is used to store the executable code of the tenant plug-in. The tenant does not have access to the cloud service request processing system registration sub-component.

在一种可能的实现方式中，该云服务请求处理系统用于对多个租户的云服务请求进行处理，该云服务请求处理系统包括与多个租户对应的多个插件管理组件，插件管理组件用于对属于对应租户的插件进行管理，且任一插件管理组件管理的所有插件属于同一个租户。In one possible implementation, the cloud service request processing system is used to process cloud service requests from multiple tenants. The cloud service request processing system includes multiple plug-in management components corresponding to the multiple tenants. The plug-in management components are used to manage plug-ins belonging to the corresponding tenants, and all plug-ins managed by any plug-in management component belong to the same tenant.

在一种可能的实现方式中，插件框架用于对多个云服务的云服务请求进行处理，对目标云服务的云服务请求进行处理通过运行插件框架和目标云服务对应的插件实现，目标云服务为多个云服务中的任一个。In one possible implementation, the plug-in framework is used to process cloud service requests for multiple cloud services, and processing cloud service requests for a target cloud service is achieved by running the plug-in framework and a plug-in corresponding to the target cloud service, where the target cloud service is any one of the multiple cloud services.

在一种可能的实现方式中，该云服务请求处理系统包括多个插件框架和属于同一租户的至少一个插件管理组件，多个插件框架用于实现相同的功能，响应于该云服务请求处理系统包括同一租户的一个插件管理组件，多个插件框架共用一个插件管理组件，响应于该云服务请求处理系统包括同一租户的多个插件管理组件，多个插件框架中至少部分单独使用一个插件管理组件。In one possible implementation, the cloud service request processing system includes multiple plug-in frameworks and at least one plug-in management component belonging to the same tenant. The multiple plug-in frameworks are used to implement the same function. In response to the cloud service request processing system including a plug-in management component of the same tenant, the multiple plug-in frameworks share a plug-in management component. In response to the cloud service request processing system including multiple plug-in management components of the same tenant, at least some of the multiple plug-in frameworks use a plug-in management component separately.

第三方面，本申请提供了一种计算设备，包括存储器和处理器，存储器存储有程序指令，处理器运行程序指令以实现本申请第一方面以及其任一种可能的实现方式中提供的系统。In a third aspect, the present application provides a computing device comprising a memory and a processor, wherein the memory stores program instructions, and the processor executes the program instructions to implement the system provided in the first aspect of the present application and any possible implementation thereof.

第四方面，本申请提供了一种计算设备集群，包括多个计算设备，多个计算设备包括多个处理器和多个存储器，多个存储器中存储有程序指令，多个处理器运行程序指令，使得计算设备集群实现本申请第一方面以及其任一种可能的实现方式中提供的系统。In a fourth aspect, the present application provides a computing device cluster, comprising multiple computing devices, wherein the multiple computing devices include multiple processors and multiple memories, wherein the multiple memories store program instructions, and the multiple processors execute the program instructions, so that the computing device cluster implements the system provided in the first aspect of the present application and any possible implementation thereof.

第五方面，本申请提供了一种计算机可读存储介质，该计算机可读存储介质为非易失性计算机可读存储介质，该计算机可读存储介质包括程序指令，当程序指令在计算设备上运行时，使得计算设备实现本申请第一方面以及其任一种可能的实现方式中提供的系统。In a fifth aspect, the present application provides a computer-readable storage medium, which is a non-volatile computer-readable storage medium. The computer-readable storage medium includes program instructions. When the program instructions are executed on a computing device, the computing device implements the system provided in the first aspect of the present application and any possible implementation thereof.

第六方面，本申请提供了一种包含指令的计算机程序产品，当计算机程序产品在计算机上运行时，使得计算机实现本申请第一方面以及其任一种可能的实现方式中提供的系统。In a sixth aspect, the present application provides a computer program product comprising instructions, which, when executed on a computer, enables the computer to implement the system provided in the first aspect of the present application and any possible implementation thereof.

BRIEF DESCRIPTION OF THE DRAWINGS

图1是本申请实施例提供的一种插件静态编译到插件框架的二进制中的示意图；FIG1 is a schematic diagram of a plug-in provided in an embodiment of the present application, wherein the plug-in is statically compiled into the binary of the plug-in framework;

图2是本申请实施例提供的一种云服务请求处理方法涉及的实施场景的结构示意图；FIG2 is a schematic diagram of a structure of an implementation scenario involved in a cloud service request processing method provided in an embodiment of the present application;

图3是本申请实施例提供的一种数据中心中基础资源的部署示意图；FIG3 is a schematic diagram of the deployment of basic resources in a data center provided by an embodiment of the present application;

图4是本申请实施例提供的一种云服务请求处理系统的示意图；FIG4 is a schematic diagram of a cloud service request processing system provided in an embodiment of the present application;

图5是本申请实施例提供的一种云服务请求处理系统执行云服务请求处理方法的流程图；FIG5 is a flow chart of a cloud service request processing method executed by a cloud service request processing system provided in an embodiment of the present application;

图6是本申请实施例提供的另一种云服务请求处理系统的示意图；FIG6 is a schematic diagram of another cloud service request processing system provided in an embodiment of the present application;

图7是本申请实施例提供的另一种云服务请求处理系统执行云服务请求处理方法的流程图；FIG7 is a flowchart of another cloud service request processing system performing a cloud service request processing method provided by an embodiment of the present application;

图8是本申请实施例提供的一种加载第一插件的流程图；FIG8 is a flowchart of loading a first plug-in provided in an embodiment of the present application;

图9是本申请实施例提供的再一种云服务请求处理系统的示意图；FIG9 is a schematic diagram of another cloud service request processing system provided in an embodiment of the present application;

图10是本申请实施例提供的一种插件管理组件基于插件加载请求，加载第一插件的流程图；10 is a flowchart of a plug-in management component loading a first plug-in based on a plug-in loading request provided by an embodiment of the present application;

图11是本申请实施例提供的一种更新第一插件的流程图；FIG11 is a flowchart of updating a first plug-in provided in an embodiment of the present application;

图12是本申请实施例提供的一种插件管理组件基于更新版本对第一插件进行更新的流程图；12 is a flowchart of a plug-in management component updating a first plug-in based on an updated version provided by an embodiment of the present application;

图13是本申请实施例提供的又一种云服务请求处理系统的示意图；FIG13 is a schematic diagram of another cloud service request processing system provided in an embodiment of the present application;

图14是本申请实施例提供的一种L7数据面调用插件的流程图；FIG14 is a flowchart of an L7 data plane calling plug-in provided in an embodiment of the present application;

图15是本申请实施例提供的一种加载插件的流程图；FIG15 is a flowchart of a plug-in loading method provided in an embodiment of the present application;

图16是本申请实施例提供的一种更新插件的流程图；FIG16 is a flowchart of an update plug-in provided in an embodiment of the present application;

图17是本申请实施例提供的一种计算设备的结构示意图；FIG17 is a schematic diagram of the structure of a computing device provided in an embodiment of the present application;

图18是本申请实施例提供的一种计算设备集群的结构示意图；FIG18 is a schematic diagram of the structure of a computing device cluster provided in an embodiment of the present application;

图19是本申请实施例提供的另一种计算设备集群的结构示意图。FIG19 is a schematic diagram of the structure of another computing device cluster provided in an embodiment of the present application.

DETAILED DESCRIPTION

为使本申请的目的、技术方案和优点更加清楚，下面将结合附图对本申请实施方式作进一步地详细描述。In order to make the objectives, technical solutions and advantages of this application clearer, the implementation methods of this application will be further described in detail below with reference to the accompanying drawings.

为便于理解，下面先对本申请实施例中涉及的技术和背景进行介绍。To facilitate understanding, the technology and background involved in the embodiments of this application are first introduced below.

云数据中心是基于互联网(Internet)网络，为集中式收集、存储、处理和发送数据的设备提供运行维护的设施以及相关的服务体系。从概念上可以将其理解为公共的商业化的Internet“机房”，同时它也是一种信息技术(information technology，IT)专业服务，是IT工业的重要基础设施。云数据中心不仅是一个服务概念，而且是一个网络的概念，它构成了网络基础设施的一部分，就像骨干网、接入网一样，提供了一种高端的数据传输(data delivery)的服务和高速接入服务。A cloud data center is an internet-based network that provides operational maintenance facilities and related service systems for centralized data collection, storage, processing, and transmission. Conceptually, it can be understood as a public, commercial Internet "computer room." It also provides a professional information technology (IT) service and is a critical infrastructure for the IT industry. A cloud data center is not only a service concept but also a network concept. It forms part of the network infrastructure, much like backbone and access networks, providing high-end data delivery and high-speed access services.

插件：当一个软件项目开发结束并将其应用程序交付使用后，在需要向其添加一些新的功能时，通常希望在不修改原有的应用程序情况下，将新添加的功能植入到应用程序中，这就是所谓的插件化，用于实现新增加功能的功能模块叫插件。插件化能大大的降低功能模块间的耦合性，有利于各功能模块的独立维护，提高软件项目的维护更新效率。插件必须依赖于应用程序才能发挥自身功能，仅靠插件是无法正常运行的。Plug-ins: After a software project is developed and its application is delivered for use, adding new functionality often requires integrating it into the existing application without modifying it. This is known as plug-inization, and the functional module used to implement the new functionality is called a plug-in. Plug-ins significantly reduce the coupling between functional modules, facilitate independent maintenance of each module, and improve the efficiency of software project maintenance and updates. A plug-in must rely on the application to function; it cannot function properly on its own.

插件框架是插件化的应用程序内的基础功能模块。插件框架可视为是整个或部分应用程序的可重用设计。另一种定义认为，插件框架是可被应用开发者定制的应用骨架。示例地，插件框架是软件项目开发过程中提取特定领域软件的共性部分形成的体系结构，负责实现应用程序较基本的功能，如负责插件的下载安装、加载、卸载等管理功能。例如，在云计算领域中，多个云服务的共性部分能够提取成插件框架。多个云服务中的任一个云服务能够通过运行该插件框架和该任一个云服务的插件实现。A plug-in framework is a basic functional module within a plug-in application. A plug-in framework can be considered a reusable design for an entire or partial application. Another definition states that a plug-in framework is an application skeleton that can be customized by application developers. For example, a plug-in framework is an architecture formed by extracting the common parts of software in a specific field during the development of a software project. It is responsible for implementing the more basic functions of an application, such as downloading, installing, loading, and uninstalling plug-ins. For example, in the field of cloud computing, the common parts of multiple cloud services can be extracted into a plug-in framework. Any of the multiple cloud services can be implemented by running the plug-in framework and the plug-in of any cloud service.

目前，如图1所示，插件(如图1中C++插件和cgo插件)都是静态编译到插件框架的二进制中的。在这样的情况下，如果租户对插件进行修改，如动态加载或更新插件，在修改插件后需要重启整个插件框架，会影响正在依赖插件框架运行的租户的业务。除此之外，还需要用使用插件框架的新镜像文件替换原有的插件框架。Currently, as shown in Figure 1, plugins (such as the C++ plugin and cgo plugin in Figure 1) are statically compiled into the plugin framework binary. Therefore, if a tenant modifies a plugin, such as dynamically loading or updating it, the entire plugin framework must be restarted, impacting tenants' services that rely on the plugin framework. Furthermore, the existing plugin framework image must be replaced with a new one that uses the plugin framework.

示例的，随着服务网格(service mesh)技术在云计算领域中越来越广泛的应用，在部署云服务时，越来越多地将云服务架构的分布式应用中非功能性的服务治理逻辑，从业务进程中剥离到进程外边车进程(sidecar)中，以无侵入的方式提供服务间的连接、安全、流控、灰度发布和观测等能力，实现业务轻量化和服务治理基础设施化。在云服务领域中，可使用sidecar代理拦截租户发送的云服务请求，云服务请求用于请求服务器向租户提供云服务。然后sidecar代理对云服务请求进行处理，再向云服务的执行者(如服务器)提供经过处理的云服务请求。以七层(L7)治理为例，sidecar代理对云服务请求的处理包括：对云服务请求进行负载均衡、对云服务请求进行限流和观测云服务的调用链和调用时间等。For example, with the increasing application of service mesh technology in cloud computing, when deploying cloud services, the non-functional service governance logic of distributed applications in cloud service architectures is increasingly being separated from business processes and moved to sidecar processes outside the process. This provides inter-service connectivity, security, flow control, grayscale release, and observation capabilities in a non-invasive manner, achieving lightweight business and service governance infrastructure. In the cloud service field, the sidecar proxy can be used to intercept cloud service requests sent by tenants. Cloud service requests are used to request servers to provide cloud services to tenants. The sidecar proxy then processes the cloud service request and provides the processed cloud service request to the cloud service executor (such as a server). Taking Layer 7 (L7) governance as an example, the sidecar proxy's processing of cloud service requests includes load balancing cloud service requests, limiting the flow of cloud service requests, and observing the call chain and call time of cloud services.

sidecar代理对云服务请求进行处理可通过插件框架和插件实现。此时，sidecar也称为sidecar代理。sidecar代理实现七层治理时，sidecar代理也称为L7代理或L7数据面。sidecar支持使用多种插件处理客户的连接和请求，其插件类型支持原生(native)插件语言，如C++，cgo语言，且插件在使用前需要与sidecar进行静态链接。因此，一旦编译完成，sidecar可使用的C++，cgo插件就是固定的。如果租户修改插件，需要上传新的代理镜像并替换原有的sidecar代理，这将引起sidecar代理的重启操作，也会影响正在运行的租户业务。另外，当插件框架由多个云服务共用时，由于插件与插件框架静态链接，当多个云服务中一个云服务的插件运行异常时，会导致整个插件框架出现问题，对共用该插件框架的多个云服务中的其他云服务造成影响。类似的，当插件框架由多个租户共同使用时，一个租户的插件运行异常会导致整个插件框架出现问题，影响共用该插件框架的其他租户的访问。例如，在四层(L4)/七层(L7)分离的模式下，L7代理将被中心化部署并弹性扩展，每个L7代理可被多个租户共同访问，且每个租户自己编写的C++插件都直接静态链接到L7代理。由于插件静态链接到L7代理，导致无法对插件进行动态更新。并且，由于L7代理的插件的可执行代码的体积很大，会导致对插件进行加载需要较长的时间。在L7代理运行过程中，如果某个租户的插件不稳定，将导致整个L7代理崩溃(crash)，影响其他租户的访问，其爆炸范围不可控。The sidecar proxy processes cloud service requests using a plugin framework and plugins. In this context, the sidecar is also called a sidecar proxy. When the sidecar proxy implements Layer 7 governance, it is also called an L7 proxy or L7 data plane. The sidecar supports a variety of plugins to handle customer connections and requests. Plugins are available in native languages, such as C++ and CGO. Plugins must be statically linked to the sidecar before use. Therefore, once compiled, the C++ and CGO plugins available to the sidecar are fixed. If a tenant modifies a plugin, they must upload a new proxy image and replace the existing sidecar proxy. This requires a sidecar proxy restart and can impact ongoing tenant services. Furthermore, when the plugin framework is shared by multiple cloud services, since plugins are statically linked to the framework, a plugin failure in one cloud service can cause issues across the entire plugin framework, impacting other cloud services that share the same plugin framework. Similarly, when the plugin framework is shared by multiple tenants, a plugin failure in one tenant can cause issues across the entire plugin framework, impacting access by other tenants that share the same plugin framework. For example, in a Layer 4 (L4)/Layer 7 (L7) separation model, the L7 agent will be centrally deployed and elastically expanded. Each L7 agent can be accessed by multiple tenants, and each tenant's custom C++ plug-in is statically linked directly to the L7 agent. Because the plug-in is statically linked to the L7 agent, it cannot be dynamically updated. In addition, due to the large size of the executable code of the L7 agent plug-in, it takes a long time to load the plug-in. During the operation of the L7 agent, if a tenant's plug-in is unstable, it will cause the entire L7 agent to crash, affecting the access of other tenants, and the scope of the explosion is uncontrollable.

基于此，本申请实施例提供了一种云服务请求处理方法及系统。云服务请求处理系统部署于云管理平台管理的服务器中。云管理平台用于管理提供云服务的基础设施。基础设施包括多个服务器。该云服务请求处理方法及系统用于对云服务请求进行处理。云服务请求用于请求服务器向租户提供云服务。该云服务请求处理系统包括：交互组件、插件框架、与插件框架关联的至少一个插件和插件管理组件。该云服务请求处理系统对云服务请求进行处理的过程包括：交互组件获取租户发送的云服务请求，并向插件框架提供云服务请求；插件框架基于云服务请求运行，并向插件管理组件发送插件访问请求，插件访问请求指示对用于处理云服务器请求的第一插件进行访问，第一插件为至少一个插件中的一个；插件管理组件基于插件访问请求对第一插件进行访问，得到访问结果，并向插件框架反馈访问结果；插件框架基于访问结果，得到针对云服务请求的处理结果。Based on this, an embodiment of the present application provides a cloud service request processing method and system. The cloud service request processing system is deployed in a server managed by a cloud management platform. The cloud management platform is used to manage the infrastructure that provides cloud services. The infrastructure includes multiple servers. The cloud service request processing method and system are used to process cloud service requests. The cloud service request is used to request the server to provide cloud services to tenants. The cloud service request processing system includes: an interactive component, a plug-in framework, at least one plug-in associated with the plug-in framework, and a plug-in management component. The process of the cloud service request processing system processing the cloud service request includes: the interactive component obtains the cloud service request sent by the tenant and provides the cloud service request to the plug-in framework; the plug-in framework runs based on the cloud service request and sends a plug-in access request to the plug-in management component, the plug-in access request indicates access to a first plug-in used to process cloud server requests, the first plug-in being one of at least one plug-in; the plug-in management component accesses the first plug-in based on the plug-in access request, obtains an access result, and feeds back the access result to the plug-in framework; the plug-in framework obtains a processing result for the cloud service request based on the access result.

在该云服务请求处理系统中，由于插件由插件管理组件管理，在需要运行插件时，需要插件框架先向插件管理组件发送插件访问请求。插件管理组件接收到插件访问请求后，再基于该插件访问请求对插件进行访问。这样一来，插件框架的运行和插件的运行属于不同的进程，相当于实现了插件框架与插件之间的隔离，使得插件框架与插件之间不会互相影响，保证了插件框架运行的安全性和稳定性。当租户需要对插件进行修改时，如动态加载或更新插件时，无需重启整个插件框架，使得对插件进行修改的行为不会对其他插件管理组件管理的插件产生影响，进而不会对依赖该其他插件运行的租户业务产生影响。类似的，当某个插件运行异常时，也不会影响插件框架，不会对插件框架关联的其他插件管理组件管理的插件造成影响。In the cloud service request processing system, since the plug-in is managed by the plug-in management component, when the plug-in needs to be run, the plug-in framework needs to first send a plug-in access request to the plug-in management component. After receiving the plug-in access request, the plug-in management component accesses the plug-in based on the plug-in access request. In this way, the operation of the plug-in framework and the operation of the plug-in belong to different processes, which is equivalent to achieving isolation between the plug-in framework and the plug-in, so that the plug-in framework and the plug-in will not affect each other, ensuring the security and stability of the plug-in framework operation. When a tenant needs to modify a plug-in, such as dynamically loading or updating a plug-in, there is no need to restart the entire plug-in framework, so that the behavior of modifying the plug-in will not affect the plug-ins managed by other plug-in management components, and thus will not affect the tenant business that relies on the other plug-ins to run. Similarly, when a plug-in runs abnormally, it will not affect the plug-in framework, and will not affect the plug-ins managed by other plug-in management components associated with the plug-in framework.

本文从实施场景、方法流程、硬件装置、软件装置等多个角度，对本申请的技术方案进行详细介绍。This article provides a detailed introduction to the technical solution of this application from multiple perspectives, including implementation scenarios, method flow, hardware devices, and software devices.

下面先对本申请实施例的应用场景举例说明。The following first illustrates the application scenarios of the embodiments of the present application.

图2是本申请实施例提供的一种云服务请求处理方法涉及的实施场景的结构示意图。如图2所示，该实施环境包括：数据中心1和客户端2。数据中心1和客户端2之间能够通过网络建立通信连接。可选的，该网络可以为互联网，还可以为其它网络，本申请实施例不作限定。租户能够通过客户端2与数据中心1进行交互。例如，租户可以通过客户端2向数据中心1发送云服务请求等信息。数据中心1用于基于客户端2向数据中心1发送的信息进行响应。Figure 2 is a structural diagram of an implementation scenario involving a cloud service request processing method provided in an embodiment of the present application. As shown in Figure 2, the implementation environment includes: a data center 1 and a client 2. A communication connection can be established between the data center 1 and the client 2 through a network. Optionally, the network can be the Internet or other networks, which is not limited in the embodiment of the present application. Tenants can interact with the data center 1 through the client 2. For example, the tenant can send information such as a cloud service request to the data center 1 through the client 2. The data center 1 is used to respond based on the information sent by the client 2 to the data center 1.

数据中心1中部署有云服务提供商拥有的大量基础设施，如计算资源、存储资源和网络资源等。例如，计算资源可以是能够提供计算能力的计算设备(如服务器等)。如图2所示，数据中心1包括云管理平台和基础设施(图2中未示出)。云管理平台和基础设施之间通过数据中心内部网络连接。云管理平台用于管理基础设施。基础设施用于提供公有云服务。基础设置包括多个服务器。云服务可选部署在服务器中。租户能够通过其使用的客户端2向服务器发送云服务请求，服务器能够对该云服务请求进行处理，并基于经过处理的云服务请求提供云服务。例如，服务器能够通过本申请实施例提供的云服务请求处理方法，对云服务请求进行处理。A large amount of infrastructure owned by the cloud service provider is deployed in the data center 1, such as computing resources, storage resources, and network resources. For example, computing resources can be computing devices (such as servers, etc.) that can provide computing capabilities. As shown in Figure 2, the data center 1 includes a cloud management platform and infrastructure (not shown in Figure 2). The cloud management platform and the infrastructure are connected through the internal network of the data center. The cloud management platform is used to manage the infrastructure. The infrastructure is used to provide public cloud services. The basic settings include multiple servers. Cloud services can be optionally deployed in the server. Tenants can send cloud service requests to the server through the client 2 they use, and the server can process the cloud service request and provide cloud services based on the processed cloud service request. For example, the server can process the cloud service request through the cloud service request processing method provided in the embodiment of the present application.

云管理平台从逻辑功能上能够划分为：租户控制台、计算管理服务、网络管理服务、存储管理服务、鉴权服务和镜像管理服务。租户控制台提供界面或应用程序接口(application program interface，API)与租户交互。计算管理服务用于管理运行虚拟实例的服务器以及裸金属服务器。网络管理服务用于管理网络服务(如网关、防火墙等)。存储管理服务用于管理存储服务(如数据桶服务)。鉴权服务用于管理租户的账号和密码。镜像管理服务用于管理虚拟实例的镜像。The cloud management platform can be divided into the following logical functionalities: tenant console, computing management service, network management service, storage management service, authentication service, and image management service. The tenant console provides an interface or application program interface (API) to interact with tenants. The computing management service is used to manage servers running virtual instances and bare metal servers. The network management service is used to manage network services (such as gateways, firewalls, etc.). The storage management service is used to manage storage services (such as data bucket services). The authentication service is used to manage tenant accounts and passwords. The image management service is used to manage the images of virtual instances.

在图2所示的实施场景中，一个数据中心中设置有多个服务器。服务器包括硬件层和软件层。硬件层为服务器的常规配置。硬件层部署有处理器、内存、网卡、磁盘和总线等硬件设备。软件层包括安装并运行在服务器上的操作系统。相对虚拟机的操作系统可称为宿主机操作系统。宿主机操作系统中运行有虚拟机管理器(又可称为Hypervisor)。虚拟机管理器的作用是实现虚拟机的计算虚拟化、网络虚拟化以及存储虚拟化，并负责管理虚拟机。In the implementation scenario shown in Figure 2, multiple servers are deployed in a data center. The server consists of a hardware layer and a software layer. The hardware layer is the standard configuration of the server. The hardware layer deploys hardware devices such as processors, memory, network cards, disks, and buses. The software layer includes the operating system installed and running on the server. The operating system of the virtual machine is called the host operating system. The host operating system runs a virtual machine manager (also called a hypervisor). The role of the virtual machine manager is to implement computing virtualization, network virtualization, and storage virtualization for the virtual machine, and is responsible for managing the virtual machine.

虚拟机管理器中运行有云管理平台客户端。云管理平台客户端能够接收云管理平台发送的控制面命令，根据控制面控制命令在服务器上创建虚拟实例，并对虚拟实例进行全生命周期管理。例如，云管理平台客户端能够实时检测所在服务器的硬件资源的使用情况并上报至云管理平台。云管理平台确认要在某个服务器上创建虚拟实例时，会向该服务器上的云管理平台客户端发送虚拟实例创建命令，云管理平台客户端接收该命令后，在该服务器上创建虚拟实例。这样一来，租户可通过云管理平台在数据中心中创建、管理、登录和操作虚拟实例。The cloud management platform client runs within the virtual machine manager. The cloud management platform client receives control plane commands from the cloud management platform, creates virtual instances on servers based on these commands, and manages the virtual instances throughout their lifecycle. For example, the cloud management platform client monitors the hardware resource usage of the server in real time and reports this information to the cloud management platform. When the cloud management platform confirms the creation of a virtual instance on a server, it sends a virtual instance creation command to the cloud management platform client on that server. Upon receiving this command, the cloud management platform client creates the virtual instance on that server. This allows tenants to create, manage, log in to, and operate virtual instances in the data center through the cloud management platform.

服务器可用于运行不同规格的虚拟机。虚拟机规格分为：通用计算型、内存优化型、超大内存型等等，每个类型下面还有具体规格，租户选择好虚拟机规格后，云管理平台在数据中心中选择支持该规格的服务器，并确定该服务器中上具有足够的空闲硬件资源，然后在该服务器上创建设置有该规格的虚拟机。通过云管理平台对服务器进行配置，能够实现对服务器硬件资源的分析与规划，根据服务器的硬件性能规划物理硬件的对应计算产品，如规划不同规格的虚拟机，以满足不同租户的差异化诉求。并且，根据不同规格的虚拟机的性能差异，能够差异化定价策略。例如，将高性能规格的虚拟实例以更高的价格对外售卖，将普通性能规格的虚拟实例以较低价格对外售卖，以便于租户按需购买虚拟实例。Servers can be used to run virtual machines of varying specifications. Virtual machine specifications are categorized as general-purpose computing, memory-optimized, and ultra-large memory, with each type further defined. After a tenant selects a virtual machine specification, the cloud management platform selects a server in the data center that supports that specification, determines if the server has sufficient available hardware resources, and then creates a virtual machine with that specification on that server. Configuring servers through the cloud management platform allows for analysis and planning of server hardware resources. Based on the server's hardware performance, computing products corresponding to the physical hardware can be planned, such as virtual machines of varying specifications, to meet the differentiated needs of different tenants. Furthermore, the performance differences between virtual machines of varying specifications can enable differentiated pricing strategies. For example, virtual instances with high performance specifications can be sold at a higher price, while those with standard performance specifications can be sold at a lower price, allowing tenants to purchase virtual instances on demand.

在一种实现方式中，如图3所示，数据中心中基础资源的位置可以通过云资源部署区域(region)和可用区(availability zone，AZ)进行描述。租户可选基于特定的region、AZ中的资源部署云服务。其中，region是从地理位置和网络时延维度进行划分的。同一个region内使用同一个资源池，可以理解为共享弹性计算、块存储、对象存储、虚拟私有云(virtual private cloud，VPC)网络、弹性网络互连协议(elastic internet protocol，EIP)地址和镜像等公共服务。region分为通用region和专属region。通用region指面向公共租户提供通用云服务的region。专属region指承载同一类业务或面向特定租户提供业务服务的专用region。一个region通常包括多个AZ。一个region中的多个AZ间通过高速光纤相连，以满足租户跨AZ构建高可用性系统的需求。一个AZ是一个或多个图3所示的数据中心的集合。AZ内的计算、网络和存储等资源在逻辑上被划分成多个集群。In one implementation, as shown in Figure 3, the location of basic resources within a data center can be described using cloud resource deployment regions and availability zones (AZs). Tenants can optionally deploy cloud services based on resources in specific regions and AZs. Regions are defined based on geographic location and network latency. Within a region, the same resource pool is used, which can be understood as sharing public services such as elastic compute, block storage, object storage, virtual private cloud (VPC) networks, Elastic Internet Protocol (EIP) addresses, and images. Regions are categorized as general regions and dedicated regions. General regions provide general cloud services to public tenants. Dedicated regions are dedicated regions that carry the same type of business or provide services to specific tenants. A region typically includes multiple AZs. AZs within a region are connected by high-speed fiber optic cables to meet tenants' needs for building high-availability systems across AZs. An AZ is a collection of one or more data centers, as shown in Figure 3. Compute, network, and storage resources within an AZ are logically divided into multiple clusters.

租户可通过其使用的客户端2向云管理平台发送指令，以在服务器中创建、管理、登录和操作虚拟实例，并使用该虚拟实例提供的云服务。示例地，云管理平台能够提供访问接口。访问接口可选以界面或API的形式提供。租户可操作客户端远程接入访问接口，以在云管理平台注册云账号和密码，并使用云账号和密码登录云管理平台。云管理平台还能够对云账号和密码进行鉴权。鉴权成功后，租户可进一步在云管理平台选择并付费购买特定规格(处理器、内存、磁盘)的虚拟实例。租户付费购买虚拟实例成功后，云管理平台向租户提供所购买的虚拟实例的远程登录账号和密码。租户可使用远程登录账号和密码，在客户端远程登录该虚拟实例，在该虚拟实例中安装并运行租户的应用，以通过该应用实现租户的业务。Tenants can send instructions to the cloud management platform through the client 2 they use to create, manage, log in and operate virtual instances in the server, and use the cloud services provided by the virtual instances. For example, the cloud management platform can provide an access interface. The access interface can be optionally provided in the form of an interface or an API. Tenants can operate the client to remotely access the access interface to register a cloud account and password on the cloud management platform, and use the cloud account and password to log in to the cloud management platform. The cloud management platform can also authenticate the cloud account and password. After successful authentication, the tenant can further select and pay to purchase a virtual instance of specific specifications (processor, memory, disk) on the cloud management platform. After the tenant successfully pays for the virtual instance, the cloud management platform provides the tenant with the remote login account and password of the purchased virtual instance. The tenant can use the remote login account and password to remotely log in to the virtual instance on the client, install and run the tenant's application in the virtual instance, and implement the tenant's business through the application.

客户端2可选是计算机、个人电脑、膝上型计算机、移动电话、智能手机、平板电脑、云主机、便携式移动终端、多媒体播放器、电子书阅读器、可穿戴式设备、智能家电、人工智能设备、智能可穿戴设备、智能车载设备或物联网设备等。Client 2 may be a computer, a personal computer, a laptop computer, a mobile phone, a smart phone, a tablet computer, a cloud host, a portable mobile terminal, a multimedia player, an e-book reader, a wearable device, a smart home appliance, an artificial intelligence device, a smart wearable device, a smart vehicle-mounted device or an Internet of Things device, etc.

在一种实现方式中，本申请实施例提供的云服务请求处理方法，可以通过数据中心1中的计算设备运行可执行程序实现。可选地，本申请实施例提供的云服务请求处理方法可选应用于云服务请求处理系统。该云服务请求处理系统部署于云管理平台管理的服务器中。该云服务请求处理系统通过运行本申请实施例提供的云服务请求处理方法的可执行程序，能够实现本申请实施例提供的云服务请求处理方法。并且，实现该云服务请求处理方法的可执行程序，可选以应用程序安装包的形式呈现，服务器安装该应用程序安装包后，能够通过运行其中的可执行程序，实现本申请实施例提供的云服务请求处理方法。In one implementation, the cloud service request processing method provided in the embodiment of the present application can be implemented by running an executable program on a computing device in the data center 1. Optionally, the cloud service request processing method provided in the embodiment of the present application can be optionally applied to a cloud service request processing system. The cloud service request processing system is deployed in a server managed by a cloud management platform. The cloud service request processing system can implement the cloud service request processing method provided in the embodiment of the present application by running the executable program of the cloud service request processing method provided in the embodiment of the present application. Moreover, the executable program that implements the cloud service request processing method can be optionally presented in the form of an application installation package. After the server installs the application installation package, it can implement the cloud service request processing method provided in the embodiment of the present application by running the executable program therein.

应当理解的是，以上内容是对本申请实施例提供的云服务请求处理方法的实施场景的示例性说明，并不构成对于该云服务请求处理方法的实施场景的限定，本领域普通技术人员可知，随着业务需求的改变，其实施场景可以根据应用需求进行调整。例如，本申请能够适用于所有服务网格透明代理的应用场景，本申请实施例对其不做具体限定。并且，当本申请实施例提供的云服务请求处理方法应用于其他场景时，该方法的可执行程序也可以应用程序安装包的形式呈现或者采用其他方式呈现，本申请实施例对其不做一一列举。It should be understood that the above content is an exemplary description of the implementation scenario of the cloud service request processing method provided in the embodiment of the present application, and does not constitute a limitation on the implementation scenario of the cloud service request processing method. A person of ordinary skill in the art will know that as business needs change, its implementation scenario can be adjusted according to application requirements. For example, the present application can be applied to all application scenarios of service grid transparent proxy, and the embodiment of the present application does not make specific limitations on it. Moreover, when the cloud service request processing method provided in the embodiment of the present application is applied to other scenarios, the executable program of the method can also be presented in the form of an application installation package or in other ways, and the embodiment of the present application does not list them one by one.

下面对本申请实施例提供的云服务请求处理系统及其执行云服务请求处理方法的实现过程进行说明。该云服务请求处理系统部署于云管理平台管理的服务器中，用于对云服务请求进行处理。该云服务请求用于请求服务器向租户提供云服务。图4是本申请实施例提供的一种云服务请求处理系统的示意图。如图4所示，该云服务请求处理系统10包括：交互组件101、插件框架102、插件管理组件103和与插件框架102关联的至少一个插件104。如图5所示，该云服务请求处理系统执行云服务请求处理方法的实现过程包括：The following describes the cloud service request processing system provided by an embodiment of the present application and the implementation process of the cloud service request processing method thereof. The cloud service request processing system is deployed in a server managed by a cloud management platform and is used to process cloud service requests. The cloud service request is used to request the server to provide cloud services to tenants. Figure 4 is a schematic diagram of a cloud service request processing system provided by an embodiment of the present application. As shown in Figure 4, the cloud service request processing system 10 includes: an interactive component 101, a plug-in framework 102, a plug-in management component 103 and at least one plug-in 104 associated with the plug-in framework 102. As shown in Figure 5, the implementation process of the cloud service request processing system executing the cloud service request processing method includes:

步骤501、交互组件获取租户发送的云服务请求，并向插件框架提供云服务请求，云服务请求用于请求服务器向租户提供云服务。Step 501: The interactive component obtains a cloud service request sent by a tenant and provides the cloud service request to the plug-in framework. The cloud service request is used to request a server to provide cloud services to the tenant.

租户需要使用云服务时，可在其使用的客户端上执行指定操作，以触发云服务请求，客户端能够向用于提供云服务的服务器提供该云服务请求。客户端向服务器提供云服务请求后，交互组件能够获取该云服务请求。在一种实现方式中，云服务请求处理系统为用于提供云服务的云服务提供系统的一部分。此时，该交互组件为云服务提供系统中的组件，租户向该云服务提供系统发送的所有请求，均由该交互组件接收。在另一种实现方式中，云服务请求处理系统不是云服务提供系统中的一部分。例如，当云服务提供系统部署在服务器中时，该服务器中还部署有该云服务请求处理系统，所有向云服务提供系统发送的请求，均可选先经过该云服务请求处理系统处理，经过处理后的请求再发送至云服务提供系统。此时，该交互组件能够拦截租户向云服务提供系统发送的请求。例如，交互组件拦截租户向云服务提供系统发送的云服务请求。该云服务请求为租户需要使用云服务时，通过在租户使用的客户端上执行指定操作触发的，该云服务请求用于指示部署在服务器中的云服务提供系统向租户提供云服务。When a tenant needs to use a cloud service, they can perform a specified operation on their client to trigger a cloud service request. The client can then submit the cloud service request to the server providing the cloud service. After the client submits the cloud service request to the server, the interaction component can retrieve the cloud service request. In one implementation, the cloud service request processing system is part of the cloud service provision system. In this case, the interaction component is a component of the cloud service provision system, and all requests sent by the tenant to the cloud service provision system are received by the interaction component. In another implementation, the cloud service request processing system is not part of the cloud service provision system. For example, when the cloud service provision system is deployed on a server, the server also hosts the cloud service request processing system. All requests sent to the cloud service provision system can optionally be processed by the cloud service request processing system before being sent to the cloud service provision system. In this case, the interaction component can intercept requests sent by the tenant to the cloud service provision system. For example, the interaction component intercepts cloud service requests sent by the tenant to the cloud service provision system. The cloud service request is triggered when a tenant needs to use cloud services by performing a specified operation on the client used by the tenant. The cloud service request is used to instruct the cloud service provision system deployed in the server to provide cloud services to the tenant.

可选的，根据不同的云服务需求，云服务请求还可能预先经过其他系统的处理。示例的，本申请的云服务请求处理系统和该其他系统可选是按照不同目标对云服务器请求进行处理的系统，且其他系统对云服务请求的处理过程需要在该云服务请求处理系统的处理过程之前执行，则交互组件接收的云服务请求已经过该其他系统处理。例如，在L4/L7分离模式下，假设云服务请求需要先经过L4代理的处理，然后由L7代理对经过处理的云服务请求再进行处理，则交互组件接收的云服务请求为经过L4代理处理后的云服务请求。Optionally, according to different cloud service requirements, cloud service requests may also be processed by other systems in advance. For example, the cloud service request processing system of the present application and the other system may be systems that process cloud server requests according to different goals, and the processing process of the cloud service request by the other system needs to be executed before the processing process of the cloud service request processing system. In this case, the cloud service request received by the interactive component has been processed by the other system. For example, in the L4/L7 separation mode, assuming that the cloud service request needs to be processed by the L4 proxy first, and then the L7 proxy processes the processed cloud service request, the cloud service request received by the interactive component is the cloud service request processed by the L4 proxy.

在云服务请求处理系统对云服务请求进行处理的过程中，插件框架需要基于云服务请求运行，并在运行过程中调用插件对云服务请求进行处理，插件框架根据插件对云服务请求的处理结果能够得到该云服务请求处理系统对云服务请求的处理结果。因此，交互组件获取云服务请求后，需要向插件框架提供云服务请求，使得插件框架对该云服务请求进行处理。在一种可能的实现方式中，交互组件可选为云服务请求处理系统的输入组件。During the cloud service request processing system's processing of a cloud service request, the plug-in framework needs to run based on the cloud service request and, during this process, invoke the plug-in to process the cloud service request. Based on the plug-in's processing results, the plug-in framework can obtain the cloud service request processing system's processing results. Therefore, after receiving the cloud service request, the interactive component needs to provide the cloud service request to the plug-in framework so that the plug-in framework can process it. In one possible implementation, the interactive component can optionally serve as an input component of the cloud service request processing system.

步骤502、插件框架基于云服务请求运行，并向插件管理组件发送插件访问请求，插件访问请求指示对用于处理云服务器请求的第一插件进行访问，第一插件为至少一个插件中的一个。Step 502: The plug-in framework runs based on the cloud service request and sends a plug-in access request to the plug-in management component, where the plug-in access request indicates access to a first plug-in for processing the cloud server request, where the first plug-in is one of the at least one plug-in.

插件框架获取到云服务请求后，能够基于该云服务请求运行，并在运行过程中调用插件。在本申请中，由于插件管理组件用于对插件进行管理，插件框架调用插件通过插件框架向插件管理组件发送插件访问请求，再由插件管理组件基于该插件访问请求对插件进行访问实现。例如，随着服务网格技术的发展，很多云服务的非功能性的服务治理逻辑都从业务进程中剥离到外边车进程中。当非功能性的服务治理逻辑用于对云服务请求进行处理时，该非功能性的服务治理逻辑可通过云服务请求处理系统实现，该系统的插件框架用于实现非功能性的服务治理逻辑的基础功能，该系统的插件用于实现非功能性的服务治理逻辑的附加功能。对于某个云服务来说，其非功能性的服务治理逻辑可通过运行插件框架及该插件框架的至少部分插件实现。在一种实现方式中，插件框架能够获取插件管理组件与其管理的插件的对应关系，插件框架确定需要对第一插件进行访问时，可根据该对应关系确定对该第一插件进行管理的插件管理组件，并向该插件管理组件发送插件访问请求。该第一插件可选为系统自有的插件(即系统插件)，或者为租户提供的插件(即租户插件，如租户自定义的插件)，本申请实施例对其不做具体限定。After the plug-in framework obtains the cloud service request, it can run based on the cloud service request and call the plug-in during the running process. In the present application, since the plug-in management component is used to manage the plug-in, the plug-in framework calls the plug-in to send a plug-in access request to the plug-in management component through the plug-in framework, and then the plug-in management component accesses the plug-in based on the plug-in access request. For example, with the development of service grid technology, the non-functional service governance logic of many cloud services has been stripped from the business process to the external car process. When the non-functional service governance logic is used to process the cloud service request, the non-functional service governance logic can be implemented by the cloud service request processing system, the plug-in framework of the system is used to implement the basic functions of the non-functional service governance logic, and the plug-in of the system is used to implement the additional functions of the non-functional service governance logic. For a certain cloud service, its non-functional service governance logic can be implemented by running the plug-in framework and at least part of the plug-in of the plug-in framework. In one implementation, the plug-in framework can obtain a correspondence between a plug-in management component and the plug-ins it manages. When the plug-in framework determines that it needs to access a first plug-in, it can determine the plug-in management component that manages the first plug-in based on the correspondence and send a plug-in access request to the plug-in management component. The first plug-in can be a system-owned plug-in (i.e., a system plug-in) or a plug-in provided to a tenant (i.e., a tenant plug-in, such as a tenant-defined plug-in). This embodiment of the present application does not specifically limit this.

在本申请中，一个插件框架能够用于对一个或多个云服务的云服务请求进行处理。当插件框架用于对某个云服务的云服务请求进行处理时，在对该云服务的云服务请求进行处理时，需要运行该插件框架和对应的插件。该对应的插件为实现指定处理功能的插件。当插件框架用于对多个云服务的云服务请求进行处理时，对目标云服务的云服务请求进行处理通过运行插件框架和该目标云服务对应的插件实现。目标云服务为多个云服务中的任一个。目标云服务对应的插件为用于对该目标云服务的云服务请求进行处理且实现指定处理功能的插件。例如，在服务网格技术中，多个云服务的非功能性的服务治理逻辑的基础功能相同时，该基础功能用于对多个云服务的云服务请求进行处理，且该基础功能能够通过同一个插件框架实现。并且，该插件框架配置有多个插件，多个插件分别与多个云服务对应，与某个云服务对应的插件用于实现该云服务的非功能性的服务治理逻辑的附加功能。此时，多个云服务共用该插件框架，并通过动态加载该插件框架关联的插件，使得该插件框架的启动内存很小，且加载插件的耗时短，减小了对用户访问时延的影响。另外，由于多个云服务的非功能性的服务治理逻辑的基础功能由同一个插件框架实现，这种部署方式也称为插件框架的集中部署。In this application, a plug-in framework can be used to process cloud service requests for one or more cloud services. When the plug-in framework is used to process cloud service requests for a specific cloud service, the plug-in framework and corresponding plug-in must be executed to process the cloud service request for that cloud service. The corresponding plug-in is a plug-in that implements a specified processing function. When the plug-in framework is used to process cloud service requests for multiple cloud services, processing cloud service requests for a target cloud service is achieved by running the plug-in framework and the plug-in corresponding to the target cloud service. The target cloud service is any one of the multiple cloud services. The plug-in corresponding to the target cloud service is a plug-in that processes cloud service requests for the target cloud service and implements the specified processing function. For example, in service mesh technology, if the basic functionality of the non-functional service governance logic of multiple cloud services is the same, this basic functionality is used to process cloud service requests for multiple cloud services, and this basic functionality can be implemented by the same plug-in framework. Furthermore, the plug-in framework is configured with multiple plug-ins, each corresponding to a plurality of cloud services. The plug-in corresponding to a particular cloud service is used to implement additional functionality of the non-functional service governance logic of that cloud service. In this case, multiple cloud services share the same plugin framework and dynamically load the plugins associated with it. This reduces the startup memory footprint of the plugin framework and the time it takes to load plugins, minimizing the impact on user access latency. Furthermore, because the underlying non-functional service governance logic for multiple cloud services is implemented by the same plugin framework, this deployment approach is also known as centralized plugin framework deployment.

类似地，云服务请求处理系统能够用于对一个或多个租户的云服务请求进行处理。此时，云服务请求处理系统相应地包括与多个租户对应的多个插件管理组件，任一插件管理组件用于对属于对应租户的插件进行管理，且任一插件管理组件管理的所有插件属于同一个租户。也即是，每个租户有属于自己的插件管理组件，任一租户拥有的插件管理组件用于对属于该租户的插件进行管理，属于不同租户的插件管理组件用于对不同租户的插件进行管理。这样一来，由于不同的插件管理组件运行在不同的进程中，使得不同的插件管理组件管理的插件属于不同的进程，实现了属于不同租户的插件之间的隔离，使得一个租户的插件无法访问其他租户的插件，提高了多租户情况下的访问安全性。例如，通过对属于不同租户的插件进行隔离，能够将恶意租户的插件与其他租户的插件进行隔离，使得一个租户恶意编写的插件无法访问其他租户的插件，避免了恶意租户对其他租户的插件进行的破坏，减小了插件的安全风险，有助于保证插件的安全运行。Similarly, the cloud service request processing system can be used to process cloud service requests from one or more tenants. In this case, the cloud service request processing system accordingly includes multiple plug-in management components corresponding to the multiple tenants. Each plug-in management component is used to manage plug-ins belonging to the corresponding tenant, and all plug-ins managed by any plug-in management component belong to the same tenant. That is, each tenant has its own plug-in management component. The plug-in management component owned by any tenant is used to manage plug-ins belonging to that tenant, and plug-in management components belonging to different tenants are used to manage plug-ins belonging to different tenants. In this way, since different plug-in management components run in different processes, plug-ins managed by different plug-in management components belong to different processes, achieving isolation between plug-ins belonging to different tenants. This prevents a plug-in from one tenant from accessing plug-ins from other tenants, thereby improving access security in a multi-tenant environment. For example, by isolating plug-ins belonging to different tenants, plug-ins belonging to malicious tenants can be isolated from plug-ins belonging to other tenants. This prevents malicious tenants from damaging plug-ins from other tenants, reduces the security risk of plug-ins, and helps ensure the safe operation of plug-ins.

另外，云服务请求处理系统可选包括多个插件框架和属于同一租户的至少一个插件管理组件。该多个插件框架用于实现相同的功能。响应于云服务请求处理系统包括同一租户的多个插件管理组件，多个插件框架中至少部分单独使用一个插件管理组件。当时插件框架单独使用一个插件管理组件时，实现了插件框架对插件管理组件的独享。响应于云服务请求处理系统包括同一租户的一个插件管理组件，该多个插件框架共用一个插件管理组件，即该多个插件框架共享该一个插件管理组件。例如，某个服务器中部署由多个插件框架和属于同一租户的一个插件管理组件，此时，该插件管理组件被该服务器中不同的插件框架共享。在这种情况下，由于多个插件框架对被共享的插件管理组件管理的插件的调用均由该插件管理组件记录，能够保证该多个插件框架的状态统一。其中，可选采用共享内存保存插件管理组件是否已经启动的指示信息和插件管理组件的地址信息，以使得插件管理组件被不同插件框架共享。In addition, the cloud service request processing system may optionally include multiple plug-in frameworks and at least one plug-in management component belonging to the same tenant. The multiple plug-in frameworks are configured to implement the same functionality. In response to the cloud service request processing system including multiple plug-in management components belonging to the same tenant, at least some of the multiple plug-in frameworks independently utilize a single plug-in management component. When a plug-in framework independently utilizes a single plug-in management component, the plug-in frameworks have exclusive access to the plug-in management component. In response to the cloud service request processing system including a plug-in management component belonging to the same tenant, the multiple plug-in frameworks may share a single plug-in management component. For example, a server may deploy multiple plug-in frameworks and a plug-in management component belonging to the same tenant. In this case, the plug-in management component is shared by different plug-in frameworks within the server. In this case, since calls to plug-ins managed by the shared plug-in management component by multiple plug-in frameworks are all recorded by the plug-in management component, the unified state of the multiple plug-in frameworks can be ensured. Optionally, shared memory may be used to store information indicating whether the plug-in management component has been started and the address information of the plug-in management component, enabling the plug-in management component to be shared by different plug-in frameworks.

需要说明的是，云服务请求处理系统的插件通常包括系统插件和租户插件。对系统插件进行管理插件管理组件也称为系统插件管理组件。对租户插件也称为租户插件管理组件系统插件为云服务请求处理系统自带的插件，具有较高的安全性和稳定性。租户插件为租户上传的插件，其安全性和稳定性能稍差。因此，插件框架对系统自带的插件的访问可选仍为插件框架的进程内访问，插件框架对租户插件的访问可选通过插件管理组件对插件进行访问实现。此时，由于系统插件能够被插件框架通过函数地址进行调用，使得对系统插件的访问为进程内访问，能够保证较高的插件性能。It should be noted that the plug-ins of the cloud service request processing system usually include system plug-ins and tenant plug-ins. The plug-in management component that manages the system plug-in is also called the system plug-in management component. The tenant plug-in is also called the tenant plug-in management component. The system plug-in is the plug-in that comes with the cloud service request processing system and has higher security and stability. The tenant plug-in is the plug-in uploaded by the tenant, and its security and stability performance are slightly worse. Therefore, the plug-in framework can still optionally access the plug-in that comes with the system through the in-process access of the plug-in framework, and the plug-in framework can optionally access the tenant plug-in through the plug-in management component. At this time, since the system plug-in can be called by the plug-in framework through the function address, the access to the system plug-in is in-process access, which can ensure higher plug-in performance.

在一种可能的实现方式中，如图6所示，云服务请求处理系统10还包括：访问代理组件105。此时，插件框架102与插件管理组件103之间的交互可通过访问代理组件105实现。例如，插件框架向插件管理组件发送插件访问请求，包括：插件框架向访问代理组件发送插件访问请求，访问代理组件向插件管理组件发送插件访问请求。则如图7所示，步骤502包括步骤5021和步骤5022。步骤5021、插件框架基于云服务请求运行，并向访问代理组件发送插件访问请求。步骤5022、访问代理组件向插件管理组件发送插件访问请求。需要说明的是，如图6所示，由于系统插件具有较高的安全性和稳定性，插件框架102与系统插件管理组件103之间的交互可选无需通过访问代理组件105实现。In one possible implementation, as shown in FIG6 , the cloud service request processing system 10 further includes: an access proxy component 105. At this time, the interaction between the plug-in framework 102 and the plug-in management component 103 can be implemented through the access proxy component 105. For example, the plug-in framework sends a plug-in access request to the plug-in management component, including: the plug-in framework sends a plug-in access request to the access proxy component, and the access proxy component sends a plug-in access request to the plug-in management component. Then, as shown in FIG7 , step 502 includes steps 5021 and 5022. Step 5021, the plug-in framework runs based on the cloud service request and sends a plug-in access request to the access proxy component. Step 5022, the access proxy component sends a plug-in access request to the plug-in management component. It should be noted that, as shown in FIG6 , since the system plug-in has high security and stability, the interaction between the plug-in framework 102 and the system plug-in management component 103 is optional and does not need to be implemented through the access proxy component 105.

插件框架向访问代理组件发送插件访问请求，从插件框架的视角，其实现方式与现有插件框架访问插件的方式基本相同。在一种可能的实现方式中，访问代理组件与插件框架为运行在同一个进程中的功能模块。此时，插件框架与访问代理组件之间的通信为进程内通信。示例的，该访问代理组件为存根stub。访问代理组件向插件管理组件发送插件访问请求，需要访问代理组件先将插件框架发送的插件访问请求解析为数据包，然后根据数据包的指示确定插件框架指示访问的插件，然后确定对该插件进行管理的插件管理组件，然后向该插件管理组件发送插件访问请求。其中，插件访问请求能够指示插件框架请求访问的第一插件及其中的方法和相关参数。在一种可能的实现方式中，访问代理组件向插件管理组件发送插件访问请求，相当于将插件框架发送的插件访问请求转换成套接字(socket)请求，再向插件管理组件发送该socket请求。其可通过进程间通信(interprocess communication，IPC)或共享内存(shared memory，SHM)的方式实现。例如，进程间通信可采用UNIX域套接字(UNIX domain socket，UDS)实现，UDS是在socket的框架上发展出一种IPC机制。这样一来，为了通过访问代理组件对插件进行访问，对插件框架的改进主要为修改插件框架对访问代理组件的调用扩展，对插件框架的修改较少，能够减轻插件框架开发人员的开发压力。并且，当插件框架与插件管理组件之间的交互通过访问代理组件实现时，该访问代理组件将插件框架与插件管理组件进行了隔离，在插件启动失败或运行出现错误时，插件管理组件会向访问代理组件返回指示执行出现错误的信息，而不会导致访问代理组件出现问题，更不会波及插件框架，能够保证插件框架运行的安全性和稳定性。The plug-in framework sends a plug-in access request to the access proxy component. From the perspective of the plug-in framework, its implementation method is basically the same as the method of the existing plug-in framework accessing the plug-in. In one possible implementation method, the access proxy component and the plug-in framework are functional modules running in the same process. At this time, the communication between the plug-in framework and the access proxy component is intra-process communication. For example, the access proxy component is a stub. The access proxy component sends a plug-in access request to the plug-in management component. The access proxy component is required to first parse the plug-in access request sent by the plug-in framework into a data packet, and then determine the plug-in that the plug-in framework instructs to access according to the instructions of the data packet, and then determine the plug-in management component that manages the plug-in, and then send the plug-in access request to the plug-in management component. Among them, the plug-in access request can indicate the first plug-in that the plug-in framework requests to access and the methods and related parameters therein. In one possible implementation method, the access proxy component sends a plug-in access request to the plug-in management component, which is equivalent to converting the plug-in access request sent by the plug-in framework into a socket request, and then sending the socket request to the plug-in management component. It can be implemented through interprocess communication (IPC) or shared memory (SHM). For example, interprocess communication can be implemented using UNIX domain sockets (UDS), which is an IPC mechanism developed on the socket framework. In this way, in order to access the plug-in through the access proxy component, the improvement to the plug-in framework mainly involves modifying the plug-in framework's call extension to the access proxy component. The modification to the plug-in framework is relatively small, which can reduce the development pressure on plug-in framework developers. In addition, when the interaction between the plug-in framework and the plug-in management component is implemented through the access proxy component, the access proxy component isolates the plug-in framework from the plug-in management component. When the plug-in fails to start or an error occurs during operation, the plug-in management component will return information indicating the execution error to the access proxy component without causing any problems with the access proxy component or affecting the plug-in framework, thereby ensuring the security and stability of the plug-in framework operation.

步骤503、插件管理组件基于插件访问请求对第一插件进行访问，得到访问结果，并向插件框架反馈访问结果。Step 503: The plug-in management component accesses the first plug-in based on the plug-in access request, obtains an access result, and feeds back the access result to the plug-in framework.

插件管理组件获取插件访问请求后，能够确定插件框架请求指示访问的第一插件及其中的方法和相关参数，然后根据其对第一插件进行访问。插件管理组件得到对第一插件的访问结果后，需要向插件框架反馈该访问结果。当云服务请求处理系统包括访问代理组件时，插件管理组件向插件框架反馈访问结果也可通过访问代理组件实现。例如，插件管理组件向插件框架反馈访问结果，包括：插件管理组件向访问代理组件发送访问结果，访问代理组件向插件框架发送访问结果。则如图7所示，步骤503包括步骤5031和步骤5032。步骤5031、插件管理组件基于插件访问请求对第一插件进行访问，得到访问结果，并向访问代理组件发送访问结果。步骤5032、访问代理组件向插件框架发送访问结果。其实现方式请响应参考步骤502中的相关描述，此处不再赘述。After the plug-in management component obtains the plug-in access request, it can determine the first plug-in and the method and related parameters therein that the plug-in framework requests to access, and then access the first plug-in based on them. After the plug-in management component obtains the access result of the first plug-in, it needs to feedback the access result to the plug-in framework. When the cloud service request processing system includes an access proxy component, the plug-in management component can also feedback the access result to the plug-in framework through the access proxy component. For example, the plug-in management component feeds back the access result to the plug-in framework, including: the plug-in management component sends the access result to the access proxy component, and the access proxy component sends the access result to the plug-in framework. As shown in Figure 7, step 503 includes steps 5031 and 5032. Step 5031, the plug-in management component accesses the first plug-in based on the plug-in access request, obtains the access result, and sends the access result to the access proxy component. Step 5032, the access proxy component sends the access result to the plug-in framework. For its implementation method, please refer to the relevant description in step 502, which will not be repeated here.

步骤504、插件框架基于访问结果，得到针对云服务请求的处理结果。Step 504: The plug-in framework obtains a processing result for the cloud service request based on the access result.

插件框架得到对第一插件的访问结果后，能够基于该访问结果，得到对云服务请求进行处理的处理结果。例如，根据插件框架对云服务请求的不同处理流程，插件框架可将该访问结果作为对云服务请求的处理结果，或者，插件框架在收到处理结果后，还需要基于该处理结果运行，并将运行结果作为对云服务请求的处理结果。After obtaining the access result of the first plug-in, the plug-in framework can obtain the processing result of the cloud service request based on the access result. For example, depending on the plug-in framework's different processing procedures for cloud service requests, the plug-in framework can use the access result as the processing result of the cloud service request. Alternatively, after receiving the processing result, the plug-in framework needs to perform an operation based on the processing result and use the operation result as the processing result of the cloud service request.

在使用第一插件前，插件管理组件需要先加载第一插件。下面对加载第一插件的实现过程进行说明。如图8所示，加载第一插件的实现过程包括以下步骤：Before using the first plug-in, the plug-in management component needs to load the first plug-in first. The implementation process of loading the first plug-in is described below. As shown in Figure 8, the implementation process of loading the first plug-in includes the following steps:

步骤801、交互组件获取租户的插件加载请求，并向插件管理组件转发插件加载请求，插件加载请求指示加载第一插件。Step 801: The interaction component obtains a tenant's plug-in loading request and forwards the plug-in loading request to the plug-in management component. The plug-in loading request indicates loading a first plug-in.

租户需要使用第一插件对云服务请求进程处理时，可在其使用的客户端上执行指定操作，以触发指示加载第一插件的插件加载请求，客户端能够向用于提供云服务的服务器提供该插件加载请求。客户端向服务器提供插件加载请求后，交互组件能够获取该插件加载请求。由于插件由插件管理组件管理，该管理包括加载插件，因此，交互组件获取插件加载请求后，需要向插件管理组件转发该插件加载请求，使得插件管理组件基于该插件加载请求对第一插件进行加载。在一种实现方式中，插件框架能够获取插件管理组件与其管理的插件的对应关系，插件框架确定需要加载第一插件时，可根据该对应关系确定对该第一插件进行管理的插件管理组件，并向该插件管理组件发送插件加载请求。When a tenant needs to use the first plug-in to process a cloud service request, he can perform a specified operation on the client he uses to trigger a plug-in loading request indicating that the first plug-in should be loaded. The client can provide the plug-in loading request to the server used to provide the cloud service. After the client provides the plug-in loading request to the server, the interactive component can obtain the plug-in loading request. Since the plug-in is managed by the plug-in management component, and the management includes loading the plug-in, after the interactive component obtains the plug-in loading request, it needs to forward the plug-in loading request to the plug-in management component so that the plug-in management component loads the first plug-in based on the plug-in loading request. In one implementation, the plug-in framework can obtain the correspondence between the plug-in management component and the plug-in it manages. When the plug-in framework determines that the first plug-in needs to be loaded, it can determine the plug-in management component that manages the first plug-in based on the correspondence, and send a plug-in loading request to the plug-in management component.

步骤802、插件管理组件基于插件加载请求，加载第一插件。Step 802: The plug-in management component loads the first plug-in based on the plug-in loading request.

插件管理组件获取到插件加载请求后，能够基于该插件加载请求加载第一插件。由于该第一插件由插件管理组件加载，插件框架的运行和插件的运行属于不同的进程，相当于实现了插件框架与插件之间的隔离，使得加载插件的过程不会影响插件框架的运行，进而加载插件的过程不会对其他插件管理组件管理的插件产生影响，能够实现插件的动态加载。After receiving a plugin load request, the plugin management component can load the first plugin based on the plugin load request. Because the first plugin is loaded by the plugin management component, the plugin framework and the plugin run in different processes, effectively isolating the plugin framework from the plugin. This ensures that the plugin loading process does not affect the plugin framework's operation, and thus does not affect other plugins managed by the plugin management component, enabling dynamic plugin loading.

插件管理组件在获取插件加载请求后，可先基于插件加载请求查询自身是否缓存有第一插件的可执行代码，当自身缓存有第一插件的可执行代码时，基于该第一插件的可执行代码加载第一插件。当自身未缓存有第一插件的可执行代码时，需要先获取该第一插件的可执行代码。在一种可能的实现方式中，插件管理组件可从插件注册组件或其他插件管理组件获取该第一插件的可执行代码。插件注册组件用于存储对云服务请求进行处理所需的所有插件。此时，如图9所示，云服务请求处理系统10还包括：其他插件管理组件103。插件注册组件可以属于云服务请求处理系统，或者插件注册组件独立于该云服务请求处理系统。例如，该插件注册组件为云管理平台提供的一项单独的云服务。图9为插件注册组件20独立于云服务请求处理系统10的示意图。此时，如图10所示，其实现过程包括：After obtaining the plug-in loading request, the plug-in management component may first query whether it has cached the executable code of the first plug-in based on the plug-in loading request. When it has cached the executable code of the first plug-in, it loads the first plug-in based on the executable code of the first plug-in. When it does not cache the executable code of the first plug-in, it needs to obtain the executable code of the first plug-in first. In one possible implementation, the plug-in management component may obtain the executable code of the first plug-in from the plug-in registration component or other plug-in management components. The plug-in registration component is used to store all plug-ins required to process cloud service requests. At this time, as shown in Figure 9, the cloud service request processing system 10 also includes: other plug-in management components 103. The plug-in registration component may belong to the cloud service request processing system, or the plug-in registration component may be independent of the cloud service request processing system. For example, the plug-in registration component is a separate cloud service provided by the cloud management platform. Figure 9 is a schematic diagram of the plug-in registration component 20 being independent of the cloud service request processing system 10. At this time, as shown in Figure 10, its implementation process includes:

步骤8021、插件管理组件基于插件加载请求，向插件注册组件发送插件获取请求，插件获取请求指示获取第一插件。Step 8021: The plug-in management component sends a plug-in acquisition request to the plug-in registration component based on the plug-in loading request, where the plug-in acquisition request indicates acquiring the first plug-in.

由于插件注册组件用于存储对云服务请求进行处理所需的所有插件，因此插件管理组件未缓存有第一插件的可执行代码时，插件管理组件可先向插件注册组件发送插件获取请求，以便于获取第一插件的获取地址。为便于插件注册组件确定插件管理组件需要获取的插件，该插件获取请求携带有第一插件的指示信息。在云服务请求处理系统启动时，云服务管理人员可向该插件管理组件指定插件注册组件的访问地址。插件管理组件获取插件加载请求后，可基于该插件注册组件的访问地址向插件注册组件发送插件获取请求。Since the plug-in registration component is used to store all plug-ins required to process cloud service requests, when the plug-in management component does not cache the executable code of the first plug-in, the plug-in management component can first send a plug-in acquisition request to the plug-in registration component to obtain the acquisition address of the first plug-in. In order to facilitate the plug-in registration component to determine the plug-in that the plug-in management component needs to obtain, the plug-in acquisition request carries the indication information of the first plug-in. When the cloud service request processing system is started, the cloud service administrator can specify the access address of the plug-in registration component to the plug-in management component. After the plug-in management component obtains the plug-in loading request, it can send a plug-in acquisition request to the plug-in registration component based on the access address of the plug-in registration component.

插件管理组件向插件注册组件发送插件获取请求之前，若插件管理组件与插件注册组件之间没有建立通信连接，则插件管理组件需要先与插件注册组件建立通信连接。该通信连接可选为安全套接字层(secure sockets layer，SSL)连接。在建立通信连接的过程中，插件管理组件和插件注册组件之间需要进行双向安全认证，以保证通信连接的安全性。例如，插件注册组件与插件管理组件之间可以互发安全证书，并对对方的安全证书进行验证。在一种实现方式中，云服务管理人员在向云服务请求处理系统加载租户配置时，还向插件框架发送了租户的安全证书，该安全证书可由访问代理组件转发至租户对应的插件管理组件，插件管理组件在接收到该安全证书后，可将该安全证书缓存，以备后续使用。Before the plug-in management component sends a plug-in acquisition request to the plug-in registration component, if there is no communication connection between the plug-in management component and the plug-in registration component, the plug-in management component needs to establish a communication connection with the plug-in registration component first. The communication connection can be optionally a secure sockets layer (SSL) connection. In the process of establishing the communication connection, two-way security authentication is required between the plug-in management component and the plug-in registration component to ensure the security of the communication connection. For example, the plug-in registration component and the plug-in management component can issue security certificates to each other and verify each other's security certificates. In one implementation method, when the cloud service administrator loads the tenant configuration to the cloud service request processing system, the cloud service administrator also sends the tenant's security certificate to the plug-in framework. The security certificate can be forwarded by the access proxy component to the plug-in management component corresponding to the tenant. After receiving the security certificate, the plug-in management component can cache the security certificate for subsequent use.

步骤8022、插件管理组件接收插件注册组件发送的插件获取响应，插件获取响应携带有其他插件管理组件的指示信息，或者，插件获取响应携带有第一插件在插件注册组件中的存储地址的指示信息。Step 8022: The plug-in management component receives a plug-in acquisition response sent by the plug-in registration component. The plug-in acquisition response carries indication information of other plug-in management components, or the plug-in acquisition response carries indication information of the storage address of the first plug-in in the plug-in registration component.

插件注册组件接收插件获取组件后，会查询是否已有其他插件管理组件下载过第一插件的可执行代码。在其他插件管理组件下载过第一插件的可执行代码时，插件注册组件可优先向插件管理组件提供该其他插件管理组件的指示信息。在没有任何一个其他插件管理组件下载过第一插件的可执行代码时，插件注册组件向插件管理组件提供第一插件的可执行代码在插件注册组件中的存储地址的指示信息。指示信息可选携带在针对插件获取请求的插件获取响应中。此处的其他插件管理组件可选为与插件管理组件部署在同一服务器中，或者该其他插件管理组件与插件管理组件位于同一网段中。插件注册组件优先向插件管理组件提供下载过第一插件的可执行代码的其他插件管理组件的指示信息，使得插件管理组件能够优先从该其他插件管理组件中下载第一插件的可执行代码，能够减小插件注册组件的下载压力，减小插件注册组件的网络流量。当云服务请求处理系统包括的插件管理组件的数量越多时，该效果表现的越明显。After receiving the plugin acquisition component, the plugin registration component queries whether any other plugin management component has downloaded the executable code for the first plugin. If any other plugin management component has downloaded the executable code for the first plugin, the plugin registration component may prioritize providing the plugin management component with information indicating the other plugin management component. If no other plugin management component has downloaded the executable code for the first plugin, the plugin registration component provides the plugin management component with information indicating the storage address of the first plugin's executable code within the plugin registration component. This information may optionally be included in the plugin acquisition response to the plugin acquisition request. The other plugin management component may be deployed on the same server as the plugin management component, or located in the same network segment as the plugin management component. The plugin registration component prioritizes providing the plugin management component with information indicating the other plugin management component that has downloaded the executable code for the first plugin, enabling the plugin management component to preferentially download the executable code for the first plugin from these other plugin management components. This reduces the plugin registration component's download pressure and network traffic. This effect is more pronounced when the cloud service request processing system includes more plugin management components.

可选的，在其他插件管理组件下载过第一插件的可执行代码时，指示信息可选指示距离插件管理组件最近的其他插件管理组件。该距离最近表现为到插件管理组件的传输时延最小。或者，指示信息可选指示距离插件管理组件较近的多个其他插件管理组件。例如，指示信息指示多个其他插件管理组件，且该多个其他插件管理组件按照到插件管理组件的距离进行了排序。进一步的，插件管理组件到指示信息指示的其他插件管理组件的距离，可选小于插件管理组件到插件注册组件的距离。例如，该多个其他插件管理组件到插件管理组件的传输时延均小于剩余的其他插件管理组件到插件管理组件的传输时延，且均小于插件管理组件到插件注册组件的传输时延。这样一来，能够便于插件管理组件就近下载第一插件的可执行代码，缩短加载第一插件的耗时，进而缩短第一插件的准备时间和减小租户的访问时延。Optionally, when other plug-in management components have downloaded the executable code of the first plug-in, the indication information may optionally indicate other plug-in management components that are closest to the plug-in management component. This closest distance is manifested as the smallest transmission delay to the plug-in management component. Alternatively, the indication information may optionally indicate multiple other plug-in management components that are relatively close to the plug-in management component. For example, the indication information indicates multiple other plug-in management components, and the multiple other plug-in management components are sorted according to the distance to the plug-in management component. Furthermore, the distance from the plug-in management component to the other plug-in management components indicated by the indication information may optionally be smaller than the distance from the plug-in management component to the plug-in registration component. For example, the transmission delays from the multiple other plug-in management components to the plug-in management component are all smaller than the transmission delays from the remaining other plug-in management components to the plug-in management component, and are all smaller than the transmission delay from the plug-in management component to the plug-in registration component. In this way, it is convenient for the plug-in management component to download the executable code of the first plug-in nearby, shorten the time taken to load the first plug-in, and thereby shorten the preparation time of the first plug-in and reduce the access delay of the tenant.

当云服务请求处理系统包括与多个租户对应的多个插件管理组件，任一插件管理组件用于对属于对应租户的插件进行管理，且任一插件管理组件管理的所有插件属于同一个租户时，插件管理组件与该其他插件管理组件用于对同一租户的插件进行管理。这样一来，用于对属于同一租户的插件管理组件之间能够互相下载插件的可执行代码，属于不同租户的插件管理组件之间不能够互相下载插件的可执行代码，能够保证不同租户间插件的隔离。When the cloud service request processing system includes multiple plug-in management components corresponding to multiple tenants, and any plug-in management component is used to manage plug-ins belonging to the corresponding tenant, and all plug-ins managed by any plug-in management component belong to the same tenant, the plug-in management component and the other plug-in management component are used to manage plug-ins belonging to the same tenant. In this way, plug-in management components belonging to the same tenant can download executable code for plug-ins from each other, while plug-in management components belonging to different tenants cannot download executable code for plug-ins from each other, thereby ensuring the isolation of plug-ins between different tenants.

步骤8023、插件管理组件基于插件获取响应的指示，获取第一插件，并加载第一插件。Step 8023: The plug-in management component obtains the first plug-in based on the plug-in acquisition response indication, and loads the first plug-in.

插件管理组件获取插件获取响应携带的指示信息后，可基于指示信息的指示获取第一插件的可执行代码。例如，插件管理组件从指示信息指示的其他插件管理组件中下载第一插件的可执行代码。当指示信息指示多个其他插件管理组件时，插件管理组件可选从该其他插件管理组件中筛选得到一个其他插件管理组件，并从筛选出的其他插件管理组件中下载第一插件的可执行代码。例如，筛选出的其他插件管理组件可选为指示信息指示在多个其他插件管理组件中到该插件管理组件最近的一个。或者，筛选出的其他插件管理组件可选为插件管理组件经过探测确定的多个其他插件管理组件中到该插件管理组件最近的一个。其中，插件管理组件按照指示信息从其他插件管理组件或插件注册组件下载第一插件的可执行代码时，插件管理组件还可选向其他插件管理组件或插件注册组件发送自己的安全凭证，以便于其他插件管理组件或插件注册组件对该插件管理组件进行安全验证。示例的，该安全凭证可选为插件管理组件的令牌(token)。After obtaining the instruction information carried in the plug-in acquisition response, the plug-in management component may obtain the executable code of the first plug-in based on the instruction in the instruction information. For example, the plug-in management component may download the executable code of the first plug-in from the other plug-in management components indicated by the instruction information. If the instruction information indicates multiple other plug-in management components, the plug-in management component may optionally select one of the other plug-in management components and download the executable code of the first plug-in from the selected other plug-in management component. For example, the selected other plug-in management component may be the one closest to the plug-in management component among the multiple other plug-in management components indicated in the instruction information. Alternatively, the selected other plug-in management component may be the one closest to the plug-in management component among the multiple other plug-in management components determined by the plug-in management component through detection. When the plug-in management component downloads the executable code of the first plug-in from the other plug-in management component or the plug-in registration component in accordance with the instruction information, the plug-in management component may also optionally send its security credentials to the other plug-in management component or the plug-in registration component to facilitate security verification of the plug-in management component by the other plug-in management component or the plug-in registration component. For example, the security credentials may be a token of the plug-in management component.

其中，如图9所示，插件注册组件20可选包括系统注册子组件201和租户注册子组件202。系统注册子组件201用于存储云服务请求处理系统插件的可执行代码。则该第一子组件也称为系统插件库。租户注册子组件202用于存储租户插件的可执行代码。则该租户注册子组件202也称为租户插件库。由于系统插件具有较高的安全性和稳定性，可以设置租户不具有对系统注册子组件201的访问权限，以对系统插件和租户插件分开管理，并将系统插件设置为具有较高的安全级别，以避免恶意租户篡改受信任的系统插件，进而保证系统插件的安全性。Among them, as shown in Figure 9, the plug-in registration component 20 optionally includes a system registration sub-component 201 and a tenant registration sub-component 202. The system registration sub-component 201 is used to store the executable code of the cloud service request processing system plug-in. Then the first sub-component is also called the system plug-in library. The tenant registration sub-component 202 is used to store the executable code of the tenant plug-in. Then the tenant registration sub-component 202 is also called the tenant plug-in library. Since the system plug-in has higher security and stability, it can be set that the tenant does not have access to the system registration sub-component 201, so as to manage the system plug-in and the tenant plug-in separately, and set the system plug-in to have a higher security level to prevent malicious tenants from tampering with the trusted system plug-in, thereby ensuring the security of the system plug-in.

插件管理组件加载第一插件后，还有可能需要对该第一插件进行更新。下面对更新第一插件的实现过程进行说明。如图11所示，更新第一插件的实现过程包括以下步骤：After the plug-in management component loads the first plug-in, it may be necessary to update the first plug-in. The following describes the implementation process of updating the first plug-in. As shown in Figure 11, the implementation process of updating the first plug-in includes the following steps:

步骤1101、插件管理组件获取指示对第一插件进行更新的更新请求。Step 1101: The plug-in management component obtains an update request instructing to update a first plug-in.

更新请求的实现方式有多种。本申请实施例以两种实现方式为例，对其进行说明。在一种实现方式中，更新请求由插件注册组件发送。示例的，插件注册组件在存储有第一插件的更新版本后，自发地向插件管理组件发送更新请求，以提示插件管理组件对第一插件进行更新。例如，租户可向插件注册组件上传第一插件的更新版本，插件注册组件接收到该第一插件的更新版本后，向所有加载有该第一插件的所有插件管理组件发送更新请求，以提示该所有插件管理组件对该第一插件进行更新。此时，在插件管理组件与插件注册组件建立通信连接后，可以保持该通信连接，以便于插件注册组件向插件管理组件发送该更新请求。在另一种实现方式中，更新请求由交互组件向插件注册组件发送。示例的，交互组件能够接收租户的插件更新指示，并在获取租户的插件更新指示后，基于插件更新指示向插件管理组件发送更新请求。该插件更新指示用于指示对第一插件进行更新。例如，租户能够在其使用的客户端上执行指定操作以触发插件更新指示，客户端能够向交互组件发送该插件更新指示，以通过该插件更新指示提示插件管理组件对第一插件进行更新。可选的，不论更新请求以以上哪种实现方式实现，更新请求均可仅指示对第一插件进行更新。或者，该更新请求均还携带有第一插件的更新版本的下载地址。更新请求可携带有第一插件的版本号，以对第一插件的版本进行指示。There are multiple ways to implement an update request. The present application uses two implementations as examples to illustrate these. In one implementation, the update request is sent by the plug-in registration component. For example, after storing an updated version of a first plug-in, the plug-in registration component spontaneously sends an update request to the plug-in management component to prompt the plug-in management component to update the first plug-in. For example, a tenant may upload an updated version of a first plug-in to the plug-in registration component. After receiving the updated version of the first plug-in, the plug-in registration component sends an update request to all plug-in management components that have loaded the first plug-in, prompting all plug-in management components to update the first plug-in. In this case, after the plug-in management component establishes a communication connection with the plug-in registration component, the communication connection can be maintained to facilitate the plug-in registration component sending the update request to the plug-in management component. In another implementation, the update request is sent by the interaction component to the plug-in registration component. For example, the interaction component can receive a plug-in update instruction from the tenant and, after obtaining the tenant's plug-in update instruction, send an update request to the plug-in management component based on the plug-in update instruction. The plug-in update instruction is used to indicate an update for the first plug-in. For example, a tenant can perform a specified operation on the client they use to trigger a plug-in update instruction. The client can then send the plug-in update instruction to the interaction component, which then prompts the plug-in management component to update the first plug-in through the plug-in update instruction. Optionally, regardless of which of the above implementations the update request uses, the update request can only indicate an update for the first plug-in. Alternatively, the update request also carries a download address for the updated version of the first plug-in. The update request can also carry the version number of the first plug-in to indicate the version of the first plug-in.

步骤1102、插件管理组件基于更新请求从其他插件管理组件获取第一插件的更新版本，或者，从插件注册组件获取更新版本。Step 1102: The plug-in management component obtains an updated version of the first plug-in from another plug-in management component based on the update request, or obtains an updated version from a plug-in registration component.

插件管理组件获取更新请求后，需要获取第一插件的更新版本。插件管理组件获取第一插件的更新版本的实现逻辑，与加载第一插件前获取第一插件的可执行代码的逻辑类似。即当有其他插件管理组件下载过第一插件的更新版本时，插件管理组件优先从其他插件管理组件中下载第一插件的更新版本，当没有任何一个其他插件管理组件下载过第一插件的更新版本时，插件管理组件从插件注册组件下载第一插件的更新版本。此时，当更新请求携带有第一插件的更新版本的下载地址时，该下载地址可以为已下载第一插件的更新版本的其他插件管理组件的地址，或者，该下载地址为第一插件的更新版本在插件注册组件中的存储地址。当更新请求仅指示对第一插件进行更新时，插件管理组件还需要向插件注册组件发送插件查询请求，以查询第一插件的更新版本的下载地址。或者，插件管理组件向已有通信连接的其他插件管理组件发送查询请求，以查询该其他插件管理组件是否已下载第一插件的更新版本。插件注册组件能够基于该查询请求向插件管理组件发送查询响应。当有其他插件管理组件下载过第一插件的更新版本时，查询响应向插件管理组件反馈已下载第一插件的更新版本的其他插件管理组件的地址。当没有任何一个其他插件管理组件下载过第一插件的更新版本时，查询响应向插件管理组件反馈第一插件的更新版本在插件注册组件中的存储地址。其实现过程请相应参考步骤802中的相关描述，此处不再赘述。After receiving the update request, the plug-in management component needs to obtain the updated version of the first plug-in. The implementation logic for the plug-in management component to obtain the updated version of the first plug-in is similar to the logic for obtaining the executable code of the first plug-in before loading the first plug-in. That is, if another plug-in management component has downloaded the updated version of the first plug-in, the plug-in management component prioritizes downloading the updated version of the first plug-in from the other plug-in management component. If no other plug-in management component has downloaded the updated version of the first plug-in, the plug-in management component downloads the updated version of the first plug-in from the plug-in registration component. In this case, if the update request carries the download address of the updated version of the first plug-in, the download address can be the address of another plug-in management component that has downloaded the updated version of the first plug-in, or the download address of the updated version of the first plug-in stored in the plug-in registration component. If the update request only indicates an update for the first plug-in, the plug-in management component also needs to send a plug-in query request to the plug-in registration component to query the download address of the updated version of the first plug-in. Alternatively, the plug-in management component can send a query request to another plug-in management component with which it has a communication connection to inquire whether the other plug-in management component has downloaded the updated version of the first plug-in. The plug-in registration component can send a query response to the plug-in management component based on the query request. If another plug-in management component has downloaded an updated version of the first plug-in, the query response provides the plug-in management component with the address of the other plug-in management component that has downloaded the updated version of the first plug-in. If no other plug-in management component has downloaded an updated version of the first plug-in, the query response provides the plug-in management component with the storage address of the updated version of the first plug-in in the plug-in registration component. For the implementation process, please refer to the relevant description in step 802 and will not be repeated here.

需要说明的是，插件管理组件收到插件注册组件发送的更新请求后，可选根据预设更新策略确定是否需要对第一插件进行更新。在确定需要对第一插件进行更新时，执行该步骤1102，在确定不需要对第一插件进行更新时，无需执行步骤1102。It should be noted that after the plug-in management component receives the update request sent by the plug-in registration component, it can optionally determine whether the first plug-in needs to be updated according to a preset update policy. If it is determined that the first plug-in needs to be updated, step 1102 is executed. If it is determined that the first plug-in does not need to be updated, step 1102 is not executed.

步骤1103、插件管理组件基于更新版本对第一插件进行更新。Step 1103: The plug-in management component updates the first plug-in based on the updated version.

插件管理组件获取到第一插件的更新版本后，可基于该更新版本对第一插件进行更新。可选的，在插件管理组件对第一插件进行更新之前，第一插件可将其运行状态保存，在完成对第一插件的更新后，再获取该运行状态，并基于该运行状态继续运行。在一种可实现方式中，如图12所示，其实现过程包括：步骤11031、插件管理组件在插件管理组件基于更新版本对第一插件进行更新之前，向第一插件发送更新通知，更新通知指示需要更新第一插件。步骤11032、第一插件基于更新通知，向插件管理组件提供第一插件的运行信息。步骤11033、插件管理组件存储运行信息，并基于更新版本对第一插件进行更新。步骤11034、插件管理组件在插件管理组件基于更新版本对第一插件进行更新之后，向第一插件提供运行信息。步骤11035、第一插件基于运行信息运行。After obtaining the updated version of the first plug-in, the plug-in management component may update the first plug-in based on the updated version. Optionally, before the plug-in management component updates the first plug-in, the first plug-in may save its running state. After completing the update of the first plug-in, the plug-in may retrieve the running state and continue running based on the running state. In one implementation, as shown in Figure 12, the implementation process includes: Step 11031: Before the plug-in management component updates the first plug-in based on the updated version, the plug-in management component sends an update notification to the first plug-in, where the update notification indicates that the first plug-in needs to be updated. Step 11032: Based on the update notification, the first plug-in provides the plug-in management component with its running information. Step 11033: The plug-in management component stores the running information and updates the first plug-in based on the updated version. Step 11034: After the plug-in management component updates the first plug-in based on the updated version, the plug-in management component provides the running information to the first plug-in. Step 11035: The first plug-in runs based on the running information.

插件管理组件获取到第一插件的更新版本后，可选先向第一插件回调插件准备更新函数。此时，作为响应，第一插件如果需要保存自身的运行信息，第一插件可调用插件管理组件的接口，并通过该接口向插件管理组件提供第一插件的运行信息。插件管理组件接收到该运行信息后对其进行保存。然后插件管理组件卸载第一插件，并加载第一插件的更新版本，实现对第一插件的更新。在完成对第一插件的更新后，插件管理组件调用更新后的第一插件的恢复回调，并基于该恢复回调向更新后的第一插件提供保存的运行信息。更新后的第一插件获取该运行信息后，基于该运行信息恢复到第一插件更新前的状态。其中，运行信息用于指示第一插件的运行状态。如图13所示，插件管理组件103包括状态缓存模块1031和插件缓存模块1032，该状态缓存模块1031用于存储插件的运行信息，插件缓存模块1032用于缓存插件的可执行代码。可选的，运行信息可以以键值对(如key＝value)的形式存储。After the plug-in management component obtains the updated version of the first plug-in, it may optionally call back the plug-in preparation update function to the first plug-in. In response, if the first plug-in needs to save its own runtime information, it may call the plug-in management component's interface and provide the plug-in management component with the first plug-in's runtime information through this interface. After receiving this runtime information, the plug-in management component saves it. The plug-in management component then uninstalls the first plug-in and loads the updated version of the first plug-in, completing the update of the first plug-in. After completing the update of the first plug-in, the plug-in management component calls the restore callback of the updated first plug-in and, based on this restore callback, provides the saved runtime information to the updated first plug-in. After obtaining this runtime information, the updated first plug-in restores the state of the first plug-in before the update based on this runtime information. The runtime information indicates the runtime status of the first plug-in. As shown in Figure 13, the plug-in management component 103 includes a state cache module 1031 and a plug-in cache module 1032. The state cache module 1031 is used to store the plug-in's runtime information, and the plug-in cache module 1032 is used to cache the plug-in's executable code. Optionally, the running information may be stored in the form of key-value pairs (eg, key=value).

在更新第一插件前，通过插件管理组件保存第一插件的运行信息，使得在完成第一插件的更新后，第一插件能够继续按照更新前的运行状态运行，能够保证第一插件更新前后的运行状态连续，使得租户和业务对该更新过程无感知。Before updating the first plug-in, the running information of the first plug-in is saved through the plug-in management component, so that after the update of the first plug-in is completed, the first plug-in can continue to run according to the running state before the update, and the running state of the first plug-in before and after the update can be guaranteed to be continuous, so that tenants and businesses are unaware of the update process.

下面以L4/L7分离模式下，云服务请求处理系统通过服务网格的L7代理实现为例，对本申请的实现过程进行举例说明。Below, we take the L4/L7 separation mode, where the cloud service request processing system is implemented through the L7 proxy of the service grid as an example to illustrate the implementation process of this application.

L4/L7分离场景下，L7代理一般为中心式托管集群内的数据面代理，每个L7用于处理不同租户的云服务请求。本申请的云服务请求提供系统的插件框架通过L7数据面实现。L7数据面二进制内不包含可信的系统C++插件和租户C++插件。L7数据面启动时，云服务管理人员需要向L7数据面指定插件注册组件的访问地址，并向L7数据面下发服务网格的安全证书。当L7数据面中创建有系统插件管理组件时，该安全证书可缓存在系统插件管理组件中。这样当L7数据面按需向插件注册组件查询并下载插件时，L7数据面和插件注册组件可以基于该安全证书进行双向安全认证。在需要向L7数据面加载租户C++插件的配置时，云服务管理人员需要向L7数据面同时下发租户证书。当L7数据面中创建有租户插件管理组件时，该租户证书可缓存在租户插件管理组件中。租户证书用于在租户插件管理组件连接插件注册组件时，与插件注册组件进行双向校验。其中，系统插件管理组件用于对系统C++插件进行管理。租户插件管理组件用于对租户C++插件进行管理。系统插件管理组件在L7数据面的启动过程中拉起。系统插件管理组件与L7数据面在同一进程内，在加载系统C++插件后，系统插件管理组件能够被L7数据面在进程内通过函数地址调用，以获得最佳性能。In L4/L7 separation scenarios, the L7 proxy is typically a data plane proxy within a centralized hosting cluster, with each L7 processing cloud service requests from different tenants. The plugin framework of the cloud service request provisioning system in this application is implemented via the L7 data plane. The L7 data plane binary does not contain trusted system C++ plugins or tenant C++ plugins. When the L7 data plane is started, the cloud service administrator must specify the access address of the plugin registration component to the L7 data plane and issue the service grid's security certificate to the L7 data plane. If a system plugin management component is created in the L7 data plane, this security certificate can be cached in the system plugin management component. This allows the L7 data plane and the plugin registration component to perform bidirectional security authentication based on this security certificate when the L7 data plane queries and downloads plugins from the plugin registration component on demand. To load tenant C++ plugin configurations into the L7 data plane, the cloud service administrator must also issue the tenant certificate to the L7 data plane. If a tenant plugin management component is created in the L7 data plane, this tenant certificate can be cached in the tenant plugin management component. The tenant certificate is used for bidirectional verification between the tenant plug-in management component and the plug-in registration component when connecting to it. The system plug-in management component manages system C++ plug-ins. The tenant plug-in management component manages tenant C++ plug-ins. The system plug-in management component is launched during the startup of the L7 data plane. The system plug-in management component and the L7 data plane are co-processed. After loading the system C++ plug-in, the system plug-in management component can be called by the L7 data plane within the process using a function address for optimal performance.

如图14所示，当租户创建容器(pod)时，该租户的云服务会被云管理平台(如图14中service)相应创建。云服务的控制面会整合L7数据面的配置，并向L7数据面下发此租户的租户配置和租户证书。租户配置指示租户使用的C++插件和该插件的配置信息，使得L7数据面能够基于该租户配置区分系统C++插件和租户C++插件。完成配置后，L7数据面加载系统C++插件。在加载系统C++插件之前，若系统插件管理组件中缓存有系统C++插件的可执行代码，则系统插件管理组件可直接基于该可执行代码加载系统C++插件。若系统插件管理组件中未缓存有系统C++插件的可执行代码，系统插件管理组件需要与插件注册组件建立SSL连接，并通过该SSL连接下载系统C++插件的可执行代码。并且，L7数据面需要创建访问代理组件stub。另外，如果此租户还未创建租户插件管理组件，则由L7数据面负责创建，并指定后续使用访问代理组件stub与租户插件管理组件进行通信，其通信方式可以使用UDS、SHM等进程间通信技术。L7数据面还需要向该租户插件管理组件发送租户证书。租户插件管理组件负责拉取并加载租户C++插件。在加载租户C++插件之前，若租户插件管理组件中缓存有租户C++插件的可执行代码，则租户插件管理组件可直接基于该可执行代码加载租户C++插件。若租户插件管理组件中未缓存有租户C++插件的可执行代码，租户插件管理组件需要与插件注册组件建立SSL连接，并通过该SSL连接下载租户C++插件的可执行代码。在完成租户C++插件的加载后，L7数据面还需要基于加载结果完成服务配置设置。在L7数据面接收到云服务请求后，若需要使用系统C++插件对该云服务请求进行处理，L7数据面则需要调用对应的系统C++插件对云服务请求进行处理。若需要使用租户C++插件对该云服务请求进行处理，L7数据面则需要通过访问代理组件stub向租户插件管理组件发送插件访问请求，使得租户插件管理组件对租户C++插件进行调用，并通过访问代理组件stub向L7数据面返回调用结构，以实现对云服务请求的处理。如果插件启动失败，租户插件管理组件会向访问代理组件stub返回指示执行错误的信息。其中，访问代理组件stub在与插件管理组件进行通信的过程中，访问代理组件stub还需要根据采用的进程间通信方式，对通信的消息执行序列化和反序列化等相关操作。As shown in Figure 14, when a tenant creates a container (pod), a cloud service for that tenant is created by the cloud management platform (see service in Figure 14). The cloud service's control plane integrates the L7 data plane configuration and sends the tenant configuration and tenant certificate to the L7 data plane. The tenant configuration indicates the C++ plug-in used by the tenant and its configuration information, enabling the L7 data plane to distinguish between system C++ plug-ins and tenant C++ plug-ins based on the tenant configuration. After the configuration is complete, the L7 data plane loads the system C++ plug-in. Before loading the system C++ plug-in, if the system plug-in management component has the system C++ plug-in's executable code cached, the system plug-in management component can directly load the system C++ plug-in based on that executable code. If the system plug-in management component does not have the system C++ plug-in's executable code cached, the system plug-in management component must establish an SSL connection with the plug-in registration component and download the system C++ plug-in's executable code through this SSL connection. Furthermore, the L7 data plane must create a stub access proxy component. If the tenant has not yet created a tenant plugin management component, the L7 data plane is responsible for creating one and specifying the access proxy component stub for subsequent communication with the tenant plugin management component. This communication can utilize inter-process communication technologies such as UDS and SHM. The L7 data plane also sends the tenant's certificate to the tenant plugin management component. The tenant plugin management component is responsible for retrieving and loading the tenant's C++ plugin. Before loading the tenant C++ plugin, if the tenant plugin management component has the tenant C++ plugin's executable code cached in it, the tenant plugin management component can directly load the tenant C++ plugin based on that executable code. If the tenant plugin management component does not have the tenant C++ plugin's executable code cached in it, the tenant plugin management component establishes an SSL connection with the plugin registration component and downloads the tenant C++ plugin's executable code through that SSL connection. After loading the tenant C++ plugin, the L7 data plane completes service configuration based on the loading results. After the L7 data plane receives a cloud service request, if a system C++ plugin is required to process the cloud service request, the L7 data plane calls the corresponding system C++ plugin to handle the cloud service request. If a tenant C++ plugin is required to process the cloud service request, the L7 data plane sends a plugin access request to the tenant plugin management component via the access proxy stub. The tenant plugin management component then calls the tenant C++ plugin and returns a call structure to the L7 data plane via the access proxy stub to process the cloud service request. If the plugin fails to start, the tenant plugin management component returns an error message to the access proxy stub. During communication with the plugin management component, the access proxy stub also performs operations such as serialization and deserialization on the communication messages, depending on the inter-process communication method used.

根据该实现过程可知，每个插件管理组件对属于同一个租户的插件进行管理，与插件注册组件连接也使用此租户自己的证书进行安全认证，且租户插件能够与系统插件进行隔离。这样一来，一方面能够防止恶意租户插件污染系统插件或其他租户的租户插件，另一方面还能够保证此租户插件崩溃或恶意代码不会影响系统插件、其他租户的租户插件和L7数据面的正常运行。As can be seen from this implementation, each plugin management component manages plugins belonging to the same tenant. Connections with the plugin registration component also use the tenant's own certificate for security authentication, and tenant plugins are isolated from system plugins. This prevents malicious tenant plugins from contaminating system plugins or other tenant plugins, while also ensuring that crashes or malicious code in a tenant plugin will not affect the normal operation of the system plugin, other tenant plugins, or the L7 data plane.

如图15所示，不论系统插件管理组件还是租户插件管理组件，当需要加载插件时，都先检查本地缓存中是否已经存在此插件的可执行代码。如果本地未缓存有该插件的可执行代码，需要先创建与插件注册组件的安全连接，使用该安全连接查询插件。然后，根据插件注册组件返回的响应下载插件的可执行代码。插件管理组件下载到插件的可执行代码后，可将该可执行代码进行缓存，并基于其加载该插件。在其他插件管理组件下载过该插件的可执行代码时，插件注册组件返回的响应包括该其他插件管理组件的指示信息。当该响应包括多个其他插件管理组件的指示信息时，插件管理组件可选基于所在节点的地址和子网地址选择一个其他插件管理组件。在从其他插件管理组件下载插件的可执行代码时，插件管理组件需要根据其他插件管理组件的地址，与该其他插件管理组件建立通信连接，并通过该通信连接从该其他插件管理组件的缓存中下载此插件的可执行代码。在没有任何一个其他插件管理组件下载过第一插件的可执行代码时，插件注册组件返回的响应包括第一插件的可执行代码在插件注册组件中的存储地址的指示信息。其中，当插件管理组件为租户插件管理组件时，该其他插件管理组件和该插件管理组件属于相同的租户，这样能够保证不同租户插件的隔离。其中，插件管理组件与插件注册组件之间建立连接时，需要使用系统证书或者租户证书。例如，当待加载的插件为租户插件时，插件管理组件向插件注册组件传递租户证书，插件注册组件基于该租户证书判断连接的来源租户，即判断租户的身份。然后，基于该身份过滤不属于该租户的插件，并向插件管理组件提供待加载的插件的可执行代码。租户可通过控制台向插件注册组件上传插件的可执行代码，且该可执行代码携带有租户信息。插件注册组件接收到该可执行代码后，可根据其携带的租户信息对可执行代码进行保存。当待加载的插件为租户插件时，插件注册组件返回的响应还包括租户的token。当插件管理组件按照响应从插件注册组件下载插件的可执行代码时，插件管理组件可选向插件注册组件发送该token，以便于插件注册组件基于该token对租户进行认证。或者插件管理组件也可以不向插件注册组件发送该token，此时插件管理组件可向插件注册组件发送租户证书，以便于插件注册组件基于该租户证书对租户进行认证。插件注册管理组件对租户进行认证时，还可对该插件管理组件进行注册。类似地，当其他插件管理组件需要下载插件的可执行代码时，其下载过程也参照该实现方式执行。As shown in Figure 15 , when a plug-in needs to be loaded, both the system plug-in management component and the tenant plug-in management component first check whether the plug-in's executable code already exists in the local cache. If the plug-in's executable code is not cached locally, it first establishes a secure connection with the plug-in registration component and uses this secure connection to query the plug-in. It then downloads the plug-in's executable code based on the response returned by the plug-in registration component. After downloading the plug-in's executable code, the plug-in management component can cache it and use it to load the plug-in. If another plug-in management component has already downloaded the plug-in's executable code, the response returned by the plug-in registration component includes information indicating the other plug-in management component. If the response includes information indicating multiple other plug-in management components, the plug-in management component can optionally select another plug-in management component based on the node address and subnet address. When downloading the plug-in's executable code from another plug-in management component, the plug-in management component establishes a communication connection with the other plug-in management component based on its address and, through this communication connection, downloads the plug-in's executable code from its cache. If no other plug-in management component has downloaded the executable code of the first plug-in, the plug-in registration component returns a response that includes information indicating the storage address of the first plug-in's executable code in the plug-in registration component. When the plug-in management component is a tenant plug-in management component, the other plug-in management component and the plug-in management component belong to the same tenant, thus ensuring isolation between plug-ins from different tenants. The plug-in management component and the plug-in registration component establish a connection using either a system certificate or a tenant certificate. For example, when the plug-in to be loaded is a tenant plug-in, the plug-in management component passes the tenant certificate to the plug-in registration component. The plug-in registration component uses the tenant certificate to determine the source tenant of the connection, that is, the tenant's identity. Based on this identity, it then filters plug-ins that do not belong to the tenant and provides the plug-in management component with the executable code of the plug-in to be loaded. Tenants can upload the plug-in's executable code to the plug-in registration component via the console, and this executable code carries tenant information. After receiving the executable code, the plug-in registration component can save the executable code based on the tenant information it carries. When the plug-in to be loaded is a tenant plug-in, the response returned by the plug-in registration component also includes the tenant's token. When the plug-in management component downloads the executable code of the plug-in from the plug-in registration component in accordance with the response, the plug-in management component may optionally send the token to the plug-in registration component so that the plug-in registration component can authenticate the tenant based on the token. Alternatively, the plug-in management component may not send the token to the plug-in registration component. In this case, the plug-in management component may send the tenant certificate to the plug-in registration component so that the plug-in registration component can authenticate the tenant based on the tenant certificate. When the plug-in registration management component authenticates the tenant, it may also register the plug-in management component. Similarly, when other plug-in management components need to download the executable code of the plug-in, their download process is also performed with reference to this implementation method.

根据该实现过程可知，本申请的云服务请求处理系统不仅能够实现插件的动态加载，当插件管理组件从就近的其他插件管理组件中下载插件的可执行代码，且该其他插件管理组件和该插件管理组件属于同一个用户时，还能够保证租户隔离的插件下载要求，提升插件的下载速度，降低插件的准备时间，且能够降低插件注册组件的网络下载流量，实现对插件注册组件的网络下载流量的分流。例如，当某个租户有新服务被创建时，大量的插件管理组件需要下载插件的可执行代码，此时通过从就近的其他插件管理组件下载插件的可执行代码，能够对下载流量进行分流。According to the implementation process, the cloud service request processing system of the present application can not only realize the dynamic loading of plug-ins, but also ensure the plug-in download requirements of tenant isolation when the plug-in management component downloads the plug-in executable code from other nearby plug-in management components, and the other plug-in management components and the plug-in management component belong to the same user, thereby improving the download speed of plug-ins, reducing the preparation time of plug-ins, and reducing the network download traffic of plug-in registration components, thereby realizing the diversion of network download traffic of plug-in registration components. For example, when a new service is created for a tenant, a large number of plug-in management components need to download the executable code of the plug-in. At this time, by downloading the executable code of the plug-in from other nearby plug-in management components, the download traffic can be diverted.

如图16所示，当租户通过控制台更新插件的版本时，插件注册组件获取更新版本后，可缓存该更新版本，并更新该插件的相关信息，例如更新插件的最新版本号。同时，插件注册组件还可向所有已下载该插件的插件管理组件发送更新通知。插件管理组件获取该更新通知后，可选根据预先配置的更新策略确定是否对插件进行更新。插件管理组件基于更新策略确定进行插件保持时，则不对该插件进行更新。插件管理组件基于更新策略确定对插件进行更新时，插件管理组件可向其已连接且属于同一租户的其他插件管理组件查询是否已下载该插件的更新版本，当其他插件管理组件已下载该插件的更新版本时，插件管理组件则直接从该其他插件管理组件下载该更新版本。当其他插件管理组件均未下载该更新版本时，插件管理组件从插件注册组件下载该更新版本，或者从插件管理组件推荐的其他插件管理组件下载该更新版本。然后基于更新版本对插件进行更新。在另一种场景中，租户可通过控制台指示插件管理组件对插件进行更新。例如，租户通过控制台向插件管理组件发送了更新请求。此时，插件管理组件需要向插件注册组件发送插件更新查询请求，并根据插件注册组件的响应下载插件的更新版本。该根据响应下载更新版本的实现过程，请相应参考插件管理组件基于更新通知下载更新版本的相关描述，此处不再赘述。As shown in Figure 16, when a tenant updates a plug-in version through the console, the plug-in registration component obtains the updated version, caches it, and updates the plug-in's related information, such as the latest version number. The plug-in registration component also sends an update notification to all plug-in management components that have downloaded the plug-in. After receiving the update notification, the plug-in management component can optionally determine whether to update the plug-in based on a preconfigured update policy. If the plug-in management component determines to retain the plug-in based on the update policy, it will not update the plug-in. If the plug-in management component determines to update the plug-in based on the update policy, it can query other connected plug-in management components belonging to the same tenant to see if they have already downloaded the updated version of the plug-in. If other plug-in management components have already downloaded the updated version of the plug-in, the plug-in management component will download the updated version directly from them. If none of the other plug-in management components have downloaded the updated version, the plug-in management component will download the updated version from the plug-in registration component or from other plug-in management components recommended by the plug-in management component. The plug-in will then be updated based on the updated version. In another scenario, the tenant can instruct the plug-in management component to update the plug-in through the console. For example, a tenant sends an update request to the Plugin Management component through the console. The Plugin Management component then sends a plugin update query request to the Plugin Registration component and downloads the updated plugin version based on the Plugin Registration component's response. The implementation of downloading the updated plugin version based on the response is described in the Plugin Management component's description of downloading the updated plugin version based on the update notification, and is not detailed here.

插件管理组件下载插件的更新版本后，插件管理组件可以先向该插件回调插件准备更新函数。此时，作为响应，第一插件如果需要保存自身的运行信息，第一插件可调用插件管理组件的接口，并通过该接口向插件管理组件提供第一插件的运行信息。插件管理组件接收到该运行信息后对其进行保存。然后插件管理组件卸载第一插件的老版本，并加载第一插件的更新版本，实现对第一插件的更新。在完成对第一插件的更新后，插件管理组件调用更新后的第一插件的恢复回调，并基于该恢复回调向更新后的第一插件提供保存的运行信息。更新后的第一插件获取该运行信息后，基于该运行信息恢复到第一插件更新前的状态。After the plug-in management component downloads the updated version of the plug-in, the plug-in management component can first call back the plug-in preparation update function to the plug-in. At this time, in response, if the first plug-in needs to save its own running information, the first plug-in can call the interface of the plug-in management component and provide the running information of the first plug-in to the plug-in management component through the interface. After receiving the running information, the plug-in management component saves it. Then the plug-in management component uninstalls the old version of the first plug-in and loads the updated version of the first plug-in to update the first plug-in. After completing the update of the first plug-in, the plug-in management component calls the recovery callback of the updated first plug-in and provides the saved running information to the updated first plug-in based on the recovery callback. After the updated first plug-in obtains the running information, it recovers to the state before the first plug-in was updated based on the running information.

另外，当插件管理组件与同租户的其他插件管理组件建立连接后，此连接可用于相互查询时使用，不限于仅用于从主动建立连接的插件管理组件发送消息。In addition, after the plug-in management component establishes a connection with other plug-in management components of the same tenant, the connection can be used for mutual query and is not limited to being used only for sending messages from the plug-in management component that actively establishes the connection.

根据该实现过程可知，本申请的云服务请求处理系统支持在运行过程中进行插件升级，并通过插件管理组件保存第一插件的运行信息，使得在完成第一插件的更新后，第一插件能够继续按照更新前的运行状态运行，能够保证第一插件更新前后的运行状态连续，使得租户和业务对该更新过程无感知。According to the implementation process, the cloud service request processing system of the present application supports plug-in upgrades during operation, and saves the operation information of the first plug-in through the plug-in management component, so that after the update of the first plug-in is completed, the first plug-in can continue to run according to the operation status before the update, and can ensure the continuity of the operation status of the first plug-in before and after the update, so that tenants and businesses are unaware of the update process.

由上可知，在本申请提供的云服务请求处理系统中，由于插件由插件管理组件管理，在需要运行插件时，需要插件框架先向插件管理组件发送插件访问请求。插件管理组件接收到插件访问请求后，再基于该插件访问请求对插件进行访问。这样一来，插件框架的运行和插件的运行属于不同的进程，相当于实现了插件框架与插件之间的隔离，使得插件框架与插件之间不会互相影响，保证了插件框架运行的安全性和稳定性。当租户需要对插件进行修改时，如动态加载或更新插件时，无需重启整个插件框架，使得对插件进行修改的行为不会对其他插件管理组件管理的插件产生影响，进而不会对依赖该其他插件运行的租户业务产生影响。类似的，当某个插件运行异常时，也不会影响插件框架，不会对插件框架关联的其他插件管理组件管理的插件造成影响。例如，即使某个租户的插件crash，其也只影响此租户插件管理组件重启，不影响其他租户的访问，并且不会导致L7数据面的重启。As can be seen from the above, in the cloud service request processing system provided by this application, since plug-ins are managed by the plug-in management component, when a plug-in needs to be run, the plug-in framework must first send a plug-in access request to the plug-in management component. After receiving the plug-in access request, the plug-in management component then accesses the plug-in based on the plug-in access request. This ensures that the operation of the plug-in framework and the operation of the plug-in are separate processes, effectively isolating the plug-in framework from the plug-in. This prevents the plug-in framework and the plug-in from interfering with each other, ensuring the security and stability of the plug-in framework's operation. When a tenant needs to modify a plug-in, such as dynamically loading or updating a plug-in, there is no need to restart the entire plug-in framework. This ensures that the modification does not affect other plug-ins managed by the plug-in management component, and thus does not affect tenant services that rely on these other plug-ins. Similarly, when a plug-in fails to operate properly, it does not affect the plug-in framework or the plug-ins managed by other plug-in management components associated with the plug-in framework. For example, even if a tenant's plug-in crashes, it only causes the restart of the tenant's plug-in management component, without affecting access by other tenants or causing a restart of the L7 data plane.

需要说明的是，本申请实施例提供的云服务请求处理方法的步骤先后顺序可以进行适当调整，步骤也可以根据情况进行相应增减。云服务请求处理包括的组件的类型和功能，也可以进行适当调整和增减。任何熟悉本技术领域的技术人员在本申请揭露的技术范围内，可轻易想到变化的方法，都应涵盖在本申请的保护范围之内，因此不再赘述。It should be noted that the order of the steps in the cloud service request processing method provided in the embodiments of the present application can be adjusted appropriately, and the steps can be increased or decreased accordingly. The types and functions of the components included in the cloud service request processing can also be adjusted and increased or decreased appropriately. Any method that can be easily conceived by a person skilled in the art within the technical scope disclosed in this application should be included in the scope of protection of this application, and therefore will not be described in detail.

其中，交互组件101、插件框架102、插件管理组件103、插件104、访问代理组件105和插件注册组件20均可以通过软件实现，或者可以通过硬件实现。示例性地，接下来以交互组件101为例，介绍交互组件101的实现方式。类似的，插件框架102、插件管理组件103、插件104、访问代理组件105和插件注册组件20的实现方式可以参考交互组件101的实现方式。The interaction component 101, plug-in framework 102, plug-in management component 103, plug-in 104, access proxy component 105, and plug-in registration component 20 can all be implemented via software or hardware. By way of example, the implementation of the interaction component 101 will be described below using the interaction component 101 as an example. Similarly, the implementation of the plug-in framework 102, plug-in management component 103, plug-in 104, access proxy component 105, and plug-in registration component 20 can refer to the implementation of the interaction component 101.

作为软件功能单元的一种举例，交互组件101可以包括运行在计算实例上的代码。其中，计算实例可以包括物理主机(计算设备)、虚拟机、容器中的至少一种。As an example of a software functional unit, the interaction component 101 may include code running on a computing instance, wherein the computing instance may include at least one of a physical host (computing device), a virtual machine, and a container.

作为硬件功能单元的一种举例，交互组件101可以包括计算设备，如服务器等。或者，交互组件101也可以是利用专用集成电路(application-specific integrated circuit，ASIC)实现、或可编程逻辑器件(programmable logic device，PLD)实现的设备等。其中，上述PLD可以是复杂程序逻辑器件(complex programmable logical device，CPLD)、现场可编程门阵列(field-programmable gate array，FPGA)、通用阵列逻辑(generic array logic，GAL)或其任意组合实现。As an example of a hardware functional unit, the interaction component 101 may include a computing device, such as a server. Alternatively, the interaction component 101 may be implemented using an application-specific integrated circuit (ASIC) or a programmable logic device (PLD). The PLD may be a complex programmable logical device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL), or any combination thereof.

需要说明的是，在其他实施例中，交互组件101、插件框架102、插件管理组件103、插件104、访问代理组件105和插件注册组件20中任一个可以用于执行云服务请求处理方法中的任意步骤。交互组件101、插件框架102、插件管理组件103、插件104、访问代理组件105和插件注册组件20负责实现的步骤可根据需要指定，通过交互组件101、插件框架102、插件管理组件103、插件104、访问代理组件105和插件注册组件20分别实现云服务请求处理方法中不同的步骤来实现云服务请求处理装置的全部功能。It should be noted that in other embodiments, any one of the interaction component 101, plug-in framework 102, plug-in management component 103, plug-in 104, access proxy component 105, and plug-in registration component 20 can be used to execute any step in the cloud service request processing method. The steps that the interaction component 101, plug-in framework 102, plug-in management component 103, plug-in 104, access proxy component 105, and plug-in registration component 20 are responsible for implementing can be specified as needed. By having the interaction component 101, plug-in framework 102, plug-in management component 103, plug-in 104, access proxy component 105, and plug-in registration component 20 respectively implement different steps in the cloud service request processing method, the full functionality of the cloud service request processing device is realized.

所属领域的技术人员可以清楚地了解到，为描述的方便和简洁，上述描述的各个组成部分的具体工作过程，可以参考前述方法实施例中的对应内容，在此不再赘述。Those skilled in the art will clearly understand that, for the convenience and brevity of description, the specific working processes of the various components described above can refer to the corresponding contents in the aforementioned method embodiments and will not be repeated here.

下面对本申请实施例涉及的基本硬件结构举例说明。The following is an example of the basic hardware structure involved in the embodiments of the present application.

本申请还提供一种计算设备1700。如图17所示，计算设备1700包括：总线1702、处理器1704、存储器1706和通信接口1708。处理器1704、存储器1706和通信接口1708之间通过总线1702通信。计算设备1700可以是服务器或终端设备。应理解，本申请不限定计算设备1700中的处理器、存储器的个数。This application also provides a computing device 1700. As shown in Figure 17, computing device 1700 includes a bus 1702, a processor 1704, a memory 1706, and a communication interface 1708. Processor 1704, memory 1706, and communication interface 1708 communicate with each other via bus 1702. Computing device 1700 can be a server or a terminal device. It should be understood that this application does not limit the number of processors and memories in computing device 1700.

总线1702可以是外设部件互连标准(peripheral component interconnect，PCI)总线或扩展工业标准结构(extended industry standard architecture，EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示，图17中仅用一条线表示，但并不表示仅有一根总线或一种类型的总线。总线1704可包括在计算设备1700各个部件(例如，存储器1706、处理器1704、通信接口1708)之间传送信息的通路。Bus 1702 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. Buses can be classified as address buses, data buses, control buses, and the like. For ease of illustration, FIG17 shows a single line, but this does not imply a single bus or type of bus. Bus 1704 may include a path for transmitting information between various components of computing device 1700 (e.g., memory 1706, processor 1704, and communication interface 1708).

处理器1704可以包括中央处理器(central processing unit，CPU)、图形处理器(graphics processing unit，GPU)、微处理器(micro processor，MP)或者数字信号处理器(digital signal processor，DSP)等处理器中的任意一种或多种。Processor 1704 may include any one or more processors such as a central processing unit (CPU), a graphics processing unit (GPU), a microprocessor (MP), or a digital signal processor (DSP).

存储器1706可以包括易失性存储器(volatile memory)，例如随机存取存储器(random access memory，RAM)。处理器1704还可以包括非易失性存储器(non-volatile memory)，例如只读存储器(read-only memory，ROM)，快闪存储器，机械硬盘(hard disk drive，HDD)或固态硬盘(solid state drive，SSD)。The memory 1706 may include volatile memory, such as random access memory (RAM). The processor 1704 may also include non-volatile memory, such as read-only memory (ROM), flash memory, hard disk drive (HDD), or solid state drive (SSD).

存储器1706中存储有可执行的程序代码，处理器1704执行该可执行的程序代码以分别实现前述交互组件101、插件框架102、插件管理组件103、插件104和访问代理组件105的功能，从而实现云服务请求处理方法。也即，存储器1706上存有用于执行云服务请求处理方法的指令。Memory 1706 stores executable program code. Processor 1704 executes this executable program code to implement the functions of the aforementioned interaction component 101, plug-in framework 102, plug-in management component 103, plug-in 104, and access proxy component 105, thereby implementing the cloud service request processing method. In other words, memory 1706 stores instructions for executing the cloud service request processing method.

通信接口1703使用例如但不限于网络接口卡、收发器一类的收发模块，来实现计算设备1700与其他设备或通信网络之间的通信。The communication interface 1703 uses a transceiver module such as, but not limited to, a network interface card or a transceiver to implement communication between the computing device 1700 and other devices or a communication network.

本申请实施例还提供了一种计算设备集群。该计算设备集群包括至少一台计算设备。该计算设备可以是服务器，例如是中心服务器、边缘服务器，或者是本地数据中心中的本地服务器。在一些实施例中，计算设备也可以是台式机、笔记本电脑或者智能手机等终端设备。Embodiments of the present application also provide a computing device cluster. The computing device cluster includes at least one computing device. The computing device can be a server, such as a central server, an edge server, or a local server in a local data center. In some embodiments, the computing device can also be a terminal device such as a desktop computer, a laptop computer, or a smartphone.

如图18所示，计算设备集群包括至少一个计算设备1700。计算设备集群中的一个或多个计算设备1700中的存储器1706中可以存有相同的用于执行云服务请求处理方法的指令。As shown in Figure 18, the computing device cluster includes at least one computing device 1700. The memory 1706 in one or more computing devices 1700 in the computing device cluster may store the same instructions for executing the cloud service request processing method.

在一些可能的实现方式中，该计算设备集群中的一个或多个计算设备1700的存储器1706中也可以分别存有用于执行云服务请求处理方法的部分指令。换言之，一个或多个计算设备1700的组合可以共同执行用于执行云服务请求处理方法的指令。In some possible implementations, the memory 1706 of one or more computing devices 1700 in the computing device cluster may also store partial instructions for executing the cloud service request processing method. In other words, the combination of one or more computing devices 1700 can jointly execute the instructions for executing the cloud service request processing method.

需要说明的是，计算设备集群中的不同的计算设备1700中的存储器1706可以存储不同的指令，分别用于执行云服务请求处理装置的部分功能。也即，不同的计算设备1700中的存储器1706存储的指令可以实现交互组件101、插件框架102、插件管理组件103、插件104和访问代理组件105中的一个或多个模块的功能。It should be noted that the memory 1706 in different computing devices 1700 in the computing device cluster can store different instructions, each used to execute a portion of the functions of the cloud service request processing apparatus. In other words, the instructions stored in the memory 1706 in different computing devices 1700 can implement the functions of one or more modules in the interaction component 101, plug-in framework 102, plug-in management component 103, plug-in 104, and access proxy component 105.

在一些可能的实现方式中，计算设备集群中的一个或多个计算设备可以通过网络连接。其中，网络可以是广域网或局域网等等。图19示出了一种可能的实现方式。如图19所示，两个计算设备1700A和1700B之间通过网络进行连接。具体地，通过各个计算设备中的通信接口与网络进行连接。在这一类可能的实现方式中，计算设备1700A中的存储器1706中存有执行交互组件101、插件框架102、插件管理组件103、插件104和访问代理组件105的功能的指令。同时，计算设备1700B中的存储器1706中存有执行插件注册组件20的功能的指令。In some possible implementations, one or more computing devices in a computing device cluster may be connected via a network. The network may be a wide area network (WAN) or a local area network (LAN), etc. FIG19 shows a possible implementation. As shown in FIG19 , two computing devices 1700A and 1700B are connected via a network. Specifically, the network is connected via a communication interface in each computing device. In this type of possible implementation, the memory 1706 in the computing device 1700A stores instructions for executing the functions of the interaction component 101, the plug-in framework 102, the plug-in management component 103, the plug-in 104, and the access proxy component 105. At the same time, the memory 1706 in the computing device 1700B stores instructions for executing the functions of the plug-in registration component 20.

图19所示的计算设备集群之间的连接方式可以是考虑到本申请提供的云服务请求处理方法需要插件注册组件20大量地存储插件的可执行程序，因此考虑将插件注册组件20实现的功能交由计算设备1700B执行。The connection method between the computing device clusters shown in Figure 19 can be considered to be that the cloud service request processing method provided by this application requires the plug-in registration component 20 to store a large number of plug-in executable programs, so it is considered to hand over the functions implemented by the plug-in registration component 20 to the computing device 1700B for execution.

应理解，图19中示出的计算设备1700A的功能也可以由多个计算设备1700完成。同样，计算设备1700B的功能也可以由多个计算设备1700完成。It should be understood that the functionality of the computing device 1700A shown in FIG19 may also be implemented by multiple computing devices 1700. Similarly, the functionality of the computing device 1700B may also be implemented by multiple computing devices 1700.

本申请实施例还提供了另一种计算设备集群。该计算设备集群中各计算设备之间的连接关系可以类似的参考图18和图19计算设备集群的连接方式。不同的是，该计算设备集群中的一个或多个计算设备1700中的存储器1706中可以存有相同的用于执行云服务请求处理方法的指令。The present application also provides another computing device cluster. The connection relationship between the computing devices in this computing device cluster can be similar to the connection methods of the computing device clusters shown in Figures 18 and 19. However, the memory 1706 in one or more computing devices 1700 in this computing device cluster can store the same instructions for executing the cloud service request processing method.

本申请实施例还提供了一种包含指令的计算机程序产品。计算机程序产品可以是包含指令的，能够运行在计算设备上或被储存在任何可用介质中的软件或程序产品。当计算机程序产品在至少一个计算设备上运行时，使得至少一个计算设备执行云服务请求处理方法。Embodiments of the present application also provide a computer program product containing instructions. The computer program product may be software or a program product containing instructions that can be run on a computing device or stored on any available medium. When the computer program product is run on at least one computing device, it causes the at least one computing device to execute the cloud service request processing method.

本申请实施例还提供了一种计算机可读存储介质。计算机可读存储介质可以是计算设备能够存储的任何可用介质或者是包含一个或多个可用介质的数据中心等数据存储设备。可用介质可以是磁性介质，(例如，软盘、硬盘、磁带)、光介质(例如，DVD)、或者半导体介质(例如固态硬盘)等。该计算机可读存储介质包括指令，指令指示计算设备执行云服务请求处理方法，或指示计算设备执行云服务请求处理方法。The embodiments of the present application also provide a computer-readable storage medium. The computer-readable storage medium can be any available medium that can be stored by a computing device or a data storage device such as a data center that contains one or more available media. The available medium can be a magnetic medium (e.g., a floppy disk, a hard disk, a tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a solid-state drive). The computer-readable storage medium includes instructions that instruct the computing device to execute the cloud service request processing method, or instruct the computing device to execute the cloud service request processing method.

本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成，也可以通过程序来指令相关的硬件完成，该程序可以存储于一种计算机可读存储介质中，上述提到的存储介质可以是只读存储器，磁盘或光盘等。Those skilled in the art will understand that all or part of the steps to implement the above embodiments may be accomplished by hardware, or may be accomplished by a program to instruct the relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a disk or an optical disk, etc.

需要说明的是，本申请所涉及的信息(包括但不限于租户设备信息、租户个人信息等)、数据(包括但不限于用于分析的数据、存储的数据、展示的数据等)以及信号，均为经租户授权或者经过各方充分授权的，且相关数据的收集、使用和处理需要遵守相关国家和地区的相关法律法规和标准。例如，本申请中涉及到的原始数据和可执行代码等都是在充分授权的情况下获取的。It should be noted that the information (including but not limited to tenant device information, tenant personal information, etc.), data (including but not limited to data used for analysis, storage, display, etc.), and signals involved in this application are all authorized by the tenant or fully authorized by all parties, and the collection, use, and processing of relevant data must comply with the relevant laws, regulations, and standards of the relevant countries and regions. For example, the raw data and executable code involved in this application were obtained with full authorization.

在本申请实施例中，术语“第一”、“第二”和“第三”仅用于描述目的，而不能理解为指示或暗示相对重要性。术语“至少一个”是指一个或多个，术语“多个”指两个或两个以上，除非另有明确的限定。In the embodiments of the present application, the terms "first," "second," and "third" are used for descriptive purposes only and should not be understood as indicating or implying relative importance. The term "at least one" refers to one or more, and the term "plurality" refers to two or more, unless otherwise expressly limited.

本申请中术语“和/或”，仅仅是一种描述关联对象的关联关系，表示可以存在三种关系，例如，A和/或B，可以表示：单独存在A，同时存在A和B，单独存在B这三种情况。另外，本文中字符“/”，一般表示前后关联对象是一种“或”的关系。In this application, the term "and/or" simply describes an association between related objects, indicating that three possible relationships exist. For example, A and/or B can represent: A exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this document generally indicates that the related objects are in an "or" relationship.

最后应说明的是：以上实施例仅用以说明本发明的技术方案，而非对其限制；尽管参照前述实施例对本发明进行了详细的说明，本领域的普通技术人员应当理解：其依然可以对前述各实施例所记载的技术方案进行修改，或者对其中部分技术特征进行等同替换；而这些修改或者替换，并不使相应技术方案的本质脱离本发明各实施例技术方案的保护范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit it. Although the present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that they can still modify the technical solutions described in the aforementioned embodiments, or make equivalent replacements for some of the technical features therein. However, these modifications or replacements do not deviate the essence of the corresponding technical solutions from the protection scope of the technical solutions of the various embodiments of the present invention.

Claims

A cloud service request processing system, characterized in that the system is deployed in a server managed by a cloud management platform, the cloud management platform is used to manage an infrastructure for providing cloud services, the infrastructure including a plurality of the servers, and the system includes: an interaction component, a plug-in framework, a plug-in management component, and at least one plug-in associated with the plug-in framework;

The interaction component is used to obtain a cloud service request sent by the tenant and provide the cloud service request to the plug-in framework, wherein the cloud service request is used to request the server to provide cloud services to the tenant;

The plug-in framework is configured to run based on the cloud service request and send a plug-in access request to the plug-in management component, wherein the plug-in access request indicates access to a first plug-in for processing the cloud server request, the first plug-in being one of the at least one plug-in;

The plug-in management component is used to access the first plug-in based on the plug-in access request, obtain an access result, and feed back the access result to the plug-in framework;

The plug-in framework is further configured to obtain a processing result for the cloud service request based on the access result.

The system according to claim 1, wherein the system further comprises: an access proxy component;

The plug-in framework is specifically configured to send the plug-in access request to the access proxy component, so that the access proxy component sends the plug-in access request to the plug-in management component.

The system according to claim 1 or 2, characterized in that

The interaction component is further configured to obtain a plug-in loading request from the tenant and forward the plug-in loading request to the plug-in management component, wherein the plug-in loading request indicates loading the first plug-in;

The plug-in management component is further configured to load the first plug-in based on the plug-in loading request.

The system according to claim 3, further comprising: another plug-in management component, wherein the plug-in management component is specifically configured to:

Based on the plug-in loading request, sending a plug-in acquisition request to the plug-in registration component, wherein the plug-in acquisition request indicates acquisition of the first plug-in, and the plug-in registration component is used to store all plug-ins required to process the cloud service request;

receiving a plug-in acquisition response sent by the plug-in registration component, wherein the plug-in acquisition response carries indication information of the other plug-in management component, or the plug-in acquisition response carries indication information of a storage address of the first plug-in in the plug-in registration component;

Based on the indication of the plug-in acquisition response, the first plug-in is acquired and loaded.

The system according to claim 4, wherein the plug-in management component is further configured to:

Obtaining an update request for updating the first plug-in;

Obtaining an updated version of the first plug-in from the other plug-in management component based on the update request, or obtaining the updated version from the plug-in registration component;

The first plug-in is updated based on the updated version.

The system according to claim 5, wherein the update request is sent by the plug-in registration component;

Alternatively, the interaction component is further configured to obtain a plug-in update instruction of the tenant, and send the update request to the plug-in management component based on the plug-in update instruction, where the plug-in update instruction is used to instruct to update the first plug-in.

The system according to claim 5 or 6, characterized in that

The plug-in management component is further configured to send an update notification to the first plug-in before the plug-in management component updates the first plug-in based on the updated version, wherein the update notification indicates that the first plug-in needs to be updated;

The first plug-in is further configured to provide the plug-in management component with the running information of the first plug-in based on the update notification;

The plug-in management component is also used to store the operation information;

The plug-in management component is further configured to provide the running information to the first plug-in after the plug-in management component updates the first plug-in based on the updated version;

The first plug-in is further configured to run based on the running information.

The system according to any one of claims 4 to 7, wherein the plug-in management component and the other plug-in management components are used to manage plug-ins of the same tenant.

The system according to any one of claims 4 to 8, wherein a transmission delay between the other plug-in management components and the plug-in management component is less than a transmission delay between the plug-in registration component and the plug-in management component.

The system according to any one of claims 4 to 9 is characterized in that the plug-in registration component includes a system registration sub-component and a tenant registration sub-component, the system registration sub-component is used to store the executable code of the system plug-in, and the tenant registration sub-component is used to store the executable code of the plug-in provided by the tenant, and the tenant does not have access to the system registration sub-component.

The system according to any one of claims 1 to 10 is characterized in that the system is used to process cloud service requests of multiple tenants, the system includes multiple plug-in management components corresponding to the multiple tenants, the plug-in management components are used to manage plug-ins belonging to the corresponding tenants, and all plug-ins managed by any plug-in management component belong to the same tenant.

The system according to any one of claims 1 to 11 is characterized in that the plug-in framework is used to process cloud service requests for multiple cloud services, and processing cloud service requests for a target cloud service is achieved by running the plug-in framework and the plug-in corresponding to the target cloud service, and the target cloud service is any one of the multiple cloud services.

The system according to any one of claims 1 to 12 is characterized in that the system includes multiple plug-in frameworks and at least one plug-in management component belonging to the same tenant, the multiple plug-in frameworks are used to implement the same function, in response to the system including a plug-in management component of the same tenant, the multiple plug-in frameworks share the one plug-in management component, and in response to the system including multiple plug-in management components of the same tenant, at least some of the multiple plug-in frameworks use a plug-in management component separately.

A cloud service request processing method, characterized in that the method is applied to a cloud service request processing system, wherein the system is deployed in a server managed by a cloud management platform, the cloud management platform is used to manage the infrastructure for providing cloud services, the infrastructure including multiple servers, the system including: an interaction component, a plug-in framework, a plug-in management component, and at least one plug-in associated with the plug-in framework, the method comprising:

The interactive component obtains a cloud service request sent by the tenant and provides the cloud service request to the plug-in framework, wherein the cloud service request is used to request the server to provide cloud services to the tenant;

The plug-in framework runs based on the cloud service request and sends a plug-in access request to the plug-in management component, wherein the plug-in access request indicates access to a first plug-in for processing the cloud server request, the first plug-in being one of the at least one plug-in;

The plug-in management component accesses the first plug-in based on the plug-in access request, obtains an access result, and feeds back the access result to the plug-in framework;

The plug-in framework obtains a processing result for the cloud service request based on the access result.

The method according to claim 14, wherein the system further comprises: an access proxy component, wherein the plug-in framework sends a plug-in access request to the plug-in management component, comprising:

The plug-in framework sends the plug-in access request to the access proxy component, so that the access proxy component sends the plug-in access request to the plug-in management component.

The method according to claim 14 or 15, characterized in that before the plug-in management component accesses the first plug-in based on the plug-in access request, the method further comprises:

The interaction component obtains the tenant's plug-in loading request and forwards the plug-in loading request to the plug-in management component, where the plug-in loading request indicates loading the first plug-in;

The plug-in management component loads the first plug-in based on the plug-in loading request.

The method according to claim 16, wherein the system further comprises: another plug-in management component, wherein the plug-in management component loads the first plug-in based on the plug-in loading request, including:

The plug-in management component sends a plug-in acquisition request to the plug-in registration component based on the plug-in loading request, wherein the plug-in acquisition request indicates acquisition of the first plug-in, and the plug-in registration component is used to store all plug-ins required to process the cloud service request;

The plug-in management component receives a plug-in acquisition response sent by the plug-in registration component, where the plug-in acquisition response carries indication information of the other plug-in management component, or the plug-in acquisition response carries indication information of a storage address of the first plug-in in the plug-in registration component;

The plug-in management component obtains the first plug-in based on the indication of the plug-in acquisition response, and loads the first plug-in.

The method according to claim 17, wherein after the plug-in management component loads the first plug-in, the method further comprises:

The plug-in management component obtains an update request instructing to update the first plug-in;

The plug-in management component obtains the updated version of the first plug-in from the other plug-in management component based on the update request, or obtains the updated version from the plug-in registration component;

The plug-in management component updates the first plug-in based on the updated version.

The method of claim 18, wherein the update request is sent by the plug-in registration component;

Alternatively, the method further comprises:

The interaction component obtains the plug-in update instruction of the tenant, and sends the update request to the plug-in management component based on the plug-in update instruction, where the plug-in update instruction is used to instruct to update the first plug-in.

The method according to claim 18 or 19, wherein before the plug-in management component updates the first plug-in based on the updated version, the method further comprises:

The plug-in management component sends an update notification to the first plug-in, where the update notification indicates that the first plug-in needs to be updated;

The first plug-in provides the plug-in management component with the running information of the first plug-in based on the update notification;

The plug-in management component stores the running information;

After the plug-in management component updates the first plug-in based on the updated version, the method further includes:

The plug-in management component provides the running information to the first plug-in;

The first plug-in runs based on the running information.

A computing device cluster, characterized in that it includes multiple computing devices, the multiple computing devices include multiple processors and multiple memories, the multiple memories store program instructions, and the multiple processors execute the program instructions, so that the computing device cluster implements the system described in any one of claims 1 to 13.

A computer-readable storage medium, characterized in that it includes program instructions, which, when the program instructions are executed on a computing device, enable the computing device to implement the system described in any one of claims 1 to 13.

A computer program product comprising instructions, characterized in that when the instructions are executed by a computing device cluster, the computing device cluster implements the system according to any one of claims 1 to 13.