Using Linux Containers as a Virtualization Option

Similar documents
Alternatives to Solaris Containers and ZFS for Linux on System z

How To Make Databases on SUSE Linux Enterprise Server Highly Available Mike Friesenegger

Best practices with SUSE Linux Enterprise Server Starter System and extentions Ihno Krumreich

SUSE Linux Enterprise Kernel Back to the Future

SUSE An introduction...

Managing Linux Servers Comparing SUSE Manager and ZENworks Configuration Management

SUSE OpenStack Cloud. Enabling your SoftwareDefined Data Center. SUSE Expert Days. Nyers Gábor Trainer &

Docker Networking In OpenStack What you need to know now. Fawad Khaliq

Protect your server with SELinux on SUSE Linux Enterprise Server 11 SP Sander van Vugt

Provisioning with SUSE Enterprise Storage. Nyers Gábor Trainer &

Build with SUSE Studio, Deploy with SUSE Linux Enterprise Point of Service and Manage with SUSE Manager Case Study

Linux and z Systems in the Datacenter Berthold Gunreben

SUSE Manager Roadmap OS Lifecycle Management from the Datacenter to the Cloud

Essentials. Johannes Meixner. about Disaster Recovery (abbreviated DR) with Relax-and-Recover (abbreviated ReaR)

SaltStack and SUSE Systems and Configuration Management that Scales and is Easy to Extend

Linux High Availability on IBM z Systems

Open Enterprise & Open Community

SUSE Manager in Large Scale 17220

SUSE Linux Enterprise High Availability Extension

Cloud in a box. Fully automated installation of SUSE Openstack Cloud 5 on Dell VRTX. Lars Everbrand. Software Developer

Novell SLES 10/Xen. Roadmap Presentation. Clyde R. Griffin Manager, Xen Virtualization Novell, Inc. cgriffin at novell.com.

SUSE Manager and Salt

From GIT to a custom OS image in a few click OS image made easy

Define Your Future with SUSE

A Carrier-Grade Cloud Phone System

SICOOB. The Second Largest Linux on IBM System z Implementation in the World. Thiago Sobral. Claudio Kitayama

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Welcome to SUSE Expert Days 2017 Service Delivery with DevOps

Exploring History with Hawk

Introduction to Software Defined Infrastructure SUSE Linux Enterprise 15

Using Crowbar to Deploy Your OpenStack Cloud. Adam Spiers Vincent Untz John H Terpstra

Saving Real Storage with xip2fs and DCSS. Ihno Krumreich Project Manager for SLES on System z

Zdeněk Kubala Senior QA

Expert Days SUSE Enterprise Storage

OS Containers. Michal Sekletár November 06, 2016

Novell Infiniband and XEN

Before We Start... 1

BOV89296 SUSE Best Practices Sharing Expertise, Experience and Knowledge. Christoph Wickert Technical Writer SUSE /

SDS Heterogeneous OS Access. Technical Strategist

Secure Authentication

Exploring the High Availability Storage Infrastructure. Tutorial 323 Brainshare Jo De Baer Technology Specialist Novell -

Samba HA Cluster on SLES 9

DevOps with SUSE: How SUSE Manager, SUSE Studio and SUSE Cloud APIs Facilitate Continuous Software Delivery. Wolfgang Engel.

Unleash the Power of Ceph Across the Data Center

Know your competition A review of qemu and KVM for System z

openqa Avoiding Disasters of Biblical Proportions Marita Werner QA Project Manager

openqa Avoiding Disasters of Biblical Proportions Marita Werner QA Project Manager

Too Many Metas A high level look at building a metadata desktop. Joe Shaw

SUSE Linux Enterprise 11

openqa making QA interesting since 2013 Ondrej Holecek /aaannz/

openqa features capabilities bugs Ondrej Holecek /aaannz/

Software Defined. All The Way with OpenStack. T. R. Bosworth Senior Product Manager SUSE OpenStack Cloud

Hands-on with Native Linux Containers (LXC) Workbook

OS Virtualization. Linux Containers (LXC)

Saving Your Bacon Recovering From Common Linux Startup Failures

SUSE. High Performance Computing. Kai Dupke. Meike Chabowski. Senior Product Manager SUSE Linux Enterprise

High Availability for Highly Reliable Systems

The opensuse project. Motivation, Goals, and Opportunities. Sonja Krause-Harder Michael Löffler. March 6, 2006

SUSE Linux Enterprise Server: Supported Virtualization Technologies

Virtualization at Scale in SUSE Linux Enterprise Server

Gaps and Overlaps in Identity Management Solutions OASIS Pre-conference Workshop, EIC 2009

The Journey of an I/O request through the Block Layer

Introduction to Container Technology. Patrick Ladd Technical Account Manager April 13, 2016

IO110: Open Enterprise Server 2. Hardware you can hit with a hammer, software you can only curse at...

Samba and Ceph. Release the Kraken! David Disseldorp

Scaling a Highly Available Global SUSE Manager Deployment at Rackspace to Manage Multiple Linux Platforms

ISLET: Jon Schipp, AIDE jonschipp.com. An Attempt to Improve Linux-based Software Training

VSP16. Venafi Security Professional 16 Course 04 April 2016

Travis Cardwell Technical Meeting

Troubleshooting Your SUSE TUT6113. Cloud. Paul Thompson SUSE Technical Consultant. Dirk Müller SUSE OpenStack Engineer

Collecting data from IoT devices using Sigfox network

96Boards Enablement for opensuse

Veritas NetBackup and Oracle Cloud Infrastructure Object Storage ORACLE HOW TO GUIDE FEBRUARY 2018

Packaging made easy. How the opensuse build service makes building packages easy for developers who don't care about packaging

Lecture 09: VMs and VCS head in the clouds

SUSE in the Enterprise

ThingWorx Core 7.2 System Requirements. Version 1.1

Version is the follow-on release after version 8.1, featuring:

Pushing The Limits Of Linux On ARM

Avaya Call Management System Documentation Roadmap

Splunk N Box. Splunk Multi-Site Clusters In 20 Minutes or Less! Mohamad Hassan Sales Engineer. 9/25/2017 Washington, DC

SUSE. High Performance Computing. Eduardo Diaz. Alberto Esteban. PreSales SUSE Linux Enterprise

The failure of Operating Systems,

Pavel Anni Oracle Solaris 11 Feature Map. Slide 2

Using Manage Alarm Tool

Implementing Avaya Flare Experience for Windows

Benefits of an Exclusive Multimaster Deployment of Oracle Directory Server Enterprise Edition

Deployment Patterns using Docker and Chef

Avaya Client Applications Configurator User Guide

Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING

3 Mobility Pack Installation Instructions

SAP HANA Operation Expert Summit PLAN - Hardware Landscapes. Addi Brosig, SAP HANA Product Management May 2014

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Red Hat enterprise virtualization 3.0

Intel Cache Acceleration Software (Intel CAS) for Linux* v2.9 (GA)

Oracle Linux 7: Advanced Administration Ed 1 LVC

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

SAINT LOUIS JAVA USER GROUP MAY 2014

Release Notes for Avaya Aura Appliance Virtualization Platform Release

Introduction to containers

Transcription:

Using Linux Containers as a Virtualization Option Michal Svec Product Manager msvec@suse.com Mike Friesenegger Sales Engineer mfriesenegger@suse.com

2 Containers

Linux Containers Virtualization OS Level Virtualization i.e. virtualization without a hypervisor (also known as lightweight virtualization ) Similar technologies include: Solaris Zones, BSD Jails, Virtuozzo or OpenVZ Advantages Minor I/O overhead Storage advantages Dynamic changes to parameters without reboot Combining virtualization technologies Disadvantages Higher impact of a crash, especially in the kernel area Unable to run another OS that cannot use the host's kernel 3

Agenda Control Groups Introduction to Linux Containers (LXC) Linux Containers Demo Questions 4

Control Groups

What Are Control Groups? Control Groups provide a mechanism for aggregating/partitioning sets of tasks and all their future children, into hierarchical groups with specialized behavior. cgroup is another name for Control Groups Partition tasks (processes) into one or many groups of tree hierarchies Associate a set of tasks in a group to set subsystem parameters Subsystems provide the parameters that can be assigned Tasks are affected by the assigned parameters 6

Example of the Capabilities of a cgroup Consider a large university server with various users - students, professors, system tasks etc. The resource planning for this server could be along the following lines: CPUs Top cpuset (20%) / \ Memory Professors = 50% Students = 30% Network I/O WWW browsing = 20% / \ CPUSet1 CPUSet2 System = 20% Prof (15%) Students (5%) (Profs) (Students) 60% 20% Disk I/O Professors = 50% Students = 30% System = 20% Network File System (60%) Others (20%) Source: /usr/src/linux/documentation/cgroups/cgroups.txt 7

Control Group Subsystems Two types of subsystems: Isolation and Special Controls cpuset, namespace, freezer, device, checkpoint/restart Resource Control cpu(scheduler), memory, disk i/o, network Source: http://jp.linuxfoundation.org/jp_uploads/seminar20081119/cgroupmemcgmaster.pdf 8

Building and Using Linux Containers with LXC

Linux Containers Architecture Applications Applications Applications Container Layer LXC Container LXC Container LXC Container IO Path Physical Drivers cgroups Linux Kernel chroot() bridging Hardware Layer IO & Platform Devices (Disk, LAN, USB, BMC, IPMI, ACPI, etc.) Physical Hardware Memory & CPU (x86, x86-64, EM64T) 10

Linux Containers Security User namespaces Prevents evading from containers Shared kernel with the host Syscall exploits can be exploited from within the container Solution is in Linux kernel since 3.5 (seccomp2) Secure containers with SELinux, AppArmor SELinux policy applies to complete container Support for SELinux with LXC on a case by case basis AppArmor support is ready upstream 11

Linux Containers Feature Overview Only SUSE Linux Enterprise Server 11 SP3 supported in container Support for system containers A full SUSE Linux Enterprise Server installation into a chroot directory structure Resource control using cgroups Bridged networking required 12

Understanding Solaris Containers Also known as a Solaris Zone Two components of a Solaris Container Solaris Zones software partitioning technology Solaris Resource Management Solaris Zones Virtual mapping from the application to the platform resources Application components are isolated from one another Solaris Resource Management Allocate, limit and deny available computing resources Generate extended accounting information for analysis, billing, and capacity planning 13

Comparing Linux Containers to Solaris Containers Solaris Containers LXC Included with OS Yes Yes Zone Management Command Line Interface Yes (zonecfg, zoneadm) Yes (lxc-*) GUI Yes (added purchase) Yes (YaST module) Fault Isolation Application Level Yes Yes Kernel Level No No Privacy/Security Yes (inside container) Yes (inside container) Resource Management Project/Task Identifiers Yes No Accounting Yes No (evaluating features) CPU Control Yes Yes Memory Control Yes Yes (OOM) Network Control Yes No (in progress) 14

Linux Containers Use Cases Hosting Business Give a user/developer (root) access without full (root) access to the real system. Enterprise Data Center Limit applications which have a tendency to grab all resources on a system: Memory (databases) CPU cycles/scheduling (compute intensive applications) Outsourcing business Guarantee a specific amount of resources (SLAs!) to a set of applications for a specific customer without more heavy virtualization technologies 15

Linux Containers Outlook Cloud use case Bare metal provisioning through the cloud interfaces Integration with libvirt: libvirt-lxc Integration with virtualization management tools, incl. cloud Application containers More effective storage use Easy creation and management Research further container-based technologies systemd, docker.io, SELinux and AppArmor support for LXC File system copy-on-write (btrfs integration) 16

Linux Containers Demo

Corporate Headquarters Maxfeldstrasse 5 90409 Nuremberg Germany +49 911 740 53 0 (Worldwide) www.suse.com Join us on: www.opensuse.org 18

Unpublished Work of SUSE. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback