Linux Containers Overview & Roadmap

Slides:



Advertisements
Similar presentations
With ovirt & virt manager
Advertisements

PlanetLab: An Overlay Testbed for Broad-Coverage Services Bavier, Bowman, Chun, Culler, Peterson, Roscoe, Wawrzoniak Presented by Jason Waddle.
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
Lightweight virtual system mechanism Gao feng
Profit from the cloud TM Parallels Dynamic Infrastructure AndOpenStack.
Xen , Linux Vserver , Planet Lab
KVM and Container Performance and Isolation Deep Dive.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Virtualization for Cloud Computing
Virtualization 101.
Red Hat Installation. Installing Red Hat Linux is the process of copying operating system files from a CD, DVD, or USB flash drive to hard disk(s) on.
Condor Project Computer Sciences Department University of Wisconsin-Madison Virtual Machines in Condor.
Methodologies, strategies and experiences Virtualization.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 7 2/23/2015.
May l Washington, DC l Omni Shoreham Nick Dobrovolskiy VP Parallels Open Platform May 19 th, 2008 Introducing Parallels Server.
Systems Security & Audit Operating Systems security.
A Cloud is a type of parallel and distributed system consisting of a collection of inter- connected and virtualized computers that are dynamically provisioned.
Module 7: Hyper-V. Module Overview List the new features of Hyper-V Configure Hyper-V virtual machines.
V IRTUALIZATION Sayed Ahmed B.Sc. Engineering in Computer Science & Engineering M.Sc. In Computer Science.
A RedStack Technology Company Oracle EMEA Database Partner of the Year Oracle Partner of the year 2010 & (0)
4P13 Week 1 Talking Points. Kernel Organization Basic kernel facilities: timer and system-clock handling, descriptor management, and process Management.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
Virtual techdays INDIA │ august 2010 virtual techdays INDIA │ august 2010 Consolidate and Virtualize your Linux Environment M.S.Anand │ Technology.
Full and Para Virtualization
Virtualization One computer can do the job of multiple computers, by sharing the resources of a single computer across multiple environments. Turning hardware.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Docker Overview Automating.
VM vs Container Xen, KVM, VMware, etc. Hardware emulation / paravirtualization Can run different OSs on the same box Dozens of instances OS sprawl problem.
Cloud Computing – UNIT - II. VIRTUALIZATION Virtualization Hiding the reality The mantra of smart computing is to intelligently hide the reality Binary->
Introduction to KVM Andrea Chierici Virtualization tutorial Catania 1-3 dicember 2010.
An Introduction to GPFS
Intro To Virtualization Mohammed Morsi
Open Source Virtualization Andrey Meganov RHCA, RHCX Consultant / VDEL
Secure remote management with virtualization Daniel P. Berrangé.
Virtualization Neependra Khare
SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh
Daniel P. Berrangé Principal Software Engineer, Red Hat.
Containers vs Others Xen, VMware, etc. ● Emulation/paravirtualization ● Can run different OSs on the same box ● Lower density/scalability ● OS sprawl problem.
Virtualization which isn't LXC (Linux Containers) Dobrica Pavlinušić DORS/CLUC, Zagreb,
10/2/2016 Secure Virtualization Using SELinux Daniel J Walsh
VM vs Container Xen, KVM, VMware, etc. ● Hardware emulation / paravirtualization ● Can run different OSs on the same box ● Dozens of instances ● OS sprawl.
OpenShift & SELinux Dan Walsh Twitter: #rhatdan
Andrea Chierici Virtualization tutorial Catania 1-3 dicember 2010
Virtualization Mini Summit, Austin 2008 mmm, tasty penguins...
Virtualization.
Fundamentals Sunny Sharma Microsoft
Agenda Hardware Virtualization Concepts
Current Generation Hypervisor Type 1 Type 2.
Project Overview Amador Pahim (apahim) oVirt Contributor
Application Sandboxes
London OpenStack Meetup, July 2012 libvirt & KVM with OpenStack Nova
Container-based Operating System Virtualization: A scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert Potzl, Marc E. Fiuczynski,
Virtualization with libvirt Kashyap Chamarthy
Containers and Virtualisation
Dan Walsh Red Hat, Inc. Sandbox Dan Walsh Red Hat, Inc.
Structure of Unix OS.
Virtualization overview
MOM + oVirt: Nurturing our Virtual Machines
Oracle Solaris Zones Study Purpose Only
Xen Summit Spring 2007 Platform Virtualization with XenEnterprise
Setting policies in kubernetes
OS Virtualization.
Agenda Intro Why use containers at all? Linux Kernel: a pop of history
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Virtualization Layer Virtual Hardware Virtual Networking
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Virtualization 101.
Intro about Contanier and Docker Technology
Windows Virtual PC / Hyper-V
Docker Some slides from Martin Meyer Vagrant Box:
Presentation transcript:

Linux Containers Overview & Roadmap Bhavna Sarathy Senior Product Manager, Red Hat Dan Walsh Senior Principal Software Engineer, Red Hat June 12 2013

Key elements of Linux Containers Process Isolation Resource Management Security Bhavna: Linux containers can just be thought of as a collection of processes, separated from the main host processes via a set of resource namespaces and constrained via control groups resource tunables. Now, lets look into the key elements of Linux containers. The 4 tenets of Linux Containers are: - Process Isolation - Resource Management - Security - Management or Tooling Process Isolation is achieved through kernel namespaces which provides a simulated environment for the various kernel capabilities such as process ID, mount, network, UTS, and user ID. Resource management is achieved using process control groups or cgroups to allocate, and manage the host CPU, system memory, disk I/O, and network resources. Security is provided using SELinux, which applies security labels to Linux containers and their resources. In addition, SELinux policies are applied to containers. Management tooling is provided using the libvirt API which provides a collection of services (virt-sandbox-service, virt-sandbox) to support application sandboxing capabilities. Management

Linux Container Architecture

Red Hat Enterprise Linux Container Architecture Linux Kernel Hardware (Intel, AMD)

Red Hat Enterprise Linux Container Architecture Linux Kernel Hardware (Intel, AMD) Namespaces

Namespaces Process Isolation Mount : mounting/unmounting filesystems UTS : hostname, domainname IPC : SysV message queues, semaphore/shared memory segments Network: IPv4/IPv6 stacks, routing, firewall PID: Private /proc, multiple pid 1's User: (UID) Just showing up in the Kernel now. Not planning on supporting in RHEL7. Bhavna: Linux containers can just be thought of as a collection of processes, separated from the main host processes via a set of resource namespaces and constrained via control groups resource tunables. Now, lets look into the key elements of Linux containers. The 4 tenets of Linux Containers are: - Process Isolation - Resource Management - Security - Management or Tooling Process Isolation is achieved through kernel namespaces which provides a simulated environment for the various kernel capabilities such as process ID, mount, network, UTS, and user ID. Resource management is achieved using process control groups or cgroups to allocate, and manage the host CPU, system memory, disk I/O, and network resources. Security is provided using SELinux, which applies security labels to Linux containers and their resources. In addition, SELinux policies are applied to containers. Management tooling is provided using the libvirt API which provides a collection of services (virt-sandbox-service, virt-sandbox) to support application sandboxing capabilities.

Namespace Use Process Isolation pam_namespace - RHEL5/6 SELinux sandbox - RHEL6 SystemD - Fedora 17 UnitFile: PrivateTmp, PrivateNetwork Openshift - RHEL6 Pam_namespace : Private /tmp

Red Hat Enterprise Linux Container Architecture Linux Kernel Hardware (Intel, AMD) Namespaces Cgroups

Resource Management with Cgroups Network Memory CPU Block IO Linux Kernel Namespaces Cgroups Hardware (Intel, AMD)

Cgroup Use Resource Management Libvirt/qemu – RHEL6 OpenShift - RHEL6 SystemD - Fedora 18 UnitFile: ControlGroup* Red Hat Storage Service Gluster - RHEL6

Red Hat Enterprise Linux Container Architecture Linux Kernel Hardware (Intel, AMD) Namespaces Cgroups SELinux

SELinux Use Security Targeted - RHEL4 MLS – RHEL5 Targeted/MCS - RHEL6 sVirt OpenShift sandbox -X

Red Hat Enterprise Linux Container Architecture Linux Kernel Hardware (Intel, AMD) Namespaces Cgroups SELinux Libvirt Drivers

Red Hat Enterprise Linux Container Architecture Linux Kernel Hardware (Intel, AMD) Namespaces Cgroups SELinux Libvirt Drivers

Red Hat Enterprise Linux Container Architecture Linux Kernel Hardware (Intel, AMD) Namespaces Cgroups SELinux Libvirt Containers Containers Drivers

Libvirt Use Libvirt - RHEL5, RHEL6 Launch Virtual Machines Libvirt-lxc – RHEL6.4 Launch Containers Management

Linux Container Use Cases Process Isolation Resource Management Security Bhavna: Linux containers can just be thought of as a collection of processes, separated from the main host processes via a set of resource namespaces and constrained via control groups resource tunables. Now, lets look into the key elements of Linux containers. The 4 tenets of Linux Containers are: - Process Isolation - Resource Management - Security - Management or Tooling Process Isolation is achieved through kernel namespaces which provides a simulated environment for the various kernel capabilities such as process ID, mount, network, UTS, and user ID. Resource management is achieved using process control groups or cgroups to allocate, and manage the host CPU, system memory, disk I/O, and network resources. Security is provided using SELinux, which applies security labels to Linux containers and their resources. In addition, SELinux policies are applied to containers. Management tooling is provided using the libvirt API which provides a collection of services (virt-sandbox-service, virt-sandbox) to support application sandboxing capabilities. Management

Shared RHEL Host Software Containers use cases Shared RHEL Host Software Generic Application Container Systemd Application Container Generic Application container Start any application Shared /usr Systemd Application Container launch container and persist across reboots Interactive : invoke from virt-sandbox CLI Chroot on steroids Ability to run different application stacks in containers This is where the rubber meets the road! OS containers – Not Supported Boot guest OSes inside a container Use full featured KVM Virtualization!

Shared RHEL Host Software Containers use cases Shared RHEL Host Software Generic Application Container Systemd Application Container Unshared OS Software Chroot Application Container Booted OS Container Generic Application container Start any application Shared /usr Systemd Application Container launch container and persist across reboots Interactive : invoke from virt-sandbox CLI Chroot on steroids Ability to run different application stacks in containers This is where the rubber meets the road! OS containers – Not Supported Boot guest OSes inside a container Use full featured KVM Virtualization!

Generic Application Container virt-sandbox-service Libvirt libvirt-lxc Any command

Systemd Application Container virt-sandbox-service Libvirt libvirt-lxc Unit file

Chroot Application Container virt-sandbox-service Libvirt libvirt-lxc Any Command In Chroot

virt-sandbox-service Booted OS Container virt-sandbox-service Libvirt libvirt-lxc /sbin/init

virt-sandbox-service Booted OS Containers Not supported!!! Use KVM virt-sandbox-service Libvirt libvirt-lxc /sbin/init

Containers vs KVM Virtualization When should I use containers and when should I use KVM?

Containers vs KVM Virtualization Startup and shutdown speed Ease of Maintainance Easy to create System-wide changes visible in each container For RHEL Shared OS Containers Scalability: Number of containers Process Memory Sharing

KVM Virtualization vs Containers Boot multiple Different Operating Systems Including Windows Separate kernel Better Security Kernel crash does not take down host Guest Isolation from host changes Full Separation Features such as live migration, live storage migration

Linux Containers : Scalability How many containers can you run? Theoritical Scales to 6000 containers and 12000 bind mounts of root filesystem directories Practical Running real workloads, containers doing work in parallel

Future Seccomp – Linux syscall restriction Better audit support/logging support Working UnionFS. What's going to break?????

Related Summit Sessions Managing SELinux in the Enterprise Wed 4:50 pm, Rm 312 Secure Development Practices Thu 1:20 pm, Rm 306 Under the Hood of OpenShift, Turbocharged by RHEL Thu 3:40 pm, Rm 304 KVM Hypervisor Roadmap & Technology Update Thu 10:40am, Rm 304 Hypervisor Technology Comparison & Migration Fri 9:45am, Rm 313

Contact Info Dan Walsh Email: dwalsh@redhat.com Blog: danwalsh.livejournal.com Twitter: @rhatdan Bhavna Sarathy Email: bsarathy@redhat.com

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.