container crash course
Embed Size (px)
Transcript of container crash course
- 1. Container Crash Course Interop Las Vegas 2015
- 2. Processes and Filesystems Interop Las Vegas 2015
- 3. Zen and the Art of System Management Interop Las Vegas 2015
- 4. Building Cloud Native Architectures Interop Las Vegas 2015
- 5. Agenda Introduction Containers as a metaphor Containers from rst principles Linux Containers Managing Containers Really Managing Containers Whats next?
- 6. Andrew Clay Shafer
- 7. Andrew Clay Shafer @littleidea
- 8. What is a container?
- 9. History
- 10. The Box Someone thought this was interesting enough to write 400 pages.
- 11. The system, developed after World War II, dramatically reduced transport costs, supported the post-war boom in international trade, and was a major element in globalization.
- 12. Timeline Origins in 18th Century English Coal Mining By 1830, Railroads Carried Boxes Designed For Other Modes Early 1900s, Closed Boxes Designed for Both Road and Rail 1933 Bureau International des Containers et du Transport Intermodal 1951 Purpose Built Ships 1955, Modern Intermodal Container Developed 1968: ISO_668 Dened the Terminology, Dimensions and Ratings Innovation Since 1970 Optimized Logistics
- 13. McLean had initially favored the construction of "trailerships"taking trailers from large trucks and stowing them in a ship's cargo hold.
- 14. Containers Intermodal Have Standardized Dimensions Transported Without Being Opened Handling Completely Mechanized All Containers Numbered and Tracked
- 15. Impact Did Away With Most Manual Sorting Signicantly Reduced Warehousing Reduced Port Congestion Shortened Shipping Time Reduced Loss From Damage and Theft Displaced Thousands of Dock Workers
- 16. As of 2009, approximately 90% of non- bulk cargo worldwide is moved by containers stacked on transport ships
- 17. few initially foresaw the extent of the inuence of containerization on the shipping industry.
- 18. Impact wasnt from the details of containers but from the infrastructure and logistic optimization
- 19. where were we?
- 20. What makes a process? executable code machine registers heap stack le descriptors environment variables
- 21. a process is context
- 22. information maintained about and for an executing program
- 23. the abstraction of a physical processor
- 24. Some Context Process ID (pid) Parent process ID (ppid) Real User ID Effective User ID Current Directory File Descriptor Table ENV
- 25. PID 0 sched actually part of the kernel
- 26. PID 1 init
- 27. UID PID PPID CPU PRI NI VSZ RSS WCHAN STAT TT TIME COMMAND 0 1 0 0 48 0 2540232 14288 - Ss ?? 49:39.12 /sbin/launchd
- 28. every process has a parent who is supposed to take care of it
- 29. Why am I telling you this?
- 30. a container is just a process pretending its all alone
- 31. Containers are Not VMs trailerships
- 32. Well, what is a VM?
- 33. Hypervisors & Virtual Machines software emulation of hardware must boot another kernel another layer between process and silicon
- 34. moving forward
- 35. On to containers
- 36. a glimpse of the future
- 37. How did we get here?
- 38. container history 1979 Unix v7 chroot system call 2000 FreeBSD Jails 2001 Linux Vserver 2004 Solaris Zones 2005 OpenVZ 2006 Process Containers 2007 cgroups merged into mainline
- 39. container history 2008 LXC 2011 Cloud Foundry Warden 2013 LMCTFY 2013 Docker 2014 Rocket ??
- 40. Not New
- 41. features of the kernel
- 42. namespaces and groups namespaces limit visibility cgroups limit access
- 43. The purpose of each namespace is to wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.
- 44. Namespaces mount - lesystem hierarcy UTS - hostnames IPC - interprocess communication PID - process ID (different namespaces can have same PID) network - each namespace has own devices, IP, routing tables user - isolate the user and group id number spaces
- 45. grouping/partitioning of processes, with newly forked processes ending up in the same group (cgroup) as their parent process
- 46. cgroups cpu memory cpuacct cpuset devices freezer net_cls ns
- 47. But what is actually running?
- 48. chroot is an operation that changes the apparent root directory for the current running process and their children. A program that is run in such a modied environment cannot access les and commands outside that environmental directory tree. This modied environment is called a chroot jail.
- 49. les systems abstraction representing data, ownership and permissions
- 50. When people talk about containers right now they are often conating the runtime isolation and the packaging of lesystems
- 51. Blame Docker
- 52. Docker, Docker, Docker
- 53. Docker made it easy to make and share lesystem images
- 54. Docker made containers accessible to the average developer
- 55. the best thing about docker is the social sharing and workows
- 56. the worst thing about docker is the social sharing and workows :)
- 57. Now you have 1000s of containers deployed
- 58. Oh Wait how?
- 59. Intermodal we just need the trains and cranes
- 60. Purpose Built Ships
- 61. role based access to resources run specied bits on demand coordinate cross service congurations route public requests to running bits read and write persistent data add and remove resources record internal and external events isolate resources and failures measure performance/health detect and determine failure (plan & provoke failure) recover failures work tomorrow Problems to solve
- 62. better get to work
- 63. Resources namespaces - http://lwn.net/ Articles/531114/ cgroups - https:// www.kernel.org/doc/ Documentation/cgroups/ cgroups.txt http://lattice.cf/ http://cloudfoundry.org/ https://linuxcontainers.org/ https://www.docker.com/ https://coreos.com/blog/rocket/ http://kubernetes.io/ http://mesos.apache.org/