container crash course

download container crash course

of 64

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of container crash course

  1. 1. Container Crash Course Interop Las Vegas 2015
  2. 2. Processes and Filesystems Interop Las Vegas 2015
  3. 3. Zen and the Art of System Management Interop Las Vegas 2015
  4. 4. Building Cloud Native Architectures Interop Las Vegas 2015
  5. 5. Agenda Introduction Containers as a metaphor Containers from rst principles Linux Containers Managing Containers Really Managing Containers Whats next?
  6. 6. Andrew Clay Shafer
  7. 7. Andrew Clay Shafer @littleidea
  8. 8. What is a container?
  9. 9. History
  10. 10. The Box Someone thought this was interesting enough to write 400 pages.
  11. 11. The system, developed after World War II, dramatically reduced transport costs, supported the post-war boom in international trade, and was a major element in globalization.
  12. 12. Timeline Origins in 18th Century English Coal Mining By 1830, Railroads Carried Boxes Designed For Other Modes Early 1900s, Closed Boxes Designed for Both Road and Rail 1933 Bureau International des Containers et du Transport Intermodal 1951 Purpose Built Ships 1955, Modern Intermodal Container Developed 1968: ISO_668 Dened the Terminology, Dimensions and Ratings Innovation Since 1970 Optimized Logistics
  13. 13. McLean had initially favored the construction of "trailerships"taking trailers from large trucks and stowing them in a ship's cargo hold.
  14. 14. Containers Intermodal Have Standardized Dimensions Transported Without Being Opened Handling Completely Mechanized All Containers Numbered and Tracked
  15. 15. Impact Did Away With Most Manual Sorting Signicantly Reduced Warehousing Reduced Port Congestion Shortened Shipping Time Reduced Loss From Damage and Theft Displaced Thousands of Dock Workers
  16. 16. As of 2009, approximately 90% of non- bulk cargo worldwide is moved by containers stacked on transport ships
  17. 17. few initially foresaw the extent of the inuence of containerization on the shipping industry.
  18. 18. Impact wasnt from the details of containers but from the infrastructure and logistic optimization
  19. 19. where were we?
  20. 20. What makes a process? executable code machine registers heap stack le descriptors environment variables
  21. 21. a process is context
  22. 22. information maintained about and for an executing program
  23. 23. the abstraction of a physical processor
  24. 24. Some Context Process ID (pid) Parent process ID (ppid) Real User ID Effective User ID Current Directory File Descriptor Table ENV
  25. 25. PID 0 sched actually part of the kernel
  26. 26. PID 1 init
  27. 27. UID PID PPID CPU PRI NI VSZ RSS WCHAN STAT TT TIME COMMAND 0 1 0 0 48 0 2540232 14288 - Ss ?? 49:39.12 /sbin/launchd
  28. 28. every process has a parent who is supposed to take care of it
  29. 29. Why am I telling you this?
  30. 30. a container is just a process pretending its all alone
  31. 31. Containers are Not VMs trailerships
  32. 32. Well, what is a VM?
  33. 33. Hypervisors & Virtual Machines software emulation of hardware must boot another kernel another layer between process and silicon
  34. 34. moving forward
  35. 35. On to containers
  36. 36. a glimpse of the future
  37. 37. How did we get here?
  38. 38. container history 1979 Unix v7 chroot system call 2000 FreeBSD Jails 2001 Linux Vserver 2004 Solaris Zones 2005 OpenVZ 2006 Process Containers 2007 cgroups merged into mainline
  39. 39. container history 2008 LXC 2011 Cloud Foundry Warden 2013 LMCTFY 2013 Docker 2014 Rocket ??
  40. 40. Not New
  41. 41. features of the kernel
  42. 42. namespaces and groups namespaces limit visibility cgroups limit access
  43. 43. The purpose of each namespace is to wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.
  44. 44. Namespaces mount - lesystem hierarcy UTS - hostnames IPC - interprocess communication PID - process ID (different namespaces can have same PID) network - each namespace has own devices, IP, routing tables user - isolate the user and group id number spaces
  45. 45. grouping/partitioning of processes, with newly forked processes ending up in the same group (cgroup) as their parent process
  46. 46. cgroups cpu memory cpuacct cpuset devices freezer net_cls ns
  47. 47. But what is actually running?
  48. 48. chroot is an operation that changes the apparent root directory for the current running process and their children. A program that is run in such a modied environment cannot access les and commands outside that environmental directory tree. This modied environment is called a chroot jail.
  49. 49. les systems abstraction representing data, ownership and permissions
  50. 50. When people talk about containers right now they are often conating the runtime isolation and the packaging of lesystems
  51. 51. Blame Docker
  52. 52. Docker, Docker, Docker
  53. 53. Docker made it easy to make and share lesystem images
  54. 54. Docker made containers accessible to the average developer
  55. 55. the best thing about docker is the social sharing and workows
  56. 56. the worst thing about docker is the social sharing and workows :)
  57. 57. Now you have 1000s of containers deployed
  58. 58. Oh Wait how?
  59. 59. Intermodal we just need the trains and cranes
  60. 60. Purpose Built Ships
  61. 61. role based access to resources run specied bits on demand coordinate cross service congurations route public requests to running bits read and write persistent data add and remove resources record internal and external events isolate resources and failures measure performance/health detect and determine failure (plan & provoke failure) recover failures work tomorrow Problems to solve
  62. 62. better get to work
  63. 63. Resources namespaces - Articles/531114/ cgroups - https:// Documentation/cgroups/ cgroups.txt