FATTI UN CONTAINER TUTTO TUO!! @liuggio Giulio De Donato
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
FATTI UN CONTAINERTUTTO TUO!!
@liuggio Giulio De Donato
@liuggio
welcometothebundle.co
m
@liuggio Giulio De Donato
What is a Container?
@liuggio Giulio De Donato
“I once heard that hypervisors are the living proof of operating system's incompetence”-- Glauber Costa's - LinuxCon Europe 2012
@liuggio Giulio De Donato
... containers ...“I would love to say months, but let's get realistic”-- Glauber Costa's - LinuxCon Europe 2012
@liuggio Giulio De Donato
Is all about ISOLATION
@liuggio Giulio De Donato
chroo
t
?
@liuggio Giulio De Donato
while true; do mkdir x; cd x; donebomb() { bomb | bomb & }; bomb
Attacks
@liuggio Giulio De Donato
GOAL OF TODAY:
http://9gag.com/gag/aGxbmGz
namespace cgroups ufs
@liuggio Giulio De Donato
LXC vs DOCKER@liuggio Giulio De
Donato
Let’s start with the first set of slides
Once upon a time ...
@liuggio Giulio De Donato
NAMESPACELinux 2.6.23 (released in late 2007)
6 namespaces- mnt (mount points, filesystems)- pid (processes)- net (network stack)- ipc (System V IPC)- uts (hostname)- user (UIDs)
Namespaces started in about 2002.
@liuggio Giulio De Donato
Namespaces processes API consists of these 3 system calls:● clone() - creates a new process and a new namespace; the newly created process is attached to the new namespace
● unshare()–gets only a single parameter, flags. Does not create a new process; creates a new namespace and attaches the calling processto it.
● setns()- a new system call, for attaching the calling process to an existing namespace;
@liuggio Giulio De Donato
DEMO Namespace
https://gist.github.com/liuggio/114f506fbe040ac93687dc797b923cbf
1
@liuggio Giulio De Donato
@liuggio Giulio De Donato
CGroups!The cgroup (control groups) subsystem is a Resource Management and
Resource Accounting/Tracking solution, providing a generic process - grouping frameworkIt handles resources such as memory, cpu, network, and more; mostly needed in both ends of the spectrum (servers and embedded).
∎ Development was started by engineers at Google in 2006 under the name "process containers”
∎ Merged into kernel 2.6.24 (2008).∎ cgroup core has 3 maintainers, and each cgroup controller has its own maintainer
(cpu memory io)
@liuggio Giulio De Donato
DEMO CGROUPS
https://asciinema.org/a/7w13btk2uethz2e57lgpfz5ymor https://goo.gl/NyPMFJ
3
@liuggio Giulio De Donato
THIS IS A TREE@liuggio Giulio De
Donato
THIS IS A TREE@liuggio Giulio De
Donato
WHAT IS IT?@liuggio Giulio De
Donato
DEMO UFS
apt-get install aufs-tools
https://asciinema.org/~liuggio https://asciinema.org/a/41778
2
@liuggio Giulio De Donato
@liuggio Giulio De Donato
Union File SystemPRO
∎ File level∎ No caches
CONS∎ Bad performance for big files∎ Not in kernel∎ Too much layers costs
merge into a single directory 2 devices Combining a large, read-only file system with small write area (like livecd)
@liuggio Giulio De Donato
ZFS is a combination of a volume manager (like LVM) and a filesystem (like ext4, xfs, or btrfs).ZFS one of the most beloved features of Solaris, universally coveted by every Linux sysadmin with a Solaris background.
● snapshots● copy-on-write cloning● continuous integrity checking against data
corruption● automatic repair● efficient data compression
2016
@liuggio Giulio De Donato
UFS
CGROUPS
namespace
@liuggio Giulio De Donato
THANKS!
@liuggio Giulio De Donato
∎ www.welcometothebundle.com/isolate-a-process-with-no-container-like-docker∎ https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#namespaces ∎ https://www.opencontainers.org/news/faqs/who-will-be-initial-technical-leadership ∎ http://www.cyberciti.biz/faq/unix-linux-chroot-command-examples-usage-syntax/∎ http://s0.cyberciti.org/uploads/faq/2013/01/bash-chroot-ls-demo.gif∎ https://www.flockport.com/lxc-vs-docker/∎ http://ramirose.wix.com/ramirosen∎ https://lwn.net/Articles/532593/∎ https://lwn.net/Articles/531114/∎ https://lwn.net/Articles/531381/∎ https://lwn.net/Articles/528078/∎ https://docs.docker.com/engine/reference/run/∎ http://www.netdevconf.org/1.1/proceedings/slides/rosen-namespaces-cgroups-lxc.pdf∎ https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/∎ https://skillsmatter.com/skillscasts/7101-building-containers-from-scratch-for-fun-and-profit∎ https://docs.oracle.com/cd/E18752_01/html/817-5093/bkupsnapshot-9.html
∎ https://www.flickr.com/photos/15514374@N05/10164384915/in/photolist-guc8vM-eUsLmk-bUx1od-snDG6D-4EdN6w-dRNW5S-92a5Rc-bqLMQX-9W8h5y-b4nUUZ-qBTHgX-qP1gRX-bjCEPC-9tmmnk-eiz69R-dUwHXM-ff6xuP-J1cvu-7FC9CK-5QNat5-sniS97-dmWZqi-9FJL3F-e5QKNc-oaepa3-dHcamQ-4EJPTP-eB42Pm-aywhxM-eSZ6Gv-jhYq8x-cXnWtd-6HXxUg-8ZKp87-5BL32d-7g3EHP-4gc756-cBECqo-oBFK5Y-9fUMLY-e7z58s-oViSZU-pKrEsE-6J2D5b-6HXwrz-6HXxt8-9k3DeV-9k6CLy-qFGW5B-hrxHnf
∎ https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/∎ https://docs.docker.com/engine/userguide/storagedriver/zfs-driver/∎ Presentation template by SlidesCarnival
C R
E D
I T
S
Related Documents
![Docker 101 - techccu.csie.iotechccu.csie.io/2015/slides/frank.pdf · Docker Basics - CLI Docker client docker version docker info docker search [keyword] docker push/pull/commit docker](https://static.cupdf.com/doc/110x72/5f05ce717e708231d414cd40/docker-101-docker-basics-cli-docker-client-docker-version-docker-info-docker.jpg)
