introduction to containers a practical session using core os and docker
TRANSCRIPT
@Wurth PhoenixBozenMay 06, 2016
Introduction to containers:A practical session using
CoreOs and Docker
Alessandro MartelloneSenior Software Engineer@a_martellone
Summary
● Cloud computing stack: IaaS, PaaS, SaaS ● Containers solutions
○ LXC (LinuX Container), Docker, CoreOs, OpenVirtuozzo, Kubernetes....
● CoreOS● Microservices architectures● A practical lab through CoreOS and Docker● Extras: JElastic
○ PaaS: can be defined as a computing platform that allows the creation of applications
quickly and easily and without the complexity of buying and maintaining the software and
infrastructure below it*.
* Rackspace: https://support.rackspace.com/white-paper/understanding-the-cloud-computing-stack-saas-paas-iaas/
INTRODUCTION
Cloud Computing Stack
Virtualization solutions
● The cloud relies on virtualization techniques to achieve elasticity of large scale shared resources.○ On-demand, broad network access, resource pooling, rapid elasticity, measured service.
● Cloud computing is moving from centralised, large-scale data centres to a more distributed multi-cloud.
● Containers are a more lightweight virtualisation concept ( i.e. less resource and time consuming).
● VMs and containers are both virtualisation techniques but solve different problems.
VM ≠ Container
VM ≠ Container The container engine manages just the application and its dependencies.
Hypervisor is a software component that is able to virtualize system resources such as memory, storage, CPUs, networking..
Virtualization solutions● Containers are tools/components/blocks for delivering software. ● Focused on portability, distribution and interoperability.● Whereas, VMs are focused on infrastructure resources virtualisation.● Containers as VMs provide an isolated, discrete and separate space for
applications (memory, storage, network resources) .● Unlike a VM, in a container you are not running a complete instance or
image of an operating system, with kernels, drivers, and shared libraries.
Linux Containers
● First release: 2008● https://linuxcontainers.org/● LXC 1.0 in Ubuntu 14.04 LTS (Long Term
Support)● Namespace isolation: allows groups of
processes to be separated not allowing them to see resources in other groups;
● cgroups (control groups) manage and limit resource access for process groups: multi-tenant isolation. E.g. in Docker by --cgroup-parent it is possible to pass constraints on resources (RAM, CPU,...)
Docker● https://www.docker.com/● Docker builds its solution on LXC techniques.● On root filesystem, it mounts several filesystems on top of
each other (using the union fs), which allows creating new images by building on top of base images. Only the top layer is writeable.
● What are the main Docker components?○ Docker engine: the core. It build, runs and manages
containers;○ Docker hub: platform for sharing Docker containers;○ Docker registry: handles the images (provided with the
Docker hub);○ Docker images: a read-only template;
● Applications can connect to other application/server inside a Docker container by port, through different containers by link.
CoreOS
CoreOS● A minimal Linux distribution, Container-optimized, built to deploy
distributed application across a cluster of nodes.● It supports both Docker and Rkt container runtime.● It provides process isolation and also allows applications to be
moved throughout a cluster easily.● Huge focus on security: CoreOS mission is “Secure the Internet”.● A read-only rootfs.● Automatic updates by A and B partitions.
Supported Platforms● AWS, GCE, Microsoft Azure, OpenStack● Bare metal● Vagrant
CoreOs components● systemd: a system and service
manager used by CoreOs to start, stop and manage processes (ordering and execution of all users processes).
● etcd: a distributed key-value store used by all nodes to share configuration data and services details (e.g. service IP address and port number)
● fleetd: cluster manager that orchestrates services across the cluster.
● Master-slave model● A least-loaded
scheduling algorithm is used to schedule the unit to the appropriate node.
● In order to orchestrate a containers cluster, a solution as Kubernetes is suggested.
Automatic updates● CoreOs relies on the automatic update mechanism to keep the operating
system up-to-date.● A dual partition schema is used
○ An update is applied to the secondary partition while the first is not updated. On reboot,
there is a binary swap from the primary to the secondary partition.
○ If there are issues with the new image, CoreOS automatically rolls back to the working
image.
ACI : Application Container Interface● Rocket or rkt (pronounced "rock-it") is a CLI for running app containers on
Linux.● rkt implements the App Container (appc) specification, supports the
Container Networking Interface specification, and can also run Docker images.○ appc is an open specification that defines several aspects of how to run applications in
containers: an image format, runtime environment, and discovery protocol.
● Qauy.io belongs to the CoreOS family and it provides a private image repository which supports Docker and Rkt images.○ It is a competitor of Docker Hub
Microservices architecture and cloud app in a nutshell
Microservices architectures
● From http://martinfowler.com/articles/microservices.html
1. Usually, a monolithic app is divided by functional layers, such as web, business, and data.
2. You scale a monolithic app by cloning it on multiple servers/VMs/containers.
3. A microservice application separates functionality into separate smaller services.
4. This approach scales out by deploying each service independently, creating instances of these services across servers/VMs/containers.
● By default, containers do not persist data!● In this case we should use databases, filesystem on host ( :-( ) or shared (e.g
GlusterFS, NFS,...)● Scaling DBs : e.g. by Galera cluster● Load balancing
○ In order to have a resilient service, we should avoid SPFs. ○ A way to achieve this could be to move your service behind a load balancer.
● Caching● Message Queue● Worker-based system● We should consider that compared to a monolithic architecture it
introduces additional complexity to handle it.
Lab
Setup● https://github.com/amartellone/coreos-vagrant● The project is a “working progress”. Any comment, hints or bug
fixes are welcome.● The lab environment is based on a VM on VirtualBox where a single
CoreOS node is installed.● The lab is tested with VirtualBox (version >= 5.0.1), Vagrant (version
>= 1.8)● If you want to "play" with CoreOS and Docker, please have a look at
https://github.com/amartellone/coreos-vagrant/blob/master/Exercises.md
Extras: JElastic
Elastx
● Elastx is a public cloud provider based in Sweden: http://elastx.com/
● It supports with its infrastructure the live demo○ Elastx offers two public cloud platforms: Jelastic (PaaS) and Openstack
(IaaS ). Both fully are automated and supported by our highly technical staff 24x7.
○ Tier 3 data-centers○ Fully redundant infrastructure○ At least 20Gbps node connectivity○ Storage is built on 100% Solid State Disk!
JelasticJelastic can be deployed on physical nodes (bare metal servers) or VMs hosted on a third party IaaS solutions such as OpenStack, vSphere, AWS, Azure and so on. Each node contains a number of containers managed by the Cluster Orchestator.
The consumption unit (hourly based) is the cloudlets: 128 MB RAM, 200 MHz CPU.
Jelastic is based on Open Virtuozzo Containers for Linux on CentOS.
References● https://support.rackspace.com/white-paper/understanding-the-cloud-computing-stack-saas-paas-
iaas/● http://www.computing.dcu.ie/~cpahl/papers/CCM-2015-Pahl-Containers-PaaS-Cloud.pdf● http://www.computing.dcu.ie/~cpahl/papers/FICloud15-EdgeCloudContainer-Pahl.pdf● https://linuxcontainers.org/lxc/introduction/● https://www.virtualization.info● https://en.wikipedia.org/wiki/UnionFS● https://docs.docker.com/engine/understanding-docker/● https://openvz.org/Main_Page● https://docs.jelastic.com/● https://coreos.com/docs/● https://www.digitalocean.com/community/tutorials/an-introduction-to-coreos-system-components● http://martinfowler.com/articles/microservices.html● https://docs.docker.com/engine/reference/run/● https://azure.microsoft.com/en-us/documentation/articles/service-fabric-overview-microservices/●
Any questions?
ContactsAlessandro Martellone@[email protected]