you call that micro, mr. docker? how osv and unikernels help micro-services stay micro
TRANSCRIPT
YOU CALL THAT MICRO, MR. DOCKER? HOW OSV AND UNIKERNELS HELP MICRO-SERVICES STAY MICRO
Roman Shaposhnik @rhatr, Pivotal Inc.
It is 2015 and everybody loves PaaS
Cloud Foundry
No, but seriously?
myApp $ cf push …
service #N
service #1
…
service #Z
service #M
…
Forget OOP, it is 0xCOP (12factor.net) • Codebase • Dependencies • Config • Backing services • Build, deploy, run • Stateless processes
• Port binding • Concurrency • Disposability • Dev == prod • Logs == streams • Admin processes
Forget OOP, it is 0xCOP (12factor.net) • Codebase • Dependencies • Config • Backing services • Build, deploy, run • Stateless processes
• Port binding • Concurrency • Disposability • Dev == prod • Logs == streams • Admin processes
What about stateful?
HDFS
Zookeeper
HBase region server
… I am alive Who Am I? What do I do?
HBase region server
And when it fails?
HDFS
Zookeeper
HBase region server
… Node died You, pitch in! Aye, aye captain
μservice-‐based deployment
HDFS
Zookeeper
HBase region server
… I am alive Who Am I? What do I do?
HBase region server
Lets zoom in
…
service #N
service #1
Anatomy of a μservice
Hardware
“Stuff”
[Java] Virtual Machine
μservice code
How are we doing it today?
Hardware
pkg1
[Java] Virtual Machine
μservice code
pkgN …………. “OS” Linux kernel
Puppet, Chef
Huge VM image
Is there a beber way?
vHardware
Hardware
[Java] Virtual Machine libFS, libC, libJVM
μservice code
Applicacon-‐specific stacc linking
Tiny VM image AKA unikernel
Hardware-‐assisted virtualizacon
What the heck is a FOOkernel? • What OS design courses have taught us? – microkernels vs. monolithic kernels
• What did they lef behind? – exokernels, nano
• What they should’ve taught us instead: – unikernels, anykernels
Unikernels • “Unikernels: library operacng systems for the cloud” came out in 2013
• A “library” operacng system • A kernel that can only support one process
Anykernels • Programming discipline for kernel code reuse • “The Design and Implementacon of the Anykernel and Rump Kernels” by A. Kantee
• Capabilices – NetBSD filesystems as Linux processes – User-‐space TCP/IP stack
• Building blocks for… any kernels
OSv from Cloudius Systems • A unikernel for “POSIX” and memory managed planorms (JVM, Go, Lua)
• Anykernel’ish – E.g. ZFS
• Runs on top of KVM, Xen, VirtualBox, VMWare • Looks like an app to the host OS • Small, fast and easy to manage at scale
OSv manifesto • Run exiscng Linux applicacons • Run exiscng Linux applicacons faster • Make boot cme ~= exec cme • Explore APIs beyond POSIX • Leverage memory managed planorms (JVM, Go) • Stay open
What’s inside?
single address space in “kernel mode”
“kernel threads” “user threads”
disk ZFS virco C++ kernel code
dynamic linker
libjvm.so ifconfig.so
TCP/IP
iface
Anything it can’t do? • A 100% replacement for a Linux kernel – No fork()ing
• No process isolacon • The least amount of device drivers ever
Virtualizacon vs. performance • Network-‐intensive apps: – unmodified: 25% gain in throughput 47% decrease in latency
– non-‐POSIX APIs use for Memcached: 290% increase in performance
• Compute-‐intensive apps: – YMMV
Van Jacabson’s net channels socket
TCP
IP
iface
socket
TCP
IP
iface
lock
lock
lock
Tradiconal TCP/IP stack
app thread kernel (IRQ)
send/recv
socket
TCP
IP
iface
channel
classifier
iface
lock
OSv TCP/IP stack
app thread kernel (IRQ)
send/recv
Memory management in UNIX
OS Memory
Process Memory
JVM Heap
Process Memory
JVM Heap
Memory management in OSv
OS Memory
Process Memory
JVM Heap
JVM balooning (no more -‐Xmx)
JVM Heap
OS object
Turbo charging JVM GC
object 1 object 2
Turbo charging JVM GC
object 1 object 2
Turbo charging JVM GC
object 1 object 2
CPU MMU assisted tracking table
But what about Docker?
Jailed FS, net, etc.
Hardware
[Java] Virtual Machine libFS, libC, libJVM
μservice code
Applicacon-‐specific stacc linking
Docker image
Common, shared kernel
Docker != LXC • $ docker run roman/PetClinic • Socially-‐driven image sharing
Ubuntu 14.04
Canonical
Tomcat
Pivotal
Go
PetClinic
Roman
PetClinic
service #N
service #1 $ docker run
Why should it work this cme? • Unikernels/exokernels back in ’90 • JVM-‐on-‐bare-‐metal (Azul, BEA, etc.) back in ‘00 • Things they didn’t have back then – HW-‐assisted virtualizacon (KVM, XEN, etc.) – Elascc infrastructure oriented architectures – Cloud Foundry
No, really we need PaaS
No, really we need PaaS
Elascc, next generacon datacenter • Commodity, rack-‐provisioned Hardware • Commodity, JeOS to get to Docker++ – CoreOS, SmartOS
• Docker++ as a common backed – Osv
• Cloud Foundry to rule them all
Finally killing DevOps • Ops (IT) maintains the bare OS • Devs maintain the μservices • PaaS maps μservices to images and orchestrates
Finally killing DevOps • Ops (IT) maintains the bare OS • Devs maintain the μservices • PaaS maps μservices to images and orchestrates
Guinea pigs so far • Cloudius – Memcached – Apache Cassandra – Redis
• Pivotal – Apache Geode (incubacng)
Apache Geode (incubacng) • Formerly known as Gemfire • Distributed, fully consistent, in-‐memory database/cache system with transaccons
• Key-‐value client API • Java based • Peer-‐to-‐peer distributed system
Quescons?
By @cloud_opinion Imagine no planorms I wonder if you can No need for PAAS or IAAS A brotherhood of bare metal Imagine there is no VM It's easy if you try No host below us Above us only apps
