SlideShare uma empresa Scribd logo

Docker storage drivers by Jérôme Petazzoni

Docker, Inc.
Docker, Inc.

The first release of Docker only supported AUFS, and AUFS was available (out of the box) only on Debian and Ubuntu kernel. Then Red Hat wanted Docker to run on its distros, and contributed the Device Mapper driver, and later the BTRFS driver, and recently the overlayfs driver. Jérôme presents how those drivers compare from a high-level perspective, explaining their pros and cons. Then he showed each driver in action, and look at low-level implementation details. We won't dive into the golang implementation code itself, but we will explain the concepts of each driver. This will help to better understand how they work, and give some hints when it comes to troubleshoot their behaviour.

Tecnologia
1 de 71
Baixar para ler offline
Deep dive into Docker storage drivers * Jérôme Petazzoni - @jpetazzo Docker - @docker 1 / 71
Not so deep dive into Docker storage drivers * Jérôme Petazzoni - @jpetazzo Docker - @docker 2 / 71
Who am I? @jpetazzo Tamer of Unicorns and Tinkerer Extraordinaire¹ Grumpy French DevOps person who loves Shell scripts Go Away Or I Will Replace You Wiz Le Very Small Shell Script Some experience with containers (built and operated the dotCloud PaaS) ¹ At least one of those is actually on my business card 3 / 71
Outline Extremely short intro to Docker Short intro to copy-on-write History of Docker storage drivers AUFS, BTRFS, Device Mapper, Overlayfs, VFS Conclusions 4 / 71
Extremely short intro to Docker 5 / 71
What's Docker? A platform made of the Docker Engine and the Docker Hub The Docker Engine is a runtime for containers It's Open Source, and written in Go http://www.slideshare.net/jpetazzo/docker-and-go-why-did-we-decide-to-write-docker-in-go It's a daemon, controlled by a REST-ish API What is this, I don't even?!? Check the recording of this online "Docker 101" session: https://www.youtube.com/watch?v=pYZPd78F4q4 6 / 71
If you've never seen Docker in action ... This will help! jpetazzo@tarrasque:~$dockerrun-tipythonbash root@75d4bf28c8a5:/#pipinstallIPython Downloading/unpackingIPython Downloadingipython-2.3.1-py3-none-any.whl(2.8MB):2.8MBdownloaded Installingcollectedpackages:IPython SuccessfullyinstalledIPython Cleaningup... root@75d4bf28c8a5:/#ipython Python3.4.2(default,Jan222015,07:33:45) Type"copyright","credits"or"license"formoreinformation. IPython2.3.1--AnenhancedInteractivePython. ? ->IntroductionandoverviewofIPython'sfeatures. %quickref->Quickreference. help ->Python'sownhelpsystem. object? ->Detailsabout'object',use'object??'forextradetails. In[1]: 7 / 71
What happened here? We created a container (~lightweight virtual machine), with its own: filesystem (based initially on a pythonimage) network stack process space We started with a bashprocess (no init, no systemd, no problem) We installed IPython with pip, and ran it 8 / 71
What did not happen here? We did not make a full copy of the pythonimage The installation was done in the container, not the image: We did not modify the pythonimage itself We did not affect any other container (currently using this image or any other image) 9 / 71
How is this important? We used a copy-on-write mechanism (Well, Docker took care of it for us) Instead of making a full copy of the pythonimage, keep track of changes between this image and our container Huge disk space savings (1 container = less than 1 MB) Huge time savings (1 container = less than 0.1s to start) 10 / 71
Short intro to copy-on-write 11 / 71
History Warning: I'm not a computer historian. Those random bits are not exhaustive. 12 / 71
Copy-on-write for memory (RAM) fork()(process creation) Create a new process quickly ... even if it's using many GBs of RAM Actively used by e.g. Redis SAVE, to obtain consistent snapshots mmap()(mapped files) with MAP_PRIVATE Changes are visible only to current process Private maps are fast, even on huge files Granularity: 1 page at a time (generally 4 KB) 13 / 71
Copy-on-write for memory (RAM) How does it work? Thanks to the MMU! (Memory Management Unit) Each memory access goes through it Translates memory accesses (location¹ + operation²) into: actual physical location or, alternatively, a page fault ¹ Location = address = pointer ² Operation = read, write, or exec 14 / 71
Page faults When a page faults occurs, the MMU notifies the OS. Then what? Access to non-existent memory area = SIGSEGV (a.k.a. "Segmentation fault" a.k.a. "Go and learn to use pointers") Access to swapped-out memory area = load it from disk (a.k.a. "My program is now 1000x slower") Write attempt to code area = seg fault (sometimes) Write attempt to copy area = deduplication operation Then resume the initial operation as if nothing happened Can also catch execution attempt in no-exec area (e.g. stack, to protect against some exploits) 15 / 71
Copy-on-write for storage (disk) Initially used (I think) for snapshots (E.g. to take a consistent backup of a busy database, making sure that nothing was modified between the beginning and the end of the backup) Initially available (I think) on external storage (NAS, SAN) (Because It's Complicated) 16 / 71
Copy-on-write for storage (disk) Initially used (I think) for snapshots (E.g. to take a consistent backup of a busy database, making sure that nothing was modified between the beginning and the end of the backup) Initially available (I think) on external storage (NAS, SAN) (Because It's Complicated) Suddenly, Wild CLOUD appeared! 17 / 71
Thin provisioning for VMs¹ Put system image on copy-on-write storage For each machine¹, create copy-on-write instance If the system image contains a lot of useful software, people will almost never need to install extra stuff Each extra machine will only need disk space for data! WIN $$$ (And performance, too, because of caching) ¹ Not only VMs, but also physical machines with netboot, and containers! 18 / 71
Modern copy-on-write on your desktop (In no specific order; non-exhaustive list) LVM (Logical Volume Manager) on Linux ZFS on Solaris, then FreeBSD, Linux ... BTRFS on Linux AUFS, UnionMount, overlayfs ... Virtual disks in VM hypervisors 19 / 71
Copy-on-write and Docker: a love story Without copy-on-write... it would take forever to start a container containers would use up a lot of space Without copy-on-write "on your desktop"... Docker would not be usable on your Linux machine There would be no Docker at all. And no meet-up here tonight. And we would all be shaving yaks instead. ☹ 20 / 71
Thank you: Junjiro R. Okajima (and other AUFS contributors) Chris Mason (and other BTRFS contributors) Jeff Bonwick, Matt Ahrens (and other ZFS contributors) Miklos Szeredi (and other overlayfs contributors) The many contributors to Linux device mapper, thinp target, etc. ... And all the other giants whose shoulders we're sitting on top of, basically 21 / 71
History of Docker storage drivers 22 / 71
First came AUFS Docker used to be dotCloud (PaaS, like Heroku, Cloud Foundry, OpenShift...) dotCloud started using AUFS in 2008 (with vserver, then OpenVZ, then LXC) Great fit for high density, PaaS applications (More on this later!) 23 / 71
AUFS is not perfect Not in mainline kernel Applying the patches used to be exciting ... especially in combination with GRSEC ... and other custom fancery like setns() 24 / 71
But some people believe in AUFS! dotCloud, obviously Debian and Ubuntu use it in their default kernels, for Live CD and similar use cases: Your root filesystem is a copy-on-write between - the read-only media (CD, DVD...) - and a read-write media (disk, USB stick...) As it happens, we also ♥ Debian and Ubuntu very much First version of Docker is targeted at Ubuntu (and Debian) 25 / 71
Then, some people started to believe in Docker Red Hat users demanded Docker on their favorite distro Red Hat Inc. wanted to make it happen ... and contributed support for the Device Mapper driver ... then the BTRFS driver ... then the overlayfs driver Note: other contributors also helped tremendously! 26 / 71
Special thanks: Alexander Larsson Vincent Batts + all the other contributors and maintainers, of course (But those two guys have played an important role in the initial support, then maintenance, of the BTRFS, Device Mapper, and overlay drivers. Thanks again!) 27 / 71
Let's see each storage driver in action 28 / 71
AUFS 29 / 71
In Theory Combine multiple branches in a specific order Each branch is just a normal directory You generally have: at least one read-only branch (at the bottom) exactly one read-write branch (at the top) (But other fun combinations are possible too!) 30 / 71
When opening a file... With O_RDONLY- read-only access: look it up in each branch, starting from the top open the first one we find With O_WRONLYor O_RDWR- write access: look it up in the top branch; if it's found here, open it otherwise, look it up in the other branches; if we find it, copy it to the read-write (top) branch, then open the copy That "copy-up" operation can take a while if the file is big! 31 / 71
When deleting a file... A whiteout file is created (if you know the concept of "tombstones", this is similar) #dockerrunubunturm/etc/shadow #ls-la/var/lib/docker/aufs/diff/$(dockerps--no-trunc-lq)/etc total8 drwxr-xr-x2rootroot4096Jan2715:36. drwxr-xr-x5rootroot4096Jan2715:36.. -r--r--r--2rootroot 0Jan2715:36.wh.shadow 32 / 71
In Practice The AUFS mountpoint for a container is /var/lib/docker/aufs/mnt/$CONTAINER_ID/ It is only mounted when the container is running The AUFS branches (read-only and read-write) are in /var/lib/docker/aufs/diff/$CONTAINER_OR_IMAGE_ID/ All writes go to /var/lib/docker dockerhost#df-h/var/lib/docker Filesystem Size UsedAvailUse%Mountedon /dev/xvdb 15G 4.8G 9.5G 34%/mnt 33 / 71
Under the hood To see details about an AUFS mount: look for its internal ID in /proc/mounts look in /sys/fs/aufs/si_.../br* each branch (except the two top ones) translates to an image 34 / 71
Example dockerhost#grepc7af/proc/mounts none/mnt/.../c7af...a63daufsrw,relatime,si=2344a8ac4c6c6e5500 dockerhost#grep./sys/fs/aufs/si_2344a8ac4c6c6e55/br[0-9]* /sys/fs/aufs/si_2344a8ac4c6c6e55/br0:/mnt/c7af...a63d=rw /sys/fs/aufs/si_2344a8ac4c6c6e55/br1:/mnt/c7af...a63d-init=ro+wh /sys/fs/aufs/si_2344a8ac4c6c6e55/br2:/mnt/b39b...a462=ro+wh /sys/fs/aufs/si_2344a8ac4c6c6e55/br3:/mnt/615c...520e=ro+wh /sys/fs/aufs/si_2344a8ac4c6c6e55/br4:/mnt/8373...cea2=ro+wh /sys/fs/aufs/si_2344a8ac4c6c6e55/br5:/mnt/53f8...076f=ro+wh /sys/fs/aufs/si_2344a8ac4c6c6e55/br6:/mnt/5111...c158=ro+wh dockerhost#dockerinspect--format{{.Image}}c7af b39b81afc8cae27d6fc7ea89584bad5e0ba792127597d02425eaee9f3aaaa462 dockerhost#dockerhistory-qb39b b39b81afc8ca 615c102e2290 837339b91538 53f858aaaf03 511136ea3c5a 35 / 71
Performance, tuning AUFS mount()is fast, so creation of containers is quick Read/write access has native speeds But initial open()is expensive in two scenarios: when writing big files (log files, databases ...) with many layers + many directories in PATH (dynamic loading, anyone?) Protip: when we built dotCloud, we ended up putting all important data on volumes When starting the same container 1000x, the data is loaded only once from disk, and cached only once in memory (but dentrieswill be duplicated) 36 / 71
Device Mapper 37 / 71
Preamble Device Mapper is a complex subsystem; it can do: RAID encrypted devices snapshots (i.e. copy-on-write) and some other niceties In the context of Docker, "Device Mapper" means "the Device Mapper system + its thin provisioning target" (sometimes noted "thinp") 38 / 71
In theory Copy-on-write happens on the block level (instead of the file level) Each container and each image gets its own block device At any given time, it is possible to take a snapshot: of an existing container (to create a frozen image) of an existing image (to create a container from it) If a block has never been written to: it's assumed to be all zeros it's not allocated on disk (hence "thin" provisioning) 39 / 71
In practice The mountpoint for a container is /var/lib/docker/devicemapper/mnt/$CONTAINER_ID/ It is only mounted when the container is running The data is stored in two files, "data" and "metadata" (More on this later) Since we are working on the block level, there is not much visibility on the diffs between images and containers 40 / 71
Under the hood dockerinfowill tell you about the state of the pool (used/available space) List devices with dmsetupls Device names are prefixed with docker-MAJ:MIN-INO MAJ, MIN, and INO are derived from the block major, block minor, and inode number where the Docker data is located (to avoid conflict when running multiple Docker instances, e.g. with Docker-in-Docker) Get more info about them with dmsetupinfo, dmsetupstatus (you shouldn't need this, unless the system is badly borked) Snapshots have an internal numeric ID /var/lib/docker/devicemapper/metadata/$CONTAINER_OR_IMAGE_ID is a small JSON file tracking the snapshot ID and its size 41 / 71
Extra details Two storage areas are needed: one for data, another for metadata "data" is also called the "pool"; it's just a big pool of blocks (Docker uses the smallest possible block size, 64 KB) "metadata" contains the mappings between virtual offsets (in the snapshots) and physical offsets (in the pool) Each time a new block (or a copy-on-write block) is written, a block is allocated from the pool When there are no more blocks in the pool, attempts to write will stall until the pool is increased (or the write operation aborted) 42 / 71
Performance By default, Docker puts data and metadata on a loop device backed by a sparse file This is great from a usability point of view (zero configuration needed) But terrible from a performance point of view: each time a container writes to a new block, a block has to be allocated from the pool, and when it's written to, a block has to be allocated from the sparse file, and sparse file performance isn't great anyway 43 / 71
Tuning Do yourself a favor: if you use Device Mapper, put data (and metadata) on real devices! stop Docker change parameters wipe out /var/lib/docker(important!) restart Docker docker-d--storage-optdm.datadev=/dev/sdb1--storage-optdm.metadatadev=/dev/sdc1 44 / 71
More tuning Each container gets its own block device with a real FS on it So you can also adjust (with --storage-opt): filesystem type filesystem size discard(more on this later) Caveat: when you start 1000x containers, the files will be loaded 1000x from disk! 45 / 71
See also https://www.kernel.org/doc/Documentation/device-mapper/thin-provisioning.txt https://github.com/docker/docker/tree/master/daemon/graphdriver/devmapper http://en.wikipedia.org/wiki/Sparse_file http://en.wikipedia.org/wiki/Trim_%28computing%29 46 / 71
BTRFS 47 / 71
In theory Do the whole "copy-on-write" thing at the filesystem level Create¹ a "subvolume" (imagine mkdirwith Super Powers) Snapshot¹ any subvolume at any given time BTRFS integrates the snapshot and block pool management features at the filesystem level, instead of the block device level ¹ This can be done with the btrfstool. 48 / 71
In practice /var/lib/dockerhas to be on a BTRFS filesystem! The BTRFS mountpoint for a container or an image is /var/lib/docker/btrfs/subvolumes/$CONTAINER_OR_IMAGE_ID/ It should be present even if the container is not running Data is not written directly, it goes to the journal first (in some circumstances¹, this will affect performance) ¹ E.g. uninterrupted streams of writes. The performance will be half of the "native" performance. 49 / 71
Under the hood BTRFS works by dividing its storage in chunks A chunk can contain meta or metadata You can run out of chunks (and get Nospacelefton device) even though dfshows space available (because the chunks are not full) Quick fix: #btrfsfilesysbalancestart-dusage=1/var/lib/docker 50 / 71
Performance, tuning Not much to tune Keep an eye on the output of btrfsfilesysshow! This filesystem is doing fine: #btrfsfilesysshow Label:none uuid:80b37641-4f4a-4694-968b-39b85c67b934 Totaldevices1FSbytesused4.20GiB devid 1size15.25GiBused6.04GiBpath/dev/xvdc This one, however, is full (no free chunk) even though there is not that much data on it: #btrfsfilesysshow Label:none uuid:de060d4c-99b6-4da0-90fa-fb47166db38b Totaldevices1FSbytesused2.51GiB devid 1size87.50GiBused87.50GiBpath/dev/xvdc 51 / 71
Overlayfs 52 / 71
Preamble What with the grayed fs? It used to be called (and have filesystem type) overlayfs When it was merged in 3.18, this was changed to overlay 53 / 71
In theory This is just like AUFS, with minor differences: only two branches (called "layers") but branches can be overlays themselves 54 / 71
In practice You need kernel 3.18 On Ubuntu¹: go to http://kernel.ubuntu.com/~kernel-ppa/mainline/ locate the most recent directory, e.g. v3.18.4-vidi download the linux-image-..._amd64.debfile dpkg-ithat file, reboot, enjoy ¹ Adapatation to other distros left as an exercise for the reader. 55 / 71
Under the hood Images and containers are materialized under /var/lib/docker/overlay/$ID_OF_CONTAINER_OR_IMAGE Images just have a rootsubdirectory (containing the root FS) Containers have: lower-id→ file containing the ID of the image merged/→ mount point for the container (when running) upper/→ read-write layer for the container work/→ temporary space used for atomic copy-up 56 / 71
Performance, tuning Implementation detail: identical files are hardlinked between images (this avoids doing composed overlays) Not much to tune at this point Performance should be slightly better than AUFS: no stat()explosion good memory use slow copy-up, still (nobody's perfect) 57 / 71
VFS 58 / 71
In theory No copy on write. Docker does a full copy each time! Doesn't rely on those fancy-pesky kernel features Good candidate when porting Docker to new platforms (think FreeBSD, Solaris...) Space inefficient, slow 59 / 71
In practice Might be useful for production setups (If you don't want / cannot use volumes, and don't want / cannot use any of the copy-on-write mechanisms!) 60 / 71
Conclusions 61 / 71
The nice thing about Docker storage drivers, is that there are so many of them to choose from. 62 / 71
What do, what do? If you do PaaS or other high-density environment: AUFS (if available on your kernel) overlayfs (otherwise) If you put big writable files on the CoW filesystem: BTRFS or Device Mapper (pick the one you know best) Wait, really, you want me to pick one!?! 63 / 71
Bottom line 64 / 71
The best storage driver to run your production will be the one with which you and your team have the most extensive operational experience. 65 / 71
Bonus track discardand TRIM 66 / 71
TRIM Command sent to a SSD disk, to tell it: "that block is not in use anymore" Useful because on SSD, erase is very expensive (slow) Allows the SSD to pre-erase cells in advance (rather than on-the-fly, just before a write) Also meaningful on copy-on-write storage (if/when every snapshots as trimmed a block, it can be freed) 67 / 71
discard Filesystem option meaning: "can I has TRIMon this pls" Can be enabled/disabled at any time Filesystem can also be trimmed manually with fstrim (even while mounted) 68 / 71
The discardquandary discardworks on Device Mapper + loopback devices ... but is particularly slow on loopback devices (the loopback file needs to be "re-sparsified" after container or image deletion, and this is a slow operation) You can turn it on or off depending on your preference 69 / 71
That's all folks! 70 / 71
Questions? To get those slides, follow me on twitter: @jpetazzo Yes, this is a particularly evil scheme to increase my follower count Also WE ARE HIRING! infrastructure (servers, metal, and stuff) QA (get paid to break things!) Python (Docker Hub and more) Go (Docker Engine and more) Rumor says Docker UK office might be hiring but what do I know! (I know nothing, except that you should send your resume to jobs@docker.com) 71 / 71

Recomendados

Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-timeNational Cheng Kung University
 
Linux Memory Management
Linux Memory ManagementLinux Memory Management
Linux Memory ManagementNi Zo-Ma
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabTaeung Song
 
Lightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSLightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSJérôme Petazzoni
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracingViller Hsiao
 

Recomendados

Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-timeNational Cheng Kung University
 
Linux Memory Management
Linux Memory ManagementLinux Memory Management
Linux Memory ManagementNi Zo-Ma
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Neeraj Shrimali
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabTaeung Song
 
Lightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSLightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSJérôme Petazzoni
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracingViller Hsiao
 
P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
 
Linux Initialization Process (2)
Linux Initialization Process (2)Linux Initialization Process (2)
Linux Initialization Process (2)shimosawa
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functionsHungWei Chiu
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux InterruptsKernel TLV
 
Linux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance ShowdownLinux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance ShowdownScyllaDB
 
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsiRoom 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsiVietnam Open Infrastructure User Group
 
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introductionACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introductionProject ACRN
 
BlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephBlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephSage Weil
 
Linux-HA Japanプロジェクトのこれまでとこれから
Linux-HA JapanプロジェクトのこれまでとこれからLinux-HA Japanプロジェクトのこれまでとこれから
Linux-HA Japanプロジェクトのこれまでとこれからksk_ha
 
A crash course in CRUSH
A crash course in CRUSHA crash course in CRUSH
A crash course in CRUSHSage Weil
 
YOW2021 Computing Performance
YOW2021 Computing PerformanceYOW2021 Computing Performance
YOW2021 Computing PerformanceBrendan Gregg
 
Linux Kernel Init Process
Linux Kernel Init ProcessLinux Kernel Init Process
Linux Kernel Init ProcessKernel TLV
 
Rootless Containers
Rootless ContainersRootless Containers
Rootless ContainersAkihiro Suda
 
Ceph scale testing with 10 Billion Objects
Ceph scale testing with 10 Billion ObjectsCeph scale testing with 10 Billion Objects
Ceph scale testing with 10 Billion ObjectsKaran Singh
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntuSim Janghoon
 
Ceph as software define storage
Ceph as software define storageCeph as software define storage
Ceph as software define storageMahmoud Shiri Varamini
 
Docker活用パターンの整理 ― どう組み合わせるのが正解?!
Docker活用パターンの整理 ― どう組み合わせるのが正解?!Docker活用パターンの整理 ― どう組み合わせるのが正解?!
Docker活用パターンの整理 ― どう組み合わせるのが正解?!Etsuji Nakai
 
LCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
LCA14: LCA14-306: CPUidle & CPUfreq integration with schedulerLCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
LCA14: LCA14-306: CPUidle & CPUfreq integration with schedulerLinaro
 
[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilion[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilionAkihiro Suda
 
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Docker Intro at the Google Developer Group and Google Cloud Platform Meet UpDocker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Docker Intro at the Google Developer Group and Google Cloud Platform Meet UpJérôme Petazzoni
 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Docker, Inc.
 

Mais conteúdo relacionado

Mais procurados

P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
 
Linux Initialization Process (2)
Linux Initialization Process (2)Linux Initialization Process (2)
Linux Initialization Process (2)shimosawa
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functionsHungWei Chiu
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux InterruptsKernel TLV
 
Linux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance ShowdownLinux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance ShowdownScyllaDB
 
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsiRoom 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsiVietnam Open Infrastructure User Group
 
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introductionACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introductionProject ACRN
 
BlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephBlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephSage Weil
 
Linux-HA Japanプロジェクトのこれまでとこれから
Linux-HA JapanプロジェクトのこれまでとこれからLinux-HA Japanプロジェクトのこれまでとこれから
Linux-HA Japanプロジェクトのこれまでとこれからksk_ha
 
A crash course in CRUSH
A crash course in CRUSHA crash course in CRUSH
A crash course in CRUSHSage Weil
 
YOW2021 Computing Performance
YOW2021 Computing PerformanceYOW2021 Computing Performance
YOW2021 Computing PerformanceBrendan Gregg
 
Linux Kernel Init Process
Linux Kernel Init ProcessLinux Kernel Init Process
Linux Kernel Init ProcessKernel TLV
 
Rootless Containers
Rootless ContainersRootless Containers
Rootless ContainersAkihiro Suda
 
Ceph scale testing with 10 Billion Objects
Ceph scale testing with 10 Billion ObjectsCeph scale testing with 10 Billion Objects
Ceph scale testing with 10 Billion ObjectsKaran Singh
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntuSim Janghoon
 
Docker活用パターンの整理 ― どう組み合わせるのが正解?!
Docker活用パターンの整理 ― どう組み合わせるのが正解?!Docker活用パターンの整理 ― どう組み合わせるのが正解?!
Docker活用パターンの整理 ― どう組み合わせるのが正解?!Etsuji Nakai
 
LCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
LCA14: LCA14-306: CPUidle & CPUfreq integration with schedulerLCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
LCA14: LCA14-306: CPUidle & CPUfreq integration with schedulerLinaro
 
[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilion[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilionAkihiro Suda
 

Mais procurados (20)

P2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctlP2P Container Image Distribution on IPFS With containerd and nerdctl
P2P Container Image Distribution on IPFS With containerd and nerdctl
 
Linux Initialization Process (2)
Linux Initialization Process (2)Linux Initialization Process (2)
Linux Initialization Process (2)
 
Overview of kubernetes network functions
Overview of kubernetes network functionsOverview of kubernetes network functions
Overview of kubernetes network functions
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCC
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux Interrupts
 
Linux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance ShowdownLinux Kernel vs DPDK: HTTP Performance Showdown
Linux Kernel vs DPDK: HTTP Performance Showdown
 
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsiRoom 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
 
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introductionACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
ACRN vMeet-Up EU 2021 - shared memory based inter-vm communication introduction
 
BlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for CephBlueStore: a new, faster storage backend for Ceph
BlueStore: a new, faster storage backend for Ceph
 
Linux-HA Japanプロジェクトのこれまでとこれから
Linux-HA JapanプロジェクトのこれまでとこれからLinux-HA Japanプロジェクトのこれまでとこれから
Linux-HA Japanプロジェクトのこれまでとこれから
 
A crash course in CRUSH
A crash course in CRUSHA crash course in CRUSH
A crash course in CRUSH
 
YOW2021 Computing Performance
YOW2021 Computing PerformanceYOW2021 Computing Performance
YOW2021 Computing Performance
 
Linux Kernel Init Process
Linux Kernel Init ProcessLinux Kernel Init Process
Linux Kernel Init Process
 
Rootless Containers
Rootless ContainersRootless Containers
Rootless Containers
 
Ceph scale testing with 10 Billion Objects
Ceph scale testing with 10 Billion ObjectsCeph scale testing with 10 Billion Objects
Ceph scale testing with 10 Billion Objects
 
Kvm performance optimization for ubuntu
Kvm performance optimization for ubuntuKvm performance optimization for ubuntu
Kvm performance optimization for ubuntu
 
Ceph as software define storage
Ceph as software define storageCeph as software define storage
Ceph as software define storage
 
Docker活用パターンの整理 ― どう組み合わせるのが正解?!
Docker活用パターンの整理 ― どう組み合わせるのが正解?!Docker活用パターンの整理 ― どう組み合わせるのが正解?!
Docker活用パターンの整理 ― どう組み合わせるのが正解?!
 
LCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
LCA14: LCA14-306: CPUidle & CPUfreq integration with schedulerLCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
LCA14: LCA14-306: CPUidle & CPUfreq integration with scheduler
 
[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilion[KubeConEU2023] Lima pavilion
[KubeConEU2023] Lima pavilion
 

Semelhante a Docker storage drivers by Jérôme Petazzoni

Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Docker Intro at the Google Developer Group and Google Cloud Platform Meet UpDocker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Docker Intro at the Google Developer Group and Google Cloud Platform Meet UpJérôme Petazzoni
 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Docker, Inc.
 
LXC Containers and AUFs
LXC Containers and AUFsLXC Containers and AUFs
LXC Containers and AUFsDocker, Inc.
 
Scale11x lxc talk
Scale11x lxc talkScale11x lxc talk
Scale11x lxc talkdotCloud
 
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleIntroduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleJérôme Petazzoni
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014Carlo Bonamico
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linuxsureskal
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
 
OSDC 2016 - Interesting things you can do with ZFS by Allan Jude&Benedict Reu...
OSDC 2016 - Interesting things you can do with ZFS by Allan Jude&Benedict Reu...OSDC 2016 - Interesting things you can do with ZFS by Allan Jude&Benedict Reu...
OSDC 2016 - Interesting things you can do with ZFS by Allan Jude&Benedict Reu...NETWAYS
 
Docker intro
Docker introDocker intro
Docker introOleg Z
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesJérôme Petazzoni
 
All Things Open 2015: DOCKER: EVERYTHING YOU SHOULD KNOW
All Things Open 2015: DOCKER: EVERYTHING YOU SHOULD KNOWAll Things Open 2015: DOCKER: EVERYTHING YOU SHOULD KNOW
All Things Open 2015: DOCKER: EVERYTHING YOU SHOULD KNOWDocker, Inc
 
Introduction to Linux for bioinformatics
Introduction to Linux for bioinformaticsIntroduction to Linux for bioinformatics
Introduction to Linux for bioinformaticsBITS
 
Docker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupJérôme Petazzoni
 

Semelhante a Docker storage drivers by Jérôme Petazzoni (20)

Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Docker Intro at the Google Developer Group and Google Cloud Platform Meet UpDocker Intro at the Google Developer Group and Google Cloud Platform Meet Up
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?
 
LXC Containers and AUFs
LXC Containers and AUFsLXC Containers and AUFs
LXC Containers and AUFs
 
Scale11x lxc talk
Scale11x lxc talkScale11x lxc talk
Scale11x lxc talk
 
Linux introduction (eng)
Linux introduction (eng)Linux introduction (eng)
Linux introduction (eng)
 
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup SunnyvaleIntroduction to Docker (and a bit more) at LSPE meetup Sunnyvale
Introduction to Docker (and a bit more) at LSPE meetup Sunnyvale
 
.ppt
.ppt.ppt
.ppt
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Introduction to Linux
Introduction to LinuxIntroduction to Linux
Introduction to Linux
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
OSDC 2016 - Interesting things you can do with ZFS by Allan Jude&Benedict Reu...
OSDC 2016 - Interesting things you can do with ZFS by Allan Jude&Benedict Reu...OSDC 2016 - Interesting things you can do with ZFS by Allan Jude&Benedict Reu...
OSDC 2016 - Interesting things you can do with ZFS by Allan Jude&Benedict Reu...
 
Docker intro
Docker introDocker intro
Docker intro
 
Linux
Linux Linux
Linux
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
All Things Open 2015: DOCKER: EVERYTHING YOU SHOULD KNOW
All Things Open 2015: DOCKER: EVERYTHING YOU SHOULD KNOWAll Things Open 2015: DOCKER: EVERYTHING YOU SHOULD KNOW
All Things Open 2015: DOCKER: EVERYTHING YOU SHOULD KNOW
 
Introduction to Linux for bioinformatics
Introduction to Linux for bioinformaticsIntroduction to Linux for bioinformatics
Introduction to Linux for bioinformatics
 
Docker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing Meetup
 
linux.pdf
linux.pdflinux.pdf
linux.pdf
 
Foss Presentation
Foss PresentationFoss Presentation
Foss Presentation
 
Linux
LinuxLinux
Linux
 

Mais de Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDocker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices WorldDocker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with DockerDocker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog ScaleDocker, Inc.
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDocker, Inc.
 

Mais de Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Último

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Último (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Docker storage drivers by Jérôme Petazzoni

  • 1. Deep dive into Docker storage drivers * Jérôme Petazzoni - @jpetazzo Docker - @docker 1 / 71
  • 2. Not so deep dive into Docker storage drivers * Jérôme Petazzoni - @jpetazzo Docker - @docker 2 / 71
  • 3. Who am I? @jpetazzo Tamer of Unicorns and Tinkerer Extraordinaire¹ Grumpy French DevOps person who loves Shell scripts Go Away Or I Will Replace You Wiz Le Very Small Shell Script Some experience with containers (built and operated the dotCloud PaaS) ¹ At least one of those is actually on my business card 3 / 71
  • 4. Outline Extremely short intro to Docker Short intro to copy-on-write History of Docker storage drivers AUFS, BTRFS, Device Mapper, Overlayfs, VFS Conclusions 4 / 71
  • 5. Extremely short intro to Docker 5 / 71
  • 6. What's Docker? A platform made of the Docker Engine and the Docker Hub The Docker Engine is a runtime for containers It's Open Source, and written in Go http://www.slideshare.net/jpetazzo/docker-and-go-why-did-we-decide-to-write-docker-in-go It's a daemon, controlled by a REST-ish API What is this, I don't even?!? Check the recording of this online "Docker 101" session: https://www.youtube.com/watch?v=pYZPd78F4q4 6 / 71
  • 7. If you've never seen Docker in action ... This will help! jpetazzo@tarrasque:~$dockerrun-tipythonbash root@75d4bf28c8a5:/#pipinstallIPython Downloading/unpackingIPython Downloadingipython-2.3.1-py3-none-any.whl(2.8MB):2.8MBdownloaded Installingcollectedpackages:IPython SuccessfullyinstalledIPython Cleaningup... root@75d4bf28c8a5:/#ipython Python3.4.2(default,Jan222015,07:33:45) Type"copyright","credits"or"license"formoreinformation. IPython2.3.1--AnenhancedInteractivePython. ? ->IntroductionandoverviewofIPython'sfeatures. %quickref->Quickreference. help ->Python'sownhelpsystem. object? ->Detailsabout'object',use'object??'forextradetails. In[1]: 7 / 71
  • 8. What happened here? We created a container (~lightweight virtual machine), with its own: filesystem (based initially on a pythonimage) network stack process space We started with a bashprocess (no init, no systemd, no problem) We installed IPython with pip, and ran it 8 / 71
  • 9. What did not happen here? We did not make a full copy of the pythonimage The installation was done in the container, not the image: We did not modify the pythonimage itself We did not affect any other container (currently using this image or any other image) 9 / 71
  • 10. How is this important? We used a copy-on-write mechanism (Well, Docker took care of it for us) Instead of making a full copy of the pythonimage, keep track of changes between this image and our container Huge disk space savings (1 container = less than 1 MB) Huge time savings (1 container = less than 0.1s to start) 10 / 71
  • 11. Short intro to copy-on-write 11 / 71
  • 12. History Warning: I'm not a computer historian. Those random bits are not exhaustive. 12 / 71
  • 13. Copy-on-write for memory (RAM) fork()(process creation) Create a new process quickly ... even if it's using many GBs of RAM Actively used by e.g. Redis SAVE, to obtain consistent snapshots mmap()(mapped files) with MAP_PRIVATE Changes are visible only to current process Private maps are fast, even on huge files Granularity: 1 page at a time (generally 4 KB) 13 / 71
  • 14. Copy-on-write for memory (RAM) How does it work? Thanks to the MMU! (Memory Management Unit) Each memory access goes through it Translates memory accesses (location¹ + operation²) into: actual physical location or, alternatively, a page fault ¹ Location = address = pointer ² Operation = read, write, or exec 14 / 71
  • 15. Page faults When a page faults occurs, the MMU notifies the OS. Then what? Access to non-existent memory area = SIGSEGV (a.k.a. "Segmentation fault" a.k.a. "Go and learn to use pointers") Access to swapped-out memory area = load it from disk (a.k.a. "My program is now 1000x slower") Write attempt to code area = seg fault (sometimes) Write attempt to copy area = deduplication operation Then resume the initial operation as if nothing happened Can also catch execution attempt in no-exec area (e.g. stack, to protect against some exploits) 15 / 71
  • 16. Copy-on-write for storage (disk) Initially used (I think) for snapshots (E.g. to take a consistent backup of a busy database, making sure that nothing was modified between the beginning and the end of the backup) Initially available (I think) on external storage (NAS, SAN) (Because It's Complicated) 16 / 71
  • 17. Copy-on-write for storage (disk) Initially used (I think) for snapshots (E.g. to take a consistent backup of a busy database, making sure that nothing was modified between the beginning and the end of the backup) Initially available (I think) on external storage (NAS, SAN) (Because It's Complicated) Suddenly, Wild CLOUD appeared! 17 / 71
  • 18. Thin provisioning for VMs¹ Put system image on copy-on-write storage For each machine¹, create copy-on-write instance If the system image contains a lot of useful software, people will almost never need to install extra stuff Each extra machine will only need disk space for data! WIN $$$ (And performance, too, because of caching) ¹ Not only VMs, but also physical machines with netboot, and containers! 18 / 71
  • 19. Modern copy-on-write on your desktop (In no specific order; non-exhaustive list) LVM (Logical Volume Manager) on Linux ZFS on Solaris, then FreeBSD, Linux ... BTRFS on Linux AUFS, UnionMount, overlayfs ... Virtual disks in VM hypervisors 19 / 71
  • 20. Copy-on-write and Docker: a love story Without copy-on-write... it would take forever to start a container containers would use up a lot of space Without copy-on-write "on your desktop"... Docker would not be usable on your Linux machine There would be no Docker at all. And no meet-up here tonight. And we would all be shaving yaks instead. ☹ 20 / 71
  • 21. Thank you: Junjiro R. Okajima (and other AUFS contributors) Chris Mason (and other BTRFS contributors) Jeff Bonwick, Matt Ahrens (and other ZFS contributors) Miklos Szeredi (and other overlayfs contributors) The many contributors to Linux device mapper, thinp target, etc. ... And all the other giants whose shoulders we're sitting on top of, basically 21 / 71
  • 22. History of Docker storage drivers 22 / 71
  • 23. First came AUFS Docker used to be dotCloud (PaaS, like Heroku, Cloud Foundry, OpenShift...) dotCloud started using AUFS in 2008 (with vserver, then OpenVZ, then LXC) Great fit for high density, PaaS applications (More on this later!) 23 / 71
  • 24. AUFS is not perfect Not in mainline kernel Applying the patches used to be exciting ... especially in combination with GRSEC ... and other custom fancery like setns() 24 / 71
  • 25. But some people believe in AUFS! dotCloud, obviously Debian and Ubuntu use it in their default kernels, for Live CD and similar use cases: Your root filesystem is a copy-on-write between - the read-only media (CD, DVD...) - and a read-write media (disk, USB stick...) As it happens, we also ♥ Debian and Ubuntu very much First version of Docker is targeted at Ubuntu (and Debian) 25 / 71
  • 26. Then, some people started to believe in Docker Red Hat users demanded Docker on their favorite distro Red Hat Inc. wanted to make it happen ... and contributed support for the Device Mapper driver ... then the BTRFS driver ... then the overlayfs driver Note: other contributors also helped tremendously! 26 / 71
  • 27. Special thanks: Alexander Larsson Vincent Batts + all the other contributors and maintainers, of course (But those two guys have played an important role in the initial support, then maintenance, of the BTRFS, Device Mapper, and overlay drivers. Thanks again!) 27 / 71
  • 28. Let's see each storage driver in action 28 / 71
  • 30. In Theory Combine multiple branches in a specific order Each branch is just a normal directory You generally have: at least one read-only branch (at the bottom) exactly one read-write branch (at the top) (But other fun combinations are possible too!) 30 / 71
  • 31. When opening a file... With O_RDONLY- read-only access: look it up in each branch, starting from the top open the first one we find With O_WRONLYor O_RDWR- write access: look it up in the top branch; if it's found here, open it otherwise, look it up in the other branches; if we find it, copy it to the read-write (top) branch, then open the copy That "copy-up" operation can take a while if the file is big! 31 / 71
  • 32. When deleting a file... A whiteout file is created (if you know the concept of "tombstones", this is similar) #dockerrunubunturm/etc/shadow #ls-la/var/lib/docker/aufs/diff/$(dockerps--no-trunc-lq)/etc total8 drwxr-xr-x2rootroot4096Jan2715:36. drwxr-xr-x5rootroot4096Jan2715:36.. -r--r--r--2rootroot 0Jan2715:36.wh.shadow 32 / 71
  • 33. In Practice The AUFS mountpoint for a container is /var/lib/docker/aufs/mnt/$CONTAINER_ID/ It is only mounted when the container is running The AUFS branches (read-only and read-write) are in /var/lib/docker/aufs/diff/$CONTAINER_OR_IMAGE_ID/ All writes go to /var/lib/docker dockerhost#df-h/var/lib/docker Filesystem Size UsedAvailUse%Mountedon /dev/xvdb 15G 4.8G 9.5G 34%/mnt 33 / 71
  • 34. Under the hood To see details about an AUFS mount: look for its internal ID in /proc/mounts look in /sys/fs/aufs/si_.../br* each branch (except the two top ones) translates to an image 34 / 71
  • 35. Example dockerhost#grepc7af/proc/mounts none/mnt/.../c7af...a63daufsrw,relatime,si=2344a8ac4c6c6e5500 dockerhost#grep./sys/fs/aufs/si_2344a8ac4c6c6e55/br[0-9]* /sys/fs/aufs/si_2344a8ac4c6c6e55/br0:/mnt/c7af...a63d=rw /sys/fs/aufs/si_2344a8ac4c6c6e55/br1:/mnt/c7af...a63d-init=ro+wh /sys/fs/aufs/si_2344a8ac4c6c6e55/br2:/mnt/b39b...a462=ro+wh /sys/fs/aufs/si_2344a8ac4c6c6e55/br3:/mnt/615c...520e=ro+wh /sys/fs/aufs/si_2344a8ac4c6c6e55/br4:/mnt/8373...cea2=ro+wh /sys/fs/aufs/si_2344a8ac4c6c6e55/br5:/mnt/53f8...076f=ro+wh /sys/fs/aufs/si_2344a8ac4c6c6e55/br6:/mnt/5111...c158=ro+wh dockerhost#dockerinspect--format{{.Image}}c7af b39b81afc8cae27d6fc7ea89584bad5e0ba792127597d02425eaee9f3aaaa462 dockerhost#dockerhistory-qb39b b39b81afc8ca 615c102e2290 837339b91538 53f858aaaf03 511136ea3c5a 35 / 71
  • 36. Performance, tuning AUFS mount()is fast, so creation of containers is quick Read/write access has native speeds But initial open()is expensive in two scenarios: when writing big files (log files, databases ...) with many layers + many directories in PATH (dynamic loading, anyone?) Protip: when we built dotCloud, we ended up putting all important data on volumes When starting the same container 1000x, the data is loaded only once from disk, and cached only once in memory (but dentrieswill be duplicated) 36 / 71
  • 38. Preamble Device Mapper is a complex subsystem; it can do: RAID encrypted devices snapshots (i.e. copy-on-write) and some other niceties In the context of Docker, "Device Mapper" means "the Device Mapper system + its thin provisioning target" (sometimes noted "thinp") 38 / 71
  • 39. In theory Copy-on-write happens on the block level (instead of the file level) Each container and each image gets its own block device At any given time, it is possible to take a snapshot: of an existing container (to create a frozen image) of an existing image (to create a container from it) If a block has never been written to: it's assumed to be all zeros it's not allocated on disk (hence "thin" provisioning) 39 / 71
  • 40. In practice The mountpoint for a container is /var/lib/docker/devicemapper/mnt/$CONTAINER_ID/ It is only mounted when the container is running The data is stored in two files, "data" and "metadata" (More on this later) Since we are working on the block level, there is not much visibility on the diffs between images and containers 40 / 71
  • 41. Under the hood dockerinfowill tell you about the state of the pool (used/available space) List devices with dmsetupls Device names are prefixed with docker-MAJ:MIN-INO MAJ, MIN, and INO are derived from the block major, block minor, and inode number where the Docker data is located (to avoid conflict when running multiple Docker instances, e.g. with Docker-in-Docker) Get more info about them with dmsetupinfo, dmsetupstatus (you shouldn't need this, unless the system is badly borked) Snapshots have an internal numeric ID /var/lib/docker/devicemapper/metadata/$CONTAINER_OR_IMAGE_ID is a small JSON file tracking the snapshot ID and its size 41 / 71
  • 42. Extra details Two storage areas are needed: one for data, another for metadata "data" is also called the "pool"; it's just a big pool of blocks (Docker uses the smallest possible block size, 64 KB) "metadata" contains the mappings between virtual offsets (in the snapshots) and physical offsets (in the pool) Each time a new block (or a copy-on-write block) is written, a block is allocated from the pool When there are no more blocks in the pool, attempts to write will stall until the pool is increased (or the write operation aborted) 42 / 71
  • 43. Performance By default, Docker puts data and metadata on a loop device backed by a sparse file This is great from a usability point of view (zero configuration needed) But terrible from a performance point of view: each time a container writes to a new block, a block has to be allocated from the pool, and when it's written to, a block has to be allocated from the sparse file, and sparse file performance isn't great anyway 43 / 71
  • 44. Tuning Do yourself a favor: if you use Device Mapper, put data (and metadata) on real devices! stop Docker change parameters wipe out /var/lib/docker(important!) restart Docker docker-d--storage-optdm.datadev=/dev/sdb1--storage-optdm.metadatadev=/dev/sdc1 44 / 71
  • 45. More tuning Each container gets its own block device with a real FS on it So you can also adjust (with --storage-opt): filesystem type filesystem size discard(more on this later) Caveat: when you start 1000x containers, the files will be loaded 1000x from disk! 45 / 71
  • 48. In theory Do the whole "copy-on-write" thing at the filesystem level Create¹ a "subvolume" (imagine mkdirwith Super Powers) Snapshot¹ any subvolume at any given time BTRFS integrates the snapshot and block pool management features at the filesystem level, instead of the block device level ¹ This can be done with the btrfstool. 48 / 71
  • 49. In practice /var/lib/dockerhas to be on a BTRFS filesystem! The BTRFS mountpoint for a container or an image is /var/lib/docker/btrfs/subvolumes/$CONTAINER_OR_IMAGE_ID/ It should be present even if the container is not running Data is not written directly, it goes to the journal first (in some circumstances¹, this will affect performance) ¹ E.g. uninterrupted streams of writes. The performance will be half of the "native" performance. 49 / 71
  • 50. Under the hood BTRFS works by dividing its storage in chunks A chunk can contain meta or metadata You can run out of chunks (and get Nospacelefton device) even though dfshows space available (because the chunks are not full) Quick fix: #btrfsfilesysbalancestart-dusage=1/var/lib/docker 50 / 71
  • 51. Performance, tuning Not much to tune Keep an eye on the output of btrfsfilesysshow! This filesystem is doing fine: #btrfsfilesysshow Label:none uuid:80b37641-4f4a-4694-968b-39b85c67b934 Totaldevices1FSbytesused4.20GiB devid 1size15.25GiBused6.04GiBpath/dev/xvdc This one, however, is full (no free chunk) even though there is not that much data on it: #btrfsfilesysshow Label:none uuid:de060d4c-99b6-4da0-90fa-fb47166db38b Totaldevices1FSbytesused2.51GiB devid 1size87.50GiBused87.50GiBpath/dev/xvdc 51 / 71
  • 53. Preamble What with the grayed fs? It used to be called (and have filesystem type) overlayfs When it was merged in 3.18, this was changed to overlay 53 / 71
  • 54. In theory This is just like AUFS, with minor differences: only two branches (called "layers") but branches can be overlays themselves 54 / 71
  • 55. In practice You need kernel 3.18 On Ubuntu¹: go to http://kernel.ubuntu.com/~kernel-ppa/mainline/ locate the most recent directory, e.g. v3.18.4-vidi download the linux-image-..._amd64.debfile dpkg-ithat file, reboot, enjoy ¹ Adapatation to other distros left as an exercise for the reader. 55 / 71
  • 56. Under the hood Images and containers are materialized under /var/lib/docker/overlay/$ID_OF_CONTAINER_OR_IMAGE Images just have a rootsubdirectory (containing the root FS) Containers have: lower-id→ file containing the ID of the image merged/→ mount point for the container (when running) upper/→ read-write layer for the container work/→ temporary space used for atomic copy-up 56 / 71
  • 57. Performance, tuning Implementation detail: identical files are hardlinked between images (this avoids doing composed overlays) Not much to tune at this point Performance should be slightly better than AUFS: no stat()explosion good memory use slow copy-up, still (nobody's perfect) 57 / 71
  • 59. In theory No copy on write. Docker does a full copy each time! Doesn't rely on those fancy-pesky kernel features Good candidate when porting Docker to new platforms (think FreeBSD, Solaris...) Space inefficient, slow 59 / 71
  • 60. In practice Might be useful for production setups (If you don't want / cannot use volumes, and don't want / cannot use any of the copy-on-write mechanisms!) 60 / 71
  • 62. The nice thing about Docker storage drivers, is that there are so many of them to choose from. 62 / 71
  • 63. What do, what do? If you do PaaS or other high-density environment: AUFS (if available on your kernel) overlayfs (otherwise) If you put big writable files on the CoW filesystem: BTRFS or Device Mapper (pick the one you know best) Wait, really, you want me to pick one!?! 63 / 71
  • 65. The best storage driver to run your production will be the one with which you and your team have the most extensive operational experience. 65 / 71
  • 67. TRIM Command sent to a SSD disk, to tell it: "that block is not in use anymore" Useful because on SSD, erase is very expensive (slow) Allows the SSD to pre-erase cells in advance (rather than on-the-fly, just before a write) Also meaningful on copy-on-write storage (if/when every snapshots as trimmed a block, it can be freed) 67 / 71
  • 68. discard Filesystem option meaning: "can I has TRIMon this pls" Can be enabled/disabled at any time Filesystem can also be trimmed manually with fstrim (even while mounted) 68 / 71
  • 69. The discardquandary discardworks on Device Mapper + loopback devices ... but is particularly slow on loopback devices (the loopback file needs to be "re-sparsified" after container or image deletion, and this is a slow operation) You can turn it on or off depending on your preference 69 / 71
  • 71. Questions? To get those slides, follow me on twitter: @jpetazzo Yes, this is a particularly evil scheme to increase my follower count Also WE ARE HIRING! infrastructure (servers, metal, and stuff) QA (get paid to break things!) Python (Docker Hub and more) Go (Docker Engine and more) Rumor says Docker UK office might be hiring but what do I know! (I know nothing, except that you should send your resume to jobs@docker.com) 71 / 71