SlideShare uma empresa Scribd logo

LXC on Ganeti

K
kawamuray

LXC on Ganeti session @ GanetiCon2014

Software
1 de 32
Baixar para ler offline
LXC on Ganeti Yuto Kawamura(kawamuray) Email: kawamuray.dadada@gmail.com
Google summer of Code ● Global program that offers students stipends to write code for open source projects ● 4420 students ● 6313 proposals ● (don’t know how much of them were accepted)
Improve LXC support ● Project accepted by Ganeti on Google Summer of Code 2014 ● Objective ○ Improve LXC support on Ganeti ○ Fix existing broken implementation ○ Add unit tests ○ Setup QA ○ Add additional features ● Mentored by Hrvoje Ribicic
LXC ● An userspace interface for the Linux kernel containment features ● Operating System level virtualization ● Composed by two Linux kernel features ○ Namespace - Isolation for pid, ipc, mount, net, user between containers and the host ○ Cgroup - Hardware resource limitation
× Console × Reboot(soft) × Memory ballooning ✔ Network(veth) × Migration(stopped) × Migration(live) △ Verification LXC version: any Before and After ✔ Console ✔ Reboot(soft) ✔ Memory ballooning ✔ Network(veth) △ Migration(stopped) × Migration(live) ✔ Verification LXC version: >= 1.0.0
● cpu_mask: Cpu mask. Same as other hypervisors but no support for vcpus pinning ● lxc_cgroup_use: Cgroup subsystems list. Correspond to lxc.cgroup.use configuration parameter ● lxc_devices: The list of devices ACL. ● lxc_drop_capabilities: List of capabilities which should be dropped for an instance. ● lxc_tty: Number of ttys(ptys) created for an instance. ● lxc_startup_wait: Time to wait until a daemonized instance state changed to RUNNING. Parameters
Parameters ● lxc_extra_config: For extra configuration parameters ○ Separating by comma is problem ○ Planning to introduce a functionality to read the value from a file
How to try? 1. Enable cgroup subsystems(if needed) a. cpuset, memory, devices, cpuacct b. Debian: Need “cgroup_enable=memory” in kernel argument 2. Install LXC >= 1.0.0 3. Check your kernel configuration $ sudo lxc-checkconfig --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Multiple /dev/pts instances: enabled ...
4. 5. 6. How to try? gnt-cluster modify --enabled-hypervisors=kvm,lxc # enable lxc hv --nic-parameters mode=bridge,link=br0 # your brdige interface gnt-cluster verify # Checks your environment by LXC hypervisor gnt-instance add -H lxc # use LXC hypervisor! -o debootstrap+default -t drbd -s 8G lxc-instance1.ganeti ↑ will automatically modify the fstab of the instance to make it proper for the LXC container(riba is working for it) It’s all! Easy right?
● Log file Tips - How to debug? ○ $PREFIX/var/log/ganeti/lxc/<instance name>.<instance uuid>.log ■ Logs from lxc-start command ■ Mainly used when your instance didn’t started ○ $PREFIX/var/run/ganeti/lxc/<instance name>.console ■ Logs from processes inside the container(init, rc, etc.) ■ See when you cannot use `gnt-instance console …`
Implementations
Basic policy ● LXC containers are managed by command line tools ○ lxc-start, lxc-stop, lxc-ls, lxc-info … ● Not using lxc python library(written in python3)
Instance Start 1. lxc-start -n <instance name> … -f $PREFIX/var/run/ganeti/lxc/<instance name>.conf 2. lxc-wait -n <instance name> -s RUNNING a. with timeout specified by the lxc_startup_wait hvparam
Instance Stop ● Soft shutdown ○ lxc-stop --nokill -n <instance name> ■ Send SIGPWR to the init ● Overwritable with lxc.haltsignal ■ Wait until init exits ● Hard(forced) shutdown ○ lxc-stop --kill -n <instance name> ■ Send SIGKILL to the init ■ Container killed without normal shutting down process
Instance Reboot ● Soft reboot ○ lxc-stop --reboot -n <instance name> ■ Send SIGINT to the init ○ Requires CAP_SYS_BOOT ● Hard rebot ○ Same as other hypervisors ■ soft shutdown && start
Memory ballooning ● Use Cgroup memory subsystem ● memory.limit_in_bytes ● memory.memsw.limit_in_bytes ● Shrinking memory will fail if the kernel can’t reclaim memory from processes inside the container
Cgroup filesystem ● Differences between distributions/rc system 1. Search /proc/mounts for line having type == cgroup && <subsystem> in options 2. If not found, do: mount -t cgroup -o <subsystem> <subsystem> $PREFIX/var/run/lxc/cgroup/<subsystem>
Storage mount ● LXC can’t handle raw storage device ● Need to prepare per-pertition(mountable) device file for a LXC rootfs ● Use kpartx(1) ○ Create device maps for over partitions segments detected ○ Suppose every environment have it(because OS scripts uses it) kpartx -a /dev/drbdX /dev/loopY /dev/mapper/loopYp1 /dev/mapper/loopYp1 Per-partition device files
Storage mount ● Use first partition as a rootfs ○ lxc.rootfs = /dev/mapper/loopNp1 ● You may have to increase the number of max_loop
Quality ● Tested on Debian Linux/Gentoo Linux with LXC 1.0.0 and 1.0.5 ● Passed basic QA but … ● Need more example of use ● Possibly contains platform(distribution) related problems ○ especially around the cgroup
What’s next?
Future candidates ● Two level isolation(IOW, containers inside a Virtual Machine) ● LXC instance migration
Two level isolation KVM1 for userA Container 1 Container 2 Container 3 KVM2 for userB Container 1 Container 2 Hardware/OS Container 3 level Isolation noded with attribute? noded with attribute?
Instance Migration ● LXC has no migration functionality ● Have to implement it on our own
Checkpoint/Restore ● Implemented by project CRIU (http://criu.org/) ● Able to dump a running processes into serialized images ○ Serialized in protocol buffers format /path/to/checkpoint/dir ----- Memory image ----- Namespaces info ----- File descriptors ----- Cgroup info ----- TCP sockets ----- Network informations
lxc-checkpoint
LXC migration Source host Destination host /dev/loopX drbd drbd /dev/loopX LXC instance 4. lxc-checkpoint -r ... 2. Transfer images via rsync(or what ever) 1. lxc-checkpoint ... LXC instance Checkpoint images Checkpoint images 3. Create partition mapping 5. Destroy partition mapping
Instance migration ● Already have working implementation ○ https://github.com/kawamuray/ganeti/commits/topic-lxc-migration ● but … ○ its temporaily implementation ○ still have lot of restrictions ○ requires patched criu ■ https://github.com/kawamuray/criu ○ requires patched lxc ■ https://github.com/kawamuray/lxc ● will be solved soon(by sending patches to originals and by fixing implementation)
Demo
We really want ● Example of use ○ on many platforms(Debian, RHEL6/7, …) ● Bug report ● Realistic use case ● Desired functionality ○ possibly I can handle it from both Ganeti and LXC aspect
Special thanks to Riba For your great mentorship!
Questions? Opinions? Ideas? Requests?

Recomendados

Small, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeSmall, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeDocker, Inc.
 
pgDay Asia 2016 - Swapping Pacemaker-Corosync for repmgr (1)
pgDay Asia 2016 - Swapping Pacemaker-Corosync for repmgr (1)pgDay Asia 2016 - Swapping Pacemaker-Corosync for repmgr (1)
pgDay Asia 2016 - Swapping Pacemaker-Corosync for repmgr (1)Wei Shan Ang
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
How to Troubleshoot OpenStack Without Losing Sleep
How to Troubleshoot OpenStack Without Losing SleepHow to Troubleshoot OpenStack Without Losing Sleep
How to Troubleshoot OpenStack Without Losing SleepSadique Puthen
 
Red hat lvm cheatsheet
Red hat lvm cheatsheetRed hat lvm cheatsheet
Red hat lvm cheatsheetPrakash Ghosh
 
Troubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentTroubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentSadique Puthen
 
FreeBSD and Drivers
FreeBSD and DriversFreeBSD and Drivers
FreeBSD and DriversKernel TLV
 
Percona Toolkit for Effective MySQL Administration
Percona Toolkit for Effective MySQL AdministrationPercona Toolkit for Effective MySQL Administration
Percona Toolkit for Effective MySQL AdministrationMydbops
 

Recomendados

Small, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeSmall, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the MicroscopeDocker, Inc.
 
pgDay Asia 2016 - Swapping Pacemaker-Corosync for repmgr (1)
pgDay Asia 2016 - Swapping Pacemaker-Corosync for repmgr (1)pgDay Asia 2016 - Swapping Pacemaker-Corosync for repmgr (1)
pgDay Asia 2016 - Swapping Pacemaker-Corosync for repmgr (1)Wei Shan Ang
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
How to Troubleshoot OpenStack Without Losing Sleep
How to Troubleshoot OpenStack Without Losing SleepHow to Troubleshoot OpenStack Without Losing Sleep
How to Troubleshoot OpenStack Without Losing SleepSadique Puthen
 
Red hat lvm cheatsheet
Red hat lvm cheatsheetRed hat lvm cheatsheet
Red hat lvm cheatsheetPrakash Ghosh
 
Troubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentTroubleshooting containerized triple o deployment
Troubleshooting containerized triple o deploymentSadique Puthen
 
FreeBSD and Drivers
FreeBSD and DriversFreeBSD and Drivers
FreeBSD and DriversKernel TLV
 
Percona Toolkit for Effective MySQL Administration
Percona Toolkit for Effective MySQL AdministrationPercona Toolkit for Effective MySQL Administration
Percona Toolkit for Effective MySQL AdministrationMydbops
 
Testing Wi-Fi with OSS Tools
Testing Wi-Fi with OSS ToolsTesting Wi-Fi with OSS Tools
Testing Wi-Fi with OSS ToolsAll Things Open
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetesTed Jung
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)DongHyeon Kim
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...
What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...
What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...ScaleGrid.io
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first moduleredivy
 
Docker / Ansible
Docker / AnsibleDocker / Ansible
Docker / AnsibleStephane Manciot
 
Docker on openstack by OpenSource Consulting
Docker on openstack by OpenSource ConsultingDocker on openstack by OpenSource Consulting
Docker on openstack by OpenSource ConsultingOpen Source Consulting
 
Make Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsMake Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsKernel TLV
 
Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Kernel TLV
 
Deploying MongoDB sharded clusters easily with Terraform and Ansible
Deploying MongoDB sharded clusters easily with Terraform and AnsibleDeploying MongoDB sharded clusters easily with Terraform and Ansible
Deploying MongoDB sharded clusters easily with Terraform and AnsibleAll Things Open
 
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky HaryadiPGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky HaryadiEqunix Business Solutions
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsDocker, Inc.
 
Couch to OpenStack: Nova - July, 30, 2013
Couch to OpenStack: Nova - July, 30, 2013Couch to OpenStack: Nova - July, 30, 2013
Couch to OpenStack: Nova - July, 30, 2013Trevor Roberts Jr.
 
Cinder Live Migration and Replication - OpenStack Summit Austin
Cinder Live Migration and Replication - OpenStack Summit AustinCinder Live Migration and Replication - OpenStack Summit Austin
Cinder Live Migration and Replication - OpenStack Summit AustinEd Balduf
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
Coredns nodecache - A highly-available Node-cache DNS server
Coredns nodecache - A highly-available Node-cache DNS serverCoredns nodecache - A highly-available Node-cache DNS server
Coredns nodecache - A highly-available Node-cache DNS serverYann Hamon
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debugginglibfetion
 
Apache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatApache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatJean-Frederic Clere
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveNeutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveMirantis
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作kao kuo-tung
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Dobrica Pavlinušić
 

Mais conteúdo relacionado

Mais procurados

Testing Wi-Fi with OSS Tools
Testing Wi-Fi with OSS ToolsTesting Wi-Fi with OSS Tools
Testing Wi-Fi with OSS ToolsAll Things Open
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetesTed Jung
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)DongHyeon Kim
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...
What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...
What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...ScaleGrid.io
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first moduleredivy
 
Docker on openstack by OpenSource Consulting
Docker on openstack by OpenSource ConsultingDocker on openstack by OpenSource Consulting
Docker on openstack by OpenSource ConsultingOpen Source Consulting
 
Make Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsMake Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsKernel TLV
 
Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Kernel TLV
 
Deploying MongoDB sharded clusters easily with Terraform and Ansible
Deploying MongoDB sharded clusters easily with Terraform and AnsibleDeploying MongoDB sharded clusters easily with Terraform and Ansible
Deploying MongoDB sharded clusters easily with Terraform and AnsibleAll Things Open
 
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky HaryadiPGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky HaryadiEqunix Business Solutions
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsDocker, Inc.
 
Couch to OpenStack: Nova - July, 30, 2013
Couch to OpenStack: Nova - July, 30, 2013Couch to OpenStack: Nova - July, 30, 2013
Couch to OpenStack: Nova - July, 30, 2013Trevor Roberts Jr.
 
Cinder Live Migration and Replication - OpenStack Summit Austin
Cinder Live Migration and Replication - OpenStack Summit AustinCinder Live Migration and Replication - OpenStack Summit Austin
Cinder Live Migration and Replication - OpenStack Summit AustinEd Balduf
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
Coredns nodecache - A highly-available Node-cache DNS server
Coredns nodecache - A highly-available Node-cache DNS serverCoredns nodecache - A highly-available Node-cache DNS server
Coredns nodecache - A highly-available Node-cache DNS serverYann Hamon
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debugginglibfetion
 
Apache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatApache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatJean-Frederic Clere
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveNeutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveMirantis
 

Mais procurados (20)

Testing Wi-Fi with OSS Tools
Testing Wi-Fi with OSS ToolsTesting Wi-Fi with OSS Tools
Testing Wi-Fi with OSS Tools
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
 
Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)Kubernetes internals (Kubernetes 해부하기)
Kubernetes internals (Kubernetes 해부하기)
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architecture
 
What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...
What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...
What’s the Best PostgreSQL High Availability Framework? PAF vs. repmgr vs. Pa...
 
nginx: writing your first module
nginx: writing your first modulenginx: writing your first module
nginx: writing your first module
 
Docker / Ansible
Docker / AnsibleDocker / Ansible
Docker / Ansible
 
Docker on openstack by OpenSource Consulting
Docker on openstack by OpenSource ConsultingDocker on openstack by OpenSource Consulting
Docker on openstack by OpenSource Consulting
 
Make Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance ToolsMake Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance Tools
 
Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545Bypassing ASLR Exploiting CVE 2015-7545
Bypassing ASLR Exploiting CVE 2015-7545
 
Deploying MongoDB sharded clusters easily with Terraform and Ansible
Deploying MongoDB sharded clusters easily with Terraform and AnsibleDeploying MongoDB sharded clusters easily with Terraform and Ansible
Deploying MongoDB sharded clusters easily with Terraform and Ansible
 
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky HaryadiPGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
PGConf.ASIA 2019 - High Availability, 10 Seconds Failover - Lucky Haryadi
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel Developments
 
Couch to OpenStack: Nova - July, 30, 2013
Couch to OpenStack: Nova - July, 30, 2013Couch to OpenStack: Nova - July, 30, 2013
Couch to OpenStack: Nova - July, 30, 2013
 
Cinder Live Migration and Replication - OpenStack Summit Austin
Cinder Live Migration and Replication - OpenStack Summit AustinCinder Live Migration and Replication - OpenStack Summit Austin
Cinder Live Migration and Replication - OpenStack Summit Austin
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
Coredns nodecache - A highly-available Node-cache DNS server
Coredns nodecache - A highly-available Node-cache DNS serverCoredns nodecache - A highly-available Node-cache DNS server
Coredns nodecache - A highly-available Node-cache DNS server
 
Linux kernel debugging
Linux kernel debuggingLinux kernel debugging
Linux kernel debugging
 
Apache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and TomcatApache httpd reverse proxy and Tomcat
Apache httpd reverse proxy and Tomcat
 
Neutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep DiveNeutron Network Namespaces and IPtables--A Technical Deep Dive
Neutron Network Namespaces and IPtables--A Technical Deep Dive
 

Semelhante a LXC on Ganeti

Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作kao kuo-tung
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Dobrica Pavlinušić
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013dotCloud
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Docker, Inc.
 
Talk 160920 @ Cat System Workshop
Talk 160920 @ Cat System WorkshopTalk 160920 @ Cat System Workshop
Talk 160920 @ Cat System WorkshopQuey-Liang Kao
 
Linuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best PracticesLinuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best Practiceschristophm
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo..."Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...Yandex
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinušić
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xrkr10
 
Fedora Virtualization Day: Linux Containers & CRIU
Fedora Virtualization Day: Linux Containers & CRIUFedora Virtualization Day: Linux Containers & CRIU
Fedora Virtualization Day: Linux Containers & CRIUAndrey Vagin
 
2. Vagin. Linux containers. June 01, 2013
2. Vagin. Linux containers. June 01, 20132. Vagin. Linux containers. June 01, 2013
2. Vagin. Linux containers. June 01, 2013ru-fedora-moscow-2013
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQDocker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQJérôme Petazzoni
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Jérôme Petazzoni
 
Scaling Up Logging and Metrics
Scaling Up Logging and MetricsScaling Up Logging and Metrics
Scaling Up Logging and MetricsRicardo Lourenço
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introductionkanedafromparis
 
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kevin Lynch
 
Java and Containers - Make it Awesome !
Java and Containers - Make it Awesome !Java and Containers - Make it Awesome !
Java and Containers - Make it Awesome !Dinakar Guniguntala
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Jérôme Petazzoni
 

Semelhante a LXC on Ganeti (20)

Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
 
Talk 160920 @ Cat System Workshop
Talk 160920 @ Cat System WorkshopTalk 160920 @ Cat System Workshop
Talk 160920 @ Cat System Workshop
 
Linuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best PracticesLinuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best Practices
 
Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo..."Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloud
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12x
 
Fedora Virtualization Day: Linux Containers & CRIU
Fedora Virtualization Day: Linux Containers & CRIUFedora Virtualization Day: Linux Containers & CRIU
Fedora Virtualization Day: Linux Containers & CRIU
 
2. Vagin. Linux containers. June 01, 2013
2. Vagin. Linux containers. June 01, 20132. Vagin. Linux containers. June 01, 2013
2. Vagin. Linux containers. June 01, 2013
 
Containers @ Google
Containers @ GoogleContainers @ Google
Containers @ Google
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQDocker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9
 
Scaling Up Logging and Metrics
Scaling Up Logging and MetricsScaling Up Logging and Metrics
Scaling Up Logging and Metrics
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introduction
 
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
Kubernetes @ Squarespace (SRE Portland Meetup October 2017)
 
Java and Containers - Make it Awesome !
Java and Containers - Make it Awesome !Java and Containers - Make it Awesome !
Java and Containers - Make it Awesome !
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!
 

Mais de kawamuray

Kafka Multi-Tenancy - 160 Billion Daily Messages on One Shared Cluster at LINE
Kafka Multi-Tenancy - 160 Billion Daily Messages on One Shared Cluster at LINEKafka Multi-Tenancy - 160 Billion Daily Messages on One Shared Cluster at LINE
Kafka Multi-Tenancy - 160 Billion Daily Messages on One Shared Cluster at LINEkawamuray
 
Multitenancy: Kafka clusters for everyone at LINE
Multitenancy: Kafka clusters for everyone at LINEMultitenancy: Kafka clusters for everyone at LINE
Multitenancy: Kafka clusters for everyone at LINEkawamuray
 
LINE's messaging service architecture underlying more than 200 million monthl...
LINE's messaging service architecture underlying more than 200 million monthl...LINE's messaging service architecture underlying more than 200 million monthl...
LINE's messaging service architecture underlying more than 200 million monthl...kawamuray
 
Kafka meetup JP #3 - Engineering Apache Kafka at LINE
Kafka meetup JP #3 - Engineering Apache Kafka at LINEKafka meetup JP #3 - Engineering Apache Kafka at LINE
Kafka meetup JP #3 - Engineering Apache Kafka at LINEkawamuray
 
Monitoring Kafka w/ Prometheus
Monitoring Kafka w/ PrometheusMonitoring Kafka w/ Prometheus
Monitoring Kafka w/ Prometheuskawamuray
 
Docker + Checkpoint/Restore
Docker + Checkpoint/RestoreDocker + Checkpoint/Restore
Docker + Checkpoint/Restorekawamuray
 
Norikraでアプリログを集計してリアルタイムエラー通知 # Norikra meetup
Norikraでアプリログを集計してリアルタイムエラー通知 # Norikra meetupNorikraでアプリログを集計してリアルタイムエラー通知 # Norikra meetup
Norikraでアプリログを集計してリアルタイムエラー通知 # Norikra meetupkawamuray
 

Mais de kawamuray (7)

Kafka Multi-Tenancy - 160 Billion Daily Messages on One Shared Cluster at LINE
Kafka Multi-Tenancy - 160 Billion Daily Messages on One Shared Cluster at LINEKafka Multi-Tenancy - 160 Billion Daily Messages on One Shared Cluster at LINE
Kafka Multi-Tenancy - 160 Billion Daily Messages on One Shared Cluster at LINE
 
Multitenancy: Kafka clusters for everyone at LINE
Multitenancy: Kafka clusters for everyone at LINEMultitenancy: Kafka clusters for everyone at LINE
Multitenancy: Kafka clusters for everyone at LINE
 
LINE's messaging service architecture underlying more than 200 million monthl...
LINE's messaging service architecture underlying more than 200 million monthl...LINE's messaging service architecture underlying more than 200 million monthl...
LINE's messaging service architecture underlying more than 200 million monthl...
 
Kafka meetup JP #3 - Engineering Apache Kafka at LINE
Kafka meetup JP #3 - Engineering Apache Kafka at LINEKafka meetup JP #3 - Engineering Apache Kafka at LINE
Kafka meetup JP #3 - Engineering Apache Kafka at LINE
 
Monitoring Kafka w/ Prometheus
Monitoring Kafka w/ PrometheusMonitoring Kafka w/ Prometheus
Monitoring Kafka w/ Prometheus
 
Docker + Checkpoint/Restore
Docker + Checkpoint/RestoreDocker + Checkpoint/Restore
Docker + Checkpoint/Restore
 
Norikraでアプリログを集計してリアルタイムエラー通知 # Norikra meetup
Norikraでアプリログを集計してリアルタイムエラー通知 # Norikra meetupNorikraでアプリログを集計してリアルタイムエラー通知 # Norikra meetup
Norikraでアプリログを集計してリアルタイムエラー通知 # Norikra meetup
 

Último

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....ShaimaaMohamedGalal
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 

Último (20)

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Clustering techniques data mining book ....
Clustering techniques data mining book ....Clustering techniques data mining book ....
Clustering techniques data mining book ....
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 

LXC on Ganeti

  • 1. LXC on Ganeti Yuto Kawamura(kawamuray) Email: kawamuray.dadada@gmail.com
  • 2. Google summer of Code ● Global program that offers students stipends to write code for open source projects ● 4420 students ● 6313 proposals ● (don’t know how much of them were accepted)
  • 3. Improve LXC support ● Project accepted by Ganeti on Google Summer of Code 2014 ● Objective ○ Improve LXC support on Ganeti ○ Fix existing broken implementation ○ Add unit tests ○ Setup QA ○ Add additional features ● Mentored by Hrvoje Ribicic
  • 4. LXC ● An userspace interface for the Linux kernel containment features ● Operating System level virtualization ● Composed by two Linux kernel features ○ Namespace - Isolation for pid, ipc, mount, net, user between containers and the host ○ Cgroup - Hardware resource limitation
  • 5. × Console × Reboot(soft) × Memory ballooning ✔ Network(veth) × Migration(stopped) × Migration(live) △ Verification LXC version: any Before and After ✔ Console ✔ Reboot(soft) ✔ Memory ballooning ✔ Network(veth) △ Migration(stopped) × Migration(live) ✔ Verification LXC version: >= 1.0.0
  • 6. ● cpu_mask: Cpu mask. Same as other hypervisors but no support for vcpus pinning ● lxc_cgroup_use: Cgroup subsystems list. Correspond to lxc.cgroup.use configuration parameter ● lxc_devices: The list of devices ACL. ● lxc_drop_capabilities: List of capabilities which should be dropped for an instance. ● lxc_tty: Number of ttys(ptys) created for an instance. ● lxc_startup_wait: Time to wait until a daemonized instance state changed to RUNNING. Parameters
  • 7. Parameters ● lxc_extra_config: For extra configuration parameters ○ Separating by comma is problem ○ Planning to introduce a functionality to read the value from a file
  • 8. How to try? 1. Enable cgroup subsystems(if needed) a. cpuset, memory, devices, cpuacct b. Debian: Need “cgroup_enable=memory” in kernel argument 2. Install LXC >= 1.0.0 3. Check your kernel configuration $ sudo lxc-checkconfig --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Multiple /dev/pts instances: enabled ...
  • 9. 4. 5. 6. How to try? gnt-cluster modify --enabled-hypervisors=kvm,lxc # enable lxc hv --nic-parameters mode=bridge,link=br0 # your brdige interface gnt-cluster verify # Checks your environment by LXC hypervisor gnt-instance add -H lxc # use LXC hypervisor! -o debootstrap+default -t drbd -s 8G lxc-instance1.ganeti ↑ will automatically modify the fstab of the instance to make it proper for the LXC container(riba is working for it) It’s all! Easy right?
  • 10. ● Log file Tips - How to debug? ○ $PREFIX/var/log/ganeti/lxc/<instance name>.<instance uuid>.log ■ Logs from lxc-start command ■ Mainly used when your instance didn’t started ○ $PREFIX/var/run/ganeti/lxc/<instance name>.console ■ Logs from processes inside the container(init, rc, etc.) ■ See when you cannot use `gnt-instance console …`
  • 12. Basic policy ● LXC containers are managed by command line tools ○ lxc-start, lxc-stop, lxc-ls, lxc-info … ● Not using lxc python library(written in python3)
  • 13. Instance Start 1. lxc-start -n <instance name> … -f $PREFIX/var/run/ganeti/lxc/<instance name>.conf 2. lxc-wait -n <instance name> -s RUNNING a. with timeout specified by the lxc_startup_wait hvparam
  • 14. Instance Stop ● Soft shutdown ○ lxc-stop --nokill -n <instance name> ■ Send SIGPWR to the init ● Overwritable with lxc.haltsignal ■ Wait until init exits ● Hard(forced) shutdown ○ lxc-stop --kill -n <instance name> ■ Send SIGKILL to the init ■ Container killed without normal shutting down process
  • 15. Instance Reboot ● Soft reboot ○ lxc-stop --reboot -n <instance name> ■ Send SIGINT to the init ○ Requires CAP_SYS_BOOT ● Hard rebot ○ Same as other hypervisors ■ soft shutdown && start
  • 16. Memory ballooning ● Use Cgroup memory subsystem ● memory.limit_in_bytes ● memory.memsw.limit_in_bytes ● Shrinking memory will fail if the kernel can’t reclaim memory from processes inside the container
  • 17. Cgroup filesystem ● Differences between distributions/rc system 1. Search /proc/mounts for line having type == cgroup && <subsystem> in options 2. If not found, do: mount -t cgroup -o <subsystem> <subsystem> $PREFIX/var/run/lxc/cgroup/<subsystem>
  • 18. Storage mount ● LXC can’t handle raw storage device ● Need to prepare per-pertition(mountable) device file for a LXC rootfs ● Use kpartx(1) ○ Create device maps for over partitions segments detected ○ Suppose every environment have it(because OS scripts uses it) kpartx -a /dev/drbdX /dev/loopY /dev/mapper/loopYp1 /dev/mapper/loopYp1 Per-partition device files
  • 19. Storage mount ● Use first partition as a rootfs ○ lxc.rootfs = /dev/mapper/loopNp1 ● You may have to increase the number of max_loop
  • 20. Quality ● Tested on Debian Linux/Gentoo Linux with LXC 1.0.0 and 1.0.5 ● Passed basic QA but … ● Need more example of use ● Possibly contains platform(distribution) related problems ○ especially around the cgroup
  • 22. Future candidates ● Two level isolation(IOW, containers inside a Virtual Machine) ● LXC instance migration
  • 23. Two level isolation KVM1 for userA Container 1 Container 2 Container 3 KVM2 for userB Container 1 Container 2 Hardware/OS Container 3 level Isolation noded with attribute? noded with attribute?
  • 24. Instance Migration ● LXC has no migration functionality ● Have to implement it on our own
  • 25. Checkpoint/Restore ● Implemented by project CRIU (http://criu.org/) ● Able to dump a running processes into serialized images ○ Serialized in protocol buffers format /path/to/checkpoint/dir ----- Memory image ----- Namespaces info ----- File descriptors ----- Cgroup info ----- TCP sockets ----- Network informations
  • 27. LXC migration Source host Destination host /dev/loopX drbd drbd /dev/loopX LXC instance 4. lxc-checkpoint -r ... 2. Transfer images via rsync(or what ever) 1. lxc-checkpoint ... LXC instance Checkpoint images Checkpoint images 3. Create partition mapping 5. Destroy partition mapping
  • 28. Instance migration ● Already have working implementation ○ https://github.com/kawamuray/ganeti/commits/topic-lxc-migration ● but … ○ its temporaily implementation ○ still have lot of restrictions ○ requires patched criu ■ https://github.com/kawamuray/criu ○ requires patched lxc ■ https://github.com/kawamuray/lxc ● will be solved soon(by sending patches to originals and by fixing implementation)
  • 29. Demo
  • 30. We really want ● Example of use ○ on many platforms(Debian, RHEL6/7, …) ● Bug report ● Realistic use case ● Desired functionality ○ possibly I can handle it from both Ganeti and LXC aspect
  • 31. Special thanks to Riba For your great mentorship!