SlideShare ist ein Scribd-Unternehmen logo

Perl containers

Marian Marinov
Marian Marinov
Ingenieurwesen
1 von 16
Downloaden Sie, um offline zu lesen
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia Create your containers with PerlCreate your containers with Perl
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So first... Who am I?So first... Who am I?
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So first... Who am I?So first... Who am I? ➢ System Administrator at heartSystem Administrator at heart ➢ Teaching at Sofia UniversityTeaching at Sofia University ➢ Organizing events like this one...Organizing events like this one... ➢ CEO of 1H Ltd.CEO of 1H Ltd. ➢ CTO of GetClouderCTO of GetClouder ➢ Chief architect of Siteground.comChief architect of Siteground.com
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia The current state of containers ➢ LXC ➢ Docker ➢ lmctfy ➢ A bunch of other small implementations ➢ Build it your self
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia Root inside the containerRoot inside the container   ONLY WITH LXCONLY WITH LXC
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So why would you need a Perl implementation ➢ Patching LXC is writing in C... ➢ Writing in C is not very user friendly ➢ If most of your logic is already in Perl... ➢ Keep less moving blocks in your architecture
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So what the hell is a container? ➢ chroot ( isolate the directory tree ) ➢ unshare ( create new namespace(s) ) ➢ cgroups ( add limits ) ➢ drop capabilities (optional)
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia What do we have in Perl? ➢ Linux::Unshare ➢ Linux::Setns
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia What do we need? ➢ Linux::Capabilities ➢ Linux::Networking
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia What am I proposing? a toolkit ➢ pc-start ➢ pc-stop ➢ pc-restart ➢ pc-list ➢ pc-top ➢ pc-attach
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ pre-read-config hook ➢ read yaml config ➢ post-read-config ➢ prepare cgroup ➢ post-cgroup-setup hook ➢ fork ➢ prepare mount hook ➢ chroot ➢ post-chroot hook ➢ unshare ➢ post-unshare hook ➢ drop caps ➢ post-dropcaps hook ➢ setup networking ➢ post-networking hook ➢ fork -> exec init ➢ post init hook ➢ setup user mappings ➢ post usermap hook So let'sSo let's look inside thelook inside the implementationimplementation in depthin depth pc-startpc-start
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ pre-read-config hook ➢ read yaml config ➢ post-read-config ➢ check if there is a cgroup ➢ check if the cgroup is not empty ➢ check if the base device ➢ find a FD from one of the PIDs ➢ pre-attach hook ➢ setns ➢ execute bash -i pc-attachpc-attach
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ pre-read-config hook ➢ read yaml config ➢ post-read-config ➢ check if there is a cgroup ➢ check if the cgroup is empty ➢ do pc-attach ➢ execute halt pc-stoppc-stop
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ loop trough the configs ➢ check if the cgroup exists ➢ check if the cgroup is empty ➢ check if it has init running inside pc-listpc-list
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ Loop trough all the configs ➢ check if the cgroup exists ➢ check if the cgroup is not empty ➢ collect the following stats ➢ cpu usage ➢ memory usage ➢ I/O usage ➢ Network usage ➢ It should allow the admin to ➢ sort each by each resource ➢ handle signals ➢ configure the interface pc-toppc-top
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia http://github.com/hackman/azilian

Empfohlen

Vagrant + chef's cookbooks development environment like the production in f...
Vagrant + chef's cookbooks development environment like the production in f...Vagrant + chef's cookbooks development environment like the production in f...
Vagrant + chef's cookbooks development environment like the production in f...Tiago Butzke
 
vagrant-php
vagrant-phpvagrant-php
vagrant-phpdominikzogg
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsJean-Frederic Clere
 
Inspector - Node.js : Notes
Inspector - Node.js : NotesInspector - Node.js : Notes
Inspector - Node.js : NotesSubhajit Sahu
 
Skyfall b sides-c00-l-ed5-sp-2013
Skyfall b sides-c00-l-ed5-sp-2013Skyfall b sides-c00-l-ed5-sp-2013
Skyfall b sides-c00-l-ed5-sp-2013Mauro Risonho de Paula Assumpcao
 
What's so special about node.js
What's so special about node.jsWhat's so special about node.js
What's so special about node.jsGiancarlo Valente
 
containers-intro
containers-introcontainers-intro
containers-introJosef Karásek
 
libuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/olibuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/oSaúl Ibarra Corretgé
 

Empfohlen

Vagrant + chef's cookbooks development environment like the production in f...
Vagrant + chef's cookbooks development environment like the production in f...Vagrant + chef's cookbooks development environment like the production in f...
Vagrant + chef's cookbooks development environment like the production in f...Tiago Butzke
 
vagrant-php
vagrant-phpvagrant-php
vagrant-phpdominikzogg
 
Having fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsHaving fun with Raspberry(s) and Apache projects
Having fun with Raspberry(s) and Apache projectsJean-Frederic Clere
 
Inspector - Node.js : Notes
Inspector - Node.js : NotesInspector - Node.js : Notes
Inspector - Node.js : NotesSubhajit Sahu
 
Skyfall b sides-c00-l-ed5-sp-2013
Skyfall b sides-c00-l-ed5-sp-2013Skyfall b sides-c00-l-ed5-sp-2013
Skyfall b sides-c00-l-ed5-sp-2013Mauro Risonho de Paula Assumpcao
 
What's so special about node.js
What's so special about node.jsWhat's so special about node.js
What's so special about node.jsGiancarlo Valente
 
containers-intro
containers-introcontainers-intro
containers-introJosef Karásek
 
libuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/olibuv: cross platform asynchronous i/o
libuv: cross platform asynchronous i/oSaúl Ibarra Corretgé
 
Django & Buildout (en)
Django & Buildout (en)Django & Buildout (en)
Django & Buildout (en)zerok
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructureSergiy Kukunin
 
Wireshark OTG Extend your Wireshark with extcap.pdf
Wireshark OTG Extend your Wireshark with extcap.pdfWireshark OTG Extend your Wireshark with extcap.pdf
Wireshark OTG Extend your Wireshark with extcap.pdfMegumi Takeshita
 
CloudOpen North America 2013: Vagrant & CFEngine
CloudOpen North America 2013: Vagrant & CFEngineCloudOpen North America 2013: Vagrant & CFEngine
CloudOpen North America 2013: Vagrant & CFEngineNick Anderson
 
Kernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesKernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesAnne Nicolas
 
G3 Summit 2016 - Dockerize your Grails!
G3 Summit 2016 - Dockerize your Grails!G3 Summit 2016 - Dockerize your Grails!
G3 Summit 2016 - Dockerize your Grails!Iván López Martín
 
GR8Conf US 2017 - Dockerize your Grails!
GR8Conf US 2017 - Dockerize your Grails!GR8Conf US 2017 - Dockerize your Grails!
GR8Conf US 2017 - Dockerize your Grails!Iván López Martín
 
EEA Faceted Navigation and Plone 6.pdf
EEA Faceted Navigation and Plone 6.pdfEEA Faceted Navigation and Plone 6.pdf
EEA Faceted Navigation and Plone 6.pdfAlin Voinea
 
RPM experiments
RPM experimentsRPM experiments
RPM experimentsJulien Pivotto
 
Greach 2016 dockerize your grails
Greach 2016 dockerize your grailsGreach 2016 dockerize your grails
Greach 2016 dockerize your grailsIván López Martín
 
Docker to the Rescue of an Ops Team
Docker to the Rescue of an Ops TeamDocker to the Rescue of an Ops Team
Docker to the Rescue of an Ops TeamRachid Zarouali
 
Docker to the Rescue of an Ops Team
Docker to the Rescue of an Ops TeamDocker to the Rescue of an Ops Team
Docker to the Rescue of an Ops TeamDocker, Inc.
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
 
Introduction to vSphere APIs Using pyVmomi
Introduction to vSphere APIs Using pyVmomiIntroduction to vSphere APIs Using pyVmomi
Introduction to vSphere APIs Using pyVmomiMichael Rice
 
Python kansai2019
Python kansai2019Python kansai2019
Python kansai2019Yuta Kashino
 
It Works On My Machine: Vagrant for Software Development
It Works On My Machine: Vagrant for Software DevelopmentIt Works On My Machine: Vagrant for Software Development
It Works On My Machine: Vagrant for Software DevelopmentCarlos Perez
 
k8s practice 2023.pptx
k8s practice 2023.pptxk8s practice 2023.pptx
k8s practice 2023.pptxwonyong hwang
 
Deep dive into Verdaccio - NodeTLV 2022 - Israel
Deep dive into Verdaccio - NodeTLV 2022 - IsraelDeep dive into Verdaccio - NodeTLV 2022 - Israel
Deep dive into Verdaccio - NodeTLV 2022 - IsraelJuan Picado
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry managerToshiaki Baba
 
ONAP integration with opnfv via opera
ONAP integration with opnfv via opera ONAP integration with opnfv via opera
ONAP integration with opnfv via opera OPNFV
 
Dev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingDev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingMarian Marinov
 
Basic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsBasic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsMarian Marinov
 

Weitere ähnliche Inhalte

Ähnlich wie Perl containers

Django & Buildout (en)
Django & Buildout (en)Django & Buildout (en)
Django & Buildout (en)zerok
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructureSergiy Kukunin
 
Wireshark OTG Extend your Wireshark with extcap.pdf
Wireshark OTG Extend your Wireshark with extcap.pdfWireshark OTG Extend your Wireshark with extcap.pdf
Wireshark OTG Extend your Wireshark with extcap.pdfMegumi Takeshita
 
CloudOpen North America 2013: Vagrant & CFEngine
CloudOpen North America 2013: Vagrant & CFEngineCloudOpen North America 2013: Vagrant & CFEngine
CloudOpen North America 2013: Vagrant & CFEngineNick Anderson
 
Kernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesKernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesAnne Nicolas
 
G3 Summit 2016 - Dockerize your Grails!
G3 Summit 2016 - Dockerize your Grails!G3 Summit 2016 - Dockerize your Grails!
G3 Summit 2016 - Dockerize your Grails!Iván López Martín
 
GR8Conf US 2017 - Dockerize your Grails!
GR8Conf US 2017 - Dockerize your Grails!GR8Conf US 2017 - Dockerize your Grails!
GR8Conf US 2017 - Dockerize your Grails!Iván López Martín
 
EEA Faceted Navigation and Plone 6.pdf
EEA Faceted Navigation and Plone 6.pdfEEA Faceted Navigation and Plone 6.pdf
EEA Faceted Navigation and Plone 6.pdfAlin Voinea
 
Docker to the Rescue of an Ops Team
Docker to the Rescue of an Ops TeamDocker to the Rescue of an Ops Team
Docker to the Rescue of an Ops TeamRachid Zarouali
 
Docker to the Rescue of an Ops Team
Docker to the Rescue of an Ops TeamDocker to the Rescue of an Ops Team
Docker to the Rescue of an Ops TeamDocker, Inc.
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKMarian Marinov
 
Introduction to vSphere APIs Using pyVmomi
Introduction to vSphere APIs Using pyVmomiIntroduction to vSphere APIs Using pyVmomi
Introduction to vSphere APIs Using pyVmomiMichael Rice
 
It Works On My Machine: Vagrant for Software Development
It Works On My Machine: Vagrant for Software DevelopmentIt Works On My Machine: Vagrant for Software Development
It Works On My Machine: Vagrant for Software DevelopmentCarlos Perez
 
k8s practice 2023.pptx
k8s practice 2023.pptxk8s practice 2023.pptx
k8s practice 2023.pptxwonyong hwang
 
Deep dive into Verdaccio - NodeTLV 2022 - Israel
Deep dive into Verdaccio - NodeTLV 2022 - IsraelDeep dive into Verdaccio - NodeTLV 2022 - Israel
Deep dive into Verdaccio - NodeTLV 2022 - IsraelJuan Picado
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry managerToshiaki Baba
 
ONAP integration with opnfv via opera
ONAP integration with opnfv via opera ONAP integration with opnfv via opera
ONAP integration with opnfv via opera OPNFV
 

Ähnlich wie Perl containers (20)

Django & Buildout (en)
Django & Buildout (en)Django & Buildout (en)
Django & Buildout (en)
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructure
 
Wireshark OTG Extend your Wireshark with extcap.pdf
Wireshark OTG Extend your Wireshark with extcap.pdfWireshark OTG Extend your Wireshark with extcap.pdf
Wireshark OTG Extend your Wireshark with extcap.pdf
 
CloudOpen North America 2013: Vagrant & CFEngine
CloudOpen North America 2013: Vagrant & CFEngineCloudOpen North America 2013: Vagrant & CFEngine
CloudOpen North America 2013: Vagrant & CFEngine
 
Kernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesKernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source drones
 
G3 Summit 2016 - Dockerize your Grails!
G3 Summit 2016 - Dockerize your Grails!G3 Summit 2016 - Dockerize your Grails!
G3 Summit 2016 - Dockerize your Grails!
 
GR8Conf US 2017 - Dockerize your Grails!
GR8Conf US 2017 - Dockerize your Grails!GR8Conf US 2017 - Dockerize your Grails!
GR8Conf US 2017 - Dockerize your Grails!
 
EEA Faceted Navigation and Plone 6.pdf
EEA Faceted Navigation and Plone 6.pdfEEA Faceted Navigation and Plone 6.pdf
EEA Faceted Navigation and Plone 6.pdf
 
RPM experiments
RPM experimentsRPM experiments
RPM experiments
 
Greach 2016 dockerize your grails
Greach 2016 dockerize your grailsGreach 2016 dockerize your grails
Greach 2016 dockerize your grails
 
Docker to the Rescue of an Ops Team
Docker to the Rescue of an Ops TeamDocker to the Rescue of an Ops Team
Docker to the Rescue of an Ops Team
 
Docker to the Rescue of an Ops Team
Docker to the Rescue of an Ops TeamDocker to the Rescue of an Ops Team
Docker to the Rescue of an Ops Team
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDKDoS and DDoS mitigations with eBPF, XDP and DPDK
DoS and DDoS mitigations with eBPF, XDP and DPDK
 
Introduction to vSphere APIs Using pyVmomi
Introduction to vSphere APIs Using pyVmomiIntroduction to vSphere APIs Using pyVmomi
Introduction to vSphere APIs Using pyVmomi
 
Python kansai2019
Python kansai2019Python kansai2019
Python kansai2019
 
It Works On My Machine: Vagrant for Software Development
It Works On My Machine: Vagrant for Software DevelopmentIt Works On My Machine: Vagrant for Software Development
It Works On My Machine: Vagrant for Software Development
 
k8s practice 2023.pptx
k8s practice 2023.pptxk8s practice 2023.pptx
k8s practice 2023.pptx
 
Deep dive into Verdaccio - NodeTLV 2022 - Israel
Deep dive into Verdaccio - NodeTLV 2022 - IsraelDeep dive into Verdaccio - NodeTLV 2022 - Israel
Deep dive into Verdaccio - NodeTLV 2022 - Israel
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry manager
 
ONAP integration with opnfv via opera
ONAP integration with opnfv via opera ONAP integration with opnfv via opera
ONAP integration with opnfv via opera
 

Mehr von Marian Marinov

Dev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingDev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingMarian Marinov
 
Basic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsBasic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsMarian Marinov
 
Microservices: Benefits, drawbacks and are they for me?
Microservices: Benefits, drawbacks and are they for me?Microservices: Benefits, drawbacks and are they for me?
Microservices: Benefits, drawbacks and are they for me?Marian Marinov
 
Introduction and replication to DragonflyDB
Introduction and replication to DragonflyDBIntroduction and replication to DragonflyDB
Introduction and replication to DragonflyDBMarian Marinov
 
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQMessage Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQMarian Marinov
 
How to successfully migrate to DevOps .pdf
How to successfully migrate to DevOps .pdfHow to successfully migrate to DevOps .pdf
How to successfully migrate to DevOps .pdfMarian Marinov
 
How to survive in the work from home era
How to survive in the work from home eraHow to survive in the work from home era
How to survive in the work from home eraMarian Marinov
 
Improve your storage with bcachefs
Improve your storage with bcachefsImprove your storage with bcachefs
Improve your storage with bcachefsMarian Marinov
 
Control your service resources with systemd
Control your service resources with systemd Control your service resources with systemd
Control your service resources with systemd Marian Marinov
 
Comparison of-foss-distributed-storage
Comparison of-foss-distributed-storageComparison of-foss-distributed-storage
Comparison of-foss-distributed-storageMarian Marinov
 
Защо и как да обогатяваме знанията си?
Защо и как да обогатяваме знанията си?Защо и как да обогатяваме знанията си?
Защо и как да обогатяваме знанията си?Marian Marinov
 
Securing your MySQL server
Securing your MySQL serverSecuring your MySQL server
Securing your MySQL serverMarian Marinov
 
Challenges with high density networks
Challenges with high density networksChallenges with high density networks
Challenges with high density networksMarian Marinov
 
SiteGround building automation
SiteGround building automationSiteGround building automation
SiteGround building automationMarian Marinov
 
Preventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel trackingPreventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel trackingMarian Marinov
 
Managing a lot of servers
Managing a lot of serversManaging a lot of servers
Managing a lot of serversMarian Marinov
 
Let's Encrypt failures
Let's Encrypt failuresLet's Encrypt failures
Let's Encrypt failuresMarian Marinov
 
Preventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel trackingPreventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel trackingMarian Marinov
 

Mehr von Marian Marinov (20)

Dev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & LoggingDev.bg DevOps March 2024 Monitoring & Logging
Dev.bg DevOps March 2024 Monitoring & Logging
 
Basic presentation of cryptography mechanisms
Basic presentation of cryptography mechanismsBasic presentation of cryptography mechanisms
Basic presentation of cryptography mechanisms
 
Microservices: Benefits, drawbacks and are they for me?
Microservices: Benefits, drawbacks and are they for me?Microservices: Benefits, drawbacks and are they for me?
Microservices: Benefits, drawbacks and are they for me?
 
Introduction and replication to DragonflyDB
Introduction and replication to DragonflyDBIntroduction and replication to DragonflyDB
Introduction and replication to DragonflyDB
 
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQMessage Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
 
How to successfully migrate to DevOps .pdf
How to successfully migrate to DevOps .pdfHow to successfully migrate to DevOps .pdf
How to successfully migrate to DevOps .pdf
 
How to survive in the work from home era
How to survive in the work from home eraHow to survive in the work from home era
How to survive in the work from home era
 
Managing sysadmins
Managing sysadminsManaging sysadmins
Managing sysadmins
 
Improve your storage with bcachefs
Improve your storage with bcachefsImprove your storage with bcachefs
Improve your storage with bcachefs
 
Control your service resources with systemd
Control your service resources with systemd Control your service resources with systemd
Control your service resources with systemd
 
Comparison of-foss-distributed-storage
Comparison of-foss-distributed-storageComparison of-foss-distributed-storage
Comparison of-foss-distributed-storage
 
Защо и как да обогатяваме знанията си?
Защо и как да обогатяваме знанията си?Защо и как да обогатяваме знанията си?
Защо и как да обогатяваме знанията си?
 
Securing your MySQL server
Securing your MySQL serverSecuring your MySQL server
Securing your MySQL server
 
Sysadmin vs. dev ops
Sysadmin vs. dev opsSysadmin vs. dev ops
Sysadmin vs. dev ops
 
Challenges with high density networks
Challenges with high density networksChallenges with high density networks
Challenges with high density networks
 
SiteGround building automation
SiteGround building automationSiteGround building automation
SiteGround building automation
 
Preventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel trackingPreventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel tracking
 
Managing a lot of servers
Managing a lot of serversManaging a lot of servers
Managing a lot of servers
 
Let's Encrypt failures
Let's Encrypt failuresLet's Encrypt failures
Let's Encrypt failures
 
Preventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel trackingPreventing cpu side channel attacks with kernel tracking
Preventing cpu side channel attacks with kernel tracking
 

Kürzlich hochgeladen

Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgsaravananr517913
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - GuideGOPINATHS437943
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptJasonTagapanGulla
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 

Kürzlich hochgeladen (20)

young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - Guide
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.ppt
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 

Perl containers

  • 1. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia Create your containers with PerlCreate your containers with Perl
  • 2. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So first... Who am I?So first... Who am I?
  • 3. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So first... Who am I?So first... Who am I? ➢ System Administrator at heartSystem Administrator at heart ➢ Teaching at Sofia UniversityTeaching at Sofia University ➢ Organizing events like this one...Organizing events like this one... ➢ CEO of 1H Ltd.CEO of 1H Ltd. ➢ CTO of GetClouderCTO of GetClouder ➢ Chief architect of Siteground.comChief architect of Siteground.com
  • 4. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia The current state of containers ➢ LXC ➢ Docker ➢ lmctfy ➢ A bunch of other small implementations ➢ Build it your self
  • 5. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia Root inside the containerRoot inside the container   ONLY WITH LXCONLY WITH LXC
  • 6. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So why would you need a Perl implementation ➢ Patching LXC is writing in C... ➢ Writing in C is not very user friendly ➢ If most of your logic is already in Perl... ➢ Keep less moving blocks in your architecture
  • 7. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So what the hell is a container? ➢ chroot ( isolate the directory tree ) ➢ unshare ( create new namespace(s) ) ➢ cgroups ( add limits ) ➢ drop capabilities (optional)
  • 8. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia What do we have in Perl? ➢ Linux::Unshare ➢ Linux::Setns
  • 9. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia What do we need? ➢ Linux::Capabilities ➢ Linux::Networking
  • 10. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia What am I proposing? a toolkit ➢ pc-start ➢ pc-stop ➢ pc-restart ➢ pc-list ➢ pc-top ➢ pc-attach
  • 11. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ pre-read-config hook ➢ read yaml config ➢ post-read-config ➢ prepare cgroup ➢ post-cgroup-setup hook ➢ fork ➢ prepare mount hook ➢ chroot ➢ post-chroot hook ➢ unshare ➢ post-unshare hook ➢ drop caps ➢ post-dropcaps hook ➢ setup networking ➢ post-networking hook ➢ fork -> exec init ➢ post init hook ➢ setup user mappings ➢ post usermap hook So let'sSo let's look inside thelook inside the implementationimplementation in depthin depth pc-startpc-start
  • 12. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ pre-read-config hook ➢ read yaml config ➢ post-read-config ➢ check if there is a cgroup ➢ check if the cgroup is not empty ➢ check if the base device ➢ find a FD from one of the PIDs ➢ pre-attach hook ➢ setns ➢ execute bash -i pc-attachpc-attach
  • 13. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ pre-read-config hook ➢ read yaml config ➢ post-read-config ➢ check if there is a cgroup ➢ check if the cgroup is empty ➢ do pc-attach ➢ execute halt pc-stoppc-stop
  • 14. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ loop trough the configs ➢ check if the cgroup exists ➢ check if the cgroup is empty ➢ check if it has init running inside pc-listpc-list
  • 15. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ Loop trough all the configs ➢ check if the cgroup exists ➢ check if the cgroup is not empty ➢ collect the following stats ➢ cpu usage ➢ memory usage ➢ I/O usage ➢ Network usage ➢ It should allow the admin to ➢ sort each by each resource ➢ handle signals ➢ configure the interface pc-toppc-top
  • 16. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia http://github.com/hackman/azilian