SlideShare ist ein Scribd-Unternehmen logo

Seven problems of Linux containers

Als PPT, PDF herunterladen
OpenVZ
OpenVZ

Kir Kolyshkin

Software
1 von 32
parallels.com || openvz.org || criu.org Seven Problems of Linux Containers Kir Kolyshkin <kir@openvz.org> 28 April 2013 LinuxFest Northwest
parallels.com || openvz.org || criu.org Seventy Seven Problems of Linux Containers Kir Kolyshkin <kir@openvz.org> 28 April 2013 LinuxFest Northwest (of which I am going to cover six)
parallels.com || openvz.org || criu.org Problem 1: Effective virtualization ● Virtualization is partitioning ● Historical way: $M mainframes ● Modern way: virtual machines ● Problem: performance overhead ● Partial solution: hardware support (Intel VT, AMD V)
parallels.com || openvz.org || criu.org Solution: isolation ● Run many isolated userspace instances on top of sone single (Linux) kernel ● All processes see each other – files, process information, network, shared memory, users, etc. ● Make them unsee it!
parallels.com || openvz.org || criu.org
parallels.com || openvz.org || criu.org One historical way to unsee chroot()
parallels.com || openvz.org || criu.org Namespaces ● Implemented in the Linux kernel – PID – net – IPC – UTS – mnt – user ● clone() with CLONE_NEW* flags
parallels.com || openvz.org || criu.org Problem 2: Shared resources ● All containers share the same set of resources (CPU, RAM, disk, various kernel things ...) ● Need fair distribution of goods so everyone gets their share ● Need DoS prevention ● Need prioritization – “All animals are equal, but some animals are more equal than others” -- George Orwell
parallels.com || openvz.org || criu.org
parallels.com || openvz.org || criu.org Solution: OpenVZ resource controls ● OpenVZ: – user beancounters ● controls 20 parameters – hierarchical CPU scheduler – disk quota per containers – I/O priorities per-container ● Dynamic control, can “resize” runtime
parallels.com || openvz.org || criu.org Solution: cgroups ● Cgroups is a mechanism to control resources per hierarchical groups of processes ● Cgroups is nothing without controllers: – blkio, cpu, cpuacct, cpuset, devices, freezer, memory, net_cls, net_prio ● Cgroups are orthogonal to namespaces ● Still a work in progress (kernel memory)
parallels.com || openvz.org || criu.org Problem 3: easy resources ● User Beancounters are complicated: – http://wiki.openvz.org/UBC_consistency_check – user has to set all these parameters – some of which are interdependent ● We created a collection of valid configs, ● ... wrote a whole book about UBC ● ... and a set of tools to help
parallels.com || openvz.org || criu.org
parallels.com || openvz.org || criu.org Solution: VSwap ● Only two primary parameters: RAM and swap – others still exist, but no longer required to set ● Swap is virtual, no actual I/O is performed ● Slow down to emulate real swap ● Only when actual global RAM shortage occurs, virtual swap goes into the real swap ● Currently only available in OpenVZ kernel
parallels.com || openvz.org || criu.org Problem 4: fast live migration ● We can migrate an OpenVZ container from one physical server to another without a shutdown ● We want to do it fast even for huge containers – huge disk: use shared storage – huge RAM: ???
parallels.com || openvz.org || criu.org Normal migration process ● (Assuming shared storage) ● 1 Freeze the container ● 2 Dump its complete state to a dump file ● 3 Copy dump file to destination server ● 4 Undump ● 5 Unfreeze ● Problem: huge dump file
parallels.com || openvz.org || criu.org Solution 1: network swap ● 1 Dump the minimal memory, lock the rest ● 2 Restore the minimal memory, mark the rest as swapped out ● 3 Set up network swap from the source ● 4 Unfreeze. Missing RAM will be “swapped in” ● 5 Migrate the rest of RAM and kill it on source
parallels.com || openvz.org || criu.org
parallels.com || openvz.org || criu.org Solution 1: network swap ● 1 Dump the minimal memory, lock the rest ● 2 Copy, undump what we have, mark the rest as swapped out ● 3 Set up network swap served from the source ● 4 Unfreeze. Missing RAM will be “swapped in” ● 5 Migrate the rest of RAM and kill it on source ● PROBLEM? Reliability, no way to rollback
parallels.com || openvz.org || criu.org Solution 2: Iterative RAM migration ● 1 Ask kernel to track modified pages ● 2 Copy all memory to destination system ● 3 Ask kernel for list of modified pages ● 4 Copy those pages ● 5 GOTO 3 until satisfied ● 6 Freeze and do migration as usual
parallels.com || openvz.org || criu.org Problem 5: upstreaming ● OpenVZ was developed separately ● Then we wanted to merge it upstream (i.e. to vanilla Linux kernel) ● Problem?
parallels.com || openvz.org || criu.org
parallels.com || openvz.org || criu.org Problem 5: upstreaming ● OpenVZ was developed separately ● Then we wanted to merge it upstream (i.e. to vanilla Linux kernel) ● Problem: ● upstream devs are not accepting our work
parallels.com || openvz.org || criu.org Solution 1: rewrite from scratch ● User Beancounters -> CGroups ● Did 2 rewrites for PID namespace until it finally got accepted ● Network namespace redone ● It works! ● about 1500 patches got landed to vanilla ● II Parallels made it to top10 contributors
parallels.com || openvz.org || criu.org Solution 2: CRIU ● We tried hard to merge checkpoint/restore ● Other people tried hard too, no luck ● Can't make it to the kernel, let's go userspace ● With minimal kernel intervention when required ● Kernel exports most of information already, so let's just add missing bits and pieces
parallels.com || openvz.org || criu.org CRIU ● Checkpoint / Restore (mostly) In Userspace Tools currently at version 0.4 ● Will do 1.0 release this year ● Kernel 3.8 has about 120 patches from us – 95% of needed features are there ● Memory snapshot recently made it to -mm tree
parallels.com || openvz.org || criu.org
parallels.com || openvz.org || criu.org Problem 6: common file system ● Container is just a directory on host, all CTs reside on the same FS ● File system journal is a bottleneck ● Lots of small-size files I/O on CT backup ● No sub-tree disk quota support in upstream ● No per-container snapshots ● Live migration: rsync -- changed inodes ● File system type and properties are fixed
parallels.com || openvz.org || criu.org Solution 1: LVM ● Only works only on top of block device ● Hard to manage (e.g. how to migrate huge volume?) ● No dynamic allocation ● Complicated management
parallels.com || openvz.org || criu.org Solution 2: loop device ● VFS operations leads to double page-caching – (already fixed in the recent kernels) ● No dynamic allocation, max space is used ● Limited feature set
parallels.com || openvz.org || criu.org Solution 3: ploop ● Basic idea: same as loop, just better ● Modular design: – various image formats (qcow2 in TODO) – various I/O backends ● More features: – live resize – instant live snapshots – write tracker to help in live migration
parallels.com || openvz.org || criu.org Any problems questions? ● kir@openvz.org ● Twitter: @kolyshkin

Empfohlen

Kонтейнерная виртуализация в продуктах parallels прошлое, настоящее и будущее.
Kонтейнерная виртуализация в продуктах parallels прошлое, настоящее и будущее.Kонтейнерная виртуализация в продуктах parallels прошлое, настоящее и будущее.
Kонтейнерная виртуализация в продуктах parallels прошлое, настоящее и будущее.
WG_ Events
 
N problems of Linux Containers
N problems of Linux ContainersN problems of Linux Containers
N problems of Linux Containers
Kirill Kolyshkin
 
Seven problems of Linux Containers
Seven problems of Linux ContainersSeven problems of Linux Containers
Seven problems of Linux Containers
Kirill Kolyshkin
 
OpenZFS - BSDcan 2014
OpenZFS - BSDcan 2014OpenZFS - BSDcan 2014
OpenZFS - BSDcan 2014
Matthew Ahrens
 
Kernel Recipes 2016 - Kernel documentation: what we have and where it’s going
Kernel Recipes 2016 - Kernel documentation: what we have and where it’s goingKernel Recipes 2016 - Kernel documentation: what we have and where it’s going
Kernel Recipes 2016 - Kernel documentation: what we have and where it’s going
Anne Nicolas
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
Nitish Jadia
 
OpenZFS at LinuxCon
OpenZFS at LinuxConOpenZFS at LinuxCon
OpenZFS at LinuxCon
Matthew Ahrens
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo..."Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
Yandex
 

Empfohlen

Kонтейнерная виртуализация в продуктах parallels прошлое, настоящее и будущее.
Kонтейнерная виртуализация в продуктах parallels прошлое, настоящее и будущее.Kонтейнерная виртуализация в продуктах parallels прошлое, настоящее и будущее.
Kонтейнерная виртуализация в продуктах parallels прошлое, настоящее и будущее.
WG_ Events
 
N problems of Linux Containers
N problems of Linux ContainersN problems of Linux Containers
N problems of Linux Containers
Kirill Kolyshkin
 
Seven problems of Linux Containers
Seven problems of Linux ContainersSeven problems of Linux Containers
Seven problems of Linux Containers
Kirill Kolyshkin
 
OpenZFS - BSDcan 2014
OpenZFS - BSDcan 2014OpenZFS - BSDcan 2014
OpenZFS - BSDcan 2014
Matthew Ahrens
 
Kernel Recipes 2016 - Kernel documentation: what we have and where it’s going
Kernel Recipes 2016 - Kernel documentation: what we have and where it’s goingKernel Recipes 2016 - Kernel documentation: what we have and where it’s going
Kernel Recipes 2016 - Kernel documentation: what we have and where it’s going
Anne Nicolas
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
Nitish Jadia
 
OpenZFS at LinuxCon
OpenZFS at LinuxConOpenZFS at LinuxCon
OpenZFS at LinuxCon
Matthew Ahrens
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo..."Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
Yandex
 
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
dotCloud
 
Linux Virtualization
Linux VirtualizationLinux Virtualization
Linux Virtualization
OpenVZ
 
Lcna example-2012
Lcna example-2012Lcna example-2012
Lcna example-2012
Gluster.org
 
Sdc 2012-challenges
Sdc 2012-challengesSdc 2012-challenges
Sdc 2012-challenges
Gluster.org
 
Codemotion Rome 2015. GlusterFS
Codemotion Rome 2015. GlusterFSCodemotion Rome 2015. GlusterFS
Codemotion Rome 2015. GlusterFS
Roberto Franchini
 
GlusterFs: a scalable file system for today's and tomorrow's big data
GlusterFs: a scalable file system for today's and tomorrow's big dataGlusterFs: a scalable file system for today's and tomorrow's big data
GlusterFs: a scalable file system for today's and tomorrow's big data
Roberto Franchini
 
OpenZFS code repository
OpenZFS code repositoryOpenZFS code repository
OpenZFS code repository
Matthew Ahrens
 
OpenZFS - AsiaBSDcon
OpenZFS - AsiaBSDconOpenZFS - AsiaBSDcon
OpenZFS - AsiaBSDcon
Matthew Ahrens
 
OpenZFS send and receive
OpenZFS send and receiveOpenZFS send and receive
OpenZFS send and receive
Matthew Ahrens
 
Gluster d thread_synchronization_using_urcu_lca2016
Gluster d thread_synchronization_using_urcu_lca2016Gluster d thread_synchronization_using_urcu_lca2016
Gluster d thread_synchronization_using_urcu_lca2016
Gluster.org
 
OpenZFS Channel programs
OpenZFS Channel programsOpenZFS Channel programs
OpenZFS Channel programs
Matthew Ahrens
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project Feedback
NETWAYS
 
How can OpenNebula fit your needs - OpenNebulaConf 2013
How can OpenNebula fit your needs - OpenNebulaConf 2013 How can OpenNebula fit your needs - OpenNebulaConf 2013
How can OpenNebula fit your needs - OpenNebulaConf 2013
Maxence Dunnewind
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
dotCloud
 
Gluster intro-tdose
Gluster intro-tdoseGluster intro-tdose
Gluster intro-tdose
Gluster.org
 
Gluster technical overview
Gluster technical overviewGluster technical overview
Gluster technical overview
Gluster.org
 
Kernel Recipes 2017 - 20 years of Linux Virtual Memory - Andrea Arcangeli
Kernel Recipes 2017 - 20 years of Linux Virtual Memory - Andrea ArcangeliKernel Recipes 2017 - 20 years of Linux Virtual Memory - Andrea Arcangeli
Kernel Recipes 2017 - 20 years of Linux Virtual Memory - Andrea Arcangeli
Anne Nicolas
 
OpenWrt From Top to Bottom
OpenWrt From Top to BottomOpenWrt From Top to Bottom
OpenWrt From Top to Bottom
Kernel TLV
 
File Systems: Why, How and Where
File Systems: Why, How and WhereFile Systems: Why, How and Where
File Systems: Why, How and Where
Kernel TLV
 
20160401 guster-roadmap
20160401 guster-roadmap20160401 guster-roadmap
20160401 guster-roadmap
Gluster.org
 
Fidelizacion museos
Fidelizacion museosFidelizacion museos
Fidelizacion museos
Aicila Torlo
 
Portfolio
PortfolioPortfolio
Portfolio
Mále Ibarra-James
 

Weitere ähnliche Inhalte

Was ist angesagt?

How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project Feedback
NETWAYS
 

Was ist angesagt? (20)

Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
 
Linux Virtualization
Linux VirtualizationLinux Virtualization
Linux Virtualization
 
Lcna example-2012
Lcna example-2012Lcna example-2012
Lcna example-2012
 
Sdc 2012-challenges
Sdc 2012-challengesSdc 2012-challenges
Sdc 2012-challenges
 
Codemotion Rome 2015. GlusterFS
Codemotion Rome 2015. GlusterFSCodemotion Rome 2015. GlusterFS
Codemotion Rome 2015. GlusterFS
 
GlusterFs: a scalable file system for today's and tomorrow's big data
GlusterFs: a scalable file system for today's and tomorrow's big dataGlusterFs: a scalable file system for today's and tomorrow's big data
GlusterFs: a scalable file system for today's and tomorrow's big data
 
OpenZFS code repository
OpenZFS code repositoryOpenZFS code repository
OpenZFS code repository
 
OpenZFS - AsiaBSDcon
OpenZFS - AsiaBSDconOpenZFS - AsiaBSDcon
OpenZFS - AsiaBSDcon
 
OpenZFS send and receive
OpenZFS send and receiveOpenZFS send and receive
OpenZFS send and receive
 
Gluster d thread_synchronization_using_urcu_lca2016
Gluster d thread_synchronization_using_urcu_lca2016Gluster d thread_synchronization_using_urcu_lca2016
Gluster d thread_synchronization_using_urcu_lca2016
 
OpenZFS Channel programs
OpenZFS Channel programsOpenZFS Channel programs
OpenZFS Channel programs
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project Feedback
 
How can OpenNebula fit your needs - OpenNebulaConf 2013
How can OpenNebula fit your needs - OpenNebulaConf 2013 How can OpenNebula fit your needs - OpenNebulaConf 2013
How can OpenNebula fit your needs - OpenNebulaConf 2013
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
 
Gluster intro-tdose
Gluster intro-tdoseGluster intro-tdose
Gluster intro-tdose
 
Gluster technical overview
Gluster technical overviewGluster technical overview
Gluster technical overview
 
Kernel Recipes 2017 - 20 years of Linux Virtual Memory - Andrea Arcangeli
Kernel Recipes 2017 - 20 years of Linux Virtual Memory - Andrea ArcangeliKernel Recipes 2017 - 20 years of Linux Virtual Memory - Andrea Arcangeli
Kernel Recipes 2017 - 20 years of Linux Virtual Memory - Andrea Arcangeli
 
OpenWrt From Top to Bottom
OpenWrt From Top to BottomOpenWrt From Top to Bottom
OpenWrt From Top to Bottom
 
File Systems: Why, How and Where
File Systems: Why, How and WhereFile Systems: Why, How and Where
File Systems: Why, How and Where
 
20160401 guster-roadmap
20160401 guster-roadmap20160401 guster-roadmap
20160401 guster-roadmap
 

Andere mochten auch

Fidelizacion museos
Fidelizacion museosFidelizacion museos
Fidelizacion museos
Aicila Torlo
 
What is Study Island?
What is Study Island?What is Study Island?
What is Study Island?
dkeddie
 
Shakespeares Globe Theatre
Shakespeares Globe TheatreShakespeares Globe Theatre
Shakespeares Globe Theatre
BiaEsteves
 

Andere mochten auch (20)

Fidelizacion museos
Fidelizacion museosFidelizacion museos
Fidelizacion museos
 
Portfolio
PortfolioPortfolio
Portfolio
 
What is Study Island?
What is Study Island?What is Study Island?
What is Study Island?
 
0815FINAL.FULLPDFTop200
0815FINAL.FULLPDFTop2000815FINAL.FULLPDFTop200
0815FINAL.FULLPDFTop200
 
Insight Magazine
Insight MagazineInsight Magazine
Insight Magazine
 
Estampas, Independencia y Revolución en el MUNAE
Estampas, Independencia y Revolución en el MUNAEEstampas, Independencia y Revolución en el MUNAE
Estampas, Independencia y Revolución en el MUNAE
 
Panbiogeografia en Haemagogus
Panbiogeografia en HaemagogusPanbiogeografia en Haemagogus
Panbiogeografia en Haemagogus
 
TheSummit_Summer_2013
TheSummit_Summer_2013TheSummit_Summer_2013
TheSummit_Summer_2013
 
Top ten attractions in Portland
Top ten attractions in PortlandTop ten attractions in Portland
Top ten attractions in Portland
 
Air Quality Compliance Affecting Oil and Gas Development
Air Quality Compliance Affecting Oil and Gas DevelopmentAir Quality Compliance Affecting Oil and Gas Development
Air Quality Compliance Affecting Oil and Gas Development
 
Naica crystalcavemexico
Naica crystalcavemexicoNaica crystalcavemexico
Naica crystalcavemexico
 
Media Trifecta For Non-Profit Marketing
Media Trifecta For Non-Profit MarketingMedia Trifecta For Non-Profit Marketing
Media Trifecta For Non-Profit Marketing
 
Ils 499 graphics project barnard
Ils 499 graphics project barnardIls 499 graphics project barnard
Ils 499 graphics project barnard
 
Hierba Artificial
Hierba ArtificialHierba Artificial
Hierba Artificial
 
Lcca
LccaLcca
Lcca
 
Quello che resta
Quello che restaQuello che resta
Quello che resta
 
Tobii T60 Xl User Manual S
Tobii T60 Xl User Manual STobii T60 Xl User Manual S
Tobii T60 Xl User Manual S
 
La india alba f 2
La india alba f 2La india alba f 2
La india alba f 2
 
Shakespeares Globe Theatre
Shakespeares Globe TheatreShakespeares Globe Theatre
Shakespeares Globe Theatre
 
How To Drive Webinar Registration | ON24 Infographic
How To Drive Webinar Registration | ON24 InfographicHow To Drive Webinar Registration | ON24 Infographic
How To Drive Webinar Registration | ON24 Infographic
 

Ähnlich wie Seven problems of Linux containers

OpenVZ Linux Containers
OpenVZ Linux ContainersOpenVZ Linux Containers
OpenVZ Linux Containers
Kirill Kolyshkin
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Docker, Inc.
 
Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
David Timothy Strauss
 
LXC Containers and AUFs
LXC Containers and AUFsLXC Containers and AUFs
LXC Containers and AUFs
Docker, Inc.
 

Ähnlich wie Seven problems of Linux containers (20)

N problems of Linux containers
N problems of Linux containersN problems of Linux containers
N problems of Linux containers
 
OpenVZ Linux Containers
OpenVZ Linux ContainersOpenVZ Linux Containers
OpenVZ Linux Containers
 
OpenVZ, Virtuozzo and Docker
OpenVZ, Virtuozzo and DockerOpenVZ, Virtuozzo and Docker
OpenVZ, Virtuozzo and Docker
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
 
Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!
 
Openvz booth
Openvz boothOpenvz booth
Openvz booth
 
Java in containers
Java in containersJava in containers
Java in containers
 
Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
 
Linux Memory Basics for SysAdmins - ChinaNetCloud Training
Linux Memory Basics for SysAdmins - ChinaNetCloud TrainingLinux Memory Basics for SysAdmins - ChinaNetCloud Training
Linux Memory Basics for SysAdmins - ChinaNetCloud Training
 
LXC Containers and AUFs
LXC Containers and AUFsLXC Containers and AUFs
LXC Containers and AUFs
 
An Introduction To Linux
An Introduction To LinuxAn Introduction To Linux
An Introduction To Linux
 
Systemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to loveSystemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to love
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroups
 
OpenVZ Linux containers
OpenVZ Linux containersOpenVZ Linux containers
OpenVZ Linux containers
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embedded
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12x
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux Kernel
 
Linux-HA with Pacemaker
Linux-HA with PacemakerLinux-HA with Pacemaker
Linux-HA with Pacemaker
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作
 
Containers - Cloud Phoenix March Meetup
Containers - Cloud Phoenix March MeetupContainers - Cloud Phoenix March Meetup
Containers - Cloud Phoenix March Meetup
 

Mehr von OpenVZ

Speeding up ps and top
Speeding up ps and topSpeeding up ps and top
Speeding up ps and top
OpenVZ
 
Live migration: pros, cons and gotchas -- Pavel Emelyanov
Live migration: pros, cons and gotchas -- Pavel EmelyanovLive migration: pros, cons and gotchas -- Pavel Emelyanov
Live migration: pros, cons and gotchas -- Pavel Emelyanov
OpenVZ
 

Mehr von OpenVZ (20)

PFcache - LinuxCon 2015
PFcache - LinuxCon 2015PFcache - LinuxCon 2015
PFcache - LinuxCon 2015
 
Speeding up ps and top
Speeding up ps and topSpeeding up ps and top
Speeding up ps and top
 
Live migration: pros, cons and gotchas -- Pavel Emelyanov
Live migration: pros, cons and gotchas -- Pavel EmelyanovLive migration: pros, cons and gotchas -- Pavel Emelyanov
Live migration: pros, cons and gotchas -- Pavel Emelyanov
 
Live migrating a container: pros, cons and gotchas -- Pavel Emelyanov
Live migrating a container: pros, cons and gotchas -- Pavel EmelyanovLive migrating a container: pros, cons and gotchas -- Pavel Emelyanov
Live migrating a container: pros, cons and gotchas -- Pavel Emelyanov
 
CRIU: time and space travel for Linux containers -- Kir Kolyshkin
CRIU: time and space travel for Linux containers -- Kir KolyshkinCRIU: time and space travel for Linux containers -- Kir Kolyshkin
CRIU: time and space travel for Linux containers -- Kir Kolyshkin
 
Тестирование ПО, основанного на сторонних компонентах - Денис Силаков, SECR 2015
Тестирование ПО, основанного на сторонних компонентах - Денис Силаков, SECR 2015Тестирование ПО, основанного на сторонних компонентах - Денис Силаков, SECR 2015
Тестирование ПО, основанного на сторонних компонентах - Денис Силаков, SECR 2015
 
Живая миграция: плюсы, минусы и подводные камни - Павел Емельянов
Живая миграция: плюсы, минусы и подводные камни - Павел ЕмельяновЖивая миграция: плюсы, минусы и подводные камни - Павел Емельянов
Живая миграция: плюсы, минусы и подводные камни - Павел Емельянов
 
What's missing from upstream kernel containers? - Sergey Bronnikov
What's missing from upstream kernel containers? - Sergey BronnikovWhat's missing from upstream kernel containers? - Sergey Bronnikov
What's missing from upstream kernel containers? - Sergey Bronnikov
 
Проблема фрагментации виртуальных дисков и способы её решения -- Дмитрий Монахов
Проблема фрагментации виртуальных дисков и способы её решения -- Дмитрий МонаховПроблема фрагментации виртуальных дисков и способы её решения -- Дмитрий Монахов
Проблема фрагментации виртуальных дисков и способы её решения -- Дмитрий Монахов
 
Развёртывание приложений Docker в контейнерах Virtuozzo -- Павел Тихомиров
Развёртывание приложений Docker в контейнерах Virtuozzo -- Павел ТихомировРазвёртывание приложений Docker в контейнерах Virtuozzo -- Павел Тихомиров
Развёртывание приложений Docker в контейнерах Virtuozzo -- Павел Тихомиров
 
CRIU: ускорение запуска PHP в CloudLinux OS -- Руслан Купреев
CRIU: ускорение запуска PHP в CloudLinux OS -- Руслан КупреевCRIU: ускорение запуска PHP в CloudLinux OS -- Руслан Купреев
CRIU: ускорение запуска PHP в CloudLinux OS -- Руслан Купреев
 
LibCT и контейнеры на уровне приложений -- Александр Бурлука
LibCT и контейнеры на уровне приложений -- Александр Бурлука LibCT и контейнеры на уровне приложений -- Александр Бурлука
LibCT и контейнеры на уровне приложений -- Александр Бурлука
 
Управление памятью контейнеров в проекте OpenVZ -- Владимир Давыдов
Управление памятью контейнеров в проекте OpenVZ -- Владимир ДавыдовУправление памятью контейнеров в проекте OpenVZ -- Владимир Давыдов
Управление памятью контейнеров в проекте OpenVZ -- Владимир Давыдов
 
Живая миграция контейнеров: плюсы, минусы, подводные камни -- Павел Емельянов
Живая миграция контейнеров: плюсы, минусы, подводные камни -- Павел ЕмельяновЖивая миграция контейнеров: плюсы, минусы, подводные камни -- Павел Емельянов
Живая миграция контейнеров: плюсы, минусы, подводные камни -- Павел Емельянов
 
LibCT: one lib to rule them all -- Andrey Vagin
LibCT: one lib to rule them all -- Andrey VaginLibCT: one lib to rule them all -- Andrey Vagin
LibCT: one lib to rule them all -- Andrey Vagin
 
Denser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel EmelyanovDenser containers with PF cache - Pavel Emelyanov
Denser containers with PF cache - Pavel Emelyanov
 
CGroups kernel memory controller -- Pavel Emelyanov
CGroups kernel memory controller -- Pavel EmelyanovCGroups kernel memory controller -- Pavel Emelyanov
CGroups kernel memory controller -- Pavel Emelyanov
 
What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...
What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...
What's missing from upstream kernel containers? - Kir Kolyshkin, Sergey Bronn...
 
Not so brief history of Linux Containers - Kir Kolyshkin
Not so brief history of Linux Containers - Kir KolyshkinNot so brief history of Linux Containers - Kir Kolyshkin
Not so brief history of Linux Containers - Kir Kolyshkin
 
Управление ресурсами в Linux и OpenVZ
Управление ресурсами в Linux и OpenVZ Управление ресурсами в Linux и OpenVZ
Управление ресурсами в Linux и OpenVZ
 

Kürzlich hochgeladen

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 

Kürzlich hochgeladen (20)

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 

Seven problems of Linux containers

  • 1. parallels.com || openvz.org || criu.org Seven Problems of Linux Containers Kir Kolyshkin <kir@openvz.org> 28 April 2013 LinuxFest Northwest
  • 2. parallels.com || openvz.org || criu.org Seventy Seven Problems of Linux Containers Kir Kolyshkin <kir@openvz.org> 28 April 2013 LinuxFest Northwest (of which I am going to cover six)
  • 3. parallels.com || openvz.org || criu.org Problem 1: Effective virtualization ● Virtualization is partitioning ● Historical way: $M mainframes ● Modern way: virtual machines ● Problem: performance overhead ● Partial solution: hardware support (Intel VT, AMD V)
  • 4. parallels.com || openvz.org || criu.org Solution: isolation ● Run many isolated userspace instances on top of sone single (Linux) kernel ● All processes see each other – files, process information, network, shared memory, users, etc. ● Make them unsee it!
  • 6. parallels.com || openvz.org || criu.org One historical way to unsee chroot()
  • 7. parallels.com || openvz.org || criu.org Namespaces ● Implemented in the Linux kernel – PID – net – IPC – UTS – mnt – user ● clone() with CLONE_NEW* flags
  • 8. parallels.com || openvz.org || criu.org Problem 2: Shared resources ● All containers share the same set of resources (CPU, RAM, disk, various kernel things ...) ● Need fair distribution of goods so everyone gets their share ● Need DoS prevention ● Need prioritization – “All animals are equal, but some animals are more equal than others” -- George Orwell
  • 10. parallels.com || openvz.org || criu.org Solution: OpenVZ resource controls ● OpenVZ: – user beancounters ● controls 20 parameters – hierarchical CPU scheduler – disk quota per containers – I/O priorities per-container ● Dynamic control, can “resize” runtime
  • 11. parallels.com || openvz.org || criu.org Solution: cgroups ● Cgroups is a mechanism to control resources per hierarchical groups of processes ● Cgroups is nothing without controllers: – blkio, cpu, cpuacct, cpuset, devices, freezer, memory, net_cls, net_prio ● Cgroups are orthogonal to namespaces ● Still a work in progress (kernel memory)
  • 12. parallels.com || openvz.org || criu.org Problem 3: easy resources ● User Beancounters are complicated: – http://wiki.openvz.org/UBC_consistency_check – user has to set all these parameters – some of which are interdependent ● We created a collection of valid configs, ● ... wrote a whole book about UBC ● ... and a set of tools to help
  • 14. parallels.com || openvz.org || criu.org Solution: VSwap ● Only two primary parameters: RAM and swap – others still exist, but no longer required to set ● Swap is virtual, no actual I/O is performed ● Slow down to emulate real swap ● Only when actual global RAM shortage occurs, virtual swap goes into the real swap ● Currently only available in OpenVZ kernel
  • 15. parallels.com || openvz.org || criu.org Problem 4: fast live migration ● We can migrate an OpenVZ container from one physical server to another without a shutdown ● We want to do it fast even for huge containers – huge disk: use shared storage – huge RAM: ???
  • 16. parallels.com || openvz.org || criu.org Normal migration process ● (Assuming shared storage) ● 1 Freeze the container ● 2 Dump its complete state to a dump file ● 3 Copy dump file to destination server ● 4 Undump ● 5 Unfreeze ● Problem: huge dump file
  • 17. parallels.com || openvz.org || criu.org Solution 1: network swap ● 1 Dump the minimal memory, lock the rest ● 2 Restore the minimal memory, mark the rest as swapped out ● 3 Set up network swap from the source ● 4 Unfreeze. Missing RAM will be “swapped in” ● 5 Migrate the rest of RAM and kill it on source
  • 19. parallels.com || openvz.org || criu.org Solution 1: network swap ● 1 Dump the minimal memory, lock the rest ● 2 Copy, undump what we have, mark the rest as swapped out ● 3 Set up network swap served from the source ● 4 Unfreeze. Missing RAM will be “swapped in” ● 5 Migrate the rest of RAM and kill it on source ● PROBLEM? Reliability, no way to rollback
  • 20. parallels.com || openvz.org || criu.org Solution 2: Iterative RAM migration ● 1 Ask kernel to track modified pages ● 2 Copy all memory to destination system ● 3 Ask kernel for list of modified pages ● 4 Copy those pages ● 5 GOTO 3 until satisfied ● 6 Freeze and do migration as usual
  • 21. parallels.com || openvz.org || criu.org Problem 5: upstreaming ● OpenVZ was developed separately ● Then we wanted to merge it upstream (i.e. to vanilla Linux kernel) ● Problem?
  • 23. parallels.com || openvz.org || criu.org Problem 5: upstreaming ● OpenVZ was developed separately ● Then we wanted to merge it upstream (i.e. to vanilla Linux kernel) ● Problem: ● upstream devs are not accepting our work
  • 24. parallels.com || openvz.org || criu.org Solution 1: rewrite from scratch ● User Beancounters -> CGroups ● Did 2 rewrites for PID namespace until it finally got accepted ● Network namespace redone ● It works! ● about 1500 patches got landed to vanilla ● II Parallels made it to top10 contributors
  • 25. parallels.com || openvz.org || criu.org Solution 2: CRIU ● We tried hard to merge checkpoint/restore ● Other people tried hard too, no luck ● Can't make it to the kernel, let's go userspace ● With minimal kernel intervention when required ● Kernel exports most of information already, so let's just add missing bits and pieces
  • 26. parallels.com || openvz.org || criu.org CRIU ● Checkpoint / Restore (mostly) In Userspace Tools currently at version 0.4 ● Will do 1.0 release this year ● Kernel 3.8 has about 120 patches from us – 95% of needed features are there ● Memory snapshot recently made it to -mm tree
  • 28. parallels.com || openvz.org || criu.org Problem 6: common file system ● Container is just a directory on host, all CTs reside on the same FS ● File system journal is a bottleneck ● Lots of small-size files I/O on CT backup ● No sub-tree disk quota support in upstream ● No per-container snapshots ● Live migration: rsync -- changed inodes ● File system type and properties are fixed
  • 29. parallels.com || openvz.org || criu.org Solution 1: LVM ● Only works only on top of block device ● Hard to manage (e.g. how to migrate huge volume?) ● No dynamic allocation ● Complicated management
  • 30. parallels.com || openvz.org || criu.org Solution 2: loop device ● VFS operations leads to double page-caching – (already fixed in the recent kernels) ● No dynamic allocation, max space is used ● Limited feature set
  • 31. parallels.com || openvz.org || criu.org Solution 3: ploop ● Basic idea: same as loop, just better ● Modular design: – various image formats (qcow2 in TODO) – various I/O backends ● More features: – live resize – instant live snapshots – write tracker to help in live migration
  • 32. parallels.com || openvz.org || criu.org Any problems questions? ● kir@openvz.org ● Twitter: @kolyshkin