@Wurth PhoenixBozenMay 06, 2016

Introduction to containers:A practical session using

CoreOs and Docker

Alessandro MartelloneSenior Software Engineer@a_martellone

Summary

● Cloud computing stack: IaaS, PaaS, SaaS ● Containers solutions

○ LXC (LinuX Container), Docker, CoreOs, OpenVirtuozzo, Kubernetes....

● CoreOS● Microservices architectures● A practical lab through CoreOS and Docker● Extras: JElastic

○ PaaS: can be defined as a computing platform that allows the creation of applications

quickly and easily and without the complexity of buying and maintaining the software and

infrastructure below it*.

* Rackspace: https://support.rackspace.com/white-paper/understanding-the-cloud-computing-stack-saas-paas-iaas/

INTRODUCTION

Cloud Computing Stack

Virtualization solutions

● The cloud relies on virtualization techniques to achieve elasticity of large scale shared resources.○ On-demand, broad network access, resource pooling, rapid elasticity, measured service.

● Cloud computing is moving from centralised, large-scale data centres to a more distributed multi-cloud.

● Containers are a more lightweight virtualisation concept ( i.e. less resource and time consuming).

● VMs and containers are both virtualisation techniques but solve different problems.

VM ≠ Container

VM ≠ Container The container engine manages just the application and its dependencies.

Hypervisor is a software component that is able to virtualize system resources such as memory, storage, CPUs, networking..

Virtualization solutions● Containers are tools/components/blocks for delivering software. ● Focused on portability, distribution and interoperability.● Whereas, VMs are focused on infrastructure resources virtualisation.● Containers as VMs provide an isolated, discrete and separate space for

applications (memory, storage, network resources) .● Unlike a VM, in a container you are not running a complete instance or

image of an operating system, with kernels, drivers, and shared libraries.

Linux Containers

● First release: 2008● https://linuxcontainers.org/● LXC 1.0 in Ubuntu 14.04 LTS (Long Term

Support)● Namespace isolation: allows groups of

processes to be separated not allowing them to see resources in other groups;

● cgroups (control groups) manage and limit resource access for process groups: multi-tenant isolation. E.g. in Docker by --cgroup-parent it is possible to pass constraints on resources (RAM, CPU,...)

Docker● https://www.docker.com/● Docker builds its solution on LXC techniques.● On root filesystem, it mounts several filesystems on top of

each other (using the union fs), which allows creating new images by building on top of base images. Only the top layer is writeable.

● What are the main Docker components?○ Docker engine: the core. It build, runs and manages

containers;○ Docker hub: platform for sharing Docker containers;○ Docker registry: handles the images (provided with the

Docker hub);○ Docker images: a read-only template;

● Applications can connect to other application/server inside a Docker container by port, through different containers by link.

CoreOS

CoreOS● A minimal Linux distribution, Container-optimized, built to deploy

distributed application across a cluster of nodes.● It supports both Docker and Rkt container runtime.● It provides process isolation and also allows applications to be

moved throughout a cluster easily.● Huge focus on security: CoreOS mission is “Secure the Internet”.● A read-only rootfs.● Automatic updates by A and B partitions.

Supported Platforms● AWS, GCE, Microsoft Azure, OpenStack● Bare metal● Vagrant

CoreOs components● systemd: a system and service

manager used by CoreOs to start, stop and manage processes (ordering and execution of all users processes).

● etcd: a distributed key-value store used by all nodes to share configuration data and services details (e.g. service IP address and port number)

● fleetd: cluster manager that orchestrates services across the cluster.

● Master-slave model● A least-loaded

scheduling algorithm is used to schedule the unit to the appropriate node.

● In order to orchestrate a containers cluster, a solution as Kubernetes is suggested.

Automatic updates● CoreOs relies on the automatic update mechanism to keep the operating

system up-to-date.● A dual partition schema is used

○ An update is applied to the secondary partition while the first is not updated. On reboot,

there is a binary swap from the primary to the secondary partition.

○ If there are issues with the new image, CoreOS automatically rolls back to the working

image.

ACI : Application Container Interface● Rocket or rkt (pronounced "rock-it") is a CLI for running app containers on

Linux.● rkt implements the App Container (appc) specification, supports the

Container Networking Interface specification, and can also run Docker images.○ appc is an open specification that defines several aspects of how to run applications in

containers: an image format, runtime environment, and discovery protocol.

● Qauy.io belongs to the CoreOS family and it provides a private image repository which supports Docker and Rkt images.○ It is a competitor of Docker Hub

Microservices architecture and cloud app in a nutshell

Microservices architectures

● From http://martinfowler.com/articles/microservices.html

1. Usually, a monolithic app is divided by functional layers, such as web, business, and data.

2. You scale a monolithic app by cloning it on multiple servers/VMs/containers.

3. A microservice application separates functionality into separate smaller services.

4. This approach scales out by deploying each service independently, creating instances of these services across servers/VMs/containers.

● By default, containers do not persist data!● In this case we should use databases, filesystem on host ( :-( ) or shared (e.g

GlusterFS, NFS,...)● Scaling DBs : e.g. by Galera cluster● Load balancing

○ In order to have a resilient service, we should avoid SPFs. ○ A way to achieve this could be to move your service behind a load balancer.

● Caching● Message Queue● Worker-based system● We should consider that compared to a monolithic architecture it

introduces additional complexity to handle it.

Lab

Setup● https://github.com/amartellone/coreos-vagrant● The project is a “working progress”. Any comment, hints or bug

fixes are welcome.● The lab environment is based on a VM on VirtualBox where a single

CoreOS node is installed.● The lab is tested with VirtualBox (version >= 5.0.1), Vagrant (version

>= 1.8)● If you want to "play" with CoreOS and Docker, please have a look at

https://github.com/amartellone/coreos-vagrant/blob/master/Exercises.md

Extras: JElastic

Elastx

● Elastx is a public cloud provider based in Sweden: http://elastx.com/

● It supports with its infrastructure the live demo○ Elastx offers two public cloud platforms: Jelastic (PaaS) and Openstack

(IaaS ). Both fully are automated and supported by our highly technical staff 24x7.

○ Tier 3 data-centers○ Fully redundant infrastructure○ At least 20Gbps node connectivity○ Storage is built on 100% Solid State Disk!

JelasticJelastic can be deployed on physical nodes (bare metal servers) or VMs hosted on a third party IaaS solutions such as OpenStack, vSphere, AWS, Azure and so on. Each node contains a number of containers managed by the Cluster Orchestator.

The consumption unit (hourly based) is the cloudlets: 128 MB RAM, 200 MHz CPU.

Jelastic is based on Open Virtuozzo Containers for Linux on CentOS.

References● https://support.rackspace.com/white-paper/understanding-the-cloud-computing-stack-saas-paas-

iaas/● http://www.computing.dcu.ie/~cpahl/papers/CCM-2015-Pahl-Containers-PaaS-Cloud.pdf● http://www.computing.dcu.ie/~cpahl/papers/FICloud15-EdgeCloudContainer-Pahl.pdf● https://linuxcontainers.org/lxc/introduction/● https://www.virtualization.info● https://en.wikipedia.org/wiki/UnionFS● https://docs.docker.com/engine/understanding-docker/● https://openvz.org/Main_Page● https://docs.jelastic.com/● https://coreos.com/docs/● https://www.digitalocean.com/community/tutorials/an-introduction-to-coreos-system-components● http://martinfowler.com/articles/microservices.html● https://docs.docker.com/engine/reference/run/● https://azure.microsoft.com/en-us/documentation/articles/service-fabric-overview-microservices/●

Any questions?

ContactsAlessandro Martellone@a_martellonea.martellone@gmail.com