Using Unikernels in Production Today

Transcript

1. Using Unikernels in Production Today SCALE 15X github.com/deferpanic/virgo

2. “Unikernels are not here now”

3. “Unikernels are not ready for Production”

4. Have you booted a unikernel?

5. NO

6. Have you compiled a unikernel?

7. NO

8. Do You Even Engineer?

9. NO

10. linux conference?

11. None

12. Whose Using Unikernels?

13. None
14. None
15. None
16. None
17. None
18. None

19. many other companies than I can (and can’t) list…. Star

    Lab IncludeOS Galois Cloudozer

20. A WhirlWind Tour of Debugging

21. None
22. None
23. None

24. gdb

25. None
26. None
27. None

28. Lets Talk Security

29. None

30. Spoken at numerous security conventions since 2000.

31. Worked for Multiple Security Companies

32. Got In Trouble As A Teenager for Defacing Websites

33. No Shell? No Shellcode?

34. If you can’t pop shell then mass hacking is not

    easy

35. if you can’t mass hack how do you build a

    botnet?

36. Some Stuff You Might’ve Missed

37. Can you spin up 1000 VMs and spin them down

    again in a matter of minutes?
38. None
39. None
40. None
41. None
42. None

43. Dan Williams is working on integrating solo5 w/ native OSX

    hypervisor API

44. Real Life Suckery

45. None

46. 9.5.3

47. /* comment out everything */ step 1

48. elog(LOG, "before backend"); step 2

49. pid_t pid = fork(); step 3

50. err = pthread_create(&(tid[i]), NULL, &doSomeThing, NULL); step 4

51. PostMaster Setups Shared Memory

52. shared memory semaphores shared libraries multiple processes signals forking -->

    threads (IPC) inter process communication System V IPC

53. None of this makes sense for a single process and

    single address space system.

54. Other Systems that Don’t Fork() ?

55. None

56. internal_forkexec backend_forkexec

57. Code Dumpster Diving Due to backward compatibility concerns the replication

    parameter is a hybrid beast which allows the value to be either boolean or the string 'database'. https://github.com/postgres/postgres/blob/ 19dc233c32f2900e57b8da4f41c0f662ab42e080/src/backend/ postmaster/postmaster.c#L2081-L2084

58. S S L

59. None

60. What's a hacker to do?

61. That’s right, Hack

62. Let’s Build Something

63. github.com/ deferpanic/ virgo

64. None
65. None
66. None
67. None

68. Level 1 Dependencies

69. Level 2 Dependencies

70. Level 3 (env) Dependencies

71. Compilation

72. http://downloads.sourceforge.net/ tuntaposx/tuntap_20150118.tar.gz sudo kextstat | grep tap tuntap

73. pfctl nat on en0 from tap1:network to any -> (en0)

74. None

75. ugly panda bear

76. None

77. Public Cloud?

78. 1G volume?

79. Hell No

80. No L2 Networking?

81. That Sucks

82. resource aware scheduling? 4 cores 32G 4 cores 8G 2

    cores 8G 2 cores 8G 2 cores 16G 4 cores 8G 2 cores 8G host 1 host N

83. nope

84. share similar problems/benefits with containers

85. share similar problems/ benefits with VMs

86. workflows

87. configuration management

88. None

89. volume deploy workflow

90. mount base volume

91. None

92. database migration workflow

93. None

94. should we be calling unikernels something different?

95. what will you build?

96. example 1 STATIC HTML

97. example 2 RUBY/RAILS

98. example 3 FS Explorer