Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Using Unikernels in Production Today

Using Unikernels in Production Today

A talk given at Scale15X in Pasadena, CA - Using Unikernel In Production Today not only dispels rumors surrounding {debugging, security, etc.} but shows the attendee how they can start using the ecosystem immediately.

Unikernels are being ran in production environments today not just by startups but by large companies. In this talk we'll show how your company can get started in this ecosystem with your existing software.

Unikernels offer tremendous promise but also many challenges exist as most workflows need to change to fully utilize them. Simple tasks such as testing become challenging as old world workflows don't work anymore. Even things such as migrating databases or deploying new code require new tools as simple utilites such as a shell don't exist. Changing workflows means changing tooling so we'll go into a deep dive of the different toolsets and frameworks available today for developing, testing and deploying unikernels.

B3860e5f7d69df921650d2263ea047fd?s=128

Ian Eyberg

March 06, 2017
Tweet

Transcript

  1. Using Unikernels in Production Today SCALE 15X github.com/deferpanic/virgo

  2. “Unikernels are not here now”

  3. “Unikernels are not ready for Production”

  4. Have you booted a unikernel?

  5. NO

  6. Have you compiled a unikernel?

  7. NO

  8. Do You Even Engineer?

  9. NO

  10. linux conference?

  11. None
  12. Whose Using Unikernels?

  13. None
  14. None
  15. None
  16. None
  17. None
  18. None
  19. many other companies than I can (and can’t) list…. Star

    Lab IncludeOS Galois Cloudozer
  20. A WhirlWind Tour of Debugging

  21. None
  22. None
  23. None
  24. gdb

  25. None
  26. None
  27. None
  28. Lets Talk Security

  29. None
  30. Spoken at numerous security conventions since 2000.

  31. Worked for Multiple Security Companies

  32. Got In Trouble As A Teenager for Defacing Websites

  33. No Shell? No Shellcode?

  34. If you can’t pop shell then mass hacking is not

    easy
  35. if you can’t mass hack how do you build a

    botnet?
  36. Some Stuff You Might’ve Missed

  37. Can you spin up 1000 VMs and spin them down

    again in a matter of minutes?
  38. None
  39. None
  40. None
  41. None
  42. None
  43. Dan Williams is working on integrating solo5 w/ native OSX

    hypervisor API
  44. Real Life Suckery

  45. None
  46. 9.5.3

  47. /* comment out everything */ step 1

  48. elog(LOG, "before backend"); step 2

  49. pid_t pid = fork(); step 3

  50. err = pthread_create(&(tid[i]), NULL, &doSomeThing, NULL); step 4

  51. PostMaster Setups Shared Memory

  52. shared memory semaphores shared libraries multiple processes signals forking -->

    threads (IPC) inter process communication System V IPC
  53. None of this makes sense for a single process and

    single address space system.
  54. Other Systems that Don’t Fork() ?

  55. None
  56. internal_forkexec backend_forkexec

  57. Code Dumpster Diving Due to backward compatibility concerns the replication

    parameter is a hybrid beast which allows the value to be either boolean or the string 'database'. https://github.com/postgres/postgres/blob/ 19dc233c32f2900e57b8da4f41c0f662ab42e080/src/backend/ postmaster/postmaster.c#L2081-L2084
  58. S S L

  59. None
  60. What's a hacker to do?

  61. That’s right, Hack

  62. Let’s Build Something

  63. github.com/ deferpanic/ virgo

  64. None
  65. None
  66. None
  67. None
  68. Level 1 Dependencies

  69. Level 2 Dependencies

  70. Level 3 (env) Dependencies

  71. Compilation

  72. http://downloads.sourceforge.net/ tuntaposx/tuntap_20150118.tar.gz sudo kextstat | grep tap tuntap

  73. pfctl nat on en0 from tap1:network to any -> (en0)

  74. None
  75. ugly panda bear

  76. None
  77. Public Cloud?

  78. 1G volume?

  79. Hell No

  80. No L2 Networking?

  81. That Sucks

  82. resource aware scheduling? 4 cores 32G 4 cores 8G 2

    cores 8G 2 cores 8G 2 cores 16G 4 cores 8G 2 cores 8G host 1 host N
  83. nope

  84. share similar problems/benefits with containers

  85. share similar problems/ benefits with VMs

  86. workflows

  87. configuration management

  88. None
  89. volume deploy workflow

  90. mount base volume

  91. None
  92. database migration workflow

  93. None
  94. should we be calling unikernels something different?

  95. what will you build?

  96. example 1 STATIC HTML

  97. example 2 RUBY/RAILS

  98. example 3 FS Explorer