Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Operations without the Operating System

Gareth Rushgrove
September 25, 2015
Technology
17
2.7k

Operations without the Operating System

Talk from the Operability conference in London about fundamental problems with the evolution of infrastructure, and how new operating systems and unikernels might provide a solutions.

Some truth and lots of speculation about the future of operations.

Gareth Rushgrove

September 25, 2015
Tweet

More Decks by Gareth Rushgrove

See All by Gareth Rushgrove
GTM vs Open Source
garethr
0
600
Software Build of Materials For Cloud Native applications
garethr
1
310
Evolving vulnerabilities in CycloneDX
garethr
0
230
Configuration security is a developer problem
garethr
2
1.8k
Patterns for secure container base image management
garethr
1
1.7k
Testing configuration with Open Policy Agent
garethr
0
430
Building a Docker Image Packaging Pipeline Using GitHub Actions
garethr
5
1.7k
The perils of configuration security
garethr
1
170
Shifting Terraform security left
garethr
3
1.4k

Other Decks in Technology

See All in Technology
GitHub最新情報キャッチアップ 2023年6月
dzeyelid
1
230
dx_osarai_about_connection
hatahata021
0
450
AWS Direct Connectと愉快なGWたちのおさらい
minorun365
5
1.2k
金融系子会社でレガシーシステムしか作ったことないけど、モダン開発に挑戦してみた
marikashiotsuki
1
140
新リリース:microCMSテンプレート
microcms
1
830
複雑になったマイクロサービスを どう管理するか/how-to-manage-increasingly-complex-microservices
policemankh
0
280
分散トレーシングとOpenTelemetryのススメ 超入門編
k6s4i53rx
4
890
k6による負荷試験 入門から実践まで
fujiwara3
3
1.3k
Microsoft Build 2023 Azure AI&ML 最新アップデート
shohei1029
2
330
Princess APIのAPIクライアントをTypeScriptで作ってnpmで公開してみた
ohmori_yusuke
1
580
OCI Data Integration技術情報 / ocidi_technical_jp
oracle4engineer
PRO
0
460
JUnitテストをCI環境で並列で実行する方法とその速度, スケーラビリティ
nabedge
4
290

Featured

See All Featured
GraphQLの誤解/rethinking-graphql
sonatard
41
8.3k
Faster Mobile Websites
deanohume
296
29k
Designing with Data
zakiwarfel
92
4.3k
Robots, Beer and Maslow
schacon
154
7.5k
Rails Girls Zürich Keynote
gr2m
89
12k
Done Done
chrislema
178
15k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
350
28k
Large-scale JavaScript Application Architecture
addyosmani
500
110k
Three Pipe Problems
jasonvnalue
89
9.1k
Keith and Marios Guide to Fast Websites
keithpitt
407
21k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
0
1.5k

Transcript

  1. Operations without the
    Operating System
    Puppet Labs
    Gareth Rushgrove
    Ops People and Future Technology

    View Slide

  2. Gareth Rushgrove
    @garethr

    View Slide

  3. Gareth Rushgrove

    View Slide

  4. First, some quotes

    View Slide

  5. These systems had never
    been designed with security in
    mind and now were becoming
    hugely complex
    Gareth Rushgrove

    View Slide

  6. The dense complexity and
    increasing length of computer
    code as computers where asked
    to do more and more would make
    malicious code increasingly hard
    to find
    Gareth Rushgrove

    View Slide

  7. Written in 2014
    Gareth Rushgrove

    View Slide

  8. Not about Heartbleed
    Gareth Rushgrove

    View Slide

  9. In a history book about the 1970s
    Gareth Rushgrove
    Intercept: The Secret History of Computers and Spies
    by Gordon Corera. Specifically about the Anderson Report, 1972

    View Slide

  10. This talk

    View Slide

  11. Lots of new operating systems
    have appeared in the last year
    Gareth Rushgrove

    View Slide

  12. Speculation Klaxon

    View Slide

  13. The age of the general purpose
    operating system is over
    Gareth Rushgrove

    View Slide

  14. What does that mean for
    operators?
    Gareth Rushgrove

    View Slide

  15. A New Breed of OS
    Smaller, faster, more productive?

    View Slide

  16. What server operating systems
    are you running?
    Gareth Rushgrove

    View Slide

  17. Gareth Rushgrove
    I’m guessing most people said:

    View Slide

  18. Gareth Rushgrove
    Someone will try and be smart and say:

    View Slide

  19. Gareth Rushgrove
    And someone will hide the fact they’re running:

    View Slide

  20. But elsewhere on the internet…
    Gareth Rushgrove

    View Slide

  21. Gareth Rushgrove
    From RedHat, uses
    RPM-OSTree under
    the hood

    View Slide

  22. Gareth Rushgrove
    Built-in service-discovery
    and clustering support

    View Slide

  23. Gareth Rushgrove
    Snappy from Ubuntu,
    basically replaces apt-get
    with containers

    View Slide

  24. Gareth Rushgrove
    Docker running on
    Docker running as PID 1

    View Slide

  25. Gareth Rushgrove
    Nano is a tiny alternative
    to Windows Server
    6

    View Slide

  26. Gareth Rushgrove
    Bonneville provides
    containers that are really
    virtual machines

    View Slide

  27. Gareth Rushgrove
    Clear Linux provides
    hardware isolation
    guarantees to containers

    View Slide

  28. Common themes
    Gareth Rushgrove

    View Slide

  29. Cluster native
    Read-only file systems
    Transactional updates
    Integrated with containers
    Gareth Rushgrove

    View Slide

  30. We’ve seen some of this
    story before
    Gareth Rushgrove

    View Slide

  31. Gareth Rushgrove

    View Slide

  32. ESXi, XenServer
    Gareth Rushgrove

    View Slide

  33. Gareth Rushgrove

    View Slide

  34. What plays out the same
    and what different is
    interesting
    Gareth Rushgrove
    Note, everyone wants to be the VMware of containers

    View Slide

  35. Why The Interest in New
    Operating Systems
    And why now?

    View Slide

  36. Lots of homogeneous workloads
    Gareth Rushgrove

    View Slide

  37. Security is front page news
    Gareth Rushgrove

    View Slide

  38. I just want somewhere to run my
    containers
    Gareth Rushgrove

    View Slide

  39. Size as a proxy for complexity
    Gareth Rushgrove
    Can you name the 184 default packages in Ubuntu?

    View Slide

  40. Utilisation matters
    Gareth Rushgrove
    Only to large organisations who pay for software mind

    View Slide

  41. Increasingly interacting with
    higher level abstractions anyway
    Gareth Rushgrove
    Mesos, Kubernetes, Cloud Foundry

    View Slide

  42. Piling up Abstractions
    A brief history of infrastructure

    View Slide

  43. Gareth Rushgrove
    Operating system
    Hardware
    Application
    Once upon a time…

    View Slide

  44. Gareth Rushgrove
    Operating system
    Hardware
    Runtime
    Application
    But your application might
    need a runtime so lets
    add that

    View Slide

  45. Gareth Rushgrove
    Operating system
    Hardware
    Runtime
    Application
    Application Application
    Application
    Application Application
    Runtime
    But hardware is
    expensive so lets run
    multiple applications

    View Slide

  46. Gareth Rushgrove
    Operating system
    Hypervisor
    Hardware
    Runtime
    Application
    Applications need
    isolating so lets use
    virtualisation

    View Slide

  47. Gareth Rushgrove
    Operating system
    Hypervisor
    Hardware
    Runtime
    Application
    Operating system
    Runtime
    Application
    Operating system
    Runtime
    Application
    Run multiple virtual
    machines! Each with
    there own copy of the OS

    View Slide

  48. Gareth Rushgrove
    Operating system
    Hypervisor
    Hardware
    Runtime
    Application
    Operating system
    Runtime
    Application Application
    Application Application
    But the overhead of
    virtualisation is expensive
    so run multiple apps per VM

    View Slide

  49. Gareth Rushgrove
    Operating system
    Hypervisor
    Hardware
    Container
    Operating system
    Runtime
    Application
    Container runtime
    I heard you like
    containers

    View Slide

  50. Gareth Rushgrove
    Operating system
    Hypervisor
    Hardware
    Container
    A different OS
    Runtime
    Application
    Container runtime
    Container
    Operating system
    Runtime
    Application
    Container
    Even more OS
    Runtime
    Application

    View Slide

  51. Hypervisor
    Hardware
    Gareth Rushgrove
    Operating system
    Container
    Static binary
    Container runtime
    Container
    Static binary
    Container
    Static binary
    Cool folks use static
    binaries and scratch
    containers

    View Slide

  52. Gareth Rushgrove
    Operating system
    Hardware
    Container
    Static binary
    Container runtime
    Container
    Static binary
    Container
    Static binary
    Don’t need
    virtualisation isolation
    guarantees?

    View Slide

  53. Unikernels
    A library operating system

    View Slide

  54. What if there is no OS
    above the hypervisor?
    Gareth Rushgrove

    View Slide

  55. Gareth Rushgrove

    View Slide

  56. Gareth Rushgrove
    Unikernel
    Hypervisor
    Hardware
    Unikernels compile your
    application to a kernel, which
    can run on a hypervisor

    View Slide

  57. Compile your application
    into a Kernel
    Gareth Rushgrove
    No userspace

    View Slide

  58. Only include the capabilities/
    libraries you need
    Gareth Rushgrove
    No bash/ssh/sh/apt unless you explicitly include it

    View Slide

  59. Hypervisor/hardware isolation
    Smaller attack surface area
    Running less code
    Enforced immutability
    No default remote access
    Gareth Rushgrove

    View Slide

  60. The promise of containers, but
    without needing to pretend the
    intermediary OS doesn’t exist
    Gareth Rushgrove

    View Slide

  61. Gareth Rushgrove
    MirageOS

    View Slide

  62. Gareth Rushgrove
    HaLVM

    View Slide

  63. Gareth Rushgrove
    Rump Kernel

    View Slide

  64. Gareth Rushgrove
    LING

    View Slide

  65. Gareth Rushgrove

    View Slide

  66. Gareth Rushgrove

    View Slide

  67. What Happens to
    Operators?
    Technical operators anyway, service

    management folks are safe for now

    View Slide

  68. Hypervisor as the platform
    Gareth Rushgrove
    1

    View Slide

  69. Separate team running a
    hypervisor as a service
    Gareth Rushgrove

    View Slide

  70. Separate team company
    running a hypervisor as a
    service
    Gareth Rushgrove

    View Slide

  71. How many AWS users are
    Xen experts?
    Gareth Rushgrove

    View Slide

  72. It happened with Type 1
    hypervisors, I posit it will
    happen for Type 2 as well
    Gareth Rushgrove

    View Slide

  73. Everything else as an application
    Gareth Rushgrove
    2

    View Slide

  74. Firewalls as an application
    Gareth Rushgrove

    View Slide

  75. Proxies as an application
    Gareth Rushgrove

    View Slide

  76. Network switches as an application
    Gareth Rushgrove

    View Slide

  77. Intrusion detection as an
    application
    Gareth Rushgrove

    View Slide

  78. Remote shell as an application
    Gareth Rushgrove

    View Slide

  79. Everyone not running
    the hypervisor is an
    application developer
    Gareth Rushgrove

    View Slide

  80. Standards, standards and
    defacto standards
    Gareth Rushgrove
    3

    View Slide

  81. We need to start agreeing
    Gareth Rushgrove
    I don’t have time here for a rant about the contributors dilemma,
    initiation bias and how prototypes never die on GitHub

    View Slide

  82. Platforms
    Gareth Rushgrove

    View Slide

  83. Containers
    Gareth Rushgrove

    View Slide

  84. Monitoring
    Gareth Rushgrove
    ?

    View Slide

  85. Gareth Rushgrove
    StatsD

    View Slide

  86. Gareth Rushgrove
    Metrics 2.0

    View Slide

  87. Publish more schemas and fewer
    incompatible duplicate
    implementations
    Gareth Rushgrove
    We can get to actual Standards after some agreement

    View Slide

  88. Infrastructure is code
    Gareth Rushgrove
    4

    View Slide

  89. Infrastructure as algorithms
    Gareth Rushgrove

    View Slide

  90. Schedulers
    Gareth Rushgrove

    View Slide

  91. Back pressure
    Gareth Rushgrove

    View Slide

  92. Autoscaling
    Gareth Rushgrove

    View Slide

  93. Composition/configuration
    Gareth Rushgrove

    View Slide

  94. Configuration with static data
    won’t be enough
    Gareth Rushgrove

    View Slide

  95. Learn to programme. This time
    we mean it
    Gareth Rushgrove
    If you want this future we need to build it. Probably with
    static types and safer programming languages

    View Slide

  96. Revolution not evolution
    Gareth Rushgrove
    5

    View Slide

  97. The distance between old
    infrastructure and new will
    be huge
    Gareth Rushgrove

    View Slide

  98. Moving between the paradigms
    will be bigger than moving
    between Linux and Windows
    today
    Gareth Rushgrove

    View Slide

  99. Not about tools. About models of
    interaction and the skills required
    to operate
    Gareth Rushgrove

    View Slide

  100. We either fix our tech, or the
    security challenge will result in
    laws and policy that try and fix
    it for us
    Gareth Rushgrove
    I remember when it was legal to run software I wrote myself
    without cyber insurance. Ah, happy days.

    View Slide

  101. Gareth Rushgrove
    Remember. Blade
    Runner is a movie about
    the Government running
    around fixing bugs in
    software

    View Slide

  102. Conclusions
    If all you remember from this talk is…

    View Slide

  103. We still have fundamental
    problems that date back 40 years
    Gareth Rushgrove

    View Slide

  104. We can build better infrastructure
    Gareth Rushgrove

    View Slide

  105. Doing so might mean going down
    different evolutionary paths
    Gareth Rushgrove

    View Slide

  106. We know many of the patterns
    we want, but we’re mainly
    working backwards
    Gareth Rushgrove
    Stripping down our current operating systems isn’t sufficient

    View Slide

  107. This means throwing away things
    we care about
    Gareth Rushgrove
    What would you say if I said we don’t need Linux for the general case

    View Slide

  108. Collaborate on hard problems,
    rather than marvelling about how
    easy it is to build your own
    Docker PaaS
    Gareth Rushgrove

    View Slide

  109. Questions?
    And thanks for listening

    View Slide