CoreOS and (The) Edge of Tomorrow

Transcript

1. CoreOS and (The) Edge of Tomorrow CoreOS meetup, London 13th

   October, 2014

2. About me… • SysAdmin by trade (10+ years) • Programming

   language tourist, mostly Go, exploring Rust • I blog about Linux containers https://containerops.org/ • Twitter: @milosgajdos

3. Road to CoreOS “What I’m about to tell you sounds

   crazy, but you have to listen to me! Your very lives depend on it…”, Cage, Edge of Tomorrow

4. Road to CoreOS Part 1 - Wake up

5. Every day felt like the same day Broken HW, debugging

   bash scripts….

6. You got in, picked up your weapons and fought Albeit

   the weapons were Nagios, ssh for loops….

7. You learnt how to use your weapons You became a

   very skilful soldier

8. Road to CoreOS Part 2 - Meet Rita

9. There are smart people who care just like you do.

   There is hope!

10. You find out about configuration management, better tooling and monitoring,

    continuos delivery etc.

11. You put together a DevOps team and fight together, hoping

    some day you won’t have to fight any more….

12. Road to CoreOS Part 3 - Grenade

13. With all the infrastructure tooling you build a massive DevOps

    ship - surely you’re gonna win now!

14. But the infrastructures are getting even more complex: You hazz

    MICROSERVICES now!

15. Then you discover Docker! Surely this is it! You take

    it and throw it all over the infrastructure hoping to win once and for all!

16. Road to CoreOS
 Epilogue - Evolution • Robot soldiers ->

    
 (Micro)service delivery men • Delivering Applications -> 
 delivering Distributed Platforms • Ultimate evolution:
 SysAdmin + Devs -> DevOps -> DistOps • ULTIMATE QUESTION: • Have the OS’ evolved ?

17. OS as a Service

18. CoreOS Opening credits • Originally based on Chrome OS •

    Apps as Docker containers • Started with read only /, now read only ext4 /usr and btrfs / • etcd, systemd, fleet • Automatic updates (inspired by Omaha project)

19. CoreOS Scene 1 - etcd • Distributed k-v store written

    in Go, • HTTP API (JSON) • SSL optional, ACLs in the future • TTL support • “Watch” support via HTTP long- polling - no push! • etcdctl client • missing proper benchmark information :-(

20. CoreOS Scene 2 - fleet • Distributed init system built

    on top of systemd • It schedules services across the cluster • fleetd service has 2 components: 
 engine and agent • Service lifecycle: create (submit) -> schedule (load) ->run (start) -> remove (destroy) • fleetctl client

21. CoreOS Scene 3 - Updates and security • No package

    manager \o/ YESSSS! • Dual partition scheme: active (live) and passive (for updates) • Atomic (no partial upgrade!) and automatic (not just available!) • signed and verified • updateservicectl to control and test update service • SSH key auth only BUT sudo without password for core user • No SELinux/AppArmor etc., YET

22. CoreOS Closing credits • Still fairly young project - first

    stable release July 2014 - HUGE POTENTIAL • Extensive docs but some of the concepts are not easy to grasp • Few “??” • Security • Backup and Restore • Networking: flannel, WEAVE • Storage: FLOCKER

23. –Rita, Edge of Tomorrow “Every time you die, you get

    smarter and you’re gonna make sure we will win!”

24. –Bret Victor “The most dangerous thought you can have as

    a creative person is to think that you know what you are doing”