Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CoreOS and (The) Edge of Tomorrow

CoreOS and (The) Edge of Tomorrow

Presentation from the first inaugural CoreOS Meetup in London (http://www.meetup.com/CoreOS-London/)

Milos Gajdos

October 13, 2014
Tweet

More Decks by Milos Gajdos

Other Decks in Technology

Transcript

  1. About me… • SysAdmin by trade (10+ years) • Programming

    language tourist, mostly Go, exploring Rust • I blog about Linux containers https://containerops.org/ • Twitter: @milosgajdos
  2. Road to CoreOS “What I’m about to tell you sounds

    crazy, but you have to listen to me! Your very lives depend on it…”, Cage, Edge of Tomorrow
  3. You got in, picked up your weapons and fought Albeit

    the weapons were Nagios, ssh for loops….
  4. You put together a DevOps team and fight together, hoping

    some day you won’t have to fight any more….
  5. Then you discover Docker! Surely this is it! You take

    it and throw it all over the infrastructure hoping to win once and for all!
  6. Road to CoreOS
 Epilogue - Evolution • Robot soldiers ->

    
 (Micro)service delivery men • Delivering Applications -> 
 delivering Distributed Platforms • Ultimate evolution:
 SysAdmin + Devs -> DevOps -> DistOps • ULTIMATE QUESTION: • Have the OS’ evolved ?
  7. CoreOS Opening credits • Originally based on Chrome OS •

    Apps as Docker containers • Started with read only /, now read only ext4 /usr and btrfs / • etcd, systemd, fleet • Automatic updates (inspired by Omaha project)
  8. CoreOS Scene 1 - etcd • Distributed k-v store written

    in Go, • HTTP API (JSON) • SSL optional, ACLs in the future • TTL support • “Watch” support via HTTP long- polling - no push! • etcdctl client • missing proper benchmark information :-(
  9. CoreOS Scene 2 - fleet • Distributed init system built

    on top of systemd • It schedules services across the cluster • fleetd service has 2 components: 
 engine and agent • Service lifecycle: create (submit) -> schedule (load) ->run (start) -> remove (destroy) • fleetctl client
  10. CoreOS Scene 3 - Updates and security • No package

    manager \o/ YESSSS! • Dual partition scheme: active (live) and passive (for updates) • Atomic (no partial upgrade!) and automatic (not just available!) • signed and verified • updateservicectl to control and test update service • SSH key auth only BUT sudo without password for core user • No SELinux/AppArmor etc., YET
  11. CoreOS Closing credits • Still fairly young project - first

    stable release July 2014 - HUGE POTENTIAL • Extensive docs but some of the concepts are not easy to grasp • Few “??” • Security • Backup and Restore • Networking: flannel, WEAVE • Storage: FLOCKER
  12. –Rita, Edge of Tomorrow “Every time you die, you get

    smarter and you’re gonna make sure we will win!”
  13. –Bret Victor “The most dangerous thought you can have as

    a creative person is to think that you know what you are doing”