Presentation from the first inaugural CoreOS Meetup in London (http://www.meetup.com/CoreOS-London/)
CoreOS and (The) Edge of TomorrowCoreOS meetup, London13th October, 2014
View Slide
About me…• SysAdmin by trade (10+ years)• Programming language tourist, mostly Go, exploringRust• I blog about Linux containers https://containerops.org/• Twitter: @milosgajdos
Road to CoreOS“What I’m about to tellyou sounds crazy, but youhave to listen to me! Yourvery lives depend on it…”,Cage, Edge of Tomorrow
Road to CoreOSPart 1 - Wake up
Every day felt like the same dayBroken HW, debugging bash scripts….
You got in, picked up your weapons and foughtAlbeit the weapons were Nagios, ssh for loops….
You learnt how to use your weaponsYou became a very skilful soldier
Road to CoreOSPart 2 - Meet Rita
There are smart people who care just like you do.There is hope!
You find out about configuration management, bettertooling and monitoring, continuos delivery etc.
You put together a DevOps team and fight together,hoping some day you won’t have to fight any more….
Road to CoreOSPart 3 - Grenade
With all the infrastructure tooling you build a massiveDevOps ship - surely you’re gonna win now!
But the infrastructures are getting even more complex:You hazz MICROSERVICES now!
Then you discover Docker! Surely this is it!You take it and throw it all over the infrastructure hoping to winonce and for all!
Road to CoreOS Epilogue - Evolution• Robot soldiers -> (Micro)service delivery men• Delivering Applications -> delivering Distributed Platforms• Ultimate evolution: SysAdmin + Devs -> DevOps -> DistOps• ULTIMATE QUESTION:• Have the OS’ evolved ?
OS as a Service
CoreOSOpening credits• Originally based on Chrome OS• Apps as Docker containers• Started with read only /, nowread only ext4 /usr and btrfs /• etcd, systemd, fleet• Automatic updates (inspired byOmaha project)
CoreOSScene 1 - etcd• Distributed k-v store written in Go, • HTTP API (JSON)• SSL optional, ACLs in the future• TTL support• “Watch” support via HTTP long-polling - no push!• etcdctl client• missing proper benchmarkinformation :-(
CoreOSScene 2 - fleet• Distributed init system built on top ofsystemd• It schedules services across the cluster • fleetd service has 2 components: engine and agent• Service lifecycle:create (submit) -> schedule (load) ->run (start) -> remove (destroy)• fleetctl client
CoreOSScene 3 - Updates and security• No package manager \o/ YESSSS! • Dual partition scheme: active (live) andpassive (for updates)• Atomic (no partial upgrade!) andautomatic (not just available!)• signed and verified• updateservicectl to control and testupdate service • SSH key auth only BUT sudo withoutpassword for core user• No SELinux/AppArmor etc., YET
CoreOSClosing credits• Still fairly young project - first stablerelease July 2014 - HUGEPOTENTIAL• Extensive docs but some of theconcepts are not easy to grasp• Few “??”• Security• Backup and Restore• Networking: flannel, WEAVE• Storage: FLOCKER
–Rita, Edge of Tomorrow“Every time you die, you get smarter and you’regonna make sure we will win!”
–Bret Victor“The most dangerous thought you can have asa creative person is to think that you knowwhat you are doing”
gyre007
linedevth
hmatsu47
oracle4engineer
saboyutaka
opelab
kentosuzuki
unclejoe
gl_tsukasa
kenta_hi
edwardkenfox
soracom
holman
jonrohan
chriscoyier
moore
bryan
keavy
scottboms
maggiecrowley
3n
garrettdimon