Operations without the Operating System

Slide 1

Slide 1 text

Operations without the Operating System Puppet Labs Gareth Rushgrove Ops People and Future Technology

Slide 2

Slide 2 text

Gareth Rushgrove @garethr

Slide 3

Slide 3 text

Gareth Rushgrove

Slide 4

Slide 4 text

First, some quotes

Slide 5

Slide 5 text

These systems had never been designed with security in mind and now were becoming hugely complex Gareth Rushgrove

Slide 6

Slide 6 text

The dense complexity and increasing length of computer code as computers where asked to do more and more would make malicious code increasingly hard to ﬁnd Gareth Rushgrove

Slide 7

Slide 7 text

Written in 2014 Gareth Rushgrove

Slide 8

Slide 8 text

Not about Heartbleed Gareth Rushgrove

Slide 9

Slide 9 text

In a history book about the 1970s Gareth Rushgrove Intercept: The Secret History of Computers and Spies by Gordon Corera. Speciﬁcally about the Anderson Report, 1972

Slide 10

Slide 10 text

This talk

Slide 11

Slide 11 text

Lots of new operating systems have appeared in the last year Gareth Rushgrove

Slide 12

Slide 12 text

Speculation Klaxon

Slide 13

Slide 13 text

The age of the general purpose operating system is over Gareth Rushgrove

Slide 14

Slide 14 text

What does that mean for operators? Gareth Rushgrove

Slide 15

Slide 15 text

A New Breed of OS Smaller, faster, more productive?

Slide 16

Slide 16 text

What server operating systems are you running? Gareth Rushgrove

Slide 17

Slide 17 text

Gareth Rushgrove I’m guessing most people said:

Slide 18

Slide 18 text

Gareth Rushgrove Someone will try and be smart and say:

Slide 19

Slide 19 text

Gareth Rushgrove And someone will hide the fact they’re running:

Slide 20

Slide 20 text

But elsewhere on the internet… Gareth Rushgrove

Slide 21

Slide 21 text

Gareth Rushgrove From RedHat, uses RPM-OSTree under the hood

Slide 22

Slide 22 text

Gareth Rushgrove Built-in service-discovery and clustering support

Slide 23

Slide 23 text

Gareth Rushgrove Snappy from Ubuntu, basically replaces apt-get with containers

Slide 24

Slide 24 text

Gareth Rushgrove Docker running on Docker running as PID 1

Slide 25

Slide 25 text

Gareth Rushgrove Nano is a tiny alternative to Windows Server 6

Slide 26

Slide 26 text

Gareth Rushgrove Bonneville provides containers that are really virtual machines

Slide 27

Slide 27 text

Gareth Rushgrove Clear Linux provides hardware isolation guarantees to containers

Slide 28

Slide 28 text

Common themes Gareth Rushgrove

Slide 29

Slide 29 text

Cluster native Read-only ﬁle systems Transactional updates Integrated with containers Gareth Rushgrove

Slide 30

Slide 30 text

We’ve seen some of this story before Gareth Rushgrove

Slide 31

Slide 31 text

Gareth Rushgrove

Slide 32

Slide 32 text

ESXi, XenServer Gareth Rushgrove

Slide 33

Slide 33 text

Gareth Rushgrove

Slide 34

Slide 34 text

What plays out the same and what different is interesting Gareth Rushgrove Note, everyone wants to be the VMware of containers

Slide 35

Slide 35 text

Why The Interest in New Operating Systems And why now?

Slide 36

Slide 36 text

Lots of homogeneous workloads Gareth Rushgrove

Slide 37

Slide 37 text

Security is front page news Gareth Rushgrove

Slide 38

Slide 38 text

I just want somewhere to run my containers Gareth Rushgrove

Slide 39

Slide 39 text

Size as a proxy for complexity Gareth Rushgrove Can you name the 184 default packages in Ubuntu?

Slide 40

Slide 40 text

Utilisation matters Gareth Rushgrove Only to large organisations who pay for software mind

Slide 41

Slide 41 text

Increasingly interacting with higher level abstractions anyway Gareth Rushgrove Mesos, Kubernetes, Cloud Foundry

Slide 42

Slide 42 text

Piling up Abstractions A brief history of infrastructure

Slide 43

Slide 43 text

Gareth Rushgrove Operating system Hardware Application Once upon a time…

Slide 44

Slide 44 text

Gareth Rushgrove Operating system Hardware Runtime Application But your application might need a runtime so lets add that

Slide 45

Slide 45 text

Gareth Rushgrove Operating system Hardware Runtime Application Application Application Application Application Application Runtime But hardware is expensive so lets run multiple applications

Slide 46

Slide 46 text

Gareth Rushgrove Operating system Hypervisor Hardware Runtime Application Applications need isolating so lets use virtualisation

Slide 47

Slide 47 text

Gareth Rushgrove Operating system Hypervisor Hardware Runtime Application Operating system Runtime Application Operating system Runtime Application Run multiple virtual machines! Each with there own copy of the OS

Slide 48

Slide 48 text

Gareth Rushgrove Operating system Hypervisor Hardware Runtime Application Operating system Runtime Application Application Application Application But the overhead of virtualisation is expensive so run multiple apps per VM

Slide 49

Slide 49 text

Gareth Rushgrove Operating system Hypervisor Hardware Container Operating system Runtime Application Container runtime I heard you like containers

Slide 50

Slide 50 text

Gareth Rushgrove Operating system Hypervisor Hardware Container A different OS Runtime Application Container runtime Container Operating system Runtime Application Container Even more OS Runtime Application

Slide 51

Slide 51 text

Hypervisor Hardware Gareth Rushgrove Operating system Container Static binary Container runtime Container Static binary Container Static binary Cool folks use static binaries and scratch containers

Slide 52

Slide 52 text

Gareth Rushgrove Operating system Hardware Container Static binary Container runtime Container Static binary Container Static binary Don’t need virtualisation isolation guarantees?

Slide 53

Slide 53 text

Unikernels A library operating system

Slide 54

Slide 54 text

What if there is no OS above the hypervisor? Gareth Rushgrove

Slide 55

Slide 55 text

Gareth Rushgrove

Slide 56

Slide 56 text

Gareth Rushgrove Unikernel Hypervisor Hardware Unikernels compile your application to a kernel, which can run on a hypervisor

Slide 57

Slide 57 text

Compile your application into a Kernel Gareth Rushgrove No userspace

Slide 58

Slide 58 text

Only include the capabilities/ libraries you need Gareth Rushgrove No bash/ssh/sh/apt unless you explicitly include it

Slide 59

Slide 59 text

Hypervisor/hardware isolation Smaller attack surface area Running less code Enforced immutability No default remote access Gareth Rushgrove

Slide 60

Slide 60 text

The promise of containers, but without needing to pretend the intermediary OS doesn’t exist Gareth Rushgrove

Slide 61

Slide 61 text

Gareth Rushgrove MirageOS

Slide 62

Slide 62 text

Gareth Rushgrove HaLVM

Slide 63

Slide 63 text

Gareth Rushgrove Rump Kernel

Slide 64

Slide 64 text

Gareth Rushgrove LING

Slide 65

Slide 65 text

Gareth Rushgrove

Slide 66

Slide 66 text

Gareth Rushgrove

Slide 67

Slide 67 text

What Happens to Operators? Technical operators anyway, service management folks are safe for now

Slide 68

Slide 68 text

Hypervisor as the platform Gareth Rushgrove 1

Slide 69

Slide 69 text

Separate team running a hypervisor as a service Gareth Rushgrove

Slide 70

Slide 70 text

Separate team company running a hypervisor as a service Gareth Rushgrove

Slide 71

Slide 71 text

How many AWS users are Xen experts? Gareth Rushgrove

Slide 72

Slide 72 text

It happened with Type 1 hypervisors, I posit it will happen for Type 2 as well Gareth Rushgrove

Slide 73

Slide 73 text

Everything else as an application Gareth Rushgrove 2

Slide 74

Slide 74 text

Firewalls as an application Gareth Rushgrove

Slide 75

Slide 75 text

Proxies as an application Gareth Rushgrove

Slide 76

Slide 76 text

Network switches as an application Gareth Rushgrove

Slide 77

Slide 77 text

Intrusion detection as an application Gareth Rushgrove

Slide 78

Slide 78 text

Remote shell as an application Gareth Rushgrove

Slide 79

Slide 79 text

Everyone not running the hypervisor is an application developer Gareth Rushgrove

Slide 80

Slide 80 text

Standards, standards and defacto standards Gareth Rushgrove 3

Slide 81

Slide 81 text

We need to start agreeing Gareth Rushgrove I don’t have time here for a rant about the contributors dilemma, initiation bias and how prototypes never die on GitHub

Slide 82

Slide 82 text

Platforms Gareth Rushgrove

Slide 83

Slide 83 text

Containers Gareth Rushgrove

Slide 84

Slide 84 text

Monitoring Gareth Rushgrove ?

Slide 85

Slide 85 text

Gareth Rushgrove StatsD

Slide 86

Slide 86 text

Gareth Rushgrove Metrics 2.0

Slide 87

Slide 87 text

Publish more schemas and fewer incompatible duplicate implementations Gareth Rushgrove We can get to actual Standards after some agreement

Slide 88

Slide 88 text

Infrastructure is code Gareth Rushgrove 4

Slide 89

Slide 89 text

Infrastructure as algorithms Gareth Rushgrove

Slide 90

Slide 90 text

Schedulers Gareth Rushgrove

Slide 91

Slide 91 text

Back pressure Gareth Rushgrove

Slide 92

Slide 92 text

Autoscaling Gareth Rushgrove

Slide 93

Slide 93 text

Composition/conﬁguration Gareth Rushgrove

Slide 94

Slide 94 text

Conﬁguration with static data won’t be enough Gareth Rushgrove

Slide 95

Slide 95 text

Learn to programme. This time we mean it Gareth Rushgrove If you want this future we need to build it. Probably with static types and safer programming languages

Slide 96

Slide 96 text

Revolution not evolution Gareth Rushgrove 5

Slide 97

Slide 97 text

The distance between old infrastructure and new will be huge Gareth Rushgrove

Slide 98

Slide 98 text

Moving between the paradigms will be bigger than moving between Linux and Windows today Gareth Rushgrove

Slide 99

Slide 99 text

Not about tools. About models of interaction and the skills required to operate Gareth Rushgrove

Slide 100

Slide 100 text

We either ﬁx our tech, or the security challenge will result in laws and policy that try and ﬁx it for us Gareth Rushgrove I remember when it was legal to run software I wrote myself without cyber insurance. Ah, happy days.

Slide 101

Slide 101 text

Gareth Rushgrove Remember. Blade Runner is a movie about the Government running around ﬁxing bugs in software

Slide 102

Slide 102 text

Conclusions If all you remember from this talk is…

Slide 103

Slide 103 text

We still have fundamental problems that date back 40 years Gareth Rushgrove

Slide 104

Slide 104 text

We can build better infrastructure Gareth Rushgrove

Slide 105

Slide 105 text

Doing so might mean going down different evolutionary paths Gareth Rushgrove

Slide 106

Slide 106 text

We know many of the patterns we want, but we’re mainly working backwards Gareth Rushgrove Stripping down our current operating systems isn’t sufﬁcient

Slide 107

Slide 107 text

This means throwing away things we care about Gareth Rushgrove What would you say if I said we don’t need Linux for the general case

Slide 108

Slide 108 text

Collaborate on hard problems, rather than marvelling about how easy it is to build your own Docker PaaS Gareth Rushgrove

Slide 109

Slide 109 text

Questions? And thanks for listening