About Me ? ● System Administrator at PagerDuty. Bioinformatics post graduate, data mining, application development, system automation ● Exploring life like properties in computer systems ● FOSS person (recent contributions in ruby-lxc, lxc-chef, chef-metal-lxc, chef, chefspec, serverspec-lxc, graphios, community cookbooks etc)
Container ● Operating system virtualization ● Instead of a hypervisor(like kvm, vmware) or paravisor (like Xen) your OS itself gives a VM like interface.
Containers on other platforms ● Operating system virtualization (container) ● Zones on solaris(2005) ● OpenVZ (patched linux kernel, 2005) ● WPARs on AIX, SRP on HP-AUX(2007)
LXC - CLI [email protected]:~ $ lxc-ls --fancy NAME STATE IPV4 IPV6 AUTOSTART ----------------------------------------- chef-serf STOPPED - - NO father STOPPED - - NO sensu STOPPED - - NO serf STOPPED - - NO trusty STOPPED - - NO [email protected]:~ $
LXC – Create using CLI [email protected]:~ $ lxc-create -n meetup -t download –- \ -d ubuntu -r trusty -a amd64 Using image from local cache Unpacking the rootfs --- You just created an Ubuntu container (release=trusty, arch=amd64, variant=default) The default username/password is: ubuntu / ubuntu To gain root privileges, please use sudo. [email protected]:~ $
LXC - Features ● Unprivileged containers ● Decoupled rootfs vs container creation ● Rootfs customization via templates ● Cgroup customization via config file and api ● Bindings ● Hooks ● 1.1 aiming for CRIU support
Ruby and LXC integration ● Ruby-lxc binding is 1.0 ● Native and covers entire liblxc API ● Hosted in the same github repo as LXC ● CLI wrapper based ruby bindings are also available (will limit `attach` usage)
Ruby-LXC Examples Change memory limits of a container c = LXC::Container.new('foo') c.cgroup_item('memory.limit_in_bytes') c.set_cgroup_item('memory.limit_in_bytes','10000000') c.save_config
Chef-LXC Integration Chef-metal project - Provides uniform interface for machine as a chef resource - Has LXC driver (alongside vagrant, fog etc) - Treats containers exactly as chef node require 'chef_metal_lxc/lxc_provisioner' with_provisioner ChefMetalLXC::LXCProvisioner.new machine 'mario' do recipe 'postgresql' recipe 'mydb' tag 'mydb_master' end
Chef-LXC Integration Chef-lxc gem - Uses liblxc attach method to execute chef resources inside container - Does not install chef inside the container. lxc "web" do template "ubuntu" recipe do package "apache2" service "apache2" do action [:start, :enable] end end action [:create, :start] end
Chef and LXC integration ● Will be under heavy development since LXC and ruby-LXC is stable now. - unprivileged containers required usernamespace (kernel > 3.11). - ubuntu 14.04 is recommended as host OS.
Chef and LXC integration ● A common store for pre-baked containers worth exploring ● similar to images.linxucontainers.org .. may be one day... lxc-create -n foo -t chef –- \ -d ubuntu -r trusty -a amd64 –-chef-role 'db'
Why? ● Keep db binary dependencies isolated from host binaries ● Dont let an old software dictate your host OS choice. ● We can use cgroups to control cpu footprint of new service during changes like. ● Db upgrade ● App Releases
Why? ● Using chef on host makes dynamic haproxy configs trivial ● Employ blue/green, canary, A/B deployment techniques ● Portable, fast deployments. Free cgroup accountring as metrics.
Deployment scenarios -3 ● Different types containers per host (1M → N different Cts) ● Generic case of the earlier pattern ● Opportunity to use nested containers
1 host–N containers of different type Host DB container chef logstash sensu HAproxy network DB container DB container App container App container App container
Nesting for grouping similar containers Host DB container chef logstash sensu network DB container App Cluster Container HAproxy App container App container App container DB Cluster Container IPtables
Why? ● Test bed for environment wide automation ● Perfect for dev environments ● Explore network (iptables for partition, tc for delay) , disk io, cpu throttling effects on clusters etc.
Resources ● Wikipedia article on OS virtualization ● LXC main website ● Stephane Graber's blog series on LXC ● Rami Rosen's presentation on LXC ● Ruby-LXC ● chef-lxc, chef-metal, lxc-cookbook
ranjibd
makomakok
iwasiman
mski_iksm
inouehi
blackbracken
itohiro73
masayaaoyama
uhooi
tkmnzm
yuhei_fujita
mthiroshi00excite
smiyawaki0820
shpigford
holman
dougneiner
danielanewman
quramy
paulrobertlloyd
dotmariusz
pauljervisheath
brad_frost
nonsquared
marktimemedia