Perl containers

1,152 views

Published on

Published in: Engineering

Perl containers

  1. 1. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia Create your containers with PerlCreate your containers with Perl
  2. 2. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So first... Who am I?So first... Who am I?
  3. 3. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So first... Who am I?So first... Who am I? ➢ System Administrator at heartSystem Administrator at heart ➢ Teaching at Sofia UniversityTeaching at Sofia University ➢ Organizing events like this one...Organizing events like this one... ➢ CEO of 1H Ltd.CEO of 1H Ltd. ➢ CTO of GetClouderCTO of GetClouder ➢ Chief architect of Siteground.comChief architect of Siteground.com
  4. 4. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia The current state of containers ➢ LXC ➢ Docker ➢ lmctfy ➢ A bunch of other small implementations ➢ Build it your self
  5. 5. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia Root inside the containerRoot inside the container   ONLY WITH LXCONLY WITH LXC
  6. 6. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So why would you need a Perl implementation ➢ Patching LXC is writing in C... ➢ Writing in C is not very user friendly ➢ If most of your logic is already in Perl... ➢ Keep less moving blocks in your architecture
  7. 7. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia So what the hell is a container? ➢ chroot ( isolate the directory tree ) ➢ unshare ( create new namespace(s) ) ➢ cgroups ( add limits ) ➢ drop capabilities (optional)
  8. 8. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia What do we have in Perl? ➢ Linux::Unshare ➢ Linux::Setns
  9. 9. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia What do we need? ➢ Linux::Capabilities ➢ Linux::Networking
  10. 10. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia What am I proposing? a toolkit ➢ pc-start ➢ pc-stop ➢ pc-restart ➢ pc-list ➢ pc-top ➢ pc-attach
  11. 11. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ pre-read-config hook ➢ read yaml config ➢ post-read-config ➢ prepare cgroup ➢ post-cgroup-setup hook ➢ fork ➢ prepare mount hook ➢ chroot ➢ post-chroot hook ➢ unshare ➢ post-unshare hook ➢ drop caps ➢ post-dropcaps hook ➢ setup networking ➢ post-networking hook ➢ fork -> exec init ➢ post init hook ➢ setup user mappings ➢ post usermap hook So let'sSo let's look inside thelook inside the implementationimplementation in depthin depth pc-startpc-start
  12. 12. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ pre-read-config hook ➢ read yaml config ➢ post-read-config ➢ check if there is a cgroup ➢ check if the cgroup is not empty ➢ check if the base device ➢ find a FD from one of the PIDs ➢ pre-attach hook ➢ setns ➢ execute bash -i pc-attachpc-attach
  13. 13. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ pre-read-config hook ➢ read yaml config ➢ post-read-config ➢ check if there is a cgroup ➢ check if the cgroup is empty ➢ do pc-attach ➢ execute halt pc-stoppc-stop
  14. 14. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ loop trough the configs ➢ check if the cgroup exists ➢ check if the cgroup is empty ➢ check if it has init running inside pc-listpc-list
  15. 15. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia ➢ Loop trough all the configs ➢ check if the cgroup exists ➢ check if the cgroup is not empty ➢ collect the following stats ➢ cpu usage ➢ memory usage ➢ I/O usage ➢ Network usage ➢ It should allow the admin to ➢ sort each by each resource ➢ handle signals ➢ configure the interface pc-toppc-top
  16. 16. YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia http://github.com/hackman/azilian

×