OSCON Summer 2009 cyberstalk : irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon irving + andy Virtualize or Containerize?

OSCON Summer 2009 Hello Portland!

OSCON Summer 2009 Hello San Jose!

OSCON Summer 2009 cyberstalk : irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon irving + andy Virtualize or Containerize?

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Agenda 1. Why we're here 2. Act I - Virtualize or Containerize (aka "So, you're a provider...") 1. Define and Differentiate 2. State of the Art -> dealbreakers + dealmakers 3. Act II - The Trouble with Clouds (aka "So you're looking to buy?") 1. A Market for Lemons 2. How it's hurting consumers 3. Wouldn't it be cool if... 4. Further resources 5. Get in touch...

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Containerization: Now you can handle the truth Now that we all know + love virtualization, it's easier to wrap our brains around containerization Reminder: Virtualization is everywhere, even when you don't know it. Amazon EC2, Xen, Vmware... Perhaps you've heard of them? Containerization branding chaos. Mediatemple, Dreamhost, Dotster... Perhaps you've heard of them?

Reminder: Virtualization is everywhere, even when you don't know it.

Amazon EC2, Xen, Vmware... Perhaps you've heard of them?

Containerization branding chaos.

Mediatemple, Dreamhost, Dotster... Perhaps you've heard of them?

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Why we're here Irving said blasphemous things about virtualization in IRC.

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Containerization: Is that even a thing?

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Rollcall Virtualization users and their admirers

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Rollcall Containerization users and their admirers

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Act I Virtualize vs. Containerize: Define + Differentiate So, you're a provider...

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Before we begin, assumptions Our focus: x86 Server Market Open Source Operating Systems Open Source & Web Application stacks Yes, we know that: Virtualization actually kicked off in the 1970s Mainframe world. Things are different when you bring Windows into the picture. If you want to discuss Windows, Mainframes, etc, you may be at the wrong talk.

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Virtualization Explained Virtualization in a Nutshell: A software technique used to separate an Operating System from Physical Resources The virtualization "host" presents a complete set of hardware (CPU, memory, disk, devices) to the "guest", fooling the guest into thinking it is running on real hardware Analogy: The Matrix Examples VMware (Full Virtualization) Xen (Paravirtualization) KVM (Paravirtualization) Virtualbox (Full Virtualization)

A software technique used to separate an Operating System from Physical Resources

The virtualization "host" presents a complete set of hardware (CPU, memory, disk, devices) to the "guest", fooling the guest into thinking it is running on real hardware

Analogy: The Matrix

VMware (Full Virtualization)

Xen (Paravirtualization)

KVM (Paravirtualization)

Virtualbox (Full Virtualization)

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Virtualization Explained (cont.) Advantages: System Consolidation System Protection Simplicity - Run any x86 OS! Disadvantage: CPU Performance Memory Performance IO Performance Noticing a trend? Expensive translation Scheduler Contention

System Consolidation

System Protection

Simplicity - Run any x86 OS!

CPU Performance

Memory Performance

IO Performance

Noticing a trend? Expensive translation Scheduler Contention

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Containerization: The Difference is found in the Translation Virtualization (much must be translated) Containerization (It's all native)

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? The Alien is the Guest, the Human is the Host *Except when you containerize, then a Human is both the Guest and Host

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Containerization: Tools like OpenVZ are already packaged with or for your favorite distro

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Containerization Explained Containerization in a Nutshell Also called Operating System-level virtualization, the host and guests all share a single kernel Essentially, virtualization in user-land Single kernel provides greater control of guests, yet thinner separation between guests Some ability to run different OS distributions Popular Ones OpenVZ (Linux) Linux-Vserver FreeBSD Jails Solaris Containers

Also called Operating System-level virtualization, the host and guests all share a single kernel

Essentially, virtualization in user-land

Single kernel provides greater control of guests, yet thinner separation between guests

Some ability to run different OS distributions

OpenVZ (Linux)

Linux-Vserver

FreeBSD Jails

Solaris Containers

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Containerization Explained (cont.) Advantages Fat-free Virtualization IO and Memory Performance levels similar to native operation CPU Scalability - no "virtual SMP" limits Resource Control and Constraints Disadvantages Guests must be same Kernel rev/arch as Host “ Enterprise Functionality” is a mixed bag

Fat-free Virtualization

IO and Memory Performance levels similar to native operation

CPU Scalability - no "virtual SMP" limits

Resource Control and Constraints

Guests must be same Kernel rev/arch as Host

“ Enterprise Functionality” is a mixed bag

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Neat Containerization Tricks Tighter relationship between Host and Guest allows you to: Easily Administer Guests from the Host (Change IP, Change Passwords, etc) Easily Access the Filesystem of Guests from the Host Share identical memory between Guests and the Host Super-easy Template usage and creation Very fine grained resource limits

Easily Administer Guests from the Host (Change IP, Change Passwords, etc)

Easily Access the Filesystem of Guests from the Host

Share identical memory between Guests and the Host

Super-easy Template usage and creation

Very fine grained resource limits

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Command-Line Examples List vzlist -a CTID NPROC STATUS IP_ADDR HOSTNAME 1 35 running 10.101.60.79 localhost 101 8 running 10.101.66.1 ct101.swsoft.com 102 7 running 10.101.66.159 ct102.swsoft.com 103 - stopped 10.101.66.103 ct103.swsoft.com Enter container:~# vzctl enter 100 entered into VE 100 root@www:/# Change User Password vzctl set 100 --save --userpassword apache:secretpassword! Change DNS Server vzctl set 100 --save --nameserver 192.168.0.2

irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon ONBOOT="yes" VE_ROOT="/var/lib/vz/root/$VEID" VE_PRIVATE="/var/lib/vz/private/$VEID" OSTEMPLATE="ubuntu-8.04-amd64-minimal" ORIGIN_SAMPLE="vps.basic" HOSTNAME="www.example.com" IP_ADDRESS="192.168.0.220" NAMESERVER="192.168.0.10" NOATIME="yes" DISKSPACE="10485760:11530240" DISKINODES="200000:220000" QUOTATIME="0" CPUUNITS="1000" OpenVZ Config Example VITALS QUOTAS Virtualize or Containerize?

irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon KMEMSIZE LOCKEDPAGES PRIVVMPAGES SHMPAGES NUMPROC PHYSPAGES VMGUARPAGES OOMGUARPAGES NUMTCPSOCK NUMFLOCK You Want Fine Grained Resource Limits? NUMPTY NUMSIGINFO TCPSNDBUF TCPRCVBUF OTHERSOCKBUF DGRAMRCVBUF NUMOTHERSOCK DCACHESIZE NUMFILE AVNUMPROC NUMIPTENT You got em. Hard and Soft limits for all. Virtualize or Containerize?

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Who were Popek and Goldberg? Published a famous paper in 1974 called "Formal Requirements for Virtualizable Third Generation Architectures". The fundamentals are still relevant today. Equivalence A program running under the VMM should exhibit a behavior essentially identical to that demonstrated when running on an equivalent machine directly. Resource control The VMM must be in complete control of the virtualized resources. Efficiency A statistically dominant fraction of machine instructions must be executed without VMM intervention.

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Convergent Evolution (Or something...)

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Convergent Evolution... Or Common Management Layer libvirt?

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? What's best for you? It depends on who you are.

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? How the heck do we describe ourselves? buyers? sellers? administrators? administrator and user?!?! providers? users? developers? just need to run a dang app?

buyers?

sellers?

administrators?

administrator and user?!?!

providers?

users?

developers?

just need to run a dang app?

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? The big buckets Selling infrastructure or applications on top of infrastructure to people outside your organization Providing infrastructure, or applications on top of an infrastructure, within your organization/company Your own customer a dev/groups of devs managing your own production/dev/QA server using an app that needs infrastructure

Selling infrastructure or applications on top of infrastructure to people outside your organization

Providing infrastructure, or applications on top of an infrastructure, within your organization/company

Your own customer

a dev/groups of devs managing your own production/dev/QA server

using an app that needs infrastructure

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Rollcall Need help? Let's help you choose... Selling infrastructure or applications on top of infrastructure to people outside your organization Providing infrastructure, or applications on top of an infrastructure, within your organization/company Your own customer a dev/groups of devs managing your own production/dev/QA server using an app that needs infrastructure

Selling infrastructure or applications on top of infrastructure to people outside your organization

Providing infrastructure, or applications on top of an infrastructure, within your organization/company

Your own customer

a dev/groups of devs managing your own production/dev/QA server

using an app that needs infrastructure

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Let's help you choose You care about: "Enterprise" functionality, support, clustering, pretty dashboards. Virtualize!

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Let's help you choose You care about: Running many, many different x86 OSes. And a wide array of virtual appliances. Virtualize!

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Let's help you choose You're an Infrastructure provider, and you need to run many, many instances of Linux as efficiently as possible. You understand that fitting more guests on a host is free money. Containerize!

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Let's help you choose You're a startup or indie developer on Linux, and you need to stretch every dollar. However, you want to easily add Staging/Dev environments, regression test on a wide variety of distributions, etc. People keep telling you to "Get a VM for that project." What do you do? Containerize!

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Act II The Trouble with Clouds So, you're a consumer of infrastructure...

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? The market for lemons Much of what you just heard doesn't matter if you are a buyer of Infrastructure services (IaaS, Cloud Computing, etc.) Building any large-scale high performance virtualization infrastructure can be very tricky (variance in technical solutions) Vendors are forced to compete primarily on Price, not Quality. See famous paper "The Market for Lemons" by economist George Akerlof.

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? (interrupting record scratch sound)

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Cloud Providers, we love you, here's some valuable observations Shopping for IaaS services makes no sense, the comparison criteria has nothing to do with the Quality of the Infrastructure User Interface API Pricing and Features Oh yeah, and user reviews (subjective) How about you help out the users a little bit? Build smarter baseline configs based on Memory Size, CPU power purchased, etc. Install smart Caching mechanisms by default (WP-Super-Cache, memcached, Boost, mod_cache) Don't fool buyers into thinking that they can get by without a proper sysadmin. Don't instantly upsell more widgets when the customer's performance goes south.

User Interface

API

Pricing and Features

Oh yeah, and user reviews (subjective)

Build smarter baseline configs based on Memory Size, CPU power purchased, etc.

Install smart Caching mechanisms by default (WP-Super-Cache, memcached, Boost, mod_cache)

Don't fool buyers into thinking that they can get by without a proper sysadmin.

Don't instantly upsell more widgets when the customer's performance goes south.

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Wouldn't it be cool if... There were independent measurements and ratings for IaaS providers: Compare CPU, Memory, Disk, and network performance Compare real-world task response times Compare end-to-end performance of real application stacks A critical mass of communities talking about cloud stuff with these new criteria in mind : Wikis Discussion forums How-to articles Encourage vendors to be more transparent and describe their offerings in a more meaningful way.

Compare CPU, Memory, Disk, and network performance

Compare real-world task response times

Compare end-to-end performance of real application stacks

Wikis

Discussion forums

How-to articles

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Okay, Now take a deep breath

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Further Resources Wikipedia "Virtualization" article: http://en.wikipedia.org/wiki/Virtualization VMware whitepaper: Understanding Paravirtualization http://www.vmware.com/files/pdf/VMware_paravirtualization.pdf Intel whitepaper: Hybrid Virtualization http://www.vmware.com/files/pdf/VMware_paravirtualization.pdf Troubleshooting hosted Xen story: http://wiki.xen.prgmr.com/xenophilia/2009/06/see-this-is-why-i-dont-assume.html Popek and Goldberg Virtualization Requirements http://en.wikipedia.org/wiki/Popek_and_Goldberg_virtualization_requirements

Wikipedia "Virtualization" article: http://en.wikipedia.org/wiki/Virtualization

VMware whitepaper: Understanding Paravirtualization http://www.vmware.com/files/pdf/VMware_paravirtualization.pdf

Intel whitepaper: Hybrid Virtualization http://www.vmware.com/files/pdf/VMware_paravirtualization.pdf

Troubleshooting hosted Xen story: http://wiki.xen.prgmr.com/xenophilia/2009/06/see-this-is-why-i-dont-assume.html

Popek and Goldberg Virtualization Requirements http://en.wikipedia.org/wiki/Popek_and_Goldberg_virtualization_requirements

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Get in touch Andy (Andrea) Sysadmin in Portland, OR Cries when make fails. twitter/identica: thesethings Blog: http://www.thesethingsmattertome.com/ Irving Popovetsky Independent consultant from Portland, OR Unabashed OSS nerd for nearly 15 years twitter/identica: irvingpop Blog: http://www.cloudest.com/blog/

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Questions??

OSCON Summer 2009 irc / twitter/ identica: irvingpop, thesethings web: cloudest.com/oscon Virtualize or Containerize? Thanks for coming!