SlideShare a Scribd company logo

Lxbrand

M
mrbruning

My talk on LX branded zones at Snow.nl March 26 and 27, 2015.

Software
1 of 21
Download to read offline
LX Branded Zones 1 Friday, March 27, 15
Topic Outline 2 • Brief description of container mechanisms • SmartOS Zones • Branded Zones • LX Branded Zones • Demos • References • slides at http://www.slideshare.net/mrbruning/lxbrand Friday, March 27, 15
3 OS OSOS Hypervisor Hardware OS OSOS Hypervisor Hardware OS AppsApps Apps OS Hardware Apps Apps Apps Apps Apps Apps Container Architectures • Protection via OS per Container and Hypervisor • Visibility within hypervisor is limited • Duplication of effort • Example: xen • Can be done without OS support • Protection via OS per container and host OS • Duplication of effort • Example: qemu/kvm • Fast (no duplication of work) • High visibility of all components • Protection via OS • Requires OS changes • Example: SmartOS Friday, March 27, 15
OS Virtualization 4 •Each container sees their own (virtualized) OS •In reality, only one OS •From within a container you can only “see” (depending on permissions) things within that container •Minimizes code and data path between application and hardware •Problem •Apps must be built for the OS Friday, March 27, 15
SmartOS LX-Branded Zones 5 •Execute Linux binaries directly on SmartOS kernel •Uses zfs datasets for file system •Uses zones for protection •Processes running in a zone can only see what is in the zone •vxlan networking •Allows use of SmartOS tools within the zone •DTrace, mdb, proc tools, zlogin, etc. Friday, March 27, 15
LX-branded Zones - Implementation •Processes within LX-branded zone use library interpositioning (done transparently) to handle system calls •Some system calls are passed directly to the SmartOS system call • read(2), write(2), getpid(2), etc. •System calls not in SmartOS are implemented using library or in SmartOS •Each thread within an lx process has 2 stacks •One for the native stack, and one for the “brand” stack. Also used for signal handling. 6 Friday, March 27, 15
Why LX Branded Zones •Allows you to run docker containers on SmartOS •Gets rid of problems with running Docker on a hardware virtualized environment •Security •Observability •Bare Metal Performance •Start at http://www.joyent.com to read about Triton, our Elastic Container-Native Infrastructure 7 Friday, March 27, 15
Images •The data and metadata required to create a new container. •Existing images can be “imported”. •New images can be created and provisioned. 8 Friday, March 27, 15
Creating an LX-Branded Zone - Import an Image 9 # imgadm sources -a https://updates.joyent.com Added "imgapi" image source "https://updates.joyent.com" # imgadm avail | grep -i lx f7c19252-c998-11e4-be95-3315493f3741 lx-centos-6 20150313 other 2015-03-13T15:52:35Z 818cc79e-ceb3-11e4-99ee-7bc8c674e754 lx-ubuntu-14.04 20150320 other 2015-03-20T03:45:09Z ... # imgadm import 818cc79e-ceb3-11e4-99ee-7bc8c674e754 Importing 818cc79e-ceb3-11e4-99ee-7bc8c674e754 (lx-ubuntu-14.04@20150320) from "https://images.joyent.com” # imgadm list UUID NAME VERSION OS PUBLISHED 818cc79e-ceb3-11e4-99ee-7bc8c674e754 lx-ubuntu-14.04 20150320 other 2015-03-20T03:45:09Z # Friday, March 27, 15
Creating an LX Branded Zone - JSON config file •File used when creating a new virtual system •Contains properties of the new system •image uuid, alias brand, cpu cap and shares, metadata, file system info, network info, etc. •See vmadm(1M)for list of properties 10 Friday, March 27, 15
Creating an LX Branded Zone - Example JSON config file 11 # cat /var/tmp/lx.json { "alias": "lxtest03242015", "brand": "lx", "kernel_version": "3.13.0", "max_physical_memory": 2048, "image_uuid": "818cc79e-ceb3-11e4-99ee-7bc8c674e754", "resolvers": ["8.8.8.8","8.8.4.4"], "nics": [ { "nic_tag": "admin", "ip": "10.88.88.71", "netmask": "255.255.255.0", "gateway": "10.88.88.2" } ], "customer_metadata": { "root_authorized_keys": "ssh-rsa AAAA...” } } # Friday, March 27, 15
vmadm(1M) - Create the new machine 12 # vmadm create -f lx.json Successfully created VM 203e8515-a1fa-4150-ad93-6e3ce1ee3b21 # # zlogin 203e8515-a1fa-4150-ad93-6e3ce1ee3b21 [Connected to zone '203e8515-a1fa-4150-ad93-6e3ce1ee3b21' pts/4] Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0 x86_64) * Documentation: https://help.ubuntu.com/ ... #ifconfig eth0 eth0 Link encap:Ethernet HWaddr 72:af:f4:3c:a0:23 inet addr:10.88.88.71 Mask:255.255.255.0 ... # # ssh root@10.88.88.71 <-- from another host [Connected to zone '203e8515-a1fa-4150-ad93-6e3ce1ee3b21' pts/4] Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0 i686) ... # Friday, March 27, 15
SmartOS Commands within LX Branded Zones •SmartOS binaries are available within the zone •lofi mounted from global zone •/native/usr •/native/sbin •/native/lib •Others can be added •Apps in LX zone should look and act like apps on linux •Subset of Linux /proc •/sys exists but is empty 13 Friday, March 27, 15
Some Example Commands 14 # /native/usr/bin/prstat PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 30597 root 25M 3796K sleep 59 0 0:00:00 0.0% top/1 13593 root 18M 2408K sleep 20 0 0:00:00 0.0% upstart- socket-/1 30389 root 108M 7372K sleep 59 0 0:00:00 0.0% sshd/1 ... Total: 17 processes, 23 lwps, load averages: 0.10, 0.03, 0.01 # top PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 30597 root 59 0 26076 3796 0 R 0.2 0.1 0:00.06 top 30564 root 59 0 4220 3448 0 S 0.1 0.1 0:00.02 prstat 30389 root 59 0 110912 7372 0 S 0.0 0.2 0:00.06 sshd ... top - 23:11:33 up 2 days, 1:08, 2 users, load average: 0.11, 0.02, 0.00 Tasks: 16 total, 1 running, 15 sleeping, 0 stopped, 0 zombie %Cpu(s): 2.6 us, 7.9 sy, 0.0 ni, 89.3 id, 0.0 wa, 0.2 hi, 0.0 si, 0.0 st KiB Mem: 4194304 total, 45480 used, 4148824 free, 0 buffers KiB Swap: 8388608 total, 24632 used, 8363976 free. 0 cached Mem Friday, March 27, 15
Using DTrace in LX Branded Zone •Login via zlogin or ssh is slow. •Internet search for slow login on Ubuntu yields (among many others) •http://askubuntu.com/questions/11538/long-wait- time-on-login •Suggested solution is to comment out pam_motd lines in /etc/pam.d/sshd and /etc/pam.d/ login •We’ll use DTrace within the LX zone to come up with a solution •Note that we shall not “root cause” the problem (but we could) 15 Friday, March 27, 15
DTrace Example 16 # export PATH=/native/usr/sbin # dtrace -qn 'BEGIN{printf("PID PPID COMMANDn");} proc:::exec-success/progenyof($target)/ {printf("%d %d %sn", pid, ppid, curpsinfo->pr_psargs);}' -p `pgrep sshd` PID PPID COMMAND 4483 2824 /usr/sbin/sshd -D -R ... 4488 4487 run-parts --lsbsysinit /etc/update-motd.d 4489 4488 /bin/sh /etc/update-motd.d/00-header ... 4493 4488 /bin/sh /etc/update-motd.d/10-help-text 4496 4488 /bin/sh /etc/update-motd.d/50-landscape-sysinfo 4497 4496 grep -c ^processor /proc/cpuinfo ... 4773 4753 /bin/sh -e /usr/lib/update-notifier/update-motd-updates- available ... 4516 4488 /bin/sh /etc/update-motd.d/98-fsck-at-reboot 4516 4488 /bin/sh /usr/lib/update-notifier/update-motd-fsck-at-reboot 4517 4516 stat -c %Y /var/lib/update-notifier/fsck-at-reboot ... 4535 4523 mesg n ^C Friday, March 27, 15
DTrace Example - Continued 17 # run-parts --lsbsysinit /etc/update-motd.d Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0 i686) * Documentation: https://help.ubuntu.com/ System information as of Fri Mar 20 03:08:11 MDT 2015 System load: 0.0 Memory usage: 0% Users logged in: 1 Usage of /home: unknown Swap usage: 1% => There were exceptions while processing one or more plugins. See /var/log/landscape/sysinfo.log for more information. Graph this data and manage this system at: https://landscape.canonical.com/ pause occurs here... 154 packages can be updated. 78 updates are security updates. Friday, March 27, 15
DTrace Example - Continued 18 # dtrace -q -n 'proc:::exec-success/progenyof($target)/{printf("%d %d %sn", pid, ppid, curpsinfo->pr_psargs);}' -c "run-parts --lsbsysinit / etc/update-motd.d" Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0 i686) ... Graph this data and manage this system at: https://landscape.canonical.com/ 4923 4921 /bin/sh4924 4923 uname -o ... 4942 4921 /bin/sh /etc/update-motd.d/90-updates-available 4942 4921 /bin/sh -e /usr/lib/update-notifier/update-motd-updates- available ... 154 packages can be updated. 78 updates are security updates. Friday, March 27, 15
DTrace Example - Continued •In a more recent ubuntu image, /etc/update- motd.d had several files removed, including /90- updates-available. Problem is gone. 19 # /bin/sh -e /usr/lib/update-notifier/update-motd-updates-available long pause here... 154 packages can be updated. 78 updates are security updates. # Friday, March 27, 15
DEMO 20 Friday, March 27, 15
References • Creating an LX image - http://us-east.manta.joyent.com/jperkin/public/lximg/README • General wiki page on lx branded zones - https://wiki.smartos.org/display/DOC/LX+Branded+Zones • The source. A mid-level description of how it all works - /smartos-live/projects/illumos/usr/src/lib/brand/lx/ lx_brand/common/lx_brand.c has a large comment explaining a lot of the internals • http://www.slideshare.net/bcantrill/illumos-lx - Some history and other details • https://www.joyent.com/blog/container-service-preview - instructions for docker setup • Thanks to Snow.nl for inviting me to speak. 21 Friday, March 27, 15

Recommended

Pdf c1t tlawaxb
Pdf c1t tlawaxbPdf c1t tlawaxb
Pdf c1t tlawaxbSusant Sahani
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
CLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemCLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemPaulWay
 
Grub and dracut ii
Grub and dracut iiGrub and dracut ii
Grub and dracut iiplarsen67
 
Systemd mlug-20140614
Systemd mlug-20140614Systemd mlug-20140614
Systemd mlug-20140614Susant Sahani
 
PHP at Density and Scale (Lone Star PHP 2014)
PHP at Density and Scale (Lone Star PHP 2014)PHP at Density and Scale (Lone Star PHP 2014)
PHP at Density and Scale (Lone Star PHP 2014)David Timothy Strauss
 
Systemd poettering
Systemd poetteringSystemd poettering
Systemd poetteringSusant Sahani
 
OpenNebulaConf2017EU: Torturing OpenNebula for Fun and Profit by Carlo Daffar...
OpenNebulaConf2017EU: Torturing OpenNebula for Fun and Profit by Carlo Daffar...OpenNebulaConf2017EU: Torturing OpenNebula for Fun and Profit by Carlo Daffar...
OpenNebulaConf2017EU: Torturing OpenNebula for Fun and Profit by Carlo Daffar...OpenNebula Project
 

Recommended

Pdf c1t tlawaxb
Pdf c1t tlawaxbPdf c1t tlawaxb
Pdf c1t tlawaxbSusant Sahani
 
Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
CLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemCLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemPaulWay
 
Grub and dracut ii
Grub and dracut iiGrub and dracut ii
Grub and dracut iiplarsen67
 
Systemd mlug-20140614
Systemd mlug-20140614Systemd mlug-20140614
Systemd mlug-20140614Susant Sahani
 
PHP at Density and Scale (Lone Star PHP 2014)
PHP at Density and Scale (Lone Star PHP 2014)PHP at Density and Scale (Lone Star PHP 2014)
PHP at Density and Scale (Lone Star PHP 2014)David Timothy Strauss
 
Systemd poettering
Systemd poetteringSystemd poettering
Systemd poetteringSusant Sahani
 
OpenNebulaConf2017EU: Torturing OpenNebula for Fun and Profit by Carlo Daffar...
OpenNebulaConf2017EU: Torturing OpenNebula for Fun and Profit by Carlo Daffar...OpenNebulaConf2017EU: Torturing OpenNebula for Fun and Profit by Carlo Daffar...
OpenNebulaConf2017EU: Torturing OpenNebula for Fun and Profit by Carlo Daffar...OpenNebula Project
 
Kernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisKernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisAnne Nicolas
 
Kernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power ManagementKernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power ManagementAnne Nicolas
 
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-BaljevicHow to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-BaljevicCircling Cycle
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7Marc Cortinas Val
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesAnne Nicolas
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pcApplistarVN
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneAnne Nicolas
 
Kernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver frameworkKernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver frameworkAnne Nicolas
 
Linux Kernel Init Process
Linux Kernel Init ProcessLinux Kernel Init Process
Linux Kernel Init ProcessKernel TLV
 
Virtualization and Socket Programing
Virtualization and Socket ProgramingVirtualization and Socket Programing
Virtualization and Socket ProgramingMidhun S
 
Linux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisLinux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisPaul V. Novarese
 
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan BaljevicUnix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan BaljevicCircling Cycle
 
Basic onos-tutorial
Basic onos-tutorialBasic onos-tutorial
Basic onos-tutorialEueung Mulyana
 
Bootloader and MMU (english)
Bootloader and MMU (english)Bootloader and MMU (english)
Bootloader and MMU (english)Sneeker Yeh
 
Linux booting process!!
Linux booting process!!Linux booting process!!
Linux booting process!!sourav verma
 
LCA13: Android Kernel Upstreaming: Overview & Status
LCA13: Android Kernel Upstreaming: Overview & StatusLCA13: Android Kernel Upstreaming: Overview & Status
LCA13: Android Kernel Upstreaming: Overview & StatusLinaro
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroupsKernel TLV
 
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksKernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksAnne Nicolas
 
Make your cheap VM fly
Make your cheap VM flyMake your cheap VM fly
Make your cheap VM flyCode Enigma
 
Writing Character driver (loadable module) in linux
Writing Character driver (loadable module) in linuxWriting Character driver (loadable module) in linux
Writing Character driver (loadable module) in linuxRajKumar Rampelli
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016Brendan Gregg
 
Analyzing OS X Systems Performance with the USE Method
Analyzing OS X Systems Performance with the USE MethodAnalyzing OS X Systems Performance with the USE Method
Analyzing OS X Systems Performance with the USE MethodBrendan Gregg
 

More Related Content

What's hot

Kernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisKernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisAnne Nicolas
 
Kernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power ManagementKernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power ManagementAnne Nicolas
 
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-BaljevicHow to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-BaljevicCircling Cycle
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesAnne Nicolas
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pcApplistarVN
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneAnne Nicolas
 
Kernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver frameworkKernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver frameworkAnne Nicolas
 
Linux Kernel Init Process
Linux Kernel Init ProcessLinux Kernel Init Process
Linux Kernel Init ProcessKernel TLV
 
Virtualization and Socket Programing
Virtualization and Socket ProgramingVirtualization and Socket Programing
Virtualization and Socket ProgramingMidhun S
 
Linux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisLinux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisPaul V. Novarese
 
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan BaljevicUnix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan BaljevicCircling Cycle
 
Bootloader and MMU (english)
Bootloader and MMU (english)Bootloader and MMU (english)
Bootloader and MMU (english)Sneeker Yeh
 
Linux booting process!!
Linux booting process!!Linux booting process!!
Linux booting process!!sourav verma
 
LCA13: Android Kernel Upstreaming: Overview & Status
LCA13: Android Kernel Upstreaming: Overview & StatusLCA13: Android Kernel Upstreaming: Overview & Status
LCA13: Android Kernel Upstreaming: Overview & StatusLinaro
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroupsKernel TLV
 
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksKernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksAnne Nicolas
 
Make your cheap VM fly
Make your cheap VM flyMake your cheap VM fly
Make your cheap VM flyCode Enigma
 
Writing Character driver (loadable module) in linux
Writing Character driver (loadable module) in linuxWriting Character driver (loadable module) in linux
Writing Character driver (loadable module) in linuxRajKumar Rampelli
 

What's hot (20)

Kernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysisKernel Recipes 2015 - Kernel dump analysis
Kernel Recipes 2015 - Kernel dump analysis
 
Kernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power ManagementKernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power Management
 
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-BaljevicHow to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologies
 
Install ovs on local pc
Install ovs on local pcInstall ovs on local pc
Install ovs on local pc
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyone
 
Kernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver frameworkKernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver framework
 
Linux Kernel Init Process
Linux Kernel Init ProcessLinux Kernel Init Process
Linux Kernel Init Process
 
Virtualization and Socket Programing
Virtualization and Socket ProgramingVirtualization and Socket Programing
Virtualization and Socket Programing
 
Linux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisLinux Crash Dump Capture and Analysis
Linux Crash Dump Capture and Analysis
 
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan BaljevicUnix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
 
Basic onos-tutorial
Basic onos-tutorialBasic onos-tutorial
Basic onos-tutorial
 
Bootloader and MMU (english)
Bootloader and MMU (english)Bootloader and MMU (english)
Bootloader and MMU (english)
 
Linux booting process!!
Linux booting process!!Linux booting process!!
Linux booting process!!
 
LCA13: Android Kernel Upstreaming: Overview & Status
LCA13: Android Kernel Upstreaming: Overview & StatusLCA13: Android Kernel Upstreaming: Overview & Status
LCA13: Android Kernel Upstreaming: Overview & Status
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroups
 
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksKernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
 
Make your cheap VM fly
Make your cheap VM flyMake your cheap VM fly
Make your cheap VM fly
 
Writing Character driver (loadable module) in linux
Writing Character driver (loadable module) in linuxWriting Character driver (loadable module) in linux
Writing Character driver (loadable module) in linux
 

Similar to Lxbrand

Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016Brendan Gregg
 
Analyzing OS X Systems Performance with the USE Method
Analyzing OS X Systems Performance with the USE MethodAnalyzing OS X Systems Performance with the USE Method
Analyzing OS X Systems Performance with the USE MethodBrendan Gregg
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기Ji-Woong Choi
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX SecurityHelpSystems
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
Monitoring IO performance with iostat and pt-diskstats
Monitoring IO performance with iostat and pt-diskstatsMonitoring IO performance with iostat and pt-diskstats
Monitoring IO performance with iostat and pt-diskstatsBen Mildren
 
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017Codemotion
 
Percona Live UK 2014 Part III
Percona Live UK 2014 Part IIIPercona Live UK 2014 Part III
Percona Live UK 2014 Part IIIAlkin Tezuysal
 
MeetBSD2014 Performance Analysis
MeetBSD2014 Performance AnalysisMeetBSD2014 Performance Analysis
MeetBSD2014 Performance AnalysisBrendan Gregg
 
Tracing and profiling my sql (percona live europe 2019) draft_1
Tracing and profiling my sql (percona live europe 2019) draft_1Tracing and profiling my sql (percona live europe 2019) draft_1
Tracing and profiling my sql (percona live europe 2019) draft_1Valerii Kravchuk
 
systemd @ Facebook -- a year later
systemd @ Facebook -- a year latersystemd @ Facebook -- a year later
systemd @ Facebook -- a year laterDavide Cavalca
 
EuroBSDcon 2017 System Performance Analysis Methodologies
EuroBSDcon 2017 System Performance Analysis MethodologiesEuroBSDcon 2017 System Performance Analysis Methodologies
EuroBSDcon 2017 System Performance Analysis MethodologiesBrendan Gregg
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Grabbing the PostgreSQL Elephant by the Trunk
Grabbing the PostgreSQL Elephant by the TrunkGrabbing the PostgreSQL Elephant by the Trunk
Grabbing the PostgreSQL Elephant by the TrunkHarold Giménez
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringOSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringNETWAYS
 
Performance Analysis: new tools and concepts from the cloud
Performance Analysis: new tools and concepts from the cloudPerformance Analysis: new tools and concepts from the cloud
Performance Analysis: new tools and concepts from the cloudBrendan Gregg
 

Similar to Lxbrand (20)

Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
 
Analyzing OS X Systems Performance with the USE Method
Analyzing OS X Systems Performance with the USE MethodAnalyzing OS X Systems Performance with the USE Method
Analyzing OS X Systems Performance with the USE Method
 
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기
 
Docker Monitoring Webinar
Docker Monitoring WebinarDocker Monitoring Webinar
Docker Monitoring Webinar
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX Security
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
 
Monitoring IO performance with iostat and pt-diskstats
Monitoring IO performance with iostat and pt-diskstatsMonitoring IO performance with iostat and pt-diskstats
Monitoring IO performance with iostat and pt-diskstats
 
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
 
Percona Live UK 2014 Part III
Percona Live UK 2014 Part IIIPercona Live UK 2014 Part III
Percona Live UK 2014 Part III
 
MeetBSD2014 Performance Analysis
MeetBSD2014 Performance AnalysisMeetBSD2014 Performance Analysis
MeetBSD2014 Performance Analysis
 
Wissbi osdc pdf
Wissbi osdc pdfWissbi osdc pdf
Wissbi osdc pdf
 
Tracing and profiling my sql (percona live europe 2019) draft_1
Tracing and profiling my sql (percona live europe 2019) draft_1Tracing and profiling my sql (percona live europe 2019) draft_1
Tracing and profiling my sql (percona live europe 2019) draft_1
 
systemd @ Facebook -- a year later
systemd @ Facebook -- a year latersystemd @ Facebook -- a year later
systemd @ Facebook -- a year later
 
EuroBSDcon 2017 System Performance Analysis Methodologies
EuroBSDcon 2017 System Performance Analysis MethodologiesEuroBSDcon 2017 System Performance Analysis Methodologies
EuroBSDcon 2017 System Performance Analysis Methodologies
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Grabbing the PostgreSQL Elephant by the Trunk
Grabbing the PostgreSQL Elephant by the TrunkGrabbing the PostgreSQL Elephant by the Trunk
Grabbing the PostgreSQL Elephant by the Trunk
 
Clear cache memory
Clear cache memoryClear cache memory
Clear cache memory
 
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoringOSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
OSDC 2017 - Werner Fischer - Linux performance profiling and monitoring
 
Performance Analysis: new tools and concepts from the cloud
Performance Analysis: new tools and concepts from the cloudPerformance Analysis: new tools and concepts from the cloud
Performance Analysis: new tools and concepts from the cloud
 

Recently uploaded

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 

Recently uploaded (20)

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 

Lxbrand

  • 2. Topic Outline 2 • Brief description of container mechanisms • SmartOS Zones • Branded Zones • LX Branded Zones • Demos • References • slides at http://www.slideshare.net/mrbruning/lxbrand Friday, March 27, 15
  • 3. 3 OS OSOS Hypervisor Hardware OS OSOS Hypervisor Hardware OS AppsApps Apps OS Hardware Apps Apps Apps Apps Apps Apps Container Architectures • Protection via OS per Container and Hypervisor • Visibility within hypervisor is limited • Duplication of effort • Example: xen • Can be done without OS support • Protection via OS per container and host OS • Duplication of effort • Example: qemu/kvm • Fast (no duplication of work) • High visibility of all components • Protection via OS • Requires OS changes • Example: SmartOS Friday, March 27, 15
  • 4. OS Virtualization 4 •Each container sees their own (virtualized) OS •In reality, only one OS •From within a container you can only “see” (depending on permissions) things within that container •Minimizes code and data path between application and hardware •Problem •Apps must be built for the OS Friday, March 27, 15
  • 5. SmartOS LX-Branded Zones 5 •Execute Linux binaries directly on SmartOS kernel •Uses zfs datasets for file system •Uses zones for protection •Processes running in a zone can only see what is in the zone •vxlan networking •Allows use of SmartOS tools within the zone •DTrace, mdb, proc tools, zlogin, etc. Friday, March 27, 15
  • 6. LX-branded Zones - Implementation •Processes within LX-branded zone use library interpositioning (done transparently) to handle system calls •Some system calls are passed directly to the SmartOS system call • read(2), write(2), getpid(2), etc. •System calls not in SmartOS are implemented using library or in SmartOS •Each thread within an lx process has 2 stacks •One for the native stack, and one for the “brand” stack. Also used for signal handling. 6 Friday, March 27, 15
  • 7. Why LX Branded Zones •Allows you to run docker containers on SmartOS •Gets rid of problems with running Docker on a hardware virtualized environment •Security •Observability •Bare Metal Performance •Start at http://www.joyent.com to read about Triton, our Elastic Container-Native Infrastructure 7 Friday, March 27, 15
  • 8. Images •The data and metadata required to create a new container. •Existing images can be “imported”. •New images can be created and provisioned. 8 Friday, March 27, 15
  • 9. Creating an LX-Branded Zone - Import an Image 9 # imgadm sources -a https://updates.joyent.com Added "imgapi" image source "https://updates.joyent.com" # imgadm avail | grep -i lx f7c19252-c998-11e4-be95-3315493f3741 lx-centos-6 20150313 other 2015-03-13T15:52:35Z 818cc79e-ceb3-11e4-99ee-7bc8c674e754 lx-ubuntu-14.04 20150320 other 2015-03-20T03:45:09Z ... # imgadm import 818cc79e-ceb3-11e4-99ee-7bc8c674e754 Importing 818cc79e-ceb3-11e4-99ee-7bc8c674e754 (lx-ubuntu-14.04@20150320) from "https://images.joyent.com” # imgadm list UUID NAME VERSION OS PUBLISHED 818cc79e-ceb3-11e4-99ee-7bc8c674e754 lx-ubuntu-14.04 20150320 other 2015-03-20T03:45:09Z # Friday, March 27, 15
  • 10. Creating an LX Branded Zone - JSON config file •File used when creating a new virtual system •Contains properties of the new system •image uuid, alias brand, cpu cap and shares, metadata, file system info, network info, etc. •See vmadm(1M)for list of properties 10 Friday, March 27, 15
  • 11. Creating an LX Branded Zone - Example JSON config file 11 # cat /var/tmp/lx.json { "alias": "lxtest03242015", "brand": "lx", "kernel_version": "3.13.0", "max_physical_memory": 2048, "image_uuid": "818cc79e-ceb3-11e4-99ee-7bc8c674e754", "resolvers": ["8.8.8.8","8.8.4.4"], "nics": [ { "nic_tag": "admin", "ip": "10.88.88.71", "netmask": "255.255.255.0", "gateway": "10.88.88.2" } ], "customer_metadata": { "root_authorized_keys": "ssh-rsa AAAA...” } } # Friday, March 27, 15
  • 12. vmadm(1M) - Create the new machine 12 # vmadm create -f lx.json Successfully created VM 203e8515-a1fa-4150-ad93-6e3ce1ee3b21 # # zlogin 203e8515-a1fa-4150-ad93-6e3ce1ee3b21 [Connected to zone '203e8515-a1fa-4150-ad93-6e3ce1ee3b21' pts/4] Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0 x86_64) * Documentation: https://help.ubuntu.com/ ... #ifconfig eth0 eth0 Link encap:Ethernet HWaddr 72:af:f4:3c:a0:23 inet addr:10.88.88.71 Mask:255.255.255.0 ... # # ssh root@10.88.88.71 <-- from another host [Connected to zone '203e8515-a1fa-4150-ad93-6e3ce1ee3b21' pts/4] Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0 i686) ... # Friday, March 27, 15
  • 13. SmartOS Commands within LX Branded Zones •SmartOS binaries are available within the zone •lofi mounted from global zone •/native/usr •/native/sbin •/native/lib •Others can be added •Apps in LX zone should look and act like apps on linux •Subset of Linux /proc •/sys exists but is empty 13 Friday, March 27, 15
  • 14. Some Example Commands 14 # /native/usr/bin/prstat PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 30597 root 25M 3796K sleep 59 0 0:00:00 0.0% top/1 13593 root 18M 2408K sleep 20 0 0:00:00 0.0% upstart- socket-/1 30389 root 108M 7372K sleep 59 0 0:00:00 0.0% sshd/1 ... Total: 17 processes, 23 lwps, load averages: 0.10, 0.03, 0.01 # top PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 30597 root 59 0 26076 3796 0 R 0.2 0.1 0:00.06 top 30564 root 59 0 4220 3448 0 S 0.1 0.1 0:00.02 prstat 30389 root 59 0 110912 7372 0 S 0.0 0.2 0:00.06 sshd ... top - 23:11:33 up 2 days, 1:08, 2 users, load average: 0.11, 0.02, 0.00 Tasks: 16 total, 1 running, 15 sleeping, 0 stopped, 0 zombie %Cpu(s): 2.6 us, 7.9 sy, 0.0 ni, 89.3 id, 0.0 wa, 0.2 hi, 0.0 si, 0.0 st KiB Mem: 4194304 total, 45480 used, 4148824 free, 0 buffers KiB Swap: 8388608 total, 24632 used, 8363976 free. 0 cached Mem Friday, March 27, 15
  • 15. Using DTrace in LX Branded Zone •Login via zlogin or ssh is slow. •Internet search for slow login on Ubuntu yields (among many others) •http://askubuntu.com/questions/11538/long-wait- time-on-login •Suggested solution is to comment out pam_motd lines in /etc/pam.d/sshd and /etc/pam.d/ login •We’ll use DTrace within the LX zone to come up with a solution •Note that we shall not “root cause” the problem (but we could) 15 Friday, March 27, 15
  • 16. DTrace Example 16 # export PATH=/native/usr/sbin # dtrace -qn 'BEGIN{printf("PID PPID COMMANDn");} proc:::exec-success/progenyof($target)/ {printf("%d %d %sn", pid, ppid, curpsinfo->pr_psargs);}' -p `pgrep sshd` PID PPID COMMAND 4483 2824 /usr/sbin/sshd -D -R ... 4488 4487 run-parts --lsbsysinit /etc/update-motd.d 4489 4488 /bin/sh /etc/update-motd.d/00-header ... 4493 4488 /bin/sh /etc/update-motd.d/10-help-text 4496 4488 /bin/sh /etc/update-motd.d/50-landscape-sysinfo 4497 4496 grep -c ^processor /proc/cpuinfo ... 4773 4753 /bin/sh -e /usr/lib/update-notifier/update-motd-updates- available ... 4516 4488 /bin/sh /etc/update-motd.d/98-fsck-at-reboot 4516 4488 /bin/sh /usr/lib/update-notifier/update-motd-fsck-at-reboot 4517 4516 stat -c %Y /var/lib/update-notifier/fsck-at-reboot ... 4535 4523 mesg n ^C Friday, March 27, 15
  • 17. DTrace Example - Continued 17 # run-parts --lsbsysinit /etc/update-motd.d Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0 i686) * Documentation: https://help.ubuntu.com/ System information as of Fri Mar 20 03:08:11 MDT 2015 System load: 0.0 Memory usage: 0% Users logged in: 1 Usage of /home: unknown Swap usage: 1% => There were exceptions while processing one or more plugins. See /var/log/landscape/sysinfo.log for more information. Graph this data and manage this system at: https://landscape.canonical.com/ pause occurs here... 154 packages can be updated. 78 updates are security updates. Friday, March 27, 15
  • 18. DTrace Example - Continued 18 # dtrace -q -n 'proc:::exec-success/progenyof($target)/{printf("%d %d %sn", pid, ppid, curpsinfo->pr_psargs);}' -c "run-parts --lsbsysinit / etc/update-motd.d" Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0 i686) ... Graph this data and manage this system at: https://landscape.canonical.com/ 4923 4921 /bin/sh4924 4923 uname -o ... 4942 4921 /bin/sh /etc/update-motd.d/90-updates-available 4942 4921 /bin/sh -e /usr/lib/update-notifier/update-motd-updates- available ... 154 packages can be updated. 78 updates are security updates. Friday, March 27, 15
  • 19. DTrace Example - Continued •In a more recent ubuntu image, /etc/update- motd.d had several files removed, including /90- updates-available. Problem is gone. 19 # /bin/sh -e /usr/lib/update-notifier/update-motd-updates-available long pause here... 154 packages can be updated. 78 updates are security updates. # Friday, March 27, 15
  • 21. References • Creating an LX image - http://us-east.manta.joyent.com/jperkin/public/lximg/README • General wiki page on lx branded zones - https://wiki.smartos.org/display/DOC/LX+Branded+Zones • The source. A mid-level description of how it all works - /smartos-live/projects/illumos/usr/src/lib/brand/lx/ lx_brand/common/lx_brand.c has a large comment explaining a lot of the internals • http://www.slideshare.net/bcantrill/illumos-lx - Some history and other details • https://www.joyent.com/blog/container-service-preview - instructions for docker setup • Thanks to Snow.nl for inviting me to speak. 21 Friday, March 27, 15