LSA2 - 02 Namespaces

2,981 views

Published on

Linux System Administration 2 - 02 Namespaces

Published in: Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,981
On SlideShare
0
From Embeds
0
Number of Embeds
2,383
Actions
Shares
0
Downloads
23
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

LSA2 - 02 Namespaces

  1. 1. Linux Linux  NamespacesNamespaces
  2. 2. Why do we need that?Why do we need that?
  3. 3. What namespaces do we have?What namespaces do we have? ● UTS namespace ● User namespace ● PID namespace ● IPC namespace ● Mount namespace ● Network namespace
  4. 4. Kernel configuration?Kernel configuration? General Setup -> Namespaces support -> * CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y CONFIG_USER_NS=y CONFIG_PID_NS=y CONFIG_NET_NS=y
  5. 5. Software implementationSoftware implementation #include <sched.h> int clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ... /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ ); clone() creates a new process... CLONE_NEWUTS CLONE_NEWIPC CLONE_NEWNET CLONE_NEWPID CLONE_NEWNS CLONE_NEWUSER
  6. 6. Software implementationSoftware implementation #include <sched.h> int setns(int fd, int nstype); Given a file descriptor referring to a namespace, reassociate the calling thread with that namespace. Supports: CLONE_NEWIPC CLONE_NEWNET CLONE_NEWUTS
  7. 7. UTS namespaceUTS namespace The server is installed in Chicago. Timezone: North America -> US -> Chicago App requires timezone: Europe -> London If the app can not handle the timezone change by its own... we have three choices: 1. Create a chrooted environment with different default timezone 2. Create a virtual machine and put the app there 3. Create a new UTS namespace and start the app in it
  8. 8. User namespaceUser namespace User authentication and mapping files: ● /etc/passwd ● /etc/group ● /etc/shadow - What if we want to create a username called pesho, but such user already exists? - What if we want to create user joan with UID 1005, but there is already user pesho with UID 1005?
  9. 9. IPC namespaceIPC namespace Unix/Linux IPCs - unix domain sockets - shared memory - semaphores - message queues /proc/PID/fd/ |- 3 -> socket:[3537]
  10. 10. IPC namespaceIPC namespace Unix/Linux IPCs - unix domain sockets - shared memory - semaphores - message queues key shmid owner perms bytes nattch 0x0052e2c1 1139834880 postgres 600 37879808 4
  11. 11. Network namespaceNetwork namespace - IP - IPv6 - Routing - TCP - UDP - SCTP - DCCP - RDS ● Having а separate loopback device for a process ● Or simply test the MySQL server on the same IP ● Completely different routing for a process
  12. 12. Mount namespaceMount namespace the most complex one... having only one / is a problem... - at around 22000 mounts everything on your machine starts to lag... no matter how many cores or ram you have :( - having a different /proc/mounts per process would be nice and very interesting to implement... :)
  13. 13. PID namespacePID namespace Migration of processes between machines (CRIU) It allows you to have a two or more processes running with the same PID. PID - is the PID on the host machine NSPID - is the PID that the process sees PID NSPID 1421 5420 ssh-agent 1730 5420 xchat 1756 5420 firefox

×