Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

1,272 views

Published on

Découvrez comment virtualiser vos serveurs avec Linux Containers (LXC), afin de dupliquer à volonté des environnements Linux avec un impact minimum sur les performances. Vous apprendrez comment isoler ces différents environnements virtuels tout en limitant les ressources qui leurs sont allouées. Nous vous montrerons également les avantages et inconvénients de cette solution par rapport aux autres possibilités de virtualisation.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,272
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

  1. 1. dbi servicesLinux Containers David Hueber Senior Consultant Head of Service Management Grégory Steulet Senior Consultant Region Manager1 www.dbi-services.com 26.04.2012 © dbi services
  2. 2. Linux ContainersAgenda Agenda i. Introduction to virtualization ii. Containers presentation iii. Resources management – Cgroups iv. System Container Demo v. Core messages2 www.dbi-services.com 26.04.2012 © dbi services
  3. 3. Linux ContainersIntroduction to virtualization Why using virtualization with Oracle products ?  Resource usage optimization  Hardware cost reduction  Maintenance cost reduction  Facility cost reduction  Flexibility improvement  Availability facility  Flexibility of allocated resources – vertical scalability  Easy deployment and migration  Oracle License cost reduction – Hard partitioning only http://www.oracle.com/us/corporate/pricing/partitioning-070609.pdf3 www.dbi-services.com 26.04.2012 © dbi services
  4. 4. Linux ContainersIntroduction to virtualization partioning-070609.pdf“Hard partitioning physically segments a server, by taking a single large server andseparating it into distinct smaller systems.…Oracle has deemed certain technologies, possibly modified by configurationconstraints, as hard partitioning, and no other technology or configuration qualify. Approved hard partitioning technologies include:…Solaris 10 Containers (capped Containers only),LPAR (adds DLPAR with AIX 5.2),Integrity Virtual Machine (capped partitions only), Secure Resource Partitions (cappedpartitions only), …Oracle VM Server for x86 may be used as hard partitioning technology only asdescribed in the following document:http://www.oracle.com/technology/tech/virtualization/pdf/ovm-hardpart.pdf.…”4 www.dbi-services.com 26.04.2012 © dbi services
  5. 5. Linux ContainersIntroduction to virtualization Oracle certified virtualization solutions Platform Virtualization Technology OS Oracle DB version Oracle VM2 11gR1/11gR2 Oracle VM Linux x86 Oracle VM3 11gR2 Oracle VM Live Migration Oracle VM2 11gR1/11gR2 Complete list of certified virtual environments  http://www.oracle.com/technetwork/database/virtualizationmatrix-172995.html Actually not certified  VMware products – note ID 249212.1  KVM and XEN solutions by Red Hat, Novell or XenSource - note ID 417770.1  LXC (Linux containers)5 www.dbi-services.com 26.04.2012 © dbi services
  6. 6. Linux ContainersIntroduction to containers Virtualisation – Hypervisor type 1  Hypervisor act as an interface between Hardware and “Invited” OS  Examples: Oracle VM – VMware ESX(i) – Microsoft Hyper-V Management Application 1 Application N Software Privileged OS Invited OS Invited OS Drivers Drivers Drivers Hypervisor Hardware6 www.dbi-services.com 26.04.2012 © dbi services
  7. 7. Linux ContainersIntroduction to containers Virtualisation – Hypervisor type 2  Software running virtual machines and emulating the hardware  Examples: Oracle VirtualBox – VMware Player – Microsoft VirtualPC Application 1 Application N Management Invited OS Invited OS Software Drivers Drivers Emulator Host OS Hardware7 www.dbi-services.com 26.04.2012 © dbi services
  8. 8. Linux ContainersIntroduction to containers Virtualisation – Operating System Level  Virtual environments isolating applications / processes  Examples: Linux Container – chroot - OpenVZ Management Application 1 Application N Software Isolator Isolator Host OS Hardware8 www.dbi-services.com 26.04.2012 © dbi services
  9. 9. Linux ContainersAgenda Agenda i. Introduction to virtualization ii. Containers presentation iii. Resource management – Cgroups iv. System Container Demo v. Core messages9 www.dbi-services.com 26.04.2012 © dbi services
  10. 10. Linux ContainersContainers presentation Support.oracle.com - Bug 12696082: LINUX CONTAINERS (LXC) Comment submitted by Lenz Grimmer (Senior Oracle Manager, Oracle Linux at Oracle) Linux Containers (lxc) - this is not fully supported as of today, but will play an important role going forward. Verify if Linux Containers is supported in the Linux release you update training for and include appropriately. Alternatively include reference to OIG. *** 04/04/12 08:21 am ***10 www.dbi-services.com 26.04.2012 © dbi services
  11. 11. Linux ContainersContainers presentation Virtualisation – Operating System Level  Virtual environments isolating applications / processes Application 1 Application N Management Software(s) Invited OS Invited OS KERNEL Host OS Hardware11 www.dbi-services.com 26.04.2012 © dbi services
  12. 12. Linux ContainersContainers presentation What is it ?  Operating system-level virtualization method  Running multiple isolated environment (containers)  Each has its own processes and network space  Linux Containers relies on:  Namespace-isolation functionality  Resource management implemented via cgroups functionality  Namespace-isolation is a kernel feature to limit and isolate resources usage such as CPU, memory, disk I/O of a process group  cgroups (control groups) is a kernel feature to allocate resources usage such as CPU, memory, disk I/O to a process group12 www.dbi-services.com 26.04.2012 © dbi services
  13. 13. Linux ContainersContainers presentation Two kinds of containers: 1. Application containers 2. System containers Application Containers – application that only create separate namespacesUsage: lxc-execute --name=NAME --COMMANDlxc-execute creates a container with the identifier NAME and execs COMMAND intothis container.Options : -n, --name=NAME NAME for name of the container -f, --rcfile=FILE Load configuration file FILE -s, --define KEY=VAL Assign VAL to configuration variable KEYlxc-execute –n ContTerm -f lxc-myconf.conf /bin/bash13 www.dbi-services.com 26.04.2012 © dbi services
  14. 14. Linux ContainersContainers presentation Application Containers Single Host Controller Application Container + lxc-execute + lxc-init + lxc-init + <Application> + <App.> [root@vmlxctest1 ~]# ps -ef |grep lxc avahi 1674 1 0 18:37 ? 00:00:00 avahi-daemon: running [vmlxctest1.local] root 14512 14418 0 19:45 pts/0 00:00:00 lxc-execute -n test xclock root 14513 14512 0 19:45 pts/0 00:00:00 /usr/lib64/lxc/lxc-init -- /bin/bash root 14514 14513 0 19:45 pts/0 00:00:00 xclock --- [root@ContTerm~]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 19:45 pts/0 00:00:00 /usr/lib64/lxc/lxc-init -- /bin/bash root 2 1 0 19:45 pts/0 00:00:00 xclock root 15 2 0 19:45 pts/0 00:00:00 ps -ef14 www.dbi-services.com 26.04.2012 © dbi services
  15. 15. Linux ContainersContainers presentation Application Container  Environment  Oracle Enterprise Linux 6.2 x64  Kernel 2.6-39  Demo 1  Bash terminal in an Application Container  Networking  Start an Oracle database  Demo 2  Oracle in a background Application Container  Freeze and Unfreeze the container15 www.dbi-services.com 26.04.2012 © dbi services
  16. 16. Linux ContainersContainers presentation System Containers  Have their own Linux Operating System, as Virtual Machines  Consume less resources  have decreased isolation against control host (same Linux kernel)Usage: lxc-start --name=NAME --COMMANDlxc-start start COMMAND in specified container NAMEOptions : -n, --name=NAME NAME for name of the container -d, --daemon daemonize the container -f, --rcfile=FILE Load configuration file FILE -c, --console=FILE Set the file output for the container console -s, --define KEY=VAL Assign VAL to configuration variable KEYIf no command is specified, lxc-start will use the default "/sbin/init"command to run a system container.[root@oel62 ~]#lxc-start –n ol5test116 www.dbi-services.com 26.04.2012 © dbi services
  17. 17. Linux ContainersContainers presentation Operations on a container  Signalling [root@oel62 ~]#lxc-kill -n ol5test1 9  Pausing  Freeze [root@oel62 ~]#lxc-freeze -n ol5test1  Unfreeze [root@oel62 ~]#lxc-unfreeze -n ol5test1  Stopping [root@oel62 ~]#lxc-stop -n ol5test1  Destroying [root@oel62 ~]#lxc-destroy -n ol5test117 www.dbi-services.com 26.04.2012 © dbi services
  18. 18. Linux ContainersAgenda Agenda i. Introduction to virtualization ii. Containers presentation iii. Resource management – Cgroups iv. System Container Demo v. Core messages18 www.dbi-services.com 26.04.2012 © dbi services
  19. 19. Linux ContainersResource management - Cgroups Cgroup Model  blkio — this subsystem sets limits on input/output access to and from block devices such as physical drives (disk, solid state, USB, etc.)  cpu — this subsystem uses the scheduler to provide cgroup tasks access to the CPU  cpuacct — this subsystem generates automatic reports on CPU resources used by tasks in a cgroup  cpuset — this subsystem assigns individual CPUs (on a multicore system) and memory nodes to tasks in a cgroup.19 www.dbi-services.com 26.04.2012 © dbi services
  20. 20. Linux ContainersResource management - Cgroups Cgroup Model  devices — this subsystem allows or denies access to devices by tasks in a cgroup  freezer — this subsystem suspends or resumes tasks in a cgroup  memory — this subsystem sets limits on memory use by tasks in a cgroup, and generates automatic reports on memory resources used by those tasks  net_cls — this subsystem tags network packets with a class identifier (classid) that allows the Linux traffic controller (tc) to identify packets originating from a particular cgroup task  ns — the namespace subsystem20 www.dbi-services.com 26.04.2012 © dbi services
  21. 21. Linux ContainersResource management - Cgroups Cgroup demonstration with blkio  Creation of two cgroups for the blkio subsystem[root@oel62 ~]# mkdir /cgroup/blkio/lab1[root@oel62 ~]# mkdir /cgroup/blkio/lab2  Finding major and minor number for /u01 - /dev/sde1[root@oel62 ~]# df -h | grep /u01/dev/sde 9.9G 2.0G 7.5G 21% /u01[root@oel62 ~]# ls -l /dev/sdebrw-rw----. 1 root disk 8, 64 Apr 7 12:04 /dev/sde  Setting various blkio upper limit for read operations per second to 100Mb/s and 50Mb/s[root@oel62 ~]# echo "8:64 104857600" >/cgroup/blkio/lab1/blkio.throttle.read_bps_device[root@oel62 ~]# echo "8:64 52428800" >/cgroup/blkio/lab2/blkio.throttle.read_bps_device21 www.dbi-services.com 26.04.2012 © dbi services
  22. 22. Linux ContainersResource management - Cgroups Creation of two 3Gb file (file_1 and file_2)[root@oel62 ~]# dd if=/dev/zero of=/u01/file_1 bs=1M count=3000[root@oel62 ~]# dd if=/dev/zero of=/u01/file_2 bs=1M count=3000 Reading first file with cgroup lab1 and executing iotop[root@oel62 ~]# cgexec -g blkio:lab1 time dd if=/u01/file_1 of=/dev/null[root@oel62 ~]# iotop -oTotal DISK READ: 98.93 M/s | Total DISK WRITE: 0.00 B/sTID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND1567 be/4 root 98.93 M/s 0.00 B/s 0.00 % 61.95% dd if=/u01/file_1 of.. Reading first file with cgroup lab2 and executing iotop[root@oel62 ~]# cgexec -g blkio:lab2 time dd if=/u01/file_2 of=/dev/null[root@oel62 ~]# iotop -oTotal DISK READ: 48.09 M/s | Total DISK WRITE: 0.00 B/sTID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND1565 be/4 root 51.57 M/s 0.00 B/s 0.00 % 74.19% dd if=/u01/file_2 of..22 www.dbi-services.com 26.04.2012 © dbi services
  23. 23. Linux ContainersAgenda Agenda i. Introduction to virtualization ii. Containers presentation iii. Resource management - Cgroups iv. System Container Demo v. Core messages23 www.dbi-services.com 26.04.2012 © dbi services
  24. 24. Linux ContainersContainers presentation System Container  Environment  Oracle Enterprise Linux 6.2 x64  Kernel 2.6-39  Demo 1  Start a system container  See configuration file  See processes and file system  Demo 2  See template principle  Deploy a system container from a template24 www.dbi-services.com 26.04.2012 © dbi services
  25. 25. dbi services current situationAgenda Agenda i. Introduction to virtualization ii. Containers presentation iii. Resource management - Cgroups iv. System Container Demo v. Core messages25 www.dbi-services.com 26.04.2012 © dbi services
  26. 26. Linux ContainersCore messages Part of the Linux Kernel  Available on almost all distribution Future technology for Oracle products  Presented as key feature in the Oracle Linux roadmap (OOW11) Performance efficiency  Resources usage  Fine grained resources allocation Easy implementation and maintenance  Mainly for Application Containers26 www.dbi-services.com 26.04.2012 © dbi services
  27. 27. Linux ContainersCore messages Limited isolation against Host  Limitation on kernel version Limited documentation  Good introduction blog on blogs.oracle.com OS virtualization – Limited to Linux Guests Not a mature technology, virtualization technology not certified for Oracle products27 www.dbi-services.com 26.04.2012 © dbi services
  28. 28. dbi servicesAny Questions ? Please Do Ask ! David Hueber Senior Consultant Head of Service Management Grégory Steulet Senior Consultant Region Manager „Enjoy Containers !“28 www.dbi-services.com 26.04.2012 © dbi services

×