Low fat virtualization for embedded systems


Published on

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Low fat virtualization for embedded systems

  1. 1. “Low Fat” Virtualization 6e Séminaire fribourgeois Linux embarqué Dr Jacques Supcik Ecole d’ingénieurs etd’architectes de Fribourg 8 mai2014
  2. 2. “Classical” Virtualization…
  3. 3. Effective… but not light
  4. 4. Virtualization needs a lot of resources
  5. 5. Virtualization works best with special hardware
  6. 6. So what about a more “skinny” virtualization
  7. 7. Types of Virtualization
  8. 8. chroot The chrootsystem callwas introduced duringdevelopmentof Version 7 Unix in 1979 is was available since 1982 (32 years old). Provides (partial) file system isolation only. “root” users can stillescape chroot. requires some manuallinking(or copying) of system files.
  9. 9. BSD's “Jail”
  10. 10. BSD's “Jail” Available since 1998 (16 years old). Provides disk and CPUquotas, memorylimits, network and rootprivilege isolation.
  11. 11. OpenVZ Available since 2005 (9 years old). Requires aspecialkernel. Adds I/O rate limiting, partition checkpointingand live migration. Stillused byhostingcompanies to provide virtualprivate servers.
  12. 12. OpenVZ Source: OpenVZ Web site Container looks like anormalLinux system. Ithas standard startup scripts, software from vendors can run inside Container withoutOpenVZ-specific modifications or adjustment. Auser can change anyconfiguration file and installadditional software. Containers are fullyisolated from each other (file system, processes, Inter Process Communication (IPC), sysctl variables).
  13. 13. OpenVZ Source: OpenVZ Web site Containers share dynamic libraries, which greatlysaves memory. Processes belongingto aContainer are scheduled for execution on allavailable CPUs. Consequently, Containers are notbound to onlyone CPUand can use allavailable CPU power.
  14. 14. LXC Linux Container
  15. 15. LXC Linux Container Available since 2008 (6 years old). Relies on the Linux kernel“cgroups” functionalitythatwas released in version 2.6.24. Fullfile system isolation and rootprivilege isolation since version 1.0 (February2014 /Linux kernel3.8) No partition checkpointingand no live migration! “chrooton steroids”.
  16. 16. Cgroups (control groups) Name space Isolation PID namespace : Isolation for the allocation of process identifiers. Network namespace : Isolates the NIC, iptables rules, routing, etc. “UTS” namespace : Allows changingthe hostname. Mountnamespace : Allows creatingadifferentfile system layout. IPC namespace : Isolates the System VIPC.
  17. 17. Docker Available since 2013 (1 year old young). Based on LXC. Is currentlyunder heavydevelopment. Docker should notbe used in production (yet). “Docker is an open-source engine thatautomates the deploymentof anyapplication as alightweight, portable, self- sufficientcontainer thatwillrun virtuallyanywhere.”
  18. 18. Docker If you wantto try“Docker” you can easillydo iton a“Droplet” at DigitalOcean. (5$ for 1 month)
  19. 19. Thank You!
  20. 20. References http://japanese.lingualift.com/blog/what-sumo-eat-wrestlers-diet/ http://community.futureshop.ca/t5/Tech-Blog/How-to-build-a-PC-How-to-upgrade- your-RAM/ba-p/426769 https://en.wikipedia.org/wiki/Western_Digital_Raptor http://www.pcper.com/news/General-Tech/ARM-aims-make-TSMC-Fab-choice- their-customers http://www.reflexandwellnessclinic.com/projects/services/ https://en.wikipedia.org/wiki/Chroot http://sysadvent.blogspot.ch/2010/12/day-14-freebsd-jails.html http://openvz.org/User_Guide/OpenVZ_Philosophy https://linuxcontainers.org/ http://www.linuxadvocates.com/2013/04/linux-containers-and-why-they- matter.html https://www.docker.io/ https://en.wikipedia.org/wiki/Operating_system-level_virtualization https://en.wikipedia.org/wiki/LXC