While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
Recording here: https://www.youtube.com/watch?v=5W4n9K3PIVg
Since Docker was open sourced in 2013, the community and adoption around Docker containers has grown to over 6 billion downloads and over 1000 contributors. Learn about why this is, and why you should start using containers for your own applications.
Embedded Recipes 2018 - Yoctoception: Containers in the embedded world - Jéré...Anne Nicolas
Containerisation is a new player in the embedded world. Provisionning and rapid deployment doesn’t really make sense for embedded devices, but the extra security that container partitionning brings to the table is quickly becoming a “must have” for every embedded device.
However, the embedded world has its own constraints. Generic distributions like debian or Fedora are rarely used and tools like dockers can’t build software with custom build-chains the way Yocto or buildroot does it.
This talk will quickly review what are linux containers, why they are usefull in the embedde world, and then will study ways to generate container images using the yocto infrastructure and integrate them in another yocto image without breaking the package-based update system that Yocto provides.
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...ICS
Updating device software has always been a complicated process. Today, widespread use of connected IoT device fleets, along with escalating concern over cybersecurity, has made that process even more complex. Fortunately, there are a number of well-established open source solutions to help you address software update needs. But, with so many options, how do you determine which solution is right for your device?
This webinar will provide the foundation you need to make an informed decision. We’ll examine several different industry approaches, including A/B updates with a dual-redundant scheme, delta updates, container-based updates and combined strategies, as well as the leading technologies that support these approaches. Open source technologies such as Mender, RAUC and libostree-based solutions implement these strategies and provide tools to manage updates of multiple devices.
We’ll also review a variety of open source Linux software update technologies, and offer practical examples for integrating them using the Yocto Project and OpenEmbedded. In order to help you better understand the strengths and weaknesses of each technology, we’ll deep dive into various real-world use cases, including leveraging CAAM (Cryptographic Accelerator and Assurance Module) hardware on Freescale i.MX6 hardware for encrypted and signed updates and using Microsoft Azure IoT to host software updates from the cloud.
Learn, Collaborate & Dockerize. Docker is an open platform that helps you build, ship and run applications anytime and anywhere.
Join Docker Jaipur:
Docker Page: events.docker.com/jaipur
Telegram Group: t.me/dockerjaipur
Twitter: @JaipurDocker
Linux Containers (LXC) @Open Source Camp Moldova 2018
LXC (Linux Containers) is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel. https://en.wikipedia.org/wiki/LXC
Recording here: https://www.youtube.com/watch?v=5W4n9K3PIVg
Since Docker was open sourced in 2013, the community and adoption around Docker containers has grown to over 6 billion downloads and over 1000 contributors. Learn about why this is, and why you should start using containers for your own applications.
Embedded Recipes 2018 - Yoctoception: Containers in the embedded world - Jéré...Anne Nicolas
Containerisation is a new player in the embedded world. Provisionning and rapid deployment doesn’t really make sense for embedded devices, but the extra security that container partitionning brings to the table is quickly becoming a “must have” for every embedded device.
However, the embedded world has its own constraints. Generic distributions like debian or Fedora are rarely used and tools like dockers can’t build software with custom build-chains the way Yocto or buildroot does it.
This talk will quickly review what are linux containers, why they are usefull in the embedde world, and then will study ways to generate container images using the yocto infrastructure and integrate them in another yocto image without breaking the package-based update system that Yocto provides.
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...ICS
Updating device software has always been a complicated process. Today, widespread use of connected IoT device fleets, along with escalating concern over cybersecurity, has made that process even more complex. Fortunately, there are a number of well-established open source solutions to help you address software update needs. But, with so many options, how do you determine which solution is right for your device?
This webinar will provide the foundation you need to make an informed decision. We’ll examine several different industry approaches, including A/B updates with a dual-redundant scheme, delta updates, container-based updates and combined strategies, as well as the leading technologies that support these approaches. Open source technologies such as Mender, RAUC and libostree-based solutions implement these strategies and provide tools to manage updates of multiple devices.
We’ll also review a variety of open source Linux software update technologies, and offer practical examples for integrating them using the Yocto Project and OpenEmbedded. In order to help you better understand the strengths and weaknesses of each technology, we’ll deep dive into various real-world use cases, including leveraging CAAM (Cryptographic Accelerator and Assurance Module) hardware on Freescale i.MX6 hardware for encrypted and signed updates and using Microsoft Azure IoT to host software updates from the cloud.
Learn, Collaborate & Dockerize. Docker is an open platform that helps you build, ship and run applications anytime and anywhere.
Join Docker Jaipur:
Docker Page: events.docker.com/jaipur
Telegram Group: t.me/dockerjaipur
Twitter: @JaipurDocker
Linux Containers (LXC) @Open Source Camp Moldova 2018
LXC (Linux Containers) is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel. https://en.wikipedia.org/wiki/LXC
Give you an overview about
– device virtualization on ARM
– Benefit and real products
– Android specific virtualization consideration
– doing virtualization in several approaches
Tengamos nuestro primer acercamiento a el gestor de contenedores más usado en la industria y sus ventajas para arquitecturas orientadas a microservicios.
In this talk we will discuss how to build and run containers without root privileges. As part of the discussion, we will introduce new programs like fuse-overlayfs and slirp4netns and explain how it is possible to do this using user namespaces. fuse-overlayfs allows to use the same storage model as "root" containers and use layered images. slirp4netns emulates a TCP/IP stack in userland and allows to use a network namespace from a container and let it access the outside world (with some limitations).
We will also introduce Usernetes, and how to run Kubernetes in an unprivileged user namespace
https://sched.co/Jcgg
Docker Compose is the last piece of the orchestration puzzle. After provisioning Docker daemons on any host in any location with Docker Machine and clustering them with Docker Swarm, users can employ Docker Compose to assemble multi-container distributed apps that run on top of these clusters.
The first step to employing Docker Compose is to use a simple YAML file to declaratively define the desired state of the multi-container app:
containers:
web:
build: .
command: python app.py
ports:
- "5000:5000"
volumes:
- .:/code
links:
- redis
environment:
- PYTHONUNBUFFERED=1
redis:
image: redis:latest
command: redis-server --appendonly yes
This example shows how Docker Compose takes advantage of existing containers. Specifically, in this simple two-container app declaration, the first container is a Python app built each time from the Dockerfile in the current directory. The second container is built from the redis Official Repo on the Docker Hub Registry. The links directive declares that the Python app container is dependent on the redis container.
Not that it’s defined, starting your app is as easy as …
% docker up
With this single command, the Python container is automatically built from its Dockerfile and the redis container is pulled from the Docker Hub Registry. Then, thanks to the links directive expressing the dependency between the Python and redis containers, the redis container is started *first*, followed by the Python container.
Docker Compose is still a work-in-progress and we want your help to design it. In particular, we want to know whether or not you think this should be a part of the Docker binary or a separate tool. Head over to the proposal on GitHub to try out an alpha build and have your say.
Coda
All this is just the briefest introduction to Docker Machine, Docker Swarm, and Docker Compose. We hope you’ll take a moment to try them out and give us feedback – these projects are moving quickly and we welcome your input!
We also wish to thank the many community members who have contributed their experience, feedback, and pull requests during the pre-Alpha iterations of these projects. It’s thanks to you that we were able to make so much progress so quickly, and in the right direction.
Distributed apps offer many benefits to users – portability, scalability, dynamic development-to-deployment acceleration – and we’re excited by the role the Docker platform, community, and ecosystem are playing in making these apps easier to build, ship, and run. We’ve got a ways to go, but we’re psyched by this start – join us and help us get there faster!
In order to understand HAL layers of Android Framework, having Linux device driver knowledge is important. Hence Day-2 of the workshop focuses on the same.
Watch this presentation and learn all about Microservices.
*Flannel, Weave, IPVLAN, MacVLAN and how they fit together with Docker, Swarm or Kubernetes
*How containers communicate with each other
*How the choice of Networking Interface impacts router and switch deployment in the Data Center
Introduction to OS LEVEL Virtualization & ContainersVaibhav Sharma
This Presentation contains information about os level virtualization and Containers internals. It has used other material on slide share which is referenced in Notes of PPT
Containers, From Development to Production2nd Watch
Many organizations want to implement some type of microservices strategy, commonly by way of containers. Running containers in development can create fast feedback cycles and gives developers additional autonomy while working, but how does this translate to running containers in production? In this webinar we will talk about the main drivers and challenges with containers, as well as the huge divide between running containers in development and operationalizing your application at scale and for production release.
Automation of Software Engineering with OCI DevOps Build and Deployment Pipel...Lucas Jellema
Automation of software delivery has several advantages. Prevention of human error is certainly one. Consistent and complete execution of tried and tested build and deployment tasks as the only way to apply changes in the live environment. Once the pipelines have been set up, the engineers can focus on the software and applying the required changes to it. To bring that software all the way to production is a breeze. Oracle Cloud Infrastructure offers the DevOps service, introduced in the Summer of 2021. This service comes with git style code repositories, build servers and build pipelines, artifact repositories as well as deployment pipelines. This session introduces OCI DevOps and demonstrates how software can be built and deployed on OKE Kubernetes, Compute Instance VMs and Oracle Functions. From simple source code an application is put in production without manual intervention in the build and deployment process.
Give you an overview about
– device virtualization on ARM
– Benefit and real products
– Android specific virtualization consideration
– doing virtualization in several approaches
Tengamos nuestro primer acercamiento a el gestor de contenedores más usado en la industria y sus ventajas para arquitecturas orientadas a microservicios.
In this talk we will discuss how to build and run containers without root privileges. As part of the discussion, we will introduce new programs like fuse-overlayfs and slirp4netns and explain how it is possible to do this using user namespaces. fuse-overlayfs allows to use the same storage model as "root" containers and use layered images. slirp4netns emulates a TCP/IP stack in userland and allows to use a network namespace from a container and let it access the outside world (with some limitations).
We will also introduce Usernetes, and how to run Kubernetes in an unprivileged user namespace
https://sched.co/Jcgg
Docker Compose is the last piece of the orchestration puzzle. After provisioning Docker daemons on any host in any location with Docker Machine and clustering them with Docker Swarm, users can employ Docker Compose to assemble multi-container distributed apps that run on top of these clusters.
The first step to employing Docker Compose is to use a simple YAML file to declaratively define the desired state of the multi-container app:
containers:
web:
build: .
command: python app.py
ports:
- "5000:5000"
volumes:
- .:/code
links:
- redis
environment:
- PYTHONUNBUFFERED=1
redis:
image: redis:latest
command: redis-server --appendonly yes
This example shows how Docker Compose takes advantage of existing containers. Specifically, in this simple two-container app declaration, the first container is a Python app built each time from the Dockerfile in the current directory. The second container is built from the redis Official Repo on the Docker Hub Registry. The links directive declares that the Python app container is dependent on the redis container.
Not that it’s defined, starting your app is as easy as …
% docker up
With this single command, the Python container is automatically built from its Dockerfile and the redis container is pulled from the Docker Hub Registry. Then, thanks to the links directive expressing the dependency between the Python and redis containers, the redis container is started *first*, followed by the Python container.
Docker Compose is still a work-in-progress and we want your help to design it. In particular, we want to know whether or not you think this should be a part of the Docker binary or a separate tool. Head over to the proposal on GitHub to try out an alpha build and have your say.
Coda
All this is just the briefest introduction to Docker Machine, Docker Swarm, and Docker Compose. We hope you’ll take a moment to try them out and give us feedback – these projects are moving quickly and we welcome your input!
We also wish to thank the many community members who have contributed their experience, feedback, and pull requests during the pre-Alpha iterations of these projects. It’s thanks to you that we were able to make so much progress so quickly, and in the right direction.
Distributed apps offer many benefits to users – portability, scalability, dynamic development-to-deployment acceleration – and we’re excited by the role the Docker platform, community, and ecosystem are playing in making these apps easier to build, ship, and run. We’ve got a ways to go, but we’re psyched by this start – join us and help us get there faster!
In order to understand HAL layers of Android Framework, having Linux device driver knowledge is important. Hence Day-2 of the workshop focuses on the same.
Watch this presentation and learn all about Microservices.
*Flannel, Weave, IPVLAN, MacVLAN and how they fit together with Docker, Swarm or Kubernetes
*How containers communicate with each other
*How the choice of Networking Interface impacts router and switch deployment in the Data Center
Introduction to OS LEVEL Virtualization & ContainersVaibhav Sharma
This Presentation contains information about os level virtualization and Containers internals. It has used other material on slide share which is referenced in Notes of PPT
Containers, From Development to Production2nd Watch
Many organizations want to implement some type of microservices strategy, commonly by way of containers. Running containers in development can create fast feedback cycles and gives developers additional autonomy while working, but how does this translate to running containers in production? In this webinar we will talk about the main drivers and challenges with containers, as well as the huge divide between running containers in development and operationalizing your application at scale and for production release.
Automation of Software Engineering with OCI DevOps Build and Deployment Pipel...Lucas Jellema
Automation of software delivery has several advantages. Prevention of human error is certainly one. Consistent and complete execution of tried and tested build and deployment tasks as the only way to apply changes in the live environment. Once the pipelines have been set up, the engineers can focus on the software and applying the required changes to it. To bring that software all the way to production is a breeze. Oracle Cloud Infrastructure offers the DevOps service, introduced in the Summer of 2021. This service comes with git style code repositories, build servers and build pipelines, artifact repositories as well as deployment pipelines. This session introduces OCI DevOps and demonstrates how software can be built and deployed on OKE Kubernetes, Compute Instance VMs and Oracle Functions. From simple source code an application is put in production without manual intervention in the build and deployment process.
Cumulus Linux supports great networking, what’s next? Matt Peterson (@dorkmatt) our resident expert from the office of the CTO shares his previous experience, his views on devops, and how Cumulus Networks makes it easier to manage networks with ONIE, ZTP and no CLI! “Devops is a lifestyle, shared responsibility”. With Linux as the networks OS, “it’s all just one apt-get away!”
Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
2. Agenda
● An example systemd-nspawn container
● What is systemd-nspawn and systemd
● Related Concept: Kernel CGroups
● Bootable containters
● Containers as Service
● Advanced topic: Socket Activation
7. 7
What is systemd? 1/3
• a system- and session manager for Linux,
• provides aggressive parallelization capabilities,
(no shell during boot!)
• uses socket and D-Bus activation for starting services,
• offers on-demand starting of services,
• keeps track of processes using Linux cgroups,
8. 8
What is systemd? 2/3
• supports restoring the system's state to a predefined state,
• maintains mount and auto-mount points,
• provides dependency based service control logic,
• provides replacement for a nr. of well-known tools, e.g.:
udev, automount, inetd, consolekit and syslog,
• a drop-in replacement for sysvinit
9. 9
What is systemd? 3/3
There is a lot of criticism and opinions as well...
• “It's not the UNIX way”
referring to the “do one thing and do it well” maxim
• “It's monolithic”
• “It introduces too many dependencies”
• (and worse)
... but we won't be addressing these today :-)
10. 10
An aside: People and Innovation...
“If I had asked people
what they wanted, they
would have said faster
horses”
Henry Ford
11. 11
What is systemd-nspawn?
• “chroot on steroids...”
• Invented for debug and test of systemd development
• Turns out to be a great container manager
• systemd-nspawn vs. docker
‣ Management container vs. container+images
‣ Inherited networking vs. Need to set up networking
12. 12
systemd adoption
Distribution Added to repositories Enabled by default? Released as default
SUSE Linux
Enterprise
v12 Yes Yes
openSUSE v11.4 Yes v12.2 (2012)
Fedora v15 (2011) Yes v15 (2011)
Red Hat Linux
Enterprise
v7 (2014) Yes v7 (2014)
Debian in 2012 Yes v8 (2015)
Arch Linux in 2012 Yes 2012
Ubuntu v13.04 (2013) Yes v15.04 (2015)
see also: http://en.wikipedia.org/wiki/Systemd#Adoption_and_reception
17. 17
Bootable OS container [2/4]
Boot container
• Boot container
‣ systemd-nspawn
-bD /srv/containers/centos/
# systemd-nspawn -bD /srv/containers/centos/
systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
+IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
Detected virtualization 'systemd-nspawn'.
Welcome to CentOS Linux 7 (Core)!
Set hostname to <centos7c0>.
[ OK ] Reached target Remote File Systems.
[ OK ] Created slice Root Slice.
[ OK ] Created slice User and Session Slice.
[ OK ] Created slice System Slice.
[ OK ] Created slice system-getty.slice.
[ OK ] Reached target Slices.
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Socket.
Starting Journal Service...
[ OK ] Started Journal Service.
[ OK ] Reached target Paths.
Mounting Debug File System...
Mounting FUSE Control File System...
Starting Create static device nodes in /dev...
Mounting POSIX Message Queue File System...
[...]
[ OK ] Started Login Service.
[ OK ] Started Permit User Sessions.
Starting Console Getty...
[ OK ] Started Console Getty.
[ OK ] Reached target Login Prompts.
[ OK ] Reached target Multi-User System.
CentOS Linux 7 (Core)
Kernel 3.16.7-7-desktop on an x86_64
centos7c0 login:
18. 18
Bootable OS container [3/4]
Instance properties
OS Properties from inside the
container
CentOS Linux 7 (Core)
Kernel 3.16.7-7-desktop on an x86_64
centos7c0 login: root
Password:
Last login: Sat Apr 11 23:22:04 on console
-bash-4.2#
-bash-4.2# hostnamectl
Static hostname: centos7c0
Icon name: computer-container
Chassis: container
Machine ID: afb4a0719ad842c99dd7cc704919a2fe
Boot ID: 7c03b147c9114632b96bbeb2a462cf5a
Virtualization: systemd-nspawn
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.16.7-7-desktop
Architecture: x86_64
-bash-4.2#
Container properties
# machinectl
MACHINE CONTAINER SERVICE
centos container nspawn
1 machines listed.
physnode1:~
# systemd-cgls
├─1 /usr/lib/systemd/systemd --switched-root --system
--deserialize 21
├─machine.slice
│ └─machine-centos.scope
│ ├─10159 /usr/lib/systemd/systemd
│ └─system.slice
│ ├─dbus.service
│ │ └─10184 /bin/dbus-daemon --system --address=systemd:
--nofork --nopidfile --systemd-activation
│ ├─systemd-journald.service
│ │ └─10167 /usr/lib/systemd/systemd-journald
│ ├─systemd-logind.service
│ │ └─10183 /usr/lib/systemd/systemd-logind
│ └─console-getty.service
│ └─10189 /sbin/agetty --noclear --keep-baud console
115200 38400 9600
├─system.slice
19. 19
Bootable OS container [4/4]
Shutdown container
• Shutdown container from the
inside:
‣ Type: `init 0` or `poweroff`
Note: will require running init in
container
‣ Type: ^]^]^] ( 3x CTRL+[ )
• Shutdown container from the
host
‣ machinectl terminate $CONT
-bash-4.2# init 0
[ OK ] Removed slice user-0.slice.
[ OK ] Removed slice system-getty.slice.
Stopping Hostname Service...
[ OK ] Stopped target Graphical Interface.
[ OK ] Stopped target Multi-User System.
[ OK ] Stopped target Login Prompts.
Stopping Console Getty...
Stopping Login Service...
Stopping D-Bus System Message Bus...
[ OK ] Stopped Login Service.
[ OK ] Stopped D-Bus System Message Bus.
[ OK ] Stopped Console Getty.
Stopping Permit User Sessions...
[ OK ] Stopped Permit User Sessions.
[ OK ] Stopped target Remote File Systems.
[ OK ] Stopped Hostname Service.
[ OK ] Stopped target Basic System.
[ OK ] Stopped target Slices.
[ OK ] Removed slice User and Session Slice.
[ OK ] Stopped target Paths.
[ OK ] Stopped target Timers.
[ OK ] Stopped target Sockets.
[ OK ] Closed D-Bus System Message Bus Socket.
[ OK ] Stopped target System Initialization.
[ OK ] Stopped target Encrypted Volumes.
Stopping Load/Save Random Seed...
Stopping Update UTMP about System Reboot/Shutdown...
[ OK ] Stopped target Swap.
[ OK ] Stopped Update UTMP about System Reboot/Shutdown.
[ OK ] Stopped Load/Save Random Seed.
Stopping Create Volatile Files and Directories...
[ OK ] Stopped Create Volatile Files and Directories.
[ OK ] Reached target Shutdown.
physnode1:/srv/containers #
20. 20
Networking and systemd-nspawn containers
Networking in container
-bash-4.2# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: wlp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
mq state UP qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff
inet 10.1.2.27/21 brd 10.1.7.255 scope global dynamic
wlp12s0
valid_lft 14611sec preferred_lft 14611sec
inet6 fe80::224:d6ff:fe89:521e/64 scope link
valid_lft forever preferred_lft forever
3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500
qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:aa:bb:cc:dd:ee brd ff:ff:ff:ff:ff:ff
-bash-4.2# md5sum /etc/resolv.conf
a92a6e440cd677ad17748aa29c5a7333 /etc/resolv.conf
‣ By default the nspawn container will inherit the network settings
‣ /etc/resolv.conf will be copied into container
Networking at Host OS
physnode1:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: wlp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
mq state UP group default qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff
inet 10.1.2.27/21 brd 10.1.7.255 scope global dynamic
wlp12s0
valid_lft 14433sec preferred_lft 14433sec
inet6 fe80::224:d6ff:fe89:521e/64 scope link
valid_lft forever preferred_lft forever
3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500
qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 00:aa:bb:cc:dd:ee brd ff:ff:ff:ff:ff:ff
physnode1:~ # md5sum /etc/resolv.conf
a92a6e440cd677ad17748aa29c5a7333 /etc/resolv.conf
21. 21
More advanced networking
‣ Create a virtual ethernet device, with name “vb-$machinename”
‣ Connect veth device to bridge “virbr0”
systemd-nspawn -bD /srv/containers/opensuse132/
--network-bridge=virbr0 --network-veth
virbr0
veth
(host0)
veth
(vb-opensuse132c0)
opensuse132
physnode1
opensuse132c0:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group [...]
2: host0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen
1000
link/ether 36:e3:35:8d:8e:95 brd ff:ff:ff:ff:ff:ff
opensuse132c0:~ #
physnode1:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
[...]
29: vb-opensuse132c0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 0a:62:90:a4:b5:72 brd ff:ff:ff:ff:ff:ff
physnode1:~ #
22. 22
journald and systemd-nspawn containers
• Integrating the journal of the
host and the container
# systemd-nspawn
-bD /srv/containers/centos
--link-journal=host
24. 24
Container as service
• Install Apache and a few other
packages
• Create a machine-id for the
container
• Create systemd unit file
#install Apache
zypper --root /srv/containers/opensuse132/ install
openSUSE-release-13.2 apache2 timezone iproute2 rsyslog
# set up machine-id
systemd-nspawn -D /srv/containers/opensuse132/
systemd-machine-id-setup
# unit file:
cat <<EOF > /etc/systemd/system/opensuse132c0.service
[Unit]
Description=Start an openSUSE 13.2 container
Wants=network.target nss-lookup.target
After=network.target nss-lookup.target
[Service]
Type=notify
PrivateTmp=true
ExecStart=/usr/bin/systemd-nspawn -M opensuse132c0
-jD /srv/containers/opensuse132/
ExecStop=/usr/bin/machinectl terminate opensuse132c0
[Install]
WantedBy=machines.target
EOF
25. 25
Managing containers
nsenter
• nsenter - run program with
namespaces of other
processes
# machinectl
MACHINE CONTAINER SERVICE
opensuse132c0 container nspawn
1 machines listed.
# machinectl status opensuse132c0
opensuse132c0
Since: Sun 2015-04-12 03:54:18 CEST; 37s ago
Leader: 17717 (systemd)
Service: nspawn; class container
Root: /srv/containers/opensuse132
Unit: machine-opensuse132c0.scope
├─17717 /usr/lib/systemd/systemd
└─system.slice
├─dbus.service
[…]
# nsenter --target 17717 --mount --uts --ipc --net –pid
opensuse132c0:/ #
opensuse132c0:/ # systemctl disable rsyslog
rm '/etc/systemd/system/multi-user.target.wants/rsyslog.service'
rm '/etc/systemd/system/syslog.service'
opensuse132c0:/
26. 26
Summary
systemd-nspawn
• Makes containers easy
• Everyone familiar with “chroot” instantly “gets” systemd-nspawn
• Does not have special dependencies, like e.g. docker
• It is available on all modern Linux distro's