This document outlines a project to create a single installer ISO that delivers a functional Xen hypervisor on CentOS without requiring a preexisting CentOS installation. The ISO would upgrade the kernel to match Xen repositories and configure networking and storage, allowing Xen to run out of the box. It would provide options for self-hosted or bridged networking and file-backed or LVM storage. The goal is to facilitate easy consumption of Xen and extensions like OpenStack or OpenNebula.
Presentation given at the 2017 LinuxCon China
With the booming of Container technology, it brings obvious advantages for cloud: simple and faster deployment, portability and lightweight cost. But the networking challenges are significant. Users need to restructure their network and support container deployment with current cloud framework, like container and VMs.
In this presentation, we will introduce new container networking solution, which provides one management framework to work with different network componenets through Open/friendly modelling mechnism. iCAN can simplify network deployment and management with most orchestration systems and a variety of data plane components, and design extendsible architect to define and validate Service Level Agreement(SLA) for cloud native applications, which is important factor for enterprise to deliver successful and stable service via containers.
DockerCon EU 2015: Docker Networking Deep DiveDocker, Inc.
with Jana Radhakrishnan, Lead Software Engineer at Docker, and David Tucker, Product Manager, Docker
Docker Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. The networked containers can even span multiple hosts, so you don’t have to worry about what host your container lands on. They can seamlessly communicate with each other wherever they are - thus enabling true distributed applications.
And Networking is pluggable, so you can use any third-party networking driver to power your networks without having to make any changes to your application.
Read more: https://blog.docker.com/2015/11/docker-multi-host-networking-ga/
--
Docker is an open platform for developers and system administrators to build, ship and run distributed applications. With Docker, IT organizations shrink application delivery from months to minutes, frictionlessly move workloads between data centers and the cloud and can achieve up to 20X greater efficiency in their use of computing resources. Inspired by an active community and by transparent, open source innovation, Docker containers have been downloaded more than 700 million times and Docker is used by millions of developers across thousands of the world’s most innovative organizations, including eBay, Baidu, the BBC, Goldman Sachs, Groupon, ING, Yelp, and Spotify. Docker’s rapid adoption has catalyzed an active ecosystem, resulting in more than 180,000 “Dockerized” applications, over 40 Docker-related startups and integration partnerships with AWS, Cloud Foundry, Google, IBM, Microsoft, OpenStack, Rackspace, Red Hat and VMware.
Learn more at www.docker.com
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
Presentation delivered at LinuxCon China 2016
UEFI HTTP/HTTPS Boot is a new feature of UEFI 2.5+. In the meantime, this feature is not yet implemented in any Linux bootloader. This Birds of a Feather session will give an introduction to UEFI HTTP/HTTPS Boot, and share a proof-of-concept implementation based on grub2 that works on both the emulator (QEMU/OVMF) and HPE ProLiant Gen10 servers.
For HTTPS, the experience and comparison will be shared between the purely software-based and UEFI-based implementations in the aspects of ease of implementation, security strength, and limitation.
Presentation delivered at LinuxCon China 2017 by Greg Kroah-Hartman.
The Linux kernel is the largest collaborative software development projects ever. This talk will discuss exactly how Linux is developed, how fast it is happening, who is doing the work, and how we all stay sane keeping up with it. It will discuss the development model used, and how it differs from almost all "traditional" models of software development.
Presentation given at the 2017 LinuxCon China
With the booming of Container technology, it brings obvious advantages for cloud: simple and faster deployment, portability and lightweight cost. But the networking challenges are significant. Users need to restructure their network and support container deployment with current cloud framework, like container and VMs.
In this presentation, we will introduce new container networking solution, which provides one management framework to work with different network componenets through Open/friendly modelling mechnism. iCAN can simplify network deployment and management with most orchestration systems and a variety of data plane components, and design extendsible architect to define and validate Service Level Agreement(SLA) for cloud native applications, which is important factor for enterprise to deliver successful and stable service via containers.
DockerCon EU 2015: Docker Networking Deep DiveDocker, Inc.
with Jana Radhakrishnan, Lead Software Engineer at Docker, and David Tucker, Product Manager, Docker
Docker Networking is a feature of Docker Engine that allows you to create virtual networks and attach containers to them so you can create the network topology that is right for your application. The networked containers can even span multiple hosts, so you don’t have to worry about what host your container lands on. They can seamlessly communicate with each other wherever they are - thus enabling true distributed applications.
And Networking is pluggable, so you can use any third-party networking driver to power your networks without having to make any changes to your application.
Read more: https://blog.docker.com/2015/11/docker-multi-host-networking-ga/
--
Docker is an open platform for developers and system administrators to build, ship and run distributed applications. With Docker, IT organizations shrink application delivery from months to minutes, frictionlessly move workloads between data centers and the cloud and can achieve up to 20X greater efficiency in their use of computing resources. Inspired by an active community and by transparent, open source innovation, Docker containers have been downloaded more than 700 million times and Docker is used by millions of developers across thousands of the world’s most innovative organizations, including eBay, Baidu, the BBC, Goldman Sachs, Groupon, ING, Yelp, and Spotify. Docker’s rapid adoption has catalyzed an active ecosystem, resulting in more than 180,000 “Dockerized” applications, over 40 Docker-related startups and integration partnerships with AWS, Cloud Foundry, Google, IBM, Microsoft, OpenStack, Rackspace, Red Hat and VMware.
Learn more at www.docker.com
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
Presentation delivered at LinuxCon China 2016
UEFI HTTP/HTTPS Boot is a new feature of UEFI 2.5+. In the meantime, this feature is not yet implemented in any Linux bootloader. This Birds of a Feather session will give an introduction to UEFI HTTP/HTTPS Boot, and share a proof-of-concept implementation based on grub2 that works on both the emulator (QEMU/OVMF) and HPE ProLiant Gen10 servers.
For HTTPS, the experience and comparison will be shared between the purely software-based and UEFI-based implementations in the aspects of ease of implementation, security strength, and limitation.
Presentation delivered at LinuxCon China 2017 by Greg Kroah-Hartman.
The Linux kernel is the largest collaborative software development projects ever. This talk will discuss exactly how Linux is developed, how fast it is happening, who is doing the work, and how we all stay sane keeping up with it. It will discuss the development model used, and how it differs from almost all "traditional" models of software development.
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
Presentation at IBM Client Day by Kyle Mestery and Phil Estes, OpenStack Summit 2016 - Austin, Texas on April 26, 2016. "Open, Scalable and Integrated Networking for Containers and VMs" covering Project Kuryr, Docker's libnetwork, and Neutron & OVS and OVN network stacks
This talks shows how to implement the Application-Based Routing in the common Linux Distribution. We use the NDPI to execute the DPI function to category the packet first, use the linux kernel build-it mark to pass the information from user-space to kernel space and then the policy routing system use that mark to route the packet by different destination or interface.
OpenNebulaConf 2016 - OpenNebula, a story about flexibility and technological...OpenNebula Project
Cloud providers are constantly addressing the technology limitations on their infrastructures, which must be overcome to meet customer needs. On this presentation, we will demonstrate how technological agnosticism and management flexibility of OpenNebula has allowed Todoencloud to provide the most efficient open source solution to the needs of its customers, choosing the most appropriate virtualization technology (Xen and KVM), storage approach (ZFS vs CEPH), Cloud Bursting solutions (Azure, Amazon) and customized networking topologies.
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Michelle Antebi
In this talk, Michal Crosby will present on runC and Containerd, the internals and how they work together to start and manage containers in Docker. Afterwards, Arnaud Porterie will touch on about what was shipped in 1.11 and how it will enable some of the things we are working on for 1.12.
In this talk, Tim Bird will discuss the recent status of the Linux with regard to embedded systems. This will include a review of the last year's worth of mainline kernel releases, as well as topic areas specifically related to embedded, such as boot-up time, security, system size, etc. Tim will also present recent and planned work by the Core Embedded Linux Project of the Linux Foundation, and discuss the current status of Linux in various markets and fields. Tim will go over current areas of work, and discuss remaining challenges faced by Linux in embedded projects.
Containers require a new approach to networking. How are your containers communicating with each other? This talk will go through the different network topologies of Kubernetes. How Kubernetes addresses networking compared to traditional physical networking concepts. What are your options for networking using Kubernetes. What is the CNI (Container Network Interface) and how it affects Kubernetes networking.
A quick introduction to OpenVZ, a virtualization platform for Linux that works like FreeBSD jails - it segments a system into different partitions, all running LInux. Each virtual system, container, can run different Linux distributions.
Watch this presentation and learn all about Microservices.
*Flannel, Weave, IPVLAN, MacVLAN and how they fit together with Docker, Swarm or Kubernetes
*How containers communicate with each other
*How the choice of Networking Interface impacts router and switch deployment in the Data Center
Secure Container solution is to enhance container security by isolating memory between Docker containers inside one VM with Intel VT-x EPT HW, which is highly effective to protect container’s memory and at the meantime defends ret2user privilege escalation attack that exploits kernel vulnerabilities (eg. CVE-2017-6074 UAF (use-after-free) vulnerability). It extends KVM interfaces which the guest OS can leverage to isolate container memory from other containers, and the interfaces rely on Intel VT-x EPT hardware extension and provide memory access protection for the container which sits in an isolated memory region. Each secure container has a dedicated EPT table rather than sharing one EPT table with guest OS, which enforces the cross-EPT memory access protection. The whole solution is user-friendly to fit in the existing cloud server infrastructure with very limited changes.
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsThe Linux Foundation
The OpenXT Project is an Open Source community producing a Xen-based platform for client devices with a focus on providing strong security properties. The different primary use cases of this project versus server-based Xen systems have motivated notable technical differences and consequently OpenXT should be of interest to anyone seeking to understand the full set of capabilities on offer within the Xen ecosystem.
In this presentation, Christopher Clark will describe the technical architecture of OpenXT, its current status and development activity within the project and its engagement with the upstream OpenEmbedded and Xen projects. This will include an overview of OpenXT's differentiating features such as Measured Launch, Virtual TPMs, Linux-based stubdoms, a specialized input layer and a distinct PV USB stack for Windows and Linux.
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
Presentation at IBM Client Day by Kyle Mestery and Phil Estes, OpenStack Summit 2016 - Austin, Texas on April 26, 2016. "Open, Scalable and Integrated Networking for Containers and VMs" covering Project Kuryr, Docker's libnetwork, and Neutron & OVS and OVN network stacks
This talks shows how to implement the Application-Based Routing in the common Linux Distribution. We use the NDPI to execute the DPI function to category the packet first, use the linux kernel build-it mark to pass the information from user-space to kernel space and then the policy routing system use that mark to route the packet by different destination or interface.
OpenNebulaConf 2016 - OpenNebula, a story about flexibility and technological...OpenNebula Project
Cloud providers are constantly addressing the technology limitations on their infrastructures, which must be overcome to meet customer needs. On this presentation, we will demonstrate how technological agnosticism and management flexibility of OpenNebula has allowed Todoencloud to provide the most efficient open source solution to the needs of its customers, choosing the most appropriate virtualization technology (Xen and KVM), storage approach (ZFS vs CEPH), Cloud Bursting solutions (Azure, Amazon) and customized networking topologies.
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Michelle Antebi
In this talk, Michal Crosby will present on runC and Containerd, the internals and how they work together to start and manage containers in Docker. Afterwards, Arnaud Porterie will touch on about what was shipped in 1.11 and how it will enable some of the things we are working on for 1.12.
In this talk, Tim Bird will discuss the recent status of the Linux with regard to embedded systems. This will include a review of the last year's worth of mainline kernel releases, as well as topic areas specifically related to embedded, such as boot-up time, security, system size, etc. Tim will also present recent and planned work by the Core Embedded Linux Project of the Linux Foundation, and discuss the current status of Linux in various markets and fields. Tim will go over current areas of work, and discuss remaining challenges faced by Linux in embedded projects.
Containers require a new approach to networking. How are your containers communicating with each other? This talk will go through the different network topologies of Kubernetes. How Kubernetes addresses networking compared to traditional physical networking concepts. What are your options for networking using Kubernetes. What is the CNI (Container Network Interface) and how it affects Kubernetes networking.
A quick introduction to OpenVZ, a virtualization platform for Linux that works like FreeBSD jails - it segments a system into different partitions, all running LInux. Each virtual system, container, can run different Linux distributions.
Watch this presentation and learn all about Microservices.
*Flannel, Weave, IPVLAN, MacVLAN and how they fit together with Docker, Swarm or Kubernetes
*How containers communicate with each other
*How the choice of Networking Interface impacts router and switch deployment in the Data Center
Secure Container solution is to enhance container security by isolating memory between Docker containers inside one VM with Intel VT-x EPT HW, which is highly effective to protect container’s memory and at the meantime defends ret2user privilege escalation attack that exploits kernel vulnerabilities (eg. CVE-2017-6074 UAF (use-after-free) vulnerability). It extends KVM interfaces which the guest OS can leverage to isolate container memory from other containers, and the interfaces rely on Intel VT-x EPT hardware extension and provide memory access protection for the container which sits in an isolated memory region. Each secure container has a dedicated EPT table rather than sharing one EPT table with guest OS, which enforces the cross-EPT memory access protection. The whole solution is user-friendly to fit in the existing cloud server infrastructure with very limited changes.
XPDS16: The OpenXT Project in 2016 - Christopher Clark, BAE SystemsThe Linux Foundation
The OpenXT Project is an Open Source community producing a Xen-based platform for client devices with a focus on providing strong security properties. The different primary use cases of this project versus server-based Xen systems have motivated notable technical differences and consequently OpenXT should be of interest to anyone seeking to understand the full set of capabilities on offer within the Xen ecosystem.
In this presentation, Christopher Clark will describe the technical architecture of OpenXT, its current status and development activity within the project and its engagement with the upstream OpenEmbedded and Xen projects. This will include an overview of OpenXT's differentiating features such as Measured Launch, Virtual TPMs, Linux-based stubdoms, a specialized input layer and a distinct PV USB stack for Windows and Linux.
Docker - Demo on PHP Application deployment Arun prasath
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
In this demo, I will show how to build a Apache image from a Dockerfile and deploy a PHP application which is present in an external folder using custom configuration files.
Seeking position as a Linux Administrator by utilizing “6+ years of experience”
In multiple Linux & UNIX platforms, specialized in Red Hat Linux. Self-motivated, dedicated and up to any task that I am given.
Sanger, upcoming Openstack for Bio-informaticiansPeter Clapham
Delivery of a new Bio-informatics infrastructure at the Wellcome Trust Sanger Center. We include how to programatically create, manage and provide providence for images used both at Sanger and elsewhere using open source tools and continuous integration.
1. Xen based Hypervisor in a Box
Project Information:
Project Title: Xen based Hypervisor in a Box
Project Description: A Single installer ISO that delivers a functional Xen4 stack on CentOS.
The Xen4CentOS effort already builds packages for using Xen dom0 on CentOS-6, this effort
would be to extend that into delivering a consumable ISO that does not need CentOS to be
preinstalled on the machine. The ISO would also contain CentOS-5 and CentOS-6 vm images
that can be instantiated easily.
Details: Consuming Xen as a hypervisor (or Virtual Machine Manager) on CentOS-6 requires a
few cycles, including needing an existing CentOS-6 installed base, and requires a running kernel
upgrade that can cause corner case issues hard to deal with. For example, firmware versions for
drivers change and device naming changing in a way that the system is hard to recover post
install. The aim of this task is to build an installer instance that uses the same kernel as the
xen4centos repositories, and sets up networking as well as storage on a machine making it
possible to consume Xen out of the box. The storage should be setup to consume either file
backed or LVM backed storage for the VM's, and the network should be setup to be either self-
hosted or completely bridged.
For self hosted network we would create a local bridge, managed via dnsmasq and setup to NAT
all VM traffic, much like how the default libvirt install is. For fully bridged, the installer should
bridge the selected physical network device and ensure that Xen creates all virtual network
interfaces for that bridge. In this scenario we would not do DHCP, NAT, or any other network
management.
A key follow-up goal from this task should be to facilitate upstream additions and downstream
extensions on user scenarios. E.g. it should be possible for Open Stack or Open Nebula efforts to
consume this hypervisor. We don't need to deliver the mechanics for these extensions, just
ensure that the work we do is open and extensible easily.
2. Benefits: The benefit of this task is, it is providing an installer instance that uses the same kernel
without the need of creating the separate repositories, and it also provides networking and
storage on a machine making it possible to consume hypervisor out of the box. This hypervisor
can be used by open stack and open Nebula.
Implementation: Upgrading the currently running kernel. Building an installer instance that
uses the same kernel as the xen4centos repositories. Setting up Virtual networking using VLAN
and bridge utilities through IPV4 setting, setting up storage on a machine and making it possible
to consume Xen out of the Virtual box.
Timeline:
Week 1: 19th may to 25th may - A better understanding of Type1 Hypervisor, kernel and
Xen4Centos repositories.
Week 2: 26th may to 31st may – Upgrading the kernel and its repositories.
Week 3: 1st June to 7th June – Building an installer instance using the same kernel and its
repositories.
Week 4: 8th June to 14th June – providing networking by building Virtual LANS and bridge
utilities.
Week 5: 15th June to 21st June – Providing the storage component for the hypervisor using
the open stack volume service components such as swift and cinder or LVM based storage.
Week 6: 22nd June to 28th June – making possible to consume the hypervisor out of the box.
Week 7: 29th June to 5th July – For fully bridged network, the installer should bridge the
selectedphysical network device and ensure that xen creates all virtual network interfaces
for that bridge.
Week 8: 6th July to 18th July – Facilitate upstream additions and downstream extensions on
user scenarios.
Week 9: 19th July to 25th july – Testing the code for open stack and open nebula.
Week 10: 26th July to 2nd Aug – reviewing the code and modifications to be done if any.
Week 11: 3rd Aug to 9th Aug – preparing a manual documentation of the project.
3. Week 12: 10th Aug to 17th Aug –preparing screen shots of the work done, presentations,
documentations in the guidance of mentors.
II) General Information:
Name: PARAMKUSHAM SRUTHI
Email: shrutiparamkusham@gmail.com
Mobile Number: 8985039134, 7036199284
Mailing Lists: CentOS,CentOS-gsoc,CentOS-Newsletter
Why Cent OS: With the support and help of GSOC 2015, I want to stick to Cent OS
projects where I can contribute my skills of linux,python and openstack into the projects
and develop a effective module that benefits to the organization and also benefits in
gaining and sharing knowledge which would be an exciting and interesting journey. It
also carries worth for the third parties and vendors as the services provided to them are
easy to consume.
Technologies known: Python, Linux (user management and permissions,network
configuration,package management,process management,disk management),Openstack
juno version,Open SSH server/client.
Software experience: worked on openstack dashboard(Instance management through
Nova project),installation of single node and multi node on debian based distribution,
Worked on Devops tools such as Jenkins,Git,Gerrit through persistent systems.
Worked on opensource projects based on PHP on WikiMedia,MediaWiki software.
Projects done:
1) Open stack project hands-on on local environment.
2) Setting up network configuration and hands on practice on upgrading the machine
and installation of various components such as message queuing systemfor
communication,databases,authenticating services,managing image configurations
3) Developedbanking application using python 2.7
4) Linux hands-on practice on Ubuntu and Cent OS
Important Links:
Mailing lists on Cent-OS , CentOS-devel,CentOS-Newsletter
https://kmitshruthi.wordpress.com/
References:
http://docs.openstack.org/user-guide/content/
http://docs.openstack.org/user-guide/content/ch_dashboard.html
http://docs.openstack.org/user-
guide/content/dashboard_launch_instances.html