The document provides a comprehensive overview of Linux containers, including their role in virtualization, resource management through cgroups, and operational characteristics. It discusses the advantages of using virtualization with Oracle products, such as cost savings and flexibility, while highlighting the functionalities of containers like namespace isolation and process management. Additionally, it addresses the limitations and future potential of container technology within the Oracle ecosystem.

1. dbi services
Linux Containers
David Hueber
Senior Consultant
Head of Service Management
Grégory Steulet
Senior Consultant
Region Manager
1 www.dbi-services.com 26.04.2012 © dbi services

2. Linux Containers
Agenda
Agenda
i. Introduction to virtualization
ii. Containers presentation
iii. Resources management – Cgroups
iv. System Container Demo
v. Core messages
2 www.dbi-services.com 26.04.2012 © dbi services

3. Linux Containers
Introduction to virtualization
 Why using virtualization with Oracle products ?
 Resource usage optimization
 Hardware cost reduction
 Maintenance cost reduction
 Facility cost reduction
 Flexibility improvement
 Availability facility
 Flexibility of allocated resources – vertical scalability
 Easy deployment and migration
 Oracle License cost reduction – Hard partitioning only
http://www.oracle.com/us/corporate/pricing/partitioning-070609.pdf
3 www.dbi-services.com 26.04.2012 © dbi services

4. Linux Containers
Introduction to virtualization
 partioning-070609.pdf
“Hard partitioning physically segments a server, by taking a single large server and
separating it into distinct smaller systems.
…
Oracle has deemed certain technologies, possibly modified by configuration
constraints, as hard partitioning, and no other technology or configuration qualify.
Approved hard partitioning technologies include:
…
Solaris 10 Containers (capped Containers only),
LPAR (adds DLPAR with AIX 5.2),
Integrity Virtual Machine (capped partitions only), Secure Resource Partitions (capped
partitions only), …
Oracle VM Server for x86 may be used as hard partitioning technology only as
described in the following document:
http://www.oracle.com/technology/tech/virtualization/pdf/ovm-hardpart.pdf.
…”
4 www.dbi-services.com 26.04.2012 © dbi services

5. Linux Containers
Introduction to virtualization
 Oracle certified virtualization solutions
Platform Virtualization Technology OS Oracle DB
version
Oracle VM2 11gR1/11gR2
Oracle VM
Linux x86 Oracle VM3 11gR2
Oracle VM Live Migration Oracle VM2 11gR1/11gR2
 Complete list of certified virtual environments
 http://www.oracle.com/technetwork/database/virtualizationmatrix-172995.html
 Actually not certified
 VMware products – note ID 249212.1
 KVM and XEN solutions by Red Hat, Novell or XenSource - note ID 417770.1
 LXC (Linux containers)
5 www.dbi-services.com 26.04.2012 © dbi services

6. Linux Containers
Introduction to containers
 Virtualisation – Hypervisor type 1
 Hypervisor act as an interface between Hardware and “Invited” OS
 Examples: Oracle VM – VMware ESX(i) – Microsoft Hyper-V
Management
Application 1 Application N
Software
Privileged OS Invited OS Invited OS
Drivers Drivers Drivers
Hypervisor
Hardware
6 www.dbi-services.com 26.04.2012 © dbi services

7. Linux Containers
Introduction to containers
 Virtualisation – Hypervisor type 2
 Software running virtual machines and emulating the hardware
 Examples: Oracle VirtualBox – VMware Player – Microsoft VirtualPC
Application 1 Application N
Management
Invited OS Invited OS
Software
Drivers Drivers
Emulator
Host OS
Hardware
7 www.dbi-services.com 26.04.2012 © dbi services

8. Linux Containers
Introduction to containers
 Virtualisation – Operating System Level
 Virtual environments isolating applications / processes
 Examples: Linux Container – chroot - OpenVZ
Management Application 1 Application N
Software
Isolator Isolator
Host OS
Hardware
8 www.dbi-services.com 26.04.2012 © dbi services

9. Linux Containers
Agenda
Agenda
i. Introduction to virtualization
ii. Containers presentation
iii. Resource management – Cgroups
iv. System Container Demo
v. Core messages
9 www.dbi-services.com 26.04.2012 © dbi services

10. Linux Containers
Containers presentation
Support.oracle.com - Bug 12696082: LINUX CONTAINERS
(LXC)
Comment submitted by Lenz Grimmer (Senior Oracle Manager, Oracle
Linux at Oracle)
Linux Containers (lxc) - this is not fully supported as of today,
but will play an important role going forward.
Verify if Linux Containers is supported in the Linux release you update
training for and include appropriately. Alternatively include reference to
OIG.
*** 04/04/12 08:21 am ***
10 www.dbi-services.com 26.04.2012 © dbi services

11. Linux Containers
Containers presentation
 Virtualisation – Operating System Level
 Virtual environments isolating applications / processes
Application 1 Application N
Management
Software(s)
Invited OS Invited OS
KERNEL
Host OS
Hardware
11 www.dbi-services.com 26.04.2012 © dbi services

12. Linux Containers
Containers presentation
 What is it ?
 Operating system-level virtualization method
 Running multiple isolated environment (containers)
 Each has its own processes and network space
 Linux Containers relies on:
 Namespace-isolation functionality
 Resource management implemented via cgroups functionality
 Namespace-isolation is a kernel feature to limit and isolate resources
usage such as CPU, memory, disk I/O of a process group
 cgroups (control groups) is a kernel feature to allocate resources
usage such as CPU, memory, disk I/O to a process group
12 www.dbi-services.com 26.04.2012 © dbi services

13. Linux Containers
Containers presentation
 Two kinds of containers:
1. Application containers
2. System containers
 Application Containers – application that only create
separate namespaces
Usage: lxc-execute --name=NAME --COMMAND
lxc-execute creates a container with the identifier NAME and execs COMMAND into
this container.
Options :
-n, --name=NAME NAME for name of the container
-f, --rcfile=FILE Load configuration file FILE
-s, --define KEY=VAL Assign VAL to configuration variable KEY
lxc-execute –n ContTerm -f lxc-myconf.conf /bin/bash
13 www.dbi-services.com 26.04.2012 © dbi services

14. Linux Containers
Containers presentation
 Application Containers
Single Host Controller Application Container
+ lxc-execute
+ lxc-init
+ lxc-init
+ <Application>
+ <App.>
[root@vmlxctest1 ~]# ps -ef |grep lxc
avahi 1674 1 0 18:37 ? 00:00:00 avahi-daemon: running
[vmlxctest1.local]
root 14512 14418 0 19:45 pts/0 00:00:00 lxc-execute -n test xclock
root 14513 14512 0 19:45 pts/0 00:00:00 /usr/lib64/lxc/lxc-init -- /bin/bash
root 14514 14513 0 19:45 pts/0 00:00:00 xclock
---
[root@ContTerm~]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 19:45 pts/0 00:00:00 /usr/lib64/lxc/lxc-init -- /bin/bash
root 2 1 0 19:45 pts/0 00:00:00 xclock
root 15 2 0 19:45 pts/0 00:00:00 ps -ef
14 www.dbi-services.com 26.04.2012 © dbi services

15. Linux Containers
Containers presentation
 Application Container
 Environment
 Oracle Enterprise Linux 6.2 x64
 Kernel 2.6-39
 Demo 1
 Bash terminal in an Application Container
 Networking
 Start an Oracle database
 Demo 2
 Oracle in a background Application Container
 Freeze and Unfreeze the container
15 www.dbi-services.com 26.04.2012 © dbi services

16. Linux Containers
Containers presentation
 System Containers
 Have their own Linux Operating System, as Virtual Machines
 Consume less resources
 have decreased isolation against control host (same Linux kernel)
Usage: lxc-start --name=NAME --COMMAND
lxc-start start COMMAND in specified container NAME
Options :
-n, --name=NAME NAME for name of the container
-d, --daemon daemonize the container
-f, --rcfile=FILE Load configuration file FILE
-c, --console=FILE Set the file output for the container console
-s, --define KEY=VAL Assign VAL to configuration variable KEY
If no command is specified, lxc-start will use the default "/sbin/init"
command to run a system container.
[root@oel62 ~]#lxc-start –n ol5test1
16 www.dbi-services.com 26.04.2012 © dbi services

17. Linux Containers
Containers presentation
 Operations on a container
 Signalling [root@oel62 ~]#lxc-kill -n ol5test1 9
 Pausing
 Freeze [root@oel62 ~]#lxc-freeze -n ol5test1
 Unfreeze [root@oel62 ~]#lxc-unfreeze -n ol5test1
 Stopping [root@oel62 ~]#lxc-stop -n ol5test1
 Destroying [root@oel62 ~]#lxc-destroy -n ol5test1
17 www.dbi-services.com 26.04.2012 © dbi services

18. Linux Containers
Agenda
Agenda
i. Introduction to virtualization
ii. Containers presentation
iii. Resource management – Cgroups
iv. System Container Demo
v. Core messages
18 www.dbi-services.com 26.04.2012 © dbi services

19. Linux Containers
Resource management - Cgroups
 Cgroup Model
 blkio — this subsystem sets limits on input/output access to and from block
devices such as physical drives (disk, solid state, USB, etc.)
 cpu — this subsystem uses the scheduler to provide cgroup tasks access to the
CPU
 cpuacct — this subsystem generates automatic reports on CPU resources used
by tasks in a cgroup
 cpuset — this subsystem assigns individual CPUs (on a multicore system) and
memory nodes to tasks in a cgroup.
19 www.dbi-services.com 26.04.2012 © dbi services

20. Linux Containers
Resource management - Cgroups
 Cgroup Model
 devices — this subsystem allows or denies access to devices by tasks in a
cgroup
 freezer — this subsystem suspends or resumes tasks in a cgroup
 memory — this subsystem sets limits on memory use by tasks in a cgroup, and
generates automatic reports on memory resources used by those tasks
 net_cls — this subsystem tags network packets with a class identifier (classid)
that allows the Linux traffic controller (tc) to identify packets originating from a
particular cgroup task
 ns — the namespace subsystem
20 www.dbi-services.com 26.04.2012 © dbi services

21. Linux Containers
Resource management - Cgroups
 Cgroup demonstration with blkio
 Creation of two cgroups for the blkio subsystem
[root@oel62 ~]# mkdir /cgroup/blkio/lab1
[root@oel62 ~]# mkdir /cgroup/blkio/lab2
 Finding major and minor number for /u01 - /dev/sde1
[root@oel62 ~]# df -h | grep /u01
/dev/sde 9.9G 2.0G 7.5G 21% /u01
[root@oel62 ~]# ls -l /dev/sde
brw-rw----. 1 root disk 8, 64 Apr 7 12:04 /dev/sde
 Setting various blkio upper limit for read operations per second to
100Mb/s and 50Mb/s
[root@oel62 ~]# echo "8:64 104857600" >
/cgroup/blkio/lab1/blkio.throttle.read_bps_device
[root@oel62 ~]# echo "8:64 52428800" >
/cgroup/blkio/lab2/blkio.throttle.read_bps_device
21 www.dbi-services.com 26.04.2012 © dbi services

22. Linux Containers
Resource management - Cgroups
 Creation of two 3Gb file (file_1 and file_2)
[root@oel62 ~]# dd if=/dev/zero of=/u01/file_1 bs=1M count=3000
[root@oel62 ~]# dd if=/dev/zero of=/u01/file_2 bs=1M count=3000
 Reading first file with cgroup lab1 and executing iotop
[root@oel62 ~]# cgexec -g blkio:lab1 time dd if=/u01/file_1 of=/dev/null
[root@oel62 ~]# iotop -o
Total DISK READ: 98.93 M/s | Total DISK WRITE: 0.00 B/s
TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND
1567 be/4 root 98.93 M/s 0.00 B/s 0.00 % 61.95% dd if=/u01/file_1 of..
 Reading first file with cgroup lab2 and executing iotop
[root@oel62 ~]# cgexec -g blkio:lab2 time dd if=/u01/file_2 of=/dev/null
[root@oel62 ~]# iotop -o
Total DISK READ: 48.09 M/s | Total DISK WRITE: 0.00 B/s
TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND
1565 be/4 root 51.57 M/s 0.00 B/s 0.00 % 74.19% dd if=/u01/file_2 of..
22 www.dbi-services.com 26.04.2012 © dbi services

23. Linux Containers
Agenda
Agenda
i. Introduction to virtualization
ii. Containers presentation
iii. Resource management - Cgroups
iv. System Container Demo
v. Core messages
23 www.dbi-services.com 26.04.2012 © dbi services

24. Linux Containers
Containers presentation
 System Container
 Environment
 Oracle Enterprise Linux 6.2 x64
 Kernel 2.6-39
 Demo 1
 Start a system container
 See configuration file
 See processes and file system
 Demo 2
 See template principle
 Deploy a system container from a template
24 www.dbi-services.com 26.04.2012 © dbi services

25. dbi services current situation
Agenda
Agenda
i. Introduction to virtualization
ii. Containers presentation
iii. Resource management - Cgroups
iv. System Container Demo
v. Core messages
25 www.dbi-services.com 26.04.2012 © dbi services

26. Linux Containers
Core messages
 Part of the Linux Kernel
 Available on almost all distribution
 Future technology for Oracle products
 Presented as key feature in the Oracle Linux roadmap (OOW11)
 Performance efficiency
 Resources usage
 Fine grained resources allocation
 Easy implementation and maintenance
 Mainly for Application Containers
26 www.dbi-services.com 26.04.2012 © dbi services

27. Linux Containers
Core messages
 Limited isolation against Host
 Limitation on kernel version
 Limited documentation
 Good introduction blog on blogs.oracle.com
 OS virtualization – Limited to Linux Guests
 Not a mature technology, virtualization technology not certified for
Oracle products
27 www.dbi-services.com 26.04.2012 © dbi services

28. dbi services
Any Questions ? Please Do Ask !
David Hueber
Senior Consultant
Head of Service Management
Grégory Steulet
Senior Consultant
Region Manager
„Enjoy Containers !“
28 www.dbi-services.com 26.04.2012 © dbi services