SlideShare a Scribd company logo

LinuxKit Swarm Nodes

Download as ODP, PDF
Moby Project
Moby Project

LinuxKit, a toolkit for building custom minimal, immutable Linux distributions. Secure defaults without compromising usability Everything is replaceable and customisable Immutable infrastructure applied to building Linux distributions Completely stateless, but persistent storage can be attached Easy tooling, with easy iteration Built with containers, for running containers Designed for building and running clustered applications, including but not limited to container orchestration such as Docker or Kubernetes Designed from the experience of building Docker Editions, but redesigned as a general-purpose toolkit Designed to be managed by external tooling, such as Infrakit or similar tools Includes a set of longer-term collaborative projects in various stages of development to innovate on kernel and userspace changes, particularly around security

Technology
1 of 13
Declare Your Infrastructure pt 2: LinuxKit Swarm Nodes Dave Freitag, IBM
Overview and Comparison Ubuntu  2GB Image size  3-5 min provision  5 minutes setup time  Runtime Package Updates  Base security LinuxKit  190MB Image size  1.5-3 min provision  1 minute setup time  Build-time Package Updates  Built-in Security •Swarm nodes on Ubuntu •LinuxKit Investigation and Future
LinuxKit Swarm Node Architecture Linux Kernel 4.9.x init runc containerd ca-certs Kernel Init sysctlOnboot Services rngd docker ssh syslog sysfs mount metadata ntpd getty nfs logrotate iptables dns
Scenarios •Synchronization  Need access to NFS to store/retrieve infrakit files prior to starting docker •Serviceability  Need to keep system and audit logs for diagnostics  Administrator needs command line access
Provision Flow - Initial Configuration resource "ibm_compute_vm_instance" "manager" { hostname = "${var.name}-mgr1" image_id = "${var.image_id}" datacenter = "${var.datacenter}" ... user_metadata = <<EOD cat << EOF > ${var.working_dir}/d4ic-vars.json { "worker_size":${var.worker_count}, "manager_size":${var.manager_count}, "nfs_id":${nfs_manager.id}, "nfs_mountpoint":"${nfs_manager.mountpoint}", ... EOD Terraform •Initial configuration supplied via user metadata
Provision Flow - Boot on-boot metadata onboot: - name: metadata image: ibm-metadata:latest binds: # Cloud drive - /dev:/dev # DNS - /etc/resolv.conf:/etc/resolv.conf # Logs - /var/log:/var/log # SSH Keys - /var/ibm/.ssh:/var/.ssh # Userdata - /var/ibm/metadata:/var/ibm/metadata # Networking - /var/ibm/network:/var/ibm/network # For NFS - /var/ibm/etc/nfs:/etc/nfs  Cloud metadata container configures network  User metadata copied to filesystem for execution later /var/*Network Cloud drive /dev/xvdh
onboot: - name: metadata image: ibm-metadata:latest ... binds: - /var/ibm/metadata:/var/ibm/metadata - /var/ibm/etc/nfs:/etc/nfs services: - name: docker image: ibm-docker:latest ... binds: - /var:/var:rshared,rbind - /var/ibm/etc/nfs:/etc/nfs - name: nfs image: ibm-nfs:latest ... binds: - /var:/var:rshared,rbind - /var/ibm/etc/nfs:/etc/nfs Data Flow - Filesystem Access /var metadata nfs docker  Onboot and service containers share access to common storage volume
Data Flow - Initial Configuration docker metadata nfs Cloud-init Drive /dev/xvdh SCOPE=docker sh userdata.sh ... if [ "$SCOPE" == "docker" ]; then /configure-docker.sh fi SCOPE=nfs sh userdata.sh ... if [ "$SCOPE" == "nfs" ]; then /nfs.sh $NFS_MOUNTPOINT $LOCAL_MOUNTPOINT fi  Each service container runs their own portion of the configuration script
Data Flow - Synchronization docker metadata nfs if [ -f /etc/nfs/nfslock ]; then echo "NFS locked, waiting for NFS." while true; do grep "0" /etc/nfs/nfslock if [ $? -ne 0 ]; then echo "NFS ready, continuing." break fi echo "NFS not ready, waiting." sleep 2 done fi if [ "$NFS" == "1" ]; then echo "0" > /etc/nfs/nfslock fi /sbin/rpcbind -d if [ -f $USERDATA_FILE ]; then "SCOPE=nfs sh $USERDATA_FILE fi ./nfs.sh $MOUNT_POINT $LOCAL_MOUNTPOINT # Finished mounting NFS. echo "Unlocking NFS." echo "1" > /etc/nfs/nfslock  Metadata initializes lock for NFS  Docker waits on NFS lock before continuing
25GB </dev/xvda1> /var mount syslog logrotate Serviceability - Logging and Auditing  Persistent storage volume mounted at boot  All on-boot and service containers log to /var/log  Container logs to /var/lib/docker/...  Syslog captures kernel output, boot logs  Logrotate keeps file sizes in check docker
Serviceability - Administration  SSH container with public-key access  Console (Getty) container available for private network access only ssh Console Internet Private 10.x.x.x Network
Serviceability - Network Overrides  Provide ability to respond to external network failures  dnsmasq service with hosts file InternetSwarm DNS HTTP Service
Demo, Q/A? Thanks!

Recommended

Using linuxKit to build custom rancherOS systems
Using linuxKit to build custom rancherOS systems Using linuxKit to build custom rancherOS systems
Using linuxKit to build custom rancherOS systems
Moby Project
 
Docker n co
Docker n coDocker n co
Docker n co
Rohit Jnagal
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF Meetup
Docker, Inc.
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015
Leonid Mirsky
 
CoreOS @Codetalks Hamburg
CoreOS @Codetalks HamburgCoreOS @Codetalks Hamburg
CoreOS @Codetalks Hamburg
Timo Derstappen
 
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
Atlassian
 
CoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortCoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortStylight
 
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Thomas Fricke
 

Recommended

Using linuxKit to build custom rancherOS systems
Using linuxKit to build custom rancherOS systems Using linuxKit to build custom rancherOS systems
Using linuxKit to build custom rancherOS systems
Moby Project
 
Docker n co
Docker n coDocker n co
Docker n co
Rohit Jnagal
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF Meetup
Docker, Inc.
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015
Leonid Mirsky
 
CoreOS @Codetalks Hamburg
CoreOS @Codetalks HamburgCoreOS @Codetalks Hamburg
CoreOS @Codetalks Hamburg
Timo Derstappen
 
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
Atlassian
 
CoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortCoreOS introduction - Johann Romefort
CoreOS introduction - Johann RomefortStylight
 
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
Thomas Fricke
 
Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortals
Henryk Konsek
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel Developments
Docker, Inc.
 
AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...
Atlassian
 
CoreOS intro
CoreOS introCoreOS intro
CoreOS intro
Timo Derstappen
 
CoreOS Intro
CoreOS IntroCoreOS Intro
CoreOS Intro
Isaac Johnston
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group Cologne
D
 
CoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtCoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtTimo Derstappen
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Lakmal Warusawithana
 
Couch to OpenStack: Cinder - August 6, 2013
Couch to OpenStack: Cinder - August 6, 2013Couch to OpenStack: Cinder - August 6, 2013
Couch to OpenStack: Cinder - August 6, 2013
Trevor Roberts Jr.
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
Nicolas De Loof
 
Automatic docker service announcement with registrator and confd
Automatic docker service announcement with registrator and confdAutomatic docker service announcement with registrator and confd
Automatic docker service announcement with registrator and confd
충섭 김
 
CoreOS Overview
CoreOS OverviewCoreOS Overview
CoreOS Overview
Victor S. Recio
 
Kubernetes
KubernetesKubernetes
Kubernetes
Venkata Naga Ravi
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Michelle Antebi
 
Docker up and running
Docker up and runningDocker up and running
Docker up and running
Victor S. Recio
 
Docker volume-isolator-in-mesos
Docker volume-isolator-in-mesosDocker volume-isolator-in-mesos
Docker volume-isolator-in-mesos
Guangya Liu
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic Operation
Simon Su
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
Sreenivas Makam
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0
Docker, Inc.
 
testing-nfs
testing-nfstesting-nfs
testing-nfsguest4e525f
 
Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)
Sebastien Chabrolles
 

More Related Content

What's hot

Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortals
Henryk Konsek
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel Developments
Docker, Inc.
 
AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...
Atlassian
 
CoreOS intro
CoreOS introCoreOS intro
CoreOS intro
Timo Derstappen
 
CoreOS Intro
CoreOS IntroCoreOS Intro
CoreOS Intro
Isaac Johnston
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group Cologne
D
 
CoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtCoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtTimo Derstappen
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Lakmal Warusawithana
 
Couch to OpenStack: Cinder - August 6, 2013
Couch to OpenStack: Cinder - August 6, 2013Couch to OpenStack: Cinder - August 6, 2013
Couch to OpenStack: Cinder - August 6, 2013
Trevor Roberts Jr.
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
Nicolas De Loof
 
Automatic docker service announcement with registrator and confd
Automatic docker service announcement with registrator and confdAutomatic docker service announcement with registrator and confd
Automatic docker service announcement with registrator and confd
충섭 김
 
CoreOS Overview
CoreOS OverviewCoreOS Overview
CoreOS Overview
Victor S. Recio
 
Kubernetes
KubernetesKubernetes
Kubernetes
Venkata Naga Ravi
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Michelle Antebi
 
Docker up and running
Docker up and runningDocker up and running
Docker up and running
Victor S. Recio
 
Docker volume-isolator-in-mesos
Docker volume-isolator-in-mesosDocker volume-isolator-in-mesos
Docker volume-isolator-in-mesos
Guangya Liu
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic Operation
Simon Su
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
Sreenivas Makam
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0
Docker, Inc.
 

What's hot (20)

Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortals
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel Developments
 
AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...AtlasCamp 2015: How to deliver radical architectural change without the custo...
AtlasCamp 2015: How to deliver radical architectural change without the custo...
 
CoreOS intro
CoreOS introCoreOS intro
CoreOS intro
 
CoreOS Intro
CoreOS IntroCoreOS Intro
CoreOS Intro
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group Cologne
 
CoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtCoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in Utrecht
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
 
Couch to OpenStack: Cinder - August 6, 2013
Couch to OpenStack: Cinder - August 6, 2013Couch to OpenStack: Cinder - August 6, 2013
Couch to OpenStack: Cinder - August 6, 2013
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
 
Automatic docker service announcement with registrator and confd
Automatic docker service announcement with registrator and confdAutomatic docker service announcement with registrator and confd
Automatic docker service announcement with registrator and confd
 
CoreOS Overview
CoreOS OverviewCoreOS Overview
CoreOS Overview
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu VenugopalDocker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
 
Docker up and running
Docker up and runningDocker up and running
Docker up and running
 
Docker volume-isolator-in-mesos
Docker volume-isolator-in-mesosDocker volume-isolator-in-mesos
Docker volume-isolator-in-mesos
 
Kubernetes Basic Operation
Kubernetes Basic OperationKubernetes Basic Operation
Kubernetes Basic Operation
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0
 

Similar to LinuxKit Swarm Nodes

Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)
Sebastien Chabrolles
 
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Cosimo Streppone
 
Domino9on centos6
Domino9on centos6Domino9on centos6
Domino9on centos6a8us
 
Introduction to Diskless Remote Boot in Linux
Introduction to Diskless Remote Boot in LinuxIntroduction to Diskless Remote Boot in Linux
Introduction to Diskless Remote Boot in LinuxJazz Yao-Tsung Wang
 
Flex pod driven by Openstack
Flex pod driven by OpenstackFlex pod driven by Openstack
Flex pod driven by Openstack
Marton Kiss
 
Really useful linux commands
Really useful linux commandsReally useful linux commands
Really useful linux commands
Michael J Geiser
 
Practical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesPractical Tips for Novell Cluster Services
Practical Tips for Novell Cluster Services
Novell
 
RunX ELCE 2020
RunX ELCE 2020RunX ELCE 2020
RunX ELCE 2020
Stefano Stabellini
 
Infrastructure as code with Docker and fig
Infrastructure as code with Docker and figInfrastructure as code with Docker and fig
Infrastructure as code with Docker and fig
pranas_algoteq
 
LSA2 - 02 Namespaces
LSA2 - 02 NamespacesLSA2 - 02 Namespaces
LSA2 - 02 Namespaces
Marian Marinov
 
Nfs
NfsNfs
Nfs
Md Shihab
 
Linux configer
Linux configerLinux configer
Linux configer
MD. AL AMIN
 
Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with Puppet
Kris Buytaert
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
grim_radical
 
Docker
DockerDocker
Docker
Chen Chun
 
Sheep it
Sheep itSheep it
Sheep it
lxfontes
 

Similar to LinuxKit Swarm Nodes (20)

testing-nfs
testing-nfstesting-nfs
testing-nfs
 
Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)Relax and Recover on POWER (Updated 05-2017)
Relax and Recover on POWER (Updated 05-2017)
 
Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013Puppet at Opera Sofware - PuppetCamp Oslo 2013
Puppet at Opera Sofware - PuppetCamp Oslo 2013
 
Domino9on centos6
Domino9on centos6Domino9on centos6
Domino9on centos6
 
Introduction to Diskless Remote Boot in Linux
Introduction to Diskless Remote Boot in LinuxIntroduction to Diskless Remote Boot in Linux
Introduction to Diskless Remote Boot in Linux
 
Flex pod driven by Openstack
Flex pod driven by OpenstackFlex pod driven by Openstack
Flex pod driven by Openstack
 
Really useful linux commands
Really useful linux commandsReally useful linux commands
Really useful linux commands
 
Practical Tips for Novell Cluster Services
Practical Tips for Novell Cluster ServicesPractical Tips for Novell Cluster Services
Practical Tips for Novell Cluster Services
 
RunX ELCE 2020
RunX ELCE 2020RunX ELCE 2020
RunX ELCE 2020
 
Infrastructure as code with Docker and fig
Infrastructure as code with Docker and figInfrastructure as code with Docker and fig
Infrastructure as code with Docker and fig
 
LSA2 - 02 Namespaces
LSA2 - 02 NamespacesLSA2 - 02 Namespaces
LSA2 - 02 Namespaces
 
Rac on NFS
Rac on NFSRac on NFS
Rac on NFS
 
Nfs
NfsNfs
Nfs
 
Linux configer
Linux configerLinux configer
Linux configer
 
Automating complex infrastructures with Puppet
Automating complex infrastructures with PuppetAutomating complex infrastructures with Puppet
Automating complex infrastructures with Puppet
 
Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013Puppet: Eclipsecon ALM 2013
Puppet: Eclipsecon ALM 2013
 
Puppet
PuppetPuppet
Puppet
 
Slim Server Practical
Slim Server PracticalSlim Server Practical
Slim Server Practical
 
Docker
DockerDocker
Docker
 
Sheep it
Sheep itSheep it
Sheep it
 

More from Moby Project

Libnetwork updates
Libnetwork updatesLibnetwork updates
Libnetwork updates
Moby Project
 
CRI-containerd
CRI-containerdCRI-containerd
CRI-containerd
Moby Project
 
FaaS-and-Furious
FaaS-and-FuriousFaaS-and-Furious
FaaS-and-Furious
Moby Project
 
LinuxKit
LinuxKitLinuxKit
LinuxKit
Moby Project
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signing
Moby Project
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyDeclare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and Moby
Moby Project
 
Moby Summit introduction
Moby Summit introductionMoby Summit introduction
Moby Summit introduction
Moby Project
 
Moby and kubernetes entitlements
Moby and kubernetes entitlementsMoby and kubernetes entitlements
Moby and kubernetes entitlements
Moby Project
 
Builder and BuildKit
Builder and BuildKitBuilder and BuildKit
Builder and BuildKit
Moby Project
 
OpenWhisk and IBM cloud functions
OpenWhisk and IBM cloud functionsOpenWhisk and IBM cloud functions
OpenWhisk and IBM cloud functions
Moby Project
 
The State of containerd
The State of containerdThe State of containerd
The State of containerd
Moby Project
 
LinuxKit and OpenOverlay
LinuxKit and OpenOverlayLinuxKit and OpenOverlay
LinuxKit and OpenOverlay
Moby Project
 

More from Moby Project (12)

Libnetwork updates
Libnetwork updatesLibnetwork updates
Libnetwork updates
 
CRI-containerd
CRI-containerdCRI-containerd
CRI-containerd
 
FaaS-and-Furious
FaaS-and-FuriousFaaS-and-Furious
FaaS-and-Furious
 
LinuxKit
LinuxKitLinuxKit
LinuxKit
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signing
 
Declare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and MobyDeclare your infrastructure: InfraKit, LinuxKit and Moby
Declare your infrastructure: InfraKit, LinuxKit and Moby
 
Moby Summit introduction
Moby Summit introductionMoby Summit introduction
Moby Summit introduction
 
Moby and kubernetes entitlements
Moby and kubernetes entitlementsMoby and kubernetes entitlements
Moby and kubernetes entitlements
 
Builder and BuildKit
Builder and BuildKitBuilder and BuildKit
Builder and BuildKit
 
OpenWhisk and IBM cloud functions
OpenWhisk and IBM cloud functionsOpenWhisk and IBM cloud functions
OpenWhisk and IBM cloud functions
 
The State of containerd
The State of containerdThe State of containerd
The State of containerd
 
LinuxKit and OpenOverlay
LinuxKit and OpenOverlayLinuxKit and OpenOverlay
LinuxKit and OpenOverlay
 

Recently uploaded

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

LinuxKit Swarm Nodes

  • 1. Declare Your Infrastructure pt 2: LinuxKit Swarm Nodes Dave Freitag, IBM
  • 2. Overview and Comparison Ubuntu  2GB Image size  3-5 min provision  5 minutes setup time  Runtime Package Updates  Base security LinuxKit  190MB Image size  1.5-3 min provision  1 minute setup time  Build-time Package Updates  Built-in Security •Swarm nodes on Ubuntu •LinuxKit Investigation and Future
  • 3. LinuxKit Swarm Node Architecture Linux Kernel 4.9.x init runc containerd ca-certs Kernel Init sysctlOnboot Services rngd docker ssh syslog sysfs mount metadata ntpd getty nfs logrotate iptables dns
  • 4. Scenarios •Synchronization  Need access to NFS to store/retrieve infrakit files prior to starting docker •Serviceability  Need to keep system and audit logs for diagnostics  Administrator needs command line access
  • 5. Provision Flow - Initial Configuration resource "ibm_compute_vm_instance" "manager" { hostname = "${var.name}-mgr1" image_id = "${var.image_id}" datacenter = "${var.datacenter}" ... user_metadata = <<EOD cat << EOF > ${var.working_dir}/d4ic-vars.json { "worker_size":${var.worker_count}, "manager_size":${var.manager_count}, "nfs_id":${nfs_manager.id}, "nfs_mountpoint":"${nfs_manager.mountpoint}", ... EOD Terraform •Initial configuration supplied via user metadata
  • 6. Provision Flow - Boot on-boot metadata onboot: - name: metadata image: ibm-metadata:latest binds: # Cloud drive - /dev:/dev # DNS - /etc/resolv.conf:/etc/resolv.conf # Logs - /var/log:/var/log # SSH Keys - /var/ibm/.ssh:/var/.ssh # Userdata - /var/ibm/metadata:/var/ibm/metadata # Networking - /var/ibm/network:/var/ibm/network # For NFS - /var/ibm/etc/nfs:/etc/nfs  Cloud metadata container configures network  User metadata copied to filesystem for execution later /var/*Network Cloud drive /dev/xvdh
  • 7. onboot: - name: metadata image: ibm-metadata:latest ... binds: - /var/ibm/metadata:/var/ibm/metadata - /var/ibm/etc/nfs:/etc/nfs services: - name: docker image: ibm-docker:latest ... binds: - /var:/var:rshared,rbind - /var/ibm/etc/nfs:/etc/nfs - name: nfs image: ibm-nfs:latest ... binds: - /var:/var:rshared,rbind - /var/ibm/etc/nfs:/etc/nfs Data Flow - Filesystem Access /var metadata nfs docker  Onboot and service containers share access to common storage volume
  • 8. Data Flow - Initial Configuration docker metadata nfs Cloud-init Drive /dev/xvdh SCOPE=docker sh userdata.sh ... if [ "$SCOPE" == "docker" ]; then /configure-docker.sh fi SCOPE=nfs sh userdata.sh ... if [ "$SCOPE" == "nfs" ]; then /nfs.sh $NFS_MOUNTPOINT $LOCAL_MOUNTPOINT fi  Each service container runs their own portion of the configuration script
  • 9. Data Flow - Synchronization docker metadata nfs if [ -f /etc/nfs/nfslock ]; then echo "NFS locked, waiting for NFS." while true; do grep "0" /etc/nfs/nfslock if [ $? -ne 0 ]; then echo "NFS ready, continuing." break fi echo "NFS not ready, waiting." sleep 2 done fi if [ "$NFS" == "1" ]; then echo "0" > /etc/nfs/nfslock fi /sbin/rpcbind -d if [ -f $USERDATA_FILE ]; then "SCOPE=nfs sh $USERDATA_FILE fi ./nfs.sh $MOUNT_POINT $LOCAL_MOUNTPOINT # Finished mounting NFS. echo "Unlocking NFS." echo "1" > /etc/nfs/nfslock  Metadata initializes lock for NFS  Docker waits on NFS lock before continuing
  • 10. 25GB </dev/xvda1> /var mount syslog logrotate Serviceability - Logging and Auditing  Persistent storage volume mounted at boot  All on-boot and service containers log to /var/log  Container logs to /var/lib/docker/...  Syslog captures kernel output, boot logs  Logrotate keeps file sizes in check docker
  • 11. Serviceability - Administration  SSH container with public-key access  Console (Getty) container available for private network access only ssh Console Internet Private 10.x.x.x Network
  • 12. Serviceability - Network Overrides  Provide ability to respond to external network failures  dnsmasq service with hosts file InternetSwarm DNS HTTP Service