Successfully reported this slideshow.

Linux.Conf.AU 2009 (LCA09) Slide "OS Circular: Internet bootable OS Archive" by Suzaki


Published on

OS Circular: Internet bootable OS Archive

presented at Linux Conf AU 2009

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Linux.Conf.AU 2009 (LCA09) Slide "OS Circular: Internet bootable OS Archive" by Suzaki

  1. 1. OS Circular: Internet bootable OS Archive @Linux.Conf.AU 2009 Kuniyasu Suzaki 1 Research Center for Information Security
  2. 2. Contents • Motivation and Related Work • Virtual Disk for OS Circular – LBCAS: Loopback Content Addressable Storage • OS boot on Virtual&Real Machine with LBCAS. • Performance problem and Optimization – Relocate blocks for prefetch of page-cache (readahead) – Hide network latency 2
  3. 3. Motivation • I wanted to use many OSes but I hated the installation. • I used liveCD/DVD (KNOPPIX, FreSBIE[BSD], BeleniX[OpenSolaris], etc). – The update however is not so frequent. I’m afraid it may include vulnerable applications. – The burning CD/DVD is time-wasting and media-wasting. • I want to boot the least (well-maintained) OSes from the Internet without installation. 3
  4. 4. OS Circular (Big Picture) OS Suppliers (update timely) block files on LBCAS HTTP Server (Loopback Content Internet Addressable Storage) Construct Virtual Disk from block files KVM QEMU Users Try OS without installation 4 Virtual Machine Real Machine
  5. 5. Related Work • OS Zoo – Distribute the disk file of QEMU • Linux Distributions, *BSD, Plan9, OpenSolairs, MINIX • Big Disk File & Slow Update – • LivePC of Moka5 – Moka5 is a venture company (Stanford “Collective” group) – Streaming service of disk image to the customized VMWare – 5
  6. 6. OS Circular • OS Circular is a framework of Internet Disk Image Distributor • The disk image is managed by LBCAS (LoopBack Content Addressable Storage) • Venti of Plan9 depends on same idea. • Using LBCAS, user boots an OS from the Internet on virtual and real machine. – Hard disk works as cache. • The cached image is reusable for next boot and applied to Mobile Computing. 6
  7. 7. Block files of LBCAS Address File Name 00000000-0003FFFF 4ad36ffe8… 00040000-0007FFFF 974daf34a… 00080000-000BFFFF 2d34ff3e1… Block Device 000C0000-000FFFFF 3310012a… Mapping Table and … … block files 4KB Page map01.idx 4ad36ffe8… ext2 256KB 974daf34a… … 2d34ff3e1… The block files are re- 3310012a… constructed as a virtual disk … … … with LBCAS Block file is named by SHA-1 digest of its contents … compressed … by zlib 7
  8. 8. Construct a virtual disk of LBCAS on a Client PC HTTP Server (original) Client A OS Block Device Mapping Table and block files 4KB Page map01.idx 4ad36ffe8… ext2 256KB 974daf34a… … 2d34ff3e1… 3310012a… On Demand … Download … … … … 8
  9. 9. LBCAS (1/2) • The image of LBCAS are made from existing normal block device. • Original block device is split by 256KB and compressed by zlib. Each data is saved to each “block file”. • Block file name is a SHA1 value of its contents. – If there are same contests in blocks, they are expressed by one block file and reduce total storage space. – The basic idea is resemble to “Venti of Plan9”[USENIX’02] • Block files are managed by “mapping table” file. • Block files are reconstructed to a loopback file by FUSE wrapper. – FUSE is a User-land File System. • • Each block file is measured with the SHA1 file name when it mapped to loopback file. 9
  10. 10. Structure of LBCAS • Storage Cache – Suppress download • Memory Cache – Suppress disk-access and uncompress 10
  11. 11. LBCAS (2/2) • When a file is updated or created on the original block device, the relevant block files are newly created with new SHA1 file name. The mapping table file is also renewed. – Old block files are reusable. • HTTP for file deliver – Most popular and well designed for Internet. • Utilize inexpensive Web hosting services, Proxies, and Mirror Servers for world wide deployment. • Block files are network/storage transparent. – If necessary block files are stored in a local storage, network connection is not necessary. 11
  12. 12. Partial Update of LBCAS Block Device block file block files named by SHA-1 4KB Page map01.idx ext2 256KB 4ad36ffe8… 974daf34a… … 2d34ff3e1… 3310012a… … … … Same files … Reusable for FUSE Update 4KB Page map02.idx 256KB 4ad36ffe8… ext2 FUSE dd4daf34a… driver … 2d34ff3e1… 3310012a… … … … apt-get install … Create Once, Use Many … 12
  13. 13. Apply LBCAS to Virtual and Real Machine • Virtual Machine (easy way) – Advantage • LBCAS can be passed to a virtual machine as bootable device. – Virtual Machine passes the control to the MBR of LBCAS. – Bootloader, kernel and initrd are included in LBCAS. • The virtual devices are same on anonymous PC and the transferred OS only have to prepare the drivers for them. – Disadvantage • The native performance of real device is not available. – Especially VIDEO card, Network card cause problem. • Real Machine – Advantage • The native performance is available. – Disadvantage • LBCAS is not recognized as a bootable device. The boot procedure must be customized. • The devices on individual PC are different. Transferred OS must detect devices and setup suitable drivers. 13
  14. 14. OS Circular (Big Picture) OS Suppliers (update timely) block files on LBCAS HTTP Server (Loopback Content Internet Addressable Storage) Not recognized as a Construct Virtual Disk from block files bootable device. Boot procedure must be customized. Recognized as a bootable device KVM QEMU Users Try OS without installation 14 Virtual Machine Real Machine
  15. 15. Virtual Machine with LBCAS 15
  16. 16. Customization of Boot Procedure on Real Machine • Customization on kernel and initrd – Kernel must recognize LBCAS as the device which includes Root File System. – To do so, the “initrd (initial ram disk)” must setup LBCAS. • In order to setup LBCAS, initrd must setup Network. • Customization on “init” process (after initrd) – “init” process have to setup a driver for each device on anonymous PC. • Most LiveCD includes this function. (Ex: AutoConfig of KNOPPIX) • Network card is the exception, because it was setup in the initrd and must keep for LBCAS. 16
  17. 17. Boot Procedure on Real Machine Client PC only have to prepare gPXE or kboot(kexec) server Setup Netwrok HTTP Download kernel and initrd kboot Whole image will be downloadable form Internet http://***/linux Internet (kexe) http://***/initrd gPXE linux Reboot with them initrd GRUB Memu This part is replaced with kernel /boot/grub/linux kboot(kexe) or gPXE. HTTP server GRUB initrd /boot/grub/initrd udhcp ;Setup network LBCAS httpstraged http://***/block.lst /media/lbcas Internet initrd losetup /media/lbcas/KNOPPIX /dev/loop0 mount /dev/loop0 /KNOPPIX init AutoConfig detects devices init and includes suitable drivers except NIC process normal KNOPPIX boot 17
  18. 18. Summary: Difference on Virtual and Real Machine OS Suppliers (update timely) block files on kernel & initrd LBCAS HTTP Server (Loopback Content Internet Addressable Storage) initrd setup LBCAS for Root File System Construct Virtual Disk from block files kernel kernel & initrd & initrd Bootloader download a kernel & initrd Treat as a Bootable Device kboot(kexec), gPXE KVM QEMU Users Try OS without 18 installation Virtual Machine Real Machine
  19. 19. Problem of Performance • Disk image – LBCAS causes fragmentation because of block size mismatch between File System and LBCAS. – The mismatch of “readahead (prefetch of page cache)” of Linux kernel • Cause redundant download and unnecessary uncompress. • Network Latency – LBCAS is sensitive for network latency • Because many small files are downloaded on demand. The bandwidth expansion techniques (sliding window, multi- connection) are not used. – Moka5 solves this problem with streaming download of disk image. 19
  20. 20. Optimization for Fragmentation • Block size mismatch between file system and virtual block device causes fragmentation. – LBCAS 256KB – File System (ext2) 4KB – Kitagawa* reported the occupancy of requested blocks at boot time was 30% of LBCAS (on KNOPPIX 3.8.2). • * [Linux Kongress 2006] • “ext2optimizer” repacks the data blocks of ext2 file system to be in line. – It is based on the profile of accessed data blocks at boot time. – As the results, ext2optimizer reduces the number of block files. 20
  21. 21. Semantic Gap between readahead and LBCAS • The coverage of readaread varies with the page-cache hit ratio. Ext2/3 File System readahead LBCAS Access Order (4K) (4K~128K) (256KB) ① ② Hit Page-Cache Occupancy is low ③ ④ Cache missed and the coverage is shrunk Redundant block 21 Files Blocks read Blocks requested Block files to disk access downloaded
  22. 22. Block Relocation: Ext2optimizer [LinuxKongress06] • Change data blocks to be arranged in line. Structure of meta data is not changed. • The arrangement is based on the access profile at boot time. • Feature: – Normal driver is used. – The fragmentation is occurred from the view of file – The relocation increases page-cache hit. readahead extend the coverage size. Mode Mode Owner info Owner info Size Size Timestamps Timestamps Direct Blocks Direct Blocks Indirect Blocks Indirect Blocks Double Indirect Double Indirect Triple Indirect Triple Indirect 22
  23. 23. Static Analyze by DAVL (Disk Allocation Viewer for Linux) Original Ext2opt Fragmentation 0.09% Fragmentation 0.27% 23
  24. 24. Dynamic Analyze: Disk Access at boot time • Ext2optimizer relocate the data blocks for boot. Time 24 Address
  25. 25. The amount of requested and downloaded data at boot time • The block size of LBCAS is changed to 64KB, 128KB, 256KB, and 512KB. • Ext2optimzer reduces the amount of requested and downloaded data. • Small block size is better in this case. – Big block size is better at long latency network, because small block size requires many times of download. Amount of requested data Amount of downloaded data Effect of Ext2Opt Effect of Compress 512KB 256KB Effect of sufficiency 128KB 64KB Ext2Opt makes small 25 difference for the amount
  26. 26. Optimization for download methods • 2 optimizations – DLAHEAD (DownLoad AHEAD) • The necessary block files are downloaded in advance with extra download connections (default 4). – [Preparation] Take a profile of downloaded block files at boot time. – DNS-Balance • DNS-Balance is a kind of name resolver which suggests the nearest server. • Users find the nearest download site automatically. – It prevents inter-continental download, because we offers severs in EU, US, and Japan. 26
  27. 27. World Wide deployment • Prepare some hosting services in the world. Copenhagen Montreal London Amsterdam Japan Philadelphia Ring Servers Houston (DNS Balance) 27
  28. 28. Search for suitable download server • DNS Balance ( suggest a suitable IP Address of server (North America, EU, Asia) ( ( (XXX.168.0.10) DNS-balance (YYY.10.0.19) XXX.168.0.10 YYY.10.0.19 Client Web server for Block Files Resolve 28 by DNS-Balance(
  29. 29. Current Available OSes on OS Circular • On real machine – KNOPPIX 4.0.2, 5.0.1, 5.1.1 • KNOPPIX is advanced at AutoConfig and applied to any PC. – The kernel and initrd are downloadable. “gPXE” , “Kboot” and “kexec” can boot them. • On virtual machine – Plan9 and NetBSD • on Xen 2.0.3 DomU (para-virtualization) – The detail is presented at Ottawa Linux Symposium 2006 – Debian Etch, Ubuntu6.06/6.10/7.04, CentOS5 • on Xen-HVM/KVM/QEMU (full-virtualization) 29
  30. 30. LBCAS for Sony PlayStation3 Linux • PlayStation3 has "kboot“ on 4MB Flash – kboot can get “kernel” and “initrd” via HTTP. • The disk image is obtained by LBCAS. 30
  31. 31. Summary The some services are available. Just try! Special Thanks DAVL developers EXT2Optimizer developers 31