SlideShare a Scribd company logo

Containers with systemd-nspawn

Gábor Nyers
Gábor Nyers

While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies. This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.

Related slideshows

VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for Innovation
 
[AIX] RDX Device Backup Guide
[AIX] RDX Device Backup Guide[AIX] RDX Device Backup Guide
[AIX] RDX Device Backup Guide
 
1 of 27
Download to read offline
Containers with systemd-nspawn Gábor Nyers Consultant & Trainer @Trebut gnyers@trebut.com @gabornyers
Agenda ● An example systemd-nspawn container ● What is systemd-nspawn and systemd ● Related Concept: Kernel CGroups ● Bootable containters ● Containers as Service ● Advanced topic: Socket Activation
3 An example systemd-nspawn container
4 A Simple Application Container • Start up container • List of processes • Try to install package ‣ Limited footprint and exposure! • On host OS: list kernel control groups: # systemd-nspawn -jD /srv/containers/opensuse132/ -M opensuse132c0 /bin/bash # opensuse132c0:~ # ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 04:16 ? 00:00:00 -bash root 43 1 0 04:18 ? 00:00:00 ps -ef # opensuse132c0:~ # zypper install wget -bash: zypper: command not found # # machinectl MACHINE CONTAINER SERVICE opensuse132c0 container nspawn 1 machines listed. physnode1:~ # # systemd-cgls ├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21 ├─machine.slice │ └─machine-opensuse132c0.scope │ └─18329 -bash […] # ps -ef -o pid,ppid,machine,cmd

Recommended for you

Introduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & ContainersIntroduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & Containers

This Presentation contains information about os level virtualization and Containers internals. It has used other material on slide share which is referenced in Notes of PPT

 
by Vaibhav Sharma
virtualizationlinux containerdocker internal
U-Boot presentation 2013
U-Boot presentation 2013U-Boot presentation 2013
U-Boot presentation 2013

U-Boot is an open source boot loader that initializes hardware and loads operating systems. It supports many CPUs and boards. The boot process involves a pre-relocation phase where U-Boot initializes hardware and copies itself to RAM, and a post-relocation phase where it finishes hardware initialization and loads the kernel or operating system. Debugging can be done before and after relocation by setting breakpoints and examining memory.

 
by Wave Digitech
linuxembedded systemsu-boot
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch

U-Boot project has evolved in the time span of over 17 years and so as its complexity and its uses. This has made it a daunting task in getting started with its development and uses. This talk will address all these issues start with overview, features, efforts created by community and future plans. The U-Boot project has evolved in the time span of over 17 years and so as its complexity and its uses. This has made it a daunting task in getting started with its development and uses. This talk will address all these issues and share development efforts created by the U-Boot community. In this talk Jagan Teki(Maintainer for Allwinner SoC, SPI, SPI FLASH Subsystems) will introduce U-Boot from scratch with a brief overview of U-Boot history, U-Boot Proper, SPL, TPL, Build process and Startup sequence. He will talk about other preliminaries such as Image booting, Falcon Mode, Secure Boot and U-Boot features like device tree, device overlays, driver model and DFU, etc. Once giving enough introduction, he will also talk about steps to port U-Boot to new hardware with a demo, along with U-Boot testing process. Finally, he will address and review ongoing development work, issues and future development regarding U-Boot.

 
by linuxlab_conf
linuxlab 2018tekiu-boot
5 Create application container • Bootstrap directory • Install a few packages # zypper --root /srv/containers/opensuse132/ addrepo http://download.opensuse.org/distribution/13.2/repo/oss/ repo-oss # zypper --root /srv/containers/opensuse132/ addrepo http://download.opensuse.org/distribution/13.2/repo/non-oss/ repo-non-oss # zypper --root /srv/containers/opensuse132/ install openSUSE-release-13.2 install bash procps coreutils vim
6 systemd-nspawn • What is systemd? • What is systemd-nspawn? • Adoption
7 What is systemd? 1/3 • a system- and session manager for Linux, • provides aggressive parallelization capabilities, (no shell during boot!) • uses socket and D-Bus activation for starting services, • offers on-demand starting of services, • keeps track of processes using Linux cgroups,
8 What is systemd? 2/3 • supports restoring the system's state to a predefined state, • maintains mount and auto-mount points, • provides dependency based service control logic, • provides replacement for a nr. of well-known tools, e.g.: udev, automount, inetd, consolekit and syslog, • a drop-in replacement for sysvinit

Recommended for you

Vmware vSphere Api Best Practices
Vmware vSphere Api Best PracticesVmware vSphere Api Best Practices
Vmware vSphere Api Best Practices

Balaji Parimi VMware R&D describes best practices when using the vSphere APIs. The VMware vSphere APIs can be used to build VMware vSphere management solutions. Virtual Machines, Host Management, Performance Monitoring. To learn more visit our community. http://developer.vmware.com

 
by Pablo Roesch
vmwaredeveloperesxapiviapi
Hypervisors
HypervisorsHypervisors
Hypervisors

The document describes hypervisors and their role in virtualization. It discusses how a hypervisor sits between virtual machines and hardware to provide an isolated environment for each VM. It also compares different types of hypervisors, including describing how early hypervisors used full virtualization through trap-and-emulate to virtualize privileged instructions. The document then discusses the design conditions for a hypervisor based on Popek and Goldberg's virtualization theorem, including how the hypervisor must provide equivalence, performance, and resource control for virtual machines.

 
by SrikantMishra12
hypervisorsvirtualization
containerD
containerDcontainerD
containerD

ContainerD is a daemon that controls the runC runtime to execute and manage containers according to the OCI specification. It has a gRPC API and a low-level CLI (ctr) for debugging. ContainerD is designed to be embedded in larger systems rather than directly used by end-users. It focuses on container execution, images, storage, and networking.

 
by strikr .
containerscontainerdimage-spec
9 What is systemd? 3/3 There is a lot of criticism and opinions as well... • “It's not the UNIX way” referring to the “do one thing and do it well” maxim • “It's monolithic” • “It introduces too many dependencies” • (and worse) ... but we won't be addressing these today :-)
10 An aside: People and Innovation... “If I had asked people what they wanted, they would have said faster horses” Henry Ford
11 What is systemd-nspawn? • “chroot on steroids...” • Invented for debug and test of systemd development • Turns out to be a great container manager • systemd-nspawn vs. docker ‣ Management container vs. container+images ‣ Inherited networking vs. Need to set up networking
12 systemd adoption Distribution Added to repositories Enabled by default? Released as default SUSE Linux Enterprise v12 Yes Yes openSUSE v11.4 Yes v12.2 (2012) Fedora v15 (2011) Yes v15 (2011) Red Hat Linux Enterprise v7 (2014) Yes v7 (2014) Debian in 2012 Yes v8 (2015) Arch Linux in 2012 Yes 2012 Ubuntu v13.04 (2013) Yes v15.04 (2015) see also: http://en.wikipedia.org/wiki/Systemd#Adoption_and_reception

Recommended for you

Building a Stretched Cluster using Virtual SAN 6.1
Building a Stretched Cluster using Virtual SAN 6.1Building a Stretched Cluster using Virtual SAN 6.1
Building a Stretched Cluster using Virtual SAN 6.1

VMworld session STO5333, Building a Stretched Cluster using Virtual SAN 6.1, presented at VMworld US 2015

 
by Duncan Epping
vmwarevspherevirtual san
iSCSI (Internet Small Computer System Interface)
iSCSI (Internet Small Computer System Interface)iSCSI (Internet Small Computer System Interface)
iSCSI (Internet Small Computer System Interface)

Gives the introduction about Internet Small Computer System Interface, Its usage, working of iSCSI and how to discover Initiator and target for iSCSI.

 
by Sayali Koranne
Kernel module programming
Kernel module programmingKernel module programming
Kernel module programming

This presentation gives introduction to kernel module programming with sample kernel module. It helps to start with kernel programming and how it can be used to develop various types of device drivers.

 
by Vandana Salve
kernel module programming
13 Related Concept • Kernel cgroups (independent of systemd)
14 Kernel Cgroups (Control Groups) • Linux Kernel facility allowing the grouping of processes (and their “children”) into a tree-structure hierarchy • Each group can be assigned a quota for these system resources: ‣ CPU ‣ RAM ‣ Disk I/O ‣ Network I/O Control groups hierarchy created by systemd ├─machine.slice │ └─machine-qemux2dsles1201.scope │ └─20958 /usr/bin/qemu-system-x86_64 -m... ├─user.slice │ ├─user-0.slice │ │ └─user@0.service │ │ ├─4322 /usr/lib/systemd/systemd --us... │ │ └─4323 (sd-pam) │ ├─user-1000.slice │ │ ├─session-560.scope │ │ │ ├─ 2810 /usr/bin/claws-mail │ │ │ ├─ 3035 /usr/lib64/firefox/firefox │ │ │ ├─ 3086 /usr/lib/mozilla/kmozillahel... │ │ │ ├─ 5459 /bin/bash │ │ │ ├─ 7854 /usr/bin/kwalletmanager --kw... │ │ ├─session-1.scope │ │ │ ├─4179 /bin/bash ./bridge start │ │ │ └─4182 dnsmasq --conf-file=mydnsmasq... │ │ └─user@1000.service │ │ ├─1891 /usr/lib/systemd/systemd --us... │ │ └─1892 (sd-pam) │ └─user-489.slice │ └─user@489.service │ ├─1703 /usr/lib/systemd/systemd --us... │ └─1704 (sd-pam) └─system.slice ├─libvirtd.service │ └─4008 /usr/sbin/libvirtd --listen ├─rsyslog.service │ └─985 /usr/sbin/rsyslogd -n ├─apache2.service │ ├─1254 /usr/sbin/httpd2-prefork -f /et... │ └─1840 /usr/sbin/httpd2-prefork -f /et...
15 Bootable containers
16 Bootable OS container [1/4] Bootstrap • Host properties • Install YUM • Bootstrap RPM DB • Install CentOS 7 release package • Install a few package and their dependencies # hostnamectl Static hostname: physnode1.trebut.com Icon name: computer-laptop Chassis: laptop Machine ID: b4ea4eb15ab7c29b6cc20a47544e5eb7 Boot ID: 3c4e7b5067d247939b89d7e7b57c1132 Operating System: openSUSE 13.2 (Harlequin) (x86_64) CPE OS Name: cpe:/o:opensuse:opensuse:13.2 Kernel: Linux 3.16.7-7-desktop Architecture: x86-64 # zypper install yum # rpm --root /srv/containers/centos/ --initdb # rpm --root /srv/containers/centos/ -ihv http://mirror.centos.org/centos/7.1.1503/os/x86_64/Packages/centos- release-7-1.1503.el7.centos.2.8.x86_64.rpm # yum -y --nogpg --releasever=7 --installroot=/srv/containers/centos/ install systemd passwd yum vim-minimal

Recommended for you

Decompressed vmlinux: linux kernel initialization from page table configurati...
Decompressed vmlinux: linux kernel initialization from page table configurati...Decompressed vmlinux: linux kernel initialization from page table configurati...
Decompressed vmlinux: linux kernel initialization from page table configurati...

Talk about how Linux kernel initializes the page table. Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).

 
by Adrian Huang
linux kernelvmlinuxpage table
PCI Drivers
PCI DriversPCI Drivers
PCI Drivers

This document discusses the Peripheral Component Interconnect (PCI) driver subsystem in Linux. It covers PCI architecture basics, the kernel PCI subsystem, registering PCI drivers, probing PCI devices, accessing PCI configuration and I/O spaces, handling DMA, and provides code examples and APIs for writing PCI device drivers.

 
by Anil Kumar Pugalia
devicelinuxbus drivers
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...

Session ID: SFO17-200 Session Name: - SFO17-200 Speaker: Track: ★ Session Summary ★ --------------------------------------------------- ★ Resources ★ Event Page: http://connect.linaro.org/resource/sfo17/sfo17-200/ Presentation: Video: --------------------------------------------------- ★ Event Details ★ Linaro Connect San Francisco 2017 (SFO17) 25-29 September 2017 Hyatt Regency San Francisco Airport --------------------------------------------------- Keyword: http://www.linaro.org http://connect.linaro.org --------------------------------------------------- Follow us on Social Media https://www.facebook.com/LinaroOrg https://twitter.com/linaroorg https://www.youtube.com/user/linaroorg?sub_confirmation=1 https://www.linkedin.com/company/102696

 
by Linaro
securebootarm
17 Bootable OS container [2/4] Boot container • Boot container ‣ systemd-nspawn -bD /srv/containers/centos/ # systemd-nspawn -bD /srv/containers/centos/ systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ) Detected virtualization 'systemd-nspawn'. Welcome to CentOS Linux 7 (Core)! Set hostname to <centos7c0>. [ OK ] Reached target Remote File Systems. [ OK ] Created slice Root Slice. [ OK ] Created slice User and Session Slice. [ OK ] Created slice System Slice. [ OK ] Created slice system-getty.slice. [ OK ] Reached target Slices. [ OK ] Listening on Delayed Shutdown Socket. [ OK ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Listening on Journal Socket. Starting Journal Service... [ OK ] Started Journal Service. [ OK ] Reached target Paths. Mounting Debug File System... Mounting FUSE Control File System... Starting Create static device nodes in /dev... Mounting POSIX Message Queue File System... [...] [ OK ] Started Login Service. [ OK ] Started Permit User Sessions. Starting Console Getty... [ OK ] Started Console Getty. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. CentOS Linux 7 (Core) Kernel 3.16.7-7-desktop on an x86_64 centos7c0 login:
18 Bootable OS container [3/4] Instance properties OS Properties from inside the container CentOS Linux 7 (Core) Kernel 3.16.7-7-desktop on an x86_64 centos7c0 login: root Password: Last login: Sat Apr 11 23:22:04 on console -bash-4.2# -bash-4.2# hostnamectl Static hostname: centos7c0 Icon name: computer-container Chassis: container Machine ID: afb4a0719ad842c99dd7cc704919a2fe Boot ID: 7c03b147c9114632b96bbeb2a462cf5a Virtualization: systemd-nspawn Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.16.7-7-desktop Architecture: x86_64 -bash-4.2# Container properties # machinectl MACHINE CONTAINER SERVICE centos container nspawn 1 machines listed. physnode1:~ # systemd-cgls ├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21 ├─machine.slice │ └─machine-centos.scope │ ├─10159 /usr/lib/systemd/systemd │ └─system.slice │ ├─dbus.service │ │ └─10184 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation │ ├─systemd-journald.service │ │ └─10167 /usr/lib/systemd/systemd-journald │ ├─systemd-logind.service │ │ └─10183 /usr/lib/systemd/systemd-logind │ └─console-getty.service │ └─10189 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 ├─system.slice
19 Bootable OS container [4/4] Shutdown container • Shutdown container from the inside: ‣ Type: `init 0` or `poweroff` Note: will require running init in container ‣ Type: ^]^]^] ( 3x CTRL+[ ) • Shutdown container from the host ‣ machinectl terminate $CONT -bash-4.2# init 0 [ OK ] Removed slice user-0.slice. [ OK ] Removed slice system-getty.slice. Stopping Hostname Service... [ OK ] Stopped target Graphical Interface. [ OK ] Stopped target Multi-User System. [ OK ] Stopped target Login Prompts. Stopping Console Getty... Stopping Login Service... Stopping D-Bus System Message Bus... [ OK ] Stopped Login Service. [ OK ] Stopped D-Bus System Message Bus. [ OK ] Stopped Console Getty. Stopping Permit User Sessions... [ OK ] Stopped Permit User Sessions. [ OK ] Stopped target Remote File Systems. [ OK ] Stopped Hostname Service. [ OK ] Stopped target Basic System. [ OK ] Stopped target Slices. [ OK ] Removed slice User and Session Slice. [ OK ] Stopped target Paths. [ OK ] Stopped target Timers. [ OK ] Stopped target Sockets. [ OK ] Closed D-Bus System Message Bus Socket. [ OK ] Stopped target System Initialization. [ OK ] Stopped target Encrypted Volumes. Stopping Load/Save Random Seed... Stopping Update UTMP about System Reboot/Shutdown... [ OK ] Stopped target Swap. [ OK ] Stopped Update UTMP about System Reboot/Shutdown. [ OK ] Stopped Load/Save Random Seed. Stopping Create Volatile Files and Directories... [ OK ] Stopped Create Volatile Files and Directories. [ OK ] Reached target Shutdown. physnode1:/srv/containers #
20 Networking and systemd-nspawn containers Networking in container -bash-4.2# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: wlp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff inet 10.1.2.27/21 brd 10.1.7.255 scope global dynamic wlp12s0 valid_lft 14611sec preferred_lft 14611sec inet6 fe80::224:d6ff:fe89:521e/64 scope link valid_lft forever preferred_lft forever 3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:aa:bb:cc:dd:ee brd ff:ff:ff:ff:ff:ff -bash-4.2# md5sum /etc/resolv.conf a92a6e440cd677ad17748aa29c5a7333 /etc/resolv.conf ‣ By default the nspawn container will inherit the network settings ‣ /etc/resolv.conf will be copied into container Networking at Host OS physnode1:~ # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: wlp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff inet 10.1.2.27/21 brd 10.1.7.255 scope global dynamic wlp12s0 valid_lft 14433sec preferred_lft 14433sec inet6 fe80::224:d6ff:fe89:521e/64 scope link valid_lft forever preferred_lft forever 3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether 00:aa:bb:cc:dd:ee brd ff:ff:ff:ff:ff:ff physnode1:~ # md5sum /etc/resolv.conf a92a6e440cd677ad17748aa29c5a7333 /etc/resolv.conf

Recommended for you

U boot porting guide for SoC
U boot porting guide for SoCU boot porting guide for SoC
U boot porting guide for SoC

This document provides an overview of the steps to port the U-boot bootloader to a new SoC using the NDS32 architecture as an example. It describes the directory structure of U-boot and key files related to the architecture, board, configuration, and device drivers. The document outlines where to define SoC hardware addresses, initialize board-specific peripherals, configure options, and implement device drivers to support the new SoC and board.

 
by Macpaul Lin
nds32u-bootembedded
Linux kernel Architecture and Properties
Linux kernel Architecture and PropertiesLinux kernel Architecture and Properties
Linux kernel Architecture and Properties

This document discusses the key components and architecture of the Linux kernel. It begins by defining the kernel as the central module of an operating system that loads first and remains in memory, providing essential services. It then describes the major subsystems of Linux, including process management, memory management, virtual file systems, network stacks, and device drivers. It concludes that the modular design of the Linux kernel has supported its growth and success through independent and extensible development of these subsystems.

 
by Saadi Rahman
operating system
LCA13: Power State Coordination Interface
LCA13: Power State Coordination InterfaceLCA13: Power State Coordination Interface
LCA13: Power State Coordination Interface

Resource: LCA13 Name: Power State Coordination Interface Date: 05-03-2013 Speaker: Charles Garcia-Tobin

 
by Linaro
2013lca13charles garcia-tobin
21 More advanced networking ‣ Create a virtual ethernet device, with name “vb-$machinename” ‣ Connect veth device to bridge “virbr0” systemd-nspawn -bD /srv/containers/opensuse132/ --network-bridge=virbr0 --network-veth virbr0 veth (host0) veth (vb-opensuse132c0) opensuse132 physnode1 opensuse132c0:~ # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group [...] 2: host0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 36:e3:35:8d:8e:95 brd ff:ff:ff:ff:ff:ff opensuse132c0:~ # physnode1:~ # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group [...] 29: vb-opensuse132c0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 0a:62:90:a4:b5:72 brd ff:ff:ff:ff:ff:ff physnode1:~ #
22 journald and systemd-nspawn containers • Integrating the journal of the host and the container # systemd-nspawn -bD /srv/containers/centos --link-journal=host
23 Containers as Service
24 Container as service • Install Apache and a few other packages • Create a machine-id for the container • Create systemd unit file #install Apache zypper --root /srv/containers/opensuse132/ install openSUSE-release-13.2 apache2 timezone iproute2 rsyslog # set up machine-id systemd-nspawn -D /srv/containers/opensuse132/ systemd-machine-id-setup # unit file: cat <<EOF > /etc/systemd/system/opensuse132c0.service [Unit] Description=Start an openSUSE 13.2 container Wants=network.target nss-lookup.target After=network.target nss-lookup.target [Service] Type=notify PrivateTmp=true ExecStart=/usr/bin/systemd-nspawn -M opensuse132c0 -jD /srv/containers/opensuse132/ ExecStop=/usr/bin/machinectl terminate opensuse132c0 [Install] WantedBy=machines.target EOF

Recommended for you

VMware Advance Troubleshooting Workshop - Day 5
VMware Advance Troubleshooting Workshop - Day 5VMware Advance Troubleshooting Workshop - Day 5
VMware Advance Troubleshooting Workshop - Day 5

This document provides an overview of vMotion capabilities in VMware vSphere, including: - Types of virtual machine migrations like vMotion, Storage vMotion, and shared-nothing vMotion. - Requirements for vMotion like compatible CPUs and network connectivity. - Enhanced features in vSphere 6 like separate vMotion networking stacks and long distance vMotion. - Best practices for vMotion planning, limitations, and troubleshooting migration errors.

 
by Vepsun Technologies
fault tolerancevcap desginvmotion
Page cache in Linux kernel
Page cache in Linux kernelPage cache in Linux kernel
Page cache in Linux kernel

Page cache mechanism in Linux kernel. Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).

 
by Adrian Huang
linux kernelpage cache
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague

Docker allows deploying applications easily across various environments by packaging them along with their dependencies into standardized units called containers. It provides isolation and security while allowing higher density and lower overhead than virtual machines. Core OS and Mesos both integrate with Docker to deploy containers on clusters of machines for scalability and high availability.

 
by tomasbart
docker linux mesos lxc virtualization
25 Managing containers nsenter • nsenter - run program with namespaces of other processes # machinectl MACHINE CONTAINER SERVICE opensuse132c0 container nspawn 1 machines listed. # machinectl status opensuse132c0 opensuse132c0 Since: Sun 2015-04-12 03:54:18 CEST; 37s ago Leader: 17717 (systemd) Service: nspawn; class container Root: /srv/containers/opensuse132 Unit: machine-opensuse132c0.scope ├─17717 /usr/lib/systemd/systemd └─system.slice ├─dbus.service […] # nsenter --target 17717 --mount --uts --ipc --net –pid opensuse132c0:/ # opensuse132c0:/ # systemctl disable rsyslog rm '/etc/systemd/system/multi-user.target.wants/rsyslog.service' rm '/etc/systemd/system/syslog.service' opensuse132c0:/
26 Summary systemd-nspawn • Makes containers easy • Everyone familiar with “chroot” instantly “gets” systemd-nspawn • Does not have special dependencies, like e.g. docker • It is available on all modern Linux distro's
Thank you. 27 Questions?

More Related Content

What's hot

VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3
Vepsun Technologies
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for Innovation
The Linux Foundation
 
[AIX] RDX Device Backup Guide
[AIX] RDX Device Backup Guide[AIX] RDX Device Backup Guide
[AIX] RDX Device Backup Guide
CheolHee Han
 
Introduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & ContainersIntroduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & Containers
Vaibhav Sharma
 
U-Boot presentation 2013
U-Boot presentation 2013U-Boot presentation 2013
U-Boot presentation 2013
Wave Digitech
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
linuxlab_conf
 
Vmware vSphere Api Best Practices
Vmware vSphere Api Best PracticesVmware vSphere Api Best Practices
Vmware vSphere Api Best Practices
Pablo Roesch
 
Hypervisors
HypervisorsHypervisors
Hypervisors
SrikantMishra12
 
containerD
containerDcontainerD
containerD
strikr .
 
Building a Stretched Cluster using Virtual SAN 6.1
Building a Stretched Cluster using Virtual SAN 6.1Building a Stretched Cluster using Virtual SAN 6.1
Building a Stretched Cluster using Virtual SAN 6.1
Duncan Epping
 
iSCSI (Internet Small Computer System Interface)
iSCSI (Internet Small Computer System Interface)iSCSI (Internet Small Computer System Interface)
iSCSI (Internet Small Computer System Interface)
Sayali Koranne
 
Kernel module programming
Kernel module programmingKernel module programming
Kernel module programming
Vandana Salve
 
Decompressed vmlinux: linux kernel initialization from page table configurati...
Decompressed vmlinux: linux kernel initialization from page table configurati...Decompressed vmlinux: linux kernel initialization from page table configurati...
Decompressed vmlinux: linux kernel initialization from page table configurati...
Adrian Huang
 
PCI Drivers
PCI DriversPCI Drivers
PCI Drivers
Anil Kumar Pugalia
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
U boot porting guide for SoC
U boot porting guide for SoCU boot porting guide for SoC
U boot porting guide for SoC
Macpaul Lin
 
Linux kernel Architecture and Properties
Linux kernel Architecture and PropertiesLinux kernel Architecture and Properties
Linux kernel Architecture and Properties
Saadi Rahman
 
LCA13: Power State Coordination Interface
LCA13: Power State Coordination InterfaceLCA13: Power State Coordination Interface
LCA13: Power State Coordination Interface
Linaro
 
VMware Advance Troubleshooting Workshop - Day 5
VMware Advance Troubleshooting Workshop - Day 5VMware Advance Troubleshooting Workshop - Day 5
VMware Advance Troubleshooting Workshop - Day 5
Vepsun Technologies
 
Page cache in Linux kernel
Page cache in Linux kernelPage cache in Linux kernel
Page cache in Linux kernel
Adrian Huang
 

What's hot (20)

VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for Innovation
 
[AIX] RDX Device Backup Guide
[AIX] RDX Device Backup Guide[AIX] RDX Device Backup Guide
[AIX] RDX Device Backup Guide
 
Introduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & ContainersIntroduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & Containers
 
U-Boot presentation 2013
U-Boot presentation 2013U-Boot presentation 2013
U-Boot presentation 2013
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
 
Vmware vSphere Api Best Practices
Vmware vSphere Api Best PracticesVmware vSphere Api Best Practices
Vmware vSphere Api Best Practices
 
Hypervisors
HypervisorsHypervisors
Hypervisors
 
containerD
containerDcontainerD
containerD
 
Building a Stretched Cluster using Virtual SAN 6.1
Building a Stretched Cluster using Virtual SAN 6.1Building a Stretched Cluster using Virtual SAN 6.1
Building a Stretched Cluster using Virtual SAN 6.1
 
iSCSI (Internet Small Computer System Interface)
iSCSI (Internet Small Computer System Interface)iSCSI (Internet Small Computer System Interface)
iSCSI (Internet Small Computer System Interface)
 
Kernel module programming
Kernel module programmingKernel module programming
Kernel module programming
 
Decompressed vmlinux: linux kernel initialization from page table configurati...
Decompressed vmlinux: linux kernel initialization from page table configurati...Decompressed vmlinux: linux kernel initialization from page table configurati...
Decompressed vmlinux: linux kernel initialization from page table configurati...
 
PCI Drivers
PCI DriversPCI Drivers
PCI Drivers
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
 
U boot porting guide for SoC
U boot porting guide for SoCU boot porting guide for SoC
U boot porting guide for SoC
 
Linux kernel Architecture and Properties
Linux kernel Architecture and PropertiesLinux kernel Architecture and Properties
Linux kernel Architecture and Properties
 
LCA13: Power State Coordination Interface
LCA13: Power State Coordination InterfaceLCA13: Power State Coordination Interface
LCA13: Power State Coordination Interface
 
VMware Advance Troubleshooting Workshop - Day 5
VMware Advance Troubleshooting Workshop - Day 5VMware Advance Troubleshooting Workshop - Day 5
VMware Advance Troubleshooting Workshop - Day 5
 
Page cache in Linux kernel
Page cache in Linux kernelPage cache in Linux kernel
Page cache in Linux kernel
 

Similar to Containers with systemd-nspawn

Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
tomasbart
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compact
Alessandro Selli
 
NFD9 - Matt Peterson, Data Center Operations
NFD9 - Matt Peterson, Data Center OperationsNFD9 - Matt Peterson, Data Center Operations
NFD9 - Matt Peterson, Data Center Operations
Cumulus Networks
 
Jana treek 4
Jana treek 4Jana treek 4
Jana treek 4
Jana Treek
 
KCC_Final.pdf
KCC_Final.pdfKCC_Final.pdf
KCC_Final.pdf
Oleg Sehelin
 
unixtoolbox
unixtoolboxunixtoolbox
unixtoolbox
wensheng wei
 
Interview questions
Interview questionsInterview questions
Interview questions
xavier john
 
unixtoolbox.pdf
unixtoolbox.pdfunixtoolbox.pdf
unixtoolbox.pdf
qqlove2
 
unixtoolbox.pdf
unixtoolbox.pdfunixtoolbox.pdf
unixtoolbox.pdf
sonipradeep
 
Unixtoolbox
UnixtoolboxUnixtoolbox
Unixtoolbox
LILIANA FERNANDEZ
 
unixtoolbox.pdf
unixtoolbox.pdfunixtoolbox.pdf
unixtoolbox.pdf
sptlove
 
sptlove
 
sptlove
 
qqlove2
 
Unixtoolbox
UnixtoolboxUnixtoolbox
Unixtoolbox
radikalzen
 
unixtoolbox.pdf
unixtoolbox.pdfunixtoolbox.pdf
unixtoolbox.pdf
sonipradeep
 
Develop
DevelopDevelop
Develop
minimalpk
 
unixtoolbox.pdf
unixtoolbox.pdfunixtoolbox.pdf
unixtoolbox.pdf
sptlove
 
qqlove2
 
sptlove
 

Similar to Containers with systemd-nspawn (20)

Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compact
 
NFD9 - Matt Peterson, Data Center Operations
NFD9 - Matt Peterson, Data Center OperationsNFD9 - Matt Peterson, Data Center Operations
NFD9 - Matt Peterson, Data Center Operations
 
Jana treek 4
Jana treek 4Jana treek 4
Jana treek 4
 
KCC_Final.pdf
KCC_Final.pdfKCC_Final.pdf
KCC_Final.pdf
 
unixtoolbox
unixtoolboxunixtoolbox
unixtoolbox
 
Interview questions
Interview questionsInterview questions
Interview questions
 
unixtoolbox.pdf
unixtoolbox.pdfunixtoolbox.pdf
unixtoolbox.pdf
 
unixtoolbox.pdf
unixtoolbox.pdfunixtoolbox.pdf
unixtoolbox.pdf
 
Unixtoolbox
UnixtoolboxUnixtoolbox
Unixtoolbox
 
unixtoolbox.pdf
unixtoolbox.pdfunixtoolbox.pdf
unixtoolbox.pdf
 
 
 
 
Unixtoolbox
UnixtoolboxUnixtoolbox
Unixtoolbox
 
unixtoolbox.pdf
unixtoolbox.pdfunixtoolbox.pdf
unixtoolbox.pdf
 
Develop
DevelopDevelop
Develop
 
unixtoolbox.pdf
unixtoolbox.pdfunixtoolbox.pdf
unixtoolbox.pdf
 
 
 

Recently uploaded

Ported to Cloud with Wing_ Blue ZnZone app from _Hexagonal Architecture Expla...
Ported to Cloud with Wing_ Blue ZnZone app from _Hexagonal Architecture Expla...Ported to Cloud with Wing_ Blue ZnZone app from _Hexagonal Architecture Expla...
Ported to Cloud with Wing_ Blue ZnZone app from _Hexagonal Architecture Expla...
Asher Sterkin
 
dachnug51 - Whats new in domino 14 .pdf
dachnug51 - Whats new in domino 14 .pdfdachnug51 - Whats new in domino 14 .pdf
dachnug51 - Whats new in domino 14 .pdf
DNUG e.V.
 
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple StepsSeamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
Estuary Flow
 
Overview of ERP - Mechlin Technologies.pptx
Overview of ERP - Mechlin Technologies.pptxOverview of ERP - Mechlin Technologies.pptx
Overview of ERP - Mechlin Technologies.pptx
Mitchell Marsh
 
ENISA Threat Landscape 2023 documentation
ENISA Threat Landscape 2023 documentationENISA Threat Landscape 2023 documentation
ENISA Threat Landscape 2023 documentation
sofiafernandezon
 
dachnug51 - All you ever wanted to know about domino licensing.pdf
dachnug51 - All you ever wanted to know about domino licensing.pdfdachnug51 - All you ever wanted to know about domino licensing.pdf
dachnug51 - All you ever wanted to know about domino licensing.pdf
DNUG e.V.
 
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
What is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for FreeWhat is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for Free
TwisterTools
 
Top 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your WebsiteTop 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your Website
e-Definers Technology
 
Break data silos with real-time connectivity using Confluent Cloud Connectors
Break data silos with real-time connectivity using Confluent Cloud ConnectorsBreak data silos with real-time connectivity using Confluent Cloud Connectors
Break data silos with real-time connectivity using Confluent Cloud Connectors
confluent
 
ThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and DjangoThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and Django
akshesh doshi
 
Addressing the Top 9 User Pain Points with Visual Design Elements.pptx
Addressing the Top 9 User Pain Points with Visual Design Elements.pptxAddressing the Top 9 User Pain Points with Visual Design Elements.pptx
Addressing the Top 9 User Pain Points with Visual Design Elements.pptx
Sparity1
 
Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)
miso_uam
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdfAWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
karim wahed
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
sudsdeep
 
Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …
908dutch
 
Development of Chatbot Using AI\ML Technologies
Development of Chatbot Using AI\ML TechnologiesDevelopment of Chatbot Using AI\ML Technologies
Development of Chatbot Using AI\ML Technologies
MaisnamLuwangPibarel
 
ANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdfANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdf
sachin chaurasia
 
NYC 26-Jun-2024 Combined Presentations.pdf
NYC 26-Jun-2024 Combined Presentations.pdfNYC 26-Jun-2024 Combined Presentations.pdf
NYC 26-Jun-2024 Combined Presentations.pdf
AUGNYC
 
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
avufu
 

Recently uploaded (20)

Ported to Cloud with Wing_ Blue ZnZone app from _Hexagonal Architecture Expla...
Ported to Cloud with Wing_ Blue ZnZone app from _Hexagonal Architecture Expla...Ported to Cloud with Wing_ Blue ZnZone app from _Hexagonal Architecture Expla...
Ported to Cloud with Wing_ Blue ZnZone app from _Hexagonal Architecture Expla...
 
dachnug51 - Whats new in domino 14 .pdf
dachnug51 - Whats new in domino 14 .pdfdachnug51 - Whats new in domino 14 .pdf
dachnug51 - Whats new in domino 14 .pdf
 
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple StepsSeamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple Steps
 
Overview of ERP - Mechlin Technologies.pptx
Overview of ERP - Mechlin Technologies.pptxOverview of ERP - Mechlin Technologies.pptx
Overview of ERP - Mechlin Technologies.pptx
 
ENISA Threat Landscape 2023 documentation
ENISA Threat Landscape 2023 documentationENISA Threat Landscape 2023 documentation
ENISA Threat Landscape 2023 documentation
 
dachnug51 - All you ever wanted to know about domino licensing.pdf
dachnug51 - All you ever wanted to know about domino licensing.pdfdachnug51 - All you ever wanted to know about domino licensing.pdf
dachnug51 - All you ever wanted to know about domino licensing.pdf
 
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
Abortion pills in Fujairah *((+971588192166*)☎️)¥) **Effective Abortion Pills...
 
What is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for FreeWhat is OCR Technology and How to Extract Text from Any Image for Free
What is OCR Technology and How to Extract Text from Any Image for Free
 
Top 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your WebsiteTop 10 Tips To Get Google AdSense For Your Website
Top 10 Tips To Get Google AdSense For Your Website
 
Break data silos with real-time connectivity using Confluent Cloud Connectors
Break data silos with real-time connectivity using Confluent Cloud ConnectorsBreak data silos with real-time connectivity using Confluent Cloud Connectors
Break data silos with real-time connectivity using Confluent Cloud Connectors
 
ThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and DjangoThaiPy meetup - Indexes and Django
ThaiPy meetup - Indexes and Django
 
Addressing the Top 9 User Pain Points with Visual Design Elements.pptx
Addressing the Top 9 User Pain Points with Visual Design Elements.pptxAddressing the Top 9 User Pain Points with Visual Design Elements.pptx
Addressing the Top 9 User Pain Points with Visual Design Elements.pptx
 
Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)
 
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdfAWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
AWS Cloud Practitioner Essentials (Second Edition) (Arabic) AWS Security .pdf
 
Splunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptxSplunk_Remote_Work_Insights_Overview.pptx
Splunk_Remote_Work_Insights_Overview.pptx
 
Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …Prada Group Reports Strong Growth in First Quarter …
Prada Group Reports Strong Growth in First Quarter …
 
Development of Chatbot Using AI\ML Technologies
Development of Chatbot Using AI\ML TechnologiesDevelopment of Chatbot Using AI\ML Technologies
Development of Chatbot Using AI\ML Technologies
 
ANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdfANSYS Mechanical APDL Introductory Tutorials.pdf
ANSYS Mechanical APDL Introductory Tutorials.pdf
 
NYC 26-Jun-2024 Combined Presentations.pdf
NYC 26-Jun-2024 Combined Presentations.pdfNYC 26-Jun-2024 Combined Presentations.pdf
NYC 26-Jun-2024 Combined Presentations.pdf
 
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
一比一原版英国牛津大学毕业证(oxon毕业证书)如何办理
 

Containers with systemd-nspawn

  • 1. Containers with systemd-nspawn Gábor Nyers Consultant & Trainer @Trebut gnyers@trebut.com @gabornyers
  • 2. Agenda ● An example systemd-nspawn container ● What is systemd-nspawn and systemd ● Related Concept: Kernel CGroups ● Bootable containters ● Containers as Service ● Advanced topic: Socket Activation
  • 4. 4 A Simple Application Container • Start up container • List of processes • Try to install package ‣ Limited footprint and exposure! • On host OS: list kernel control groups: # systemd-nspawn -jD /srv/containers/opensuse132/ -M opensuse132c0 /bin/bash # opensuse132c0:~ # ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 04:16 ? 00:00:00 -bash root 43 1 0 04:18 ? 00:00:00 ps -ef # opensuse132c0:~ # zypper install wget -bash: zypper: command not found # # machinectl MACHINE CONTAINER SERVICE opensuse132c0 container nspawn 1 machines listed. physnode1:~ # # systemd-cgls ├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21 ├─machine.slice │ └─machine-opensuse132c0.scope │ └─18329 -bash […] # ps -ef -o pid,ppid,machine,cmd
  • 5. 5 Create application container • Bootstrap directory • Install a few packages # zypper --root /srv/containers/opensuse132/ addrepo http://download.opensuse.org/distribution/13.2/repo/oss/ repo-oss # zypper --root /srv/containers/opensuse132/ addrepo http://download.opensuse.org/distribution/13.2/repo/non-oss/ repo-non-oss # zypper --root /srv/containers/opensuse132/ install openSUSE-release-13.2 install bash procps coreutils vim
  • 6. 6 systemd-nspawn • What is systemd? • What is systemd-nspawn? • Adoption
  • 7. 7 What is systemd? 1/3 • a system- and session manager for Linux, • provides aggressive parallelization capabilities, (no shell during boot!) • uses socket and D-Bus activation for starting services, • offers on-demand starting of services, • keeps track of processes using Linux cgroups,
  • 8. 8 What is systemd? 2/3 • supports restoring the system's state to a predefined state, • maintains mount and auto-mount points, • provides dependency based service control logic, • provides replacement for a nr. of well-known tools, e.g.: udev, automount, inetd, consolekit and syslog, • a drop-in replacement for sysvinit
  • 9. 9 What is systemd? 3/3 There is a lot of criticism and opinions as well... • “It's not the UNIX way” referring to the “do one thing and do it well” maxim • “It's monolithic” • “It introduces too many dependencies” • (and worse) ... but we won't be addressing these today :-)
  • 10. 10 An aside: People and Innovation... “If I had asked people what they wanted, they would have said faster horses” Henry Ford
  • 11. 11 What is systemd-nspawn? • “chroot on steroids...” • Invented for debug and test of systemd development • Turns out to be a great container manager • systemd-nspawn vs. docker ‣ Management container vs. container+images ‣ Inherited networking vs. Need to set up networking
  • 12. 12 systemd adoption Distribution Added to repositories Enabled by default? Released as default SUSE Linux Enterprise v12 Yes Yes openSUSE v11.4 Yes v12.2 (2012) Fedora v15 (2011) Yes v15 (2011) Red Hat Linux Enterprise v7 (2014) Yes v7 (2014) Debian in 2012 Yes v8 (2015) Arch Linux in 2012 Yes 2012 Ubuntu v13.04 (2013) Yes v15.04 (2015) see also: http://en.wikipedia.org/wiki/Systemd#Adoption_and_reception
  • 13. 13 Related Concept • Kernel cgroups (independent of systemd)
  • 14. 14 Kernel Cgroups (Control Groups) • Linux Kernel facility allowing the grouping of processes (and their “children”) into a tree-structure hierarchy • Each group can be assigned a quota for these system resources: ‣ CPU ‣ RAM ‣ Disk I/O ‣ Network I/O Control groups hierarchy created by systemd ├─machine.slice │ └─machine-qemux2dsles1201.scope │ └─20958 /usr/bin/qemu-system-x86_64 -m... ├─user.slice │ ├─user-0.slice │ │ └─user@0.service │ │ ├─4322 /usr/lib/systemd/systemd --us... │ │ └─4323 (sd-pam) │ ├─user-1000.slice │ │ ├─session-560.scope │ │ │ ├─ 2810 /usr/bin/claws-mail │ │ │ ├─ 3035 /usr/lib64/firefox/firefox │ │ │ ├─ 3086 /usr/lib/mozilla/kmozillahel... │ │ │ ├─ 5459 /bin/bash │ │ │ ├─ 7854 /usr/bin/kwalletmanager --kw... │ │ ├─session-1.scope │ │ │ ├─4179 /bin/bash ./bridge start │ │ │ └─4182 dnsmasq --conf-file=mydnsmasq... │ │ └─user@1000.service │ │ ├─1891 /usr/lib/systemd/systemd --us... │ │ └─1892 (sd-pam) │ └─user-489.slice │ └─user@489.service │ ├─1703 /usr/lib/systemd/systemd --us... │ └─1704 (sd-pam) └─system.slice ├─libvirtd.service │ └─4008 /usr/sbin/libvirtd --listen ├─rsyslog.service │ └─985 /usr/sbin/rsyslogd -n ├─apache2.service │ ├─1254 /usr/sbin/httpd2-prefork -f /et... │ └─1840 /usr/sbin/httpd2-prefork -f /et...
  • 16. 16 Bootable OS container [1/4] Bootstrap • Host properties • Install YUM • Bootstrap RPM DB • Install CentOS 7 release package • Install a few package and their dependencies # hostnamectl Static hostname: physnode1.trebut.com Icon name: computer-laptop Chassis: laptop Machine ID: b4ea4eb15ab7c29b6cc20a47544e5eb7 Boot ID: 3c4e7b5067d247939b89d7e7b57c1132 Operating System: openSUSE 13.2 (Harlequin) (x86_64) CPE OS Name: cpe:/o:opensuse:opensuse:13.2 Kernel: Linux 3.16.7-7-desktop Architecture: x86-64 # zypper install yum # rpm --root /srv/containers/centos/ --initdb # rpm --root /srv/containers/centos/ -ihv http://mirror.centos.org/centos/7.1.1503/os/x86_64/Packages/centos- release-7-1.1503.el7.centos.2.8.x86_64.rpm # yum -y --nogpg --releasever=7 --installroot=/srv/containers/centos/ install systemd passwd yum vim-minimal
  • 17. 17 Bootable OS container [2/4] Boot container • Boot container ‣ systemd-nspawn -bD /srv/containers/centos/ # systemd-nspawn -bD /srv/containers/centos/ systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ) Detected virtualization 'systemd-nspawn'. Welcome to CentOS Linux 7 (Core)! Set hostname to <centos7c0>. [ OK ] Reached target Remote File Systems. [ OK ] Created slice Root Slice. [ OK ] Created slice User and Session Slice. [ OK ] Created slice System Slice. [ OK ] Created slice system-getty.slice. [ OK ] Reached target Slices. [ OK ] Listening on Delayed Shutdown Socket. [ OK ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Listening on Journal Socket. Starting Journal Service... [ OK ] Started Journal Service. [ OK ] Reached target Paths. Mounting Debug File System... Mounting FUSE Control File System... Starting Create static device nodes in /dev... Mounting POSIX Message Queue File System... [...] [ OK ] Started Login Service. [ OK ] Started Permit User Sessions. Starting Console Getty... [ OK ] Started Console Getty. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. CentOS Linux 7 (Core) Kernel 3.16.7-7-desktop on an x86_64 centos7c0 login:
  • 18. 18 Bootable OS container [3/4] Instance properties OS Properties from inside the container CentOS Linux 7 (Core) Kernel 3.16.7-7-desktop on an x86_64 centos7c0 login: root Password: Last login: Sat Apr 11 23:22:04 on console -bash-4.2# -bash-4.2# hostnamectl Static hostname: centos7c0 Icon name: computer-container Chassis: container Machine ID: afb4a0719ad842c99dd7cc704919a2fe Boot ID: 7c03b147c9114632b96bbeb2a462cf5a Virtualization: systemd-nspawn Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.16.7-7-desktop Architecture: x86_64 -bash-4.2# Container properties # machinectl MACHINE CONTAINER SERVICE centos container nspawn 1 machines listed. physnode1:~ # systemd-cgls ├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21 ├─machine.slice │ └─machine-centos.scope │ ├─10159 /usr/lib/systemd/systemd │ └─system.slice │ ├─dbus.service │ │ └─10184 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation │ ├─systemd-journald.service │ │ └─10167 /usr/lib/systemd/systemd-journald │ ├─systemd-logind.service │ │ └─10183 /usr/lib/systemd/systemd-logind │ └─console-getty.service │ └─10189 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 ├─system.slice
  • 19. 19 Bootable OS container [4/4] Shutdown container • Shutdown container from the inside: ‣ Type: `init 0` or `poweroff` Note: will require running init in container ‣ Type: ^]^]^] ( 3x CTRL+[ ) • Shutdown container from the host ‣ machinectl terminate $CONT -bash-4.2# init 0 [ OK ] Removed slice user-0.slice. [ OK ] Removed slice system-getty.slice. Stopping Hostname Service... [ OK ] Stopped target Graphical Interface. [ OK ] Stopped target Multi-User System. [ OK ] Stopped target Login Prompts. Stopping Console Getty... Stopping Login Service... Stopping D-Bus System Message Bus... [ OK ] Stopped Login Service. [ OK ] Stopped D-Bus System Message Bus. [ OK ] Stopped Console Getty. Stopping Permit User Sessions... [ OK ] Stopped Permit User Sessions. [ OK ] Stopped target Remote File Systems. [ OK ] Stopped Hostname Service. [ OK ] Stopped target Basic System. [ OK ] Stopped target Slices. [ OK ] Removed slice User and Session Slice. [ OK ] Stopped target Paths. [ OK ] Stopped target Timers. [ OK ] Stopped target Sockets. [ OK ] Closed D-Bus System Message Bus Socket. [ OK ] Stopped target System Initialization. [ OK ] Stopped target Encrypted Volumes. Stopping Load/Save Random Seed... Stopping Update UTMP about System Reboot/Shutdown... [ OK ] Stopped target Swap. [ OK ] Stopped Update UTMP about System Reboot/Shutdown. [ OK ] Stopped Load/Save Random Seed. Stopping Create Volatile Files and Directories... [ OK ] Stopped Create Volatile Files and Directories. [ OK ] Reached target Shutdown. physnode1:/srv/containers #
  • 20. 20 Networking and systemd-nspawn containers Networking in container -bash-4.2# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: wlp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff inet 10.1.2.27/21 brd 10.1.7.255 scope global dynamic wlp12s0 valid_lft 14611sec preferred_lft 14611sec inet6 fe80::224:d6ff:fe89:521e/64 scope link valid_lft forever preferred_lft forever 3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:aa:bb:cc:dd:ee brd ff:ff:ff:ff:ff:ff -bash-4.2# md5sum /etc/resolv.conf a92a6e440cd677ad17748aa29c5a7333 /etc/resolv.conf ‣ By default the nspawn container will inherit the network settings ‣ /etc/resolv.conf will be copied into container Networking at Host OS physnode1:~ # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: wlp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff inet 10.1.2.27/21 brd 10.1.7.255 scope global dynamic wlp12s0 valid_lft 14433sec preferred_lft 14433sec inet6 fe80::224:d6ff:fe89:521e/64 scope link valid_lft forever preferred_lft forever 3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether 00:aa:bb:cc:dd:ee brd ff:ff:ff:ff:ff:ff physnode1:~ # md5sum /etc/resolv.conf a92a6e440cd677ad17748aa29c5a7333 /etc/resolv.conf
  • 21. 21 More advanced networking ‣ Create a virtual ethernet device, with name “vb-$machinename” ‣ Connect veth device to bridge “virbr0” systemd-nspawn -bD /srv/containers/opensuse132/ --network-bridge=virbr0 --network-veth virbr0 veth (host0) veth (vb-opensuse132c0) opensuse132 physnode1 opensuse132c0:~ # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group [...] 2: host0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 36:e3:35:8d:8e:95 brd ff:ff:ff:ff:ff:ff opensuse132c0:~ # physnode1:~ # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group [...] 29: vb-opensuse132c0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 0a:62:90:a4:b5:72 brd ff:ff:ff:ff:ff:ff physnode1:~ #
  • 22. 22 journald and systemd-nspawn containers • Integrating the journal of the host and the container # systemd-nspawn -bD /srv/containers/centos --link-journal=host
  • 24. 24 Container as service • Install Apache and a few other packages • Create a machine-id for the container • Create systemd unit file #install Apache zypper --root /srv/containers/opensuse132/ install openSUSE-release-13.2 apache2 timezone iproute2 rsyslog # set up machine-id systemd-nspawn -D /srv/containers/opensuse132/ systemd-machine-id-setup # unit file: cat <<EOF > /etc/systemd/system/opensuse132c0.service [Unit] Description=Start an openSUSE 13.2 container Wants=network.target nss-lookup.target After=network.target nss-lookup.target [Service] Type=notify PrivateTmp=true ExecStart=/usr/bin/systemd-nspawn -M opensuse132c0 -jD /srv/containers/opensuse132/ ExecStop=/usr/bin/machinectl terminate opensuse132c0 [Install] WantedBy=machines.target EOF
  • 25. 25 Managing containers nsenter • nsenter - run program with namespaces of other processes # machinectl MACHINE CONTAINER SERVICE opensuse132c0 container nspawn 1 machines listed. # machinectl status opensuse132c0 opensuse132c0 Since: Sun 2015-04-12 03:54:18 CEST; 37s ago Leader: 17717 (systemd) Service: nspawn; class container Root: /srv/containers/opensuse132 Unit: machine-opensuse132c0.scope ├─17717 /usr/lib/systemd/systemd └─system.slice ├─dbus.service […] # nsenter --target 17717 --mount --uts --ipc --net –pid opensuse132c0:/ # opensuse132c0:/ # systemctl disable rsyslog rm '/etc/systemd/system/multi-user.target.wants/rsyslog.service' rm '/etc/systemd/system/syslog.service' opensuse132c0:/
  • 26. 26 Summary systemd-nspawn • Makes containers easy • Everyone familiar with “chroot” instantly “gets” systemd-nspawn • Does not have special dependencies, like e.g. docker • It is available on all modern Linux distro's