While probably the most prominent, Docker is not the only tool for building and managing containers. Originally meant to be a "chroot on steroids" to help debug systemd, systemd-nspawn provides a fairly uncomplicated approach to work with containers. Being part of systemd, it is available on most recent distributions out-of-the-box and requires no additional dependencies.
This deck will introduce a few concepts involved in containers and will guide you through the steps of building a container from scratch. The payload will be a simple service, which will be automatically activated by systemd when the first request arrives.
Introduction to OS LEVEL Virtualization & Containers
This Presentation contains information about os level virtualization and Containers internals. It has used other material on slide share which is referenced in Notes of PPT
U-Boot is an open source boot loader that initializes hardware and loads operating systems. It supports many CPUs and boards. The boot process involves a pre-relocation phase where U-Boot initializes hardware and copies itself to RAM, and a post-relocation phase where it finishes hardware initialization and loads the kernel or operating system. Debugging can be done before and after relocation by setting breakpoints and examining memory.
U-Boot project has evolved in the time span of over 17 years and so as its complexity and its uses. This has made it a daunting task in getting started with its development and uses. This talk will address all these issues start with overview, features, efforts created by community and future plans.
The U-Boot project has evolved in the time span of over 17 years and so as its complexity and its uses. This has made it a daunting task in getting started with its development and uses. This talk will address all these issues and share development efforts created by the U-Boot community.
In this talk Jagan Teki(Maintainer for Allwinner SoC, SPI, SPI FLASH Subsystems) will introduce U-Boot from scratch with a brief overview of U-Boot history, U-Boot Proper, SPL, TPL, Build process and Startup sequence. He will talk about other preliminaries such as Image booting, Falcon Mode, Secure Boot and U-Boot features like device tree, device overlays, driver model and DFU, etc.
Once giving enough introduction, he will also talk about steps to port U-Boot to new hardware with a demo, along with U-Boot testing process. Finally, he will address and review ongoing development work, issues and future development regarding U-Boot.
Balaji Parimi VMware R&D describes best practices when using the vSphere APIs. The VMware vSphere APIs can be used to build VMware vSphere management solutions. Virtual Machines, Host Management, Performance Monitoring. To learn more visit our community. http://developer.vmware.com
The document describes hypervisors and their role in virtualization. It discusses how a hypervisor sits between virtual machines and hardware to provide an isolated environment for each VM. It also compares different types of hypervisors, including describing how early hypervisors used full virtualization through trap-and-emulate to virtualize privileged instructions. The document then discusses the design conditions for a hypervisor based on Popek and Goldberg's virtualization theorem, including how the hypervisor must provide equivalence, performance, and resource control for virtual machines.
ContainerD is a daemon that controls the runC runtime to execute and manage containers according to the OCI specification. It has a gRPC API and a low-level CLI (ctr) for debugging. ContainerD is designed to be embedded in larger systems rather than directly used by end-users. It focuses on container execution, images, storage, and networking.
This presentation gives introduction to kernel module programming with sample kernel module.
It helps to start with kernel programming and how it can be used to develop various types of device drivers.
Decompressed vmlinux: linux kernel initialization from page table configurati...
Talk about how Linux kernel initializes the page table.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
This document provides an overview of the steps to port the U-boot bootloader to a new SoC using the NDS32 architecture as an example. It describes the directory structure of U-boot and key files related to the architecture, board, configuration, and device drivers. The document outlines where to define SoC hardware addresses, initialize board-specific peripherals, configure options, and implement device drivers to support the new SoC and board.
This document discusses the key components and architecture of the Linux kernel. It begins by defining the kernel as the central module of an operating system that loads first and remains in memory, providing essential services. It then describes the major subsystems of Linux, including process management, memory management, virtual file systems, network stacks, and device drivers. It concludes that the modular design of the Linux kernel has supported its growth and success through independent and extensible development of these subsystems.
This document provides an overview of vMotion capabilities in VMware vSphere, including:
- Types of virtual machine migrations like vMotion, Storage vMotion, and shared-nothing vMotion.
- Requirements for vMotion like compatible CPUs and network connectivity.
- Enhanced features in vSphere 6 like separate vMotion networking stacks and long distance vMotion.
- Best practices for vMotion planning, limitations, and troubleshooting migration errors.
Page cache mechanism in Linux kernel.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Docker allows deploying applications easily across various environments by packaging them along with their dependencies into standardized units called containers. It provides isolation and security while allowing higher density and lower overhead than virtual machines. Core OS and Mesos both integrate with Docker to deploy containers on clusters of machines for scalability and high availability.
The document provides an introduction to VMware vSphere distributed switches. It lists the benefits of distributed switches over standard switches, describes the distributed switch architecture, and discusses how to create, manage, and configure distributed switches and their properties. It also covers topics like distributed port groups, VMkernel networking, NetFlow, private VLANs, and troubleshooting distributed switch issues.
This document summarizes Russell Pavlicek's presentation on the bare-metal hypervisor as a platform for innovation. Some key innovations enabled by the bare-metal hypervisor discussed include Xen Automotive for developing embedded automotive systems, real-time virtualization support, an ARM-based hypervisor for new applications on ARM architecture, and unikernel systems that create highly secure and efficient cloud applications. A bare-metal hypervisor provides advantages like density, scalability, security and custom scheduling that facilitate these innovations.
Introduction to OS LEVEL Virtualization & ContainersVaibhav Sharma
This Presentation contains information about os level virtualization and Containers internals. It has used other material on slide share which is referenced in Notes of PPT
U-Boot is an open source boot loader that initializes hardware and loads operating systems. It supports many CPUs and boards. The boot process involves a pre-relocation phase where U-Boot initializes hardware and copies itself to RAM, and a post-relocation phase where it finishes hardware initialization and loads the kernel or operating system. Debugging can be done before and after relocation by setting breakpoints and examining memory.
U-Boot project has evolved in the time span of over 17 years and so as its complexity and its uses. This has made it a daunting task in getting started with its development and uses. This talk will address all these issues start with overview, features, efforts created by community and future plans.
The U-Boot project has evolved in the time span of over 17 years and so as its complexity and its uses. This has made it a daunting task in getting started with its development and uses. This talk will address all these issues and share development efforts created by the U-Boot community.
In this talk Jagan Teki(Maintainer for Allwinner SoC, SPI, SPI FLASH Subsystems) will introduce U-Boot from scratch with a brief overview of U-Boot history, U-Boot Proper, SPL, TPL, Build process and Startup sequence. He will talk about other preliminaries such as Image booting, Falcon Mode, Secure Boot and U-Boot features like device tree, device overlays, driver model and DFU, etc.
Once giving enough introduction, he will also talk about steps to port U-Boot to new hardware with a demo, along with U-Boot testing process. Finally, he will address and review ongoing development work, issues and future development regarding U-Boot.
Balaji Parimi VMware R&D describes best practices when using the vSphere APIs. The VMware vSphere APIs can be used to build VMware vSphere management solutions. Virtual Machines, Host Management, Performance Monitoring. To learn more visit our community. http://developer.vmware.com
The document describes hypervisors and their role in virtualization. It discusses how a hypervisor sits between virtual machines and hardware to provide an isolated environment for each VM. It also compares different types of hypervisors, including describing how early hypervisors used full virtualization through trap-and-emulate to virtualize privileged instructions. The document then discusses the design conditions for a hypervisor based on Popek and Goldberg's virtualization theorem, including how the hypervisor must provide equivalence, performance, and resource control for virtual machines.
ContainerD is a daemon that controls the runC runtime to execute and manage containers according to the OCI specification. It has a gRPC API and a low-level CLI (ctr) for debugging. ContainerD is designed to be embedded in larger systems rather than directly used by end-users. It focuses on container execution, images, storage, and networking.
This presentation gives introduction to kernel module programming with sample kernel module.
It helps to start with kernel programming and how it can be used to develop various types of device drivers.
Decompressed vmlinux: linux kernel initialization from page table configurati...Adrian Huang
Talk about how Linux kernel initializes the page table.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
This document provides an overview of the steps to port the U-boot bootloader to a new SoC using the NDS32 architecture as an example. It describes the directory structure of U-boot and key files related to the architecture, board, configuration, and device drivers. The document outlines where to define SoC hardware addresses, initialize board-specific peripherals, configure options, and implement device drivers to support the new SoC and board.
Linux kernel Architecture and PropertiesSaadi Rahman
This document discusses the key components and architecture of the Linux kernel. It begins by defining the kernel as the central module of an operating system that loads first and remains in memory, providing essential services. It then describes the major subsystems of Linux, including process management, memory management, virtual file systems, network stacks, and device drivers. It concludes that the modular design of the Linux kernel has supported its growth and success through independent and extensible development of these subsystems.
This document provides an overview of vMotion capabilities in VMware vSphere, including:
- Types of virtual machine migrations like vMotion, Storage vMotion, and shared-nothing vMotion.
- Requirements for vMotion like compatible CPUs and network connectivity.
- Enhanced features in vSphere 6 like separate vMotion networking stacks and long distance vMotion.
- Best practices for vMotion planning, limitations, and troubleshooting migration errors.
Page cache mechanism in Linux kernel.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Docker and friends at Linux Days 2014 in Praguetomasbart
Docker allows deploying applications easily across various environments by packaging them along with their dependencies into standardized units called containers. It provides isolation and security while allowing higher density and lower overhead than virtual machines. Core OS and Mesos both integrate with Docker to deploy containers on clusters of machines for scalability and high availability.
Cumulus Linux supports great networking, what’s next? Matt Peterson (@dorkmatt) our resident expert from the office of the CTO shares his previous experience, his views on devops, and how Cumulus Networks makes it easier to manage networks with ONIE, ZTP and no CLI! “Devops is a lifestyle, shared responsibility”. With Linux as the networks OS, “it’s all just one apt-get away!”
Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek Jana treek
The document is a reference guide for Unix/Linux commands, organized into sections covering topics such as the system, processes, file system, network, and programming. It provides concise explanations of commands and tasks for advanced users, with the goal of being a practical toolbox reference. Sections include commands for viewing hardware and software information, monitoring system performance and activity, managing users and groups, and configuring process limits.
The document is a reference guide for Unix/Linux commands and tasks useful for system administration and advanced users. It contains over 20 sections covering topics like the system, processes, file system, networking, encryption, version control and programming. Each section provides concise explanations of relevant commands and how to perform common tasks in that area. The reader is expected to have a working knowledge of the Unix environment.
The document provides information about the person's role as a Linux System Engineer including responsibilities like installing hardware, networking, building servers, patching systems, and troubleshooting issues for developers, DBAs and other teams. It also answers questions about supporting different environments, recent challenges, scripting experience, and Linux fundamentals.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration, networking, security, and development tasks. It includes sections on system information, processes, file systems, networking, remote access, backups, permissions, encryption, version control, software installation, printing, databases, shells, scripting, and programming. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is expected.
This document provides a collection of Unix/Linux commands for system administration, networking, security, and development tasks. It includes over 20 sections that cover topics such as the system, processes, file system, networking, encryption, version control, software installation, scripting, and programming. The reader is assumed to have advanced Unix knowledge to utilize the concise explanations provided.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration, networking, security, and development tasks. It includes sections on system information, processes, file systems, networking, remote access, backups, permissions, encryption, version control, software installation, printing, databases, shells, scripting, and programming. The reader is assumed to have advanced Unix knowledge to use the concise explanations provided.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is assumed.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is expected.
This document provides a collection of Unix/Linux commands for system administration, networking, security, and development tasks. It includes over 20 sections that cover topics such as the system, processes, file system, networking, encryption, version control, software installation, scripting, and programming. The reader is assumed to have advanced Unix knowledge to utilize the concise explanations provided.
This document provides a collection of Unix/Linux commands useful for system administration and advanced users. It covers topics such as system information, processes, file systems, networks, encryption, version control, software installation and more. Each section provides concise explanations of commands within that topic area. The reader is expected to have a working knowledge of Unix-like systems.
This document provides a collection of Unix/Linux commands for system administration tasks. It covers topics such as the system, processes, file system, network, encryption, version control, software installation and more. Each section provides concise explanations of relevant commands and many include page references for further details. Advanced knowledge of the operating system is assumed.
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple StepsEstuary Flow
Unlock the full potential of your data by effortlessly migrating from PostgreSQL to Snowflake, the leading cloud data warehouse. This comprehensive guide presents an easy-to-follow 8-step process using Estuary Flow, an open-source data operations platform designed to simplify data pipelines.
Discover how to seamlessly transfer your PostgreSQL data to Snowflake, leveraging Estuary Flow's intuitive interface and powerful real-time replication capabilities. Harness the power of both platforms to create a robust data ecosystem that drives business intelligence, analytics, and data-driven decision-making.
Key Takeaways:
1. Effortless Migration: Learn how to migrate your PostgreSQL data to Snowflake in 8 simple steps, even with limited technical expertise.
2. Real-Time Insights: Achieve near-instantaneous data syncing for up-to-the-minute analytics and reporting.
3. Cost-Effective Solution: Lower your total cost of ownership (TCO) with Estuary Flow's efficient and scalable architecture.
4. Seamless Integration: Combine the strengths of PostgreSQL's transactional power with Snowflake's cloud-native scalability and data warehousing features.
Don't miss out on this opportunity to unlock the full potential of your data. Read & Download this comprehensive guide now and embark on a seamless data journey from PostgreSQL to Snowflake with Estuary Flow!
Try it Free: https://dashboard.estuary.dev/register
Overview of ERP - Mechlin Technologies.pptxMitchell Marsh
This PowerPoint presentation provides a comprehensive overview of Enterprise Resource Planning (ERP) systems. It covers the fundamental concepts, benefits, and key functionalities of ERP software, illustrating how it integrates various business processes into a unified system. From finance and HR to supply chain and customer relationship management, ERP facilitates efficient data management and decision-making across organizations. Whether you're new to ERP or looking to deepen your understanding, this presentation offers valuable insights into leveraging ERP for business success.
IN Dubai [WHATSAPP:Only (+971588192166**)] Abortion Pills For Sale In Dubai** UAE** Mifepristone and Misoprostol Tablets Available In Dubai** UAE
CONTACT DR. SINDY Whatsapp +971588192166* We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai** Sharjah** Abudhabi** Ajman** Alain** Fujairah** Ras Al Khaimah** Umm Al Quwain** UAE** Buy cytotec in Dubai +971588192166* '''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol** Cytotec” +971588192166* ' Dr.SINDY ''BUY ABORTION PILLS MIFEGEST KIT** MISOPROSTOL** CYTOTEC PILLS IN DUBAI** ABU DHABI**UAE'' Contact me now via What's App… abortion pills in dubai Mtp-Kit Prices
abortion pills available in dubai/abortion pills for sale in dubai/abortion pills in uae/cytotec dubai/abortion pills in abu dhabi/abortion pills available in abu dhabi/abortion tablets in uae
… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all** Cytotec Abortion Pills are Available In Dubai / UAE** you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pills in Dubai** UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if it's beyond 6 months. Our Abu Dhabi** Ajman** Al Ain** Dubai** Fujairah** Ras Al Khaimah (RAK)** Sharjah** Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical** medical and surgical abortion methods for early through late second trimester** including the Abortion By Pill Procedure (RU 486** Mifeprex** Mifepristone** early options French Abortion Pill)** Tamoxifen** Methotrexate and Cytotec (Misoprostol). The Abu Dhabi** United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used** 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need for surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi** United Arab Emirates** uses the latest medications for medical abortions (RU-486** Mifeprex** Mifegyne** Mifepristone** early options French abortion pill)** Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi** United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our
What is OCR Technology and How to Extract Text from Any Image for FreeTwisterTools
Discover the fascinating world of Optical Character Recognition (OCR) technology with our comprehensive presentation. Learn how OCR converts various types of documents, such as scanned paper documents, PDFs, or images captured by a digital camera, into editable and searchable data. Dive into the history, modern applications, and future trends of OCR technology. Get step-by-step instructions on how to extract text from any image online for free using a simple tool, along with best practices for OCR image preparation. Ideal for professionals, students, and tech enthusiasts looking to harness the power of OCR.
Lots of bloggers are using Google AdSense now. It’s getting really popular. With AdSense, bloggers can make money by showing ads on their websites. Read this important article written by the experienced designers of the best website designing company in Delhi –
Break data silos with real-time connectivity using Confluent Cloud Connectorsconfluent
Connectors integrate Apache Kafka® with external data systems, enabling you to move away from a brittle spaghetti architecture to one that is more streamlined, secure, and future-proof. However, if your team still spends multiple dev cycles building and managing connectors using just open source Kafka Connect, it’s time to consider a faster and cost-effective alternative.
Software development... for all? (keynote at ICSOFT'2024)miso_uam
Our world runs on software. It governs all major aspects of our life. It is an enabler for research and innovation, and is critical for business competitivity. Traditional software engineering techniques have achieved high effectiveness, but still may fall short on delivering software at the accelerated pace and with the increasing quality that future scenarios will require.
To attack this issue, some software paradigms raise the automation of software development via higher levels of abstraction through domain-specific languages (e.g., in model-driven engineering) and empowering non-professional developers with the possibility to build their own software (e.g., in low-code development approaches). In a software-demanding world, this is an attractive possibility, and perhaps -- paraphrasing Andy Warhol -- "in the future, everyone will be a developer for 15 minutes". However, to make this possible, methods are required to tweak languages to their context of use (crucial given the diversity of backgrounds and purposes), and the assistance to developers throughout the development process (especially critical for non-professionals).
In this keynote talk at ICSOFT'2024 I presented enabling techniques for this vision, supporting the creation of families of domain-specific languages, their adaptation to the usage context; and the augmentation of low-code environments with assistants and recommender systems to guide developers (professional or not) in the development process.
A captivating AI chatbot PowerPoint presentation is made with a striking backdrop in order to attract a wider audience. Select this template featuring several AI chatbot visuals to boost audience engagement and spontaneity. With the aid of this multi-colored template, you may make a compelling presentation and get extra bonuses. To easily elucidate your ideas, choose a typeface with vibrant colors. You can include your data regarding utilizing the chatbot methodology to the remaining half of the template.
Ansys Mechanical enables you to solve complex structural engineering problems and make better, faster design decisions. With the finite element analysis (FEA) solvers available in the suite, you can customize and automate solutions for your structural mechanics problems and parameterize them to analyze multiple design scenarios. Ansys Mechanical is a dynamic tool that has a complete range of analysis tools.
2. Agenda
● An example systemd-nspawn container
● What is systemd-nspawn and systemd
● Related Concept: Kernel CGroups
● Bootable containters
● Containers as Service
● Advanced topic: Socket Activation
7. 7
What is systemd? 1/3
• a system- and session manager for Linux,
• provides aggressive parallelization capabilities,
(no shell during boot!)
• uses socket and D-Bus activation for starting services,
• offers on-demand starting of services,
• keeps track of processes using Linux cgroups,
8. 8
What is systemd? 2/3
• supports restoring the system's state to a predefined state,
• maintains mount and auto-mount points,
• provides dependency based service control logic,
• provides replacement for a nr. of well-known tools, e.g.:
udev, automount, inetd, consolekit and syslog,
• a drop-in replacement for sysvinit
9. 9
What is systemd? 3/3
There is a lot of criticism and opinions as well...
• “It's not the UNIX way”
referring to the “do one thing and do it well” maxim
• “It's monolithic”
• “It introduces too many dependencies”
• (and worse)
... but we won't be addressing these today :-)
10. 10
An aside: People and Innovation...
“If I had asked people
what they wanted, they
would have said faster
horses”
Henry Ford
11. 11
What is systemd-nspawn?
• “chroot on steroids...”
• Invented for debug and test of systemd development
• Turns out to be a great container manager
• systemd-nspawn vs. docker
‣ Management container vs. container+images
‣ Inherited networking vs. Need to set up networking
12. 12
systemd adoption
Distribution Added to repositories Enabled by default? Released as default
SUSE Linux
Enterprise
v12 Yes Yes
openSUSE v11.4 Yes v12.2 (2012)
Fedora v15 (2011) Yes v15 (2011)
Red Hat Linux
Enterprise
v7 (2014) Yes v7 (2014)
Debian in 2012 Yes v8 (2015)
Arch Linux in 2012 Yes 2012
Ubuntu v13.04 (2013) Yes v15.04 (2015)
see also: http://en.wikipedia.org/wiki/Systemd#Adoption_and_reception
17. 17
Bootable OS container [2/4]
Boot container
• Boot container
‣ systemd-nspawn
-bD /srv/containers/centos/
# systemd-nspawn -bD /srv/containers/centos/
systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX
+IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
Detected virtualization 'systemd-nspawn'.
Welcome to CentOS Linux 7 (Core)!
Set hostname to <centos7c0>.
[ OK ] Reached target Remote File Systems.
[ OK ] Created slice Root Slice.
[ OK ] Created slice User and Session Slice.
[ OK ] Created slice System Slice.
[ OK ] Created slice system-getty.slice.
[ OK ] Reached target Slices.
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Socket.
Starting Journal Service...
[ OK ] Started Journal Service.
[ OK ] Reached target Paths.
Mounting Debug File System...
Mounting FUSE Control File System...
Starting Create static device nodes in /dev...
Mounting POSIX Message Queue File System...
[...]
[ OK ] Started Login Service.
[ OK ] Started Permit User Sessions.
Starting Console Getty...
[ OK ] Started Console Getty.
[ OK ] Reached target Login Prompts.
[ OK ] Reached target Multi-User System.
CentOS Linux 7 (Core)
Kernel 3.16.7-7-desktop on an x86_64
centos7c0 login:
18. 18
Bootable OS container [3/4]
Instance properties
OS Properties from inside the
container
CentOS Linux 7 (Core)
Kernel 3.16.7-7-desktop on an x86_64
centos7c0 login: root
Password:
Last login: Sat Apr 11 23:22:04 on console
-bash-4.2#
-bash-4.2# hostnamectl
Static hostname: centos7c0
Icon name: computer-container
Chassis: container
Machine ID: afb4a0719ad842c99dd7cc704919a2fe
Boot ID: 7c03b147c9114632b96bbeb2a462cf5a
Virtualization: systemd-nspawn
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.16.7-7-desktop
Architecture: x86_64
-bash-4.2#
Container properties
# machinectl
MACHINE CONTAINER SERVICE
centos container nspawn
1 machines listed.
physnode1:~
# systemd-cgls
├─1 /usr/lib/systemd/systemd --switched-root --system
--deserialize 21
├─machine.slice
│ └─machine-centos.scope
│ ├─10159 /usr/lib/systemd/systemd
│ └─system.slice
│ ├─dbus.service
│ │ └─10184 /bin/dbus-daemon --system --address=systemd:
--nofork --nopidfile --systemd-activation
│ ├─systemd-journald.service
│ │ └─10167 /usr/lib/systemd/systemd-journald
│ ├─systemd-logind.service
│ │ └─10183 /usr/lib/systemd/systemd-logind
│ └─console-getty.service
│ └─10189 /sbin/agetty --noclear --keep-baud console
115200 38400 9600
├─system.slice
19. 19
Bootable OS container [4/4]
Shutdown container
• Shutdown container from the
inside:
‣ Type: `init 0` or `poweroff`
Note: will require running init in
container
‣ Type: ^]^]^] ( 3x CTRL+[ )
• Shutdown container from the
host
‣ machinectl terminate $CONT
-bash-4.2# init 0
[ OK ] Removed slice user-0.slice.
[ OK ] Removed slice system-getty.slice.
Stopping Hostname Service...
[ OK ] Stopped target Graphical Interface.
[ OK ] Stopped target Multi-User System.
[ OK ] Stopped target Login Prompts.
Stopping Console Getty...
Stopping Login Service...
Stopping D-Bus System Message Bus...
[ OK ] Stopped Login Service.
[ OK ] Stopped D-Bus System Message Bus.
[ OK ] Stopped Console Getty.
Stopping Permit User Sessions...
[ OK ] Stopped Permit User Sessions.
[ OK ] Stopped target Remote File Systems.
[ OK ] Stopped Hostname Service.
[ OK ] Stopped target Basic System.
[ OK ] Stopped target Slices.
[ OK ] Removed slice User and Session Slice.
[ OK ] Stopped target Paths.
[ OK ] Stopped target Timers.
[ OK ] Stopped target Sockets.
[ OK ] Closed D-Bus System Message Bus Socket.
[ OK ] Stopped target System Initialization.
[ OK ] Stopped target Encrypted Volumes.
Stopping Load/Save Random Seed...
Stopping Update UTMP about System Reboot/Shutdown...
[ OK ] Stopped target Swap.
[ OK ] Stopped Update UTMP about System Reboot/Shutdown.
[ OK ] Stopped Load/Save Random Seed.
Stopping Create Volatile Files and Directories...
[ OK ] Stopped Create Volatile Files and Directories.
[ OK ] Reached target Shutdown.
physnode1:/srv/containers #
20. 20
Networking and systemd-nspawn containers
Networking in container
-bash-4.2# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: wlp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
mq state UP qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff
inet 10.1.2.27/21 brd 10.1.7.255 scope global dynamic
wlp12s0
valid_lft 14611sec preferred_lft 14611sec
inet6 fe80::224:d6ff:fe89:521e/64 scope link
valid_lft forever preferred_lft forever
3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500
qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:aa:bb:cc:dd:ee brd ff:ff:ff:ff:ff:ff
-bash-4.2# md5sum /etc/resolv.conf
a92a6e440cd677ad17748aa29c5a7333 /etc/resolv.conf
‣ By default the nspawn container will inherit the network settings
‣ /etc/resolv.conf will be copied into container
Networking at Host OS
physnode1:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: wlp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
mq state UP group default qlen 1000
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff
inet 10.1.2.27/21 brd 10.1.7.255 scope global dynamic
wlp12s0
valid_lft 14433sec preferred_lft 14433sec
inet6 fe80::224:d6ff:fe89:521e/64 scope link
valid_lft forever preferred_lft forever
3: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500
qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 00:aa:bb:cc:dd:ee brd ff:ff:ff:ff:ff:ff
physnode1:~ # md5sum /etc/resolv.conf
a92a6e440cd677ad17748aa29c5a7333 /etc/resolv.conf
21. 21
More advanced networking
‣ Create a virtual ethernet device, with name “vb-$machinename”
‣ Connect veth device to bridge “virbr0”
systemd-nspawn -bD /srv/containers/opensuse132/
--network-bridge=virbr0 --network-veth
virbr0
veth
(host0)
veth
(vb-opensuse132c0)
opensuse132
physnode1
opensuse132c0:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group [...]
2: host0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen
1000
link/ether 36:e3:35:8d:8e:95 brd ff:ff:ff:ff:ff:ff
opensuse132c0:~ #
physnode1:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
[...]
29: vb-opensuse132c0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 0a:62:90:a4:b5:72 brd ff:ff:ff:ff:ff:ff
physnode1:~ #
22. 22
journald and systemd-nspawn containers
• Integrating the journal of the
host and the container
# systemd-nspawn
-bD /srv/containers/centos
--link-journal=host
24. 24
Container as service
• Install Apache and a few other
packages
• Create a machine-id for the
container
• Create systemd unit file
#install Apache
zypper --root /srv/containers/opensuse132/ install
openSUSE-release-13.2 apache2 timezone iproute2 rsyslog
# set up machine-id
systemd-nspawn -D /srv/containers/opensuse132/
systemd-machine-id-setup
# unit file:
cat <<EOF > /etc/systemd/system/opensuse132c0.service
[Unit]
Description=Start an openSUSE 13.2 container
Wants=network.target nss-lookup.target
After=network.target nss-lookup.target
[Service]
Type=notify
PrivateTmp=true
ExecStart=/usr/bin/systemd-nspawn -M opensuse132c0
-jD /srv/containers/opensuse132/
ExecStop=/usr/bin/machinectl terminate opensuse132c0
[Install]
WantedBy=machines.target
EOF
25. 25
Managing containers
nsenter
• nsenter - run program with
namespaces of other
processes
# machinectl
MACHINE CONTAINER SERVICE
opensuse132c0 container nspawn
1 machines listed.
# machinectl status opensuse132c0
opensuse132c0
Since: Sun 2015-04-12 03:54:18 CEST; 37s ago
Leader: 17717 (systemd)
Service: nspawn; class container
Root: /srv/containers/opensuse132
Unit: machine-opensuse132c0.scope
├─17717 /usr/lib/systemd/systemd
└─system.slice
├─dbus.service
[…]
# nsenter --target 17717 --mount --uts --ipc --net –pid
opensuse132c0:/ #
opensuse132c0:/ # systemctl disable rsyslog
rm '/etc/systemd/system/multi-user.target.wants/rsyslog.service'
rm '/etc/systemd/system/syslog.service'
opensuse132c0:/
26. 26
Summary
systemd-nspawn
• Makes containers easy
• Everyone familiar with “chroot” instantly “gets” systemd-nspawn
• Does not have special dependencies, like e.g. docker
• It is available on all modern Linux distro's