DOCSLIB.ORG

Ft2000+/64 Lxc 容器虚拟化系统解决方案 (V1.0)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ft2000+/64 Lxc 容器虚拟化系统解决方案 (V1.0) FT2000+/64 LXC 容器虚拟化系统解决方案 (V1.0) 天津飞腾信息技术有限公司 二零一九年八月 更新记录 版本号 发布部门 作者 发布日期 备注 1.0 飞腾软件技术方案部 2 谢明 2019-08-12 初稿 版权所有© 天津飞腾信息技术有限公司 2019。保留一切权利。 注意 天津飞腾信息技术有限公司对其发行的或与合作公司共同发行的包括但不限于产品的全部内容及材料所 拥有版权等知识产权,受法律保护。非经本公司书面许可,任何单位及个人不得擅自摘抄、复制本文档 内容的部分或全部,并不得以任何形式传播。 免责声明 我们仅仅提供技术上的咨询,对利用文档搭建环境所从事的研发活动没有技术支持责任,对相关研发成 果没有连带责任。 目 录 1 编写目的 ........................................................................................................................................ 2 2 LXC 容器 ........................................................................................................................................ 2 3 LXC 容器的搭建 ........................................................................................................................... 2 3.1 内核编译选项 ......................................................................................................................... 2 3.2 联网安装 lxc ............................................................................................................................ 7 3.3 创建 lxc 容器 ........................................................................................................................... 9 3.4 启动容器 ............................................................................................................................... 10 3.5 停止容器 ............................................................................................................................... 10 3.6 lxc 常用命令 ........................................................................................................................... 10 1 1 编写目的 本文主要记录了 lxc 容器相关概念的介绍,lxc 容器的搭建,lxc 容器所需要的内核选项,相关的配置 等。下面所有验证和实验都是在飞腾 2000+/64 平台上完成的,后续更新的版本中我们会继续完善相关的 功能和测试。 2 LXC 容器 LXC 为 Linux Container 的简写。可以提供轻量级的虚拟化,以便隔离进程和资源,而且不需要提供指令解释机 制以及全虚拟化的其他复杂性。容器有效地将由单个操作系统管理的资源划分到孤立的组中,以更好地在孤立的组 之间平衡有冲突的资源使用需求。下图是 KVM 虚拟机和容器之间的区别: KVM Container APP Guest OS Hypervisor APP Host OS Host OS 可以看出来,容器中的的程序是直接运行在 Host OS 上,省去了 Guest OS 和 hypervisor 层,所以效 率大大提高。与传统虚拟化技术相比,它的优势在于: 1)与宿主机使用同一个内核,性能损耗小; 2)不需要指令级模拟; 3)不需要即时(Just-in-time)编译; 4)容器可以在 CPU 核心的本地运行指令,不需要任何专门的解释机制; 5)避免了准虚拟化和系统调用替换中的复杂性; 6)轻量级隔离,在隔离的同时还提供共享机制,以实现容器与宿主机的资源共享。 3 LXC 容器的搭建 3.1 内核编译选项 内核版本 v4.19.1,为了使系统支持 LXC,内核必须选上如下选项。 General setup ---> <*> Kernel .config support [*] Enable access to .config through /proc/config.gz Kernel Performance Events And Counters ─> [*] Kernel performance events and counters [*] Control Group support ---> [*] Memory controller 2 [*] IO controller [*] CPU controller ---> [*] PIDs controller [*] RDMA controller [*] Freezer controller [*] Cpuset controller [*] Include legacy /proc/<pid>/cpuset file [*] Device controller [*] Simple CPU accounting controller [*] Perf controller [*] Namespaces support ---> [*] UTS namespace [*] IPC namespace [*] User namespace [*] PID Namespaces [*] Network namespace [*] Checkpoint/restore support [*] Networking support ---> --- Networking support Networking options ---> <M> Packet socket <M> Packet: sockets monitoring interface <M> Unix domain sockets <M> UNIX: socket monitoring interface <M> Transformation user configuration interface <M> PF_KEY sockets [*] TCP/IP networking [*] IP: kernel level autoconfiguration [*] IP: DHCP support [*] IP: BOOTP support [*] IP: RARP support -*- IP: TCP syncookie support <M> Virtual (secure) IP: tunneling <M> IP: IPsec transport mode <M> IP: IPsec tunnel mode <M> IP: IPsec BEET mode <M> INET: socket monitoring interface <M> UDP: socket monitoring interface [*] TCP: advanced congestion control ---> <M> Binary Increase Congestion (BIC) control <*> CUBIC TCP <M> TCP Westwood+ <M> H-TCP <M> The IPv6 protocol ---> 3 <M> IPv6: IPsec transport mode <M> IPv6: IPsec tunnel mode <M> IPv6: IPsec BEET mode <M> IPv6: IPv6-in-IPv4 tunnel (SIT driver) [*] Network packet filtering framework (Netfilter) ---> [*] Advanced netfilter configuration <M> Bridged IP/ARP packets filtering Core Netfilter Configuration ---> [*] Netfilter ingress support {M} Netfilter NFACCT over NFNETLINK interface {M} Netfilter NFQUEUE over NFNETLINK interface {M} Netfilter LOG over NFNETLINK interface {M} Netfilter OSF over NFNETLINK interface <M> Netfilter connection tracking support -*- Connection mark tracking support [*] Connection tracking zones [*] Supply CT list in procfs (OBSOLETE) [*] Connection tracking events [*] Connection tracking timeout [*] Connection tracking timestamping -*- Connection tracking labels [*] DCCP protocol connection tracking support [*] SCTP protocol connection tracking support [*] UDP-Lite protocol connection tracking support <M> Amanda backup protocol support <M> FTP protocol support <M> H.323 protocol support <M> IRC protocol support <M> NetBIOS name service protocol support <M> SNMP service protocol support <M> PPtP protocol support <M> SANE protocol support <M> SIP protocol support <M> TFTP protocol support <M> Connection tracking netlink interface <M> Connection tracking timeout tuning via Netlink <M> Connection tracking helpers in user-space via Netlink [*] NFQUEUE and NFLOG integration with Connection Tracking <M> Netfilter nf_tables support <M> Netfilter nf_tables set infrastructure [*] Netfilter nf_tables mixed IPv4/IPv6 tables support [*] Netfilter nf_tables netdev tables support <M> Netfilter nf_tables number generator module <M> Netfilter nf_tables conntrack module 4 <M> Netfilter nf_tables counter module <M> Netfilter nf_tables connlimit module <M> Netfilter nf_tables log module <M> Netfilter nf_tables limit module <M> Netfilter nf_tables masquerade support <M> Netfilter nf_tables redirect support <M> Netfilter nf_tables nat module <M> Netfilter nf_tables tunnel module <M> Netfilter nf_tables stateful object reference module <M> Netfilter nf_tables queue module <M> Netfilter nf_tables quota module <M> Netfilter nf_tables reject support <M> Netfilter nf_tables hash module <M> Netfilter nf_tables socket match support <M> Netfilter nf_tables passive OS fingerprint support <M> Netfilter nf_tables tproxy support -M- Netfilter packet duplication support <M> Netfilter nf_tables netdev packet duplication support <M> Netfilter flow table mixed IPv4/IPv6 module <M> Netfilter flow table module {M} Netfilter Xtables support (required for ip_tables) *** Xtables combined modules *** -M- nfmark target and match support -M- ctmark target and match support <M> set target and match support *** Xtables targets *** <M> AUDIT target support <M> CHECKSUM target support <M> "CLASSIFY" target support <M> "CONNMARK" target support <M> "DSCP" and "TOS" target support -M- "HL" hoplimit target support <M> "HMARK" target support <M> IDLETIMER target support <M> LOG target support <M> "MARK" target support -M- "SNAT and DNAT" targets support -M- "NETMAP" target support <M> "NFLOG" target support <M> "NFQUEUE" target Support -M- "RATEEST" target support -M- REDIRECT target support <M> "TEE" - packet cloning to alternate destination <M> "TPROXY" target transparent proxying support 5 <M> "TCPMSS" target support <M> "TCPOPTSTRIP" target support *** Xtables matches *** <M> "addrtype" address type match support <M> "bpf" match support <M> "control group" match support <M> "cluster" match support <M> "comment" match support <M> "connbytes" per-connection counter match support <M> "connlabel" match support <M> "connlimit" match support <M> "connmark" connection mark match support <M> "conntrack" connection tracking match support <M> "cpu" match support <M> "dccp" protocol match support <M> "devgroup" match support <M> "dscp" and "tos" match support -M- "ecn" match support <M> "esp" match support <M> "hashlimit" match support <M> "helper" match support -M- "hl" hoplimit/TTL match support <M> "ipcomp" match support <M> "iprange" address range match support <M> "ipvs" match support <M> "l2tp" match support <M> "length" match support <M> "limit" match support <M> "mac" address match support <M> "mark" match support <M> "multiport" Multiple port match support <M> "nfacct" match support <M> "osf" Passive OS fingerprint match <M> "owner" match support <M> IPsec "policy" match support <M> "physdev" match support <M> "pkttype" packet type match support <M> "quota" match support <M> "rateest" match support <M> "realm" match support <M> "recent" match support <M> "sctp" protocol match support <M> "socket" match support <M> "state" match support 6 <M> "statistic" match support <M> "string" match support <M> "tcpmss" match support <M> "time" match support <M> "u32" match support <M> IP set support --->全选 <M> IP virtual server support --->全选 IP: Netfilter Configuration --->全选 IPv6: Netfilter Configuration --->全选 [*] Ethernet Bridge nf_tables support ---> <M> Netfilter nf_tables bridge reject support <M> Ethernet Bridge tables (ebtables) support --->全选 <M> 802.1d Ethernet Bridging <M> 802.1Q/802.1ad VLAN Support <M> NETLINK: socket monitoring interface [*] Network priority cgroup -*- Network classid cgroup Device Drivers ---> [*] Network device support ---> <M> MAC-VLAN support <M> Virtual ethernet pair device File systems ---> <M> FUSE (Filesystem in Userspace) support 3.2 联网安装 lxc apt-get install lxc apt-get install python3-lxc apt-get install lxc-templates apt-get install librbd1 安装完以上软件后,执行命令 ifconfig -a,能够看到 lxcbr0 网卡信息,如下所示: lxcbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 10.0.3.1 netmask 255.255.255.0 broadcast 0.0.0.0 inet6 fe80::216:3eff:fe00:0 prefixlen 64 scopeid 0x20<link> ether 00:16:3e:00:00:00 txqueuelen 1000 (Ethernet) RX packets 31 bytes 3305 (3.3 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 26 bytes 3254 (3.2 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Load more

Recommended publications
  • Administration Guide Administration Guide SUSE Linux Enterprise High Availability Extension 15 SP1 by Tanja Roth and Thomas Schraitle
    SUSE Linux Enterprise High Availability Extension 15 SP1 Administration Guide Administration Guide SUSE Linux Enterprise High Availability Extension 15 SP1 by Tanja Roth and Thomas Schraitle This guide is intended for administrators who need to set up, congure, and maintain clusters with SUSE® Linux Enterprise High Availability Extension. For quick and ecient conguration and administration, the product includes both a graphical user interface and a command line interface (CLI). For performing key tasks, both approaches are covered in this guide. Thus, you can choose the appropriate tool that matches your needs. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006–2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see http://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE
    [Show full text]
  • Scibian 9 HPC Installation Guide
    Scibian 9 HPC Installation guide CCN-HPC Version 1.9, 2018-08-20 Table of Contents About this document . 1 Purpose . 2 Structure . 3 Typographic conventions . 4 Build dependencies . 5 License . 6 Authors . 7 Reference architecture. 8 1. Hardware architecture . 9 1.1. Networks . 9 1.2. Infrastructure cluster. 10 1.3. User-space cluster . 12 1.4. Storage system . 12 2. External services . 13 2.1. Base services. 13 2.2. Optional services . 14 3. Software architecture . 15 3.1. Overview . 15 3.2. Base Services . 16 3.3. Additional Services. 19 3.4. High-Availability . 20 4. Conventions . 23 5. Advanced Topics . 24 5.1. Boot sequence . 24 5.2. iPXE Bootmenu Generator. 28 5.3. Debian Installer Preseed Generator. 30 5.4. Frontend nodes: SSH load-balancing and high-availability . 31 5.5. Service nodes: DNS load-balancing and high-availability . 34 5.6. Consul and DNS integration. 35 5.7. Scibian diskless initrd . 37 Installation procedure. 39 6. Overview. 40 7. Requirements . 41 8. Temporary installation node . 44 8.1. Base installation . 44 8.2. Administration environment . 44 9. Internal configuration repository . 46 9.1. Base directories . 46 9.2. Organization settings . 46 9.3. Cluster directories . 48 9.4. Puppet configuration . 48 9.5. Cluster definition. 49 9.6. Service role . 55 9.7. Authentication and encryption keys . 56 10. Generic service nodes . 62 10.1. Temporary installation services . 62 10.2. First Run. 62 10.3. Second Run . 64 10.4. Base system installation. 64 10.5. Ceph deployment . 66 10.6. Consul deployment.
    [Show full text]
  • Separating Protection and Management in Cloud Infrastructures
    SEPARATING PROTECTION AND MANAGEMENT IN CLOUD INFRASTRUCTURES A Dissertation Presented to the Faculty of the Graduate School of Cornell University in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy by Zhiming Shen December 2017 c 2017 Zhiming Shen ALL RIGHTS RESERVED SEPARATING PROTECTION AND MANAGEMENT IN CLOUD INFRASTRUCTURES Zhiming Shen, Ph.D. Cornell University 2017 Cloud computing infrastructures serving mutually untrusted users provide se- curity isolation to protect user computation and resources. Additionally, clouds should also support flexibility and efficiency, so that users can customize re- source management policies and optimize performance and resource utiliza- tion. However, flexibility and efficiency are typically limited due to security requirements. This dissertation investigates the question of how to offer flexi- bility and efficiency as well as strong security in cloud infrastructures. Specifically, this dissertation addresses two important platforms in cloud in- frastructures: the containers and the Infrastructure as a Service (IaaS) platforms. The containers platform supports efficient container provisioning and execut- ing, but does not provide sufficient security and flexibility. Different containers share an operating system kernel which has a large attack surface, and kernel customization is generally not allowed. The IaaS platform supports secure shar- ing of cloud resources among mutually untrusted users, but does not provide sufficient flexibility and efficiency. Many powerful management primitives en- abled by the underlying virtualization platform are hidden from users, such as live virtual machine migration and consolidation. The main contribution of this dissertation is the proposal of an approach in- spired by the exokernel architecture that can be generalized to any multi-tenant system to improve security, flexibility, and efficiency.
    [Show full text]
  • F5 BIG-IP 12.1.3.4 for LTM+APM Security Target
    F5 BIG-IP 12.1.3.4 for LTM+APM Security Target Release Date: January 15, 2019 Version: 1.3 Prepared By: Saffire Systems PO Box 40295 Indianapolis, IN 46240 Prepared For: F5 Networks, Inc. 401 Elliott Avenue West Seattle, WA 98119 ã 2018 F5 Networks. All Rights Reserved. F5 BIG-IP APM 12.1.3.4 APM ST January 15, 2019 Table of Contents 1 INTRODUCTION ...............................................................................................................................................1 1.1 SECURITY TARGET IDENTIFICATION .................................................................................................................1 1.2 TOE IDENTIFICATION ........................................................................................................................................1 1.3 DOCUMENT TERMINOLOGY ...............................................................................................................................3 1.3.1 ST Specific Terminology .........................................................................................................................3 1.3.2 Acronyms .................................................................................................................................................4 1.4 TOE TYPE .........................................................................................................................................................5 1.5 TOE OVERVIEW ................................................................................................................................................5
    [Show full text]
  • Virtually Linux Virtualization Techniques in Linux
    Virtually Linux Virtualization Techniques in Linux Chris Wright OSDL [email protected] Abstract ware1 or software [16, 21, 19], may include any subset of a machine’s resources, and has Virtualization provides an abstraction layer a wide variety of applications. Such usages mapping a virtual resource to a real resource. include machine emulation, hardware consol- Such an abstraction allows one machine to be idation, resource isolation, quality of service carved into many virtual machines as well as resource allocation, and transparent resource allowing a cluster of machines to be viewed redirection. Applications of these usage mod- as one. Linux provides a wealth of virtual- els include virtual hosting, security, high avail- ization offerings. The technologies range in ability, high throughput, testing, and ease of the problems they solve, the models they are administration. useful in, and their respective maturity. This It is interesting to note that differing virtual- paper surveys some of the current virtualiza- ization models may have inversely correlated tion techniques available to Linux users, and proportions of virtual to physical resources. it reviews ways to leverage these technologies. For example, the method of carving up a sin- Virtualization can be used to provide things gle machine into multiple machines—useful such as quality of service resource allocation, in hardware consolidation or virtual hosting— resource isolation for security or sandboxing, looks quite different from a single system im- transparent resource redirection for availability age (SSI) [15]—useful in clustering. This pa- and throughput, and simulation environments per primarily focuses on providing multiple for testing and debugging. virtual instances of a single physical resource, however, it does cover some examples of a sin- 1 Introduction gle virtual resource mapping to multiple phys- ical resources.
    [Show full text]
  • X-Containers: Breaking Down Barriers to Improve
    Session: Cloud II ASPLOS’19, April 13–17, 2019, Providence, RI, USA X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers Zhiming Shen Zhen Sun Gur-Eyal Sela∗ Cornell University Cornell University University of California, Berkeley Eugene Bagdasaryan Christina Delimitrou Robbert Van Renesse Cornell University Cornell University Cornell University Hakim Weatherspoon Cornell University Abstract CCS Concepts • Security and privacy → Virtualiza- “Cloud-native” container platforms, such as Kubernetes, have tion and security; • Software and its engineering → become an integral part of production cloud environments. Operating systems. One of the principles in designing cloud-native applica- Keywords Containers; X-Containers; Cloud-Native; Li- tions is called Single Concern Principle, which suggests that brary OS; exokernel each container should handle a single responsibility well. In this paper, we propose X-Containers as a new security ACM Reference Format: paradigm for isolating single-concerned cloud-native con- Zhiming Shen, Zhen Sun, Gur-Eyal Sela, Eugene Bagdasaryan, tainers. Each container is run with a Library OS (LibOS) Christina Delimitrou, Robbert Van Renesse, and Hakim Weath- that supports multi-processing for concurrency and compat- erspoon. 2019. X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers. In 2019 Ar- ibility. A minimal exokernel ensures strong isolation with chitectural Support for Programming Languages and Operating Sys- small kernel attack surface. We show an implementation tems (ASPLOS ’19), April 13–17, 2019, Providence, RI, USA. ACM, New of the X-Containers architecture that leverages Xen para- York, NY, USA, 15 pages. https://doi.org/10.1145/3297858.3304016 virtualization (PV) to turn Linux kernel into a LibOS.
    [Show full text]
  • Research Report XEN Based HA Backup Environment
    Research Report XEN based HA backup environment Research Report for RP1 University of Amsterdam MSc in System and Network Engineering Class of 2006-2007 Peter Ruissen, Marju jalloh {pruissen,mjalloh}@os3.nl February 5, 2007 RP1: XEN based HA backup environment Abstract In this paper we will investigate the possibilities for High Availability (HA) failover mecha- nisms using the XEN virtualization technology and the requirements necessary for implementation on technical level. Virtualization technology is becoming increasingly popular in server environ- ments because it adds a layer of transparency and flexibility on top of a hardware layer, reduces recovery time and utilizes hardware resources more efficiently. Back in the 1960s, IBM developed virtualization support on a mainframe. Since then, many virtualization projects have become available for UNIX/Linux and other operating systems. The XEN project offers a novel technique known as paravirtualisation which brings a whole new range of possibilities to the table. Our tests showed that it is possible to use XEN in combination with Hearbeat to provide a HA environment. Even though combining XEN virtualization technology and High Availability software is still in the beginning stages at this moment, our research showed that XEN can be used with Heartbeat to realize a flexible, reliable and efficient HA environment.5.1 2 Contents 1 Project information 5 1.1 Assignment formulation . 5 1.2 Project Description . 5 1.3 Scope .............................................. 5 2 Virtualization technology 7 2.1 Forms of VT . 7 3 High availability concepts 9 3.1 Service availability . 10 3.2 Linux High Availability projects . 10 3.3 High Available Storage .
    [Show full text]
  • What's New in SUSE® Linux Enterprise 11
    Technical White Paper www.novell.com What’s New in SUSE® Linux Enterprise 11 Table of Contents Table of Contents ................................................................................................................................................... 2 Summary ................................................................................................................................................................ 3 Manageability and Supportability ............................................................................................................................ 6 Serviceability ......................................................................................................................................................... 11 Virtualization ......................................................................................................................................................... 13 Security ................................................................................................................................................................. 15 Storage ................................................................................................................................................................. 17 Performance and Scalability ................................................................................................................................. 19 Network ................................................................................................................................................................
    [Show full text]
  • Deploying the BIG-IP System V11 with Apache HTTP Server
    IMPORTANT: This guide has been archived. While the content in this guide is still valid for the products and version listed in the document, it is no longer being updated and may refer to F5 or 3rd party products or versions that have reached end-of-life or end-of-support. See https://support.f5.com/csp/article/K11163 for more information. Deploying F5 with Apache HTTP Server Welcome to the F5® and Apache web server (httpd) deployment guide. Use this guide to configure the BIG-IP® system version 11 and later for use with Apache web servers, with emphasis on providing security, performance, and availability. This document provides guidance both on complementing Apache functionality, and on moving functionality from Apache servers to a BIG-IP system. The BIG-IP system can assume the role of reverse proxy, and can also perform functions such as compression, encryption, caching, security, and URL rewriting that would otherwise need to be performed by Apache modules. As a result, you can simplify and improve the security of your Apache deployment while simultaneously providing higher performance. Products and versions Product Versions 11.0. - 12.1 (manual configuration) BIG-IP system 11.4 - 12.1 (using the HTTP iApp template) Apache Web Server 2.2.x, 2.4.x Deployment Guide version 2.2 (see Document Revision History on page 50) 05-18-2016 Last updated Important: Make sure you are using the most recent version of this deployment guide, available at http://www.f5.com/pdf/deployment-guides/apache-dg.pdf. If you are looking for older versions of this or other deployment guides, check the Deployment Guide Archive tab at: https://f5.com/solutions/deployment-guides/archive-608 Archived To provide feedback on this deployment guide or other F5 solution documents, contact us at [email protected].
    [Show full text]
  • IBM Cloud Private System Administrator S Guide
    Front cover IBM Cloud Private System Administrator’s Guide Ahmed Azraq Wlodek Dymaczewski Fernando Ewald Luca Floris Rahul Gupta Vasfi Gucer Anil Patil Sanjay Singh Sundaragopal Venkatraman Dominique Vernier Zhi Min Wen In partnership with IBM Academy of Technology Redbooks IBM Redbooks IBM Cloud Private System Administrator’s Guide April 2019 SG24-8440-00 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. First Edition (April 2019) This edition applies to IBM Cloud Private Version 3.1.2. © Copyright International Business Machines Corporation 2019. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . ix Trademarks . .x Preface . xi Authors. xii Now you can become a published author, too . .xv Comments welcome. xvi Stay connected to IBM Redbooks . xvi Part 1. IBM Cloud Private overview, architecture, and installation . 1 Chapter 1. Introduction to IBM Cloud Private. 3 1.1 IBM Cloud Private overview . 4 1.2 IBM Cloud Private node types. 6 1.2.1 Boot node . 6 1.2.2 Master node . 7 1.2.3 Worker node . 7 1.2.4 Management node . 8 1.2.5 Proxy node . 8 1.2.6 VA (Vulnerability Advisor) node . 9 1.2.7 An etcd node. 10 1.3 IBM Cloud Private architecture . 10 1.4 IBM Cloud Private features and benefits. 12 1.4.1 A unified installer. 12 1.4.2 Robust logging with ELK stack . 12 1.4.3 Monitoring and alerts .
    [Show full text]
  • Cilium Documentation Release 1.0.0-Rc9
    Cilium Documentation Release 1.0.0-rc9 Cilium Authors Apr 18, 2018 Getting Started 1 Introduction to Cilium 2 1.1 What is Cilium?.............................................2 1.2 Why Cilium?...............................................2 1.3 Functionality Overview.........................................3 2 Getting Started Guides 5 2.1 Getting Started Using Minikube.....................................5 2.2 Getting Started Using Istio........................................ 18 2.3 Getting Started Securing Kafka..................................... 33 2.4 Getting Started Securing gRPC..................................... 42 2.5 Getting Started Using Mesos/Marathon................................. 49 2.6 Getting Started Using Docker Compose................................. 56 3 Concepts 64 3.1 Component Overview.......................................... 64 3.2 Terminology............................................... 67 3.3 Address Management.......................................... 70 3.4 Multi Host Networking.......................................... 71 3.5 Security.................................................. 73 3.6 Datapath................................................. 76 4 Getting Help 77 5 Kubernetes 78 5.1 Quick Start................................................ 78 5.2 Introduction............................................... 79 5.3 Installation Guide............................................ 80 5.4 Network Policy.............................................. 87 5.5 Troubleshooting............................................
    [Show full text]
  • Green Cluster of Low-Power Embedded Hardware Server Accelerators
    GREEN CLUSTER OF LOW-POWER EMBEDDED HARDWARE SERVER ACCELERATORS NAVID MOHAGHEGH A DISSERTATION SUBMITTED TO THE FACULTY OF GRADUATE STUDIES IN FULFILMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTERS OF APPLIED SCIENCE AND ENGINEERING GRADUATE PROGRAM IN COMPUTER SCIENCE AND ENGINEERING YORK UNIVERSITY, TORONTO, ONTARIO NOVEMBER 2011 Library and Archives Bibliotheque et Canada Archives Canada Published Heritage Direction du 1+1 Branch Patrimoine de I'edition 395 Wellington Street 395, rue Wellington Ottawa ON K1A0N4 Ottawa ON K1A 0N4 Canada Canada Your file Votre reference ISBN: 978-0-494-88639-7 Our file Notre reference ISBN: 978-0-494-88639-7 NOTICE: AVIS: The author has granted a non­ L'auteur a accorde une licence non exclusive exclusive license allowing Library and permettant a la Bibliotheque et Archives Archives Canada to reproduce, Canada de reproduire, publier, archiver, publish, archive, preserve, conserve, sauvegarder, conserver, transmettre au public communicate to the public by par telecommunication ou par I'lnternet, preter, telecommunication or on the Internet, distribuer et vendre des theses partout dans le loan, distrbute and sell theses monde, a des fins commerciales ou autres, sur worldwide, for commercial or non­ support microforme, papier, electronique et/ou commercial purposes, in microform, autres formats. paper, electronic and/or any other formats. The author retains copyright L'auteur conserve la propriete du droit d'auteur ownership and moral rights in this et des droits moraux qui protege cette these. Ni thesis. Neither the thesis nor la these ni des extraits substantiels de celle-ci substantial extracts from it may be ne doivent etre imprimes ou autrement printed or otherwise reproduced reproduits sans son autorisation.
    [Show full text]