dbi services Linux Containers

David Hueber Senior Consultant Head of Managed Services

Mobile +41 79 963 43 68 [email protected] www.dbi-services.com

1 www.dbi-services.com 11/20/12 © dbi services dbi services Who We Are

Experts At Your Service ! 25 specialists in IT infrastructure ! Certified, experienced, passionate ! Sharing a customer-oriented approach Based In Switzerland ! 100% self-financed Swiss company ! More than CHF 3 mio. in sales ! Offices: BaselArea & Lausanne, German, French, & English spoken Leading In Infrastructure Services ! Over 70 customers in CH, D, & F ! 25 SLAs dbi FlexService signed ! Long-standing expertise, technical leadership, ISO 20000 certified

2 www.dbi-services.com 11/20/12 © dbi services Linux Containers Agenda

Agenda

i. Introduction to virtualization ii. Containers presentation iii. Resources management – Cgroups iv. System Container Demo v. Core messages

3 www.dbi-services.com 11/20/12 © dbi services Linux Containers Introduction to virtualization

! Why using virtualization with Oracle products ? ! Resource usage optimization ! Hardware cost reduction ! Maintenance cost reduction ! Facility cost reduction

! Flexibility improvement ! Availability facility ! Flexibility of allocated resources – vertical scalability ! Easy deployment and migration

! Oracle License cost reduction – Hard partitioning only http://www.oracle.com/us/corporate/pricing/partitioning-070609.pdf

4 www.dbi-services.com 11/20/12 © dbi services

Linux Containers Introduction to virtualization

! partioning-070609.pdf

“Hard partitioning physically segments a server, by taking a single large server and separating it into distinct smaller systems. … Oracle has deemed certain technologies, possibly modified by configuration constraints, as hard partitioning, and no other technology or configuration qualify. Approved hard partitioning technologies include: … Solaris 10 Containers (capped Containers only), LPAR (adds DLPAR with AIX 5.2), Integrity Virtual Machine (capped partitions only), Secure Resource Partitions (capped partitions only), … Oracle VM Server for x86 may be used as hard partitioning technology only as described in the following document: http://www.oracle.com/technology/tech/ virtualization/pdf/ovm-hardpart.pdf. …”

5 www.dbi-services.com 11/20/12 © dbi services Linux Containers Introduction to virtualization

! Oracle certified virtualization solutions

Platform Virtualization Technology OS Oracle DB version

Oracle VM2 10gR2/11gR2 Oracle VM Linux x86 Oracle VM3 11gR2 Oracle VM Live Migration Oracle VM2 10gR2/11gR2

! Complete list of certified virtual environments ! http://www.oracle.com/technetwork/database/virtualizationmatrix-172995.html

! Actually not certified ! VMware products – note ID 249212.1 ! KVM and XEN solutions by Red Hat, Novell or XenSource - note ID 417770.1 ! LXC (Linux containers) 6 www.dbi-services.com 11/20/12 © dbi services

Linux Containers Introduction to containers

! Virtualisation – Hypervisor type 1 ! Hypervisor act as an interface between Hardware and “Invited” OS ! Examples: Oracle VM – VMware ESX(i) – Microsoft Hyper-V

Management Application 1 Application N Software

Privileged OS Invited OS Invited OS Drivers Drivers Drivers

Hypervisor

Hardware

7 www.dbi-services.com 11/20/12 © dbi services Linux Containers Introduction to containers

! Virtualisation – Hypervisor type 2 ! Software running virtual machines and emulating the hardware ! Examples: Oracle VirtualBox – VMware Player – Microsoft VirtualPC

Application 1 Application N

Management Invited OS Invited OS Software Drivers Drivers

Emulator

Host OS

Hardware

8 www.dbi-services.com 11/20/12 © dbi services Linux Containers Introduction to containers

! Virtualisation – Operating System Level ! Virtual environments isolating applications / processes ! Examples: Linux Container – chroot – OpenVZ

Management Application 1 Application N Software

Isolator Isolator

Host OS

Hardware

9 www.dbi-services.com 11/20/12 © dbi services Linux Containers Agenda

Agenda

i. Introduction to virtualization ii. Containers presentation iii. Resource management – Cgroups iv. System Container Demo v. Core messages

10 www.dbi-services.com 11/20/12 © dbi services Linux Containers Containers presentation

Support.oracle.com - Bug 12696082: LINUX CONTAINERS (LXC) Comment submitted by Lenz Grimmer (Senior Oracle Manager, Oracle Linux at Oracle)

Linux Containers (lxc) - this is not fully supported as of today, but will play an important role going forward.

Verify if Linux Containers is supported in the Linux release you update training for and include appropriately. Alternatively include reference to OIG. *** 04/04/12 08:21 am ***

11 www.dbi-services.com 11/20/12 © dbi services Linux Containers Containers presentation

! Virtualisation – Operating System Level ! Virtual environments isolating applications / processes

Application 1 Application N Management Software(s) Invited OS Invited OS KERNEL Host OS

Hardware

12 www.dbi-services.com 11/20/12 © dbi services Linux Containers Containers presentation

! What is it ? ! Operating system-level virtualization method ! Running multiple isolated environment (containers) ! Each has its own processes and network space

! Linux Containers relies on: ! Userspace-isolation functionality ! Resource management implemented via cgroups functionality

! Namespace-isolation is a kernel feature to limit and isolate resources usage such as CPU, memory, disk I/O of a process group

! cgroups (control groups) is a kernel feature to allocate resources usage such as CPU, memory, disk I/O to a process group

13 www.dbi-services.com 11/20/12 © dbi services Linux Containers Containers presentation

! Two kinds of containers: 1. Application containers 2. System containers

! Application Containers – application that only create separate namespaces

Usage: lxc-execute --name=NAME --COMMAND

lxc-execute creates a container with the identifier NAME and execs COMMAND into this container.

Options : -n, --name=NAME NAME for name of the container -f, --rcfile=FILE Load configuration file FILE -s, --define KEY=VAL Assign VAL to configuration variable KEY

lxc-execute –n ContTerm -f lxc-myconf.conf /bin/bash

14 www.dbi-services.com 11/20/12 © dbi services Linux Containers Containers presentation

! Application Containers

Single Host Controller Application Container + lxc-execute + lxc-init + lxc-init + +

[root@vmlxctest1 ~]# ps -ef |grep lxc avahi 1674 1 0 18:37 ? 00:00:00 avahi-daemon: running [vmlxctest1.local] root 14512 14418 0 19:45 pts/0 00:00:00 lxc-execute -n test xclock root 14513 14512 0 19:45 pts/0 00:00:00 /usr/lib64/lxc/lxc-init -- /bin/bash root 14514 14513 0 19:45 pts/0 00:00:00 xclock --- [root@ContTerm~]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 19:45 pts/0 00:00:00 /usr/lib64/lxc/lxc-init -- /bin/bash root 2 1 0 19:45 pts/0 00:00:00 xclock root 15 2 0 19:45 pts/0 00:00:00 ps -ef

15 www.dbi-services.com 11/20/12 © dbi services Linux Containers Containers presentation

! Application Container ! Environment ! Oracle Enterprise Linux 6.2 x64 ! Kernel 2.6-39

! Demo 1 ! Bash terminal in an Application Container ! Networking ! Start an Oracle database

! Demo 2 ! Oracle in a background Application Container ! Freeze and Unfreeze the container

16 www.dbi-services.com 11/20/12 © dbi services Linux Containers Containers presentation

! System Containers ! Have their own Linux Operating System, as Virtual Machines ! Consume less resources ! Have decreased isolation against control host (same Linux kernel)

Usage: lxc-start --name=NAME --COMMAND

lxc-start start COMMAND in specified container NAME

Options : -n, --name=NAME NAME for name of the container -d, --daemon daemonize the container -f, --rcfile=FILE Load configuration file FILE -c, --console=FILE Set the file output for the container console -s, --define KEY=VAL Assign VAL to configuration variable KEY

If no command is specified, lxc-start will use the default "/sbin/init" command to run a system container.

[root@oel62 ~]#lxc-start –n ol5test1

17 www.dbi-services.com 11/20/12 © dbi services Linux Containers Containers presentation

! Operations on a container

! Signalling [root@oel62 ~]#lxc-kill -n ol5test1 9

! Pausing ! Freeze [root@oel62 ~]#lxc-freeze -n ol5test1

! Unfreeze [root@oel62 ~]#lxc-unfreeze -n ol5test1

! Stopping [root@oel62 ~]#lxc-stop -n ol5test1

! Destroying [root@oel62 ~]#lxc-destroy -n ol5test1

18 www.dbi-services.com 11/20/12 © dbi services

Linux Containers Agenda

Agenda

i. Introduction to virtualization ii. Containers presentation iii. Resource management – Cgroups iv. System Container Demo v. Core messages

19 www.dbi-services.com 11/20/12 © dbi services Linux Containers Resource management - Cgroups

! Cgroup Model ! blkio — this subsystem sets limits on input/output access to and from block devices such as physical drives (disk, solid state, USB, etc.)

! cpu — this subsystem uses the scheduler to provide cgroup tasks access to the CPU

! cpuacct — this subsystem generates automatic reports on CPU resources used by tasks in a cgroup

! cpuset — this subsystem assigns individual CPUs (on a multicore system) and memory nodes to tasks in a cgroup.

20 www.dbi-services.com 11/20/12 © dbi services Linux Containers Resource management - Cgroups

! Cgroup Model ! devices — this subsystem allows or denies access to devices by tasks in a cgroup

! freezer — this subsystem suspends or resumes tasks in a cgroup

! memory — this subsystem sets limits on memory use by tasks in a cgroup, and generates automatic reports on memory resources used by those tasks

! net_cls — this subsystem tags network packets with a class identifier (classid) that allows the Linux traffic controller (tc) to identify packets originating from a particular cgroup task

! ns — the namespace subsystem

21 www.dbi-services.com 11/20/12 © dbi services Linux Containers Agenda

Agenda

i. Introduction to virtualization ii. Containers presentation iii. Resource management - Cgroups iv. System Container Demo v. Core messages

22 www.dbi-services.com 11/20/12 © dbi services Linux Containers Containers presentation

! System Container ! Environment ! Oracle Enterprise Linux 6.2 x64 ! Kernel 2.6-39

! Demo 1 ! Start a system container ! See configuration file ! See processes and file system

! Demo 2 ! See template principle ! Deploy a system container from a template

23 www.dbi-services.com 11/20/12 © dbi services dbi services current situation Agenda

Agenda

i. Introduction to virtualization ii. Containers presentation iii. Resource management - Cgroups iv. System Container Demo v. Core messages

24 www.dbi-services.com 11/20/12 © dbi services Linux Containers Core messages

! Part of the Linux Kernel ! Available on almost all distribution

! Future technology for Oracle products ! Presented as key feature in the Oracle Linux roadmap (OOW11)

! Performance efficiency ! Resources usage ! Fine grained resources allocation

! Easy implementation and maintenance ! Mainly for Application Containers

25 www.dbi-services.com 11/20/12 © dbi services Linux Containers Core messages

! Limited isolation against Host ! Limitation on kernel version

! Limited documentation ! Good introduction blog on blogs.oracle.com

! OS virtualization – Limited to Linux Guests

! Not a mature technology, virtualization technology not certified for Oracle products

26 www.dbi-services.com 11/20/12 © dbi services dbi services Any Questions ? Please Do Ask !

David Hueber Senior Consultant Head of Managed Services

Mobile +41 79 963 43 68 [email protected] www.dbi-services.com

„Enjoy Containers !“

27 www.dbi-services.com 11/20/12 © dbi services