Practical LXC and LXD

Total Page:16

File Type:pdf, Size:1020Kb

Practical LXC and LXD Practical LXC and LXD Linux Containers for Virtualization and Orchestration Senthil Kumaran S. Practical LXC and LXD Senthil Kumaran S. Chennai, Tamil Nadu, India ISBN-13 (pbk): 978-1-4842-3023-7 ISBN-13 (electronic): 978-1-4842-3024-4 DOI 10.1007/978-1-4842-3024-4 Library of Congress Control Number: 2017953000 Copyright © 2017 by Senthil Kumaran S. Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub via the book’s product page, located at www.apress.com/978-1-4842-3023-7. For more detailed information, please visit http://www.apress.com/source-code. Contents at a Glance ■ Chapter 1: Introduction to Linux Containers................................... 1 ■ Chapter 2: Installation .................................................................. 11 ■ Chapter 3: Getting Started with LXC and LXD ............................... 23 ■ Chapter 4: LXC and LXD Resources .............................................. 39 ■ Chapter 5: Common Virtualization and Orchestration Tools ......... 59 ■ Chapter 6: Use Cases .................................................................... 97 ■ Chapter 7: Containers and Security ............................................ 145 Index .............................................................................................. 157 Contents ■ Chapter 1: Introduction to Linux Containers................................... 1 Container Definition ��������������������������������������������������������������������������������� 2 Container History ������������������������������������������������������������������������������������� 3 Features to Enable Containers ���������������������������������������������������������������� 4 Control Groups (Cgroups) �����������������������������������������������������������������������������������������4 Namespaces �������������������������������������������������������������������������������������������������������������6 Filesystem or rootfs ��������������������������������������������������������������������������������������������������8 Summary ������������������������������������������������������������������������������������������������� 9 ■ Chapter 2: Installation .................................................................. 11 LXC Installation �������������������������������������������������������������������������������������� 11 Installing LXC on Ubuntu�����������������������������������������������������������������������������������������12 LXC Default Configuration ���������������������������������������������������������������������������������������15 Networking Setup for LXC ��������������������������������������������������������������������������������������15 LXD Installation ������������������������������������������������������������������������������������� 18 LXC Requirements for LXD��������������������������������������������������������������������������������������18 Installing LXD on Ubuntu ����������������������������������������������������������������������������������������19 Summary ����������������������������������������������������������������������������������������������� 21 ■ Chapter 3: Getting Started with LXC and LXD ............................... 23 Using LXC ���������������������������������������������������������������������������������������������� 23 Templates ���������������������������������������������������������������������������������������������������������������23 Basic Usage ������������������������������������������������������������������������������������������������������������24 Using LXD ���������������������������������������������������������������������������������������������� 34 Using a Remote LXD As an Image Server ���������������������������������������������������������������34 Using the Built-in Remotes �������������������������������������������������������������������������������������35 Manually Importing an Image ���������������������������������������������������������������������������������35 Running Your First Container with LXD �������������������������������������������������� 35 Summary ����������������������������������������������������������������������������������������������� 38 ■ Chapter 4: LXC and LXD Resources .............................................. 39 Default LXC Templates��������������������������������������������������������������������������� 39 Download Template ������������������������������������������������������������������������������������������������39 Distribution-Specific Templates ������������������������������������������������������������������������������43 LXD Images ������������������������������������������������������������������������������������������� 49 LXD Image Formats ������������������������������������������������������������������������������������������������49 Using LXD Images ���������������������������������������������������������������������������������������������������53 Summary ����������������������������������������������������������������������������������������������� 58 ■ Chapter 5: Common Virtualization and Orchestration Tools ......... 59 libvirt ����������������������������������������������������������������������������������������������������� 59 Starting the Container ��������������������������������������������������������������������������������������������62 Connecting to the Container Console ���������������������������������������������������������������������62 Monitoring Container Utilization �����������������������������������������������������������������������������64 Rebooting the Container �����������������������������������������������������������������������������������������64 Stopping and Destroying the Container ������������������������������������������������������������������64 Undefining or Deleting a Container from libvirt ������������������������������������������������������65 Virtual Machine Manager GUI ���������������������������������������������������������������� 65 LXC with SaltStack �������������������������������������������������������������������������������� 74 Salt Master Setup ���������������������������������������������������������������������������������������������������75 Remote Salt Minion Setup ��������������������������������������������������������������������������������������77 Salt LXC Management ��������������������������������������������������������������������������������������������80 LXC with Vagrant ����������������������������������������������������������������������������������� 82 LXD-WebGUI ������������������������������������������������������������������������������������������ 85 LXD Configuration ���������������������������������������������������������������������������������������������������89 Using LXD-WebGUI��������������������������������������������������������������������������������������������������92 Summary ����������������������������������������������������������������������������������������������� 95 ■ Chapter 6: Use Cases .................................................................... 97 Using the Pelican Static Site Generator ������������������������������������������������ 98 Running Android CTS Within LXC ��������������������������������������������������������� 102 Running Unit Tests in LXC �������������������������������������������������������������������� 108 Running an Application Inside LXC ������������������������������������������������������ 109 Rolling Out Memcached Instances with LXC ��������������������������������������� 110 Doing a Live Migration with LXD ��������������������������������������������������������� 113 Running Other Architectures ��������������������������������������������������������������� 118 armhf Container ����������������������������������������������������������������������������������������������������119 ppc64el Container ������������������������������������������������������������������������������������������������122 Booting a VM Image in LXC ����������������������������������������������������������������� 123 Using JuJu with LXD ��������������������������������������������������������������������������� 126 Summary ��������������������������������������������������������������������������������������������� 144 ■ Chapter 7: Containers and Security ............................................ 145 Cgroups ����������������������������������������������������������������������������������������������� 145 Capabilities ������������������������������������������������������������������������������������������ 146 AppArmor �������������������������������������������������������������������������������������������� 146 SELinux������������������������������������������������������������������������������������������������ 147 Seccomp ��������������������������������������������������������������������������������������������� 147 User Namespaces ������������������������������������������������������������������������������� 148 Privileged Containers ��������������������������������������������������������������������������������������������148 Unprivileged Containers ���������������������������������������������������������������������������������������148 Containers and Internet of Things (IoT) ����������������������������������������������� 149 Case Study: Ubuntu Snappy Core �������������������������������������������������������� 151 Summary ���������������������������������������������������������������������������������������������
Recommended publications
  • Adding Generic Process Containers to the Linux Kernel
    Adding Generic Process Containers to the Linux Kernel Paul B. Menage∗ Google, Inc. [email protected] Abstract Technically resource control and isolation are related; both prevent a process from having unrestricted access to even the standard abstraction of resources provided by the Unix kernel. For the purposes of this paper, we While Linux provides copious monitoring and control use the following defintions: options for individual processes, it has less support for applying the same operations efficiently to related Resource control is any mechanism which can do either groups of processes. This has led to multiple proposals or both of: for subtly different mechanisms for process aggregation for resource control and isolation. Even though some of these efforts could conceptually operate well together, • tracking how much of a resource is being com- merging each of them in their current states would lead sumed by a set of processes to duplication in core kernel data structures/routines. • imposing quantative limits on that consumption, ei- The Containers framework, based on the existing ther absolutely, or just in times of contention. cpusets mechanism, provides the generic process group- ing features required by the various different resource Typically resource control is visible to the processes be- controllers and other process-affecting subsystems. The ing controlled. result is to reduce the code (and kernel impact) required for such subsystems, and provide a common interface Namespace isolation1 is a mechanism which adds an with greater scope for co-operation. additional indirection or translation layer to the nam- ing/visibility of some unix resource space (such as pro- This paper looks at the challenges in meeting the needs cess ids, or network interfaces) for a specific set of pro- of all the stakeholders, which include low overhead, cesses.
    [Show full text]
  • Ubuntu Server Guide Basic Installation Preparing to Install
    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
    [Show full text]
  • Performance Comparison of Linux Containers (LXC) and Openvz During Live Migration
    Thesis no: MSCS-2016-14 Performance comparison of Linux containers (LXC) and OpenVZ during live migration An experiment Pavan Sutha Varma Indukuri Faculty of Computing Blekinge Institute of Technology SE-371 79 Karlskrona Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fulfilment of the requirements for the degree of Master of Science in Computer Science. The thesis is equivalent to 20 weeks of full-time studies. Contact Information: Author(s): Pavan Sutha Varma Indukuri E-mail: [email protected] University advisor: Sogand Shirinbab Department of Computer Science and Engineering E-mail: [email protected] Faculty of Computing Internet : www.bth.se Blekinge Institute of Technology Phone : +46 455 38 50 00 SE-371 79 Karlskrona, Sweden Fax : +46 455 38 50 57 i i ABSTRACT Context. Cloud computing is one of the most widely used technologies all over the world that provides numerous products and IT services. Virtualization is one of the innovative technologies in cloud computing which has advantages of improved resource utilization and management. Live migration is an innovative feature of virtualization that allows a virtual machine or container to be transferred from one physical server to another. Live migration is a complex process which can have a significant impact on cloud computing when used by the cloud-based software. Objectives. In this study, live migration of LXC and OpenVZ containers has been performed. Later the performance of LXC and OpenVZ has been conducted in terms of total migration time and downtime. Further CPU utilization, disk utilization and an average load of the servers is also evaluated during the process of live migration.
    [Show full text]
  • Ubuntu Core 16 - Security
    Ubuntu Core 16 - Security Whitepaper CANONICAL UBUNTU ENGINEERING AND SERVICES Version: 2.0.0~rc9 Abstract Problem Description Background: classic Ubuntu Trust model: distro Archive integrity Upgrades Software in classic Ubuntu: trusted by the OS Challenges for distro model Staying up to date Boot security System, application and network security Logging Clock synchronization Data encryption Trusted Platform Module Snappy for Ubuntu Core Trust model: snaps and the store Store policies Staying up to date System update process App, gadget and vendor kernel update process Boot security System security System services Users App services and user commands Application security App snaps Gadget snaps Security policy ID Application launch Snappy FHS (filesystem hierarchy standard) Snappy security technologies overview Traditional permissions AppArmor Seccomp Namespaces Control Groups (cgroups) devpts newinstance Ubuntu hardening Snap security policy Default policy Devmode Interfaces Ubuntu Core interfaces Ubuntu Classic interfaces Snap interfaces Interfaces in practice Snap packaging example Access to hardware devices Network security Network interfaces Logging Clock synchronization Data encryption Trusted Platform Module Solution Developer velocity and control Safe, reliable updates for all devices and images Security provides assurances Continued flexibility Conclusion Abstract Ubuntu Core is an important revolutionary step for Ubuntu. While it builds upon Linux traditions, Snappy for Ubuntu Core sharply focuses on predictability, reliability and security while at the same time enabling developer freedom and control. Problem The Linux distribution model is an established and well understood model for computing systems: start with a Linux kernel, add some low-level software to install, manage and use applications and then add some default applications with additional applications installable by other means, usually over the internet via a distribution software archive.
    [Show full text]
  • Container Technologies on IBM Z and Linuxone and Their Orchestration
    Container technologies on IBM Z and LinuxONE and their Orchestration Wilhelm Mild IBM Executive IT Architect for Mobile, IBM Z and Linux IBM R&D Lab, Germany Agenda ➢ Container technologies and Ecosystem ➢ Container Orchestration Kubernetes © Copyright IBM Corporation 2017. Technical University/Symposia materials may not be reproduced in whole or in 2 part without the prior written permission of IBM. 2 IBM Z Virtualization options and Container Server virtualization. There are typically Application isolation. There are typically dozens or hundreds of Linux servers in a thousands Containers in Linux on IBM Z. LPAR virtualized using z/VM or KVM. IBM Z Linux Linux SSC Linux Linux 2 Linux Virtual Secure Linux Linux CPUs z/OS or Linux ServiceLinux (cores) z/TPF or Container KVM Linux z/VM zCX Linux (SSC) z/VSE or Virtual CPUs Server Linux (cores) virtualization KVM z/VM LPAR LPAR1 LPAR2 LPAR3 LPAR4 virtualization Logical (PR/SM or DPM) CPUs (cores) Real P1 P2 P3 P5 P6 P7 P8 P4 CPUs* (cores) P1 – P8 are Central Processor Units (CPU -> core) or Integrated Facility for Linux (IFL) Processors (IFL -> core) * - One shared Pool of cores per System only 3 Note: - LPARs can be managed by traditional PR/SM 2020 IBM Corporation Linux Containers - based on control groups and namespaces for isolation The goal was to offer a Linux distro and vendor neutral environment for the development of Linux container technologies. ⚫ To simplify: − “cgroups” will allocate & control resources in your container ⚫ CPU ⚫ Memory Container 1 Container 2 ⚫ Disk I/O throughput Kernel Kernel Namespaces Namespaces − “namespace” will isolate App App ⚫ process IDs ⚫ Hostnames cgroups cgroups ⚫ User IDs App App App ⚫ network access Kernel ⚫ interprocess communication ⚫ filesystems Linux Guest © Copyright IBM Corporation 2017.
    [Show full text]
  • OS-Level Virtualization
    OS-Level Virtualization CS-423 Project Team Members: Spring 2016 Vikas Jain (vjain11) Vibha Goyal (vgoyal5) Nitin Kundapur Bhat(nbhat4) What are containers? • Server-virtualization C1 C3 • Multiple isolated user-space instances (instead of one) on a single kernel of the C2 operating system Operating System • Separate out a user instance from another Hardware • Also called software containers, jails How are they different from VMs? VM1 VM2 VM3 C1 C3 Hypervisor C2 Operating System Operating System Hardware Hardware Virtual Machines Containers How are they different from VMs? Virtual Machines Containers • Abstracts the hardware • Abstracts the operating system • Different guest operating Systems • Single operating system • Heterogeneous (high versatility) • Homogeneous • Low Density • High Density • Overhead as it is not light weight • Less overhead as it is light weight Advantages over whole-system virtualization As all containers use the same OS underneath, it leads to the following benefits: • They use less CPU and Memory for running the same workloads as virtual machines. • The time to initiate a container is smaller as compared to VMs. • On a machine, we can have many have many more user containers (~100) as compared to a small number of user VMs (~10) Limitations • Less Flexibility: Cannot host a guest OS different from the host, or a different guest kernel • Security: As containers run on top of same OS, security issues exist from adjacent containers Use Cases • Virtual hosting environments, where it is useful for securely allocating finite hardware resources amongst a large number of mutually-distrusting users. • Operating-system-level virtualization implementations capable of live migration can also be used for dynamic load balancing of containers between nodes in a cluster.
    [Show full text]
  • Linux Containers Basic Concepts
    Linux Containers Basic Concepts Lucian Carata FRESCO Talklet, 3 Oct 2014 Underlying kernel mechanisms cgroups manage resources for groups of processes namespaces per process resource isolation seccomp limit available system calls capabilities limit available privileges CRIU checkpoint/restore (with kernel support) cgroups - user space view low-level filesystem interface similar to sysfs (/sys) and procfs (/proc) new filesystem type “cgroup”, default location in /sys/fs/cgroup cgroup hierarchies each subsystem can be subsystems (controllers) used at most once* cpu cpuacct cpuset cpu cpuacct memory hugetbl devices blkio net_cls net_prio memory freezer perf built as kernel module top level cgroup (mount) cgroups - user space view cgroup hierarchies common cpuacct cpu cpu cpuacct tasks cpuacct.stat cpu.stat cgroup.procs cpuacct.usage cpu.shares release_agent cpuacct.usage_percpu cpu.cfs_period_us notify_on_release cpu.cfs_quota_us memory cgroup.clone_children cpu.rt_period_us cgroup.sane_behavior cpu.rt_runtime_us cpuset memory hugetbl devices blkio net_cls net_prio freezer perf cgroups - kernel space view include / linux / cgroup.h kernel code for attach/detaching task from css_set list of all tasks using the same cgroups - kernel space view include / linux / cgroup.h include / linux / cgroup_subsys.h list of all tasks using the same cgroups - kernel space view include / linux / cgroup_subsys.h cgroups - summary cgroup hierarchies each subsystem can be subsystems (controllers) used at most once* cpu cpuacct cpuset cpu cpuacct memory hugetbl
    [Show full text]
  • Resources Utilization and Allocation – Final Report
    Ref. Ares(2019)1458230 - 04/03/2019 Resources Utilization and Allocation – Final Report Co-funded by the Horizon 2020 Framework Programme of the European Union DELIVERABLE NUMBER D5.9 DELIVERABLE TITLE Resources Utilization and Allocation – Final Report RESPONSIBLE AUTHOR Scionti A. (ISMB) OPERA: LOw Power Heterogeneous Architecture for Next Generation of SmaRt Infrastructure and Platform in Industrial and Societal Applications GRANT AGREEMENT N. 688386 PROJECT REF. NO H2020- 688386 PROJECT ACRONYM OPERA LOw Power Heterogeneous Architecture for Next Generation of SmaRt PROJECT FULL NAME Infrastructure and Platform in Industrial and Societal Applications STARTING DATE (DUR.) 01/12/2015 ENDING DATE 30/11/2018 PROJECT WEBSITE www.operaproject.eu WORKPACKAGE N. | TITLE WP5 | Optimized Workload Management on Heterogeneous Architecture WORKPACKAGE LEADER IBM DELIVERABLE N. | TITLE D5.9 | Resources Utilization and Allocation – Final Report RESPONSIBLE AUTHOR Scionti A. (ISMB) DATE OF DELIVERY (CONTRACTUAL) 30/09/2018 (M34) DATE OF DELIVERY (SUBMITTED) 15/02/2019 (Resubmission) VERSION | STATUS V2.0 | Update NATURE R(Report) DISSEMINATION LEVEL PU(Public) Scionti A. (ISMB ); Lubrano F. (ISMB ); Nider J. (IBM) ; Rapoport M. (IBM) , AUTHORS (PARTNER) Gallig R. (HPE) D5.9 | Resources Utilization and Allocation – Final Report 1 OPERA: LOw Power Heterogeneous Architecture for Next Generation of SmaRt Infrastructure and Platform in Industrial and Societal Applications VERSION MODIFICATION(S) DATE AUTHOR(S) Scionti A. (ISMB), 0.1 Initial structure and TOC 28/08/2018 Lubrano F. (ISMB) Scionti A. (ISMB), Lubrano F. (ISMB), 0.2 First draft 29/08/2018 Nider J. (IBM), Rapoport M. (IBM) Scionti A. (ISMB), Lubrano F. (ISMB), 0.3 Second draft 17/09/2018 Nider J.
    [Show full text]
  • Linux Containers and the Future Cloud
    Linux Containers and the Future Cloud Rami Rosen [email protected] http://ramirose.wix.com/ramirosen 1 About me ● Bio: Rami Rosen, a Linux kernel expert, author of a recently published book, “Linux Kernel Networking - Implementation and Theory”, 648 pages, Apress, 2014. http://ramirose.wix.com/ramirosen 2 Table of Contents Namespaces – Namespaces implementation – UTS namespace – Network Namespaces – PID namespaces Cgroups – cgroups and kernel namespaces – cgroups VFS – devices cgroup controller Linux containers – LXC management Docker – Dockerfile CRIU http://ramirose.wix.com/ramirosen 3 General ● Lightweight process virtualization is not new. – Solaris Zones. – BSD jails. – AIX WPARs (Workload Partitions). – Linux-based containers projects. ● Why now ? – Primarily because kernel support is now available (namespaces and cgroups). ● Kernel 3.8 (released in February 2013). http://ramirose.wix.com/ramirosen 4 Scope and Agenda ● This lecture is a sequel to a lecture given in May 2013 in Haifux: “Resource Management in Linux”, http://www.haifux.org/lectures/299/ Agenda: ● Namespaces and cgroups – the Linux container building blocks. ● Linux-based containers (focusing on the LXC Open Source project, implementation and some hands-on examples). ● Docker – an engine for creating and deploying containers. ● CRIU (Checkpoint/restore in userspace) Scope: – We will not deal in depth with security aspects of containers. – We will not deal with containers in Android. http://ramirose.wix.com/ramirosen 5 Namespaces There are currently 6 namespaces: ● mnt (mount points, filesystems) ● pid (processes) ● net (network stack) ● ipc (System V IPC) ● uts (hostname) ● user (UIDs) – Eric Biederman talked about 10 namespaces in OLS 2006. ● security namespace and security keys namespace will probably not be developed (replaced by user namespaces) ● time namespace.
    [Show full text]
  • LXCF: Tools for Dividing Host OS Into Container with Libvirt-LXC
    LXCF: Tools for Dividing Host OS into Container with libvirt-LXC May 20, 2014 Yasunori Goto / Hideyuki Niwa Fujitsu Limited Copyright 2014 FUJITSU LIMITED Who are we? Yasunori Goto (Speaker) Leader for KVM and LXC development team of Fujitsu • developed Linux memory hotplug with community until 2008 • joined customer support team to analyze users troubles about Linux kernel for several years • returned to the Linux development team last year Hideyuki Niwa Author of LXCF • developed UNIX OS for super computer with vector processor • joined Linux division and has worked for Linux now Copyright 2014 FUJITSU LIMITED Agenda Basis of LXC Why we are developing LXCF Design of LXCF How to use Copyright 2014 FUJITSU LIMITED Basis of LXC Copyright 2014 FUJITSU LIMITED Linux Container Linux Container is an OS level virtualization method It provides multiple isolated environments on one host • User can execute many services on the host No need to emulate hardware like virtual machine • Performance is better than virtual machine application application Middleware Middleware Guest OS Guest OS application application virtual machine virtual machine middle ware middle ware Hypervisor OS bare metal bare metal virtual machine container Linux container Container Copyright 2014 FUJITSU LIMITED User-land tools of LXC To use Linux Container, user-land tool is necessary Kernel provides only... • system calls to manage namespace (clone(), unshare(), and setns()) • interfaces for resource control (cgroup) There are many user-land tool set LXC (userland toolset which is simply called as “LXC”) • well developed tool to use Linux Container feature Libvirt-lxc • provides core feature for Linux Container with libvirt Docker • “The hottest” • “Linux Container” + “git style image management” • for immutable system etc • lmctfy, systemd-nspawn Copyright 2014 FUJITSU LIMITED Note in this presentation The name of “LXC” has 2 meanings 1.
    [Show full text]
  • An Updated Performance Comparison of Virtual Machines and Linux Containers
    RC25482 (AUS1407-001) July 21, 2014 Computer Science IBM Research Report An Updated Performance Comparison of Virtual Machines and Linux Containers Wes Felter, Alexandre Ferreira, Ram Rajamony, Juan Rubio IBM Research Division Austin Research Laboratory 11501 Burnet Road Austin, TX 78758 USA Research Division Almaden – Austin – Beijing – Cambridge – Dublin - Haifa – India – Melbourne - T.J. Watson – Tokyo - Zurich LIMITED DISTRIBUTION NOTICE: This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). Many reports are available at http://domino.watson.ibm.com/library/CyberDig.nsf/home. An Updated Performance Comparison of Virtual Machines and Linux Containers Wes Felter, Alexandre Ferreira, Ram Rajamony, Juan Rubio IBM Research, Austin, TX fwmf, apferrei, rajamony, [email protected] Abstract—Cloud computing makes extensive use of virtual Within the last two years, Docker [45] has emerged as a machines (VMs) because they permit workloads to be isolated standard runtime, image format, and build system for Linux from one another and for the resource usage to be somewhat containers. controlled. However, the extra levels of abstraction involved in virtualization reduce workload performance, which is passed This paper looks at two different ways of achieving re- on to customers as worse price/performance.
    [Show full text]
  • Providing Virtualized Storage for OS-Level Virtualization On
    MultiLanes: Providing Virtualized Storage for OS-level Virtualization on Many Cores Junbin Kang, Benlong Zhang, Tianyu Wo, Chunming Hu, and Jinpeng Huai, Beihang University https://www.usenix.org/conference/fast14/technical-sessions/presentation/kang This paper is included in the Proceedings of the 12th USENIX Conference on File and Storage Technologies (FAST ’14). February 17–20, 2014 • Santa Clara, CA USA ISBN 978-1-931971-08-9 Open access to the Proceedings of the 12th USENIX Conference on File and Storage Technologies (FAST ’14) is sponsored by MultiLanes: Providing Virtualized Storage for OS-level Virtualization on Many Cores Junbin Kang, Benlong Zhang, Tianyu Wo, Chunming Hu, and Jinpeng Huai Beihang University, Beijing, China kangjb, woty, hucm @act.buaa.edu.cn, [email protected], [email protected] { } Abstract high efficiency [32]. Previous work on OS-level virtual- ization mainly focuses on how to efficiently space parti- OS-level virtualization is an efficient method for server tion or time multiplex the hardware resources (e.g., CPU, consolidation. However, the sharing of kernel services memory and disk). among the co-located virtualized environments (VEs) in- However, the advent of non-volatile memory tech- curs performance interference between each other. Es- nologies (e.g., NAND flash, phase change memories pecially, interference effects within the shared I/O stack and memristors) creates challenges for system software. would lead to severe performance degradations on many- Specially, emerging fast storage devices built with non- core platforms incorporating fast storage technologies volatile memories deliver low access latency and enor- (e.g., non-volatile memories). mous data bandwidth, thus enabling high degree of This paper presents MultiLanes, a virtualized storage application-level parallelism [16, 31].
    [Show full text]