REDEFINING THE ENTERPRISE OS RED HAT ENTERPRISE LINUX 7 Rodrigo Freire Sr. Technical Account Manager 29/Ago/2014 1 Rodrigo Freire / Ron Pacheco Roadmap At A Glance CY2010 CY2011 CY2012 CY2013 CY2014 RHEL 7 .0 RHEL 6 .0 .1 .2 .3 .4 .5 .6 RHEL 5 .5 .6 .7 .8 .9 .10 .11 Production 1 Production 2 Production 3 *All dates are approximate and subject to change 2> Rodrigo Freire / Ron Pacheco Application Isolation via Containers CONTAINERS ENABLE CONTINUOUS DELIVERY APP HOST OS SERVER LIBS CONTAINER CONTAINER APP LIBS HOST OS SERVER DEVELOPMENT FOCUS OPERATIONS FOCUS ● CODE ● HARDWARE ● APPLICATIONS ● OPERATING SYSTEM ● LIBRARIES AND OTHER ● NETWORKING DEPENDENCIES ● MONITORING ● DATA STORE 4 Rodrigo Freire / Ron Pacheco RHEL 7 Containers Architecture with Docker CLI Containers Containers Containers DOCKER CLI Docker Image SYSTEMD Unit File Cgroups Namespaces SELinux Drivers RHEL Kernel Hardware (Intel, AMD) 5 Rodrigo Freire / Ron Pacheco BENEFITS OF LINUX CONTAINERS 6 Rodrigo Freire / Ron Pacheco MORE EFFICIENT INSTALLATION AND DEPLOYMENT SPEED DEPLOYMENT IN-PLACE UPGRADES PRIORITIZE CRITICAL WITH SERVER PROFILES FROM 6.X TO 7 SERVICES AT START-UP EASILY CREATE CUSTOM SAFELY ROLL-BACK DRAMATICALLY SPEED INSTALL IMAGES DURING INSTALL START-UP TIMES 8 Rodrigo Freire / Ron Pacheco Create, Install, Deploy & Manage Custom Install Images using Live Media Creator Easier installation, deployment, and custom image creation/management across large-scale enterprises ● Spin custom installable images with the help of Live Media Creator Content Sources Custom Image (Repositories) 10 Rodrigo Freire / Ron Pacheco Image Deployment with Anaconda Kickstart ● Filesystem Image Deployment ● kickstart liveimg command ● Same family as url, harddrive, &c ● Deployment of pre-created filesystem images ● Supports squashfs compressed images ● Manual deployment of partitioned disk images for virt usage ● live images must contain the utilities needed by anaconda to perform the OS installation 11 Rodrigo Freire / Ron Pacheco CENTRALIZED MANAGEMENT AND FASTER BOOT UP ● Gain centralized management of “Systemd is my favorite feature so far. processes, services, security, We deal with lots of init scripts currently; I’m already seeing great and other resources improvements by switching most of them to systemd.”1 ● Prioritize critical services and deliver production support while IT Architect, Medium Enterprise Media & less critical resources are still Entertainment Company initializing ● Dramatically decrease start up times ● Compatible with existing scripts (SysV and LSB init scripts) 1 Source: Research by TechValidate: www.techvalidate.com/product-research/red-hat-enterprise-linux TVID: 6D2-C98-90F 12 Rodrigo Freire / Ron Pacheco MANAGEABILITY WITH OPEN LMI ● Open MANAGEMENT SYSTEM PYTHON CUSTOM SHELL standards-based JBOSS management SCRIPTS APPS SCRIPTS LMI framework for PYTHON C/C++ JAVA CLI low-level system SHELL configuration OpenLMI Client Interface Libraries ● Unified management tools and MANAGED SYSTEMS system-wide OpenLMI Object Broker resource management allow OTHER NETWORK STORAGE SERVICESSOFTWARE users to streamline AGENTS SYSTEM administration USERS SECURITY MONITOR CONFIG 13 Rodrigo Freire / Ron Pacheco File System Choice CHOICE OF FILE SYSTEMS RED HAT ENTERPRISE LINUX 7 RC ● Scale file systems to 500TB with new default filesystem XFS “The default XFS ● Scale to 50TB with ext4 filesystem is just great!!”1 2 ● Btrfs also available IT Specialist, ● Parallel NFS v4 provides improved performance US Federal Government and throughput Supported Type Root Boot Comments Limit Single-node XFS 500TB Yes Yes System default ext4 50TB Yes Yes Driver allow access to older versions (ext2, ext3). btrfs2 50TB Yes Yes Network/Multi-node GFS2 2-16 nodes Yes No Shared-storage file system 1 Source: Research by TechValidate: www.techvalidate.com/product-research/red-hat-enterprise-linux TVID: 6D2-C98-90F 2 Available as a Technology Preview 15 Rodrigo Freire / Ron Pacheco Storage RHEL 7 Storage Enhancements ● SSD’s ● Hierarchical/Tiered storage (Device mapper cache) ● MultiQ block layer design ● Interconnect support – upstream dependent (NVMe, SOP, SAS-3) ● Linux-IO SCSI Target (LIO) ● Asynchronous SCSI events ● Software RAID enhancements 17 Rodrigo Freire / Ron Pacheco Storage Management APIs and CLI ● libstoragemgt manages SAN and NAS ● liblvm is the API equivalent of LVM user commands ● Blivet is a new high level storage and file system library that will be used by anaconda and OpenLMI ● Storage system manager provides an easy to use command line interface Unification of storage management code 18 Rodrigo Freire / Ron Pacheco Networking Team Driver ● Mechanism to aggregate multiple network devices into a single logical interface at the data link layer (L2.) ● Alternative to the existing Linux Bonding driver that provides many advantages over traditional bonding. ● Mostly implemented in user space with only the data fast-path implemented in the kernel. ● Supports IEEE 802.3ad (IEEE 802.1ax) LACP + many proprietary standards. ● Performance is equal or better than Linux Bonding driver and provides nearly identical functionality including some added improvements. 20 Rodrigo Freire / Ron Pacheco Other Network Features and Improvements ● Network Namespaces ● Lightweight container-based virtualization allowing virtual network stacks to be associated with a process group. Essentially, another copy of the network stack. ● Network Priority Control Group (cgroup) ● Provides an interface to allow an administrator to dynamically set the priority of network traffic generated by various applications. ● Firewalld ● New dynamic firewall service providing greater flexibility over iptables by eliminating service disruptions during rule updates, abstraction, and support for different network trust zones. ● TCP ● Numerous performance and latency improvements including Fast Open, Tail Loss Probe (TLP) Algorithm, Early Retransmit (ER), Proportional Rate Reduction (PRR) and low latency sockets using Busy Poll ● 127.0.0.0/8 routing ● Useful for private blocks-depleted networks, providing local tenant systems a local network without the risk of clashing network blocks. 21 Rodrigo Freire / Ron Pacheco Optimal Performance and Monitoring OPTIMAL PERFORMANCE VIA PROFILES Optimal performance management via enhanced performance tuning at install, simplified instrumentation and tuning features, and performance monitoring tooling PERFORMANCE CO-PILOT (PCP) THERMOSTAT (FOR JVMs) 23 Rodrigo Freire / Ron Pacheco Profiling and Monitoring - Tuna ● Tool for fine grained control ● Display applications / processes ● Displays CPU enumeration ● • Socket (useful for NUMA tuning) ● • Dynamic control of tuning ● Process affinity ● Parent & threads ● Scheduling policy ● Device IRQ priorities, etc 24 Rodrigo Freire / Ron Pacheco Performance -Tuned ● Re-written for maintainability and extensibility. ● Optional hook/callout capability ● Adds concept of Inheritance (just like httpd.conf) ● Configuration is now consolidated a single tuned.conf file ● Profiles updated for RHEL7 features and characteristic 25 Rodrigo Freire / Ron Pacheco Performance - numabalance ● Simplify and automate numa management ● numabalance scheduler ● Tries to move/keep tasks and their memory “NUMA-local” ● Enable / Disable / Tracing ● sysctl kernel.numa_balancing=0/1 ● perf list | grep numa 26 Rodrigo Freire / Ron Pacheco Windows Interoperability WINDOWS INTEROPERABILITY VIA DIRECT INTEGRATION MICROSOFT “Windows Domain interoperability is what I ACTIVE DIRECTORY am looking forward to. We have a large Windows domain with 10k Windows workstations and 1300 Windows servers. Being able to authenticate and interact with Active Directory is a very high priority for us.”1 Lynn Dixon, System Administrator, Mohawk Industries SSSD RHEL 1 Source: Research by TechValidate: www.techvalidate.com/product-research/red-hat-enterprise-linux 28 Rodrigo Freire / Ron Pacheco WINDOWS INTEROPERABILITY VIA INDIRECT INTEGRATION MICROSOFT IDENTITY ACTIVE DIRECTORY MANAGEMENT ALLOWS FOR EASIER CENTRALIZED TRUST NATIVE LINUX MANAGEMENT OF MULTIPLE LINUX CLIENTS SSSD RHEL 1 Source: Research by TechValidate: www.techvalidate.com/product-research/red-hat-enterprise-linux 29 Rodrigo Freire / Ron Pacheco RED HAT ENTERPRISE LINUX 7HIGHLIGHTS RED HAT 30 STABLE AND FLEXIBLE EFFICIENT CERTAINTY OF MISSION-CRITICAL RELIABILITY AND MILITARY-GRADE SECURITY MILITARY-GRADE AND RELIABILITY MISSION-CRITICAL OF CERTAINTY APPLICATION ISOLATION APPLICATION (LINUX CONTAINERS) (LINUX PERFORMANCE LIGHTWEIGHT LIGHTWEIGHT VIA PROFILES VIA OPTIMAL OPTIMAL Rodrigo Freire / Ron Pacheco / Freire Rodrigo INTEROPERABILITY INTEROPERABILITY INSTALLATION AND AND INSTALLATION STREAMLINED STREAMLINED DEPLOYMENT WINDOWS WINDOWS SYSTEM MANAGEMENT SYSTEMMANAGEMENT FILE SYSTEMS FILE VIA OPENLMI VIA SCALABLE SCALABLE RED HAT ENTERPRISE LINUX 7 RETHINK YOUR ENTERPRISE OS FLEXIBILITY to quickly adapt to demands for business agility CERTAINTY of mission-critical reliability and STABILITY military-grade security to efficiently meet current challenges of datacenter virtualization and cloud 90% OF FORTUNE 500 COMPANIES TRUST RED HAT ENTERPRISE LINUX FOR THEIR CRITICAL BUSINESS INFRASTRUCTURE. 31 Rodrigo Freire / Ron Pacheco THANK YOU! Rodrigo Freire [email protected] http://people.redhat.com/rfreire/cce-rhel7-rio.pdf.