28
© dbi services dbi services Linux Containers 1 26.04.2012 www.dbi-services.com David Hueber Senior Consultant Head of Service Management Grégory Steulet Senior Consultant Region Manager

Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

Embed Size (px)

DESCRIPTION

Découvrez comment virtualiser vos serveurs avec Linux Containers (LXC), afin de dupliquer à volonté des environnements Linux avec un impact minimum sur les performances. Vous apprendrez comment isoler ces différents environnements virtuels tout en limitant les ressources qui leurs sont allouées. Nous vous montrerons également les avantages et inconvénients de cette solution par rapport aux autres possibilités de virtualisation.

Citation preview

Page 1: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

dbi services

Linux Containers

1 26.04.2012 www.dbi-services.com

David Hueber

Senior Consultant

Head of Service Management

Grégory Steulet

Senior Consultant

Region Manager

Page 2: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Agenda

i. Introduction to virtualization

ii. Containers presentation

iii. Resources management – Cgroups

iv. System Container Demo

v. Core messages

26.04.2012 2 www.dbi-services.com

Linux Containers

Agenda

Page 3: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Why using virtualization with Oracle products ?

Resource usage optimization

Hardware cost reduction

Maintenance cost reduction

Facility cost reduction

Flexibility improvement

Availability facility

Flexibility of allocated resources – vertical scalability

Easy deployment and migration

Oracle License cost reduction – Hard partitioning only

http://www.oracle.com/us/corporate/pricing/partitioning-070609.pdf

Introduction to virtualization

www.dbi-services.com 3 26.04.2012

Linux Containers

Page 4: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

partioning-070609.pdf

Introduction to virtualization

www.dbi-services.com 4 26.04.2012

Linux Containers

“Hard partitioning physically segments a server, by taking a single large server and

separating it into distinct smaller systems.

Oracle has deemed certain technologies, possibly modified by configuration

constraints, as hard partitioning, and no other technology or configuration qualify.

Approved hard partitioning technologies include:

Solaris 10 Containers (capped Containers only),

LPAR (adds DLPAR with AIX 5.2),

Integrity Virtual Machine (capped partitions only), Secure Resource Partitions (capped

partitions only), …

Oracle VM Server for x86 may be used as hard partitioning technology only as

described in the following document:

http://www.oracle.com/technology/tech/virtualization/pdf/ovm-hardpart.pdf.

…”

Page 5: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Oracle certified virtualization solutions

Complete list of certified virtual environments

http://www.oracle.com/technetwork/database/virtualizationmatrix-172995.html

Actually not certified

VMware products – note ID 249212.1

KVM and XEN solutions by Red Hat, Novell or XenSource - note ID 417770.1

LXC (Linux containers)

Introduction to virtualization

www.dbi-services.com 5 26.04.2012

Linux Containers

Platform Virtualization Technology OS Oracle DB version

Linux x86 Oracle VM

Oracle VM2 11gR1/11gR2

Oracle VM3 11gR2

Oracle VM Live Migration Oracle VM2 11gR1/11gR2

Page 6: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Virtualisation – Hypervisor type 1

Hypervisor act as an interface between Hardware and “Invited” OS

Examples: Oracle VM – VMware ESX(i) – Microsoft Hyper-V

Introduction to containers

www.dbi-services.com 6 26.04.2012

Linux Containers

Hardware

Hypervisor

Drivers Drivers Drivers

Privileged OS Invited OS Invited OS

Management Software

Application 1 Application N

Page 7: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Virtualisation – Hypervisor type 2

Software running virtual machines and emulating the hardware

Examples: Oracle VirtualBox – VMware Player – Microsoft VirtualPC

Introduction to containers

www.dbi-services.com 7 26.04.2012

Linux Containers

Hardware

Host OS

Management Software

Drivers

Invited OS

Application 1

Drivers

Invited OS

Application N

Emulator

Page 8: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Virtualisation – Operating System Level

Virtual environments isolating applications / processes

Examples: Linux Container – chroot - OpenVZ

Introduction to containers

www.dbi-services.com 8 26.04.2012

Linux Containers

Hardware

Host OS

Management Software

Isolator

Application 1

Isolator

Application N

Page 9: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Agenda

i. Introduction to virtualization

ii. Containers presentation

iii. Resource management – Cgroups

iv. System Container Demo

v. Core messages

26.04.2012 9 www.dbi-services.com

Linux Containers

Agenda

Page 10: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Containers presentation

www.dbi-services.com 10 26.04.2012

Linux Containers

Support.oracle.com - Bug 12696082: LINUX CONTAINERS (LXC)

Comment submitted by Lenz Grimmer (Senior Oracle Manager, Oracle Linux at Oracle) Linux Containers (lxc) - this is not fully supported as of today, but will play an important role going forward. Verify if Linux Containers is supported in the Linux release you update training for and include appropriately. Alternatively include reference to OIG. *** 04/04/12 08:21 am ***

Page 11: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Virtualisation – Operating System Level

Virtual environments isolating applications / processes

Containers presentation

www.dbi-services.com 11 26.04.2012

Linux Containers

Hardware

Host OS

Management Software(s)

Application 1 Application N

Invited OS Invited OS

KERNEL

Page 12: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

What is it ?

Operating system-level virtualization method

Running multiple isolated environment (containers)

Each has its own processes and network space

Linux Containers relies on:

Namespace-isolation functionality

Resource management implemented via cgroups functionality

Namespace-isolation is a kernel feature to limit and isolate resources usage such as CPU, memory, disk I/O of a process group

cgroups (control groups) is a kernel feature to allocate resources usage such as CPU, memory, disk I/O to a process group

Containers presentation

www.dbi-services.com 12 26.04.2012

Linux Containers

Page 13: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Two kinds of containers:

1. Application containers

2. System containers

Application Containers – application that only create separate namespaces

Containers presentation

www.dbi-services.com 13 26.04.2012

Linux Containers

Usage: lxc-execute --name=NAME --COMMAND

lxc-execute creates a container with the identifier NAME and execs COMMAND into

this container.

Options :

-n, --name=NAME NAME for name of the container

-f, --rcfile=FILE Load configuration file FILE

-s, --define KEY=VAL Assign VAL to configuration variable KEY

lxc-execute –n ContTerm -f lxc-myconf.conf /bin/bash

Page 14: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Application Containers

Containers presentation

www.dbi-services.com 14 26.04.2012

Linux Containers

[root@vmlxctest1 ~]# ps -ef |grep lxc

avahi 1674 1 0 18:37 ? 00:00:00 avahi-daemon: running

[vmlxctest1.local]

root 14512 14418 0 19:45 pts/0 00:00:00 lxc-execute -n test xclock

root 14513 14512 0 19:45 pts/0 00:00:00 /usr/lib64/lxc/lxc-init -- /bin/bash

root 14514 14513 0 19:45 pts/0 00:00:00 xclock

---

[root@ContTerm~]# ps -ef

UID PID PPID C STIME TTY TIME CMD

root 1 0 0 19:45 pts/0 00:00:00 /usr/lib64/lxc/lxc-init -- /bin/bash

root 2 1 0 19:45 pts/0 00:00:00 xclock

root 15 2 0 19:45 pts/0 00:00:00 ps -ef

Single Host Controller

+ lxc-execute

+ lxc-init + lxc-init

+ <Application>

Application Container

+ <App.>

Page 15: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Application Container

Environment

Oracle Enterprise Linux 6.2 x64

Kernel 2.6-39

Demo 1

Bash terminal in an Application Container

Networking

Start an Oracle database

Demo 2

Oracle in a background Application Container

Freeze and Unfreeze the container

Containers presentation

www.dbi-services.com 15 26.04.2012

Linux Containers

Page 16: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

System Containers

Have their own Linux Operating System, as Virtual Machines

Consume less resources

have decreased isolation against control host (same Linux kernel)

Containers presentation

www.dbi-services.com 16 26.04.2012

Linux Containers

Usage: lxc-start --name=NAME --COMMAND

lxc-start start COMMAND in specified container NAME

Options :

-n, --name=NAME NAME for name of the container

-d, --daemon daemonize the container

-f, --rcfile=FILE Load configuration file FILE

-c, --console=FILE Set the file output for the container console

-s, --define KEY=VAL Assign VAL to configuration variable KEY

If no command is specified, lxc-start will use the default "/sbin/init"

command to run a system container.

[root@oel62 ~]#lxc-start –n ol5test1

Page 17: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Operations on a container

Signalling

Pausing

Freeze

Unfreeze

Stopping

Destroying

Containers presentation

www.dbi-services.com 17 26.04.2012

Linux Containers

[root@oel62 ~]#lxc-kill -n ol5test1 9

[root@oel62 ~]#lxc-freeze -n ol5test1

[root@oel62 ~]#lxc-unfreeze -n ol5test1

[root@oel62 ~]#lxc-stop -n ol5test1

[root@oel62 ~]#lxc-destroy -n ol5test1

Page 18: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Agenda

i. Introduction to virtualization

ii. Containers presentation

iii. Resource management – Cgroups

iv. System Container Demo

v. Core messages

26.04.2012 18 www.dbi-services.com

Linux Containers

Agenda

Page 19: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Cgroup Model

blkio — this subsystem sets limits on input/output access to and from block devices such as physical drives (disk, solid state, USB, etc.)

cpu — this subsystem uses the scheduler to provide cgroup tasks access to the CPU

cpuacct — this subsystem generates automatic reports on CPU resources used by tasks in a cgroup

cpuset — this subsystem assigns individual CPUs (on a multicore system) and memory nodes to tasks in a cgroup.

Resource management - Cgroups

www.dbi-services.com 19 26.04.2012

Linux Containers

Page 20: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Cgroup Model

devices — this subsystem allows or denies access to devices by tasks in a cgroup

freezer — this subsystem suspends or resumes tasks in a cgroup

memory — this subsystem sets limits on memory use by tasks in a cgroup, and generates automatic reports on memory resources used by those tasks

net_cls — this subsystem tags network packets with a class identifier (classid) that allows the Linux traffic controller (tc) to identify packets originating from a particular cgroup task

ns — the namespace subsystem

Resource management - Cgroups

www.dbi-services.com 20 26.04.2012

Linux Containers

Page 21: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

[root@oel62 ~]# mkdir /cgroup/blkio/lab1

[root@oel62 ~]# mkdir /cgroup/blkio/lab2

Resource management - Cgroups

www.dbi-services.com 21 26.04.2012

Linux Containers

Creation of two cgroups for the blkio subsystem

Finding major and minor number for /u01 - /dev/sde1

[root@oel62 ~]# df -h | grep /u01

/dev/sde 9.9G 2.0G 7.5G 21% /u01

[root@oel62 ~]# ls -l /dev/sde

brw-rw----. 1 root disk 8, 64 Apr 7 12:04 /dev/sde

Setting various blkio upper limit for read operations per second to 100Mb/s and 50Mb/s

[root@oel62 ~]# echo "8:64 104857600" >

/cgroup/blkio/lab1/blkio.throttle.read_bps_device

[root@oel62 ~]# echo "8:64 52428800" >

/cgroup/blkio/lab2/blkio.throttle.read_bps_device

Cgroup demonstration with blkio

Page 22: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

[root@oel62 ~]# dd if=/dev/zero of=/u01/file_1 bs=1M count=3000

[root@oel62 ~]# dd if=/dev/zero of=/u01/file_2 bs=1M count=3000

Resource management - Cgroups

www.dbi-services.com 22 26.04.2012

Linux Containers

Creation of two 3Gb file (file_1 and file_2)

Reading first file with cgroup lab1 and executing iotop

[root@oel62 ~]# cgexec -g blkio:lab1 time dd if=/u01/file_1 of=/dev/null

[root@oel62 ~]# iotop -o

Total DISK READ: 98.93 M/s | Total DISK WRITE: 0.00 B/s

TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND

1567 be/4 root 98.93 M/s 0.00 B/s 0.00 % 61.95% dd if=/u01/file_1 of..

Reading first file with cgroup lab2 and executing iotop

[root@oel62 ~]# cgexec -g blkio:lab2 time dd if=/u01/file_2 of=/dev/null

[root@oel62 ~]# iotop -o

Total DISK READ: 48.09 M/s | Total DISK WRITE: 0.00 B/s

TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND

1565 be/4 root 51.57 M/s 0.00 B/s 0.00 % 74.19% dd if=/u01/file_2 of..

Page 23: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Agenda

i. Introduction to virtualization

ii. Containers presentation

iii. Resource management - Cgroups

iv. System Container Demo

v. Core messages

26.04.2012 23 www.dbi-services.com

Linux Containers

Agenda

Page 24: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

System Container

Environment

Oracle Enterprise Linux 6.2 x64

Kernel 2.6-39

Demo 1

Start a system container

See configuration file

See processes and file system

Demo 2

See template principle

Deploy a system container from a template

Containers presentation

www.dbi-services.com 24 26.04.2012

Linux Containers

Page 25: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Agenda

i. Introduction to virtualization

ii. Containers presentation

iii. Resource management - Cgroups

iv. System Container Demo

v. Core messages

26.04.2012 25 www.dbi-services.com

dbi services current situation

Agenda

Page 26: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Part of the Linux Kernel

Available on almost all distribution

Future technology for Oracle products

Presented as key feature in the Oracle Linux roadmap (OOW11)

Performance efficiency

Resources usage

Fine grained resources allocation

Easy implementation and maintenance

Mainly for Application Containers

Core messages

www.dbi-services.com 26 26.04.2012

Linux Containers

Page 27: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

Limited isolation against Host

Limitation on kernel version

Limited documentation

Good introduction blog on blogs.oracle.com

OS virtualization – Limited to Linux Guests

Not a mature technology, virtualization technology not certified for Oracle products

Core messages

www.dbi-services.com 27 26.04.2012

Linux Containers

Page 28: Linux Containers : dupliquer Linux à volonté - David Hueber - Grégory Steulet - dbi services

© dbi services

dbi services

Any Questions ? Please Do Ask !

28 26.04.2012 www.dbi-services.com

David Hueber

Senior Consultant

Head of Service Management

Grégory Steulet

Senior Consultant

Region Manager

„Enjoy Containers !“