SlideShare a Scribd company logo

CoreOS, or How I Learned to Stop Worrying and Love Systemd

Richard Lister
Richard Lister

Ric Lister presents patterns for running Docker in production on CoreOS, including a simple homogeneous operations cluster where sidekick units announce services in etcd and a reverse proxy discovers them, an etcd and workers pattern for low-traffic sites behind a load balancer, and an immutable servers pattern without etcd for high-traffic microservices with strict change control. He also discusses logging to ship container output off hosts, various monitoring options, alternative operating systems like RancherOS and Atomic, and scheduler options like Kubernetes, Mesos, and Deis.

1 of 48
Downloaded 42 times
CoreOS
or, How I Learned to Stop Worrying and Love Systemd or, some pragmatic patterns for running docker in production
Hello! I AM RIC LISTER director of devops at spree commerce @bnzmnzhnz github.com/rlister
open-source Spree complete open-source e-commerce for rails github.com/spree/spree 599 contributors 6181 stars
e-commerce platform Wombat connect any store to any service wombat.co
systemd Resistance is futile.
Docker frees us from the operating system No more dependency hell. Since the OS no longer needs to support our app, we can go minimalist. Which makes it easier to patch, and more secure.
What do we need? Some way to run containers: ◦ docker pull, start, stop, rm ◦ set environment variables ◦ restart policies ◦ capture output And an OS that can update itself in a sane way. And some orchestration …
CoreOS Originally based on ChromiumOS. Which is based on Gentoo. No packaging system. Well ... there is: docker.
orchestration
Atomic updates (Omaha) In the event of boot failure, rollback to A System running off read-only /usr on A OS update downloads to B, system reboots when ready *
Update strategies Before reboot host requests a global lock using magic. * By default one host per cluster can hold a reboot lock. Can turn off reboots. Define strategy in cloud-config: #cloud-config coreos: update: group: stable reboot-strategy: off * not actual magic
Release channels: choose your pain tolerance Stable Production clusters, all software tested in alpha and beta first. Beta Promoted alpha releases. Run a few beta hosts to catch problems early. Alpha Tracks dev and gets newest docker, etcd and fleet. Frequent releases. https://coreos.com/releases/
ETCD Open-source distributed key-value store. Uses Raft protocol (consensus). Provides shared configuration and service discovery.
Features of etcd Useful features like TTL, locks. Simple HTTP API. Read and write values with curl or etcdctl. Keys and values stored in directories like filesystem. Watch a key or directory for changes.
Setting up an etcd cluster Get a discovery token: $ curl https://discovery.etcd.io/new https://discovery.etcd.io/d88814387d940b36dbc2b4393c3d3a94 Boot 3 machines with cloud-config: #cloud-config coreos: etcd: discovery: https://discovery.etcd.io/d88814387d940b36dbc2b4393c3d3a94 addr: $private_ip4:4001 peer-addr: $private_ip4:7001 units: - name: etcd.service command: start
Using etcd keys set a key $ ssh 10.10.1.1 CoreOS stable (607.0.0) $ etcdctl set /foo "Hello world" Hello world $ curl -L -X PUT http://127.0.0.1:4001/v2/keys/bar -d value="Hello world" {"action":"set","node":{"key":"/bar","value":"Hello world","modifiedIndex": 42103694,"createdIndex":42103694}}
Using etcd keys get a key $ ssh 10.10.1.1 CoreOS stable (607.0.0) $ etcdctl get /foo Hello world $ curl -L http://127.0.0.1:4001/v2/keys/bar {"action":"get","node":{"key":"/bar","value":"Hello world","modifiedIndex": 40004310,"createdIndex":40004310}}
If you lose quorum the cluster may get split brain. • This cluster is finished. You must create a new one. • This is not cool. etcd gotchas Use an odd number of hosts. • Adding one to make an even number does not increase redundancy. Use Elastic IPs. • If an instance reboots with a new IP it may fail to rejoin the cluster.
… however, earlier today ...
FLEET Open-source distributed init system based on etcd. Think of it as cluster-wide systemd.
Setting up a fleet cluster Add fleet to the cloud-config #cloud-config coreos: etcd: discovery: https://discovery.etcd.io/d88814387d940b36dbc2b4393c3d3a94 addr: $private_ip4:4001 peer-addr: $private_ip4:7001 fleet: metadata: role=web,region=us-east-1,type=m3.medium units: - name: etcd.service command: start - name: fleet.service command: start
Using fleetctl List machines in cluster $ brew install fleetctl $ fleetctl -tunnel 10.10.1.1 list-machines MACHINE IP METADATA 148a18ff-6e95-4cd8-92da-c9de9bb90d5a 10.10.1.1 - 491586a6-508f-4583-a71d-bfc4d146e996 10.10.1.2 - c9de9451-6a6f-1d80-b7e6-46e996bfc4d1 10.10.1.3 -
Launching containers with fleet If a host goes down, fleet will reschedule units. Fleet submits systemd unit files to the cluster, using etcd as backing-store. Fleet-specific metadata controls scheduling of units.
Example unit [Unit] Description=Hello world After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker rm hello ExecStartPre=/usr/bin/docker pull busybox ExecStart=/usr/bin/docker run --name hello busybox /bin/sh -c "while true; do echo Hello World; sleep 1; done" ExecStop=/usr/bin/docker stop hello
Running our example unit Load and start the unit $ fleetctl -tunnel 10.10.1.1 start hello $ fleetctl -tunnel 10.10.1.1 list-units UNIT MACHINE ACTIVE SUB hello.service c9de9451.../10.10.1.3 active running $ fleetctl -tunnel 10.10.1.1 journal hello hello hello $ fleetctl -tunnel 10.10.1.1 destroy hello
Example global unit [Unit] Description=Hello world After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker rm hello ExecStartPre=/usr/bin/docker pull busybox ExecStart=/usr/bin/docker run --name hello busybox /bin/sh -c "while true; do echo Hello World; sleep 1; done" ExecStop=/usr/bin/docker stop hello [X-Fleet] MachineMetadata=region=us-east-1 Global=true Run on all instances with this fleet metadata
Running a global unit Load and start the unit $ fleetctl -tunnel 10.10.1.1 start hello $ fleetctl -tunnel 10.10.1.1 list-units UNIT MACHINE ACTIVE SUB hello.service 148a18ff.../10.10.1.1 active running hello.service 491586a6.../10.10.1.2 active running hello.service c9de9451.../10.10.1.3 active running $ fleetctl -tunnel 10.10.1.1 destroy hello
Fleet metadata Option Description Global Schedule on all units in the cluster MachineID Schedule to one specific machine MachineOf Limit to machines that are running specified unit MachineMetadata Limit to machines with specific metadata Conflicts Prevent from running on same machine as matching units
Start a specific number of units Refer to them in unit files using systemd templates. Create a unit file like: hello@.service Start specific instances named like: hello@1.service hello@2.service
Example template unit [Unit] Description=Hello world After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker rm hello ExecStartPre=/usr/bin/docker pull busybox ExecStart=/usr/bin/docker run --name hello busybox /bin/sh -c "while true; do echo Hello World; sleep 1; done" ExecStop=/usr/bin/docker stop hello [X-Fleet] Conflicts=hello@* Ensure there is only one of these on each instance
Running template units Start 2 instances $ fleetctl -tunnel 10.10.1.1 start hello@{1..2} $ fleetctl -tunnel 10.10.1.1 list-units UNIT MACHINE ACTIVE SUB hello@1.service c9de9451.../10.10.1.3 active running hello@2.service c9de9451.../10.10.1.1 active running $ fleetctl -tunnel 10.10.1.1 journal hello@1 hello hello
To change a unit definition, you must destroy and restart it. • For global units this means the whole cluster. • Which means downtime. fleet gotchas Fleet does not do resource-based scheduling. • Intended as a low-level system to build more advanced systems on. When moving units around you must do discovery to route traffic. • For example sidekick patterns and etcd-aware proxies.
puppy break Any questions so far?
PATTERNS How can I use CoreOS for real? Here are three patterns I use in production today ...
Simple homogeneous ops cluster This is the most textbook “toy” cluster you will see in CoreOS docs. It is suitable for all those random little internal tools that can tolerate brief downtime. 1
Small cluster Long-lived hosts run etcd. Submit app to cluster, sidekick announces app. Reverse proxy discovers app host from etcd.
Sidekick units When app goes down, sidekick removes key from etcd. Sidekick unit sets etcd key for app container host:port when app starts. Write your own, calling etcdctl, or use something like github. com/gliderlabs/registrator Reverse proxy or load-balancer container listens for changes in etcd keys. Reconfigures to proxy to app host:port. Write config files with github. com/kelseyhightower/confd, or use etcd-specific proxy like github.com/mailgun/vulcand
Etcd + workers Great for low-traffic websites that need a couple of instances behind a load-balancer. Works well with autoscaling. 2
Etcd + workers Elastic workers connect to etcd cluster and discover their units based on fleet metadata. Works well with autoscaling + ELB.
Immutable servers with no etcd We use this for a high-traffic cluster of micro-services that demands very high availability and strict change control. Systemd units are hard-coded into cloud-config with user- data. Demands some orchestration such as autoscaling groups. 3
Do not do OS updates. Deploy code or OS update by changing launch config and replacing all hosts. Immutable servers with no etcd No etcd, no cluster. Workers spun up by autoscaling. Hard-code systemd units in launch config.
Logs Get ‘em off the host ASAP. github.com/gliderlabs/logspout is a tiny docker container that ships all other container output to udp/514. Send to logstash/splunk/papertrail ...
Monitoring ◦ AWS cloudwatch ◦ newrelic for apps ◦ newrelic-sysmond for instances ◦ … but it doesn’t understand cgroups ◦ datadog has better container support ◦ cadvisor presents container stats over http
Alternative operating systems RancherOS: no systemd … system docker runs at PID 1: runs user docker container containing app containers RedHat Project Atomic: rpm-ostree merges updates to read-only /usr and /var Ubuntu Snappy Core: transactional updates with snappy packages.
Schedulers Fleet is intentionally simple. Build on it for more sophistication: ◦ Google’s Kubernetes ◦ Apache Mesos/Marathon ◦ paz.sh … PaaS based-on CoreOS ◦ Deis … private heroku-like on CoreOS It seems like something new pops up every day at the moment ...
ok, I’m done Any questions?
Place your screenshot here We’re hiring DevOps Ruby dev UI/UX design Product
Ad

Recommended

Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jérôme Petazzoni
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Jérôme Petazzoni
 
LXC
LXCLXC
LXC
Wu Fan-Cheng
 
Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7
Etsuji Nakai
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Boden Russell
 
Docker - container and lightweight virtualization
Docker - container and lightweight virtualization Docker - container and lightweight virtualization
Docker - container and lightweight virtualization
Sim Janghoon
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)
Dobrica Pavlinušić
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
Jérôme Petazzoni
 
An Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersAn Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux Containers
Kento Aoyama
 
Docker storage drivers by Jérôme Petazzoni
Docker storage drivers by Jérôme PetazzoniDocker storage drivers by Jérôme Petazzoni
Docker storage drivers by Jérôme Petazzoni
Docker, Inc.
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
Boden Russell
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
Boden Russell
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
joshuasoundcloud
 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?
Docker, Inc.
 
Docker Container: isolation and security
Docker Container: isolation and securityDocker Container: isolation and security
Docker Container: isolation and security
宇 傅
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security Paradigm
Anis LARGUEM
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
Imesh Gunaratne
 
Containers are the future of the Cloud
Containers are the future of the CloudContainers are the future of the Cloud
Containers are the future of the Cloud
Pavel Odintsov
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespaces
Locaweb
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
Neeraj Shrimali
 
Container Torture: Run any binary, in any container
Container Torture: Run any binary, in any containerContainer Torture: Run any binary, in any container
Container Torture: Run any binary, in any container
Docker, Inc.
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
allingeek
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)
Boden Russell
 
Linux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSLinux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPS
joshuasoundcloud
 
Making Your Capistrano Recipe Book
Making Your Capistrano Recipe BookMaking Your Capistrano Recipe Book
Making Your Capistrano Recipe Book
Tim Riley
 
Effective service and resource management with systemd
Effective service and resource management with systemdEffective service and resource management with systemd
Effective service and resource management with systemd
David Timothy Strauss
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
Kernel TLV
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
Gábor Nyers
 
SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...
SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...
SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...
Michael Noel
 
Craig Kerstiens - Scalable Uniques in Postgres @ Postgres Open
Craig Kerstiens - Scalable Uniques in Postgres @ Postgres OpenCraig Kerstiens - Scalable Uniques in Postgres @ Postgres Open
Craig Kerstiens - Scalable Uniques in Postgres @ Postgres Open
PostgresOpen
 
Ad

More Related Content

What's hot (20)

An Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersAn Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux Containers
Kento Aoyama
 
Docker storage drivers by Jérôme Petazzoni
Docker storage drivers by Jérôme PetazzoniDocker storage drivers by Jérôme Petazzoni
Docker storage drivers by Jérôme Petazzoni
Docker, Inc.
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
Boden Russell
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
Boden Russell
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
joshuasoundcloud
 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?
Docker, Inc.
 
Docker Container: isolation and security
Docker Container: isolation and securityDocker Container: isolation and security
Docker Container: isolation and security
宇 傅
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security Paradigm
Anis LARGUEM
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
Imesh Gunaratne
 
Containers are the future of the Cloud
Containers are the future of the CloudContainers are the future of the Cloud
Containers are the future of the Cloud
Pavel Odintsov
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespaces
Locaweb
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
Neeraj Shrimali
 
Container Torture: Run any binary, in any container
Container Torture: Run any binary, in any containerContainer Torture: Run any binary, in any container
Container Torture: Run any binary, in any container
Docker, Inc.
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
allingeek
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)
Boden Russell
 
Linux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSLinux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPS
joshuasoundcloud
 
Making Your Capistrano Recipe Book
Making Your Capistrano Recipe BookMaking Your Capistrano Recipe Book
Making Your Capistrano Recipe Book
Tim Riley
 
Effective service and resource management with systemd
Effective service and resource management with systemdEffective service and resource management with systemd
Effective service and resource management with systemd
David Timothy Strauss
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
Kernel TLV
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
Gábor Nyers
 
An Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersAn Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux Containers
Kento Aoyama
 
Docker storage drivers by Jérôme Petazzoni
Docker storage drivers by Jérôme PetazzoniDocker storage drivers by Jérôme Petazzoni
Docker storage drivers by Jérôme Petazzoni
Docker, Inc.
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
Boden Russell
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
Boden Russell
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
joshuasoundcloud
 
Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?Cgroups, namespaces and beyond: what are containers made from?
Cgroups, namespaces and beyond: what are containers made from?
Docker, Inc.
 
Docker Container: isolation and security
Docker Container: isolation and securityDocker Container: isolation and security
Docker Container: isolation and security
宇 傅
 
Docker Security Paradigm
Docker Security ParadigmDocker Security Paradigm
Docker Security Paradigm
Anis LARGUEM
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
Imesh Gunaratne
 
Containers are the future of the Cloud
Containers are the future of the CloudContainers are the future of the Cloud
Containers are the future of the Cloud
Pavel Odintsov
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespaces
Locaweb
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
Neeraj Shrimali
 
Container Torture: Run any binary, in any container
Container Torture: Run any binary, in any containerContainer Torture: Run any binary, in any container
Container Torture: Run any binary, in any container
Docker, Inc.
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
allingeek
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)
Boden Russell
 
Linux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPSLinux Containers From Scratch: Makfile MicroVPS
Linux Containers From Scratch: Makfile MicroVPS
joshuasoundcloud
 
Making Your Capistrano Recipe Book
Making Your Capistrano Recipe BookMaking Your Capistrano Recipe Book
Making Your Capistrano Recipe Book
Tim Riley
 
Effective service and resource management with systemd
Effective service and resource management with systemdEffective service and resource management with systemd
Effective service and resource management with systemd
David Timothy Strauss
 
Namespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containersNamespaces and cgroups - the basis of Linux containers
Namespaces and cgroups - the basis of Linux containers
Kernel TLV
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
Gábor Nyers
 

Viewers also liked (20)

SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...
SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...
SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...
Michael Noel
 
Craig Kerstiens - Scalable Uniques in Postgres @ Postgres Open
Craig Kerstiens - Scalable Uniques in Postgres @ Postgres OpenCraig Kerstiens - Scalable Uniques in Postgres @ Postgres Open
Craig Kerstiens - Scalable Uniques in Postgres @ Postgres Open
PostgresOpen
 
xPad - Building Simple Tablet OS with Gtk/WebKit
xPad - Building Simple Tablet OS with Gtk/WebKitxPad - Building Simple Tablet OS with Gtk/WebKit
xPad - Building Simple Tablet OS with Gtk/WebKit
Ping-Hsun Chen
 
Ari xivo astricon_2016
Ari xivo astricon_2016Ari xivo astricon_2016
Ari xivo astricon_2016
Sylvain Boily
 
WEIGHT MANAGEMENT Do it yourself Motivation and Tips
WEIGHT MANAGEMENT Do it yourself Motivation and TipsWEIGHT MANAGEMENT Do it yourself Motivation and Tips
WEIGHT MANAGEMENT Do it yourself Motivation and Tips
Ryan Fernando
 
Useful PostgreSQL Extensions
Useful PostgreSQL ExtensionsUseful PostgreSQL Extensions
Useful PostgreSQL Extensions
EDB
 
Architectures for High Availability - QConSF
Architectures for High Availability - QConSFArchitectures for High Availability - QConSF
Architectures for High Availability - QConSF
Adrian Cockcroft
 
Fabric, Cuisine and Watchdog for server administration in Python
Fabric, Cuisine and Watchdog for server administration in PythonFabric, Cuisine and Watchdog for server administration in Python
Fabric, Cuisine and Watchdog for server administration in Python
FFunction inc
 
KazooCon 2014 - Kazoo Scalability
KazooCon 2014 - Kazoo ScalabilityKazooCon 2014 - Kazoo Scalability
KazooCon 2014 - Kazoo Scalability
2600Hz
 
Introduction to Kafka Streams
Introduction to Kafka StreamsIntroduction to Kafka Streams
Introduction to Kafka Streams
Guozhang Wang
 
Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installations
Olle E Johansson
 
Performance optimization 101 - Erlang Factory SF 2014
Performance optimization 101 - Erlang Factory SF 2014Performance optimization 101 - Erlang Factory SF 2014
Performance optimization 101 - Erlang Factory SF 2014
lpgauth
 
The difference between advertising and marketing
The difference between advertising and marketingThe difference between advertising and marketing
The difference between advertising and marketing
Shahid Sherazi
 
Baby shower recipes
Baby shower recipesBaby shower recipes
Baby shower recipes
chandrahasnaik
 
Mamamama
MamamamaMamamama
Mamamama
prashantgla
 
Project presentation
Project presentationProject presentation
Project presentation
dunny205
 
Cotage industry
Cotage industryCotage industry
Cotage industry
Shahid Sherazi
 
Lte
LteLte
Lte
testportal
 
Best kitchen knives
Best kitchen knivesBest kitchen knives
Best kitchen knives
bestkit3
 
Livestock
LivestockLivestock
Livestock
Shahid Sherazi
 
SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...
SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...
SharePoint 2010 High Availability and Disaster Recovery - SharePoint Connecti...
Michael Noel
 
Craig Kerstiens - Scalable Uniques in Postgres @ Postgres Open
Craig Kerstiens - Scalable Uniques in Postgres @ Postgres OpenCraig Kerstiens - Scalable Uniques in Postgres @ Postgres Open
Craig Kerstiens - Scalable Uniques in Postgres @ Postgres Open
PostgresOpen
 
xPad - Building Simple Tablet OS with Gtk/WebKit
xPad - Building Simple Tablet OS with Gtk/WebKitxPad - Building Simple Tablet OS with Gtk/WebKit
xPad - Building Simple Tablet OS with Gtk/WebKit
Ping-Hsun Chen
 
Ari xivo astricon_2016
Ari xivo astricon_2016Ari xivo astricon_2016
Ari xivo astricon_2016
Sylvain Boily
 
WEIGHT MANAGEMENT Do it yourself Motivation and Tips
WEIGHT MANAGEMENT Do it yourself Motivation and TipsWEIGHT MANAGEMENT Do it yourself Motivation and Tips
WEIGHT MANAGEMENT Do it yourself Motivation and Tips
Ryan Fernando
 
Useful PostgreSQL Extensions
Useful PostgreSQL ExtensionsUseful PostgreSQL Extensions
Useful PostgreSQL Extensions
EDB
 
Architectures for High Availability - QConSF
Architectures for High Availability - QConSFArchitectures for High Availability - QConSF
Architectures for High Availability - QConSF
Adrian Cockcroft
 
Fabric, Cuisine and Watchdog for server administration in Python
Fabric, Cuisine and Watchdog for server administration in PythonFabric, Cuisine and Watchdog for server administration in Python
Fabric, Cuisine and Watchdog for server administration in Python
FFunction inc
 
KazooCon 2014 - Kazoo Scalability
KazooCon 2014 - Kazoo ScalabilityKazooCon 2014 - Kazoo Scalability
KazooCon 2014 - Kazoo Scalability
2600Hz
 
Introduction to Kafka Streams
Introduction to Kafka StreamsIntroduction to Kafka Streams
Introduction to Kafka Streams
Guozhang Wang
 
Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installations
Olle E Johansson
 
Performance optimization 101 - Erlang Factory SF 2014
Performance optimization 101 - Erlang Factory SF 2014Performance optimization 101 - Erlang Factory SF 2014
Performance optimization 101 - Erlang Factory SF 2014
lpgauth
 
The difference between advertising and marketing
The difference between advertising and marketingThe difference between advertising and marketing
The difference between advertising and marketing
Shahid Sherazi
 
Baby shower recipes
Baby shower recipesBaby shower recipes
Baby shower recipes
chandrahasnaik
 
Mamamama
MamamamaMamamama
Mamamama
prashantgla
 
Project presentation
Project presentationProject presentation
Project presentation
dunny205
 
Cotage industry
Cotage industryCotage industry
Cotage industry
Shahid Sherazi
 
Lte
LteLte
Lte
testportal
 
Best kitchen knives
Best kitchen knivesBest kitchen knives
Best kitchen knives
bestkit3
 
Livestock
LivestockLivestock
Livestock
Shahid Sherazi
 
Ad

Similar to CoreOS, or How I Learned to Stop Worrying and Love Systemd (20)

Karl Grzeszczak: September Docker Presentation at Mediafly
Karl Grzeszczak: September Docker Presentation at MediaflyKarl Grzeszczak: September Docker Presentation at Mediafly
Karl Grzeszczak: September Docker Presentation at Mediafly
Mediafly
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
Ben Hall
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
Matt Ray
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Yevgeniy Brikman
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
miguel dominguez
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
MortazaJohari
 
An Ensemble Core with Docker - Solving a Real Pain in the PaaS
An Ensemble Core with Docker - Solving a Real Pain in the PaaS An Ensemble Core with Docker - Solving a Real Pain in the PaaS
An Ensemble Core with Docker - Solving a Real Pain in the PaaS
Erik Osterman
 
One-Man Ops
One-Man OpsOne-Man Ops
One-Man Ops
Jos Boumans
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
Paul Czarkowski
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
PROIDEA
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
Edwin Beekman
 
A Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy SystemA Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy System
adrian_nye
 
Book
BookBook
Book
luis_lmro
 
DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)
Soshi Nemoto
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group Cologne
D
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
Gianluca Arbezzano Wordpress: gestione delle installazioni e scalabilità con ...
Gianluca Arbezzano Wordpress: gestione delle installazioni e scalabilità con ...Gianluca Arbezzano Wordpress: gestione delle installazioni e scalabilità con ...
Gianluca Arbezzano Wordpress: gestione delle installazioni e scalabilità con ...
Codemotion
 
TIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containersTIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containers
The Incredible Automation Day
 
Harmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and PuppetHarmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and Puppet
Achieve Internet
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
William Stewart
 
Karl Grzeszczak: September Docker Presentation at Mediafly
Karl Grzeszczak: September Docker Presentation at MediaflyKarl Grzeszczak: September Docker Presentation at Mediafly
Karl Grzeszczak: September Docker Presentation at Mediafly
Mediafly
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
Ben Hall
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
Matt Ray
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Yevgeniy Brikman
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
miguel dominguez
 
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
MortazaJohari
 
An Ensemble Core with Docker - Solving a Real Pain in the PaaS
An Ensemble Core with Docker - Solving a Real Pain in the PaaS An Ensemble Core with Docker - Solving a Real Pain in the PaaS
An Ensemble Core with Docker - Solving a Real Pain in the PaaS
Erik Osterman
 
One-Man Ops
One-Man OpsOne-Man Ops
One-Man Ops
Jos Boumans
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
Paul Czarkowski
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
PROIDEA
 
Network Automation Tools
Network Automation ToolsNetwork Automation Tools
Network Automation Tools
Edwin Beekman
 
A Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy SystemA Fabric/Puppet Build/Deploy System
A Fabric/Puppet Build/Deploy System
adrian_nye
 
Book
BookBook
Book
luis_lmro
 
DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)DevOps(4) : Ansible(2) - (MOSG)
DevOps(4) : Ansible(2) - (MOSG)
Soshi Nemoto
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group Cologne
D
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
Gianluca Arbezzano Wordpress: gestione delle installazioni e scalabilità con ...
Gianluca Arbezzano Wordpress: gestione delle installazioni e scalabilità con ...Gianluca Arbezzano Wordpress: gestione delle installazioni e scalabilità con ...
Gianluca Arbezzano Wordpress: gestione delle installazioni e scalabilità con ...
Codemotion
 
TIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containersTIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containers
The Incredible Automation Day
 
Harmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and PuppetHarmonious Development: Via Vagrant and Puppet
Harmonious Development: Via Vagrant and Puppet
Achieve Internet
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
William Stewart
 
Ad

Recently uploaded (20)

Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdfMicrosoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
TechSoup
 
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)
sh607827
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
Andre Hora
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
University of Hawai‘i at Mānoa
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and CollaborateMeet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Maxim Salnikov
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxTop 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docx
Portli
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
steaveroggers
 
The Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdfThe Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdf
drewplanas10
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdfMicrosoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
TechSoup
 
WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)WinRAR Crack for Windows (100% Working 2025)
WinRAR Crack for Windows (100% Working 2025)
sh607827
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
Andre Hora
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
Exploring Code Comprehension in Scientific Programming: Preliminary Insight...
University of Hawai‘i at Mānoa
 
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxKubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptx
CloudScouts
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and CollaborateMeet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Meet the Agents: How AI Is Learning to Think, Plan, and Collaborate
Maxim Salnikov
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxTop 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docx
Portli
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
How to Batch Export Lotus Notes NSF Emails to Outlook PST Easily?
steaveroggers
 
The Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdfThe Significance of Hardware in Information Systems.pdf
The Significance of Hardware in Information Systems.pdf
drewplanas10
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeDouwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License code
aneelaramzan63
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 

CoreOS, or How I Learned to Stop Worrying and Love Systemd

  • 2. or, How I Learned to Stop Worrying and Love Systemd or, some pragmatic patterns for running docker in production
  • 3. Hello! I AM RIC LISTER director of devops at spree commerce @bnzmnzhnz github.com/rlister
  • 4. open-source Spree complete open-source e-commerce for rails github.com/spree/spree 599 contributors 6181 stars
  • 5. e-commerce platform Wombat connect any store to any service wombat.co
  • 7. Docker frees us from the operating system No more dependency hell. Since the OS no longer needs to support our app, we can go minimalist. Which makes it easier to patch, and more secure.
  • 8. What do we need? Some way to run containers: ◦ docker pull, start, stop, rm ◦ set environment variables ◦ restart policies ◦ capture output And an OS that can update itself in a sane way. And some orchestration …
  • 9. CoreOS Originally based on ChromiumOS. Which is based on Gentoo. No packaging system. Well ... there is: docker.
  • 11. Atomic updates (Omaha) In the event of boot failure, rollback to A System running off read-only /usr on A OS update downloads to B, system reboots when ready *
  • 12. Update strategies Before reboot host requests a global lock using magic. * By default one host per cluster can hold a reboot lock. Can turn off reboots. Define strategy in cloud-config: #cloud-config coreos: update: group: stable reboot-strategy: off * not actual magic
  • 13. Release channels: choose your pain tolerance Stable Production clusters, all software tested in alpha and beta first. Beta Promoted alpha releases. Run a few beta hosts to catch problems early. Alpha Tracks dev and gets newest docker, etcd and fleet. Frequent releases. https://coreos.com/releases/
  • 14. ETCD Open-source distributed key-value store. Uses Raft protocol (consensus). Provides shared configuration and service discovery.
  • 15. Features of etcd Useful features like TTL, locks. Simple HTTP API. Read and write values with curl or etcdctl. Keys and values stored in directories like filesystem. Watch a key or directory for changes.
  • 16. Setting up an etcd cluster Get a discovery token: $ curl https://discovery.etcd.io/new https://discovery.etcd.io/d88814387d940b36dbc2b4393c3d3a94 Boot 3 machines with cloud-config: #cloud-config coreos: etcd: discovery: https://discovery.etcd.io/d88814387d940b36dbc2b4393c3d3a94 addr: $private_ip4:4001 peer-addr: $private_ip4:7001 units: - name: etcd.service command: start
  • 17. Using etcd keys set a key $ ssh 10.10.1.1 CoreOS stable (607.0.0) $ etcdctl set /foo "Hello world" Hello world $ curl -L -X PUT http://127.0.0.1:4001/v2/keys/bar -d value="Hello world" {"action":"set","node":{"key":"/bar","value":"Hello world","modifiedIndex": 42103694,"createdIndex":42103694}}
  • 18. Using etcd keys get a key $ ssh 10.10.1.1 CoreOS stable (607.0.0) $ etcdctl get /foo Hello world $ curl -L http://127.0.0.1:4001/v2/keys/bar {"action":"get","node":{"key":"/bar","value":"Hello world","modifiedIndex": 40004310,"createdIndex":40004310}}
  • 19. If you lose quorum the cluster may get split brain. • This cluster is finished. You must create a new one. • This is not cool. etcd gotchas Use an odd number of hosts. • Adding one to make an even number does not increase redundancy. Use Elastic IPs. • If an instance reboots with a new IP it may fail to rejoin the cluster.
  • 20. … however, earlier today ...
  • 21. FLEET Open-source distributed init system based on etcd. Think of it as cluster-wide systemd.
  • 22. Setting up a fleet cluster Add fleet to the cloud-config #cloud-config coreos: etcd: discovery: https://discovery.etcd.io/d88814387d940b36dbc2b4393c3d3a94 addr: $private_ip4:4001 peer-addr: $private_ip4:7001 fleet: metadata: role=web,region=us-east-1,type=m3.medium units: - name: etcd.service command: start - name: fleet.service command: start
  • 23. Using fleetctl List machines in cluster $ brew install fleetctl $ fleetctl -tunnel 10.10.1.1 list-machines MACHINE IP METADATA 148a18ff-6e95-4cd8-92da-c9de9bb90d5a 10.10.1.1 - 491586a6-508f-4583-a71d-bfc4d146e996 10.10.1.2 - c9de9451-6a6f-1d80-b7e6-46e996bfc4d1 10.10.1.3 -
  • 24. Launching containers with fleet If a host goes down, fleet will reschedule units. Fleet submits systemd unit files to the cluster, using etcd as backing-store. Fleet-specific metadata controls scheduling of units.
  • 25. Example unit [Unit] Description=Hello world After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker rm hello ExecStartPre=/usr/bin/docker pull busybox ExecStart=/usr/bin/docker run --name hello busybox /bin/sh -c "while true; do echo Hello World; sleep 1; done" ExecStop=/usr/bin/docker stop hello
  • 26. Running our example unit Load and start the unit $ fleetctl -tunnel 10.10.1.1 start hello $ fleetctl -tunnel 10.10.1.1 list-units UNIT MACHINE ACTIVE SUB hello.service c9de9451.../10.10.1.3 active running $ fleetctl -tunnel 10.10.1.1 journal hello hello hello $ fleetctl -tunnel 10.10.1.1 destroy hello
  • 27. Example global unit [Unit] Description=Hello world After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker rm hello ExecStartPre=/usr/bin/docker pull busybox ExecStart=/usr/bin/docker run --name hello busybox /bin/sh -c "while true; do echo Hello World; sleep 1; done" ExecStop=/usr/bin/docker stop hello [X-Fleet] MachineMetadata=region=us-east-1 Global=true Run on all instances with this fleet metadata
  • 28. Running a global unit Load and start the unit $ fleetctl -tunnel 10.10.1.1 start hello $ fleetctl -tunnel 10.10.1.1 list-units UNIT MACHINE ACTIVE SUB hello.service 148a18ff.../10.10.1.1 active running hello.service 491586a6.../10.10.1.2 active running hello.service c9de9451.../10.10.1.3 active running $ fleetctl -tunnel 10.10.1.1 destroy hello
  • 29. Fleet metadata Option Description Global Schedule on all units in the cluster MachineID Schedule to one specific machine MachineOf Limit to machines that are running specified unit MachineMetadata Limit to machines with specific metadata Conflicts Prevent from running on same machine as matching units
  • 30. Start a specific number of units Refer to them in unit files using systemd templates. Create a unit file like: [email protected] Start specific instances named like: [email protected] [email protected]
  • 31. Example template unit [Unit] Description=Hello world After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker rm hello ExecStartPre=/usr/bin/docker pull busybox ExecStart=/usr/bin/docker run --name hello busybox /bin/sh -c "while true; do echo Hello World; sleep 1; done" ExecStop=/usr/bin/docker stop hello [X-Fleet] Conflicts=hello@* Ensure there is only one of these on each instance
  • 32. Running template units Start 2 instances $ fleetctl -tunnel 10.10.1.1 start hello@{1..2} $ fleetctl -tunnel 10.10.1.1 list-units UNIT MACHINE ACTIVE SUB [email protected] c9de9451.../10.10.1.3 active running [email protected] c9de9451.../10.10.1.1 active running $ fleetctl -tunnel 10.10.1.1 journal hello@1 hello hello
  • 33. To change a unit definition, you must destroy and restart it. • For global units this means the whole cluster. • Which means downtime. fleet gotchas Fleet does not do resource-based scheduling. • Intended as a low-level system to build more advanced systems on. When moving units around you must do discovery to route traffic. • For example sidekick patterns and etcd-aware proxies.
  • 35. PATTERNS How can I use CoreOS for real? Here are three patterns I use in production today ...
  • 36. Simple homogeneous ops cluster This is the most textbook “toy” cluster you will see in CoreOS docs. It is suitable for all those random little internal tools that can tolerate brief downtime. 1
  • 37. Small cluster Long-lived hosts run etcd. Submit app to cluster, sidekick announces app. Reverse proxy discovers app host from etcd.
  • 38. Sidekick units When app goes down, sidekick removes key from etcd. Sidekick unit sets etcd key for app container host:port when app starts. Write your own, calling etcdctl, or use something like github. com/gliderlabs/registrator Reverse proxy or load-balancer container listens for changes in etcd keys. Reconfigures to proxy to app host:port. Write config files with github. com/kelseyhightower/confd, or use etcd-specific proxy like github.com/mailgun/vulcand
  • 39. Etcd + workers Great for low-traffic websites that need a couple of instances behind a load-balancer. Works well with autoscaling. 2
  • 40. Etcd + workers Elastic workers connect to etcd cluster and discover their units based on fleet metadata. Works well with autoscaling + ELB.
  • 41. Immutable servers with no etcd We use this for a high-traffic cluster of micro-services that demands very high availability and strict change control. Systemd units are hard-coded into cloud-config with user- data. Demands some orchestration such as autoscaling groups. 3
  • 42. Do not do OS updates. Deploy code or OS update by changing launch config and replacing all hosts. Immutable servers with no etcd No etcd, no cluster. Workers spun up by autoscaling. Hard-code systemd units in launch config.
  • 43. Logs Get ‘em off the host ASAP. github.com/gliderlabs/logspout is a tiny docker container that ships all other container output to udp/514. Send to logstash/splunk/papertrail ...
  • 44. Monitoring ◦ AWS cloudwatch ◦ newrelic for apps ◦ newrelic-sysmond for instances ◦ … but it doesn’t understand cgroups ◦ datadog has better container support ◦ cadvisor presents container stats over http
  • 45. Alternative operating systems RancherOS: no systemd … system docker runs at PID 1: runs user docker container containing app containers RedHat Project Atomic: rpm-ostree merges updates to read-only /usr and /var Ubuntu Snappy Core: transactional updates with snappy packages.
  • 46. Schedulers Fleet is intentionally simple. Build on it for more sophistication: ◦ Google’s Kubernetes ◦ Apache Mesos/Marathon ◦ paz.sh … PaaS based-on CoreOS ◦ Deis … private heroku-like on CoreOS It seems like something new pops up every day at the moment ...
  • 47. ok, I’m done Any questions?
  • 48. Place your screenshot here We’re hiring DevOps Ruby dev UI/UX design Product