SlideShare una empresa de Scribd logo

Java in containers

Martin Baez
Martin Baez

Running Java in Containers, tips and tricks.

Software
1 de 30
Descargar para leer sin conexión
¡Bienvenidos !
Java in containers And a little bit about Container Internals Martín Baez
SOBRE MÍ Nombre: Martín Báez Nacionalidad: Argentino Profesión: Technical Leader Especialidad: Java backend / Software Architecture FOTO ORADOR
Limiting resources in Linux
Limiting process resources in Linux - chroot ● chroot: It is an operation that changes the apparent root directory for the current running process and their children. A program that is run in such a modified environment cannot access files and commands outside that environmental directory tree. This modified environment is called a chroot jail.  •  It is a way to isolate apps • Change the process directory root • chroot /path/to/newRootDir • Deboostrap • A simple tool to install a bases debian system in any subdirectory • https://wiki.debian.org/Debootstrap Martín Baez Debooststrap example # mkdir /stable-chroot # debootstrap stable /stable-chroot http://deb.debian.org/debian/
Limiting process resources in Linux - cgroups ● cgroups •  Started in 2006  with the name “process containers”(Paul Menage and Rohit Seth) • Included in Linux Kernel when version 2.6.24 was released • "Cgroups allow you to allocate resources — such as CPU time, system memory, network bandwidth, or combinations of these resources — among user-defined groups of tasks (processes) running on a system" • All processes on a Linux system are child processes of a common parent: the init process(or systemd), which is executed by the kernel at boot time and starts other processes (which may in turn start child processes of their own). Because all processes descend from a single parent, the Linux process model is a single hierarchy, or tree. • Additionally, every Linux process except init inherits the environment (such as the PATH variable) • Many different hierarchies of cgroups can exist simultaneously on a system. If the Linux process model is a single tree of processes, then the cgroup model is one or more separate, unconnected trees of tasks (i.e. processes). • Martín Baez
Limiting process resources in Linux – cgroups(cont.) ● cgroup model • each hierarchy is attached to one or more subsystems.  • A subsystem represents a single resource ● cgroup subsystems • cpu • To provide cgroup tasks access to the CPU. • memory • Sets limits on memory use by tasks in a cgroup • devices •  Allows or denies access to devices by tasks in a cgroup. • ns • Namespaces subsystem • Others • Freezer, net_cls,net_prio,perf_event Martín Baez
Limiting process resources in Linux – cgroups(Example) • Let's create two groups: • Assing 70% cpu time to one cgroup(red) • Assing 70% cpu time to the other(blue) We will create two cgroups in cpu subsystem: cpu_high and cpu_low # mkdir /sys/fs/cgroup/cpu/cpu_high # mkdir /sys/fs/cgroup/cpu/cpu_low cgroup cpu_high:70% of CPU time and  cpu_low will get 30% cput time # echo 717 > /sys/fs/cgroup/cpu/cpu_high/cpu.shares # echo 307 > /sys/fs/cgroup/cpu/cpu_low/cpu.shares taskset command allow us to attach a process to a core. # taskset -c 0 xterm -bg blue & # taskset -c 0 xterm -bg red & Martín Baez
Limiting process resources in Linux – cgroups(Example) Martín Baez $ echo $$ > /sys/fs/cgroup/cpu/cpu_high/cgroup.procs $ md5sum /dev/urandom & $ echo $$ > /sys/fs/cgroup/cpu/cpu_low/cgroup.procs $ md5sum /dev/urandom &
Limiting process resources in Linux – Namespaces ●  They allow for isolation of global system resources between independent processes.  For example, the PID namespace isolates the PID number space. This means that two processes running on the same host can have the same PID! ● Without namespaces, a process running in container A could, for example, umount an important filesystem in container B. ● The idea is that you can't interfere with something if it’s not visible to you. Martín Baez
GNU Linux Tools /proc virtual file system ●  The /proc filesystem contains a illusionary filesystem. It does not exist on a disk. Instead, the kernel creates it in memory. It is used to provide information about the system. ● $ man proc ● /proc/1 ● /proc/cpuinfo ● /proc/meminfo ● /proc/stat ● There are many commands that do little more than read the above files and format them for easier understanding ● top ● ps ● free Some System calls collect information from the environment in GNU Linux Martín Baez
Containers
Containers – Motivation (from the dev part of devops) ● You don’t need to install a bunch of language environments on your system. You can simply run the ruby / python / java application inside docker. ● Consistent development environments for the entire team. ● Different versions of same programming language without having to hack arounds your machine. ● Think of many jvm version and vendors in you laptop(JAVA_HOME, PATH....) ● If it runs in your container, it will run on your Linux server ● If you’re having a hard time building / compiling the application code, then build it inside Docker ● https://cloud.google.com/containers/ Martín Baez
Containers – They are not a new idea ● Linux Containers(LXC) ● Solaris Zones  ● BSD Jails  ● Docker ● Based on LXC in the past (actually it has its ows libraries -> libcontainer)   ● OpenVZ ● Heroku ● Awesome! :) Martín Baez
Containers – What they are ● Instead of virtualizing the hardware stack as with the virtual machines approach, containers virtualize at the operating. ● "Containers are a method of operating system virtualization that allow you to run an application and its dependencies in resource-isolated processes" (Amazon) ● This means that containers are far more lightweight: they share the OS kernel, start much faster, and use a fraction of the memory compared to booting an entire OS. ● Docker is the most popular, open-source container format. ● Benefits  Consistent Environment  Run Anywhere  Isolation Martín Baez
Containers vs VMs ● Own network space ● Own network interface ● Can install packages ● Can run processes ● Can be packaged into images They are not VMS at all Martín Baez
Containers – Example  lxc: # ls -l /usr/share/lxc/templates/ # lxc-create -t /usr/share/lxc/templates/lxc-alpine -n lxc-alpine # lxc-start -n lxc-alpine # lxc-attach -n lxc-alpine  # lxc-stop -n lxc-apline   It is possible to run docker on lxc.  In the past docker was based on lxcMartín Baez
Containers – How they work? ● In general, Containers running on Linux makes use of kernel namespaces to provide the isolated workspace called the container.  ● When you run a container, Docker creates a set of namespaces for that container. These namespaces provide a layer of isolation.       PID namespace for process isolation.      NET namespace for managing network interfaces.      IPC namespace for managing access to IPC resources.      MNT namespace for managing filesystem mount points.      UTS namespace for isolating kernel and version identifiers. ● They also makes use of kernel control groups for resource allocation and isolation. A cgroup limits an application to a specific set of resources. Martín Baez
Limiting Containers resources(Docker) ● Docker  Memory  -m / --memory  --memory-swap  If --memory and --memory-swap are set to the same value, this prevents containers from using any swap  CPU  --cpus  --cpus="1.5", the container is guaranteed at most one and a half of the CPUs  Realtime scheduler https://docs.docker.com/config/containers/resource_constraints / Martín Baez
GNU Linux Tools in Docker Important Issues: ● $ docker run -it -m 512m  centos  bash ● [root@aba9f6744c3f /]# top ● [root@aba9f6744c3f /]# free –m ● [root@aba9f6744c3f /]# lscpu ● /proc/meminfo, /proc/vmstat and friends are not not cgroup-aware ● They will always display memory numbers from the host system ● Processes inside a container can not rely on free, top and others to determine how much memory they have to work with ● Auto-scaling is usually a function of how much memory is available INSIDE the container(this information needs to be accessible from inside the container).
Java ergonomics The JVM provides platform-dependent default selections for the garbage collector, heap size, and runtime compiler.  ● Java processes in Linux don’t behave as expected  Java ergonomics  “Ergonomics is the process by which the Java Virtual Machine (JVM) and garbage collection tuning, such as behavior-based tuning, improve application performance.”   The JVM provides platform-dependent default selections for the garbage collector, heap size, and runtime compiler.”. ● Garbage Collector, Heap, and Runtime Compiler Default Selections  A class of machine referred to as a server-class machine has been defined as a machine with the following:  2 or more physical processors   2 or more GB of physical memory  On server-class machines, the following are selected by default: Throughput garbage collector,v Initial heap size of 1/64 of physical memory up to 1 GB, maximum heap size of 1/4 of physical memory up to 1 GB, Server runtime compiler https://docs.oracle.com/javase/8/docs/technotes/guides/vm/gctuning/ergonomics.htm l
An Example ● Java + Spring Boot + Embebed Tomcat  ● Reference: https://spring.io/guides/gs/spring-boot-Docker/ Dockerfile: FROM java:8 ADD /target/example*.jar javaopts.jar# Entry in json format ENTRYPOINT [“java”, “-jar”, “/javaopts.jar”] How we run it:        We  build the image          $ docker build -t spring-boot-javaopts .       We create and run a container          $ docker run spring-boot-javaopts Martín Baez
Java 9 support for Docker CPU and memory limits Memory Issues: • To tell the JVM to be aware of Docker memory limits( in the absence of setting a maximum Java heap via –Xmx) • There are two JVM command line options required, -XX: +UnlockExperimentalVMOptions - • XX:+UseCGroupMemoryLimitForHeap. • The -XX:+UnlockExperimentalVMOptions is required because in a future release transparent identification of Docker memory limits is the goal. • When these two JVM command line options are used, and -Xmx is not specified, the JVM will look at the Linux cgroup configuration, Docker containers also use cgroups configuration for CPU limits too.
Java 9 support for Docker CPU and memory limits CPU Issues: • As of Java SE 8u131, and in JDK 9, the JVM is Docker-aware with respect to Docker CPU limits transparently.  • If -XX:ParalllelGCThreads, or -XX:CICompilerCount are not specified as command line options, the JVM will apply the Docker CPU limit as the number of CPUs the JVM sees on the system. The JVM will then adjust the number of GC threads and JIT compiler threads just like it would as if it were running on a bare metal system with number of CPUs set as the Docker CPU limit.  • If -XX:ParallelGCThreads or -XX:CICompilerCount are specified as JVM command line options, and Docker CPU limit are specified, the JVM will use the -XX:ParallelGCThreads and -XX:CICompilerCount values.
Java 10 support for Docker  Issues: ● https://bugs.openjdk.java.net/browse/JDK-8146115 "When running in a container, the operating system functions used provide information about the host and do not include the container configuration and limits. The VM and core libraries will be modified as part of this RFE to first determine if the current running process is running in a container."
References oDocker Internals: http://docker-saigon.github.io/post/Docker-Internals/ oUnderstanding the Docker Internals: https://medium.com/@nagarwal/understanding-the-docker-internals-7ccb052 ce9fe oLimit a container's resources https://docs.docker.com/config/containers/resource_constraints/ oJava inside docker: What you must know to not FAIL: https://developers.redhat.com/blog/2017/03/14/java-inside-docker/ oMemory inside Linux containers: https://fabiokung.com/2014/03/13/memory- inside-linux-containers/
¡Muchas gracias!
ROSA RIOJUEVES 11 DE OCTUBRE - 18:15 hs Metropolitano Eventos Salón Contemporáneo (Junín 501) Abrimos la INSCRIPCIÓN GRATUITA el lunes 17 de septiembre! Sigan nuestras redes para estar atentos EndavaLat am @EndavaLat am

Recomendados

Linuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best PracticesLinuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best Practices
christophm
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespaces
Locaweb
 
Docker storage drivers by Jérôme Petazzoni
Docker storage drivers by Jérôme PetazzoniDocker storage drivers by Jérôme Petazzoni
Docker storage drivers by Jérôme Petazzoni
Docker, Inc.
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)
Dobrica Pavlinušić
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
Boden Russell
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
Marc Cortinas Val
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Boden Russell
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
Neeraj Shrimali
 

Recomendados

Linuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best PracticesLinuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best Practices
christophm
 
Linux cgroups and namespaces
Linux cgroups and namespacesLinux cgroups and namespaces
Linux cgroups and namespaces
Locaweb
 
Docker storage drivers by Jérôme Petazzoni
Docker storage drivers by Jérôme PetazzoniDocker storage drivers by Jérôme Petazzoni
Docker storage drivers by Jérôme Petazzoni
Docker, Inc.
 
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)
Dobrica Pavlinušić
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
Boden Russell
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
Marc Cortinas Val
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Boden Russell
 
Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup. Linux container, namespaces & CGroup.
Linux container, namespaces & CGroup.
Neeraj Shrimali
 
OpenVZ, Virtuozzo and Docker
OpenVZ, Virtuozzo and DockerOpenVZ, Virtuozzo and Docker
OpenVZ, Virtuozzo and Docker
Kirill Kolyshkin
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1
sprdd
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
Boden Russell
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!
Jérôme Petazzoni
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Jérôme Petazzoni
 
Containers are the future of the Cloud
Containers are the future of the CloudContainers are the future of the Cloud
Containers are the future of the Cloud
Pavel Odintsov
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New Virtualization
C4Media
 
Introduction to Docker and deployment and Azure
Introduction to Docker and deployment and AzureIntroduction to Docker and deployment and Azure
Introduction to Docker and deployment and Azure
Jérôme Petazzoni
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux Kernel
OpenVZ
 
Lightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSLightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFS
Jérôme Petazzoni
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
joshuasoundcloud
 
Introduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyIntroduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange County
Jérôme Petazzoni
 
Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)
Ralf Dannert
 
Lxc- Linux Containers
Lxc- Linux ContainersLxc- Linux Containers
Lxc- Linux Containers
samof76
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
Gábor Nyers
 
Strata - 03/31/2012
Strata - 03/31/2012Strata - 03/31/2012
Strata - 03/31/2012
Ceph Community
 
Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...
Boden Russell
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jérôme Petazzoni
 
Union FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerUnion FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a Container
Knoldus Inc.
 
Lxc- Introduction
Lxc- IntroductionLxc- Introduction
Lxc- Introduction
Luís Eduardo
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
Nitish Jadia
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作
kao kuo-tung
 

Más contenido relacionado

La actualidad más candente

Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1
sprdd
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
Boden Russell
 
Containers are the future of the Cloud
Containers are the future of the CloudContainers are the future of the Cloud
Containers are the future of the Cloud
Pavel Odintsov
 

La actualidad más candente (20)

OpenVZ, Virtuozzo and Docker
OpenVZ, Virtuozzo and DockerOpenVZ, Virtuozzo and Docker
OpenVZ, Virtuozzo and Docker
 
Cgroup resource mgmt_v1
Cgroup resource mgmt_v1Cgroup resource mgmt_v1
Cgroup resource mgmt_v1
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302
 
Let's Containerize New York with Docker!
Let's Containerize New York with Docker!Let's Containerize New York with Docker!
Let's Containerize New York with Docker!
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
 
Containers are the future of the Cloud
Containers are the future of the CloudContainers are the future of the Cloud
Containers are the future of the Cloud
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New Virtualization
 
Introduction to Docker and deployment and Azure
Introduction to Docker and deployment and AzureIntroduction to Docker and deployment and Azure
Introduction to Docker and deployment and Azure
 
Containers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux KernelContainers and Namespaces in the Linux Kernel
Containers and Namespaces in the Linux Kernel
 
Lightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFSLightweight Virtualization: LXC containers & AUFS
Lightweight Virtualization: LXC containers & AUFS
 
Linux Containers From Scratch
Linux Containers From ScratchLinux Containers From Scratch
Linux Containers From Scratch
 
Introduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange CountyIntroduction to Docker at Glidewell Laboratories in Orange County
Introduction to Docker at Glidewell Laboratories in Orange County
 
Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)
 
Lxc- Linux Containers
Lxc- Linux ContainersLxc- Linux Containers
Lxc- Linux Containers
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawn
 
Strata - 03/31/2012
Strata - 03/31/2012Strata - 03/31/2012
Strata - 03/31/2012
 
Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...Performance characteristics of traditional v ms vs docker containers (dockerc...
Performance characteristics of traditional v ms vs docker containers (dockerc...
 
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
 
Union FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a ContainerUnion FileSystem - A Building Blocks Of a Container
Union FileSystem - A Building Blocks Of a Container
 
Lxc- Introduction
Lxc- IntroductionLxc- Introduction
Lxc- Introduction
 

Similar a Java in containers

Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
David Timothy Strauss
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Walid Shaari
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
OpenShift Origin
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
WSO2
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
Jérôme Petazzoni
 

Similar a Java in containers (20)

Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作
 
Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12x
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
 
Why you’re going to fail running java on docker!
Why you’re going to fail running java on docker!Why you’re going to fail running java on docker!
Why you’re going to fail running java on docker!
 
Advanced Namespaces and cgroups
Advanced Namespaces and cgroupsAdvanced Namespaces and cgroups
Advanced Namespaces and cgroups
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
Introduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & ContainersIntroduction to OS LEVEL Virtualization & Containers
Introduction to OS LEVEL Virtualization & Containers
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
 
Introduction to Docker storage, volume and image
Introduction to Docker storage, volume and imageIntroduction to Docker storage, volume and image
Introduction to Docker storage, volume and image
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
 
Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
 

Último

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 

Último (20)

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
 

Java in containers

  • 2. Java in containers And a little bit about Container Internals Martín Baez
  • 3. SOBRE MÍ Nombre: Martín Báez Nacionalidad: Argentino Profesión: Technical Leader Especialidad: Java backend / Software Architecture FOTO ORADOR
  • 5. Limiting process resources in Linux - chroot ● chroot: It is an operation that changes the apparent root directory for the current running process and their children. A program that is run in such a modified environment cannot access files and commands outside that environmental directory tree. This modified environment is called a chroot jail.  •  It is a way to isolate apps • Change the process directory root • chroot /path/to/newRootDir • Deboostrap • A simple tool to install a bases debian system in any subdirectory • https://wiki.debian.org/Debootstrap Martín Baez Debooststrap example # mkdir /stable-chroot # debootstrap stable /stable-chroot http://deb.debian.org/debian/
  • 6. Limiting process resources in Linux - cgroups ● cgroups •  Started in 2006  with the name “process containers”(Paul Menage and Rohit Seth) • Included in Linux Kernel when version 2.6.24 was released • "Cgroups allow you to allocate resources — such as CPU time, system memory, network bandwidth, or combinations of these resources — among user-defined groups of tasks (processes) running on a system" • All processes on a Linux system are child processes of a common parent: the init process(or systemd), which is executed by the kernel at boot time and starts other processes (which may in turn start child processes of their own). Because all processes descend from a single parent, the Linux process model is a single hierarchy, or tree. • Additionally, every Linux process except init inherits the environment (such as the PATH variable) • Many different hierarchies of cgroups can exist simultaneously on a system. If the Linux process model is a single tree of processes, then the cgroup model is one or more separate, unconnected trees of tasks (i.e. processes). • Martín Baez
  • 7. Limiting process resources in Linux – cgroups(cont.) ● cgroup model • each hierarchy is attached to one or more subsystems.  • A subsystem represents a single resource ● cgroup subsystems • cpu • To provide cgroup tasks access to the CPU. • memory • Sets limits on memory use by tasks in a cgroup • devices •  Allows or denies access to devices by tasks in a cgroup. • ns • Namespaces subsystem • Others • Freezer, net_cls,net_prio,perf_event Martín Baez
  • 8. Limiting process resources in Linux – cgroups(Example) • Let's create two groups: • Assing 70% cpu time to one cgroup(red) • Assing 70% cpu time to the other(blue) We will create two cgroups in cpu subsystem: cpu_high and cpu_low # mkdir /sys/fs/cgroup/cpu/cpu_high # mkdir /sys/fs/cgroup/cpu/cpu_low cgroup cpu_high:70% of CPU time and  cpu_low will get 30% cput time # echo 717 > /sys/fs/cgroup/cpu/cpu_high/cpu.shares # echo 307 > /sys/fs/cgroup/cpu/cpu_low/cpu.shares taskset command allow us to attach a process to a core. # taskset -c 0 xterm -bg blue & # taskset -c 0 xterm -bg red & Martín Baez
  • 9. Limiting process resources in Linux – cgroups(Example) Martín Baez $ echo $$ > /sys/fs/cgroup/cpu/cpu_high/cgroup.procs $ md5sum /dev/urandom & $ echo $$ > /sys/fs/cgroup/cpu/cpu_low/cgroup.procs $ md5sum /dev/urandom &
  • 10. Limiting process resources in Linux – Namespaces ●  They allow for isolation of global system resources between independent processes.  For example, the PID namespace isolates the PID number space. This means that two processes running on the same host can have the same PID! ● Without namespaces, a process running in container A could, for example, umount an important filesystem in container B. ● The idea is that you can't interfere with something if it’s not visible to you. Martín Baez
  • 11. GNU Linux Tools /proc virtual file system ●  The /proc filesystem contains a illusionary filesystem. It does not exist on a disk. Instead, the kernel creates it in memory. It is used to provide information about the system. ● $ man proc ● /proc/1 ● /proc/cpuinfo ● /proc/meminfo ● /proc/stat ● There are many commands that do little more than read the above files and format them for easier understanding ● top ● ps ● free Some System calls collect information from the environment in GNU Linux Martín Baez
  • 13. Containers – Motivation (from the dev part of devops) ● You don’t need to install a bunch of language environments on your system. You can simply run the ruby / python / java application inside docker. ● Consistent development environments for the entire team. ● Different versions of same programming language without having to hack arounds your machine. ● Think of many jvm version and vendors in you laptop(JAVA_HOME, PATH....) ● If it runs in your container, it will run on your Linux server ● If you’re having a hard time building / compiling the application code, then build it inside Docker ● https://cloud.google.com/containers/ Martín Baez
  • 14. Containers – They are not a new idea ● Linux Containers(LXC) ● Solaris Zones  ● BSD Jails  ● Docker ● Based on LXC in the past (actually it has its ows libraries -> libcontainer)   ● OpenVZ ● Heroku ● Awesome! :) Martín Baez
  • 15. Containers – What they are ● Instead of virtualizing the hardware stack as with the virtual machines approach, containers virtualize at the operating. ● "Containers are a method of operating system virtualization that allow you to run an application and its dependencies in resource-isolated processes" (Amazon) ● This means that containers are far more lightweight: they share the OS kernel, start much faster, and use a fraction of the memory compared to booting an entire OS. ● Docker is the most popular, open-source container format. ● Benefits  Consistent Environment  Run Anywhere  Isolation Martín Baez
  • 16. Containers vs VMs ● Own network space ● Own network interface ● Can install packages ● Can run processes ● Can be packaged into images They are not VMS at all Martín Baez
  • 17. Containers – Example  lxc: # ls -l /usr/share/lxc/templates/ # lxc-create -t /usr/share/lxc/templates/lxc-alpine -n lxc-alpine # lxc-start -n lxc-alpine # lxc-attach -n lxc-alpine  # lxc-stop -n lxc-apline   It is possible to run docker on lxc.  In the past docker was based on lxcMartín Baez
  • 18. Containers – How they work? ● In general, Containers running on Linux makes use of kernel namespaces to provide the isolated workspace called the container.  ● When you run a container, Docker creates a set of namespaces for that container. These namespaces provide a layer of isolation.       PID namespace for process isolation.      NET namespace for managing network interfaces.      IPC namespace for managing access to IPC resources.      MNT namespace for managing filesystem mount points.      UTS namespace for isolating kernel and version identifiers. ● They also makes use of kernel control groups for resource allocation and isolation. A cgroup limits an application to a specific set of resources. Martín Baez
  • 19. Limiting Containers resources(Docker) ● Docker  Memory  -m / --memory  --memory-swap  If --memory and --memory-swap are set to the same value, this prevents containers from using any swap  CPU  --cpus  --cpus="1.5", the container is guaranteed at most one and a half of the CPUs  Realtime scheduler https://docs.docker.com/config/containers/resource_constraints / Martín Baez
  • 20. GNU Linux Tools in Docker Important Issues: ● $ docker run -it -m 512m  centos  bash ● [root@aba9f6744c3f /]# top ● [root@aba9f6744c3f /]# free –m ● [root@aba9f6744c3f /]# lscpu ● /proc/meminfo, /proc/vmstat and friends are not not cgroup-aware ● They will always display memory numbers from the host system ● Processes inside a container can not rely on free, top and others to determine how much memory they have to work with ● Auto-scaling is usually a function of how much memory is available INSIDE the container(this information needs to be accessible from inside the container).
  • 21. Java ergonomics The JVM provides platform-dependent default selections for the garbage collector, heap size, and runtime compiler.  ● Java processes in Linux don’t behave as expected  Java ergonomics  “Ergonomics is the process by which the Java Virtual Machine (JVM) and garbage collection tuning, such as behavior-based tuning, improve application performance.”   The JVM provides platform-dependent default selections for the garbage collector, heap size, and runtime compiler.”. ● Garbage Collector, Heap, and Runtime Compiler Default Selections  A class of machine referred to as a server-class machine has been defined as a machine with the following:  2 or more physical processors   2 or more GB of physical memory  On server-class machines, the following are selected by default: Throughput garbage collector,v Initial heap size of 1/64 of physical memory up to 1 GB, maximum heap size of 1/4 of physical memory up to 1 GB, Server runtime compiler https://docs.oracle.com/javase/8/docs/technotes/guides/vm/gctuning/ergonomics.htm l
  • 22. An Example ● Java + Spring Boot + Embebed Tomcat  ● Reference: https://spring.io/guides/gs/spring-boot-Docker/ Dockerfile: FROM java:8 ADD /target/example*.jar javaopts.jar# Entry in json format ENTRYPOINT [“java”, “-jar”, “/javaopts.jar”] How we run it:        We  build the image          $ docker build -t spring-boot-javaopts .       We create and run a container          $ docker run spring-boot-javaopts Martín Baez
  • 23. Java 9 support for Docker CPU and memory limits Memory Issues: • To tell the JVM to be aware of Docker memory limits( in the absence of setting a maximum Java heap via –Xmx) • There are two JVM command line options required, -XX: +UnlockExperimentalVMOptions - • XX:+UseCGroupMemoryLimitForHeap. • The -XX:+UnlockExperimentalVMOptions is required because in a future release transparent identification of Docker memory limits is the goal. • When these two JVM command line options are used, and -Xmx is not specified, the JVM will look at the Linux cgroup configuration, Docker containers also use cgroups configuration for CPU limits too.
  • 24. Java 9 support for Docker CPU and memory limits CPU Issues: • As of Java SE 8u131, and in JDK 9, the JVM is Docker-aware with respect to Docker CPU limits transparently.  • If -XX:ParalllelGCThreads, or -XX:CICompilerCount are not specified as command line options, the JVM will apply the Docker CPU limit as the number of CPUs the JVM sees on the system. The JVM will then adjust the number of GC threads and JIT compiler threads just like it would as if it were running on a bare metal system with number of CPUs set as the Docker CPU limit.  • If -XX:ParallelGCThreads or -XX:CICompilerCount are specified as JVM command line options, and Docker CPU limit are specified, the JVM will use the -XX:ParallelGCThreads and -XX:CICompilerCount values.
  • 25. Java 10 support for Docker  Issues: ● https://bugs.openjdk.java.net/browse/JDK-8146115 "When running in a container, the operating system functions used provide information about the host and do not include the container configuration and limits. The VM and core libraries will be modified as part of this RFE to first determine if the current running process is running in a container."
  • 26. References oDocker Internals: http://docker-saigon.github.io/post/Docker-Internals/ oUnderstanding the Docker Internals: https://medium.com/@nagarwal/understanding-the-docker-internals-7ccb052 ce9fe oLimit a container's resources https://docs.docker.com/config/containers/resource_constraints/ oJava inside docker: What you must know to not FAIL: https://developers.redhat.com/blog/2017/03/14/java-inside-docker/ oMemory inside Linux containers: https://fabiokung.com/2014/03/13/memory- inside-linux-containers/
  • 28.
  • 29.
  • 30. ROSA RIOJUEVES 11 DE OCTUBRE - 18:15 hs Metropolitano Eventos Salón Contemporáneo (Junín 501) Abrimos la INSCRIPCIÓN GRATUITA el lunes 17 de septiembre! Sigan nuestras redes para estar atentos EndavaLat am @EndavaLat am