SlideShare una empresa de Scribd logo

Docker italia fatti un container tutto tuo

Descargar como PPTX, PDF
Giulio De Donato
Giulio De Donato

docker-italia.slack.com

Ingeniería
1 de 28
FATTI UN CONTAINER TUTTO TUO!! @liuggio Giulio De Donato
@liuggiowelcometothebundle.com
@liuggio Giulio De Donato
What is a Container? @liuggio Giulio De Donato
“I once heard that hypervisors are the living proof of operating system's incompetence” -- Glauber Costa's - LinuxCon Europe 2012 @liuggio Giulio De Donato
... containers ... “I would love to say months, but let's get realistic” -- Glauber Costa's - LinuxCon Europe 2012 @liuggio Giulio De Donato
Is all about ISOLATION @liuggio Giulio De Donato
? @liuggio Giulio De Donato
while true; do mkdir x; cd x; done bomb() { bomb | bomb & }; bomb Attacks @liuggio Giulio De Donato
GOAL OF TODAY: http://9gag.com/gag/aGxbmGz namespace cgroups ufs @liuggio Giulio De Donato
LXC vs DOCKER @liuggio Giulio De Donato
Let’s start with the first set of slides Once upon a time ... @liuggio Giulio De Donato
NAMESPACE Linux 2.6.23 (released in late 2007) 6 namespaces - mnt (mount points, filesystems) - pid (processes) - net (network stack) - ipc (System V IPC) - uts (hostname) - user (UIDs) Namespaces started in about 2002. @liuggio Giulio De Donato
Namespaces processes API consists of these 3 system calls: ● clone() - creates a new process and a new namespace; the newly created process is attached to the new namespace ● unshare()–gets only a single parameter, flags. Does not create a new process; creates a new namespace and attaches the calling processto it. ● setns()- a new system call, for attaching the calling process to an existing namespace; @liuggio Giulio De Donato
DEMO Namespace https://gist.github.com/liuggio/ 114f506fbe040ac93687dc797b923cbf 1 @liuggio Giulio De Donato
@liuggio Giulio De Donato
CGroups! The cgroup (control groups) subsystem is a Resource Management and Resource Accounting/Tracking solution, providing a generic process - grouping framework It handles resources such as memory, cpu, network, and more; mostly needed in both ends of the spectrum (servers and embedded). ∎ Development was started by engineers at Google in 2006 under the name "process containers” ∎ Merged into kernel 2.6.24 (2008). ∎ cgroup core has 3 maintainers, and each cgroup controller has its own maintainer (cpu memory io) @liuggio Giulio De Donato
DEMO CGROUPS https://asciinema.org/a/7w13btk2uethz2e57lgpfz5ym or https://goo.gl/NyPMFJ 3 @liuggio Giulio De Donato
THIS IS A TREE @liuggio Giulio De Donato
THIS IS A TREE @liuggio Giulio De Donato
WHAT IS IT? @liuggio Giulio De Donato
DEMO UFSapt-get install aufs-tools https://asciinema.org/~liuggio https://asciinema.org/a/41778 2 @liuggio Giulio De Donato
@liuggio Giulio De Donato
Union File System PRO ∎ File level ∎ No caches CONS ∎ Bad performance for big files ∎ Not in kernel ∎ Too much layers costs merge into a single directory 2 devices Combining a large, read-only file system with small write area (like livecd) @liuggio Giulio De Donato
ZFS is a combination of a volume manager (like LVM) and a filesystem (like ext4, xfs, or btrfs). ZFS one of the most beloved features of Solaris, universally coveted by every Linux sysadmin with a Solaris background. ● snapshots ● copy-on-write cloning ● continuous integrity checking against data corruption ● automatic repair ● efficient data compression 2016 @liuggio Giulio De Donato
UFS @liuggio Giulio De Donato
THANKS! @liuggio Giulio De Donato
∎ www.welcometothebundle.com/isolate-a-process-with-no-container-like-docker ∎ https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#namespaces ∎ https://www.opencontainers.org/news/faqs/who-will-be-initial-technical-leadership ∎ http://www.cyberciti.biz/faq/unix-linux-chroot-command-examples-usage-syntax/ ∎ http://s0.cyberciti.org/uploads/faq/2013/01/bash-chroot-ls-demo.gif ∎ https://www.flockport.com/lxc-vs-docker/ ∎ http://ramirose.wix.com/ramirosen ∎ https://lwn.net/Articles/532593/ ∎ https://lwn.net/Articles/531114/ ∎ https://lwn.net/Articles/531381/ ∎ https://lwn.net/Articles/528078/ ∎ https://docs.docker.com/engine/reference/run/ ∎ http://www.netdevconf.org/1.1/proceedings/slides/rosen-namespaces-cgroups-lxc.pdf ∎ https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/ ∎ https://skillsmatter.com/skillscasts/7101-building-containers-from-scratch-for-fun-and-profit ∎ https://docs.oracle.com/cd/E18752_01/html/817-5093/bkupsnapshot-9.html ∎ https://www.flickr.com/photos/15514374@N05/10164384915/in/photolist-guc8vM-eUsLmk-bUx1od-snDG6D-4EdN6w-dRNW5S-92a5Rc-bqLMQX-9W8h5y-b4nUUZ-qBTHgX-qP1gRX- bjCEPC-9tmmnk-eiz69R-dUwHXM-ff6xuP-J1cvu-7FC9CK-5QNat5-sniS97-dmWZqi-9FJL3F-e5QKNc-oaepa3-dHcamQ-4EJPTP-eB42Pm-aywhxM-eSZ6Gv-jhYq8x-cXnWtd-6HXxUg-8ZKp87- 5BL32d-7g3EHP-4gc756-cBECqo-oBFK5Y-9fUMLY-e7z58s-oViSZU-pKrEsE-6J2D5b-6HXwrz-6HXxt8-9k3DeV-9k6CLy-qFGW5B-hrxHnf ∎ https://docs.docker.com/engine/userguide/storagedriver/device-mapper-driver/ ∎ https://docs.docker.com/engine/userguide/storagedriver/zfs-driver/ ∎ Presentation template by SlidesCarnival CREDITS

Recomendados

Lets isolate a process with no container like docker
Lets isolate a process with no container like dockerLets isolate a process with no container like docker
Lets isolate a process with no container like docker
Giulio De Donato
 
Creare Docker da zero con GoLang - Giulio De Donato
Creare Docker da zero con GoLang - Giulio De DonatoCreare Docker da zero con GoLang - Giulio De Donato
Creare Docker da zero con GoLang - Giulio De Donato
Codemotion
 
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
Akihiro Suda
 
Upstate DevOps - Containers 101 - March 28, 2019
Upstate DevOps - Containers 101 - March 28, 2019Upstate DevOps - Containers 101 - March 28, 2019
Upstate DevOps - Containers 101 - March 28, 2019
Allen Vailliencourt
 
Introduction to Docker, Meetup at University of Bamberg by Hypriot
Introduction to Docker, Meetup at University of Bamberg by HypriotIntroduction to Docker, Meetup at University of Bamberg by Hypriot
Introduction to Docker, Meetup at University of Bamberg by Hypriot
Team Hypriot
 
Containerizing Web Application with Docker
Containerizing Web Application with DockerContainerizing Web Application with Docker
Containerizing Web Application with Docker
msyukor
 
Docker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak PeekDocker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak Peek
msyukor
 
Perspectives on Docker
Perspectives on DockerPerspectives on Docker
Perspectives on Docker
RightScale
 

Recomendados

Lets isolate a process with no container like docker
Lets isolate a process with no container like dockerLets isolate a process with no container like docker
Lets isolate a process with no container like docker
Giulio De Donato
 
Creare Docker da zero con GoLang - Giulio De Donato
Creare Docker da zero con GoLang - Giulio De DonatoCreare Docker da zero con GoLang - Giulio De Donato
Creare Docker da zero con GoLang - Giulio De Donato
Codemotion
 
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode[DockerCon 2020] Hardening Docker daemon with Rootless Mode
[DockerCon 2020] Hardening Docker daemon with Rootless Mode
Akihiro Suda
 
Upstate DevOps - Containers 101 - March 28, 2019
Upstate DevOps - Containers 101 - March 28, 2019Upstate DevOps - Containers 101 - March 28, 2019
Upstate DevOps - Containers 101 - March 28, 2019
Allen Vailliencourt
 
Introduction to Docker, Meetup at University of Bamberg by Hypriot
Introduction to Docker, Meetup at University of Bamberg by HypriotIntroduction to Docker, Meetup at University of Bamberg by Hypriot
Introduction to Docker, Meetup at University of Bamberg by Hypriot
Team Hypriot
 
Containerizing Web Application with Docker
Containerizing Web Application with DockerContainerizing Web Application with Docker
Containerizing Web Application with Docker
msyukor
 
Docker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak PeekDocker for Web Developers: A Sneak Peek
Docker for Web Developers: A Sneak Peek
msyukor
 
Perspectives on Docker
Perspectives on DockerPerspectives on Docker
Perspectives on Docker
RightScale
 
Mastering Docker on a Raspberry Pi
Mastering Docker on a Raspberry PiMastering Docker on a Raspberry Pi
Mastering Docker on a Raspberry Pi
Team Hypriot
 
How to easy deploy app into any cloud
How to easy deploy app into any cloudHow to easy deploy app into any cloud
How to easy deploy app into any cloud
Ladislav Prskavec
 
Dockerizing IoT Services
Dockerizing IoT ServicesDockerizing IoT Services
Dockerizing IoT Services
msyukor
 
Hide your development environment and application in a container
Hide your development environment and application in a containerHide your development environment and application in a container
Hide your development environment and application in a container
Johan Janssen
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issues
Akihiro Suda
 
There is no container - Ori Pekelman
There is no container - Ori PekelmanThere is no container - Ori Pekelman
There is no container - Ori Pekelman
Paris Container Day
 
How Docker didn't invent containers (Docker Meetup Brno #1)
How Docker didn't invent containers (Docker Meetup Brno #1)How Docker didn't invent containers (Docker Meetup Brno #1)
How Docker didn't invent containers (Docker Meetup Brno #1)
Pavel Snajdr
 
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps ItaliaWhen Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
Giovanni Toraldo
 
Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?
msyukor
 
[KubeConUS2019 Docker, Inc. Booth] Distributed Builds on Kubernetes with Bui...
[KubeConUS2019 Docker, Inc. Booth] Distributed Builds on Kubernetes with Bui... [KubeConUS2019 Docker, Inc. Booth] Distributed Builds on Kubernetes with Bui...
[KubeConUS2019 Docker, Inc. Booth] Distributed Builds on Kubernetes with Bui...
Akihiro Suda
 
DockerCon 2016 Seattle Recap
DockerCon 2016 Seattle RecapDockerCon 2016 Seattle Recap
DockerCon 2016 Seattle Recap
Philipp Garbe
 
Docker workshop 0507 Taichung
Docker workshop 0507 Taichung Docker workshop 0507 Taichung
Docker workshop 0507 Taichung
Paul Chao
 
Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨
Ruoshi Ling
 
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker imagesRootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
Daniel Garcia (a.k.a cr0hn)
 
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker, Inc.
 
Docker 導入:障礙與對策
Docker 導入:障礙與對策Docker 導入:障礙與對策
Docker 導入:障礙與對策
William Yeh
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇
Philip Zheng
 
Running Docker on ARM
Running Docker on ARMRunning Docker on ARM
Running Docker on ARM
Dieter Reuter
 
Production FS: Adapt or die - Claudia Beresford & Tiago Scolar
Production FS: Adapt or die - Claudia Beresford & Tiago ScolarProduction FS: Adapt or die - Claudia Beresford & Tiago Scolar
Production FS: Adapt or die - Claudia Beresford & Tiago Scolar
Paris Container Day
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKit
NTT Software Innovation Center
 
Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
David Timothy Strauss
 
Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势
Anthony Wong
 

Más contenido relacionado

La actualidad más candente

Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨
Ruoshi Ling
 
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker, Inc.
 

La actualidad más candente (20)

Mastering Docker on a Raspberry Pi
Mastering Docker on a Raspberry PiMastering Docker on a Raspberry Pi
Mastering Docker on a Raspberry Pi
 
How to easy deploy app into any cloud
How to easy deploy app into any cloudHow to easy deploy app into any cloud
How to easy deploy app into any cloud
 
Dockerizing IoT Services
Dockerizing IoT ServicesDockerizing IoT Services
Dockerizing IoT Services
 
Hide your development environment and application in a container
Hide your development environment and application in a containerHide your development environment and application in a container
Hide your development environment and application in a container
 
Rootless Containers & Unresolved issues
Rootless Containers & Unresolved issuesRootless Containers & Unresolved issues
Rootless Containers & Unresolved issues
 
There is no container - Ori Pekelman
There is no container - Ori PekelmanThere is no container - Ori Pekelman
There is no container - Ori Pekelman
 
How Docker didn't invent containers (Docker Meetup Brno #1)
How Docker didn't invent containers (Docker Meetup Brno #1)How Docker didn't invent containers (Docker Meetup Brno #1)
How Docker didn't invent containers (Docker Meetup Brno #1)
 
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps ItaliaWhen Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
When Docker ends, Chef begins ~ #idi2015 Incontro DevOps Italia
 
Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?
 
[KubeConUS2019 Docker, Inc. Booth] Distributed Builds on Kubernetes with Bui...
[KubeConUS2019 Docker, Inc. Booth] Distributed Builds on Kubernetes with Bui... [KubeConUS2019 Docker, Inc. Booth] Distributed Builds on Kubernetes with Bui...
[KubeConUS2019 Docker, Inc. Booth] Distributed Builds on Kubernetes with Bui...
 
DockerCon 2016 Seattle Recap
DockerCon 2016 Seattle RecapDockerCon 2016 Seattle Recap
DockerCon 2016 Seattle Recap
 
Docker workshop 0507 Taichung
Docker workshop 0507 Taichung Docker workshop 0507 Taichung
Docker workshop 0507 Taichung
 
Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨
 
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker imagesRootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
 
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
 
Docker 導入:障礙與對策
Docker 導入:障礙與對策Docker 導入:障礙與對策
Docker 導入:障礙與對策
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇
 
Running Docker on ARM
Running Docker on ARMRunning Docker on ARM
Running Docker on ARM
 
Production FS: Adapt or die - Claudia Beresford & Tiago Scolar
Production FS: Adapt or die - Claudia Beresford & Tiago ScolarProduction FS: Adapt or die - Claudia Beresford & Tiago Scolar
Production FS: Adapt or die - Claudia Beresford & Tiago Scolar
 
Building images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKitBuilding images efficiently and securely on Kubernetes with BuildKit
Building images efficiently and securely on Kubernetes with BuildKit
 

Similar a Docker italia fatti un container tutto tuo

Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
David Timothy Strauss
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VI
Opersys inc.
 
Is Android the New Embedded Linux? at AnDevCon V
Is Android the New Embedded Linux? at AnDevCon VIs Android the New Embedded Linux? at AnDevCon V
Is Android the New Embedded Linux? at AnDevCon V
Opersys inc.
 
A "Box" Full of Tools and Distros
A "Box" Full of Tools and DistrosA "Box" Full of Tools and Distros
A "Box" Full of Tools and Distros
Dario Faggioli
 

Similar a Docker italia fatti un container tutto tuo (20)

Containers > VMs
Containers > VMsContainers > VMs
Containers > VMs
 
Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势Linux 开源操作系统发展新趋势
Linux 开源操作系统发展新趋势
 
Linux Security and How Web Browser Sandboxes Really Work (NDC Oslo 2017)
Linux Security and How Web Browser Sandboxes Really Work (NDC Oslo 2017)Linux Security and How Web Browser Sandboxes Really Work (NDC Oslo 2017)
Linux Security and How Web Browser Sandboxes Really Work (NDC Oslo 2017)
 
Is Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VIIs Android the New Embedded Linux? at AnDevCon VI
Is Android the New Embedded Linux? at AnDevCon VI
 
Is Android the New Embedded Linux? at AnDevCon V
Is Android the New Embedded Linux? at AnDevCon VIs Android the New Embedded Linux? at AnDevCon V
Is Android the New Embedded Linux? at AnDevCon V
 
G3 Summit 2016 - Dockerize your Grails!
G3 Summit 2016 - Dockerize your Grails!G3 Summit 2016 - Dockerize your Grails!
G3 Summit 2016 - Dockerize your Grails!
 
A million ways to provision embedded linux devices
A million ways to provision embedded linux devicesA million ways to provision embedded linux devices
A million ways to provision embedded linux devices
 
GR8Conf US 2017 - Dockerize your Grails!
GR8Conf US 2017 - Dockerize your Grails!GR8Conf US 2017 - Dockerize your Grails!
GR8Conf US 2017 - Dockerize your Grails!
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embedded
 
Docker containers : introduction
Docker containers : introductionDocker containers : introduction
Docker containers : introduction
 
Headless Android at AnDevCon3
Headless Android at AnDevCon3Headless Android at AnDevCon3
Headless Android at AnDevCon3
 
Snap - the universal packaging format for linux distros
Snap - the universal packaging format for linux distrosSnap - the universal packaging format for linux distros
Snap - the universal packaging format for linux distros
 
A "Box" Full of Tools and Distros
A "Box" Full of Tools and DistrosA "Box" Full of Tools and Distros
A "Box" Full of Tools and Distros
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
Part 1 of 'Introduction to Linux for bioinformatics': Introduction
Part 1 of 'Introduction to Linux for bioinformatics': IntroductionPart 1 of 'Introduction to Linux for bioinformatics': Introduction
Part 1 of 'Introduction to Linux for bioinformatics': Introduction
 
Greach 2016 dockerize your grails
Greach 2016 dockerize your grailsGreach 2016 dockerize your grails
Greach 2016 dockerize your grails
 
Systemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to loveSystemd: the modern Linux init system you will learn to love
Systemd: the modern Linux init system you will learn to love
 
Introduction to containers
Introduction to containersIntroduction to containers
Introduction to containers
 
Jean s ca-le-videolan
Jean s ca-le-videolanJean s ca-le-videolan
Jean s ca-le-videolan
 
Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
 

Más de Giulio De Donato

Leaphly fight monolothic today
Leaphly fight monolothic todayLeaphly fight monolothic today
Leaphly fight monolothic today
Giulio De Donato
 

Más de Giulio De Donato (12)

More developers on DevOps with Docker orchestration
More developers on DevOps with Docker orchestrationMore developers on DevOps with Docker orchestration
More developers on DevOps with Docker orchestration
 
really really really awesome php application with bdd behat and iterfaces
really really really awesome php application with bdd behat and iterfacesreally really really awesome php application with bdd behat and iterfaces
really really really awesome php application with bdd behat and iterfaces
 
Import golang; struct microservice
Import golang; struct microserviceImport golang; struct microservice
Import golang; struct microservice
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorization
 
Think horizontally ood, ddd and bdd
Think horizontally ood, ddd and bddThink horizontally ood, ddd and bdd
Think horizontally ood, ddd and bdd
 
I came i saw i go - golang it meetup codemotion rome 2014
I came i saw i go - golang it meetup codemotion rome 2014I came i saw i go - golang it meetup codemotion rome 2014
I came i saw i go - golang it meetup codemotion rome 2014
 
Benchmark Profile and Boost your Symfony application
Benchmark Profile and Boost your Symfony applicationBenchmark Profile and Boost your Symfony application
Benchmark Profile and Boost your Symfony application
 
Leaphly fight monolothic today
Leaphly fight monolothic todayLeaphly fight monolothic today
Leaphly fight monolothic today
 
It's all about behaviour, also in php - phpspec
It's all about behaviour, also in php - phpspecIt's all about behaviour, also in php - phpspec
It's all about behaviour, also in php - phpspec
 
Design pattern in Symfony2 - Nanos gigantium humeris insidentes
Design pattern in Symfony2 - Nanos gigantium humeris insidentesDesign pattern in Symfony2 - Nanos gigantium humeris insidentes
Design pattern in Symfony2 - Nanos gigantium humeris insidentes
 
Caching and data analysis will move your Symfony2 application to the next level
Caching and data analysis will move your Symfony2 application to the next levelCaching and data analysis will move your Symfony2 application to the next level
Caching and data analysis will move your Symfony2 application to the next level
 
Rationally boost your symfony2 application with caching tips and monitoring
Rationally boost your symfony2 application with caching tips and monitoringRationally boost your symfony2 application with caching tips and monitoring
Rationally boost your symfony2 application with caching tips and monitoring
 

Último

Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Christo Ananth
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
rknatarajan
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Christo Ananth
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
Tonystark477637
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
ranjana rawat
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Dr.Costas Sachpazis
 

Último (20)

BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and Properties
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 

Docker italia fatti un container tutto tuo

Notas del editor

  1. Sapete chi è lui? Facile Crozza vs RAZZI Esplogiamo la tecnologia e uccidiamo il magico
  2. CTO Golangit
  3. Siamo nel 2016, e Docker è ovunque, nei workshop, nelle conferenze, nei blog che parlano di startup, tra i servizi di Amazon e dentro google app engine e kebernetes. Gli ultimi anni sono stati grandiosi per i container ma sopratutto per Docker, si è addirittura definito uno standard di specifiche per la creazione dei container https://www.opencontainers.org/ (2015) sponsorizzato da Docker e mille altre aziende. Giorni fa quando ho parlato del workshop su docker che ho tenuto, un ragazzo ha detto ah si la virtualizzazione, questa associazione tra virtualizzazione e container è concettualmente simile ma tecnicamente distante, molto distante… sapremmo Dare una definizione di cosa è un container, e da cosa è composto? Mi piace l’idea che un container è una scatola in cui dentro viene eseguito uno o piu processi, L’idea di questo blog post è proprio quella di esplodere la scatola e vedere come funziona un container esplicitando tutta la magia.
  4. Sappiamo cosa fa… ma abbiamo mai pensato a cosa è E da cosa è composto? fight the magic non pensate che docker e che la tecnologia dei container sia troppo magica fa troppe cose...
  5. Costa dice ti pare che un processo non puo’ girare in pace con un altri processi? Ti pare che c’è un concetto a cui linux non ha mai pensato? ISOLATION I sistemisti per permettere l’isolation aggiungono server fisici, Poi è arrivato l’hypervisor, ma c’è qualcosa che ci siamo persi!
  6. Costa dice ti pare che un processo non puo’ girare in pace con un altri processi? Ti pare che c’è un concetto a cui linux non ha mai pensato? ISOLATION I sistemisti per permettere l’isolation aggiungono server fisici, Poi è arrivato l’hypervisor, ma c’è qualcosa che ci siamo persi!
  7. The other side of the resource-allocation problem is denial-of-service attacks. With traditional UNIX systems, local denial-of-service attacks are relatively easy to perpetrate. As a first example, Glauber gave the following small script: É possibile che due semplici script riescano a riempire il primo il filesystem e il secondo la ram?
  8. Parliamo di come è composti un container dei 3 principali Namespace isolamento astrazione Cgroups isolamento come limitazione Ufs. Isolamento nel FS ma anche altre funzionalità .. Cerchiamo di far girare la giostra fight the magic non pensate che docker e che la tecnologia dei container sia troppo magica fa troppe cose...
  9. Saro’ breve LXC owes its origin to the development of cgroups and namespaces in the Linux kernel to support lightweight virtualized OS environments (containers) and some early work by Daniel Lezcano and Serge Hallyn dating from 2009 at IBM The LXC Project provides tools to manage containers, advanced networking and storage support and a wide choice of minimal container OS templates. It is currently led by a 2 member team, Stephane Graber and Serge Hallyn from Ubuntu. The LXC project is supported by Ubuntu. LXC is actively developed but not well documented beyond Ubuntu. Cross distribution documentation is lacking, things usually work well in Ubuntu first, leaving to all round frustration and hair pulling for users of other distributions. There is a lot of confusion, outdated and often just misleading information online. Add Docker to the mix which has aggressively marketed itself to the wider community (Ubuntu, why so quiet?) and the volume of information and scope for confusion has widened. To clarify all the misconceptions both LXC an Docker are userland container managers that use kernel namespaces to provide end user containers. We also now have Systemd-Nspawn that does the same thing. The only difference is LXC containers have an an init and can thus run multiple processes and Docker containers do not have an init and can only run single processes. LXC maintainer Stephane Graber's excellent 10 part Blog series on LXC 1.0 and our LXC Getting started guide provide an overview of LXC and its capabilities.
  10. A process can be created in Linux by the fork(), clone()or vclone()system calls. In order to support namespaces, 6 flags (CLONE_NEW*) were added. These flags (or a combination of them) can be used in clone()or unshare()system calls to create a namespace.
  11. Namespaces API consists of these 3 system calls: ● clone() - creates a new process and a new namespace; the newly created process is attached to the new namespace.–The process creation and process termination methods, fork() and exit(), were patched to handle the new namespace CLONE_NEW* flags. ● unshare()–gets only a single parameter, flags.Does notcreate a new process; creates a new namespaceand attachesthe callingprocessto it.–unshare() was added in 2005.see “new system call, unshare” : http://lwn.net/Articles/135266/ ● setns()-a new system call, for attaching the calling process to an existing namespace; prototype: intsetns(intfd, intnstype)
  12. cd /home/liuggio/project/go/src/github.com/liuggio/c/namespace/noflag/ sudo /usr/local/go/bin/go run namespace.go /bin/sh -c "hostname ciao;hostname"
  13. $ df -h | grep "\/$" /dev/sdb2 102G 85G 12G 88% / $ df -h | grep "\/$" | awk '{print $1}' /dev/sdb2 #scopriamo a quanto andiamo :) $ dd if=/dev/zero of=`pwd`/file-xyz bs=1M count=500 $ dd if=/file-xyz of=/dev/null bs=1M count=300 $ lscgroup 300+0 records in 300+0 records out 314572800 bytes (315 MB) copied, 0,603292 s, 521 MB/s $ ls /dev/sdb -l brw-rw---- 1 root disk 8, 16feb 13 19:48 /dev/sdb In the Linux Allocated Devices notation, 8:18 represents /dev/sdb creiamo una cartella dentro cgroup da root :) $ mkdir /sys/fs/cgroup/blkio/sponge; cd /sys/fs/cgroup/blkio/sponge automaticamnete vengono creati dei file come per magia diciamo che vogliamo limitare la lettura a 5mb al secondo $ echo "8:16 5242880" > blkio.throttle.read_bps_device puliamo la cache $ echo 3 > /proc/sys/vm/drop_caches $ free -m $ cgexec -g blkio:sponge dd if=/file-xyz of=/dev/null & iotop
  14. Partiamo dalle basi sapete cosa è Eh no
  15. Partiamo dalle basi dell’informatica
  16. Se noi facessimo un giunto tra due rami dell’albero … Union file systems, or UnionFS, are file systems that operate by creating layers, making them very lightweight and fast. Docker uses union file systems to provide the building blocks for containers. Docker can make use of several union file system variants including: AUFS, btrfs, vfs, and DeviceMapper. Una funzionalità tanti benefici: Siamo abituati a vedere l’albero del filesystem come alberi dove i figli sono cartelle separate unite solo dal padre Connette l’albero filesystem in un unica cartella Immagine! Vantaggio della condivisione se aggiungo un layer dovro solo far scaricare il nuovo layer ai miei colleghi e non di nuovo tutta l’immagine. velocità non in lettura ma nell’esecuzione e condivisione. Quindi questa funzionalità permette anche ai container di avere una immagine su cui lavorare in readonly Con la famosa read on write paragone con virtualbox copia prima e utilizzo dopo, Write solo se serve. 2 features: unione copy on write Union fs: $ apt-get install aufs-tools
  17. $ mkdir /tmp/dir1; $ echo "ciao" >> /tmp/dir1/a $ mkdir /tmp/aufs $ mount -t aufs -o br=/tmp/dir1:`pwd` none /tmp/aufs $ echo "miao" > /tmp/aufs/miao $ ls -l /tmp/dir1; # c’è miao in dir2 $ ls -l /tmp/aufs; # c’è miao anche in dir1 $ ls -l `pwd`; # non c’è miao $ mount -t aufs -o br="/tmp/a:`pwd`=rr:/tmp/b=rr" none /tmp/aufs
  18. Per fare i layer ci vuole un albero union :)
  19. https://docs.oracle.com/cd/E18752_01/html/817-5093/bkupsnapshot-9.html problemi per terabyte al reboot fa cose strane
  20. Quindi siamo riusciti a far girare qualcosa Ma non come riescono i professionisti.
  21. Sapete chi è lui? Facile