OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alfonso, UPV

•

2 recomendaciones•482 vistas

ONEDock extends OpenNebula to use Docker containers as virtual machines. When OpenNebula requests a new virtual machine, ONEDock delivers a Docker container instead. ONEDock manages the lifecycle of the containers, such as creating, destroying, and migrating them, similar to how OpenNebula manages virtual machines. ONEDock addresses challenges in mapping Docker concepts like containers and images to the concepts of long-lasting virtual machines used in OpenNebula.

Tecnología

ONEDOCK: DOCKER AS A HYPERVISOR IN ONE
Instituto de Instrumentación para Imagen Molecular (I3M).
Centro mixto CSIC - Universitat Politècnica deValència - CIEMAT
Carlos de Alfonso
caralla@upv.es

ONEDOCK IN ONETWEET
ONEDock is a set of extensions for
OpenNebula to use Docker containers
as first-class entities, as if they were
lightweightVirtual Machines

ONEDOCK
• ONEDock tries to integrate Docker as any
other hypervisor available in ONE (KVM,
VMWare, Xen, etc.)
• When ONE is asked for oneVM, ONEDock will make
that ONE delivers the user a Docker container.
• The lifecycle of the containers is carried out as ONE
manages the lifecycle of aVM:
• Creating, destroying, saving, migrating, etc.

WHY DOCKER FOR ONE?
• Container technologies have gained significant
momentum in the last years.
• Docker includes unique features
• Docker Hub with lots of applications already packed.
• The Dockerfile mechanism that eases the creation
and distribution of images.
• The usage of layered file systems
that reduce the footprint of the
image of the container.
• Docker seems to be the winner hype.

WHY NOT DOCKER FOR ONE?
• Docker is mainly conceived for application
delivery and not for behaving as a long-lasting
VM.
• LXC/LXD will probably be a more natural solution.

ONEDOCK COMPONENTS (I)
• A ONEDock datastore is created to use the
features of Dockerfiles and the usage and
creation of the container images
• ONEDock installs a private Docker index.
• Use images from Docker Hub or import from
exported Docker containers.
• The ONEDock transfer manager gets the
Docker images from the ONEDock datastore.

ONEDOCK COMPONENTS (II)
• The ONEDock monitoring driver provides ONE
with information about the running containers
and the state of the Docker hypervisor.
• The ONEDock virtual machine manager
translates the operations of the lifecycle of the
“ONEVMs” into Docker operations
• Currently only the basic operations of the lifecycle
ofVMs are available (e.g. creating, destroying, etc.
• Not all of the operations will be posible, because of the
concept of Docker (e.g hot attaching a volume).

ONEDOCK WORKFLOW
1. A Docker image is registered in ONE
• The process consists of downloading the image into
the private registry to reduce the external traffic
and to match the concept of image in ONE.
2. A ONEDock VM is created and scheduled
• The host downloads the image from the private
registry and starts the container.
• Configures the container to act “like a ONEVM”
• Configure aVNC console, give full access to the network.
3. The container is accesible as if it were aVM.

TECHNICAL DETAILS (I)
• The concept of Docker does not match the
concept of aVM.
• Containers do not have full access to the network
• ONEDock hacks the network to deliver full working IPs
instead of exposing individual ports.
• Docker containers do not have a “console”.
• ONEDock uses SVNCterm that emulates aVNC console
on a command execution (i.e. bash inside the container).
• A Docker container executes an application.
• It is important to ensure that the application will not end,
to keep the container running.

TECHNICAL DETAILS (II)
• Some features of theVMs need that containers
are granted with specific privileges when
mapped to Docker (e. g. mounting block devices)
• It is a security issue that is difficult to solve.
• Some workarounds are included in ONEDock.
• Mounting the devices in the host and then mapping folders
to the container filesystem.
• It is difficult to translate some concepts of the
VMs to the containers.
• e. g. hot attaching volumes or NICs.

MORE INFO ON ONEDOCK
• ONEDock
• Can be obtained from the public repository
https://github.com/indigo-dc/onedock
• Distributed under the Apache 2.0 license.
• Developed in the framework of the INDIGO-
DataCloud project (grant agreement RIA 653549).

Más contenido relacionado

La actualidad más candente

OpenNebula 4.14 Hands-on Tutorial

OpenNebula Project

OpenNebulaConf 2013 - Hands-on Tutorial: 1. Introduction and Architecture

OpenNebula Project

The tutorial covers the process of installing, configuring and operating private, public and hybrid clouds using OpenNebula. Additionally the program briefly addresses the integration of OpenNebula with other components in the data center. The target audience is devops and system administrators interested in deploying a private cloud solution, or in the integration of OpenNebula with other platform.

OpenNebula 5.4 Hands-on Tutorial

OpenNebula Project

Do you remember Vagrant? It was that last hipster thing before Docker turned into the most recent hipster thing! It's also still really helpful for software evaluations or lab environments. Normally, it works with VirtualBox on your laptop, but this approach can be too limiting. Even running just 10 VMs becomes a stretch on a laptop. It burns through your battery, SSD lifetime, disk space and threatens how many dozen browser tabs you can open... Enter the Vagrant OpenNebula providers! You can actually control Vagrant on your workstation but have the VMs running on your cloud. There are multiple ways to do that, and also limitations. In the workshop, we'll look at what is possible and how you can best benefit from - oh right! - your cloud!

OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian Heigl

OpenNebula Project

TechDay - Cambridge 2016 - OpenNebula at Knight Point Systems

OpenNebula Project

OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis

OpenNebula Project

TECNIRIS@: OpenNebula Tutorial

OpenNebula Project

In the era of Cloud Service and Internet of Things, information security has already become a transnational issue. In recent years, the large scale cyber attack via the connection of BotNet has become a thorny issue of Global information security. Taiwan is always the main target of international hackers due to the high dense of information devices and computers in campuses are always the favorite of hackers. To help tackling such an issue, the Ezilla, which is considered as a private Cloud toolkit ( integrated with OpenNebula), has been implemented by the CyberSecurity research team in the National Center for High-performance Computing (NCHC), Taiwan. Through the Ezilla which leverages OpenNebula and CyberSecuirty techniques, Cloud users can easily customize and configure a specified Cloud security training environment. It is an extremely lightweight approach helping users to access virtual computing resources. The main feature of this project is simplifying the utilization of Clouds. Our goal is to make Cloud security scientists or users painlessly to run their own CyberSecurity jobs on Cloud platforms, including Cyber Defense Exercise, Malware Knowledge Base, etc.. Based on the proposed CyberSecurity Exercise Platform, we also develop new functions which are private Cloud information security training service, Captur the Flags (CTF) competition service, and virtual networking service for enterprise.

OpenNebulaConf 2016 - The Lightweight Approach to Build Cloud CyberSecurity E...

OpenNebula Project

Loadays 2013 OpenNebula Fundamentals

OpenNebula Project

An OpenNebula Private Cloud

databus.pro

OpenNebulaconf2017US: Multi-Site Hyperconverged OpenNebula with DRBD9

OpenNebula Project

OpenNebula TechDay Boston 2015 - installing and basic usage

OpenNebula Project

OpenNebula TechDay Waterloo 2015 - Open nebula hands on workshop

OpenNebula Project

Open nebula froscon

OpenNebula Project

Describes a fully-automated system for building fully-patched windows gold images on-demand or on a schedule. It is possible to build and use the same image on OpenNebula, as well as public clouds such as Azure and AWS (with appropriate changes to handle the different contextualization methods in the target clouds). Uses Microsoft MDT to build the image, and Jenkins build server to manage the orchestration in OpenNebula, monitoring the build process, and publishing the completed images to the OpenNebula marketplace and the public clouds. YouTube: https://youtu.be/owUpj8WHMQo

OpenNebulaConf2017EU: One (Windows) Image to Rule them All by Paul Batchelor,...

OpenNebula Project

TechDay - April - Customizing VM Images

OpenNebula Project

OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...

OpenNebula Project

VTastic: Akamai Innovations for Distributed System Testing - Jack Wadden, Akamai Akamai Technologies’ CDN platform is a complex, highly-integrated distributed system consisting of over 200,000 servers in over 120 countries.. Processing over 3 Trillion web requests per day, the Akamai platform regularly serves over 30Tbps of traffic to end users around the world. Setup and maintenance of Akamai integration test environments involves a significant investment of hardware, time and subject matter expertise. As a result, these environments are a scarce resource. Using Opennebula, Akamai has developed a system for saving and cloning multi-node integration test environments on-demand. The system is succeeding and has the potential to revolutionize Akamai’s approach to software development and testing. After exploring Akamai’s platform architecture and testing challenges, we will describe the key innovations that enabled the Vtastic solution, challenges we faced in implementing a reliable system, and future capabilities the system can offer.

OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...

OpenNebula Project

OpenNebulaConf2017EU: Rudder by Florian, Heigl

OpenNebula Project

In this talk I will present an overview of what is disaster recovery, its main organizational and technical aspects and how we solved the problem of DR for many companies using a combination of OpenNebula, MooseFS and lots of duct tape. Going in detail, the presentation will show how to realistically estimate your recovery time objective (RTO) and the other essential parameters like RPO depending on your company structure and requirements; how to create a reliable, self-managing infrastructure using OpenNebuia and the MooseFS/LizardFS distributed filesystems, how to efficiently perform geographic disaster recovery (including differential and deduplicating snapshots) and the additions and changes we made to OpenNebula to help in performing remote management and support. Some specific real-life disasters will be examined, along with some hardware tools designed to help – like the portable cloud or the bomb-proof server rack.

OpenNebula Conf 2014 | OpenNebula and MooseFS for disaster recovery: real clo...

NETWAYS

La actualidad más candente (20)

OpenNebula 4.14 Hands-on Tutorial

OpenNebulaConf 2013 - Hands-on Tutorial: 1. Introduction and Architecture

OpenNebula 5.4 Hands-on Tutorial

OpenNebulaConf 2016 - LAB ONE - Vagrant running on OpenNebula? by Florian Heigl

TechDay - Cambridge 2016 - OpenNebula at Knight Point Systems

OpenNebulaConf2015 2.03 Docker-Machine and OpenNebula - Jaime Melis

TECNIRIS@: OpenNebula Tutorial

OpenNebulaConf 2016 - The Lightweight Approach to Build Cloud CyberSecurity E...

Loadays 2013 OpenNebula Fundamentals

An OpenNebula Private Cloud

OpenNebulaconf2017US: Multi-Site Hyperconverged OpenNebula with DRBD9

OpenNebula TechDay Boston 2015 - installing and basic usage

OpenNebula TechDay Waterloo 2015 - Open nebula hands on workshop

Open nebula froscon

OpenNebulaConf2017EU: One (Windows) Image to Rule them All by Paul Batchelor,...

TechDay - April - Customizing VM Images

OpenNebulaConf2017EU: Alternative Context for Windows by Paul Batchelor, Blac...

OpenNebulaConf 2016 - VTastic: Akamai Innovations for Distributed System Test...

OpenNebulaConf2017EU: Rudder by Florian, Heigl

OpenNebula Conf 2014 | OpenNebula and MooseFS for disaster recovery: real clo...

Destacado

FreeIPA is an integrated Identity and Authentication solution for Linux and Unix environments. It provides a centralized authentication and authorization information and it also stores user data information such as user names, groups, hosts and many different objects to manage the security aspects of a network of computers. FreeIPA uses different technologies, but the core of the authentication system is based on MIT Kerberos technology. Thanks to this technology the authentication works on the basis of tickets to allow users or nodes communicating over a non-secure network to prove their identity to get access to different services. In this talk we will show how it is possible to integrate Sunstone authentication with the FreeIPA SSO thanks to the new Sunstone remote authentication plugin provided by OpenNebula. We will describe how to setup Sunstone in an easy way to include Kerberos authentication using Apache and Phusion Passenger module. This configuration approach also changes the security mechanism used by libvirt to establish the connection between hypervisors. We will explain how it is possible, using the host keytabs generated by FreeIPA, to improve the security between the hypervisors when we have to migrate virtual machines in an insecure network.

OpenNebulaConf 2016 - Sunstone integration with FreeIPA using Single Sign by ...

OpenNebula Project

OpenNebulaConf 2016 - Icinga2 - APIFY them all by Achim Ledermüller, Netways ...

OpenNebula Project

After more than one year since the start of the operational phase, it is time for the Leibniz Supercomputing Centre to reconsider the usage model of its cloud infrastructure based on OpenNebula. Budgeting is the tool of choice to regulate the access to the resources and to translate the diverse access priorities into allocation policies. This talk will focus on the use case of a resource provider for research and education, giving an overview of the current needs together with a proposed solution.

OpenNebulaConf 2016 - Budgeting: the Ugly Duckling of Cloud computing? by Mat...

OpenNebula Project

OpenNebulaConf 2016 - The DRBD SDS for OpenNebula by Philipp Reisner, LINBIT

OpenNebula Project

OpenNebulaConf 2016 - Evolution of OpenNebula at Netways by Sebastian Saemann...

OpenNebula Project

OpenNebulaConf 2016 - Fast Prototyping of a C.O. into a Micro Data Center - A...

OpenNebula Project

OpenNebulaConf 2016 - Network automation with VR by Karsten Nielsen, Unity Te...

OpenNebula Project

This talk will introduce a flexible accounting framework with data visualization capabilities called MICHAL, that we at CESNET developed for our infrastructure. Framework is able to gather data from multiple sources, OpenNebula being one of them, process it and present the result in a form of charts. MICHAL isn't bind to only one platform and can be easily extended to support accounting of multiple parts of the infrastructure. As part of the presentation, we will discuss our data gathering techniques, MICHAL's design and functionality, currently available data processing modules for IaaS cloud and plans for the future development.

OpenNebulaConf 2016 - MICHAL - flexible infrastructure accounting framework b...

OpenNebula Project

TechDay - Toronto 2016 - C151 Data Centers Introduction

OpenNebula Project

We’re moving into a world of open cloud — where each organization can find the right cloud for its unique needs. A single cloud management platform can not be all things to all people, there will be a cloud space with several offerings focused on different environments and/or industries. The OpenNebula commitment to the open cloud flows directly out of its mission — to become the simplest cloud enabling platform — and its purpose — to bring simplicity to the private and hybrid enterprise cloud. OpenNebula exists to help companies build simple, cost-effective, reliable, open enterprise clouds on existing IT infrastructure. The OpenNebula Conference will be a great opportunity to remind our vision, vision and commitment, to look back at how the project has grown in the last 8 years, and to give a peek at what to expect from the project in the near future.

OpenNebulaConf 2016 - OpenNebula, OpenNebulaConf, OpenNebulaConf 2016

OpenNebula Project

TechDay - Toronto 2016 - OpenNebula @ Fuze

OpenNebula Project

OpenNebulaConf 2016 - OpenNebula 5.0 Highlights and Beyond by Ruben S. Monter...

OpenNebula Project

Jenkins & OpenNebula a CD History - Alberto García

OpenNebula Project

OpenNebulaConf 2016 - Measuring and tuning VM performance by Boyan Krosnov, S...

OpenNebula Project

Docker Machine and Swarm on OpenNebula - Jaime Melis

OpenNebula Project

Introduction to OpenNebula - Ignacio M. Llorente

OpenNebula Project

TechDay - Cambridge 2016 - OpenNebula Corona

OpenNebula Project

Open Nebula An Innovative Open Source Toolkit For Building Cloud Solutions ...

Ignacio M. Llorente

Destacado (18)