Embed Size (px)
DESCRIPTION
Citation preview
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
Create your containers with PerlCreate your containers with Perl
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
So first... Who am I?So first... Who am I?
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
So first... Who am I?So first... Who am I?
➢ System Administrator at heartSystem Administrator at heart➢ Teaching at Sofia UniversityTeaching at Sofia University➢ Organizing events like this one...Organizing events like this one...➢ CEO of 1H Ltd.CEO of 1H Ltd.➢ CTO of GetClouderCTO of GetClouder➢ Chief architect of Siteground.comChief architect of Siteground.com
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
The current state of containers
➢ LXC➢ Docker➢ lmctfy➢ A bunch of other small implementations➢ Build it your self
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
Root inside the containerRoot inside the container
ONLY WITH LXCONLY WITH LXC
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
So why would you need a Perl implementation
➢ Patching LXC is writing in C...➢ Writing in C is not very user friendly➢ If most of your logic is already in Perl...➢ Keep less moving blocks in your architecture
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
So what the hell is a container?
➢ chroot ( isolate the directory tree )➢ unshare ( create new namespace(s) )➢ cgroups ( add limits )➢ drop capabilities (optional)
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
What do we have in Perl?
➢ Linux::Unshare➢ Linux::Setns
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
What do we need?
➢ Linux::Capabilities➢ Linux::Networking
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
What am I proposing?a toolkit
➢ pc-start➢ pc-stop➢ pc-restart➢ pc-list➢ pc-top➢ pc-attach
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
➢ pre-read-config hook➢ read yaml config➢ post-read-config➢ prepare cgroup➢ post-cgroup-setup hook➢ fork
➢ prepare mount hook➢ chroot➢ post-chroot hook➢ unshare➢ post-unshare hook➢ drop caps➢ post-dropcaps hook➢ setup networking➢ post-networking hook➢ fork -> exec init➢ post init hook
➢ setup user mappings ➢ post usermap hook
So let's So let's look inside the look inside the implementation implementation
in depthin depth
pc-startpc-start
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
➢ pre-read-config hook➢ read yaml config➢ post-read-config➢ check if there is a cgroup➢ check if the cgroup is not empty➢ check if the base device➢ find a FD from one of the PIDs➢ pre-attach hook➢ setns
➢ execute bash -i
pc-attachpc-attach
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
➢ pre-read-config hook➢ read yaml config➢ post-read-config➢ check if there is a cgroup➢ check if the cgroup is empty➢ do pc-attach
➢ execute halt
pc-stoppc-stop
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
➢ loop trough the configs➢ check if the cgroup exists➢ check if the cgroup is empty➢ check if it has init running inside
pc-listpc-list
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
➢ Loop trough all the configs➢ check if the cgroup exists➢ check if the cgroup is not empty➢ collect the following stats➢ cpu usage➢ memory usage➢ I/O usage➢ Network usage
➢ It should allow the admin to➢ sort each by each resource ➢ handle signals➢ configure the interface
pc-toppc-top
YAPC::EU 2014 SofiaYAPC::EU 2014 Sofia
http://github.com/hackman/azilian
