pot freebsd containers on freebsd
play

pot: FreeBSD containers on FreeBSD Luca Pizzamiglio - PowerPoint PPT Presentation

Nov 21, 2023 •97 likes •447 views

pot: FreeBSD containers on FreeBSD Luca Pizzamiglio pizzamig@FreeBSD.org FOSDEM 2018 whoami(1) Luca Pizzamiglio aka pizzamig@ FreeBSD enthusiast Port committer since August 2017 Building packages at trivago 2018-02-03 2 pot:

  1. pot: FreeBSD containers on FreeBSD Luca Pizzamiglio pizzamig@FreeBSD.org FOSDEM 2018

  2. whoami(1) ● Luca Pizzamiglio aka pizzamig@ ● FreeBSD enthusiast ● Port committer since August 2017 ● Building packages at trivago 2018-02-03 2 pot: FreeBSD containers for FreeBSD

  3. Motivations 1/2 I needed a tool to easily create/run FreeBSD “instances” to ● build/develop/test ports ● develop/test Saltstack tests ● run web services Several really good solutions already available, even if not perfect for my use cases: ● ezjail, iocage, … 2018-02-03 3 pot: FreeBSD containers for FreeBSD

  4. Motivations 2/2 It should run on a laptop ● limited hardware resources ● fmexible network confjguration (DHCP) I wanted to ● imitate docker, FreeBSD containers for FreeBSD ● force automation → user oriented CLI ● experiment difgerent solutions/layouts/concepts ● use and learn more about FreeBSD features 2018-02-03 4 pot: FreeBSD containers for FreeBSD

  5. So, what is pot? pot is a tool to automate the management of those container Currently, pot is a bunch of shell scripts Basic features are covered by standard tools Advanced features will be implemented with a proper programming language Why ‘pot’? 2018-02-03 5 pot: FreeBSD containers for FreeBSD

  6. Pasta analogy [1/2] 2018-02-03 6 pot: FreeBSD containers for FreeBSD

  7. File system components Split the fjle system in several logic components: ● FreeBSD base ● It determines the FreeBSD version ● Packages ● Installed packages ● Customization ● Confjguration fjles, home directories, /var 2018-02-03 7 pot: FreeBSD containers for FreeBSD

  8. Pot: level 1 pot 11.1 pot A pot B Base 11.1 Base 11.1 Base 11.1 Package 11.1 Package A Package B Custom 11.1 Custom A Custom B Level 0 Level 1 Level 1 2018-02-03 8 pot: FreeBSD containers for FreeBSD

  9. CL workfmow Download of FreeBSD 11.1 # pot init Create base 11.1 datasets # pot create-base -r 11.1 Create pot base-11_1 # pot create -p A -b 11.1 # pot create -p B -b 11.1 # pot start A Mounts ZFS datasets via nullfs(5) Starts the jail # pot stop A Stop the jail Unmounts ZFS datasets 2018-02-03 9 pot: FreeBSD containers for FreeBSD

  10. File system components File system components as building blocks ● Mandatory ● Base ● Package ● Customization ● Whatever you need ● Code repository ● Databases ● Caches ● ... 2018-02-03 10 pot: FreeBSD containers for FreeBSD

  11. Example: saltmaster pot saltmaster pot 11.1 Base 11.1 Base 11.1 Package 11.1 Package salt Custom 11.1 Custom salt Repository 2018-02-03 11 pot: FreeBSD containers for FreeBSD

  12. CL workfmow # pot init # pot create-base -r 11.1 # pot create-fscomp -f repository # pot create -p saltmaster -b 11.1 # pot add-fscomp -p saltmaster \ -f repository \ -m /mnt 2018-02-03 12 pot: FreeBSD containers for FreeBSD

  13. Pasta analogy [2/2] 2018-02-03 13 pot: FreeBSD containers for FreeBSD

  14. pot: level 2 pot salt-work pot salt-home pot 11.1 pot salt-base Base 11.1 Base 11.1 Base 11.1 Base 11.1 Package 11.1 Package s-base Package s-base Package s-base Custom 11.1 Custom s-base Custom s-work Custom s-home Repo s-work Repo s-home 2018-02-03 14 pot: FreeBSD containers for FreeBSD

  15. CL workfmow # pot init # pot create-base -r 11.1 # pot create-fscomp -f repo-work # pot create-fscomp -f repo-home # pot create -p salt-base -b 11.1 # pot create -p salt-work -P salt-base -l 2 # pot create -p salt-home -P salt-base -l 2 # pot add-fscomp -p salt-work -f repo-work -m /mnt # pot add-fscomp -p salt-home -f repo-home -m /mnt 2018-02-03 15 pot: FreeBSD containers for FreeBSD

  16. Network Two network confjgurations available: ● Inherit ● Inherit the network stack of the host ● static IP in the internal virtual network ● Exploits VNET(9) (kernel manually rebuilt) ● NAT supported by pf(4) ● the physical network interface as default gateway ● all network interfaces are on the same bridge 2018-02-03 16 pot: FreeBSD containers for FreeBSD

  17. Internal virtual network Network: 10.192.0.0/10 Host epair0a epair0b 10.192.0.2 epair1a epair1b 10.192.0.3 bridge0 epair2a epair2b 10.192.10.1 pf lagg0 NAT epair3a epair3b 10.192.10.2 epair4a epair4b 10.192.100.2 10.192.0.1 2018-02-03 17 pot: FreeBSD containers for FreeBSD

  18. Network: missing features ● Add support to static IP without NAT ● As currently provided by jails ● SHCP: Static DHCP ● Currently, IP addresses have to be manually specifjed ● SHCP would be a tool to provide valid static IP addresses ● Expose network services ● A special dns pot running dnsmasq and consul ● Network services registration to consul ● haproxy running in the host can redirect request to the right pot using the information provided by the dns pot 2018-02-03 18 pot: FreeBSD containers for FreeBSD

  19. pot is ZFS! A pot is a bunch of ZFS datasets! ● zfs snapshot => pot snapshot ● zfs rollback => pot rollback ● zfs clone => pot clone ● zfs rename => pot rename Work in progress ● zfs promote => pot promote 2018-02-03 19 pot: FreeBSD containers for FreeBSD

  20. Pot fmavor Two kinds of fmavors ● A typical shell script, executed inside the container ● Ideal for provisioning ● A default fmavor is also available ● A set of pot commands, to enrich the pot confjguration ● Ideal to attach fjle system components ● Possibility to enforce priority between pots 2018-02-03 20 pot: FreeBSD containers for FreeBSD

  21. Pot fmavor Imitating poudriere(8) # pot create -p builder -b 11.1 -f buildport ## buildport add-fscomp -f svnport -m /usr/ports add-fscomp -f distfiles -m /usr/ports/distfiles add-fscomp -f ccache -m /mnt ## buildport.sh #!/bin/sh pkg install -y ccache pkg clean -ayq echo "setenv CCACHE_DIR /mnt" >> /root/.cshrc 2018-02-03 21 pot: FreeBSD containers for FreeBSD

  22. pot add-dep : Runtime dependency Add dynamic dependencies between container Example: salt-test needs saltmaster ● salt-test is the client ● saltmaster is the server ● pot add-dep -p salt-test -P saltmaster ● pot start salt-test ● saltmaster will start automatically ● saltmaster will start fjrst ● Then, salt-test will start 2018-02-03 22 pot: FreeBSD containers for FreeBSD

  23. Resource limitation: cpuset(1) Limiting CPU usage ● Statically assign a pot to one or more CPUs # pot set-rss -p pot -C 0,2 Implemented via cpuset(1) ● Applied immediately after the start of the jail Possible improvement ● Set the number of CPUs wanted ● During the start, a static allocation is performed that balance the load between CPUs 2018-02-03 23 pot: FreeBSD containers for FreeBSD

  24. Resource limitation: rctl(8) ● rctl(8) is a relatively new resource limitation framework implemented in FreeBSD 9, but not enabled by default ● To be enabled at boot time via kern.racct.enable=1 in /boot/loader.conf ● Used to show used resources and set specifjc limits 2018-02-03 24 pot: FreeBSD containers for FreeBSD

  25. Resource limitation: rctl(8) memoryuse To limit the physical memory used by a pot ● How much? ● If the limit is reached, what happen? ● Out of memory? ● Soft limit? Example: pot saltmaster ● Physical memory used: 430MB ● pot show is the command showing the resource used by a pot 2018-02-03 25 pot: FreeBSD containers for FreeBSD

  26. Resource limitation: rctl(8) memoryuse Physical memory used: 430MB ● Limit 400MB → still working, memory 400MB ● Limit 200MB → still working, memory ~200MB, sometimes above ● Limit 50MB → still working, memory ~52MB, often above ● Limit 10MB → still working, memory ~11MB, often a lot above the limit The memory limit reduce the RSS of a process to fjt the constraint The processes “working set” are drastically reduced Possible big performance penalty 2018-02-03 26 pot: FreeBSD containers for FreeBSD

  27. Resource limitation: rctl(8) pcpu To limit the cpu percentage used by a pot ● I wasn’t able to fjnd a proper setup ● pcpu counter in kernel space has an odd behavior ● 20k % of CPU usage? ● To enforce the CPU% limits, the processes are simply blocked ● Delay of seconds observed, causing timeouts to expire Not adopted in pot and probably it won’t in the future 2018-02-03 27 pot: FreeBSD containers for FreeBSD

  28. Moonshot : the big picture 2018-02-03 28 pot: FreeBSD containers for FreeBSD

  29. pot migration : a look to the future pot base-11_1 pot salt-base pot php-base Base 11.1 Base 11.1 Base 11.1 Package 11.1 Package s-base Package php Custom 11.1 Custom s-base Custom php pot salt-work pot salt-home pot web1 pot web2 pot web3 Base 11.1 Base 11.1 Base 11.1 Base 11.1 Base 11.1 Package s-base Package s-base Package php Package php Package php Custom s-work Custom s-home Custom web1 Custom web2 Custom web3 Repo s-work Repo s-home Repo web1 Repo web2 Repo web3 2018-02-03 29 pot: FreeBSD containers for FreeBSD

Recommend

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD complete operating system documentation over 30 000 packages a community history history patches to v6 Unix ex/vi, pascal Berkely Software

715 views • 28 slides
Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project

Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project

Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project BSDCan 2009 Ottawa, Canada 8 May 2009 Background and Context FreeBSD Development Model Product Life Cycle Tracking Options SVK Hints

801 views • 45 slides
FreeBSD Around the World! Deb Goodkin Executive Director The FreeBSD Foundation @dgoodkin

FreeBSD Around the World! Deb Goodkin Executive Director The FreeBSD Foundation @dgoodkin

FreeBSD Around the World! Deb Goodkin Executive Director The FreeBSD Foundation @dgoodkin Goals - Share FreeBSDs long history - What is FreeBSD and Why People Use It - Why you should use and/or contribute to FreeBSD - FreeBSD Foundation

1.1k views • 34 slides
UCL for FreeBSD A universal config language for (almost) everything in FreeBSD Allan Jude --

UCL for FreeBSD A universal config language for (almost) everything in FreeBSD Allan Jude --

UCL for FreeBSD A universal config language for (almost) everything in FreeBSD Allan Jude -- ScaleEngine Inc. allanjude@freebsd.org twitter: @allanjude Introduction Allan Jude 13 Years as FreeBSD Server Admin FreeBSD docs committer

863 views • 31 slides
How to Bootstrap a BSD Conference Li-Wen Hsu <lwhsu@FreeBSD.org> Something about Me Li-Wen

How to Bootstrap a BSD Conference Li-Wen Hsu <lwhsu@FreeBSD.org> Something about Me Li-Wen

How to Bootstrap a BSD Conference Li-Wen Hsu <lwhsu@FreeBSD.org> Something about Me Li-Wen Hsu ( ) tw.FreeBSD.org admin FreeBSD ports comitter since 2007 CI.FreeBSD.org maintainer twn.FreeBSD.org site admin

576 views • 43 slides
Crypto Acceleration on FreeBSD Philip Paeps philip@FreeBSD.org The FreeBSD Project meetBSD 2008

Crypto Acceleration on FreeBSD Philip Paeps philip@FreeBSD.org The FreeBSD Project meetBSD 2008

Crypto Acceleration on FreeBSD Philip Paeps philip@FreeBSD.org The FreeBSD Project meetBSD 2008 Mountain View, CA, USA 16 November 2008 Cryptography in FreeBSD The opencrypto Framework Performance Measurements Future Directions

228 views • 20 slides
FreeBSD in the cloud FreeBSD & ZFS VPS from a users perspective Saturday, May 14, 2011

FreeBSD in the cloud FreeBSD & ZFS VPS from a users perspective Saturday, May 14, 2011

FreeBSD in the cloud FreeBSD & ZFS VPS from a users perspective Saturday, May 14, 2011 Whos talking? Unix admin since 1987 FreeBSD user since 1.1.5.1 Committer, 1999-2003 KFU.COM - ISP 1993-2001 (or so), now personal domain.

593 views • 30 slides
The Future of OpenZFS and FreeBSD EuroBSDCon 2019, Lillehammer, Norway allanjude@freebsd.org

The Future of OpenZFS and FreeBSD EuroBSDCon 2019, Lillehammer, Norway allanjude@freebsd.org

The Future of OpenZFS and FreeBSD EuroBSDCon 2019, Lillehammer, Norway allanjude@freebsd.org Summary & Introductions Allan Jude Klara Inc. FreeBSD Core Team FreeBSD Professional OpenZFS Developer Services and Support Covered in this

864 views • 29 slides
Improving the FreeBSD Translation Tools Warren Block wblock@FreeBSD.org The Importance of

Improving the FreeBSD Translation Tools Warren Block wblock@FreeBSD.org The Importance of

Improving the FreeBSD Translation Tools Warren Block wblock@FreeBSD.org The Importance of Translation bring FreeBSD to non-English speakers translators are ambassadors enlarge the community: Metcalfe's Law The FreeBSD Documentation books

477 views • 21 slides
Introduction to Multithreading and Multiprocessing in the FreeBSD SMPng Network Stack EuroBSDCon

Introduction to Multithreading and Multiprocessing in the FreeBSD SMPng Network Stack EuroBSDCon

Introduction to Multithreading and Multiprocessing in the FreeBSD SMPng Network Stack EuroBSDCon 2005 26 November 2005 Robert Watson Ed Maste FreeBSD Core Team FreeBSD Developer rwatson@FreeBSD.org emaste@FreeBSD.org Computer Laboratory

459 views • 43 slides
Protecting your Privacy with FreeBSD and Tor Christian Brffer brueffer@FreeBSD.org MeetBSD

Protecting your Privacy with FreeBSD and Tor Christian Brffer brueffer@FreeBSD.org MeetBSD

Protecting your Privacy with FreeBSD and Tor Christian Brffer brueffer@FreeBSD.org MeetBSD Warsaw, Poland November 18, 2007 Overview Who needs anonymity anyway? Anonymization concepts T or FreeBSD What else to take

465 views • 34 slides
Improving the FreeBSD TCP Implementation An update on all things TCP in FreeBSD and how they

Improving the FreeBSD TCP Implementation An update on all things TCP in FreeBSD and how they

Improving the FreeBSD TCP Implementation An update on all things TCP in FreeBSD and how they affect you Lawrence Stewart lastewart@swin.edu.au Centre for Advanced Internet Architectures (CAIA) Swinburne University of Technology Outline Who

500 views • 38 slides
Walking Through Walls PostgreSQL FreeBSD tmunro@freebsd.org tmunro@postgresql.org

Walking Through Walls PostgreSQL FreeBSD tmunro@freebsd.org tmunro@postgresql.org

Walking Through Walls PostgreSQL FreeBSD tmunro@freebsd.org tmunro@postgresql.org thomas.munro@enterprisedb.com About me New to FreeBSD hacking Mentors: mjg, allanjude ~20 years work on proprietary C, C++,

532 views • 38 slides
ZFS on FreeBSD: A Quick Tutorial Tai-hwa Liang <avatar@FreeBSD.org> History/Availability

ZFS on FreeBSD: A Quick Tutorial Tai-hwa Liang <avatar@FreeBSD.org> History/Availability

ZFS on FreeBSD: A Quick Tutorial Tai-hwa Liang <avatar@FreeBSD.org> History/Availability Designed by Sun Microsystems (Sep-14-2004). First OpenSolaris inclusion: Nov-16-2005. Solaris 10 inclusion: Jun-2006. Became part of FreeBSD on

340 views • 9 slides
Subclassing NEWBUS Unlocking NEWBUS potential Warner Losh imp@FreeBSD.org The FreeBSD

Subclassing NEWBUS Unlocking NEWBUS potential Warner Losh imp@FreeBSD.org The FreeBSD

Subclassing NEWBUS Unlocking NEWBUS potential Warner Losh imp@FreeBSD.org The FreeBSD Project BSDCan 2013 Ottawa, Canada 18 May 2013 http://people.freebsd.org/~imp/bsdcan2013-slides.pdf How I Learned to Stop Worrying and Love NEWBUS

646 views • 47 slides
How the FreeBSD Project Works 10 March 2007 Robert Watson FreeBSD Project Computer Laboratory

How the FreeBSD Project Works 10 March 2007 Robert Watson FreeBSD Project Computer Laboratory

How the FreeBSD Project Works 10 March 2007 Robert Watson FreeBSD Project Computer Laboratory University of Cambridge Introduction What is FreeBSD? What is the FreeBSD Project? How does the FreeBSD Project work? And does it all

804 views • 42 slides
pkgbase: Are we there yet ? Emmanuel Vadot manu@FreeBSD.org EuroBSDCon Lillehammer, Norway

pkgbase: Are we there yet ? Emmanuel Vadot manu@FreeBSD.org EuroBSDCon Lillehammer, Norway

pkgbase: Are we there yet ? Emmanuel Vadot manu@FreeBSD.org EuroBSDCon Lillehammer, Norway September 19 22, 2019 Who am I Emmanuel Vadot (manu@FreeBSD.Org) FreeBSD user since 2004 FreeBSD src commiter since 2016 FreeBSD

999 views • 78 slides
Flattened Device Trees for embedded FreeBSD Rafa Jaworowski raj@semihalf.com, raj@FreeBSD.org

Flattened Device Trees for embedded FreeBSD Rafa Jaworowski raj@semihalf.com, raj@FreeBSD.org

Flattened Device Trees for embedded FreeBSD Rafa Jaworowski raj@semihalf.com, raj@FreeBSD.org BSDCan 2010, Ottawa Flattened Device Trees for embedded FreeBSD Presentation outline Introduction Integration of FDT with FreeBSD

372 views • 33 slides
ZFS: Advanced Integration Allan Jude -- allanjude@freebsd.org @allanjude Introduction: Allan

ZFS: Advanced Integration Allan Jude -- allanjude@freebsd.org @allanjude Introduction: Allan

ZFS: Advanced Integration Allan Jude -- allanjude@freebsd.org @allanjude Introduction: Allan Jude 16 Years as FreeBSD Server Admin FreeBSD src/doc committer (ZFS, installer, boot loader, GELI, bhyve, libucl, libxo) FreeBSD Core

840 views • 24 slides
Status of the Graphics Stack on FreeBSD Jean-Sbastien Pdron The FreeBSD Project The X.Org

Status of the Graphics Stack on FreeBSD Jean-Sbastien Pdron The FreeBSD Project The X.Org

In the kernel In the Ports tree With the community Future challenges Summary Status of the Graphics Stack on FreeBSD Jean-Sbastien Pdron The FreeBSD Project The X.Org Developers Conference, 2014 J.S. Pdron FreeBSD Graphics Stack

678 views • 45 slides
Introducing FreeBSD 7.0 Kris Kennaway The FreeBSD Project kris@FreeBSD.org October 20, 2007

Introducing FreeBSD 7.0 Kris Kennaway The FreeBSD Project kris@FreeBSD.org October 20, 2007

Introducing FreeBSD 7.0 Kris Kennaway The FreeBSD Project kris@FreeBSD.org October 20, 2007 Kris Kennaway The FreeBSD Project kris@FreeBSD.org Introducing FreeBSD 7.0 Introducing FreeBSD 7.0 FreeBSD 7.0 will be the next release of FreeBSD,

699 views • 37 slides
GELI Boot Booting from Encrypted Disks on FreeBSD Allan Jude -- ScaleEngine Inc.

GELI Boot Booting from Encrypted Disks on FreeBSD Allan Jude -- ScaleEngine Inc.

GELI Boot Booting from Encrypted Disks on FreeBSD Allan Jude -- ScaleEngine Inc. allanjude@freebsd.org twitter: @allanjude Introduction Allan Jude 13 Years as FreeBSD Server Admin FreeBSD src/doc committer (focus: ZFS, bhyve, ucl,

494 views • 34 slides
A Scalable Concurrent malloc(3) Implementation for FreeBSD Jason Evans <jasone@FreeBSD.org>

A Scalable Concurrent malloc(3) Implementation for FreeBSD Jason Evans <jasone@FreeBSD.org>

A Scalable Concurrent malloc(3) Implementation for FreeBSD Jason Evans <jasone@FreeBSD.org> Overview What is malloc(3) ? Previous allocators jemalloc algorithms and data structures Benchmarks Fragmentation

873 views • 52 slides
GEOM Disk handling in FreeBSD 5.x Poul-Henning Kamp <phk@FreeBSD.org> What is a

GEOM Disk handling in FreeBSD 5.x Poul-Henning Kamp <phk@FreeBSD.org> What is a

GEOM Disk handling in FreeBSD 5.x Poul-Henning Kamp <phk@FreeBSD.org> What is a disk ? In UNIX a disk is an array of fixed size sectors. Sector size is typically 512 bytes. Device driver implements two simple

520 views • 28 slides

More recommend