Rahti container cloud service Aim of this aernoon: $ aragorn - PowerPoint PPT Presentation

Rahti container cloud service

Aim of this a�ernoon: $ aragorn GCF_000002945.1_ASM294v2_genomic.fna ­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­ ARAGORN v1.2.38 Dean Laslett ­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­ Please reference the following paper if you use this program as part of any published research. Laslett, D. and Canback, B. (2004) ARAGORN, a program for the detection of transfer RNA and transfer­messenger RNA genes in nucleotide sequences. Nucleic Acids Research, 32;11­16. Searching for tRNA genes with no introns Searching for tmRNA genes Assuming circular topology, search wraps around ends Searching both strands Using standard genetic code NC_003424.3 Schizosaccharomyces pombe chromosome I, complete sequence 5579133 nucleotides in sequence Mean G+C content = 36.1% 1.

Part 1: Background

Rahti is a container cloud Platform as a Service (PaaS) based on OpenShi� - Red Hat's distribution of Kubernetes Allows Provisioning servers based on container technology with JSON API or web console.

Containers Container is a mechanism which encapsulates a vanilla collection of Linux resources for an application to use:

Containers Own network , filesystem, process ids, user ids / $ ifconfig eth0 Link encap:Ethernet HWaddr 0A:58:0A:80:06:72 inet addr:10.128.6.114 Bcast:10.128.7.255 Mask:255.255.254.0 inet6 addr: fe80::d4d4:38ff:fe5e:6e2b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:656 (656.0 B) TX bytes:656 (656.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

Containers Own network, filesystem , process ids, user ids sh­4.2$ ls anaconda­post.log bin data dev etc home lib lib64 media mnt opt proc root run s

Containers Own network, filesystem, process ids and user ids , ... sh­4.2$ ps axu USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND 1016530+ 1 1.2 0.0 11680 1168 ? Ss 10:49 0:00 sh ­c (tail ­f /dev/null) 1016530+ 7 0.0 0.0 4396 356 ? S 10:49 0:00 tail ­f /dev/null 1016530+ 8 0.3 0.0 11816 1700 ? Ss 10:49 0:00 /bin/sh 1016530+ 15 0.0 0.0 51740 1732 ? R+ 10:49 0:00 ps axu Rahti does not allow running containers as root. It always assigns varying user id. This is to prevent security issues.

Containers They have a look and feel of a light weight virtual machine, but they are not virtual machines Rely on Linux kernel features Standardized container images Build once run everywhere Only Linux based images Standards: Docker, rkt, LXC, Singularity, katacontainers, Intel clear containers Rahti supports Docker images

Containers enable Running so�ware with conflicting requirements on same server Run "Ubuntu" so�ware stack on CentOS host Security hardening Expose minimal amount of data to container Smaller container image smaller attack surface easier to maintain → → Demo: Docker CLI shell

Rahti Is a container orchestration platform that allows running Docker container images. OpenShi� "community edition": OKD - The Origin Community Distribution of Kubernetes that powers Red Hat OpenShi�. A Kubernetes implementation Kubernetes originally developed at Google Now maintained by Cloud Native Computing Foundation OpenShi� skills translate to Kubernetes skills and vice versa Terms OpenShi� and Kubernetes can be used interchangeably, but OpenShi� has some additional features that Kubernetes hasn't

Rahti use cases Databases Web services Computation Weird so�ware stacks High Availability services Anything that runs as a container One shot runs ( today's usecase) ← Anything that runs in a container and requires modest amount cpu/ram/disk #(cpu) ⪅ 2 RAM GB ⪅ 8 Disk GB ⪅ 100 … 1000

Part 2: Running workloads in Rahti

Running containers in Kubernetes: Pods Pod manages multiple containers Announces mountable volumes from persistent storage claims They all run physically near each Pod other Container­a Container­b Containers in a pod share IP and ­ Root volume /input /interm memory ­ Application binary Data in containers is ephemeral, pvc­a ­ Dependencies volume­a container is reset when it is killed and /tmp restarted volume­b /outputdata/ Root volume is locate at the compute Volumes node: SSD disk, no redundancy IP: 10.0.0.1 Persistent disk using volume mounts

Running containers in Kubernetes: Pods Pod manages multiple containers Physical compute node Storage Announces mountable volumes from cluster persistent storage claims They all run physically near each Pod other Container­a Container­b Containers in a pod share IP and ­ Root volume /input /interm memory ­ Application binary Data in containers is ephemeral, pvc­a ­ Dependencies volume­a container is reset when it is killed and /tmp restarted volume­b /outputdata/ Root volume is locate at the compute Volumes node: SSD disk, no redundancy IP: 10.0.0.1 Persistent disk using volume mounts

Object definitions in Kubernetes Objects are defined as key-value maps Representation in YAML language Indentation matters, no tabs, suggestion is 2 spaces apiVersion: v1 Pod kind: Pod metadata: name: simple Container­a labels: ­ Root volume job: analyze spec: ­ Application volumes: binary ­ name: volume­a pvc­a ­ Dependencies persistentVolumeClaim: volume­a claimName: pvc­a /data containers: ­ name: container­a image: centos:7 Volumes volumeMounts: ­ mountPath: /data IP: 10.0.0.1 name: volume­a

Brief intro to YAML files YAML is a intermediate data language based on key-value pairs and lists: Just a value is a YAML file "this is a valid yaml file" Key and value is signified with colon ":" (Value must be indented!) key: key: value ⇔ value Lists are written with "[" and "]" or with "-" symbols: list: list: list: [value 1, value 2] ⇔ ⇔ ­ value 1 ­ value 1 ­ value 2 ­ value 2 ↓

Brief intro to YAML files Combining these we get hierarchical structures: key: subkey: value of subkey subkey­2: value of subkey­2 subkey­3: ­ this ­ is ­ a ­ list key­2: value for key­2

Object definitions in Kubernetes: Pods Header: apiVersion: v1 kind: Pod Which version of API? metadata: name: simple Kind of the object labels: Assign it a name and some labels job: analyze Specification of the Pod spec: Define volumes to be brought to the volumes: Pod ­ name: volume­a persistentVolumeClaim: Define containers in the pod claimName: pvc­a There can be multiple, this is a list! containers: ­ name: container­a Define where the volume is image: centos:7 mounted in the container volumeMounts: ­ mountPath: /data name: volume­a

How to submit a pod to rahti? Use the oc command line tool Write the yaml-file Submit by oc create ­f pod.yaml Demo: Submitting Pod to Rahti

Did it work? Web console oc describe pod simple

Persistent volume claims - How to claim storage from the storage cluster?

Web console

Web console

Using YAML specification file apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc­a spec: accessModes: ­ ReadWriteOnce resources: requests: storage: 1Gi

Back to the Pod demo Does it work now? $ oc describe pod simple ... Events: Type Reason Age From Message ­­­­ ­­­­­­ ­­­­ ­­­­ ­­­­­­­ Warning FailedScheduling 1m (x15 over 4m) default­scheduler persistentvolumeclaim Normal Scheduled 27s default­scheduler Successfully assigned Normal Pulling 4s (x3 over 24s) kubelet, rahti­comp­io­s5­5 pulling image "centos Normal Pulled 2s (x3 over 21s) kubelet, rahti­comp­io­s5­5 Successfully pulled i Normal Created 2s (x3 over 21s) kubelet, rahti­comp­io­s5­5 Created container Normal Started 1s (x3 over 21s) kubelet, rahti­comp­io­s5­5 Started container Warning BackOff 1s (x3 over 17s) kubelet, rahti­comp­io­s5­5 Back­off restarting f OpenShi� will run the container over and over again. But there's nothing to execute. We can specify command to run in the container.