![Page 1: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/1.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Containers for Grownups: Migrating Traditional & Existing Applications
Almost all software was designed before containers
Scott McCarty
Container Strategist
![Page 2: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/2.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Why Migrate
![Page 3: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/3.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Container Journey
![Page 4: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/4.jpg)
Scott McCarty Twitter: @fatherlinux4
FIND
Single Node
RUN BUILD
Traditional Development
The Journey
![Page 5: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/5.jpg)
Scott McCarty Twitter: @fatherlinux5
FIND
Single Node+
RUN BUILD SHARE
Traditional Development
The Journey
![Page 6: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/6.jpg)
Scott McCarty Twitter: @fatherlinux6
FIND
Multi Node
RUN BUILD SHARE INTEGRATE DEPLOY
Traditional Development Cloud Native
The Journey
![Page 7: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/7.jpg)
Scott McCarty Twitter: @fatherlinux7
FIND
Can start anywhere
RUN BUILD SHARE INTEGRATE DEPLOY
Traditional Development Cloud Native
RHEL (Podman/Buildah/Skopeo) OpenShift (Kubernetes)
The Journey
Quay
![Page 8: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/8.jpg)
Scott McCarty Twitter: @fatherlinux8
Customer NeedsMapping customer needs to solutions
Single Node
Multi Node
Capability
Red Hat Enterprise Linux
OpenShift
Product
Linux &Container Tools
Linux &Kubernetes
Technology
![Page 9: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/9.jpg)
INSERT DESIGNATOR, IF NEEDED9
LIFT & SHIFT
Move the application as-is. Do the minimal amount necessary to
containerize
REFACTOR
Leave much of the application as-is. Build new strategic
portions.
REWRITE
Start from scratch - adopt the latest software development patterns (microservices, etc)
There are Different OptionsEach has a different level of effort
![Page 10: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/10.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
The Problem
Almost all applications, even new ones, are built on technologies that were designed and developed before Linux Containers.
Image: Cargo Designed for a Ship from 1921
![Page 11: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/11.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
The solutionLearn to Migrate
Gaining migration skills will help your team make good strategic decisions about what should and should not be containerized.
![Page 12: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/12.jpg)
INSERT DESIGNATOR, IF NEEDED12
UNIX TO LINUX
Will my app run? Will my app run?
PHYSICAL TO VIRTUAL
Will my app run?
APPS TOCONTAINERIZED APPS
LISTEN TO YOUR APPLICATIONWe have seen this before...
![Page 13: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/13.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Guidance & Case Studies
![Page 14: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/14.jpg)
INSERT DESIGNATOR, IF NEEDED14
Migration from process isolation to containers
APPLICATION CHARACTERISTICSThese are the things you need to think about..
Architectural Security Performance
![Page 15: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/15.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Architecture
1. Code: mysqld
2. Configuration: /etc/my.cnf
3. Data: /var/lib/mysql
4. Other stuff :-)
![Page 16: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/16.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Level of EffortEASY MODERATE DIFFICULT
Code Completely Isolated (single process) Somewhat Isolated (multiple processes) Self Modifying (e.g. Actor Model)
Configuration One File Several Files Anywhere in Filesystem
Data Saved in Single Place Saved in Several Places Anywhere in Filesystem
Secrets Static Files Network Dynamic Generation of Certificates
Network HTTP, HTTPS TCP, UDP IPSEC, Highly Isolated
Installation Packages, Source Installer and Understood Configuration Installers (install.sh)
Licensing Open Source Proprietary Restrictive & Proprietary
Recoverability Easy to Restart Fails Sometimes Fails Often
![Page 17: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/17.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
The Tenancy Scale
![Page 18: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/18.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Performance CharacteristicsBare Metal +Containers +Virtualization
CPU Intensive Fast Fast Fast
Memory Intensive Fast Fast Fast
Disk I/O Latency Fast Fast Medium
Disk I/O Throughput Fast Fast Fast
Network Latency Fast Fast Medium
Network Throughput Fast Fast Fast
Deployment Speed Slow Fast Medium
Uptime (Live Migration) No No Yes
Alternative OS Yes Some Yes
![Page 19: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/19.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Use Cases & Demos
![Page 20: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/20.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
PROBLEM● WordPress websites needed at large scale● Individual server doesn’t scale with load● Multi-server states hard to synchronize● Development environment difficult to
replicate
Inventory: Large Scale Web Applications
SOLUTION● Containerized service● Site code distributed in images● Single-service containers are easy to swap● Development & production built from
images
THE RESULT
● Enterprise-level - ~8,800 sites and ~29,000 users● Quickly scalable, cloudburst-able● Interchangeable front-end containers = automated sites with custom DNS and HTTPS ● Developers have taken ownership of deployment, can update, roll-back, clone w/o
sysadmins
![Page 21: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/21.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
PROBLEM● Dozens of daemons, their own data volumes● Libraries share config files● Installer logic expects single machine● Knowledge embedded in init/systemd● Extensive initial setup needed
Inventory: Red Hat IDM in a Container
SOLUTION● Build IDM (aka FreeIPA) in single container● Simplified install, upgrade, rollback● Minimize data volumes● Template based data volume population
THE RESULT
● Better software delivery● Better technical demarcation between vendor and customer● Extremely portable● Environments can be setup, tested, torn down in minutes● Same pattern for other products and services: OpenShift, OpenStack (yes, OSP), sssd, etc.
![Page 22: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/22.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
PROBLEM● Can’t install software on prod servers● Can’t introduce risk on prod servers● Can’t access tools quickly
Inventory: Tools
SOLUTION● Build tools containers● Stage tools containers in registry server● Completely self contained
THE RESULT
● Use tools and delete them easily (rhel-tools)● Scan network● Instrument kernel● Use any tool you like
![Page 23: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/23.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Remember, Containers Are Just Child Processes
![Page 24: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/24.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Questions?
![Page 25: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/25.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
Further Reading & Citations
● Do Linux distributions still matter with containers? https://goo.gl/t4LLWw
● A Practical Introduction to Docker Terminology: http://red.ht/2beXHDD
● Container Tidbits: When Should I Break My Application into Multiple Containers? http://red.ht/22xKw9i
● Architecting Containers Part 4: Workload Characteristics and Candidates for Containerization: http://red.ht/1SBw9ql
● Supply Chain Demo on GitHub: http://bit.ly/2aY1WEO
● The New Stack: Container Defense in Depth: http://bit.ly/2buXflB
● Architecting Containers Series: http://red.ht/2aXjVJF
● Red Hat Connect for Technology Partners: https://connect.redhat.com/
![Page 26: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/26.jpg)
Scott McCarty Twitter: @fatherlinux Blog: bitly/fatherlinux
THANK YOUplus.google.com/+RedHat
linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHatNews
![Page 27: Traditional & Existing Applications Containers for](https://reader034.vdocument.in/reader034/viewer/2022051306/6279c52d4ad72c037f67c845/html5/thumbnails/27.jpg)
FUTURE OPPORTUNITIES
● Do Linux distributions still matter with containers? https://goo.gl/t4LLWw● Let Red Hat help you analyze your application portfolio http://red.ht/2ic4TX3● Check out Architecting Containers Series http://red.ht/1SBw9ql● Learn more about Red Hat Summit at http://redhat.com/summit
27