low fat virtualization for embedded systems
TRANSCRIPT
![Page 1: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/1.jpg)
“Low Fat”Virtualization
6e Séminaire fribourgeoisLinux embarqué
Dr Jacques SupcikEcole d’ingénieurs et d’architectes de Fribourg
8 mai 2014
![Page 2: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/2.jpg)
“Classical”Virtualization…
![Page 3: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/3.jpg)
Effective…but not light
![Page 4: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/4.jpg)
Virtualization needs a lotof resources
![Page 5: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/5.jpg)
Virtualization works bestwith special hardware
![Page 6: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/6.jpg)
So what about a more“skinny” virtualization
![Page 7: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/7.jpg)
Types of Virtualization
![Page 8: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/8.jpg)
chrootThe chroot system call was introduced during development ofVersion 7 Unix in 1979 is was available since 1982(32 years old).Provides (partial) file system isolation only.“root” users can still escape chroot.requires some manual linking (or copying) of system files.
![Page 9: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/9.jpg)
BSD's “Jail”
![Page 10: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/10.jpg)
BSD's “Jail”Available since 1998 (16 years old).Provides disk and CPU quotas, memory limits, network androot privilege isolation.
![Page 11: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/11.jpg)
![Page 12: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/12.jpg)
OpenVZ
Available since 2005 (9 years old).
Requires a special kernel.
Adds I/O rate limiting, partition checkpointing and live
migration.
Still used by hosting companies to provide virtual private
servers.
![Page 13: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/13.jpg)
OpenVZ
Source: OpenVZ Web site
Container looks like a normal Linux system. It has standard
startup scripts, software from vendors can run inside
Container without OpenVZ-specific modifications or
adjustment.
A user can change any configuration file and install additional
software.
Containers are fully isolated from each other (file system,
processes, Inter Process Communication (IPC), sysctl
variables).
![Page 14: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/14.jpg)
OpenVZ
Source: OpenVZ Web site
Containers share dynamic libraries, which greatly savesmemory.Processes belonging to a Container are scheduled forexecution on all available CPUs. Consequently, Containers arenot bound to only one CPU and can use all available CPUpower.
![Page 15: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/15.jpg)
LXC Linux Container
![Page 16: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/16.jpg)
LXC Linux ContainerAvailable since 2008 (6 years old).Relies on the Linux kernel “cgroups” functionality that wasreleased in version 2.6.24.Full file system isolation and root privilege isolation sinceversion 1.0 (February 2014 / Linux kernel 3.8)No partition checkpointing and no live migration!“chroot on steroids”.
![Page 17: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/17.jpg)
Cgroups (control groups)Name space Isolation
PID namespace : Isolation for the allocation of processidentifiers.Network namespace : Isolates the NIC, iptables rules, routing,etc.“UTS” namespace : Allows changing the hostname.Mount namespace : Allows creating a different file systemlayout.IPC namespace : Isolates the System V IPC.
![Page 18: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/18.jpg)
![Page 19: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/19.jpg)
DockerAvailable since 2013 (1 year old young).Based on LXC.Is currently under heavy development. Docker should not beused in production (yet).“Docker is an open-source engine that automates thedeployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere.”
![Page 20: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/20.jpg)
Docker
If you want to try “Docker” you can easilly do it on a “Droplet” at
Digital Ocean. (5$ for 1 month)
![Page 21: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/21.jpg)
Thank You!
![Page 22: Low fat virtualization for embedded systems](https://reader036.vdocument.in/reader036/viewer/2022062405/554f66d9b4c905c8088b4e1f/html5/thumbnails/22.jpg)
Referenceshttp://japanese.lingualift.com/blog/what-sumo-eat-wrestlers-diet/http://community.futureshop.ca/t5/Tech-Blog/How-to-build-a-PC-How-to-upgrade-your-RAM/ba-p/426769https://en.wikipedia.org/wiki/Western_Digital_Raptorhttp://www.pcper.com/news/General-Tech/ARM-aims-make-TSMC-Fab-choice-their-customershttp://www.reflexandwellnessclinic.com/projects/services/https://en.wikipedia.org/wiki/Chroothttp://sysadvent.blogspot.ch/2010/12/day-14-freebsd-jails.htmlhttp://openvz.org/User_Guide/OpenVZ_Philosophyhttps://linuxcontainers.org/http://www.linuxadvocates.com/2013/04/linux-containers-and-why-they-matter.htmlhttps://www.docker.io/https://en.wikipedia.org/wiki/Operating_system-level_virtualizationhttps://en.wikipedia.org/wiki/LXC