Čo je nové v red hat enterprise linux a openshift 4 · nftables (replacing iptables) is a new...

31
Čo je nové v Red Hat Enterprise Linux a Openshift 4

Upload: others

Post on 24-Apr-2020

5 views

Category:

Documents


0 download

TRANSCRIPT

Čo je nové v Red Hat Enterprise Linux a

Openshift 4

Red Hat | General Use

A few words on the announcement

Easy adoption andupgrades

Modern development platform

Simple system management

A secureplatform

AGENDA

Red Hat | General Use

Enterprise OS on all footprints

Development Process (Fedora)

10-year lifecycle for most content

Offerings andAdd-Ons

Managed by Satellite

Predictable release cadence

More life cycleoptions

More frequent applicationupdates

What’s the same What’s different

Simpler delivery structure

A FAMILIAREXPERIENCE

Red Hat | General Use

Name Details

Kernel version 4.18x

System compiler gcc 8.2, llvm 6.0

Hardware architecture Intel/AMD 64-bit, IBM Power LE, IBM z Systems, ARM

64-bit

Default file system XFS

Package management Yum4

Init system systemd v239

QUICK FACTS

Red Hat | General Use

Range of improved performance with RHEL 8 (alpha) compared to RHEL7

10%✲

30%✲

45%✲

✲General guidance. Varies greatly with workload and system tuning.

PERFORMANCEIMPROVEMENTS

Red Hat | General Use

1. Provides the foundation

of our operatingsystem

2. Completely self

contained operating

system

3. Guaranteed 10 years of

enterprise support

1. Provides flexible lifecycle

options

2. Fully enterprise supported

3. Common Red Hat Enterprise

Linux languages supported

at launch

4. Defaults to 10 yearsof

enterprise support

BASE OS APPLICATION

STREAMS

=Note:RHEL subscriptions also provide access to additional content for

Developer use. More details available at the developer.redhat.com

Reducing complexity is a key benefit to using Red Hat Enterprise Linux 8 and that starts with being able

to consume it easily

SIMPLIFIED DELIVERY

Appstreams = modules + profiles

$ yum module listName Stream Profiles Summary(...)postgresql 10 [d] client, PostgreSQL server and client module

server [d]postgresql 9.6 client, PostgreSQL server and client module

server [d](...)

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

$ yum module info postgresql

Name : postgresqlStream : 10 [d][a]Version : 820190104140132Context : 9edba152Profiles : client, server [d]Default profiles : serverRepo : appstream-internal-nightlySummary : PostgreSQL server and client moduleDescription : (...)(...)

Name : postgresqlStream : 9.6Version : 820190104140337Context : 9edba152Profiles : client, server [d]Default profiles : serverRepo : appstream-internal-nightlySummary : PostgreSQL server and client moduleDescription : (...)(...)

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled, [a]ctive]

Because no stream is specified, all streams are used for the listing.

$ yum module info --profile postgresql(...)Name : postgresql:10:820190104140132:9edba152:x86_64client : postgresqlserver : postgresql-server

Name : postgresql:9.6:820190104140337:9edba152:x86_64client : postgresqlserver : postgresql-server

$ yum module install postgresql:9.6/server

Introducing NFTables

NFTables (replacing IPTables) is a new subsystem of the Linux kernel which provides filtering and classification ofnetwork packets, datagrams, or frames. This software provides a new in-kernel packet classification frameworkthat is based on a network-specific Virtual Machine (VM) and a new nft userspace command line tool.

iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPTnft add rule ip filter INPUT tcp dport 22 ct state new counter accept

ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPTnft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept

INFTables

Introducing eBPF - The Extended Berkeley Packet Filter

Technology Preview

Introducing Web Console

IWEB CONSOLE

Introducing Image Builder

IMAGEBUILDER

Red Hat | General Use

IMAGE BUILDER

Content out

DVD installers

Disk img

FileSystem img

Virtual img

Cloud img

Content in

Red Hat content

Custom

Third party

Third party

RESTAPI

Backend builders

GUI CLI

Tooling to enable automated creation of customized Red Hat® Enterprise Linux® OS images

SATELLITE

Bare metal Virtual

Private cloud Public cloud

IMAGEBUILDER

Red Hat | General Use

Red Hat Enterprise Linux 8 brings container modernization

skopeo

MODERN CONTAINER TOOLS

Red Hat | General Use

CONTAINER

APP

LANGUAGE RUNTIMES

RHEL BASE IMAGE

RED HATPLATFORM

CONTAINER

APP

LANGUAGE RUNTIMES

RHEL BASE IMAGE

ANY CONTAINERPLATFORM

CONTAINER

PARTNERCONNECT

CERTIFIEDAPP

LANGUAGE RUNTIMES

RHEL BASE IMAGE

RED HATPLATFORM

Not Supported Enterprise support when

run on Red Hat

platforms

Certification provides the

highest level ofsupport

Building on UBI is the first step

INTRODUCING: UNIVERSAL BASE IMAGE

Red Hat | General Use

Doing a risk assessment

before makingany changes is

critical tounderstanding what

is about to happen

PRE-UPGRADE

Fully plugable and fully

supported upgrade

framework makes moving to

new major releases ofRHEL

easy

UPGRADE

If anything goes wrong,

BOOM will let you rollback to

the previous snapshot - this is

not a downgrade but instead a

full byte-level rollback

ROLLBACK

Best practices and tooling greatly improved to cover additional use cases

MIGRATING TO RED HAT ENTERPRISE LINUX 8

Čo nového v ?

Adapting for the next wave of innovation in distributed systems

Combining the innovations of Container Linux

and Atomic with the stability and ecosystem of

RHEL

Fully integrated and delivered via OpenShift.

● Small footprint, derived fromRHEL

○ ~400 packages

○ Immutability (Read-only OS binaries in

/usr)

○ One-touch provisioning with Ignition

● Fast provisioning: clusters deploy in minutes

● Simplified, cluster-centric updatesand

upgrades

● Managed and automated viaoperators

Red Hat CoreOS

Immutable Infrastructure

OPERATING SYSTEM

OPENSHIFT PLATFORM CONTROL PLANE

OPERATING SYSTEM

OPENSHIFT 4OPENSHIFT 3 To simplify Day 2 operations,

the cluster needs full control

over the nodes.

Immutability =repeatability

Immutability =auditability

Immutability ≠ static clusters

Immutability ≠ static config

New Installation Process

via openshift-install

● OpenShift 4 introduces a new CLI-based installer designed to

easily provision an OpenShift cluster on CoreOS immutable

infrastructure

○ Control plane (Masters) must be deployed on RH CoreOS

nodes

○ Support for adding RHEL worker nodes coming in 4.1

● Simplified cluster creation with an interactive guided workflow

○ Allows for customization at each step

○ https://github.com/openshift/installer/blob/master/docs/user/customization.md

● Quickly download installer client (& token) from

https://try.openshift.com and run from anywhere

● Non-essential installation config options are now handled

post-install via component operator CRD’s

● Used for new installations of OpenShift 4 only!

○ Does NOT support installing or upgrading of OCP 3.x clusters!

$ ./openshift-install create cluster

? SSH Public Key /Users/<userid>/.ssh/id_rsa.pub

? Platform aws

? Region us-west-2

? Base Domain openshift.com

? Cluster Name ocp

? Pull Secret [? for help]

*************************************************************

INFO Creating cluster...

INFO Waiting up to 30m0s for the Kubernetes API...

INFO API v1.11.0+c69f926354 up

INFO Waiting up to 30m0s for the bootstrap-complete event...

INFO Destroying the bootstrap resources...

INFO Waiting up to 10m0s for the openshift-console route to

be created...

INFO Install complete!

INFO Run 'export KUBECONFIG=<your working

directory>/auth/kubeconfig' to manage the cluster with 'oc',

the OpenShift CLI.

INFO The cluster is ready when 'oc login -u kubeadmin -p

<provided>' succeeds (wait a few minutes). INFO

Access the OpenShift web-console here:

https://console-openshift-console.apps.ocp.openshift.com

INFO Login to the console with user: kubeadmin, password:

<provided>

Documentation: https://github.com/openshift/training/

Completely re-written installer

Single Go static binary

Provisions bootstrapping infra (via Terraform)

$ openshift-install --help

$ openshift-install create install-config

$ openshift-install create manifests

$ openshift-install create ignition-configs

$ openshift-install create cluster

10

Bootsrap a self-managed cluster

install-config.yaml

Kubernetes manifests

Ignition configs

(bootstrap, master,

worker)

Cluster

(terraform apply,

kubeconfig)

Machine Sets and Machine Configs

● OpenShift retrieves list of

available updates

● Admin selects the target

version

● OpenShift is updated over

the air

● Auto-update support

Over-the-Air-Updates

AN INNOVATIVE, MORE EFFICIENT WAY TO MANAGE CONTAINERIZED APPLICATIONS AT

SCALE

Installation Upgrade BackupFailure

recoveryMetrics

& insights Tuning

AUTOMATED LIFECYCLE

MANAGEMENT

Operators codify operational knowledge and workflows to automate lifecycle management of containerized applications with Kubernetes

Operator Framework

● cloud.redhat.com

● Multi-cluster management

○ New clusters on AWS, Azure,

Google, vSphere, OpenStack, and

bare metal

○ Register existing clusters

○ Including OpenShift Dedicated

● Management operations

○ Install new clusters

○ View all registered clusters

○ Update clusters

cloud.redhat.com

AWS Google Azure On-Prem

Unified Hybrid Cloud

Observe Observe

Secure

ControlConnect

Jaeger Prometheus

Istio

Grafana

OpenShift service mesh

Event

Event fires Your code runs

f( )Function

(µ)Service

function main() {

return {payload: 'Hello world'};

}

OpenShift Serverless

Cloud-native CI/CD with OpenShift Pipelines

● Based on Tekton Pipelines

● Runs serverless

● Containers as building blocks

● Deploy to multiple platforms

● Standard CommonResourceDefs

● Pipelines portable to any Kubernetes

● Available in OperatorHub

● Browser-based Web IDE + Dev Environment in pods

● Red Hat supported Eclipse Che

● Bundled with OCP/OSDSKU

● Available on OCP and OSD

● Enabled via an operator

● RHEL 8-based stacks

(tools and runtimes)

https://www.youtube.com/watch?v=VwKEVeDy9TA

CodeReady Workspaces

Summary of MajorChangesOpenShift 3.X OpenShift 4.X

Ansible based Install & Upgrade Openshift 4 installer

Atomic Host/RHEL Base OS Red Hat CoreOS

Cockpit and Standalone Atomic Registry Quay

Hawkular, Cassandra, Heapster Metrics / CFME OpenShift Provider & Podified CFME

Prometheus

oc adm diagnostics & registry Operator status & Registry Operator

Docker podman, buildah, skopeo and CRI-O

DNSmasq CoreDNS

Summary of major changes

Final Notes

Try it Yourself

• RHEL 8• https://developers.redhat.com/rhel8/• 30 day eval

• Openshift 4• https://cloud.redhat.com/openshift/install• https://www.openshift.com/trial/

Atos, the Atos logo, Atos Codex, Atos Consulting, Atos Worldgrid, Worldline, BlueKiwi, Bull, Canopy the Open Cloud Company, Unify, Yunano, Zero Email, Zero Email Certified and The Zero Email Company are registered trademarks of the Atos group. April 2016. © 2016 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos.

ThanksFor more information please contact:M +421 911 696 [email protected]