Čo je nové v red hat enterprise linux a openshift 4 · nftables (replacing iptables) is a new...
TRANSCRIPT
Red Hat | General Use
A few words on the announcement
Easy adoption andupgrades
Modern development platform
Simple system management
A secureplatform
AGENDA
Red Hat | General Use
Enterprise OS on all footprints
Development Process (Fedora)
10-year lifecycle for most content
Offerings andAdd-Ons
Managed by Satellite
Predictable release cadence
More life cycleoptions
More frequent applicationupdates
What’s the same What’s different
Simpler delivery structure
A FAMILIAREXPERIENCE
Red Hat | General Use
Name Details
Kernel version 4.18x
System compiler gcc 8.2, llvm 6.0
Hardware architecture Intel/AMD 64-bit, IBM Power LE, IBM z Systems, ARM
64-bit
Default file system XFS
Package management Yum4
Init system systemd v239
QUICK FACTS
Red Hat | General Use
Range of improved performance with RHEL 8 (alpha) compared to RHEL7
10%✲
30%✲
45%✲
✲General guidance. Varies greatly with workload and system tuning.
PERFORMANCEIMPROVEMENTS
Red Hat | General Use
1. Provides the foundation
of our operatingsystem
2. Completely self
contained operating
system
3. Guaranteed 10 years of
enterprise support
1. Provides flexible lifecycle
options
2. Fully enterprise supported
3. Common Red Hat Enterprise
Linux languages supported
at launch
4. Defaults to 10 yearsof
enterprise support
BASE OS APPLICATION
STREAMS
=Note:RHEL subscriptions also provide access to additional content for
Developer use. More details available at the developer.redhat.com
Reducing complexity is a key benefit to using Red Hat Enterprise Linux 8 and that starts with being able
to consume it easily
SIMPLIFIED DELIVERY
Appstreams = modules + profiles
$ yum module listName Stream Profiles Summary(...)postgresql 10 [d] client, PostgreSQL server and client module
server [d]postgresql 9.6 client, PostgreSQL server and client module
server [d](...)
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
$ yum module info postgresql
Name : postgresqlStream : 10 [d][a]Version : 820190104140132Context : 9edba152Profiles : client, server [d]Default profiles : serverRepo : appstream-internal-nightlySummary : PostgreSQL server and client moduleDescription : (...)(...)
Name : postgresqlStream : 9.6Version : 820190104140337Context : 9edba152Profiles : client, server [d]Default profiles : serverRepo : appstream-internal-nightlySummary : PostgreSQL server and client moduleDescription : (...)(...)
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled, [a]ctive]
Because no stream is specified, all streams are used for the listing.
$ yum module info --profile postgresql(...)Name : postgresql:10:820190104140132:9edba152:x86_64client : postgresqlserver : postgresql-server
Name : postgresql:9.6:820190104140337:9edba152:x86_64client : postgresqlserver : postgresql-server
$ yum module install postgresql:9.6/server
Introducing NFTables
NFTables (replacing IPTables) is a new subsystem of the Linux kernel which provides filtering and classification ofnetwork packets, datagrams, or frames. This software provides a new in-kernel packet classification frameworkthat is based on a network-specific Virtual Machine (VM) and a new nft userspace command line tool.
iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPTnft add rule ip filter INPUT tcp dport 22 ct state new counter accept
ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPTnft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept
INFTables
Red Hat | General Use
IMAGE BUILDER
Content out
DVD installers
Disk img
FileSystem img
Virtual img
Cloud img
Content in
Red Hat content
Custom
Third party
Third party
RESTAPI
Backend builders
GUI CLI
Tooling to enable automated creation of customized Red Hat® Enterprise Linux® OS images
SATELLITE
Bare metal Virtual
Private cloud Public cloud
IMAGEBUILDER
Red Hat | General Use
Red Hat Enterprise Linux 8 brings container modernization
skopeo
MODERN CONTAINER TOOLS
Red Hat | General Use
CONTAINER
APP
LANGUAGE RUNTIMES
RHEL BASE IMAGE
RED HATPLATFORM
CONTAINER
APP
LANGUAGE RUNTIMES
RHEL BASE IMAGE
ANY CONTAINERPLATFORM
CONTAINER
PARTNERCONNECT
CERTIFIEDAPP
LANGUAGE RUNTIMES
RHEL BASE IMAGE
RED HATPLATFORM
Not Supported Enterprise support when
run on Red Hat
platforms
Certification provides the
highest level ofsupport
Building on UBI is the first step
INTRODUCING: UNIVERSAL BASE IMAGE
Red Hat | General Use
Doing a risk assessment
before makingany changes is
critical tounderstanding what
is about to happen
PRE-UPGRADE
Fully plugable and fully
supported upgrade
framework makes moving to
new major releases ofRHEL
easy
UPGRADE
If anything goes wrong,
BOOM will let you rollback to
the previous snapshot - this is
not a downgrade but instead a
full byte-level rollback
ROLLBACK
Best practices and tooling greatly improved to cover additional use cases
MIGRATING TO RED HAT ENTERPRISE LINUX 8
Adapting for the next wave of innovation in distributed systems
Combining the innovations of Container Linux
and Atomic with the stability and ecosystem of
RHEL
Fully integrated and delivered via OpenShift.
● Small footprint, derived fromRHEL
○ ~400 packages
○ Immutability (Read-only OS binaries in
/usr)
○ One-touch provisioning with Ignition
● Fast provisioning: clusters deploy in minutes
● Simplified, cluster-centric updatesand
upgrades
● Managed and automated viaoperators
Red Hat CoreOS
Immutable Infrastructure
OPERATING SYSTEM
OPENSHIFT PLATFORM CONTROL PLANE
OPERATING SYSTEM
OPENSHIFT 4OPENSHIFT 3 To simplify Day 2 operations,
the cluster needs full control
over the nodes.
Immutability =repeatability
Immutability =auditability
Immutability ≠ static clusters
Immutability ≠ static config
New Installation Process
via openshift-install
● OpenShift 4 introduces a new CLI-based installer designed to
easily provision an OpenShift cluster on CoreOS immutable
infrastructure
○ Control plane (Masters) must be deployed on RH CoreOS
nodes
○ Support for adding RHEL worker nodes coming in 4.1
● Simplified cluster creation with an interactive guided workflow
○ Allows for customization at each step
○ https://github.com/openshift/installer/blob/master/docs/user/customization.md
● Quickly download installer client (& token) from
https://try.openshift.com and run from anywhere
● Non-essential installation config options are now handled
post-install via component operator CRD’s
● Used for new installations of OpenShift 4 only!
○ Does NOT support installing or upgrading of OCP 3.x clusters!
$ ./openshift-install create cluster
? SSH Public Key /Users/<userid>/.ssh/id_rsa.pub
? Platform aws
? Region us-west-2
? Base Domain openshift.com
? Cluster Name ocp
? Pull Secret [? for help]
*************************************************************
INFO Creating cluster...
INFO Waiting up to 30m0s for the Kubernetes API...
INFO API v1.11.0+c69f926354 up
INFO Waiting up to 30m0s for the bootstrap-complete event...
INFO Destroying the bootstrap resources...
INFO Waiting up to 10m0s for the openshift-console route to
be created...
INFO Install complete!
INFO Run 'export KUBECONFIG=<your working
directory>/auth/kubeconfig' to manage the cluster with 'oc',
the OpenShift CLI.
INFO The cluster is ready when 'oc login -u kubeadmin -p
<provided>' succeeds (wait a few minutes). INFO
Access the OpenShift web-console here:
https://console-openshift-console.apps.ocp.openshift.com
INFO Login to the console with user: kubeadmin, password:
<provided>
Documentation: https://github.com/openshift/training/
Completely re-written installer
Single Go static binary
Provisions bootstrapping infra (via Terraform)
$ openshift-install --help
$ openshift-install create install-config
$ openshift-install create manifests
$ openshift-install create ignition-configs
$ openshift-install create cluster
10
Bootsrap a self-managed cluster
install-config.yaml
Kubernetes manifests
Ignition configs
(bootstrap, master,
worker)
Cluster
(terraform apply,
kubeconfig)
● OpenShift retrieves list of
available updates
● Admin selects the target
version
● OpenShift is updated over
the air
● Auto-update support
Over-the-Air-Updates
AN INNOVATIVE, MORE EFFICIENT WAY TO MANAGE CONTAINERIZED APPLICATIONS AT
SCALE
Installation Upgrade BackupFailure
recoveryMetrics
& insights Tuning
AUTOMATED LIFECYCLE
MANAGEMENT
Operators codify operational knowledge and workflows to automate lifecycle management of containerized applications with Kubernetes
Operator Framework
● cloud.redhat.com
● Multi-cluster management
○ New clusters on AWS, Azure,
Google, vSphere, OpenStack, and
bare metal
○ Register existing clusters
○ Including OpenShift Dedicated
● Management operations
○ Install new clusters
○ View all registered clusters
○ Update clusters
cloud.redhat.com
AWS Google Azure On-Prem
Unified Hybrid Cloud
Event
Event fires Your code runs
f( )Function
(µ)Service
function main() {
return {payload: 'Hello world'};
}
OpenShift Serverless
Cloud-native CI/CD with OpenShift Pipelines
● Based on Tekton Pipelines
● Runs serverless
● Containers as building blocks
● Deploy to multiple platforms
● Standard CommonResourceDefs
● Pipelines portable to any Kubernetes
● Available in OperatorHub
● Browser-based Web IDE + Dev Environment in pods
● Red Hat supported Eclipse Che
● Bundled with OCP/OSDSKU
● Available on OCP and OSD
● Enabled via an operator
● RHEL 8-based stacks
(tools and runtimes)
https://www.youtube.com/watch?v=VwKEVeDy9TA
CodeReady Workspaces
Summary of MajorChangesOpenShift 3.X OpenShift 4.X
Ansible based Install & Upgrade Openshift 4 installer
Atomic Host/RHEL Base OS Red Hat CoreOS
Cockpit and Standalone Atomic Registry Quay
Hawkular, Cassandra, Heapster Metrics / CFME OpenShift Provider & Podified CFME
Prometheus
oc adm diagnostics & registry Operator status & Registry Operator
Docker podman, buildah, skopeo and CRI-O
DNSmasq CoreDNS
Summary of major changes
Final Notes
Try it Yourself
• RHEL 8• https://developers.redhat.com/rhel8/• 30 day eval
• Openshift 4• https://cloud.redhat.com/openshift/install• https://www.openshift.com/trial/
Atos, the Atos logo, Atos Codex, Atos Consulting, Atos Worldgrid, Worldline, BlueKiwi, Bull, Canopy the Open Cloud Company, Unify, Yunano, Zero Email, Zero Email Certified and The Zero Email Company are registered trademarks of the Atos group. April 2016. © 2016 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos.
ThanksFor more information please contact:M +421 911 696 [email protected]