GlobalTag - GPS Container Tracking, Container Tracking System
Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs....
Transcript of Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs....
![Page 1: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/1.jpg)
Operating and managing an Atomic container-based infrastructure
Scott Collier Lars Kellogg-Stedman
Sr. Principal System Engineer Senior Software Engineer
Brett Thurber
Principal Software Engineer
6/25/15
![Page 2: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/2.jpg)
Agenda
![Page 3: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/3.jpg)
Agenda
OverviewWhat is RHEL Atomic?Where can I get it?
Super Privileged ContainersBase ImagesUtility Images
Staying up to DateUpdating an Atomic Host
Deployment OptionsCloud-initRHEVOpenStack
SatelliteContainers
Wrap-UpSummary, questions, comments and feedback
![Page 4: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/4.jpg)
Overview
![Page 5: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/5.jpg)
What is Atomic?
● RHEL Atomic is a variation of Red Hat Enterprise Linux 7● Components
● systemd● Kubernetes● Docker● SELinux
● JEOS for Containers● OSTree vs. Yum / RPM● Everything is a Container
![Page 6: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/6.jpg)
CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT VIA KUBERNETES
● Orchestrate application services that span multiple containers across multiple Linux hosts
● Schedule containers across multiple hosts in desired topology
● Enable manual and automated scaling up & down
● Manage container lifecycle with declarative model for health management to detect and restart on failure
![Page 7: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/7.jpg)
Atomic Features
![Page 8: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/8.jpg)
Super Privileged Containers
![Page 9: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/9.jpg)
Base and Utility Images
![Page 10: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/10.jpg)
Staying Up to Date
![Page 11: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/11.jpg)
Atomic Host Upgrade
• Before$ atomic host status TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC * 2015-04-02 20:14:06 7.1.1-1 21bd99f9f3 rhel-atomic-host rhel-atomic-host:rhel-atomic-host/7/x86_64/standard
• Upgrade$ subscription-manager register --username <username> --password <password> --auto-attach$ atomic host upgrade && reboot
• After$ atomic host status TIMESTAMP (UTC) VERSION ID OSNAME REFSPEC * 2015-05-07 19:00:48 7.1.2 203dd666d3 rhel-atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard 2015-04-02 20:14:06 7.1.1-1 21bd99f9f3 rhel-atomic-host rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
![Page 12: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/12.jpg)
Infrastructure Deployment Options
![Page 13: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/13.jpg)
Where can I get this cool software?
![Page 14: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/14.jpg)
Obtaining Atomic
Red Hat Customer Portal
● Cloud Image● RHEV Image● Hyper-V Image● vSphere Image● Installer ISO
![Page 15: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/15.jpg)
What can I deploy on?
• GCE• AWS• KVM• VMware
• etc...
• Bare Metal• PXE• RHEV• OpenStack
![Page 16: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/16.jpg)
Deployment Options - RHEV
![Page 17: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/17.jpg)
OpenStack
![Page 18: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/18.jpg)
Deployment Options - OpenStack
Manual deployment for a single server
(or small number of servers)
Automated deployment using OpenStack Heat
OR
![Page 19: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/19.jpg)
Configuration with cloud-init• Reads “metadata” (hostname, ssh
public keys, etc) and “user data” (arbitrary shell scripts and other configuration data)
• Information may be sourced from network (the “metadata service”), from a “configuration drive”, or may be baked into your disk image.
• Performs a variety of initial system configuration tasks
#cloud-config
packages: - git - httpd
#!/bin/sh
sed -i ' /^SELINUX=/ s/=.*/=enforcing/' /etc/selinux/configsetenforce 1
![Page 20: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/20.jpg)
Manual Deployment
$ nova boot \ --image rhel-atomic-20150615 \ --key-name lars --flavor m1.small \ --user-data my-script.sh \ --nic net-id=... atomic
![Page 21: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/21.jpg)
Using OpenStack Heat to deploy a cluster
Nova
Cinder
Neutron
Ceilometer
HeatTemplates
Parameters
![Page 22: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/22.jpg)
Major sections:
● parameters
○ input into your templates
● resources
○ describes the resources Heat
will create
● outputs
○ Information derived from the
deployed stack
Heat templates
heat_template_version: 2014-10-16
description: > This is an example.
parameters:
resources:
outputs:
![Page 23: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/23.jpg)
Heat templates
heat_template_version: 2014-10-16
resources:
node: type: OS::Nova::Server properties: image: rhel-atomic-20150615 flavor: m1.small key_name: lars networks: - port: {get_resource: node_eth0}
node_eth0: type: OS::Neutron::Port properties: network: net0 security_groups: - default fixed_ips: - subnet: net0-subnet0
node_floating: type: OS::Neutron::FloatingIP properties: floating_network: public port_id: {get_resource: node_eth0}
![Page 24: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/24.jpg)
Heat-Kubernetes Templates
nova-compute
master node0 node1 nodeN
flannel
...
kubernetesA
tom
ic
https://github.com/projectatomic/heat-kubernetes/
![Page 25: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/25.jpg)
Using the TemplatesClone and deploy:
git clone https://github.com/projectatomic/heat-kubernetescd heat-kubernetesheat stack-create -f kubecluster.yaml -e local.yaml my-kube-cluster
Deploying directly from GitHub:
heat stack-create -f https://raw.githubusercontent.com/projectatomic/heat-kubernetes/master/kubecluster.yaml -e local.yaml my-kube-cluster
![Page 26: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/26.jpg)
Using the TemplatesProviding required (and optional) parameters:
parameters: ssh_key_name: lars server_image: rhel-atomic-20150615 dns_nameserver: 192.168.122.1 docker_volume_size: 5
![Page 27: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/27.jpg)
Demo
![Page 28: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/28.jpg)
Satellite
![Page 29: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/29.jpg)
Satellite 6 with Containers
● Deploy RHEL Atomic Host
● Atomic Host Preparation
● Atomic Host Compute Resource
● Content Management
● Container Deployment
![Page 30: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/30.jpg)
Deploy RHEL Atomic Host From Satellite
• Although not explicitly supported at this time it is possible and planned in future Satellite releases
• Reference blog for deployment: https://access.redhat.com/blogs/1169563/posts/1318283
![Page 31: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/31.jpg)
Preparing the RHEL Atomic Host
• Install the Satellite certificate to the RHEL Atomic host
• Copy the .crt and .pem files to the appropriate locations
• Execute update-ca-trust to trust the installed cert
• Restart docker for changes to take effect
• Register the atomic host with the Satellite server via subscription-manager
![Page 32: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/32.jpg)
RHEL Atomic host as a compute resource in Satellite• Add the RHEL Atomic host as a compute resource in Satellite
![Page 33: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/33.jpg)
Content Management
• Multiple options exist within Satellite for Red Hat docker image content:• Custom product
• Used to host docker content locally
• Created as a new product with an associated repository
• Added and promoted to a content view, associated to a lifecycle
environment
• External docker registries• Red Hat• custom
![Page 34: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/34.jpg)
Container Deployment
• There are several options to choose from when deploying containers:• (From Satellite) Content View
• Utilizes locally stored content
• (From Satellite) External Registry
• Utilizes externally hosted content
• (From RHEL Atomic Host) docker pull and docker run
• Pulling and running images from Satellite
![Page 35: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/35.jpg)
Demo
![Page 36: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/36.jpg)
Summary
![Page 37: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/37.jpg)
Summary
• Deployment Options• Updates• Providers• Utility Images• Cloud-init• OpenStack• Satellite Integration
![Page 38: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/38.jpg)
Q&A
![Page 39: Operating and managing an Atomic container-based ......Docker SELinux JEOS for Containers OSTree vs. Yum / RPM Everything is a Container. CONTAINER ORCHESTRATION, SCHEDULING, AND MANAGEMENT](https://reader033.fdocuments.in/reader033/viewer/2022042911/5f428e302355ec24a9789953/html5/thumbnails/39.jpg)