The Lightweight Cloud Servers War Begins

class: center, middle, inverse

# The Lightweight Cloud Servers War Begins

## Haïkel Guémar - @hguemar

---
class: middle

##  Who am I ?

.right-50column[
<img src="img/me.jpeg" />
]

.left-50column[

+ Software Craftsman

+ RDO Engineering @ Red Hat

+ Fedora developer (Engineering Committee, Cloud WG)

+ CentOS developer (Cloud SIG)

+ OpenStack RPM packaging PTL

]

---
class: middle

## Disclaimers

* I am not paid to work on any of the projects presented in this talk

* I am just a back-end person

* I accept offerings in form of hot sauces

---
class: center, middle, inverse

# Introduction

---

.left-column[
# Ever heard of Docker?
]
.right-column[
![](img/dockah.gif)

(Credits: Dan Walsh - SELinux & Docker superhero)
]

---
.left-column[
  ## Containers
  ]
  
.right-column[

* OS level method for isolating processes/linux systems

* Provides a sandbox to run applications

* Containers != Docker

* This is *NOT* full-virtualization

]

---
.left-column[
  ## Containers
  ## Docker
  ]
  
.right-column[

* Docker is about industrialization

* __Build Once, Run everywhere__

* Consistent Continuous Delivery

* Reusability through layered images

* Industry moving from monolithic Behemoths to micro-services architecture

* Integrate gracefully with your legacy apps

* Packaging vs Containers
]

---
class: middle, center, inverse

# And now?

---
.left-column[
  ## Hosting containers?
  ]
  
.right-column[

* Your usual GNU/Linux distro w/ Docker?

* Minimal distros like Boot2docker?

* Commodity hardware?

* I know! CLOUD COMPUTING INSTANCES \o/

]

---
.left-column[
  ## Hosting containers?
  ]
  
.right-column[

![](img/cushion.gif)

]

---
.left-column[
  ## Hosting containers?
  ## New paradigm
  ]
  
.right-column[

* Containerized applications have now transactional *atomic* updates

* Applications runs in isolated sandbox

* Starting/Shutting down a container is cheap

]

---
.left-column[
  ## Hosting containers?
  ## New paradigm
  ]
  
.right-column[

* Containerized applications have now transactional *atomic* updates

* Applications are now isolated

* Starting/Shutting down a container is cheap

![](img/formal-protest.gif)

* We want the __same for our host system__ too!

]

---
class: middle, center, inverse

# So we want

---
.left-column[
  ## Requirements
  ]
  
.right-column[

* Minimalistic, Swagalistic system

* Applications running in containers

* System services running in containers

* Enhanced security through isolation mechanisms

* Transactional atomic system updates

* Native clustering management

]

---
.left-column[
  ## Requirements
  ## Surprise!
  ]
  
.right-column[
![](img/excited.gif)

It's already there, not just one but plenty of them!

* CoreOS by CoreOS

* Project Atomic by Red Hat

* Snappy Ubuntu by Canonical

* Photon by VMWare

* Rancher OS by Rancher Labs

* And others ...

]

---
.left-column[
  ## Requirements
  ## Surprise!
  ## Similar models
  ]
  
.right-column[

They all comply with the previous requirements

* They all use (or plan to) common components like Kubernetes, etcd, cloud-init, etc.

* There are variations of course

* Major departure from the traditional model

]

---
class: middle, center, inverse

# Common components

---
.left-column[
  ## Systemd & Fleet
  ]
  
.right-column[

* Fleet is a distributed init system (or clustering management tool)

* Leverage Systemd features: init system, journald, socket activation

* Systemd is used to start containers and __not__ processes within containers!

* Fine-grained scheduling

* Machine discovery
]

---
.left-column[
  ## Systemd & Fleet
  ## Etcd
  ]
  
.right-column[

* Datastore containing all ephemeral data: unit files, cluster presence, unit status

* Provides synchronization primitives

* Services discovery

<img src="img/Fleet-Scheduling.png" width="600px" />
]

---
.left-column[
  ## Systemd & Fleet
  ## Etcd
  ## Flannel
  ]
  
.right-column[

* Software Defined Network for containers

* Backed by etcd for configuration data + subnet assignations

* Minor performances penalties (mostly hitting latency)

<img src="img/flannel.png" width="600px" />
]

---
.left-column[
  ## Systemd & Fleet
  ## Etcd
  ## Flannel
  ## Cloud-init
  ]
  
.right-column[

* Used to boostrap the system a startup

* More or less a standard for Cloud computing instances bootstrap

* Remember that we're speaking about stateless systems
]

---
.left-column[
  ## Systemd & Fleet
  ## Etcd
  ## Flannel
  ## Cloud-init
  ## Kubernetes
  ]
  
.right-column[

* Containers orchestration by Google

* Supports physical hosts, GCE, AWS, Mesos, CoreOS, Atomic, etc...
 
* Includes scaling, self-healing, replication mechanisms

* Unify your infrastructure under one tent
]

---
class: middle, center, inverse

# Let's review our contenders

---
.left-column[
  ## CoreOS
  ]
  
.right-column[

* Derivative of ChromiumOS

* Started in october 2013: the oldest competitor

* Relatively mature

* Created etcd/fleet

* Created Rocket a competiting Container Engine

* Do not support software installation on the host

* No additional security isolation :'(

* Have a toolbox privileged container (Fedora-based \o/) for debugging purposes

* Rocket?

]

---
.left-column[
  ## CoreOS
  ## Project Atomic
  ]
  
.right-column[

* Fedora/RHEL/CentOS all provide an Atomic Host variant

* s/yum/rpm-ostree/

* Ostree originates from GNOME CI platform

* SELinux secured containers

* Middle ground between traditional systems and modern containers host OS

]

---
.left-column[
  ## CoreOS
  ## Project Atomic
  ## Snappy Ubuntu
  ]
  
.right-column[

* Based on Canonical work on phones & JeOS

* Leverage AppArmor to enforce isolation

* Snappy packaging system: Frameworks/Applications == Container engines/Containers

* Uses LXD by default

]

---
.left-column[
  ## CoreOS
  ## Project Atomic
  ## Snappy Ubuntu
  ## VMWare Photon
  ]
  
.right-column[

* Tech preview from VMWare

* Based on Fedora, plans to use rpm-ostree

* Use a yum-compatible packages manager: tdnf

* Tied to VMWare products

]

---
.left-column[
  ## CoreOS
  ## Project Atomic
  ## Snappy Ubuntu
  ## VMWare Photon
  ## Rancher OS
  ]
  
.right-column[

* More radical model

* Extremely minimal footprint (20MB)

* Uses Docker as PID1

* System and user containers use separate Docker daemons

* Geared toward Embedded devices and IoT

]

---
class: center, middle, inverse

# In the end?

---
.left-column[
  ## So much choices
  ]
  
.right-column[

![](img/death-stare.gif)

]

---
.left-column[
  ## So much choices
  ## Similar != same
  ]
  
.right-column[

* CoreOS, Atomic and Snappy are maturing

* CoreOS, Atomic Host (Fedora), Snappy are pretty much similar in terms of consumed resources

* Security-wise, Atomic and Snappy have much consistent user stories

* Rancher OS targets a specific market (Embedded Devices, IoT)

* Snappy and Photon targets different containers technologies (CoreOS?)

* Stresses the importance of clustering management (less coupling on the base system)

* Remember: this is an emerging model, things change fast
]

---
class: middle

## Thanks

* Mickael Scherrer, Marianne Lombard and Mathieu Bridon for proof-reading
* Dr Sheldon Cooper for being an inspiration
* Credits for the animated gifs to "The Big Bang Theory" Show
* To the remaining survivors in the room

---
class: middle, center, inverse

# Q/A

<br />
<address>
  <a href="mailto:hguemar@fedoraproject.org">Mail: hguemar AT fedoraproject DOT org</a>
</address>