SlideShare une entreprise Scribd logo

Introduction to Atomic: Tailoring a Trusted OS for Containers

Joe Brockmeier
Joe Brockmeier

Discussion of Project Atomic: A lightweight OS tailored for running Linux containers.

Technologie
1  sur  25
Télécharger pour lire hors ligne
Introduction toIntroduction to AtomicAtomic:: Tailoring a Trusted OS for ContainersTailoring a Trusted OS for Containers Joe Brockmeier jzb@redhat.com @jzb
Introduction ● What is Project Atomic? ● Anatomy of an Atomic Host ● Coming Soon ● Getting Involved
(I don't need to explain containers, right? Good.)
What is Project Atomic?
Project Atomic 101 ● Upstream community for developing tools and patterns for developing Atomic hosts. ● Umbrella project for Red Hat's efforts around developing, building, running, and managing containers. ● Not a new distribution – Atomic Hosts are built from CentOS, Fedora, or Red Hat Enterprise Linux.
Why Atomic? ● We can run Linux containers on CentOS, Fedora, and RHEL already! ● Provide a streamlined host optimized for running and managing containers. ● All applications should be deployed as containers, rather than installing on the host. ● Host should be “cattle” and updates should be easy to deploy and manage.
What Atomic Hosts Provide ● Streamlined host based on CentOS, Fedora, or RHEL packages + container stack. ● rpm-ostree ● /usr/bin/atomic ● Docker ● Kubernetes ● Cockpit ● Super Privileged Containers (SPC)
What Atomic Hosts Won't Provide ● Atomic hosts are “immutable” – don't expect to install packages on running systems ● Official images are minimal – that means your favorite tool probably won't be added – Aside from Atomic development or troubleshooting, you should never be logged into an Atomic Host ● More than necessary
CentOS, Fedora, or RHEL? ● Aside from rpm-ostree, all of the components that make up an Atomic Host are shared w/the parent distribution. ● You want support? Go RHEL Atomic Host. ● CentOS Atomic is currently under development, and hasn't released any “official” images. ● Fedora 21 released in December – developed by the Cloud Working Group. ● A CentOS rebuild of RHELAH is coming soon.
rpm-ostree's history ● OStree initially developed for GNOME continuous by Colin Walters ● The rpm-ostree stuff came slightly later ● “Git for operating systems” – bootable, immutable, & versioned filesystem trees – works on top of any *nix filesystem – support for UID/GID, extended attr, handling bootloader, and more.
Why rpm-ostree? ● “Atomic” updates make more sense for an immutable system ● Preserves the tooling to create packages, allows re- use of RPMs rather than re-inventing the wheel ● Easy rollback in the event you need to return to known-good tree ● Clean transaction for updates
How rpm-ostree works (high level) ● Filesystem is read-only, except /var and /etc ● /etc is 3-way merged when you do an update ● All data (e.g. containers) is unchanged on upgrade ● Problem with an upgrade? `rpm-ostree rollback`
/usr/bin/atomic ● Coherent entry point to the system: manage host and containers with the atomic command. ● Fill gaps in Linux container implementations. – e.g. “atomic install foo” can install a container with its k8s configuration and/or systemd unit file. – “atomic run” grabs the LABEL “run” with its Docker cmd line. Saves the user much typing. ● The “atomic host” command can be used for rpm- ostree updates.
Cockpit ● Cockpit started prior to Atomic ● Server manager for administering Linux servers via the Web browser ● Doesn't interfere with normal admin tools ● Designed to be multi-server ● Support for managing containers, Kubernetes ● http://cockpit-project.org/
Changes to 'docker search' & 'docker pull' ● We mostly ship vanilla Docker ● Additional registries for 'docker search' & 'docker pull' ● We add the RHEL registry to grab official RHEL content* ● Docker search lists fully qualified image name ● Ability to block registries ● Can warn on “push” to ensure private images aren't pushed to public registry
Super-Privileged Containers (SPC) ● We mean it when we say “run everything in containers” on Atomic ● Usually containers have limited interaction w/the host ● SPC containers can be run with `atomic run` which saves the need for long docker commands to enble privileges
Shipping Super-Privileged Containers (SPC) ● RHEL Atomic Tools Container Image – debugging tools like strace, traceroute, man pages, etc. needed to troubleshoot an image. ● RHEL Atomic rsyslog Container Image – runs rsyslogd service to send logs to central server, etc. (journald collects data either way) ● RHEL Atomic sadc Container Image – runs sadc from sysstat to be used w/`sar` ● More to come!
Nulecule (in early development) ● Specification for multi-container application w/dependencies (“Atomic App”) ● Lets developer describe application, sysadmin define parameters for app at runtime ● Creates super-orchestration parameters for Kubernetes ● Defines on-demand scheduling of resource utilization ● Basis for policy-based orchestration via Mesos ● Supports Docker, ACI and potentially other container formats ● github.com/projectatomic/nulecule
Kubernetes ● Initially used GearD from OpenShift, phased out in favor of Kubernetes ● Working with upstream to improve / develop Kubernetes for container management
Pulling the Pieces TogetherPulling the Pieces Together
Fedora Atomic Hosts ● Work is being done through the Cloud Work Group & will be part of the Cloud Product ● First release in Fedora 21 ● Adding new image formats in Fedora 22, updated Cockpit, etc. ● Moving to 2-week release cycle based on Rawhide or -current soon
CentOS 7 Atomic Hosts ● Work is being done through CentOS Atomic SIG ● CentOS-based Atomic Hosts are still in development, working out a few details like signing ● Will be providing a rebuild of RHEL Atomic Host soon ● CentOS SIG / Project Atomic will be providing a faster-moving release with packages in development soon
Getting Involved ● Website: projectatomic.io ● Github: github.com/projectatomic ● Facebook.com/projectatomic ● Twitter: @projectatomic ● Mailing Lists: http://www.projectatomic.io/community/
Thank you! jzb@redhat.com Twitter: @jzb @projectatomic

Recommandé

An introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAn introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAditya Patawari
 
It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?Phil Estes
 
Docker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsDocker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsPhil Estes
 
Containerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimeContainerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimePhil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Phil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?Phil Estes
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1dotCloud
 

Recommandé

An introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAn introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAditya Patawari
 
It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?Phil Estes
 
Docker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsDocker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsPhil Estes
 
Containerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimeContainerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimePhil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Phil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?Phil Estes
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1dotCloud
 
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeAcademy
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28Adrian Otto
 
CoreOS Intro
CoreOS IntroCoreOS Intro
CoreOS IntroIsaac Johnston
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git labGianluca Padovani
 
Embedding Containerd For Fun and Profit
Embedding Containerd For Fun and ProfitEmbedding Containerd For Fun and Profit
Embedding Containerd For Fun and ProfitPhil Estes
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with SysdigSreenivas Makam
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Henryk Konsek
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Nicolas De Loof
 
Container (Docker) Orchestration Tools
Container (Docker) Orchestration ToolsContainer (Docker) Orchestration Tools
Container (Docker) Orchestration ToolsDhilipsiva DS
 
The State of containerd
The State of containerdThe State of containerd
The State of containerdMoby Project
 
Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortalsHenryk Konsek
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Leonid Mirsky
 
LinuxKit
LinuxKitLinuxKit
LinuxKitMoby Project
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker, Inc.
 
Docker practical solutions
Docker practical solutionsDocker practical solutions
Docker practical solutionsKesav Kumar Kolla
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesWhose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesPhil Estes
 
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeAcademy
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsDocker, Inc.
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoringVinay Krishna
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
 
Running Docker containers on Mesos
Running Docker containers on MesosRunning Docker containers on Mesos
Running Docker containers on MesosTomas Kral
 
Containers - What are they and Atomic
Containers - What are they and AtomicContainers - What are they and Atomic
Containers - What are they and AtomicSyed Shaaf
 

Contenu connexe

Tendances

KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeAcademy
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28Adrian Otto
 
Embedding Containerd For Fun and Profit
Embedding Containerd For Fun and ProfitEmbedding Containerd For Fun and Profit
Embedding Containerd For Fun and ProfitPhil Estes
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with SysdigSreenivas Makam
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Henryk Konsek
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Nicolas De Loof
 
Container (Docker) Orchestration Tools
Container (Docker) Orchestration ToolsContainer (Docker) Orchestration Tools
Container (Docker) Orchestration ToolsDhilipsiva DS
 
The State of containerd
The State of containerdThe State of containerd
The State of containerdMoby Project
 
Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortalsHenryk Konsek
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Leonid Mirsky
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker, Inc.
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesWhose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesPhil Estes
 
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeAcademy
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsDocker, Inc.
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoringVinay Krishna
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
 

Tendances (20)

KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28
 
CoreOS Intro
CoreOS IntroCoreOS Intro
CoreOS Intro
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
 
Embedding Containerd For Fun and Profit
Embedding Containerd For Fun and ProfitEmbedding Containerd For Fun and Profit
Embedding Containerd For Fun and Profit
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
 
Container (Docker) Orchestration Tools
Container (Docker) Orchestration ToolsContainer (Docker) Orchestration Tools
Container (Docker) Orchestration Tools
 
The State of containerd
The State of containerdThe State of containerd
The State of containerd
 
Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortals
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015
 
LinuxKit
LinuxKitLinuxKit
LinuxKit
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF Meetup
 
Docker practical solutions
Docker practical solutionsDocker practical solutions
Docker practical solutions
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesWhose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
 
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel Developments
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoring
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open Communities
 

En vedette

Running Docker containers on Mesos
Running Docker containers on MesosRunning Docker containers on Mesos
Running Docker containers on MesosTomas Kral
 
Containers - What are they and Atomic
Containers - What are they and AtomicContainers - What are they and Atomic
Containers - What are they and AtomicSyed Shaaf
 
Containerizing Web Application with Docker
Containerizing Web Application with DockerContainerizing Web Application with Docker
Containerizing Web Application with Dockermsyukor
 
Containers in the Enterprise
Containers in the EnterpriseContainers in the Enterprise
Containers in the EnterpriseKen Thompson
 
Building Trustworthy Containers
Building Trustworthy ContainersBuilding Trustworthy Containers
Building Trustworthy ContainersSysdig
 
Red Hat Container Strategy
Red Hat Container StrategyRed Hat Container Strategy
Red Hat Container StrategyRed Hat Events
 
Docker and DevOps - Why it matters
Docker and DevOps - Why it mattersDocker and DevOps - Why it matters
Docker and DevOps - Why it mattersJeremy Brown
 
Containerized Cloud Computing - Redhat
Containerized Cloud Computing - RedhatContainerized Cloud Computing - Redhat
Containerized Cloud Computing - RedhatAmazon Web Services
 
RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)Maciej Lasyk
 
GPU Accelerated Deep Learning for CUDNN V2
GPU Accelerated Deep Learning for CUDNN V2GPU Accelerated Deep Learning for CUDNN V2
GPU Accelerated Deep Learning for CUDNN V2NVIDIA
 
Partner Busines1
Partner Busines1Partner Busines1
Partner Busines1guest4ab0dd
 
Ara Social Web 9 09 Small
Ara Social Web 9 09 SmallAra Social Web 9 09 Small
Ara Social Web 9 09 Smallmhines
 
Biweekly Financial Commentary 08 07 14
Biweekly Financial Commentary 08 07 14Biweekly Financial Commentary 08 07 14
Biweekly Financial Commentary 08 07 14Ant Wong
 
Servicio F
Servicio FServicio F
Servicio Fformacio
 
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...Alex G. Lee, Ph.D. Esq. CLP
 
Red Apple 2009
Red Apple 2009Red Apple 2009
Red Apple 2009MIAF
 

En vedette (20)

Running Docker containers on Mesos
Running Docker containers on MesosRunning Docker containers on Mesos
Running Docker containers on Mesos
 
Containers - What are they and Atomic
Containers - What are they and AtomicContainers - What are they and Atomic
Containers - What are they and Atomic
 
Containerizing Web Application with Docker
Containerizing Web Application with DockerContainerizing Web Application with Docker
Containerizing Web Application with Docker
 
Containers in the Enterprise
Containers in the EnterpriseContainers in the Enterprise
Containers in the Enterprise
 
Building Trustworthy Containers
Building Trustworthy ContainersBuilding Trustworthy Containers
Building Trustworthy Containers
 
Red Hat Container Strategy
Red Hat Container StrategyRed Hat Container Strategy
Red Hat Container Strategy
 
Docker and DevOps - Why it matters
Docker and DevOps - Why it mattersDocker and DevOps - Why it matters
Docker and DevOps - Why it matters
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
 
Containerized Cloud Computing - Redhat
Containerized Cloud Computing - RedhatContainerized Cloud Computing - Redhat
Containerized Cloud Computing - Redhat
 
RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)
 
GPU Accelerated Deep Learning for CUDNN V2
GPU Accelerated Deep Learning for CUDNN V2GPU Accelerated Deep Learning for CUDNN V2
GPU Accelerated Deep Learning for CUDNN V2
 
Partner Busines1
Partner Busines1Partner Busines1
Partner Busines1
 
HMES Sandra Paterna
HMES Sandra PaternaHMES Sandra Paterna
HMES Sandra Paterna
 
Gluco Center Concept Paper 2009
Gluco Center Concept Paper 2009Gluco Center Concept Paper 2009
Gluco Center Concept Paper 2009
 
Ara Social Web 9 09 Small
Ara Social Web 9 09 SmallAra Social Web 9 09 Small
Ara Social Web 9 09 Small
 
Biweekly Financial Commentary 08 07 14
Biweekly Financial Commentary 08 07 14Biweekly Financial Commentary 08 07 14
Biweekly Financial Commentary 08 07 14
 
Nel photos superbes
Nel photos superbesNel photos superbes
Nel photos superbes
 
Servicio F
Servicio FServicio F
Servicio F
 
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
 
Red Apple 2009
Red Apple 2009Red Apple 2009
Red Apple 2009
 

Similaire à Introduction to Atomic: Tailoring a Trusted OS for Containers

Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)Lalatendu Mohanty
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Jérôme Petazzoni
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniTheFamily
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
 
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...Elos Technologies s.r.o.
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesPhil Estes
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQDocker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQJérôme Petazzoni
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Jérôme Petazzoni
 
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...javier ramirez
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013dotCloud
 
LXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryLXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryDocker, Inc.
 

Similaire à Introduction to Atomic: Tailoring a Trusted OS for Containers (20)

Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)
 
Project Atomic-Nulecule
Project Atomic-NuleculeProject Atomic-Nulecule
Project Atomic-Nulecule
 
Docker_AGH_v0.1.3
Docker_AGH_v0.1.3Docker_AGH_v0.1.3
Docker_AGH_v0.1.3
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
 
Fedora Atomic Host
Fedora Atomic Host Fedora Atomic Host
Fedora Atomic Host
 
Fedora Atomic Host
Fedora Atomic HostFedora Atomic Host
Fedora Atomic Host
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
 
JOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in ProductionJOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in Production
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQDocker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9
 
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
 
LXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryLXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software Delivery
 

Plus de Joe Brockmeier

Thinking inside the box (shared)
Thinking inside the box (shared)Thinking inside the box (shared)
Thinking inside the box (shared)Joe Brockmeier
 
Community Over Code: How to Build a Successful Project
Community Over Code: How to Build a Successful ProjectCommunity Over Code: How to Build a Successful Project
Community Over Code: How to Build a Successful ProjectJoe Brockmeier
 
Sharing Apache's Goodness: How We Should be Telling Apache's Story
Sharing Apache's Goodness: How We Should be Telling Apache's StorySharing Apache's Goodness: How We Should be Telling Apache's Story
Sharing Apache's Goodness: How We Should be Telling Apache's StoryJoe Brockmeier
 
Solving the Package Problem
Solving the Package ProblemSolving the Package Problem
Solving the Package ProblemJoe Brockmeier
 
Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)Joe Brockmeier
 
Apache CloudStack: From API to UI (NYLUG)
Apache CloudStack: From API to UI (NYLUG)Apache CloudStack: From API to UI (NYLUG)
Apache CloudStack: From API to UI (NYLUG)Joe Brockmeier
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIJoe Brockmeier
 
Taking the open cloud to 11
Taking the open cloud to 11Taking the open cloud to 11
Taking the open cloud to 11Joe Brockmeier
 
Getting Started with Apache CloudStack
Getting Started with Apache CloudStackGetting Started with Apache CloudStack
Getting Started with Apache CloudStackJoe Brockmeier
 
How I Learned to Stop Worrying, and Love Open Source Software Foundations
How I Learned to Stop Worrying, and Love Open Source Software FoundationsHow I Learned to Stop Worrying, and Love Open Source Software Foundations
How I Learned to Stop Worrying, and Love Open Source Software FoundationsJoe Brockmeier
 
Bootstrapping coverage
Bootstrapping coverageBootstrapping coverage
Bootstrapping coverageJoe Brockmeier
 

Plus de Joe Brockmeier (13)

Thinking inside the box (shared)
Thinking inside the box (shared)Thinking inside the box (shared)
Thinking inside the box (shared)
 
Community Over Code: How to Build a Successful Project
Community Over Code: How to Build a Successful ProjectCommunity Over Code: How to Build a Successful Project
Community Over Code: How to Build a Successful Project
 
Sharing Apache's Goodness: How We Should be Telling Apache's Story
Sharing Apache's Goodness: How We Should be Telling Apache's StorySharing Apache's Goodness: How We Should be Telling Apache's Story
Sharing Apache's Goodness: How We Should be Telling Apache's Story
 
Solving the Package Problem
Solving the Package ProblemSolving the Package Problem
Solving the Package Problem
 
Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)
 
Apache CloudStack: From API to UI (NYLUG)
Apache CloudStack: From API to UI (NYLUG)Apache CloudStack: From API to UI (NYLUG)
Apache CloudStack: From API to UI (NYLUG)
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UI
 
Taking the open cloud to 11
Taking the open cloud to 11Taking the open cloud to 11
Taking the open cloud to 11
 
Getting Started with Apache CloudStack
Getting Started with Apache CloudStackGetting Started with Apache CloudStack
Getting Started with Apache CloudStack
 
How I Learned to Stop Worrying, and Love Open Source Software Foundations
How I Learned to Stop Worrying, and Love Open Source Software FoundationsHow I Learned to Stop Worrying, and Love Open Source Software Foundations
How I Learned to Stop Worrying, and Love Open Source Software Foundations
 
Intro to CloudStack
Intro to CloudStackIntro to CloudStack
Intro to CloudStack
 
Txlf2012
Txlf2012Txlf2012
Txlf2012
 
Bootstrapping coverage
Bootstrapping coverageBootstrapping coverage
Bootstrapping coverage
 

Dernier

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Dernier (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Introduction to Atomic: Tailoring a Trusted OS for Containers

  • 1. Introduction toIntroduction to AtomicAtomic:: Tailoring a Trusted OS for ContainersTailoring a Trusted OS for Containers Joe Brockmeier jzb@redhat.com @jzb
  • 2. Introduction ● What is Project Atomic? ● Anatomy of an Atomic Host ● Coming Soon ● Getting Involved
  • 3. (I don't need to explain containers, right? Good.)
  • 4. What is Project Atomic?
  • 5. Project Atomic 101 ● Upstream community for developing tools and patterns for developing Atomic hosts. ● Umbrella project for Red Hat's efforts around developing, building, running, and managing containers. ● Not a new distribution – Atomic Hosts are built from CentOS, Fedora, or Red Hat Enterprise Linux.
  • 6. Why Atomic? ● We can run Linux containers on CentOS, Fedora, and RHEL already! ● Provide a streamlined host optimized for running and managing containers. ● All applications should be deployed as containers, rather than installing on the host. ● Host should be “cattle” and updates should be easy to deploy and manage.
  • 7. What Atomic Hosts Provide ● Streamlined host based on CentOS, Fedora, or RHEL packages + container stack. ● rpm-ostree ● /usr/bin/atomic ● Docker ● Kubernetes ● Cockpit ● Super Privileged Containers (SPC)
  • 8. What Atomic Hosts Won't Provide ● Atomic hosts are “immutable” – don't expect to install packages on running systems ● Official images are minimal – that means your favorite tool probably won't be added – Aside from Atomic development or troubleshooting, you should never be logged into an Atomic Host ● More than necessary
  • 9. CentOS, Fedora, or RHEL? ● Aside from rpm-ostree, all of the components that make up an Atomic Host are shared w/the parent distribution. ● You want support? Go RHEL Atomic Host. ● CentOS Atomic is currently under development, and hasn't released any “official” images. ● Fedora 21 released in December – developed by the Cloud Working Group. ● A CentOS rebuild of RHELAH is coming soon.
  • 10. rpm-ostree's history ● OStree initially developed for GNOME continuous by Colin Walters ● The rpm-ostree stuff came slightly later ● “Git for operating systems” – bootable, immutable, & versioned filesystem trees – works on top of any *nix filesystem – support for UID/GID, extended attr, handling bootloader, and more.
  • 11. Why rpm-ostree? ● “Atomic” updates make more sense for an immutable system ● Preserves the tooling to create packages, allows re- use of RPMs rather than re-inventing the wheel ● Easy rollback in the event you need to return to known-good tree ● Clean transaction for updates
  • 12. How rpm-ostree works (high level) ● Filesystem is read-only, except /var and /etc ● /etc is 3-way merged when you do an update ● All data (e.g. containers) is unchanged on upgrade ● Problem with an upgrade? `rpm-ostree rollback`
  • 13. /usr/bin/atomic ● Coherent entry point to the system: manage host and containers with the atomic command. ● Fill gaps in Linux container implementations. – e.g. “atomic install foo” can install a container with its k8s configuration and/or systemd unit file. – “atomic run” grabs the LABEL “run” with its Docker cmd line. Saves the user much typing. ● The “atomic host” command can be used for rpm- ostree updates.
  • 14. Cockpit ● Cockpit started prior to Atomic ● Server manager for administering Linux servers via the Web browser ● Doesn't interfere with normal admin tools ● Designed to be multi-server ● Support for managing containers, Kubernetes ● http://cockpit-project.org/
  • 15.
  • 16. Changes to 'docker search' & 'docker pull' ● We mostly ship vanilla Docker ● Additional registries for 'docker search' & 'docker pull' ● We add the RHEL registry to grab official RHEL content* ● Docker search lists fully qualified image name ● Ability to block registries ● Can warn on “push” to ensure private images aren't pushed to public registry
  • 17. Super-Privileged Containers (SPC) ● We mean it when we say “run everything in containers” on Atomic ● Usually containers have limited interaction w/the host ● SPC containers can be run with `atomic run` which saves the need for long docker commands to enble privileges
  • 18. Shipping Super-Privileged Containers (SPC) ● RHEL Atomic Tools Container Image – debugging tools like strace, traceroute, man pages, etc. needed to troubleshoot an image. ● RHEL Atomic rsyslog Container Image – runs rsyslogd service to send logs to central server, etc. (journald collects data either way) ● RHEL Atomic sadc Container Image – runs sadc from sysstat to be used w/`sar` ● More to come!
  • 19. Nulecule (in early development) ● Specification for multi-container application w/dependencies (“Atomic App”) ● Lets developer describe application, sysadmin define parameters for app at runtime ● Creates super-orchestration parameters for Kubernetes ● Defines on-demand scheduling of resource utilization ● Basis for policy-based orchestration via Mesos ● Supports Docker, ACI and potentially other container formats ● github.com/projectatomic/nulecule
  • 20. Kubernetes ● Initially used GearD from OpenShift, phased out in favor of Kubernetes ● Working with upstream to improve / develop Kubernetes for container management
  • 21. Pulling the Pieces TogetherPulling the Pieces Together
  • 22. Fedora Atomic Hosts ● Work is being done through the Cloud Work Group & will be part of the Cloud Product ● First release in Fedora 21 ● Adding new image formats in Fedora 22, updated Cockpit, etc. ● Moving to 2-week release cycle based on Rawhide or -current soon
  • 23. CentOS 7 Atomic Hosts ● Work is being done through CentOS Atomic SIG ● CentOS-based Atomic Hosts are still in development, working out a few details like signing ● Will be providing a rebuild of RHEL Atomic Host soon ● CentOS SIG / Project Atomic will be providing a faster-moving release with packages in development soon
  • 24. Getting Involved ● Website: projectatomic.io ● Github: github.com/projectatomic ● Facebook.com/projectatomic ● Twitter: @projectatomic ● Mailing Lists: http://www.projectatomic.io/community/