DistOS 2021F 2021-09-30

From Soma-notes
Jump to navigation Jump to search

Notes

Lecture 7
---------

What is Solaris?
 - proprietary UNIX
 - although OpenSolaris was released under a
   copyleft license that is specifically incompatible
   with the GPL (CDDL)
 - but then was made proprietary again
    - community still maintains opensolaris?

 - originally was the successor to SunOS, which
   was based on BSD UNIX (Solaris was based on System V
   UNIX)
     - Oracle got it when they bought Sun
 - zfs & dtrace started with Solaris, now more widely used

What is a container?
 - in the paper, zone with resource management
 - but in modern usage?

Experience 1 is all about containers
 - as managed with kubernetes

A container is essentially the userland of a process
 - containers on a host share a kernel
 - unlike virtual machines, where each VM has a kernel
   and the whole is managed by a hypervisor

Kubernetes is an orchestration platform
 - i.e., it manages containers

Containers are the unit of distribution in the cloud today
(even more than virtual machines)
 - NOT processes

So a container is...
 - a group of processes
 - and associated storage and other resources
   (whatever those proceses need "locally")

A process can't be easily isolated from the rest of the system
 - that's why plan9, LOCUS and such seem to forward so
   much towards other systems (turns into client/server)

But a container is...self contained
 - so you can package it up, move it around, run it anywhere

It is really a minimal abstraction of a host, not a process
 - a VM is an abstraction of a host, but with extra overhead
    - for 50 host-like things, why run 50 kernels when
      you can just run one?

Solaris zones was really about the sharing of individual systems
 - much like OS virtualization has been used in the past
 - classic use case: multiple web servers on a host
 - really good for any app that wants "a whole computer" to
   run

What's hard about containers?
 - security, specifically isolation
 - UNIX-like kernels weren't built to separate groups
   of processes so strictly
 - remains a big problem today, where best practices
   currently is to not run containers from multiple
   customers on the same system (VM)
     - each customer should use their own VMs because
       hardware virtual machines provide better isolation
 - so many opportunities for processes in one container
   to mess with other containers
      - because OS kernels have so many shared
        data structures

What you should read to really understand this is your TAs master's thesis
 - he just defended
 - it is really good
 - bpfcontain :-)
   (old version, bpfbox)

the cloud really took off on the basis of virtual machines
 - if you go to AWS and rent a "computer", your renting a hardware-based VM (likely running on Linux's KVM or Windows's Hyper-V)
 - in this old version of Solaris, the fair share scheduler is just for the CPU
   - you really have to manage CPU, memory, disk, network, and any other I/O

The other big change today is containers are most frequently disposable
 - built from an immutable disk image
 - easily thrown away when not needed, has no
   critical state (that state is stored elsewhere)
Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=DistOS_2021F_2021-09-30&oldid=23407"