Soma: Created page with "==Notes==

 Lecture 7 ---------  What is Solaris?  - proprietary UNIX  - although OpenSolaris was released under a    copyleft license that is specifically incompatible..."

2021-10-13T02:22:05Z

Created page with "==Notes== <pre> Lecture 7 --------- What is Solaris? - proprietary UNIX - although OpenSolaris was released under a copyleft license that is specifically incompatible..."

New page

==Notes==

<pre>
Lecture 7
---------

What is Solaris?
- proprietary UNIX
- although OpenSolaris was released under a
copyleft license that is specifically incompatible
with the GPL (CDDL)
- but then was made proprietary again
- community still maintains opensolaris?

- originally was the successor to SunOS, which
was based on BSD UNIX (Solaris was based on System V
UNIX)
- Oracle got it when they bought Sun
- zfs & dtrace started with Solaris, now more widely used

What is a container?
- in the paper, zone with resource management
- but in modern usage?

Experience 1 is all about containers
- as managed with kubernetes

A container is essentially the userland of a process
- containers on a host share a kernel
- unlike virtual machines, where each VM has a kernel
and the whole is managed by a hypervisor

Kubernetes is an orchestration platform
- i.e., it manages containers

Containers are the unit of distribution in the cloud today
(even more than virtual machines)
- NOT processes

So a container is...
- a group of processes
- and associated storage and other resources
(whatever those proceses need "locally")

A process can't be easily isolated from the rest of the system
- that's why plan9, LOCUS and such seem to forward so
much towards other systems (turns into client/server)

But a container is...self contained
- so you can package it up, move it around, run it anywhere

It is really a minimal abstraction of a host, not a process
- a VM is an abstraction of a host, but with extra overhead
- for 50 host-like things, why run 50 kernels when
you can just run one?

Solaris zones was really about the sharing of individual systems
- much like OS virtualization has been used in the past
- classic use case: multiple web servers on a host
- really good for any app that wants "a whole computer" to
run

What's hard about containers?
- security, specifically isolation
- UNIX-like kernels weren't built to separate groups
of processes so strictly
- remains a big problem today, where best practices
currently is to not run containers from multiple
customers on the same system (VM)
- each customer should use their own VMs because
hardware virtual machines provide better isolation
- so many opportunities for processes in one container
to mess with other containers
- because OS kernels have so many shared
data structures

What you should read to really understand this is your TAs master's thesis
- he just defended
- it is really good
- bpfcontain :-)
(old version, bpfbox)

the cloud really took off on the basis of virtual machines
- if you go to AWS and rent a "computer", your renting a hardware-based VM (likely running on Linux's KVM or Windows's Hyper-V)
- in this old version of Solaris, the fair share scheduler is just for the CPU
- you really have to manage CPU, memory, disk, network, and any other I/O

The other big change today is containers are most frequently disposable
- built from an immutable disk image
- easily thrown away when not needed, has no
critical state (that state is stored elsewhere)
</pre>

DistOS 2021F 2021-09-30 - Revision history

Soma: Created page with "==Notes==
Lecture 7 --------- What is Solaris? - proprietary UNIX - although OpenSolaris was released under a copyleft license that is specifically incompatible..."