Multi-Arch Layered Image Build System

1y ago
1.11 MB
28 Pages
Last View : 1m ago
Last Download : 8m ago
Upload by : Esmeralda Toy

Multi-Arch Layered ImageBuild SystemPRESENTED BY:Adam MillerFedora Engineering, Red HatCC BY-SA 2.0

Today's TopicsDefine “containers” in the context of Linux systems· Brief History/Background· Container Implementations in Linux· Base Image vs Layered Image· Why Fedora Containers?· Why Multi-Arch Containers?· Fun history lesson· What is OpenShift?· Define Release Engineering· How does this all work?· How does it work today?· How will it work with multi-arch?·


What are containers?· Operating-system-level Virtualization·We (the greater Linux community) like to call them “containers”· OK, so what is Operating-system-level Virtualization?·The multitenant isolation of multiple user space instances or namespaces.Traditional OSAPP AAPP BLIBS ALIBS BContainersLIBSHOST OSHARDWARELIBSCONTAINERCONTAINERAPP AAPP BLIBS ALIBSHOST OSHARDWARE

Containers are not new· The concept of containers is not new·chroot was the original “container”, introduced in 1982·Unsophisticated in many ways, lacking the following:· COW·····QuotasI/O rate limitingcpu/memory constraintNetwork IsolationBrief (not exhaustive) history of sophisticated UNIX-like container technology:·········2000 - FreeBSD jails2001 – Linux Vserver2004 – Solaris Zones2005 - OpenVZ2008 – LXC (This is where things start to get interesting)2011 - Systemd nspawn2013 - dotCloud releases Docker (later renames itself to Docker Inc)2015 - runC is released under the purview of Open Container Initiatives2016 - containerd - runC orchestration daemon

Layered ImagesvsBase Images

Base vs Layered ImagesCONTAINERFedora 25BASE IMAGEFedora 25APP LAYERFedora 25APPFedora 25APPFedora 25APPFedora 25APPAPPLIBSFedora 25 HostFedora 26 HostHARDWARE OR VMHARDWARE OR VIRTUAL MACHINE


Why . ?Why Fedora Containers?· Delivering Fedora Content faster to users· Automatically generating release artifacts with security updates· Lowering the barrier of entry for contributors· Note: There are some obstacles here but plans in place to get past themWhy Multi-Arch?· Fedora isn’t just a x86 64 distro· Internet of Things (IoT)· “The Magical ARM Revolution”· Other architectures matter!· We don’t know what’s next, best not to box ourselves in.

History Lesson

How FLIBS happened.· Matt Miller, Fedora’s Fearless Leader (Fedora Project Leader)·“There’s this open source layered image build system I heard about, we should deploy one!”(Paraphrasing)· Initial discussions estimated about four weeks of work to deploy a new service in the Fedora Infraand tie it into various build, test, and messaging services.· There was an incorrect assumption that it was a finished product

OSBS History·Phase 1······Single-Node builderFinished in a few monthsImage Format v2, Registry v2, Manifest v2 - this broke the original implementationPhase 2· Scale-out deployment· Fully compat with Image Format v2, Manifest v2, Registry v2· Automated tests can be tied to the output of OSBS· RelEng is able to then "promote" images to a "production" or "stable" registry/tag/repositoryPhase 3 (Happening Now)· Image Registry Scale-out - Done· Search/Advertise image registry - In flight· CVE/Security metadata for updates - PlanningPhase 4· Orchestrator/Worker Architecture· Multi-Arch


OpenShift· OpenShift··Container Platform built on top of KubernetesAdvanced Features········Build PipelinesImage StreamsApplication Lifecycle ManagementCI/CD IntegrationsBinary DeploymentTriggers (Event, Change, Image, Web, etc)REST API, Command line interface, IDE IntegrationsWeb UI and Admin dashboard


OpenShift/Kubernetes erREST APINodeScheduler


Release Engineering· What is Release Engineering?·Making a software production pipeline that is Reproducible, Auditable, Definable, and Deliverable·It should also be able to be automated· Definition (or the closest there really is)“Release engineering is the difference between manufacturingsoftware in small teams or startups and manufacturingsoftware in an industrial way that is repeatable, givespredictable results, and scales well. These industrial stylepractices not only contribute to the growth of a company butalso are key factors in enabling growth.”- Boris Debic of Google Inc

Layered ImageBuild Service

OSBS· OpenShift Build Service·Takes advantage of OpenShift’s built in Build primitive with a “Custom Strategy” and BuildConfig····Relies on OpenShift for scheduling of build tasks throughout the clusterPresents this defined component to developers/builders as CLI and Python APIosbs enforces that the inputs come from auditable sources.··This defines what can be the inputs to a buildGit repo for source Dockerfile, git commits and builds centrally loggedBuildRoot - limited docker runtime···Firewall constrained docker bridge interfaceUnprivileged container runtime with SELinux EnforcingInputs are sanitized before reaching to build phase· Unknown or unvetted sources are disallowed by the system··Uses OpenShift ImageStreams as input sources to BuildRootPlanned utilization of OpenShift Triggers to spawn rebuild actions based on parent image changes·Factory 2.0 will also launch new builds for when RPM content changes

OSBS - Continued·atomic-reactor··Single-pass Docker build tool used inside constrained buildroot in OSBSAutomates tasks via plugins, such as:·····pushing images to a registry when successfully builtinjecting yum/dnf repositories inside Dockerfile (change source of your packages for inputsanitization/gating)change base image (FROM) in your Dockerfile tomatch that of the registry available inside the isolated buildroot, run simpletests after image is built· Gating of updates··Automated tests can be tied to the output of OSBSRelEng is able to then "promote" images to a "production" or "stable" registry/tag/repository

Build Systemosbs cliUsersOSBSRegistryOpenShift OriginCandidate Imagesatomic-reactorStable Updatesosbs-client API ServerDeployments

Fedora’s ImplementationFedora LayeredImage MaintainersRegistryCandidate ImagesStable UpdatesKoji RPM BuildsContainer-buildDistGitDockerfileISO & Cloud Imagesfedpkg container-build Service “init” ScriptsTestsDocsOSBSOpenShift Originatomic-reactorosbs-client APIUsers

Multi-Arch Build SystemOSBS - OrchestratorOpenShift Originatomic-reactorosbs-client APIOSBS - x86 64 WorkerOpenShift Originatomic-reactorUsersosbs-client APIKojiRPM BuildsOSBS - aarch64 WorkerContainer-buildISO & CloudImages DistGitOpenShift eService “init”ScriptsTestsDocsFedora LayeredImage Maintainersosbs-client APIOSBS - ppc64le WorkerOpenShift Originatomic-reactorosbs-client APIRegistryCandidate ImagesStable Updates ServerDeployments

Fedora’s Implementation· DistGit (“Distro Git”)··· RegistryEach Branch Fedora Releasemaster branch is Devel (codename “Rawhide”)·Upload/download destination, pointof distribution· fedpkg····Fedora Package Maintainer helper toolManages distgit branchesInitiate builds (local and remote, mockintegration)Much more · Orchestrator···· Koji··Fedora’s authoritative build systemEverything for Fedora is built here or it’s buildis integrated here··Live USB images, DVD ISOs, IaaS Cloud Images,RPMs, Docker·This defines what can be the inputs to a buildOpenShift Cluster that orchestrates the buildsacross the arch-specificKoji point of contactfedpkg····Fedora Package Maintainer helper toolManages distgit branchesInitiate builds (local and remote, mockintegration)Much more Koji-containerbuild·Plugin to orchestrate builds betweenKoji and OSBS

Lessons Learned······The OSBS Upstream Team is fantasticThe OpenShift Team is also fantasticOpenShift is really powerfulThe container technology space moves *fast*Nothing is set in stone· Don’t expect APIs to remain relevant· Don’t expect backwards compatibilityPeople are starting to care about architectures other than x86 64· (They have for a while, but now it’s gaining traction)

eMaxamillionCC BY-SA 2.0

system-level /detail.cfm?id .com/file/d/0B Jl94nModqdSFVseUotQVB1Rnc/view?usp bug.cgi?id red Docker Image Build Service

container container container container container networking storage registry security logs & metrics container orchestration & cluster management (kubernetes) fedora / centos / red hat enterprise linux container runtime & packaging (docker) atomic host infrastructure automation & cockpit

Related Documents:

ARCHITECTURE GRADUATE STUDENT HANDBOOK M.Arch MS.Arch —IO MS.Arch—D EC MS.Arch—HC MS.Arch—UB MS.Arch —EBT. . Graduate Program Coordinator Amy Moraga CAPLA Room 101 520.621.9819 Program Chair (through May 2017) Associate Professor

arch bar was higher cost than Erich arch bar. Conclusion: Smart Lock Hybrid arch bar was a perfect choice as an alternative to the traditional Erich arch bar for treatment of mandibular fractures. Smart Lock Hybrid arch bars offer a lot of advantages over traditional Erich arch bars

L2: x 0, image of L3: y 2, image of L4: y 3, image of L5: y x, image of L6: y x 1 b. image of L1: x 0, image of L2: x 0, image of L3: (0, 2), image of L4: (0, 3), image of L5: x 0, image of L6: x 0 c. image of L1– 6: y x 4. a. Q1 3, 1R b. ( 10, 0) c. (8, 6) 5. a x y b] a 21 50 ba x b a 2 1 b 4 2 O 46 2 4 2 2 4 y x A 1X2 A 1X1 A 1X 3 X1 X2 X3

Erich arch bars are the most commonly used type of MMF and are considered the gold standard. However, the application of Erich arch bars is time-consuming and requires the presence of teeth. Intermaxillary fixation screws and IVY loops are alternative approaches that may also be used. The hybrid arch bar system developed by Stryker isFile Size: 557KBPage Count: 8

Septimius _Severus Arch: the Triumphal Arch commemorating Septimius Severus, Roman Emperor between 193-211 A.D. . is Second Century . the arch is the beginning a long thoroughfare in the southern end of Forum area and going right up to similar arch at the other end . Constantine's Arch near the Colosseum.

FLOWING ARCH EXPANSION JOINT Figure 3 shows a self-flushing or flowing arch expansion joint . The streamlined flowing arch reduces turbulence and allows smooth, quiet flow . There is no possibility of sediment build-up and no need to fill the arch, so movement is not restricted . The expansion joint is constructed of high strength nylon tire cord

shape of the opening: pointed arch, rounded arch, arch with three centers, architrave, or other types not related to previous ones, characterized by a multi-linear geometry, which, in some cases, it resolves over a flame arch [9]. Table -1: Buildings with gothic characteristic so

Actual Image Actual Image Actual Image Actual Image Actual Image Actual Image Actual Image Actual Image Actual Image 1. The Imperial – Mumbai 2. World Trade Center – Mumbai 3. Palace of the Sultan of Oman – Oman 4. Fairmont Bab Al Bahr – Abu Dhabi 5. Barakhamba Underground Metro Station – New Delhi 6. Cybercity – Gurugram 7.