Trusted Docker Containers And Trusted VMs In OpenStack - 01
Trusted Docker Containers and Trusted VMs in OpenStack Raghu Yeluri Abhishek Gupta
Outline o Context: Docker Security – Top Customer Asks o Intel’s Focus: Trusted Docker Containers o Who Verifies Trust ? o Reference Architecture with OpenStack o Demo o Availability o Call to Action
Docker Overview in a Slide. Docker Hub Lightweight, open source engine for creating, deploying containers Provides work flow for running, building and containerizing apps. Separates apps from where they run.; Enables Micro-services; scale by composition. Underlying building blocks: Linux kernel's namespaces (isolation) cgroups (resource control) . Components of Docker Docker Engine – Runtime for running, building Docker containers. Docker Repositories(Hub) - SaaS service for sharing/managing images Docker Images (layers) Images hold Apps. Shareable snapshot of software. Container is a running instance of image. Orchestration: OpenStack, Docker Swarm, Kubernetes, Mesos, Fleet, Atomic, Lattice Project Docker Layers
Docker Security – 5 key Customer Asks 1. How do you know that the Docker Host Integrity is there? o o 2. How do you verify Docker Container Integrity o 3. Do you trust the Docker daemon? Do you trust the Docker host has booted with Integrity? Who wrote the Docker image? Do you trust the image? Did the right Image get launched? Runtime Protection of Docker Engine & Enhanced Isolation o How can Intel help with runtime Integrity? 4. Enterprise Security Features – Compliance, Manageability, Identity authentication. Etc. 5. OpenStack as a single Control Plane for Trusted VMs and Trusted Docker Containers. Intel’s Focus: Enable Hardware-based Integrity Assurance for Docker Containers – Trusted Docker Containers
Trusted Docker Containers – 3 focus areas o Launch Integrity of Docker Host o Runtime Integrity of Docker Host o Integrity of Docker Images Today’s Focus: Integrity of Docker Host, and how to use it in OpenStack.
Trusted VMs - Summary o Launch VMs on Servers that have demonstrated Boot Integrity – Platform Trust o o o Measured Launch of Boot Process/Components with Intel TXT. Trust Chain: HW- FW- BIOS- OS/VMM What is measured at launch: o o o o VM-2 Host OS/Hypervisor Kernel, Initrd Tboot HW w/ Intel TXT/TPM Measurements match! System trusted Trust Boundary App App Extend Chain of Trust to VMs. o o Current: F/W, Core BIOS, OS/VMM Kernel, Initrd Ext measurements: An7OS/FS modules vFW Schedulers/Orchestrators Policy Manager use Trust to launch/create/Migrate VMs. o Measure & Attest VM Images prior to Launch. Measurements done at the time of Server boot) Apps VM-1 VM-2 Measurements done at the time of boot (Server boot and VM Launch) Trust Boundary Encrypt VM Images and decrypt based on Platform Trust (Tenant-Controls the Keys) Boundary Control of VMs– Control where your Trusted VMs are launching and migrating. vRTM Host OS/Hypervisor Kernel, Initrd Tboot HW w/ Intel TXT/TPM Measurements match! System & VMs Trusted Will enable the same model and use-cases for Trusted Docker Containers
Trusted Docker Containers - 1 Ensure Docker Containers are launched on Trusted Docker Hosts o o o o o Container C e.g. Nginx Boot-time integrity of the Docker Host Measured Launch of Boot Process & components with Intel TXT. Docker daemon and associated component added to TCB and Measured. Chain of Trust: H/w- FW- BIOS- OS Docker Engine Remote attestation using an Attestation Authority* container A e.g. Apache Container B e.g. Apache v2 Shared Bin/Libs Docker Daemon Host OS TBOOT TPM HW w/ Intel TXT Docker Host Platform Integrity
Trusted Docker Containers - 2 o o o Launch time integrity of Docker Images Chain of Trust: H/w- FW- BIOS- OS- Docker Engine - Docker container layers (apache, Ubuntu14.04, ubuntu14, , base) Docker daemon modification: prior to container launch, measure and verify Docker image (and parent layer graph recursively) Boundary Control/Geo-Tagging applies equally to Docker Containers as well - Compliance Needs. o Orchestrator determines location/boundary for launching Docker Images. Exploring: Docker Image encryption & Trustbased Retrieval of Keys – Sensitive Container Images (VNFs, PCI-DSS/HIPPA Containers. etc) } Ensure that Docker Images are not tampered prior to Launch - Agents Container C e.g. Nginx container A e.g. Apache Container B e.g. Apache v2 Shared Bin/Libs Docker Daemon Host OS TBOOT TPM HW w/ Intel TXT Docker Host & Container Launch Integrity
What is measured for Trusted Docker Containers Chain of Trust extended to application launch Trusted launch of containerized application Docker Daemon container management engine (e.g. Docker engine) Measurement Agents Initrd (includes a measurement agent) Bootloader, Tboot and OS Kernel Bios ACM signed by manufacturer Intel TXT TPM Apache Patch v2 Apache Patch v1 Apache Ubuntu14.04 Ubuntu Containerized application layers (e.g. Docker image layers)
What is measured – the details System Power ON PCR0 SINIT Hash PCR0 UCode Validates, Measures BIOS ACM PCR0 ACM Validates, Measures BIOS Init Code PCR0 Init TXT & Mem, Load SMM Measure SMM & other Trusted Code ENTERACCS: LockConfig Lock TXT & Memory Config NonCritical Code BIOS X Option ROMs & other non-critical modules Measurement Phase 1 (H/W BIOS) uCode evals BIOS ACM BIOS ACM (evals BIOS init code) BIOS BIOS Option ROMs PCR17 PCR18 SENTER Load SINIT & OS code uCode Validates SINIT SINIT Measures TBOOT PCR19 PCR19 SINIT Tboot-xm Measures Measures OS Kernel Docker Initrd Engine, other Launch OS OS Measurement Phase II (TBOOT, OS, Docker Engine ) Boot loader uCode (evals SINIT ACM) SINIT ACM (measures OS Kernel, initrd Tboot-xm(agent in initrd) measures DockerEngine, other components Source: Intel
Who Verifies the Docker Host Trust? Scheduler/Cluster Manager/Policy Manager Image Registry Agents Principles Of Operation Docker Engine OS, Initrd o TPM v1.2 Trusted Host Scheduler/Cluster Manager Trust Filter Agents OpenStack Docker Swarm Kubernetes Mesos Fleet o OS/initrd Examples Docker Engine TPM v1.2 Trusted Host Remote Attestation API Agents Attestation Authority Docker Engine OS,Initrd TPM v1.2 Trust Not Verified. Attestation Traffic o o Cluster Manager determines best hosts in the cluster, based on utilization, type, location compliance. etc. (for this host list) Cluster Manager verifies Host Integrity with the Attestation Authority. Attestation Authority responds with Attestation Reports for the Hosts Cluster Manager picks best Server that has the Integrity and instantiates Containers.
Trusted Docker Containers & VMs with OpenStack 5 Nova Agents Glance Docker Engine OS, Initrd 2 Trust Filter Trusted Container Remote Attestation API Launch 5 Attestation Authority (OAT) 1 Horizon/API Server : Initiate Launch of Image (with Hypervisor Type Property) 2 Nova Scheduler: ImageProp Filter excludes Hosts that don’t met Image Hypervisor Type. 3 Trusted Host 4 VM2 VM1 Horizon TPM v1.2 3 1 Trust VM launch OS, Initrd Trusted Host ImageProp Filter Location Filter Docker Engine TPM v1.2 Nova Scheduler API Server Nova Agents Nova Scheduler: Runs Trust/Location Filter to identify Trusted Host (for VM or Docker Container) Nova Agents Qemu OS TPM v1.2 TPM v1.2 Trusted Host 4 5 Nova Agents Qemu OS TPM TPM v1.2 v1.2 Trust Not Verified. Attestation Authority: Challenges Host to Attest. Provides Signed Attestation Report to Scheduler to use. – Identifies Trusted Host for VMs or Docker Containers. Nova Compute: Download Glance Image and Launch. For Docker Images: Nova uses DockerDriver to download, and loaded to Docker File system with Docker load Command.
[ Changes needed in OpenStack Infrastructure OpenStack changes 1. Add hypervisor type property to images Value qemu for VM images Value docker for docker images 2. Activate ImageProperties filter filters out hosts that don’t match Value from Image Hypervisor Type 3. 4. Activate Trust filter in openstack scheduler and trust properties in images Configure Nova-compute to use docker driver. DEFAULT] compute driver novadocker.virt.docker.DockerDriver Steps at: https://wiki.openstack.org/wiki/Docker) Docker Specific changes For Docker Image Integrity: o Modified Docker daemon to intercept container launch request and call measurement agent before launch o Manifest/trust-policy created and associated with each Docker layer Infrastructure related changes o o o TXT/TPM hardware; TXT/TPM activation on the clusters Attestation Server is setup
Demo
Summary & Call to Action o Intel’s focus: Enable Hardware-based Integrity assurance for Docker Containers – Trusted Docker Containers o o o Enabling the same model as we have done for VMs. Intel TXT and Attestation Software becomes the foundation for asserting Docker Host Integrity. Intel iKGT (Kernel Guard Technology) can help in runtime integrity protection of the Linux Kernel. o OpenStack can launch VMs and Containers with the extensions that are already mainstream (Trusted Compute Pools) o Get engaged, get started with Trusted VMs and OpenStack. Extensions to OpenStack for Trusted Docker containers, will be available in Q3 timeframe. o iKGT is available now on 01.org. Download it and try it out.
Q&A
o OpenStack can launch VMs and Containers with the extensions that are already mainstream (Trusted Compute Pools) o Get engaged, get started with Trusted VMs and OpenStack. Extensions to OpenStack for Trusted Docker containers, will be available in Q3 timeframe. o iKGT is available now on 01.org. Download it and try it out. Summary & Call to Action
Introduction to Containers and Docker 11 docker pull user/image:tag docker run image:tag command docker run -it image:tag bash docker run image:tag mpiexec -n 2 docker images docker build -t user/image:tag . docker login docker push user/image:tag
Open docker-step-by-step.pdf document Introduction to Containers and Docker 19. Backup slides. Docker cheatsheet Introduction to Containers and Docker 21 docker pull user/image:tag docker run image:tag command docker run -it image:tag bash docker run image:tag mpirun -n 2
Docker Quickstart Terminal Docker Quickstart Terminal Docker . 2. docker run hello-world 3. . Windows Docker : Windows 7 64 . Windows Linux . 1.12.0 Docker Windows Hyper-V Linux 1.12 VM . docker . 1. Docker for Windows 2. . 3. . 1.11.2 1.11 Linux VM Docker, VirtualBox Linux Docker Toolbox .
o The Docker client and daemon communicate using a RESTAPI, over UNIX sockets or a network interface. Docker Daemon(dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. Docker Client(docker) is the primary way that many Docker users interact with Docker. When docker run
Docker images and lauch Docker containers. Docker engine has two different editions: the community edition (Docker CE) and the enterprise edition (Docker EE). Docker node/host is a physical or virtual computer on which the Docker engine is enabled. Docker swarm cluster is a group of connected Docker nodes.
Exercise: How to use Docker States of a Docker application: – Dockerfile Configuration to create a Docker Image. – Docker Image Image can be loaded by Docker and is used to create Docker Container. – Docker Container Instance of a Docker Image. Dockerfile – Build a Docker Image from Dockerfile wi
3.Install the Docker client and daemon: yum install docker-engine. 4.Start the Docker daemon: service docker start 5.Make sure the Docker daemon will be restarted on reboot: chkconfig docker on 6. Add the users who will use Docker to the docker group: usermod -a -G docker user .
What is Docker? 5 What is Docker good for? 7 Key concepts 8 1.2 Building a Docker application 10 Ways to create a new Docker image 11 Writing a Dockerfile 12 Building a Docker image 13 Running a Docker container 14 Docker layering 16 1.3 Summary 18 2 Understanding Docker—inside the engine room 19 2.1 architecture 20 www.allitebooks.com
