Virtualization

Internet Engineering
Fall 2022
@1995parham

IaaS

Infrastructure as a service (IaaS) refers to online services that abstract the user from the details of infrastructure like physical computing resources, location, data partitioning, scaling, security, backup etc.

  • Example providers:
    • AWS Amazon
    • Virtual Box
    • VMware

    PaaS

    Platform as a service (PaaS) or application platform as a service (aPaaS) is a category of cloud computing services that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.

    SaaS

    SaaS applications are sometimes called Web-based software, on-demand software, or hosted software. Whatever the name, SaaS applications run on a SaaS provider’s servers. The provider manages access to the application, including security, availability, and performance.

    xaas

    In computing, a virtual machine (VM) is an emulation of a computer system.

    overview-vm
    overview-vm

    Virtualization Techniques

    • The VM-based approach virtualizes the complete OS. The abstraction it presents to the VM are virtual devices like virtual disk, virtual CPUs, and virtual NICs. With virtual machines, multiple OSes can share the same hardware resources, with virtualized representations of each of the resources available to the VM.
    • Container-based form of virtualization doesn't abstract the hardware but uses techniques within the Linux kernel to isolate access paths for different resources. It carves out a logical boundary within the same operating system.

    Hypervisors

    A special piece of software is used to virtualize the OS.

    CPU Virtualization

    • Binary Translation in the Case of Full Virtualization: In this case, the guest OS is used without any changes. The instructions are trapped and emulated for the target environment. This cause a lot of performance overhead, as lots of instructions have to be trapped into the host/hypervisor and emulated.
    • To avoid the performance problems related to binary translation when using full virtulization, we use paravirtualization wherein the guest knows that it is running in a virtualized environment and its interaction with the host is optimized to avoid excessive trapping.

    CPU Virtualization (Contd)

    • In 2005, x86 finally become virtualizable. Advantages of hardware-assisted virtulization are two fold:
      • No binary translation
      • No OS modification

    IO Virtualization

    • With full virtualization, the guest does not know it's running on a hypervisor and the guest OS doesn't need any changes to run on a hypervisor.
    • In paravirtualization case, the guest OS is made aware that it's running in a vritualized environment and special drivers are loaded into the guest to take care of the I/O.

    The Quick Emulator (QEMU)

    • The QEMU runs as a user process and handles the KVM kernel module.
    • It uses the vt-x extensions to provide the guest with an isolated environment from a memory and cpu perspective.
    • The QEMU also dedicates a separate thread for I/O. This thread runs an event loop and is based on the non-blocking mechanism.
    • The QEMU can use paravirtualized drivers.

    Containers

    Containers are an abstraction at the app layer that packages code and dependencies together. Multiple containers can run on the same machine and share the OS kernel with other containers, each running as isolated processes in user space.

    docker-growth
    overview-container

    Containers vs VMs (Pros)

    • Lightweight (MBs vs GBs)
    • Easier Deployment
    • Easier Portability

    Containers vs VMs (Cons)

    • Better control in virtual machines
    • Have been tested over the years
    Linux containers are made of three Linux kernel primitives:
    • Linux namespaces
    • cgroups
    • Layered file systems

    Namespace

    • A namespace is a logical isolation within the Linux kernel.
    • A namespace controls visibility within the kernel.
    • All controls are defined at the process level.

    Container Engines

    403 Forbidden

    You cannot access docker from Iran

    So What?!

    Hello World :)

    
    docker run hello-world
      

    Days before Docker

    • Installing dependencies of your app on host machine
    • Creates conflict with previous installation
    • Separate Environment - Separate Runtime
    • Code that runs on one system and doesn’t on the other

    Days after Docker

    • Dependencies and runtime environment are all in the same place
    • No need to install any dependency 💃
    • Ensuring your app and your dependencies travel together

    Docker Image

    An image is a lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files.

    Docker Container

    A container is a runtime instance of an image – what the image becomes in memory when actually executed. It runs completely isolated from the host environment by default, only accessing host files and ports if configured to do so.

    Dockerfile

    A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image.

    
    # Format: FROM    repository[:version]
    FROM       ubuntu:latest
    # Installation:
    # Import MongoDB public GPG key AND create a MongoDB list file
    RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
    RUN apt-get install -y --no-install-recommends software-properties-common
    RUN echo "deb http://repo.mongodb.org/apt/ubuntu $(cat /etc/lsb-release | grep DISTRIB_CODENAME | cut -d= -f2)/mongodb-org/3.2 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-3.2.list
    
    # Update apt-get sources AND install MongoDB
    RUN apt-get update && apt-get install -y mongodb-org
    # Create the MongoDB data directory
    RUN mkdir -p /data/db
    # Expose port 27017 from the container to the host
    EXPOSE 27017
    
    # Set usr/bin/mongod as the dockerized entry-point application
    ENTRYPOINT ["/usr/bin/mongod"]
      

    Image Layers

    image-layers

    Docker CLI (Cheatsheet)

    
    docker build -t friendlyname .        # Create image using this directory's Dockerfile
    docker run -p 4000:80 friendlyname    # Run "friendlyname" mapping port 4000 to 80
    docker run -d -p 4000:80 friendlyname # Same thing, but in detached mode
    docker ps                             # See a list of all running containers
    docker stop hash                      # Gracefully stop the specified container
    docker ps -a                          # See a list of all containers, even the ones not running
    docker kill hash                      # Force shutdown of the specified container
    docker rm hash                        # Remove the specified container from this machine
    docker rm $(docker ps -a -q)          # Remove all containers from this machine
    docker images -a                      # Show all images on this machine
    docker rmi imagename                  # Remove the specified image from this machine
    docker rmi $(docker images -q)        # Remove all images from this machine
      

    Docker Volumes

    • Data volumes can be shared and reused among containers.
    • Changes to a data volume are made directly.
    • Changes to a data volume will not be included when you update an image.
    • Data volumes persist even if the container itself is deleted.

    Docker Compose

    Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a Compose file to configure your application’s services.

    Docker Compose

    
    version: '3'
    
    services:
       db:
         image: mysql:latest
         volumes:
           - db_data:/var/lib/mysql
         restart: always
         environment:
           MYSQL_ROOT_PASSWORD: somewordpress
           MYSQL_DATABASE: wordpress
           MYSQL_USER: wordpress
           MYSQL_PASSWORD: wordpress
      wordpress:
         depends_on:
           - db
         image: wordpress:latest
         ports:
           - "8000:80"
         restart: always
         environment:
           WORDPRESS_DB_HOST: db:3306
           WORDPRESS_DB_USER: wordpress
           WORDPRESS_DB_PASSWORD: wordpress
    volumes:
        db_data:
      

    References 📚

    Fork me on GitHub