 We would never do that. So good afternoon. How are we all doing after lunch today? Good. Yeah, right. I see anybody sleeping. This is pretty heavy. So stay awake. So that's almost said. I'm here to talk to you a little bit about containers. Mostly to kind of lay out the landscape. Going on an IT around containers, also virtual machines and cloud management. Because there is a ton of hype and information out there regarding these technologies. And as a former technology journalist and now the community liaison for the Overt open source project I really have this disdain for hype because it is something that fuels the media and they feed on it and they give it all out to you and they kind of go crazy with it. And one of the things that I try to do is to hopefully put things in a better perspective. And that's sort of the object of this rambly little talk today. So here we go. We live let me get the right button here. Okay, sorry. We live in a very operating center world. Just like Earth is pretty much the center of our universe. And as you can see we do very well in Mr. and Miss Universe pageants. And the rest of the universe can just you know but we at IT, we live in a very operating center world. Everything we've done pretty much to date, you know, rotates around the operating system in some way or another. It's never been any different. We've changed the way we get to the operating system and we've changed how we, you know, manage it but still there's been a lot of consistency in this arena. Now, virtualization you could argue is the abstraction of the operating system layer and getting it away from the hardware and this is true. And this is a big innovation that we've had in recent years and we're all pretty much familiar with virtualization and how it works and how it can be used effectively in IT. But then beyond that we moved to cloud which is the automation of virtualization and let the apps basically determine their elasticity and go in there and pull in and push out their resources as needed. And those are really, you know, those are two of the big first steps to turning, you know, your visible pieces of iron into virtual machines. But virtualization is not the be-all end-all of IT management because even though the machine is virtual they still need to be managed. You're still dealing with the operating system and all the patches and updates and all the inherent administration that you have to have with an operating system stack. Everything is there whether it's virtual or physical. And that's through whether you're using tools to manage your virtual machines like Overt, which is sort of as if you're not familiar with it it's a virtual machine management platform that runs at data center level of scalability or something like OpenStack and RVO is Red Hat's OpenStack implementation which also manages virtual machines at data center levels except now it's doing it with cloud tools so you've got elasticity and built into the equation. But for all this all this fancy stuff up here that we talked about, virtualization you still, as I've said you're dealing with operating systems. We haven't really gotten away from that yet. We're starting to but for now this is where we've been so we have to contend with all the different problems with operating systems and we have to have configuration management tools in place like the ones you get from Puppet and Chef and Ansible these are all, there's a whole ecosystem around the managing of these machines. So in Overt this is a diagram of how Overt kind of looks and it's relatively complex this is not something that you would want to you know mess around with too much as far as you know getting into the guts of it and there's a lot of overhand virtual machine management. If you look at something like OpenStack and this is their own diagram and I apologize for the pencilation but that's OpenStack's new diagram and I've been told this is the simple bind one. Yeah. I'm not dissing OpenStack but it is a very complicated piece of machinery that you have to get in place and I think part of what's been holding it back is that it's very complex and it's very overpowered for what a lot of people need. Now back in OvertLamb which is something I'm a little bit more familiar with you know whether you're dealing with a single host or you've got many data centers virtualization still has its issues okay it can be kind of faulty to manage but now here comes the exciting part we're actually getting to the point in the conversation that's where we've been here's where we are now we're looking at some of these funny little things called containers and containers are a very interesting piece of technology because now finally we're starting to break away from the operating system-centric model so just as early Renaissance philosophers and scientists figured out that hey maybe the earth isn't the center of the solar system maybe the sun is so generally finding that containers are now application-centric so if you're not familiar with containers basically what they are are names they're restricted namespace sets that basically allow you to just have the application and then a few libraries of whatever that application needs and then that's it not an entire operating system it's not virtualization by any way and shape or form anything else that a container needs it goes down and talks to the kernel and pulls up the tools that it needs from there so really from a DevOps point of view containers are awesome because if you're a developer on the DevOps side now you only have to code for the application you just worry about the application pull it whatever a few special libraries you need and then out the door it goes if you're an administrator on the outside it's going to be very attractive for you as well because with things like Docker you get a lot of portability you can just basically pick one up and move it to the other machine or host and you're set to go so that's the DevOps model and has really revitalized containers because containers aren't new they've been around for quite some time they've been in the form of Solaris Zones and BSD Jails and LXC for Linux containers are not new but DevOps has really revitalized the interest in containers and made them a very attractive piece of technology and in just recent years we've seen I wouldn't call it an explosion but definitely a small minor earthquake in new tools Docker came along only in 2013 and now we've got Rocket and Red Hat's Project Atomic and CoreOS and Ubuntu Snappy and even Overt is giving containers a little bit and third party vendors I'm not even really sure what they knew but they're using containers and they're advertising them and so this, the last one on the bottom clicker and I'm not really here to disturb at all but this sort of is like the first sign of what we used to call in the news media cloud washing that with cloud technologies became really popular basically everybody and their brother and sister went out and said hey we were cloud too you know I have a truth brush that's in the cloud okay that's great how many cavities do I have well the cloud now knows okay what did I eat for breakfast oh there you go but that was sort of the hype that was generated I'm only exaggerating slightly and people are now starting to do that with containers and this isn't really going to be a talk about you know the product that I work with necessarily as far as hiking them but I am more familiar with Overt and I am definitely more familiar with Project Atomic so I'm going to use Atomic to show you one way that containers can be managed in an IT environment so what Atomic is is a minimal fedora or enterprise Linux host either, and by enterprise Linux either said to us or Red Hat Enterprise Linux excuse me and what Atomic is basically geared to do is a minimal host that allows you to basically orchestrate and manage containers in an environment that is more secure and hopefully more robust than what you get when you just run Docker out of the box because Docker is really cool but right now I realize they are still working on it but Docker is very limited in what it can do in terms of managing itself you can create containers and you can deploy them and turn them on and off but that's basically it there aren't a lot of extra tools running around in just Docker proper so what Atomic's done and it's not a separate operating system or anything like that it's basically collecting a whole bunch of different tools from the upstream pulling them in and combining them in a basic form that ideally will make it easier for people to manage their containers so obviously part of that equation has to be as I've been mentioning Docker itself so we consume Docker and we use the inherent tools that are in Docker the portability within Docker which has made it really very popular over some other container technologies we are also using a tool that was originally developed for GNEL and now it's been re-purpose to use it's called OS Tree and if you're not familiar with OS Tree the oversimplified way of describing it is that think of it as it's not really a package manager on its own we're not replacing RPM at all but we are doing things with it so OS Tree has euphemistically been called get for packages so the idea is that you build your package set and then you deploy them in a single atomic image that's actually where the name atomic comes from and just like yet you roll that out in a single update single push out and out it goes the nice thing about this model is that if you make a mistake and as Thomas said to air so to speak if you make a mistake see I've got you right here if you do air then you can basically with one command reverse the whole thing you pull back the entire atomic update and just like you wouldn't get you just basically roll back the branch and you're set now that's OS Tree and then have RPM I should mention for those of you who are more interested in Debian that there is a DEB OS Tree out there it's not necessarily dependent on RPM to work so there is a bit of work being done with OS Tree for the Debian package manager so it's something that would exist hopefully it will be more robust in that ecosystem as well another big part project atomic is orchestration orchestration is really a tough nut to crack and that we have at minimum we have three tools within a topic that take care of this the first is cockpit cockpit is basically a very nice simplified graphical interface that basically lets you activate and deactivate containers as needed so it's pretty simple turn it on there's your container running the application or service that you want and you're set to go but other orchestration layers are needed as well for instance we're also consuming Apache Mesos which allows you to orchestrate containers across multiple hosts we're also using another orchestration layer from Google Google Kubernetes which allows us to orchestrate applications that have to be across multiple containers so there's a lot of different layers that are going on there and with these tools we're hoping that project atomic will be a tool that people will look at and know what I use for their container management in IG so between you and me it sounds like that I've done a big mess up on my own I've spent about 10 minutes here talking of containers so why not containers what's wrong with this picture okay why can't we just jump on board and move ahead because after all containers are certainly awesome and that is basically true except when they're not and this is the problem that we have to look at with any kind of new technology and the biggest point that I want to get across to everyone here today is if you're interested in containers or any other solution that I've mentioned for IT the most important thing is that you know the limitations of that technology now certainly there are some problems with containers Docker itself and this is again part of a success story has mitigated some of those problems that containers have one of the biggest ones is security security is a an issue with containers because of the way they're structured and the way they talk to the kernel you can have problems of leaking memory processes which basically could lead to vulnerabilities the way you set up your container you could have it set up so basically you're effectively running your application as root because it directly has access to the kernel and so on and so on different tools have different ways of taking care of that problem I was talking to somebody from the rocket team and their way is they're going to try to sign all these containers and then you know with actual signing and what not they believe that's a strategy that will help mitigate the security issues that could happen with a container and project a topic we were wrapping SE Linux around the whole thing and we use SE Linux policies to hopefully take care of containers that get a little body but we've gone through a lot here we've gone through you know virtualization, the cloud containers and I've talked to several people you know even recently in the recent weeks and months who aren't even really ready to make the jump to virtual they're still in bare metal they're not big enough or they don't want to deal with the overhead and now you know and let alone think about something like cloud let alone think about something like containers okay so this is not a slam on any of these technologies the important thing is we as IT professionals have to be honest with ourselves about what we need now and what we need in the near term future we should not be you know suckered or swayed or whatever you want to call it by the next salesperson who comes along and says this is the greatest shiny thing ever resist the shiny be honest with yourselves and hopefully understand what you need you may not need containers if you're not really interested in getting to a DevOps model of development in IT then maybe that's not what you need you know to use and maybe containers or something you can sort of play around with but maybe what you actually need is a virtual machine and if you're using virtual machines do you need cloud do you need elasticity or can you handle your scaling in a slow and progressive way in which case maybe you don't need something as complicated as cloud but that's for you to decide you have to look at yourself in the mirror you have to figure out what it is that you actually need and what is going to be good for you and your IT and your customers in the coming months and years plan ahead so whether you look at it how you are and how you are in the future and make sure that you're being really honest with yourself there's nothing wrong with container technology it is exciting and new and I think it has a lot of potential organizations that truly need it the same holds through for cloud the same thing holds through for virtualization and if you're honest with yourself I think you will find you will have less headaches moving forward and you will have resisted the container height because basically the philosophy is this just because you can build with any tool such as this nicely built car with Legos doesn't necessarily mean that's the best way so with that are there any questions? I have plenty of time for questions if you're using container management already or maybe not so are you basically saying that containers are like an alternative to operating systems? in a way yes I mean it's funny you say it quite like that because that's what sparked this talk when we launched Project Atomic last summer several reporters in the audience said does this mean that operating systems are dead? which is not what you said and that sort of led to this whole thought that I had about what is it I think that in certain situations containers especially for a DevOps environment can be an alternative for operating systems you still have to have the operating system underneath that is actually one of the advantages of containers their portability across different systems but also that's a disadvantage because they still all have to be Linux if you're running Docker it has to be homogeneous environment so that's a problem there so the operating system is still there you're just sort of abstracted one more layer up and then you as a developer if that's what you're doing you don't have to worry about the operating system as much somebody makes a patch to the operating system as long as Docker is running and still steady your container will be just fine because I was going to ask operating system who gets to control the processor and what about shared memory are you saying that the operating system is still there right because containers are there's sort of an offshoot of the Linux kernel at least in Dockerland in Slares, with Zones they're dealing with the Slares kernel so yeah there still has to be that connection there you can't run them independently but unfortunately as I've said there's some contain on that operating system if I have a Docker container I pretty much have to run it on a Linux machine if I want to run it on Windows I have to run the virtual machine on top of Windows and put the container in there alright one more question I was looking at the tools and support provided by Docker now launched DockerSwarm, DockerMachineD DockerCompose what they're trying to do is they're trying to convert a container managing it like a virtual machine actually we are and then there is another purchase going on OSV MirageOS by Zen so how do you see the future of those versus this efforts yeah I didn't take too long with this I would back up to that slide because like Rocket and then Docker's enterprise product that they have are definitely tools like Atomic and CoralAcid are there to manage that I think that this gets into the manager expectations point that I was trying to make earlier you need to understand the difference between running the whole virtual machine versus running the container because superficially from the outside it looks very similar you know if I have I go to Docker.io and I start up in a Wutu container or a CentOS container and it's running the entire operating system within how is that different from a virtual machine and so we have to figure that out how are the resources managed, how does that make things work within our IT so it's a complicated question I think that the future basically means that what we're going to be in that scene is a lot of consolidation I think you're going to see virtual management tools like Zen and Overt start managing containers and I would be too surprised if you had tools like Docker and whatnot starting to look at handling virtual machines I think that people are going to start making the consolidation moves so thank you Thank you Brian, please