 Konnichiwa, Watashi no namaewa, Borek san Jeff Desu, and I've just exhausted my knowledge of Japanese language. Thank you very much for coming. How many are here? A quick show of hands. How many are here for the deep dive on the Linux kernel, the technical deep dive on the Linux kernel? Raise your hand. You're in the wrong room. We're here to talk to you today about containers and the OpenStack Magnum project and the involving ecosystem. Let's do a real show of hands. Now, how many have heard of the containers? You'd have to be living under a rock if you haven't heard about containers by now. It's the hottest topic in the IT industry and kind of has been for the last 18, 24 months now. We're very pleased to be here to chat with you about it. I want to quickly go over the agenda. We're going to go a little bit into the history and kind of help frame the argument for some of you who it may be a bit new to. We're going to talk how containers fit into OpenStack and in particular the Magnum project. We're going to go into a little bit of what's happening in the area of standards around containers and a lot of activity. You've heard of probably the OCI or the CNCF. We'll talk a bit about that. We'll also talk about where this is going to go in the future a bit and then hopefully we'll have some time for a little Q&A at the end. I'd like to start though by introducing a couple of my colleagues who are here with me, Megan Kostak and Dan Crook. They're both part of IBM's Open Technologies Team that I also am a part of. We roll up to IBM Vice President named Angel Diaz and what they focus on is specifically engagements with clients, helping them form their strategy around emerging open technologies and the area I focus on is working with our partnerships and business development, my background is engineering and I've done some coding in the past but it's been quite a while. I do work with the OCI and the CNCF as well as I am the chair currently of the Docker Governance Advisory Board. With that I want to turn it over to my colleague Dan who's going to kick things off. Thank you. Thanks for the introduction, Jeff. For the few of you in the room that are not familiar with containers we're just going to take a quick look at the technology and why it's so exciting. As you've been watching probably OpenStack for the last few years as we've gone from Cloud 1.0 to Cloud 2.0 where the original basis of virtualization was virtual machines. Traditional applications in these cloud environments they basically required a lot of duplicate resource usage on the hosts. They relied a lot on copying entire applications many times and they required emulation of the hardware. So on the left side of this diagram in the traditional virtual machine virtualization model there's an entire guest OS that's copied multiple times for each virtual machine that you're putting on a host's Nova compute node. There's a whole hypervisor that's emulating and translating the calls to the hardware for you and it leads to large size images as well to transfer the entire guest operating system. So with containers you're looking at basically a magnitude of much better density as well as faster startup of the applications, faster scaling, scale down and much easier deployment of applications because they're much smaller and therefore easier to transfer. So you're getting a lot of benefits with this shared kernel usage of the containers but there are some drawbacks there that expose some security vector the attack service becomes a little bit larger and that's where OpenStack Magnum comes in to help ideally host containers for you. So containers aren't new even if they're the hottest thing in the last couple of years. If you're new to them you may think that Docker is synonymous with containers but there's a long history of this virtualization that goes back even to the start of Unix. But about 15 years ago they really inert us started basically building on the old Unix CA Trute concept where the file system was segmented between processes into something where the actual processes themselves were isolated. So this concept came from FreeBSD and was translated over to Linux around 2000 but it required patching the Linux kernel. It was pretty deep into the lower level aspects of Linux so it didn't really have much uptake back then. At the same time in System 5 Unix Solaris was also innovating with operating system virtualization. So they introduced this idea of snapshots, cloning of individual virtualized instances and building upon this in 2006 Google put together a paper on process containers which were a way to group together processes to have them share resources independently on that operating system from other processes there. Red Hat introduced user namespaces with namespaces and this allowed the virtualization of users. So within a container you could now allow root privileges that never could escape that container. And IBM introduced a bit of tooling around that bringing these concepts together but there were still some questions about security and user friendliness of actually working with those tools. So that brings us to Docker which really brought the mainstream both by making the tooling a lot easier but also coming up with the concept of images and images that can be built on with deltas so you can iterate and basically take an application, package with the dependencies, build on it and deploy it out to your production systems without as many dependencies. So with all those benefits of containers naturally you'd see them go into a lot of the brand new innovation that's been going into open stack over the past five years. One of the first places that containers showed up as they were seen as smaller individual units of compute was the Nova Docker driver. So basically within horizon from the Nova CLI tools you could work with them, images could be stored in glance. So it's basically an IaaS light individual containers just managed like virtual machines. A little later we saw heat enhanced to orchestrate the deployment of containers on top of Nova instances and more recently we've seen the COLA project emerge to containerize the open stack control plane itself. So if you're familiar with starting with open stack where you had one monolithic controller node that had all the services on it, you had maybe a network node that was separate and you had n number of compute nodes. What COLA is letting you do is take all those services, spread them out over smaller resources and enable you to treat them as microservices, scale them independently, aggregate them, deploy them with zero downtime, things like that. And newest is Murano. If you're at the Vancouver Summit it basically showed the marketplace, the app catalog and how users can consume containerized applications. But the most important focus of this talk right now is open stack Magnum. And what Magnum is doing is taking a lot of innovation in containers and exposing them through the traditional open stack projects. So I'll hand it over here to colleague Megan telling you more about Magnum. Thank you Dan. All right, I'm going to walk you guys through a timeline of containers in open stack over the past few years. So back in May 2014 the open stack container team was formed and their main goal was how do we standardize the container environment in open stack. They wanted to provide consistent deployment of containers and have that familiar open stack project feel. As well as remove the risk of choosing a single container strategy just because it was just getting hot and we're not sure where it's all going. If you fast forward a year the container networking team formed to specifically focus on consistent networking strategy for containers and this is still something that's evolving. And just this last August at the open stack Silicon Valley conference the main focus was on containers and where it's all going and how it fits into open stack. And as you all know the open stack Liberty release just happened this October and the first production ready release of Magnum was included in that. So what is Magnum? It's open stacks container as a service solution and it just provides your complete management for containers in open stack. It uses heat for the orchestration of the host machines. It implements multi-tenancy using Keystone and it provides multi-host networking using Neutron. Right now it supports some container orchestration engines that include Docker swarm, Google Kubernetes and Apache Mesos. The cool thing about Magnum is that along with its own APIs it also exposes the native APIs of these container management solutions. This would include like your Docker CLI commands as well as your Kubernetes client commands. Right here up on the screen is kind of a high level view of the architecture of Magnum. As Dan stated earlier it's very integrated with a lot of the mature open stack projects you've heard of and this morning as Jonathan Brice flashed up on the screen the adoption versus maturity of projects, it's continually changing. So Magnum was, you know, on the lower aspect there being new and all but some of the most common projects that it's integrated with are Heat, Nova and Neutron and it has that consistent open stack feel or layout having the Magnum APIs client and conductor. So now that you've got a brief history of containers and what Magnum is from a high level perspective we're going to switch gears and Jeff's going to come up and talk about the foundations and the work going on there. Thanks, Megan. And if you're wondering why we're switching back, we have a philosophy it's harder to hit a moving target so we're going to keep doing that. So I want to make sure I meet expectations though. How many have heard of the open container initiative before? So about half. So I will spend a little bit of time and I think we're doing good on time so I will spend a little bit of time talking a little bit about that. I've got a small pun, I don't know if it will transition but it's the good old saying, you know, I love standards in IT industry. There's so many to choose from. And if you think about that it's like, well, wait a minute, is it standard or is there so many to choose from, you know, it represents a challenge, right? So why the open container initiative? So another quick show of hands. How many have been to a Linux conference? Linux foundation conference, let me be specific. Okay, not as much crossover as I thought there might have been. So this is a great point to stop a bit and talk a little bit about that. The whole idea behind containers is that it's really revolutionized something that was fairly deep down in the Linux kernel, fairly gory, difficult to use. And yet it's so important and IBM and other companies feel that it's so critical to the evolution of how this infrastructure is going to evolve going forward that it really can't be left to any one single company to have control over and or struggle with trying to manage. And so a number of companies have come together under the umbrella of the Linux foundation. And it's not to try and create a whole heavy bureaucracy of overhead in helping to define containers and standardize them. The real goal about doing it as a collaboration project of the Linux foundation is to provide the leverage of that existing body but only a small efficient lightweight group that are really dedicated to try and standardizing what it is to define a container format and runtime. Next slide, please. So this is really about trying to meld these emerging technology areas and how many got a chance to experience or saw news about DockerCon North America that happened in the June timeframe in North America. So at that you heard Solomon Hicks from the main stage make a big announcement about the formation of the open container initiative and that was great because up until that point IBM and other companies have been working with Docker and talking to them about what are our options, how are we going to evolve what's been this great viral uptake in the open source code behind Docker containers and begin to mature it towards an open governance model entity. And at that conference they announced that not only were they going to participate in the open container initiative but they were also going to contribute code to that initiative in the form of what's called Run C or their implementation of the container standards back. But it wasn't all altruistic. In that last year in the fall there was a competitive project announced by a company called CoreOS. They'd been working actively with Docker and yet they were struggling a bit because they had been trying to collaborate and Docker's a small company totally overwhelmed by a huge potential opportunity and so there was sort of a lack of effective forum for which everyone to come together and have dialogues about how this should evolve. So CoreOS launched a competitive alternative to Docker called Rocket and that also helped to kind of get the attention and get people in the industry thinking about this important concept of who should get to define a container and how should that evolve going forward. And you can see from the slide in front of you that there's some concepts that you can read and we could talk about them in the Q&A afterwards but the most important element of this is that it's really no longer a situation where it's intended to be Docker versus Rocket and CoreOS, etc. The press likes that. It sells news feeds and that type of thing but the real key element of that is that with this OCI coming together it sets the stage to resolve these conflicts and the other last point I want to make on this slide is that again it's not just those two companies it's IBM, it's CoreOS, it's Google, it's SUSE, it's Red Hat it's all sorts of important companies coming together to help solve this problem or this challenge associated with the OCI. Next slide. So three things that I think are most important about this concept is that the open container format specification is the document that is going to be shared in open governance as part of this collaboration project under the Linux Foundation but yes, dockers donated the Run C code and that code and the implementation spec are going to iterate back and forth as they evolve going forward under this shared governance model and CoreOS is actually going to be a key participant they've offered up AppC as their reference implementation for their spec we want to see those come together and resolve to a single group but as the slide shows it's also being driven by a lot of additional input into this process by other members of the community and that's another key element of this because at the end of the day, if you think about it how effective would Linux be if way back when there was a split and there were these two factions thumb wrestling over the control of how that would evolve so it's not going to be easy but we think it's got great potential and so far every group is really committed to making this happen and making it a reality and the last thing I'll say is this is all happening in real time in that the charter documents and the membership agreements are still getting defined through this community process and if you're interested in getting involved in it as it's coming together or going forward see me after the presentation today I'd be happy to talk to you about it a bit more next slide so I thought about putting an interim slide before with this one that just said IT, heart, buzzwords because who's heard of the CNCF? Anyone? A few? That's one of the newest elements of all of this but if you think about it it would be not exactly finishing the project if you came together and defined a container spec but what about everything else that comes into play when you look to try and effectively manage container technologies? So I talked about Docker and the group announcing the OCI that happened in June of this year one month later at the OSCON conference in North America a group of companies including Google and IBM and others all came together and announced this CNCF and the idea is containers are great and they're so impactful how are we going to share a common vision towards container automation and orchestration and so the goals as you can see here on the slide is to start with this common container packaging approach but to make sure it's dynamically managed in a way that's a open framework that's very microservices oriented and those three key elements are going to be part of what drives the vision of the CNCF it also will be a relatively lightweight meaning that it's taking advantage of the infrastructure behind the Linux Foundation it'll be a collaborative project of the Linux Foundation and you can sort of see the synergies between the OCI and the CNCF they're going to resolve their charter and membership agreements about the same time so that there's a clear end-to-end goal to start this initiative right but this isn't going to happen overnight it's going to take some time and if we can take a look at my last slide you can see that there's a pretty impressive list of companies not quite as broad and expansive as the OCI but companies like AT&T, Box, Cisco Cloud Foundry, Twitter, and others if you think about what's happening in this space how many are aware of Kubernetes? it was talked about during the morning keynote that's a very impactful project from Google based upon their Borg internal infrastructure but it's not the only type of cloud-native infrastructure project out there you've also got the Mesos project from the Apache Foundation how many have heard of Mesos? pretty good pickup on Mesos in addition to Kubernetes and Mesos you've got Docker Swarm, right? I mean that's part of what caused some of the tension in the community is that 24 months ago when Docker was brand new everybody loved Docker because it was the thing that made something that was really challenging in the past very accessible to the typical admin or developer who wanted to do a very DevOps cloud-native type of application development but when mid-last year became apparent that Docker's vision was beyond just container technology but looking at it as a platform to do end-to-end application development other competitors in that space people from the Cloud Foundry ecosystem or other ecosystems kind of got concerned and so that's another thing that in the industry we think both the OCI and the CNCF will help come together to resolve and as you can see the high-level conceptual architectural diagram here and my thanks to my friend and colleague Craig Mclucky from Google who contributed elements of this as a document as we're working together again real-time and coming up with the CNCF charter and membership agreement it gives you a high-level representation of what the architecture could be as we all try and work together on this so my last thought for this slide to leave you with is that just as the OCI targets container image portability the CNCF targets cloud application portability so it's all about freedom and it's all about choice for the individuals and users and with that I'm going to take it back over to Megan to pick up on the rest of our session Thank you, Jeff Alright, so I'm going to try to tie the foundation efforts into how it's going to affect Magnum and so let's start with what Magnum brings to the table so Magnum kind of set itself up from the beginning to incorporate, I guess, any uncertainty that the industry was going to bring in terms of containers so some of the things it brings to the table are their main goal of providing a standard container environment not having any container strategy lock-in for its users as well as an adaptable infrastructure for change so in terms of a standard container environment right now it supports Swarm, Kubernetes, Mesos and these all run Docker container or manage Docker containers which are based on Run-C which is the basis for the OCI so we're in good shape there and then with the CNCF Kubernetes donated their code as kind of the starting point and so there are some possible changes that Docker Swarm will want to align with as we see things progress and a big thing as I talked about earlier was they didn't force anyone into a strategy so users can see what's going to happen with these foundations what standards are going to come out of it and then they can choose what works best for them and just being adaptable Magnum itself supports these container orchestration engines so a lot of the changes it's going to inherit because it supports those and they're going to change and turn so that'll be good for it to sync up quick with the standards so kind of in short term what Magnum is doing now and especially throughout this week you're going to see a lot of sessions and design sessions that are focusing on providing consistent networking so right now the container networking team is trying to leverage Docker's Lib Network that way users of OpenStack will have a consistent container networking strategy in and out of OpenStack but this of course is continually evolving we could see some results this week even on it and right following this presentation is going to be another session on Courier which actually links Neutron to Lib Network which could definitely be something positive for Magnum and here is kind of a projection slide so none of this is set in stone so some things that we think Magnum is going to need to focus on in the future is of course adapt to any results of the foundations as well as contribute back that's what these foundations are all about so as Jeff stated earlier the OCINCNCF are continuing to work on their charter and member agreements so we're going to see changes there but as I said Magnum kind of is agnostic from these specific container technologies so they should be able to pick up these changes rather easily and just Magnum having a growing user base they're going to get requests for different user stories which they could then give some good insight to these foundations from a production level CAS perspective so with that I'm going to hand it back over to Dan who's going to wrap things up for us okay thanks Megan so the key takeaways here the key summary basically containers aren't new they've evolved since the early days of UNIX from CH route through all that standardization through all those features going into Linux kernel for the last 15 years and we see them going forward also collaboratively with different organizations through the OCI and through the CNCF so and containerization itself is used all over OpenStack through many different projects but probably the biggest impact is going to be on Kubernetes because I'm on OpenStack Magnum because that's the one that's directly tied to the cloud orchestration engines like Kubernetes, like Mezos and Docker Swarm and because those expose APIs directly to the end users giving the full power of the CLI and the client libraries any sort of changes that go to the format container formats or the runtimes you'll need to be aware of and finally our view really is we're excited about OpenStandards, OpenTechnology that's what we do at IBM so it's great to see that just as OpenStack has standardized infrastructure as a service as a cloud computing model providing APIs around the compute, the network and storage as you're looking at a container solution for your organization for the longer term there's of course so much rapid change in this area but looking at these standards looking for the interoperability that's provided through OpenStack and through the OCI and the cloud native computing foundation it's really something that you should be doing if you're trying to develop that containerization strategy and as we said these are very active user groups right now very active foundations with a lot of customers helping to find these standards driving in the innovation and of course we want to see people drive their requirements in their use cases basically make sure that those standards and foundations represent the end users of both OpenStack and containers in general as I mentioned there's a couple other sessions if you're really interested in Magnum a Magnum deep dive Adrian Otto the PTL of the Magnum project he's going to be doing a session tomorrow right after this one in this room is the connection from Neutron to Lib Network and there's a few other interesting talks out in the container track most of them I think are happening in this room over the next couple of days there's ones there and some other orchestration techniques scaling techniques and of course there's quite a few great resources out there in fact one of the best ones to look at right now for the state of the art in OpenStack is a white paper called Exploring Opportunities containers and OpenStack that white paper search for that you can find it there and finally before we take some questions we're going to post these slides right away after the talk so if you follow any of us on twitter or the OpenStack hashtag you can find those dig in there and find us at the conference we'll be here for the next couple of days questions okay the question was OpenStack Magnum Design Summit schedule I believe those would be happening on Friday I don't know for sure but if you look at the schedule instead of the general OpenStack Summit schedule look for the design summit sessions alright great thank you