LINFO2145 Cloud Computing Quiz - Containers

Questions and Answers

What is one of the primary learning objectives of the lecture?

• To explore machine learning algorithms
• To understand the principles of OS-level virtualization and containers (correct)
• To analyze financial models of cloud computing
• To create a personal cloud server

Which technology is primarily addressed for building and deploying containers?

• OpenStack
• Docker (correct)
• VirtualBox
• Kubernetes

What will students receive for participating in the individual work?

• A guaranteed passing grade
• Extra credit points
• A designated mentor
• A certificate grade for participation (correct)

In the context of cloud computing, which of the following is NOT mentioned as a topic in the course outline?

Network security protocols (D)

What is one of the grading components mentioned for the quiz?

Indicative grade of 0 to 60 points, plus a fixed 20 for each review (D)

Which aspect of containers is introduced in the lecture objectives?

Networking and container management frameworks (A)

What framework is associated with the composition and management of containers?

Container orchestration frameworks (A)

What is the ultimate goal of the students' reviews in the quiz process?

To provide peer feedback on answers given (B)

What is a key advantage of using containers over traditional virtual machines?

Less overheads (A)

What does the term 'OS-level virtualization' refer to?

Containers running on modified kernel calls (A)

Which of the following statements about containers is NOT true?

Containers eliminate the need for an operating system. (A)

What was one of the significant contributions of Rivière to container technology?

Combining virtual machines and containers for management efficiency (B)

In what year was the first release of Rivière's container technology?

2014 (D)

What aspect of virtualization do containers lack compared to virtual machines?

Isolation of applications (C)

Which of the following describes a limitation of using containers?

They may allow resource sharing that isn't fully isolated. (A)

Which feature enhances the efficiency of containers according to their design?

Kernel integration for context switching (A)

What is the primary purpose of Docker networking?

To connect containers as separate network interfaces (A)

Which command creates a new Docker network?

docker network create [name] (B)

What tool is NOT mentioned for managing sets of containers?

OpenShift (A)

What does orchestration in container management primarily involve?

Managing resources and scheduling for multiple containers (D)

Which of the following correctly describes composition in the context of Docker?

Grouping several containers together as a single entity (B)

Which tool is specifically mentioned for service discovery?

Consul (D)

What aspect makes managing individual containers complex?

The manual wiring of containers together (D)

Which of the following accurately describes Docker Swarm?

A method for orchestrating and scheduling containers across hosts (D)

What is the primary purpose of process isolation in Docker containers?

To ensure each container runs in its own user-space environment (A)

What command is used to run an interactive shell in a Docker container using the Ubuntu image?

docker run -i -t ubuntu /bin/bash (D)

In Docker, what does resource isolation and grouping via cgroups help to manage?

The CPU and memory allocation for each container (C)

What is the significance of copy-on-write filesystems in Docker?

They enable efficient storage by sharing layers across multiple containers (D)

What does the -i option do in the docker run command?

It keeps STDIN open from the container (C)

Which of the following accurately describes network isolation in Docker containers?

Containers have unique virtual interfaces and IP addressing (C)

What effect does the -t option have when launching a Docker container?

It creates a TTY to permit user interaction with the shell (D)

What is one of the key features of Docker containers concerning file systems?

Each container has its own root file system and is isolated (B)

What is the purpose of a docker-compose YAML file?

To describe a set of containers and their runtime properties (A)

How are ports configured in a docker-compose setup?

Ports are instantiated using the 'ports' directive in the YAML file (B)

What command is used to start the containers defined in a docker-compose file?

docker-compose up (D)

What information does the 'links' directive in a docker-compose YAML file provide?

It sets up automatic networking and service discovery between containers (C)

What happens when 'docker-compose up' is executed?

Both containers are executed as defined in the YAML file (D)

Which command would you use to stop running containers defined in docker-compose?

docker-compose stop (A)

When specifying volumes in docker-compose, what does the ':' symbol indicate?

The path on the host machine to be mounted in the container (B)

What is the significance of the prefix added to the output when running 'docker-compose up'?

It identifies the unique namespace for each running container (C)

What is a significant benefit of OS-level virtualization in the context of cloud computing?

It simplifies managing and deploying large-scale resources. (C)

How are containers and Virtual Machines characterized in relation to each other?

They are complementary technologies that can coexist. (B)

Which statement correctly describes the current state of container management software?

It is fast-evolving and not yet commercially settled. (D)

What trend does the DevOps movement influence in the technology landscape?

Growing interest in virtualization technologies. (C)

Which companies are mentioned as prominent users of container technology?

Docker, Google, and Core OS. (B)

What is noted about the adoption of container technologies among non-IT companies?

Adoption is still developing for these companies. (D)

What aspect of the container ecosystem is highlighted in the conclusions?

It is characterized by rapid changes and innovations. (C)

In what way is container management described in comparison to Virtual Machines?

Container management remains less mature than its Virtual Machine counterpart. (C)

Flashcards

OS-level Virtualization

OS-level virtualization is a technique that allows multiple operating system instances to run concurrently on a single physical machine. Each instance is isolated from the others, but shares the underlying hardware resources.

Containers

Containers are a lightweight form of virtualization that allows applications to run in isolated environments within a shared operating system kernel. They package up an application with its dependencies, ensuring portability and consistency across different environments.

Docker

Docker is a popular open-source platform for building, deploying, and managing containers. It provides a powerful set of tools and a framework for creating, running, and distributing containerized applications.

Container Composition

Container composition refers to the ability to combine multiple containers into a single, interconnected application. This allows for modularity and flexibility in deploying complex applications.

Container Discovery

Container discovery is the process of finding and connecting to other containers within a network. It allows containers to communicate with each other and collaborate to perform tasks.

Container Orchestration

Container orchestration refers to automating the deployment, scaling, and management of containers. Orchestration frameworks handle tasks like scheduling, resource allocation, and load balancing for a large number of containers.

Container Management Frameworks

Container management frameworks provide tools and services for monitoring, controlling, and managing containers throughout their lifecycle. They offer features like logging, security, and resource monitoring.

DevOps

DevOps is a software development methodology that emphasizes collaboration, automation, and continuous improvement. It aims to bridge the gap between development and operations teams to deliver software faster and more reliably.

What is Docker networking?

Docker networking provides a way to connect containers (e.g., web app and database) across different hosts, simplifying communication between them.

How does Docker abstract networking between containers?

Docker networking uses separate network interfaces (e.g., db, log) to abstract the networking between containers, simplifying the management of container communication.

Where is inter-container networking configured in Docker?

Inter-container networking configuration in Docker happens outside of the containers themselves, using commands to create and manage networks.

What commands are used to create and connect Docker networks?

Docker network create [name] creates a new network. docker network connect [network_name] [container] connects a running container to a network.

How do higher-level tools like Compose, Swarm, and Kubernetes use Docker networking?

Compose, Swarm, and Kubernetes rely on Docker's networking capabilities for container communication.

What is container orchestration?

Orchestration deals with the management and coordination of multiple containers across different Docker hosts, including resource allocation, service discovery, and scheduling.

What is container composition?

Container composition allows for grouping multiple containers together as a single entity, simplifying the management of related services (e.g., web server, database, administration interface).

What tools help with container orchestration and service discovery?

Docker Compose, Consul, Docker Swarm, and Kubernetes are tools that extend Docker's capabilities, offering solutions for container composition, service discovery, and orchestration, allowing efficient management of complex container deployments.

Machine-level virtualization

A heavier virtualization approach that emulates an entire hardware system and its operating system, providing full isolation but with greater resource overhead. This is typically used for running different operating systems on a single physical machine.

Portability

A core advantage of containers, they provide a consistent environment for the application regardless of the hardware or operating system, ensuring that the application works the same on all platforms.

Isolation

The ability to run applications in isolated compartments, minimizing conflicts and ensuring that one application doesn't interfere with others.

Container Security

Containers offer a level of security by providing a controlled and limited environment for applications, reducing the potential attack surface. However, they are not entirely foolproof, as they rely on the host operating system's kernel for security.

Docker Container

A software container that encapsulates an application and its dependencies, providing a complete execution environment.

File System Isolation

The process of isolating a container's access to the host operating system's file system. Each container has a separate root filesystem.

Process Isolation

The ability to run a container with its own set of processes, isolated from other containers and the host system.

Network Isolation

The process of isolating each container's network access. Containers have virtual network interfaces and IP addresses, allowing for controlled communication.

Copy-on-Write Filesystems

A mechanism that allows containers to share common layers of the file system, reducing storage space and improving efficiency.

Resource Isolation and Grouping

The process of allocating CPU and memory resources to containers individually, providing more efficient resource management with cgroups.

Logging

The ability to collect and log the standard output, standard error, and standard input of a container independently.

Interactive Shell Capabilities

The ability to interact with a container through a terminal or command line interface, allowing for direct interaction.

Docker Compose

A tool used to define and manage multi-container Docker applications, simplifying their deployment and orchestration.

docker-compose.yml

A YAML file that describes the configuration of a Docker Compose application, defining its services (containers), their dependencies, and how they communicate.

Docker Compose Service

A container within a Docker Compose application that provides a specific service, such as a web server, database, or message queue. It's defined in the docker-compose.yml file.

Docker Compose Linking

The way Docker Compose services communicate with each other, establishing connections and sharing resources. It can be defined through links or networks.

Docker Compose Links

A method of linking Docker Compose services, where services can access ports and services exposed by other linked services.

docker-compose up

A command used to start and run all the services defined in a Docker Compose application, based on the configuration in the docker-compose.yml file.

docker-compose ps

A command used to list all running Docker Compose services, showing their status and details.

Docker Compose Equivalents

Docker Compose commands that mirror standard Docker commands, but tailored for multi-container applications. These commands include 'stop', 'start', 'restart', and others.

Study Notes

Cloud Computing - OS-level virtualization and containers

• Course: LINFO2145

• Lecturer: Pr. Etienne Rivière

• Topic: OS-level virtualization and containers

• Objectives:

  • Understand the history and principles of OS-level virtualization and containers.
  • Detail how to build and deploy containers using Docker.
  • Introduce composition, networking and container management frameworks for Cloud environments.

• Outline:

  • Introduction
  • History of OS-level virtualization
  • Linux containers
  • Containers vs. Virtual Machines
  • Docker containers and usage examples
  • Containers composition, discovery, orchestration and management
  • A few words on DevOps

• Announcement:

  • First quiz on lectures 1 and 2 available on Moodle after the lecture.
  • One week to provide answers (before lecture +1 on Wednesday @10:45).
  • One week to review answers (before lecture +2 on Wednesday @10:45).
  • Grading guidelines provided.
  • Only students submitting answers will be invited to grade.
  • Indicative grade of 0-60 points +20 (fixed) for each review.
  • Certificate granted for participation with sufficient effort in responses/reviews.

• A Thousand-Mile Perspective:

  • Independent management of containerized applications.
  • Decouple OS and application deployment and management.
  • Shift from machine-oriented to application-oriented datacenters.
  • Container management systems (Swarm, Kubernetes).
  • Similar role to OpenStack but for containers, with additional support for service-oriented architectures.

• Containers: a definition

  • A single OS, single kernel, single device drivers and single file system.
  • Support for multiple user-space instances over a single kernel-space instance.
  • Enabling mechanism: Isolation
  • No visibility or access across user-space instances, no sharing of process identifiers, file handlers, shared memory, or file system (unless explicit), or I/O devices or networking.
  • Processes in one user-space instance believe they have an exclusive operating system.
  • Enabling policy: resource management (e.g., memory, network, disk quotas).

• Containers: some history

  • Relies on UNIX/Linux kernel features (added before cloud computing).
  • Added for isolation of processes in debugging, testing, and safety.
  • Windows are adapting similar mechanisms more recently due to their use in cloud computing environments.
  • Key milestones: UNIX chroot, FreeBSD jails, Linux cgroups, namespaces.

• chroot

  • UNIX kernel system call since the late 1970s.
  • Chroot wrapper program for filesystems isolation.
  • Changes apparent root directory for running processes and children.
  • Used for testing (unit, dependency, regression, compatibility).
  • Example: build farms for Ubuntu/Debian.
  • No security isolation.

• FreeBSD jails

  • First example of securely isolated containers.
  • Similar to chroot but with root privilege isolation.
  • Splits FreeBSD OS into independent mini-systems called jails.
  • Undistinguishable from root environment.
  • Support for nested virtualization.
  • One application: honeypot for intruders.

• Namespaces and control groups (cgroups)

  • Namespaces: Grouping system resources (mount control points, process and user identifiers, network interfaces, inter-process communication, etc.).
  • Dynamically creates or joins namespace instances, allowing separation at resource type level.
  • Cgroups: Resource accounting and limitation between processes (memory usage, file system cache, prioritization).

• Linux containers

  • Generic name for containers based on namespaces and cgroups.
  • Active open-source projects: OpenVZ (2005), LXC (2008), Linux-VServer (2013), Open Container Initiative runC (2013), Rocket by CoreOS (2014).
  • Generally complex to use, configure, and automate.

• Docker

  • Wraps up complete applications inside containers, supporting runC and other container technologies.
  • File system containing everything needed (runtime, system tools, system libraries).
  • Solves the portability problem of earlier container implementations assuming the same OS distribution.
  • Open-sourced by dotCloud PaaS (2013), 1.0 release in June 2014.
  • Huge success and interest.
  • Full functional toolset for creating and managing portable containers.
  • Docker containers: features (process, network, resource isolation, file system, copy-on-write).
  • Running a first container (commands).

• Docker Hub

  • Registry for storing Docker images.
  • Public Docker Hub operated by Docker,Inc.
  • Possible to add your own (company) registry .
  • Top-level repositories (e.g., docker pull ubuntu:latest).
  • User repositories (e.g., docker pull username/ubuntu:latest).
  • Searching for images (e.g., docker search puppet).

• Creating images

  • Typically built from existing base images(e.g., ubuntu:latest).
  • Requires Dockerfile and docker build.
  • Publishing to Docker Hub is possible with a free account.

• Creating a simple web server

  • Steps to create a web server image.
  • Using Dockerfile and commands.
  • Exposing a port for access.

• Docker commands (e.g., build, run, ps, stop, attach, inspect).

• Daemonized containers (containers running in the background, with no interactive shell).

• Docker networking

  • Connecting containers (e.g., web app and database).
  • Abstracts host networking (e.g., db, logs).
  • Configuration done outside of the containers.

• Composing and orchestrating containers

  • Managing individual containers by hand is complex.
  • Composition (grouping containers).
  • Tools: docker-compose, Consul, Docker Swarm, Kubernetes.

• Docker-compose

  • Describes a set of containers and their properties in a YAML file.
  • Lists containers, commands, ports or volumes as needed.
  • How containers are linked.

• Consul

  • Distributed application with many services requiring discovery.
  • Containers register their services with Consul (service name and contact information).
  • Consul monitors service liveness (availability).
  • Catalog of available services, accessible via DNS-like and HTTP-based REST APIs.

• Docker Swarm

  • Manages multiple Docker hosts as a single virtual host.
  • Exposes the regular Docker API across a cluster of hosts.
  • Integrated with the regular Docker client and worker nodes.

• Docker and the DevOps Movement

  • Traditional separation of roles (dev and ops).
  • Agile development, release.
  • Need for consistency of deployments and stability.
  • DevOps bridges the gap by integrating release/test/deployment processes.
  • Treats configuration as code and manage VMs and applications.
  • Well-suited for micro-services approach.

• Kubernetes

  • Google used Linux containers.
  • Large number of hosts, needs for advanced features.
  • Dynamic configs, service discovery, auto-scaling, and quota management.
  • Three generations of systems: Borg, Omega, and Kubernetes.
  • Open source (since 2014).
  • Tightly integrated with Docker; now also used by companies such as Core OS, Red Hat.

• Conclusions

  • OS-level virtualization gained interest for large-scale resource management in the cloud.
  • Companies built software for simpler, easier automation of container use.
  • Containers and VMs are complementary, not opposing technologies.
  • Container ecosystem continues evolving quickly as a commercially well settled alternative to VMs.
  • Used by tech companies, including Google, and DevOps movement.