Operating System 1 - Lecture 7 2022 PDF

OPERATING SYSTEM -1- LECTURE 7 Eng: Mohammad Merie 2022 VIRTUALIZATION Virtualization is the process of running a virtual instance of a computer system in a layer abstracted from the actual hardware. Most commonly, it refers to running multiple operating systems on a computer system simultaneously. To the applications running on top of the virtualized machine, it can appear as if they are on their own dedicated machine, where the operating system, libraries, and other programs are unique to the guest virtualized system and unconnected to the host operating system which sits below it. For administrators of servers, virtualization also offers the ability to run different operating systems, but perhaps, more importantly, it offers a way to segment a large system into many smaller parts, allowing the server to be used more efficiently by a number of different users or applications with different needs. It also allows for isolation, keeping programs running inside of a virtual machine safe from the processes taking place in another virtual machine on the same host. WHAT IS A HYPERVISOR? A hypervisor, also known as a virtual machine monitor or VMM, is software that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, such as memory and processing. There are two main types of hypervisor used by System Administrators and Software Developers today Type 1 Hypervisor: Most common in enterprise data centers, a type 1 hypervisor replaces the host’s operating system and lies right on top of the hardware. For this reason, type 1 hypervisors are also called bare metal hypervisors or embedded hypervisors. Type 1 Hypervisor Examples: VMware hypervisors like vSphere, ESXi and ESX Microsoft Hyper-V ,Oracle VM Server ,Citrix Hypervisor WHAT IS A HYPERVISOR? A type 2 hypervisor is hosted, running as software on the O/S, which in turn runs on the physical hardware. This form of hypervisor is typically used to run multiple operating systems on one personal computer, such as to enable the user to boot into either Windows or Linux. Type 2 Hypervisor Examples: VMware Workstation VMware Fusion Oracle VirtualBox Oracle Solaris Zones Oracle VM Server for x86 WHAT IS A VIRTUAL MACHINE? A Virtual Machine (VM) is a compute resource that uses software instead of a physical computer to run programs and deploy apps. One or more virtual “guest” machines run on a physical “host” machine. Each virtual machine runs its own operating system and functions separately from the other VMs, even when they are all running on the same host. This means that, for example, a virtual MacOS virtual machine can run on a physical PC. VMs can run multiple operating system environments on a single physical computer, saving physical space, time and management costs. CONTAINERIZATION Containerization is a lightweight alternative to virtualization. This involves encapsulating an application in a container with its own operating environment. Thus, instead of installing an OS for each virtual machine, containers use the host OS. Each container is an executable package of software that runs on top of a host OS. A host can support many containers concurrently. This container is portable and can be used on any infrastructure in any environment that supports the container technology, such as Docker and Kubernetes. VIRTUALIZATION VS CONTAINERIZATION VIRTUALIZATION VS CONTAINERIZATION comparison Virtualization Containerization Isolation Provides complete isolation from Typically provides lightweight the host operating system and the isolation from the host and other other VMs containers, but doesn’t provide as strong a security boundary as a VM Operating System Runs a complete operating Runs the user-mode portion of an system including the kernel, thus operating system, and can be requiring more system resources tailored to contain just the needed such as CPU, memory, and services for your app using fewer storage system resources Guest Compatibility Runs just about any operating Runs on the same operating system inside the virtual machine system version as the host Networking Uses an isolated view of a virtual network adapter. Thus, provides a Uses virtual network adapters little less virtualization VIRTUALIZATION VS CONTAINERIZATION comparison Virtualization Containerization Deployment Deploy individual VMs by using Deploy individual containers by Hypervisor software using Docker or deploy multiple containers by using an orchestrator such as Kubernetes Persistent Storage Use a Virtual Hard Disk (VHD) Use local disks for local storage for local storage for a single VM for a single node or SMB for or a Server Message Block storage shared by multiple nodes (SMB) file share for storage or servers shared by multiple servers Load Balancing Virtual machine load balancing is An orchestrator can automatically done by running VMs in other start or stop containers on cluster servers in a failover cluster nodes to manage changes in load and availability. WHAT IS DOCKER? Docker is a software platform that allows you to build, test, and deploy applications quickly, packaging software into standardized units called containers. that have everything the software needs to run including libraries, system tools, code, and runtime. DOCKER ARCHITECTURE DOCKER ARCHITECTURE The Docker client (docker) is the primary way that many Docker users interact with Docker. When you use commands such as docker run, the client sends these commands to dockerd, which carries them out. The docker command uses the Docker API. The Docker client can communicate with more than one daemon. The Docker host provides a complete environment to execute and run applications. It comprises of the Docker daemon, Images, Containers, Networks, and Storage. As previously mentioned, the daemon is responsible for all container-related actions and receives commands via the CLI or the REST API. It can also communicate with other daemons to manage its services. DOCKER ARCHITECTURE The Docker daemon (dockerd) listens for Docker API requests and manages Docker objects such as images, containers, networks, and volumes. A daemon can also communicate with other daemons to manage Docker services. A Docker registry stores Docker images. Docker Hub is a public registry that anyone can use, and Docker is configured to look for images on Docker Hub by default. You can even run your own private registry. When you use the docker pull or docker run commands, the required images are pulled from your configured registry. When you use the docker push command, your image is pushed to your configured registry. DOCKER OBJECTS Image: image is a read-only template with instructions for creating a Docker container. Often, an image is based on another image, with some additional customization. For example, you may build an image which is based on the ubuntu image, but installs the Apache web server and your application, as well as the configuration details needed to make your application run. You might create your own images or you might only use those created by others and published in a registry. To build your own image, you create a Dockerfile with a simple syntax for defining the steps needed to create the image and run it. Each instruction in a Dockerfile creates a layer in the image. When you change the Dockerfile and rebuild the image, only those layers which have changed are rebuilt. This is part of what makes images so lightweight, small, and fast, when compared to other virtualization technologies. CONTAINER A container: is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API or CLI. You can connect a container to one or more networks, attach storage to it, or even create a new image based on its current state. By default, a container is relatively well isolated from other containers and its host machine. You can control how isolated a container’s network, storage, or other underlying subsystems are from other containers or from the host machine. A container is defined by its image as well as any configuration options you provide to it when you create or start it. When a container is removed, any changes to its state that are not stored in persistent storage disappear. NETWORKING Docker networking is a passage through which all the isolated container communicate. There are mainly five network drivers in docker: Bridge: It is the default network driver for a container. You use this network when your application is running on standalone containers, i.e. multiple containers communicating with the same docker host. Host: This driver removes the network isolation between docker containers and docker host. You can use it when you don’t need any network isolation between host and container. Overlay: This network enables swarm services to communicate with each other. You use it when you want the containers to run on different Docker hosts or when you want to form swarm services by multiple applications. macvlan: This driver assigns mac address to containers to make them look like physical devices. It routes the traffic between containers through their mac addresses. You use this network when you want the containers to look like a physical device, for example, while migrating a VM setup. STORAGE Storage: You can store data within the writable layer of a container but it requires a storage driver. Being non-persistent, it perishes whenever the container is not running. Moreover, it is not easy to transfer this data. With respect to persistent storage, Docker offers many options: Docker volume: is the most commonly used technology for the permanent storage of container data. Docker volume is managed by Docker itself and has a dedicated filesystem on the host, doesn’t depend upon the filesystem structure on the host. Docker volumes are explicitly managed via the Docker command line and can be created alone or during container initialization. When stopping or deleting a container, Docker volume remains permanently stored. Docker bind mount: is the second permanent storage option but with more limited options than Docker volume. It can’t be managed via Docker CLI and is totally dependent on the availability of the filesystem of the host. A host filesystem can be created when running a container. Bind mounts are a sort of superset of Volumes (named or unnamed). STORAGE Tmpfs: is a third storage option that is not permanent like Docker volume or bind mount. The data is written directly on to the host’s memory and deleted when the container is stopped. Very useful when it involves sensitive data that you simply don’t want to be permanent. A really significant difference is that containers can’t share tmpfs space unless they’re running on Linux OS. Two flags are used when creating tmpfs volume: tmpfs and mount. Mount flag is newer and supports multiple options during container startup. Temporary filesystems are written to RAM (or to your swap file if RAM is filling up) and not to the host or the container’s own filesystem layer at Docker.com: Docker tmpfs. Storage Plugins: Storage Plugins provide the ability to connect to external storage platforms. These plugins map storage from the host to an external source like a storage array or an appliance. You can see a list of storage plugins on Docker’s Plugin page. INSTALL DOCKER ON UBUNTU https://docs.docker.com/engine/install/ubuntu/

Operating System 1 - Lecture 7 2022 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue