Dockone technology Sharing (vii): Hypervisor-based Docker engine--hyper

Source: Internet
Author: User
Tags k8s
This is a creation in Article, where the information may have evolved or changed.
"The editor's words" from 2013 Docker release to 2014, the full detonation, Docker gave us a clear feeling-the container is becoming a new "silver Bomb", and Amazon AWS detonated virtual machine technology has become yesterday yellow.

Looking at Docker, what we learned from--docker is that it is an app-centric footprint, and since Docker, development, testing, production can be deployed in exactly the same environment, The production environment needs to maintain a lot of things in the development of the curing in the mirror, maintenance difficulty, consistency and certainty to improve, continuous delivery is not a dream.

So, to the virtual machine in front of the pressure, in a word that is--"virtual machine" is not the problem of "virtual", but in "machine". Naturally, do we think we can do app-centric virtualization?

Hyper is such a app-centric virtualization technology, we completely abandon the traditional virtual machine must be the same as the physical machine, running a full OS this seemingly obvious assumption, we let the Docker image run directly on the hypervisor. We have a set of containers that start directly on the hypervisor for up to 350 milliseconds and are further optimized. And all of this is "out of the box".

Of course, some people will ask, with the container why the virtual machine. Admittedly, the virtual machine is not required by all, but the virtual machine is naturally better isolated, the VM is still in many enterprise application protocol stack, such a reliance on less, out-of-the-box, but also with pod, persist mode and other additional rich features of the application, is required in many scenarios. What we are most looking forward to is to detonate a new container service--caas.

From Docker to container service

Docker is the most popular entrepreneurial project in cloud computing over the past two years, driving the entire container industry. Their most powerful point is that developers directly output Docker Image or Dockerfile, test, deployment can be highly consistent, this is still posted to @ Du Yujie @ Huawei Open source du total screenshot of the screenshot:

With the popularity of Docker, more and more applications are beginning to be deployed in Docker mode-the operating system will only be used to host Docker, provide ancillary functionality, and gradually homogenization, Coreos,redhat Atomic,ubuntu Core is moving in this direction. and IaaS or PaaS service providers, inevitably to caas--container-as-a-service transformation, to avoid really become the same as tap water infrastructure.

hyper--resolving isolation problems with virtual machines

However, the isolation of the container cannot be completely resolved (picture quoted from Huang Qiang's speech)

So there are two different options-to pursue performance, then the physical machine rental to the user, but this flexibility is limited, after the recovery of the system is very complex, and users can contact the physical machine, BIOS, network, will generate a certain security risks; or rent a virtual machine to the user--aws The choice of ECS (EC2 Container Service), which loses performance, and the user is not interested in maintaining the operating system of the virtual machine.

What we're going to say here is a different option--hosting the container directly with the virtual machine: Hyper = hypervisor docker image.

The problem of traditional virtual machine is too deliberately imitate the physical machine, deliberately to carry the full operating system, start a virtual confidential a few seconds, even a few minutes, Image has a number of GB, load spread are very slow, but in fact, there is no need, hyper hope to take both of the strengths

Hyper in the start-up cost is very low, even the very beginning of the machine, can also have very good performance, such as in a small box, which runs the ultra-low-voltage i3 CPU, the start of the delay is less than 500ms--

and Hyper's command-line usage is similar to Docker, with a single run command to start a Docker image

The implementation architecture of the Hyper is like this

On the virtual machine, after booting the kernel, the Docker Image is started directly with the INIT process without the full OS. All image processing is ready outside the virtual machine and inserted into the virtual machine to run.

Also, sometimes you need to link several closely related Docker, so that when hyper allows you to put them in a virtual machine, through Mount namespace isolate the filesystem, this is called Pod, this concept comes from kubernetes.

One more thing

Hyper also has some additional benefits, for a virtual machine-based private cloud architecture, using Hyper, allows the existing software stack for virtual machines to migrate more smoothly to the containerized direction. Furthermore, virtual machines can be better compatible with existing OpenStack software stacks, and mainstream device vendors ' networks and storage devices provide drivers for OpenStack Neutron and Cinder, which can quickly build private clouds.

We also propose hyperstack and welcome the OpenStack community Partners to drive containerized applications together.

Next steps to the upcoming improvements
    • Multi-Hypervisor Support--xen released this week, Virtualbox in development, ESXi on roadmap
    • Support for cross-platform--mac in development


Welcome to our homepage: hyper.sh,

QA Link

Q: Are there any areas where wood has tried to solve k8s?
A: We currently support the K8s pod format, and the service needs to be further integrated.

Q: What about integration with existing OpenStack Docker?
A: This, in fact, is one of the OpenStack community in the direction of doing, in fact, the final solution is basically inclined to the virtual machine-container Two-tier architecture, we are committed to become a layer of virtual machine, each has its pros and cons.

Q: How does continuous integration play?
For:
    • We are directly running Docker image, so it is no problem to continue to integrate directly with the Docker.
    • You can also use hyper for runtime in integration testing.


Q: Are you doing a reasonable combination of virtual machines and containers? 


A: Reasonable unreasonable this bad own evaluation ah, we actually used the virtual machine and Docker image, no lxc or Libcontainer.

Q: hypervisor is equivalent to a virtual machine that is cropped for Docker, and I don't know if that's right?
A: Well, hyper is basically a cut-optimized virtual machine.

Q: Will you support Hyper-V in the future?
A: For the time being, there is not enough experience in this area and may be considered in the future.

Q: Is there a scale test, or a performance test?
Answer: The test results are in line with the performance of the virtual machine estimates, CPU/MEM subsystem and physical machine close, IO system, the better performance of the IO device can see a certain performance gap, and the use of the way (serial or concurrency, etc.) are related, but if you use the network storage, or set a layer of virtual machine, There's no difference.

Q: Look at the installation seems to install Docker just to download the image, and then hyper to read the image file, there is no consideration to remove the dependency of Docker, it should be easier to understand the nature of hyper.
A: Yes, the current is to use Docker daemon to pull the image, in the future there is a plan to remove this dependency, so on the Mac can also run.

Q: Think about it, it should be Hypervisor's virtual machine default run a Docker daemon, there is only one container, is not it?
A: The Docker image that needs to be coupled will form a pod, run on the same virtual machine, and be placed in the same network namespace, which is more convenient than link, direct localhost access.

Q: So, the lower level of hypervisor is the physics machine? It sounds like the enterprise that built the private cloud needs it more, and the IaaS itself is built for it?
A: Well, the physical machine can be used directly, public cloud container services can also be used.

Q: Does the associated image run on a virtual one of these images applications to isolate anything?
A: These image normal, belong to the same tenant, mutual sharing IPC namespace and network namespace, just have different mount namespace, file system is isolated.

Q: The Lightkernel of virtual machine is your custom-made?
A: The default is that we customize the good, users can use their own kernel, but the user's own kernel possibility can be slightly different.

Q: CoreOS can also be installed on the physical machine, relative to the coreos,hyper what aspects of competitiveness?
A: The feeling is not quite the same CoreOS more emphasis on the maintenance of the OS, focusing on the host OS, we emphasize the operation of the image in Hypervisor, focusing on the VM and guest kernel side, the two still have a very good prospects for cooperation.

Q: Can I ask if the virtual machine-based private cloud architecture, migrated to hyper, will not be able to carry the scene?
A: There will be, containerized, or application-oriented packaging, will change the development, testing, release process, when you choose the evolution, we will help you to evolve the smooth, but not that can be completely fixed, installed once and for all to evolve.

Q: What does Xen, VirtualBox support mean in the upcoming features?
A: Is it let Xen use hypervisor to reduce consumption? Each their own, some people like Xen, some get used to KVM, and VBox's support is purely to help developers run on their own computers.

Q: In a word, is OpenStack Magnum a Hypervisor-based Docker engine?
A: It's a big project, it's not a Docker execution engine in itself, but we think we can integrate it.

Q: What is the biggest difference between hyper and Intel's release of Clear Linux in the previous period?

For:
    • The author is different, hmm.
    • Clear Linux is a relatively pure direct replacement for container layers, compared to purely performance optimizations, we have some pod-type feature
    • Clear Linux has a strong effect on certain kernel features and even CPU dependencies, and we emphasize the possibility of multiple hypervisor and the work of Out-of-box


Of course, clear Linux is the same as our efforts--everyone is happy to use virtual machines to host application-centric mirroring, a trend that should be recognized.

===========================

The above content is organized according to the June 9, 2015 Night Group sharing content. Wang Xu, Hyper co-founder and CTO, has worked for the China Mobile Research Institute, Shanda Cloud Computing, and as Visualops CTO, working on distributed storage systems and devops tools development. Wang Xu is also a technical author and translator, and Wang Xu's translations and articles cover topics such as the Linux kernel, file systems, virtualization, Hadoop, NoSQL, and distributed storage systems. Is O ' Reilly's "Cassandra Authoritative guide" translator. Next, Dockone organizes targeted technology sharing every week and welcomes interested students to participate.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.