Download as PDF, PPTX
Uploaded bybcantrill
PDF, PPTX36,511 views
The dream is alive! Running Linux containers on an illumos kernel
The document discusses the revival of Linux emulation on illumos through lx-branded zones, tracing its history and challenges, including initial implementations and the decline of contributions. It highlights the successful efforts by community members to restore and improve the lx brand, making significant strides in supporting modern Linux applications. Current goals include enhancing 64-bit support and encouraging community involvement in further development.
In this document
Powered by AI
Introduction to running Linux containers on the illumos kernel by Bryan Cantrill, CTO.
Discusses OS emulation's history, kernel compatibility, and examples from Solaris and Linux.
Introduces the concept of branded zones to deepen the emulation of complex systems.
Details the development of BrandZ, supporting Linux binaries through a hybrid emulation model.
Identifies missing support for newer Linux kernels and the focus shift to XVM virtualization.
Charts the decline in contributions to LX branded zones post-2007.
Announces the removal of the LX brand in June 2010, marking its decline.
Describes how Joyent customers wanted Linux functionalities like htop, leading to LX /proc integration.
David Mackay's work revived the LX brand, successfully restoring it in illumos systems.
Explores the potential for reviving LX branded zones based on newer engineering perspectives.
Discusses slower pace of Linux kernel development and its impact on LX zone integration.
Originally focused on application consolidation, now there's interest in combining Linux and illumos benefits.
Jerry Jelinek led efforts to revitalize the LX brand, integrating it with SmartOS and fixing issues.
Presents data on the increasing contributions and activity related to the LX brand post-revival.
Lists significant fixes and enhancements made to the LX brand, including 64-bit support efforts.
Outlines remaining tasks and enhancements necessary for the complete revival of the LX brand.
Encourages community involvement in the SmartOS project and provides setup guidance.
Acknowledges contributions from various individuals and teams that supported the LX brand revival.
More Related Content
What's hot
Viewers also liked
Similar to The dream is alive! Running Linux containers on an illumos kernel
More from bcantrill
Recently uploaded
The dream is alive! Running Linux containers on an illumos kernel
- 1.The dream isalive! Running Linux containers on an illumos kernel Bryan Cantrill CTO bryan@joyent.com @bcantrill
- 2.OS emulation: Anold idea • Operating systems have long employed system call emulation to allow binaries from one operating system run on another on the same instruction set architecture • Combines the binary footprint of the emulated system with the operational advantages of the emulating system • Sun first did this with SunOS 4.x binaries on Solaris 2.x • With Solaris x86, it became possible to run binaries targeted for Linux via SCO’s (open source) “lxrun” • Packaging innovation in Linux in early 2000s + deeply differentiated technologies in Solaris 10 (e.g. ZFS, DTrace, zones) made Linux emulation more attractive
- 3.Rise of zones• While more important, the problem also became more complicated: programs became more complicated than single-process binaries • Clear that “lxrun” would only work for applications, not systems — needed a deeper solution • Fortunately, coincided with the rise of operating system virtualization embodied by zones • Idea: introduce notion of a branded zone whereby an entire foreign system (a brand) could be emulated within the confines of a zone
- 4.BrandZ: LX-branded zones• In 2006, team at Sun that included Nils Nieuwejaar and Russ Blaine integrated BrandZ, a Linux branded zone (PSARC 2005/471) • Support was a user/kernel hybrid: lx system calls bounced back to a user-level emulation library that depended on some in-kernel emulation (e.g. futexes) • Support was for RHEL 3 (!): glibc 2.3.2 + Linux 2.4 • Remarkable amount of work was done to handle device pathing, signal handling, /proc — and arcana like TTY ioctls, ptrace, etc. • Worked for a surprising number of binaries!
- 5.What was missing?• Support was only for 2.4 kernels • Support for 2.6 required adding new, Linux-only mechanisms that had native analogues (e.g., epoll) • Only 32-bit was supported • XVM (the Xen-on-Solaris effort inside of Sun) had much more managerial support and was thought to be a “more supportable” solution
- 6.The decline ofthe lx brand After cresting in 2007, contributions to lx dwindled: 30 20 10 0 2006 2007 2008 2009 2010 Pushes to usr/src/lib/brand/lx
- 7.Clinically dead Thelx brand was removed on June 11, 2010... 30 20 10 0 2006 2007 2008 2009 2010 2011 2012 2013 Pushes to usr/src/lib/brand/lx
- 8.The organ donationyears • Joyent customers asked for SmartOS to support htop, a colorful Linux program for system process monitoring • htop is very, very specific to Linux /proc — and porting it to use illumos /proc seemed arduous and pointless… • ...but a relatively complete Linux /proc had integrated with the LX brand! • In April 2012, the /proc portion of the LX brand was extracted, cleaned up, and separately integrated • Mounted at /system/lxproc in SmartOS zones; htop modified to look for this path on illumos
- 9.Exhumed! • InJanuary 2014, David Mackay, an illumos community member, announced that he was able to resurrect the lx brand —and that it appeared to work! Linked below is a webrev which restores LX branded zones support to Illumos: http://cr.illumos.org/~webrev/DavidJX8P/lx-zones-restoration/ I have been running OpenIndiana, using it daily on my workstation for over a month with the above webrev applied to the illumos-gate and built by myself. It would definitely raise interest in Illumos. Indeed, I have seen many people who are extremely interested in LX zones. The LX zones code is minimally invasive on Illumos itself, and is mostly segregated out. I hope you find this of interest.
- 10.Could it berevived? • David’s work inspired us to rethink LX-branded zones... • It seemed that the reasons for the discontinuation of LX brand support might not still be valid... • ...and it seemed that the engineering challenges might not be as structurally daunting
- 11.Has Linux madeit easier? • Linux is moving much more slowly: pace of development of new user-visible kernel abstraction has slowed • Torvalds discovered religion on ABI compatibility • The need to run on older kernels has dissuaded software from using the more obscure Linux-isms • The glibc/kernel disconnect means that glibc (and apps!) must reasonably be able to process ENOSYS • Easier support model: the rise of the cloud has replaced shrink-wrapped software with open source + SaaS • Server focus: Mac OS X gave us Unix — and relegated “Linux on the desktop” to “Duke Nukem Forever” status
- 12.Have motivations changed?• Originally, LX branded zones were about bringing Linux applications into established Solaris environments for purposes of hardware consolidation • Port of KVM to illumos circa 2011 solved this problem • ...but KVM has unresolvable performance and resource limitations, and Linux on KVM only gets indirect benefit from ZFS, DTrace and zones • At the same time, enthusiasm for containers and OS-based virtualization have blossomed (ht: Docker) • There seems to be desire for a best-of-all worlds system that combines Linux strengths (binary footprint) with illumos technical differentiators (ZFS, zones, DTrace)
- 13.Reviving LX-branded zones• Encouraged that the body might not have decomposed, Joyent engineer Jerry Jelinek exhumed the LX brand and reintegrated it into SmartOS on March 20, 2014 • Guiding principles: • Do it all in the open • Do it all on SmartOS master (illumos-joyent) • Add base illumos facilities wherever possible • Aim to upstream to illumos when we’re done • Thanks to Jerry grinding out many, many LX bug fixes, got Ubuntu 10.04 booting in April, Ubuntu 12.04 booting in May and Ubuntu 14.04 booting in July
- 14.IT’S ALIVE! Contributionsto the lx brand since March: 100 lx brand/75 lib/src/50 usr/to Pushes 25 0 2006 2007 2008 2009 2010 2011 2012 2013 2014
- 15.So what havewe done? • Fixed a ton of bugs (ht: LTP) • Added native epoll(5) — though not in terms of event ports but rather in terms of poll(7D) • Added exclusive IP stacks for LX-branded zones • Added support for netlink (RFC 3549) — but restricted that support to the lx brand • Added support for thunk-less native binaries within an LX branded zone • Added native inotify(5) • Added initial 64-bit support
- 16.What is leftto do? • vsyscall support (needed for 64-bit) • Anything else for 64-bit • Stack switching (needed for Go) • Multi-threaded ptrace support • Lots of using it and figuring out what breaks!
- 17.How can youget involved? • SmartOS contains latest-and-greatest bits; first step is to get SmartOS running • We have a 32-bit Ubuntu 14.04 image that can be used to create a zone via vmadm: b7493690-f019-4612-958b-bab5f844283e • Will need to configure a VM with “kernel-version” set to 3.13.0 and “brand” to “lx” in the vmadm JSON payload • If you find that something is boken, create an issue on the illumos-joyent github repo • Once 64-bit is working, we will be very actively seeking community engagement; stay tuned!
- 18.Thanks! • Theoriginal BrandZ team at Sun for a remarkable amount of work: Nils Nieuwejaar and Russ Blaine • The illumos community — especially David Mackay! — for inspiring the revival • Jerry Jelinek for leading the charge — and doing the vast majority of the work! • @rmustacc for thunk-less native binary support • @jmclulow for stack switching • @djhoffma for his work on ptrace • @joshwilsdon for vmadm support for LX brands