Upload
phammien
View
306
Download
3
Embed Size (px)
Citation preview
Red Hat Enterprise Linux
Life Cycle
RHEL 7.1
RHEL Atomic Host
Tom SorensenSolutions Architect, Red Hat4/28/15
3
STREAMLINED INSTALLATION AND
DEPLOYMENT
OPTIMAL PERFORMANCEVIA PROFILES
SYSTEM MANAGEMENT AND FEATURES
SCALABLE FILE SYSTEMS
WINDOWS INTEROPERABILITY
LIGHTWEIGHT APPLICATION ISOLATION
(LINUX CONTAINERS)
RED HAT ENTERPRISE LINUX 7S
TAB
LE
AN
D
EF
FIC
IEN
TF
LE
XIB
LE
CERTAINTY OF MISSION-CRITICAL RELIABILITY AND MILITARY-GRADE SECURITY
4
Focus Areas
● Installation
● Core Kernel
● Filesystem and Storage
● Virtualization
● Identity and Security
● Industry Standards and Certification
● Networking
● Developer Tools
● Real-time
● Atomic
5
Installation
● Kdump configuration in Anaconda
● Updated Manual Partitioning
● tmux available during install
● Network bridge support in both Anaconda and kickstart
● Install repos more easily during kickstart (repo --install)
6
Core Kernel
● Locking and scheduler improvements – now faster!
● kpatch in Tech Preview
● Numerous kdump improvements
● EFI and Secure Boot support● Firmware assist● Support for large memory sizes
● Improved Clock Stability with tickless kernel
7
Filesystem and Storage
● Support for CEPH
● LVM Cache logical volumes
● OverlayFS in tech preview
● Hardware independent API/CLI for managing external storage devices – libStorageMgmt.
● GFS2 maximum supported file system size increased to 250TB (from 100TB).
8
Virtualization
● USB 3 support
● OVMF in tech preview
● Up to 240 vCPUs
● New tools
● Improved HyperV support
9
Identity and Security
● Centralized authentication and system provisioning modules for key portfolio products – Red Hat Satellite, Red Hat CloudForms and Red Hat Cloud Infrastructure
● Support for one-time password (OTP)
● Basic host-based access control with support for Active Directory Group Policy Objects (GPO) using SSSD
● Easier management of Certificate Authorities (CA)
● Tighter integration with Microsoft Windows file and print services with the help of CIFS integration with SSSD
10
Industry Standards and Certification
● FIPS-140 Re-validation
● SCAP Security Guide● Contain both a written description of the guideline and a
matching automated test (called a "probe" in SCAP terminology) which can be run on the target system being.
11
Networking
● Highly available PTP configuration● Failover between multiple PTP domains and NTP
sources● Support for Lightweight Berkeley Packet Filter (BPF)
● Allows a user-space program to attach a filter to any socket
● Update to the libteam v1.12 bonding driver● Support for automatic respawning by systemd● Detection of team device removal● Initscripts compatibility
12
Developer Tools● Introducing OpenJDK 8
● Java 8 brings new features such as Lambda, Collections updates and new Date and Time API
● Developers Toolset 3.1● Released April 23● Latest stable versions of all upstream tools, e.g. gcc 4.9.2
14
Real-time
● Red Hat Enterprise Linux for Real Time● New member of the Red Hat Enterprise Linux portfolio● Targeted at workloads that favor a consistent response
time (deterministic) over throughput● Based on the stock RHEL 7.1 kernel● Aligned with RHEL release cadence● Not a magic bullet, has both costs and benefits
15
Real Time Results● System tuning still required, contributes up to 90% of the latency reduction● Real Time enables greater determinism and 10% or more latency reduction
● Depending on workload Real Time can add up from 0-30% load to a system due to handling hardware interrupts in separately scheduled threads
19
WHAT ARE LINUX CONTAINERS?
Software packaging concept that typically includes an application and all of its runtime dependencies.
● Easy to deploy and portable across host systems
● Isolates applications on a host operating system
● In RHEL, this is done through:
● Control Groups (cgroups)
● kernel namespaces
● SELinux, sVirt, iptables
● Docker
HOST OS
SERVER
CONTAINER
LIBS
APP
20
38%
DEPLOYMENTFLEXIBILITY
51%
OPERATIONALEFFICIENCY
54%
30%
MANY SEE CONTAINERS AS THE UTOPIA OF APPLICATION DELIVERY
FASTER APPDELIVERY
LOWERDEPLOYMENT
COSTS
Containers transform the way you deliver applications to accelerate innovation.
Source: TechValidate survey of 79 IT professionals
“What top benefits do you see with containers?”
Containers potentially offer the ability to encapsulate a lot of manual processes and make it little or no touch.
- IT Operations Engineer, Financial Services
21
“Everything at Google, from Search to Gmail, is packaged and run in a Linux container.”1
- Eric Brewer, VP of Infrastructure, Google
SOME OF THE MOST ADVANCED INFRASTRUCTURES RUN ON CONTAINERS
1 Source: http://googlecloudplatform.blogspot.com/2014/06/an-update-on-container-support-on-google-cloud-platform.html
22
TOP 5 MISCONCEPTIONS ABOUT CONTAINERS
Containers are new.
Containers equal virtualization.
Containers are universally portable.
Containers are secure by default.
Containers are not enterprise-ready.
1
2
3
4
5
23
Traditional OS Containers
TRADITIONAL OS VS. CONTAINERS
HARDWARE
HOST OS
HARDWARE
HOST OS
CONTAINER
LIBS
APP A
LIBS A LIBS B LIBS LIBS
APP A APP B
CONTAINER
LIBS
APP B
26
ESTABLISHING STANDARDS AROUND...
REGISTRY / CONTAINER DISCOVERY
CONTAINER FORMAT WITH DOCKER
ISOLATION WITH LINUX CONTAINERS
ORCHESTRATION WITHKUBERNETES
Red Hat works with the open source community to drive standards for containerization.
29
● Who built this image?● What’s its purpose? Was it
created to support a demo?● Is it safe to consume?● Who maintains it?
EXAMPLE: CONSUMING MONGODB
DOCKER HUB
docker pull mongodb
30
SECURING HOSTS AND CONTAINERSRED HAT CONTAINER CERTIFICATION
UNTRUSTED ● How can you validate what’s in the host and
the containers? Will it compromise your infrastructure?
● It “should” work from host to host, but can you be sure?
CERTIFIED ● Trusted source for the host and the
containers● Enterprise life cycle for container content● Proven portability● Container Development Kit
HOST OS
HARDWARE
CONTAINER
LIBS
APP
CONTAINER
LIBS
APP
HOST OS
HARDWARE
CONTAINER
LIBS
APP
CONTAINER
LIBS
APP
31
SIMPLIFYING CONTAINER ADOPTIONFOR PARTNERS
RED HAT CONNECTfor technology
partners
LEARN
RED HAT CONTAINER DEVELOPMENT
KIT (CDK)
BUILD
DISTRIBUTE
RED HAT CONTAINER
REGISTRY
CERTIFY
RED HAT CONTAINER CERTIFICATION
35
MORE THAN THE CONTAINER
SINGLE APP DELIVERY PLATFORM VIA CONTAINERSdevelop, deploy, operate
OPENSHIFTby Red Hat
RED HAT ENTERPRISE LINUX 7
RED HAT ENTERPRISE LINUXATOMIC HOST
DEPLOYMENTMULTIPLE DEPLOYMENT TARGETS
on Red Hat certified hardware, hypervisors and CCPs
36
MORE THAN THE CONTAINER
SINGLE APP DELIVERY PLATFORM VIA CONTAINERSdevelop, deploy, operate
OPENSHIFTby Red Hat
RED HAT ENTERPRISE LINUX 7
RED HAT ENTERPRISE LINUXATOMIC HOST
DEPLOYMENTMULTIPLE DEPLOYMENT TARGETS
on Red Hat certified hardware, hypervisors and CCPs
ORCHESTRATIONof containers and microservices
37
MORE THAN THE CONTAINER
SINGLE APP DELIVERY PLATFORM VIA CONTAINERSdevelop, deploy, operate
OPENSHIFTby Red Hat
RED HAT ENTERPRISE LINUX 7
RED HAT ENTERPRISE LINUXATOMIC HOST
MANY CONTAINER SOURCES (trusted and untrusted)
PUBLIC REGISTRIES such as Docker Hub
PRIVATE REGISTRIESon premise
CERTIFIED IMAGESRed Hat Customer Portal
DEPLOYMENTMULTIPLE DEPLOYMENT TARGETS
on Red Hat certified hardware, hypervisors and CCPs
ORCHESTRATIONof containers and microservices
CERTIFIEDISV APPS
38
MORE THAN THE CONTAINER
SINGLE APP DELIVERY PLATFORM VIA CONTAINERSdevelop, deploy, operate
OPENSHIFTby Red Hat
RED HAT ENTERPRISE LINUX 7
RED HAT ENTERPRISE LINUXATOMIC HOST
MANY CONTAINER SOURCES (trusted and untrusted)
PUBLIC REGISTRIES such as Docker Hub
PRIVATE REGISTRIESon premise
CERTIFIED IMAGESRed Hat Customer Portal
DEPLOYMENTMULTIPLE DEPLOYMENT TARGETS
on Red Hat certified hardware, hypervisors and CCPs
DEVELOPMENT
ORCHESTRATIONof containers and microservices
OPENSHIFT
CERTIFIEDISV APPS
39
RED HAT PARTNER SOLUTIONS
RED HATSATELLITE
RED HATCLOUDFORMS
MORE THAN THE CONTAINER
SINGLE APP DELIVERY PLATFORM VIA CONTAINERSdevelop, deploy, operate
OPENSHIFTby Red Hat
RED HAT ENTERPRISE LINUX 7
RED HAT ENTERPRISE LINUXATOMIC HOST
MANY CONTAINER SOURCES (trusted and untrusted)
PUBLIC REGISTRIES such as Docker Hub
PRIVATE REGISTRIESon premise
CERTIFIED IMAGESRed Hat Customer Portal
DEPLOYMENT
MANAGEMENT
MULTIPLE DEPLOYMENT TARGETSon Red Hat certified hardware, hypervisors and CCPs
DEVELOPMENT
ORCHESTRATIONof containers and microservices
ATOMIC APPLICATION ARCHITECTURE
OPENSHIFT
CERTIFIEDISV APPS
41
RED HAT ENTERPRISE LINUX ATOMIC HOST
IT IS RED HAT ENTERPRISE LINUX OPTIMIZED FOR CONTAINERS
Minimized host environment tuned for running Linux containers while maintaining compatibility with Red Hat Enterprise Linux.
Inherits the complete hardware ecosystem, military-grade security, stability and reliability for which Red Hat Enterprise Linux is known.
MINIMIZEDFOOTPRINT
SIMPLIFIEDMAINTENANCE
ORCHESTRATIONAT SCALE
Atomic updating and rollback means it’s easy to deploy, update, and rollback using imaged-based technology.
Build composite applications by orchestrating multiple containers as microservices on a single host instance.
42
INHERITING RED HAT ENTERPRISE LINUX STABILITY, SECURITY, AND MORE
tuned
SELinux
docker
systemd
kubernetesLinux Kernel
...
RED HAT ENTERPRISE LINUX 7 EXTRAS CHANNEL
rpm-ostree
43
RUN RHEL 6 APPLICATIONS ON RHEL 7 (& Atomic)
● Deploy containerized RHEL 6 applications to RHEL 7 without porting or changing source code● Make use of innovations in Red Hat Enterprise Linux 7 without compromising the reliability and
security of existing Red Hat Enterprise Linux 6 apps● Available as part of your Red Hat Enterprise Linux subscription
RED HAT ENTEPRISE LINUX 6
HARDWARE OR VIRTUAL MACHINE
RHEL 6APP
CONTAINER
RHEL 6 PLATFORM IMAGE
RHEL 6APP
RHEL 6APP
RED HAT ENTEPRISE LINUX 7
HARDWARE OR VIRTUAL MACHINE
RHEL 6APP
RHEL 6
LIBS
APP