red hat enterprise linux 7...4 red hat enterprise linux 7 red hat enterprise linux roadmap* cy2011...

RED HAT ENTERPRISE LINUX 71

Calvin SmithSenior Solutions Architect, Red HatSeptember 4th, 2014

RED HAT ENTERPRISE LINUX 7Overview with Docker Containers

4 RED HAT ENTERPRISE LINUX 7

Red Hat Enterprise Linux Roadmap*

CY2011 CY2012 CY2013 CY2014 CY2015

Production 3Production 2Production 1

*All dates are approximate and subject to change

RHEL 6

RHEL 5

.4

.10

RHEL 7

.11

.3.2.1.0

.0

.5

.9.8.7.6

.6

RHSCL 1.0

RHDTS 1.1 2.01.0

2-year life cycle3-year life cycle

2.1

1.1

.1

.7

.2

5


RED HAT PRODUCT PORTFOLIO



INTRODUCTION


RED HAT ENTERPRISE LINUX 7REDEFINING THE ENTERPRISE OS

FLEXIBILITY to quickly adapt to

demands for business agility

90% OF FORTUNE 500 COMPANIES TRUST RED HAT ENTERPRISE LINUX FOR THEIR CRITICAL BUSINESS INFRASTRUCTURE.

STABILITY to efficiently meet challenges of

datacenter virtualization and cloud

CERTAINTY of mission-critical

reliability and military-grade security


● Based on Fedora 19, the upstream kernel version 3.10 and over 4000 patches (additional features, bugfixes, security errata)

● Supported hardware architectures:● Intel/AMD 64-bit (x86_64)● IBM POWER● IBM System z

● Support for 32-bit applications enabled via inclusion of 32-bit libraries (multilib).

RED HAT ENTERPRISE LINUX 7 BASICS


SCALABLE FILE SYSTEMS

RED HAT ENTERPRISE LINUX 7 HIGHLIGHTSF

LE

XIB

LE

CERTAINTY OF MISSION-CRITICAL RELIABILITY AND MILITARY-GRADE SECURITY

LIGHTWEIGHT APPLICATION ISOLATION

(LINUX CONTAINERS)

WINDOWS INTEROPERABILITY

STREAMLINED INSTALLATION AND

DEPLOYMENT

STA

BL

E A

ND

E

FF

ICIE

NT

OPTIMAL PERFORMANCEVIA PROFILES

SYSTEM MANAGEMENT AND FEATURES


STREAMLINED INSTALLATION AND

DEPLOYMENT


SPEED DEPLOYMENT WITH SERVER PROFILES

IN-PLACE UPGRADES FROM 6.X TO 7

SAFELY ROLL-BACK DURING INSTALL

EASILY CREATE CUSTOM INSTALL IMAGES

PRIORITIZE CRITICAL SERVICES AT START-UP

DRAMATICALLY SPEED START-UP TIMES

STREAMLINED INSTALLATIONAND DEPLOYMENT


EASILY CREATE CUSTOM INSTALL IMAGES WITH ANACONDA AND KICKSTART

● RHEL 7 introduces the ability to create, install and manage custom images for physical, virtual and cloud deployments

● This is alongside existing capabilities to create yum repositories

● Install and manage images using the same anaconda and Kickstart code used for bare metal installs

● Automate custom images using Kickstart

Content Sources(Repositories)

Custom Image

Live Media Creator

13


Software Selection Example: Infrastructure Server


CENTRALIZED MANAGEMENT AND FASTER BOOT UP

CENTRALLY MANAGE PROCESSES,

SERVICES, SECURITY

PRIORITIZE AND ORDER SERVICES

AT START-UP

COMPATIBLE WITH EXISTING SCRIPTS (SYSV AND LSB)

DRAMATICALLY SPEED START-UP

TIMES

● Next generation system and service manager, systemd, provides on-demand service start-up and better transactional dependency.● Compatible with SysV and LSB init scripts.


Red Hat Enterprise Linux 7.0: System Initialization

● Next generation system and service manager, systemd, provides on-demand service start-up and better transactional dependency.

● Compatible with SysV and LSB init scripts.

16


EASIER INSTALLATION AND DEPLOYMENTIN-PLACE UPGRADES FROM 6.X TO 7

RED HAT ENTERPRISE LINUX 6.5

PRE-UPGRADEASSISTANT

1

RED HAT ENTERPRISE LINUX 7.0

UPGRADETOOL

2● Audits current OS state vs RHEL 7 profile and creates:● HTML report of potential

issues● DIRECTORY of config files

for modification● POST-INSTALL script to

be run by user after upgrade

preupgredhat-upgrade-

tool

IF REPORT IS ACCEPTABLE

See documentation for valid configurations


SYSTEM MANAGEMENT AND FEATURES


SYSTEM MANAGEMENT VIA OPENLMI

● Open standards-based management framework for low-level system configuration

● Provides a standardized remote interface to configure, manage, and monitor bare metal production Linux servers

● Unified management tools and system-wide resource management allow users to streamline administration

● Supports traditional Linux tools: CLI, scripts & SW tools

● Example: create 5 drive RAID5 array on remote server example.com:

“lmi -h example.com storage raid create name=R1 5 sdb sdc sdd sde sdf”


NETWORK MANAGEMENT

● NetworkManager● Easy to use yet comprehensive network management suite designed to provide

painless network configuration.

● Eliminates the need to manually edit network configuration files by hand.

● Flexible interface options with GUI, (new) CLI, and (new) TUI for managing local, remote, or even headless systems.

● Supports a broad array of many common network interface types, including:

● Ethernet, IPoIB, VLANs, Bridges, Bonds, Teams, WiFi, WiMAX, WWAN, Bluetooth, VPN, and ATM-based DSL.


NETWORK FEATURES

● Team Driver● Mechanism for bonding multiple network devices (ports) into a single logical

interface at the data link layer (L2)

● Provides an increase in maximum bandwidth and link redundancy

● Alternative to the existing Linux Bonding driver

● Provides a number of advantages over traditional bonding while providing equal or even slightly better performance in some cases.

● Implemented mostly in user space with only the necessary data fast-paths in the kernel.

● Moves most of the work and logic into a user space daemon making it:

● more stable● easier to debug● much simpler to extend

ServerServer NetworkSwitch

NetworkSwitch

eth0

eth1

team0


● 40G Ethernet (IEEE 802.3ba)

● Support for 40G Ethernet link speeds enabling faster network communication for applications and systems.

● Highly accurate network time synchronization using:

● Precision Time Protocol (IEEE 1588v2)

● Method for precisely synchronizing distributed clocks.

● Capable of achieving clock accuracy in the sub-microsecond range when used in conjunction with PTP hardware support.

● Chrony

● Enables faster clock synchronization with better accuracy than ntpd especially in cases where network connectivity is not always constant.

● Numerous TCP optimizations and enhancements aimed at reducing overall latency for connection oriented services such as web servers, including:

● Fast Open, Tail Loss Probe (TLP) Algorithm, Early retransmit (ER), Proportional Rate Reduction (PRR), Busy Poll (Low Latency Sockets)

NETWORK FEATURES


● Simplified cluster management :● Reduced number of software components ● Ability to clone resources streamlines deployment

across nodes.● Addition of fine-grained monitoring for components

which include core deamons, fence agents, system services. All aspects of the infrastructure are treated as a service.

● Consistent cluster management experience between two major releases (Red Hat Enterprise Linux 6 and 7).

HIGH AVAILABILITY FEATURES


● Better cluster resource management with the introduction of Pacemaker.

● No longer necessary to edit configuration files directly.● Policy engine now allows the cluster to manage both

virtual guest(s) and the applications contained within those guests.

● Global File System (GFS2) improvements include:● Better scalability and performance as tools are now

aware of device topology and handle RAID stripe alignment, placement of journal and resource groups more efficiently.

● Improved journaling

HIGH AVAILABILITY FEATURES


WINDOWS INTEROPERABILITY


Red Hat Enterprise Linux 7.0: Identity Management

● Connect Linux clients to a Windows domain easily with realmd

● Securely access Windows or Linux resources without having to authenticate twice with cross-realm Kerberos trust.

Enhanced identity and access control with easy Active Directory interoperability in Linux/Windows environments


Red Hat Enterprise Linux 7: Windows Interoperability – Client

● Active Directory

● AD enrollment support (Realmd)

● Desktop

● Exchange integration with Evolution● Gnome-Online-Accounts

● LibreOffice 4

● Visio import● CMIS protocol support for documentation management

systems (Sharepoint)


FILE SYSTEMSAND

STORAGE


CHOICE OF FILE SYSTEMS

● Scale file systems to 500TB with new default filesystem XFS

● Scale to 50TB with ext4

● Btrfs also available1

● Parallel NFS v4 provides improved performance and throughput

TypeSupported

LimitRoot Boot Comments

Single-node

XFS 500TB Yes Yes System default

ext4 50TB Yes Yes Driver allow access to older versions (ext2, ext3).

btrfs2 50TB Yes Yes

Network/Multi-node

GFS2 2-16 nodes Yes No Shared-storage file system

1 Available as a Technology Preview


FILE SYSTEMS

● Network File System (NFS v4.2) features include:● Enhanced support for scale-out storage through parallel

NFS (pNFS)● Integration of fine-grained SELinux context with the help

of Labeled NFS● Firewall friendly with the help of more deterministic port

usage● Samba v4.1 includes support for SMB 3.0 protocol

resulting in better performance and security.


STORAGE

● Premier support for enterprise storage arrays.

● Scalable storage stack supporting large scale configuration.

● Implementation of LVM snapshots based on thin provisioning.

● Storage allocated only when needed.● Faster performance for recursive snapshots.


● Easy storage configuration with the introduction of System Storage Manager.

● Provides easy to use command line interface for configuration of file and storage. Reduces the learning curve for junior system administrators.

● Support for tiered storage for improved performance.● New target dm-cache that allows high-speed solid state

drives (SSD) to serve as a cache for slower rotational media.

● New and improved software-based iSCSI target mode (RFC-3720). Implemented in the kernel compared to older implementation which was in user-space.

STORAGE


STORAGE

● Dynamic detection of new LUNs. Reduces the amount of system down-time and manual intervention.

● LibStorageMgmt * provides the ability to manage external storage devices from the RHEL system.

● Simplified provisioning of storage volumes on Linux shared storage appliance with the help of a new service called targetd.

● Unified management of Btrfs and LVM snapshots with the introduction of snapper.

● Allows administrators to create, delete, label and compare snapshots of volumes.

* Technology Preview


OPTIMAL PERFORMANCE MANAGEMENT AND

TOOLING


PERFORMANCE ENHANCEMENTS WITHRED HAT ENTERPRISE LINUX 7

BUILT-IN PERFORMANCE PROFILES SIMPLIFY

CONFIGURATION

MONITORING WITH PERFORMANCE CO-PILOT

AND THERMOSTAT

FINE-TUNE PERFORMANCE WITH ENHANCED TOOLING

VIA TUNA AND TUNED


THERMOSTAT (FOR JVMs)PERFORMANCE CO-PILOT (PCP)

OPTIMAL PERFORMANCE VIA PROFILES

Optimal performance management via enhanced performance tuning at install, simplified instrumentation and tuning features, and performance monitoring tooling


● Tool for fine grained control

● Display applications / processes

● Displays CPU enumeration

● • Socket (useful for NUMA tuning)

● • Dynamic control of tuning

● Process affinity● Parent & threads● Scheduling policy● Device IRQ priorities, etc

PROFILING AND MONITORING WITH TUNA


2 x Intel® Xeon® Processor 5600 series

4 x Intel® Xeon® E7 v2 family

2x Intel® Core™ i5 family






0

20

40

60

80

100

120

140

RHEL 6.5 RHEL 7

NO

RM

ALI

ZE

D P

ER

FO

RM

AN

CE

(%

)

SOLID PERFORMANCE ACROSS WORKLOADSRHEL 7 VS RHEL 6.5

NETWORK

PARITY

CPU

+ 1%

ERP

+ 2%

MEMORY

+ 8%

OLTP COMMERCIAL DB

+ 10%

ANALYTICS

+ 11%

OLTP OPEN SOURCE DB

+ 13%

JAVA SERVER SIDE

+ 25%

PERFORMANCE GAINS ACROSS WIDE RANGE OF WORKLOADS AND MULTIPLE GENERATIONS OF HARDWARE


DESKTOP AND DEVELOPER FEATURES


● Familiar and intuitive

● More traditional look and feel

● Preserves investments in training

EASE OF USE: CHOICE OF DESKTOPS

GNOME CLASSIC (DEFAULT)


● ELEGANT AND INTUITIVE USER INTERFACE

● FOCUS ON END-USER PRODUCTIVITY


GNOME 3 (GNOME SHELL)


● AN ALTERNATIVE TO GNOME FOR USERS WHO PREFER KDE


KDE V4.10


DEVELOPER FEATURES

● Build and concurrently install multiple versions of custom software using scl-utils.

● Access to updated versions of compilers, debuggers, and related tools (gcc-4.8, gdb-7.6, etc.), providing enhanced support for parallelism and concurrency and extensive new optimizations.

● Support for the latest version of Java with OpenJDK 7● To profile and compare performance across multiple

JVMs, users can now install different minor versions of Java 7 (e.g. OpenJDK7 u40 and OpenJDK7 u45) in parallel, with the default version selectable through alternatives.


VIRTUALIZATION


All SPECvirt_sc2013 benchmark results published as of June 2, 2014. SPEC® is a registerd trademark and SPEC virt™ is a trademark of the Standard Performance Evaluation Corporation. For more information about the benchmark and the results, see http://www.spec.org/virt_sc2013/.

Red Hat claims the top 5 SPECvirt_sc2013 benchmark results

VIRTUALIZATION PERFORMANCEBest SPECvirt_sc2013 Scores by CPU Cores


● RHEL7 enables Para-Virtual Random Number Generator (RNG)

● Provide improved randomness in the guest for cryptographic purposes

● RHEL with KVM feeds entropy to the virtual machines

● Helps alleviate entropy starvation in guest

VIRTUALIZATION ENHANCEMENTS

● Guest integration for VMware vSphere● Open-VM-Tools included with RHEL 7

● Simplifies installation of RHEL as a guest on VMware


RHEL Kernel

GPU card

Virtual Machine

Guest OS

Graphics driver

Application

KVMVFIO

QEMU

● RHEL7 with KVN enables dedicated GPU passthrough access to a single VM

● Compatible with Nvidia Quadro K5000, Nvidia GRID K1/K2

VIRTUALIZATION ENHANCEMENTS


LIGHTWEIGHT APPLICATION ISOLATION

via LINUX CONTAINERSand DOCKER


Evolution: Traditional Enterprise OS

Traditional application deployment

● Single userspace runtime shared between applications.

● Environment and life cycle defined by host OS.

● Trend to isolate apps on hardware level.

● Managed by IT, very limited delegation.

● Stable, long maintenance, few updates, hardware-centric.

● Very limited flexibility.

● Resources generally underutilized.

TRADITIONAL

OS & SHARED SERVICES

HARDWARE

BINS/LIBS

APP A APP B APP C

New project

Applicationdependency

Applicationrollout

SecurityFix

OS VersionUpdate


Evolution: Virtualization & IaaS

Application deployment via virt & IaaS

● Application isolation per VM.

● Guest environment and lifecycle defined by application.

● Application and runtime abstracted from hardware.

● Higher flexibility at cost of increased redundancy and overhead.

● Complex multi-level management of host and VM layers

● Delegation along the Host / VM boundary.

New project


Applicationrollout

SecurityFix

OS VersionUpdate

INFRASTRUCTURE AS A SERVICE (IAAS)

HOST OS

SERVER

HYPERVISOR

GUESTOS

APP A

BINS/LIBS

GUESTOS

APP A

BINS/LIBS

GUESTOS

APP B

BINS/LIBS


Evolution: Application-Centric IT & PaaS

App delivery using Docker containers

● Application packaged with individual runtime stack using Docker and deployed into containers.

● Multi-instance, multi-version, maximal flexibility, minimal overhead.

● Delegation along the container boundaries.

● Shared services provided by host / container environment.

● Standardized hardened container host, clustering, orchestration.

Application-Centric IT & PaaS

HOST OS, SHARED SERVICES

HARDWARE, VIRT, CLOUD

AP

P A

BINS/LIBS

AP

P A

BINS/LIBS

AP

P B

BINS/LIBS

AP

P C

BINS/LIBS

AP

P D

BINS/LIBS

New project


Applicationrollout

SecurityFix

OS VersionUpdate


CONTINUOUS DELIVERY WITH CLEAR REPONSIBILITIES WITHIN DEVOPS

DEVELOPMENT FOCUS---------------------------------------------APPS, CODE, DEPENDENCIES (LIBRARIES), DATA, AND PACKAGING

OPERATIONS FOCUS---------------------------------------------MONITORING, NETWORK CONFIGURATION, REMOTE ACCESS, AND LOGGING


LINUX CONTAINERS

Software packaging concept that typically includes an application and all of its runtime dependencies.

● Easy to deploy and portable across host systems using docker

● Isolates applications on a host operating system. In RHEL, this is done through:

● Control Groups (cgroups)● kernel namespaces● SELinux, sVirt

HOST OS

SERVER

CONTAINER

LIBS

APP


Key elements of Linux Containers

● Security● SELinux sVirt

● Resource Management● cgroups

● Management● Docker


Key elements of Linux Containers

● Process Isolation● Namespaces isolate processes, examples are:

● pid namespace: process isolation● net namespace: managing network interfaces● ipc namespace: managing access to IPC resources ● mnt namespace: managing mount-points (MNT: Mount).

● Create a new environment with a subset of the resources

● Once set up, namespaces are transparent for processes

● Can be used in custom and complex scenarios

56


RHEL 7 CONTAINERS ARCHITECTUREWITH DOCKER CLI

RHEL Kernel

Hardware (Intel, AMD) or Virtual Machine

Containers ContainersContainers

Unit File

Docker Image

DOCKER CLI

SYSTEMD

Cgroups Namespaces SELinux

Drivers


Tech Details - Layering

● New images can be created by adding layers.

● Layering model allows for specialization.

● Base image and select number of platform layers provided by Red Hat.

● ISV images to enable RHEL ecosystem.

● Stack optimized for individual application with minimal packaging per layer.

RHEL Base

Platform Layer

ISV Layer

Custom LayerRHEL Base

Platform Layer

ISV Layer

RHEL Base

Platform Layer

RHEL Base RHEL Packages

Jboss Products

ISV Content

Customer Content

SCLs

Comunity Content


Docker

Tech Details – Static Linking, Sharing

● Layers are overlays in a single inheritance tree.

● A layer is statically linked to it's parent.

● Docker layers can be created interactively or built in reproducible way out of a Dockerfile.

● Simple distribution of images through Registry / Index model.

RHEL Base

RHEL BaseRHEL Base

RHEL BaseRHEL BaseCoreWeb

LAMP


Jboss EAPLAMPDrupal


Jboss EAPLAMPDrupal

MyTheme

Docker Registry

Docker

Push

Docker Pull


ISV Layer

Base Layer

Platform Layer

Container Certification

● Red Hat announced certification program for container images.

● Expands existing Red Hat certification into the container space.

● Ensures stable, end-to-end supportable stack for applications.

● Enables the whole Red Hat ISV ecosystem to benefit from the advantages of aggregate Application-centric packaging with Docker. HARDWARE, VIRT, CLOUD

RHEL HOST OS, SHARED SERVICES


PORTABILITY ACROSS THE OPEN HYBRID CLOUD


Application-Centric Packaging Benefits

PORTABLE AND RELIABLE APPLICATION DEPLOYMENTS

● Includes dependencies to work the same across multiple hosts

● Portable across the Red Hat portfolio in the Open Hybrid Cloud

RAPID AND EFFICIENT APPLICATION DELIVERY

● Built, delivered, and patched in seconds

● Run instantly, without restart

SIMPLIFIED APPLICATION DELIVERY LIFECYCLE

● Consistency across dev, test, and production environments

● Better patching via updating only what’s changed + rollback

FINE-GRAINED CONTROL

● Limit resource usage for each application instance

● Applications can be upgraded, rolled back, or removed in seconds

ISOLATED AND SECURE DEPLOYMENTS

● Isolate and secure apps without hypervisor overhead

● Modify apps without impacting the rest of the server

LIGHTWEIGHT FOOTPRINT AND MINIMAL OVERHEAD

● Includes “just enough” host application, and dependencies

● Rapid delivery and scale out


Red Hat Enterprise Linux Atomic Host


RHEL 7.0 Application-centric Packaging and Linux containers benefits


SUMMARY


REDEFINING THE ENTERPRISE OS

1

2

3

4

Delivers a flexible, stable, and secure foundation for your infrastructure from existing deployments to next generation solutions.

Increases the efficiency of IT operations with scalable filesystems, Windows interoperability, and OpenLMI management.

Continues Red Hat Enterprise Linux’s proven track record of delivering superior reliability and security.

Improves IT agility via containers, streamlined deployment, and optimal performance profiles.


THANK YOU

red hat enterprise linux 7...4 red hat enterprise linux 7 red hat enterprise linux roadmap* cy2011...

Documents