About OSv support for docker image using 9pfs
Hi all, We have some requirement to support standard docker OCI image. Currently OSv did not support 9pfs. Anyone are thinking of this or not ? Thanks Qixuan Wu -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
HI, 在 2018年9月18日星期二 UTC+8下午8:24:48,Waldek Kozaczuk写道: > > Hi, > > Could you please be more specific? Do you want to run OSv in Docker or > Docker in OSv? > > Waldek > > On Tuesday, September 18, 2018 at 4:59:42 AM UTC-4, Qixuan Wu wrote: >> >> Hi all, >> >>We have some requirement to support standard docker OCI image. >> >>Currently OSv did not support 9pfs. Anyone are thinking of this or not >> ? >> >> Thanks >> Qixuan Wu >> > -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu wrote: > Hi all, > >We have some requirement to support standard docker OCI image. > >Currently OSv did not support 9pfs. Anyone are thinking of this or not > ? > Supporting 9p and virtfs has been on our wishlist for quite some time (see https://github.com/cloudius-systems/osv/issues/210) but nobody is actively working on it. Nadav. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
About benchmark for scheduler and memory
Hi all, Is anyone run some benchmark like lmbench inside OSv ? Then we can compare it with Linux and see the improvement detailed items. Thanks & Regards. Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: > > > On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu > wrote: > >> Hi all, >> >>We have some requirement to support standard docker OCI image. >> >>Currently OSv did not support 9pfs. Anyone are thinking of this or not >> ? >> > > Supporting 9p and virtfs has been on our wishlist for quite some time (see > https://github.com/cloudius-systems/osv/issues/210) but nobody is > actively working on it. > This is a very important feature. If we can do it, it will be easy can support the compatibility with the OCI docker image. Some docker container can securely run inside OSv. That we can call it is another secure container solution, like kata container, gVisor. Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
On Tue, Sep 18, 2018 at 5:48 PM, Qixuan Wu wrote: > > > 在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: >> >> >> On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu wrote: >>> >>> Hi all, >>> >>>We have some requirement to support standard docker OCI image. >>> >>>Currently OSv did not support 9pfs. Anyone are thinking of this or not >>> ? >> >> >> Supporting 9p and virtfs has been on our wishlist for quite some time (see >> https://github.com/cloudius-systems/osv/issues/210) but nobody is actively >> working on it. > > > This is a very important feature. If we can do it, it will be easy can > support the compatibility with the OCI docker image. Some docker container > can securely run inside OSv. That we can call it is another secure container > solution, like kata container, gVisor. FWIW: I was looking to prototype 9pfs support for a hackathon back in 2014. It looked pretty manageable, frankly. Not sure I can help with coding it up again, but I can definitely help with whatever else may be needed. Thanks, Roman. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
On Tue, Sep 18, 2018 at 7:27 PM, Qixuan Wu wrote: > > > 在 2018年9月19日星期三 UTC+8上午10:00:36,Roman Shaposhnik写道: >> >> On Tue, Sep 18, 2018 at 5:48 PM, Qixuan Wu wrote: >> > >> > >> > 在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: >> >> >> >> >> >> On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu wrote: >> >>> >> >>> Hi all, >> >>> >> >>>We have some requirement to support standard docker OCI image. >> >>> >> >>>Currently OSv did not support 9pfs. Anyone are thinking of this or >> >>> not >> >>> ? >> >> >> >> >> >> Supporting 9p and virtfs has been on our wishlist for quite some time >> >> (see >> >> https://github.com/cloudius-systems/osv/issues/210) but nobody is >> >> actively >> >> working on it. >> > >> > >> > This is a very important feature. If we can do it, it will be easy can >> > support the compatibility with the OCI docker image. Some docker >> > container >> > can securely run inside OSv. That we can call it is another secure >> > container >> > solution, like kata container, gVisor. >> >> FWIW: I was looking to prototype 9pfs support for a hackathon back in >> 2014. >> It looked pretty manageable, frankly. Not sure I can help with coding >> it up again, >> but I can definitely help with whatever else may be needed. > > > I am searching the virtfs/9p source code from linux or some bsd code. > But seems freebsd/netbsd still not support it. I only want the client, > because qemu > has the server already. > > Do you have any some suggestion for the code from where to port ? If what I think you're trying to do is, indeed, what you are actually trying to do, I'd look here: https://lwn.net/Articles/716582/ Thanks, Roman. P.S. Stefano is a good friend of mine -- so if that content seems useful to you I can do a direct intro. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
Hi Waldek: We have some different docker images or containers. Some images and containers are sharing some common layers. Currently, those are single process container with Java. And those java are loading other many jar tarballs. We cannot make all the tar files to be a qcow2 files. Then common layers cannot be shared within different type of containers. We hope each OSv can running each container like kata container. Each container can still merge all the layers using overlays. And pass the mount point to OSv by Virtfs/9p as the rootfs. Then common layers can be shared within different type of containers. And temporary file can also be saved in overlays. Thanks & Regards Qixuan. 在 2018年9月18日星期二 UTC+8下午8:24:48,Waldek Kozaczuk写道: > > Hi, > > Could you please be more specific? Do you want to run OSv in Docker or > Docker in OSv? > > Waldek > > On Tuesday, September 18, 2018 at 4:59:42 AM UTC-4, Qixuan Wu wrote: >> >> Hi all, >> >>We have some requirement to support standard docker OCI image. >> >>Currently OSv did not support 9pfs. Anyone are thinking of this or not >> ? >> >> Thanks >> Qixuan Wu >> > -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: gvisor - google user-space kernel in go
- claim to run unmodified Linux executable like OSv does gVisor can run the C application without recompiling, but application only can run on OSv with recompiling. 在 2018年7月2日星期一 UTC+8上午2:38:48,Waldek Kozaczuk写道: > > Couple of days ago I attended a presentation by one of the Google > engineers at QCon Ny. It did not give that much more insights then official > docs but here are couple of bullet points worth pointing: > >- 150 ms startup time (not sure from from point) and 15MB of memory >usage >- implements 211 Linux syscalls >- listed number of apps working on which suggests not all apps are >going to work on gVisor >- claim to run unmodified Linux executable like OSv does >- gVisor is not simple passthrough but rather implements and emulates >the syscalls its own way >- written in Golang which has garbage collection (which may have some >performance implications -> my takeaway) >- made of 2 components: *sentry* that emulates syscalls and implements >network access and *gofer* for file access >- gVisor is not for "syscall heavy applications" (mentions syscall >handling has some overhead) > > > On Tuesday, June 19, 2018 at 9:17:56 AM UTC-4, Geraldo Netto wrote: >> >> Dear Friends, >> >> A while ago, Google has released gVisor [1]: >> "gVisor is a user-space kernel, written in Go, that implements a >> substantial portion of the Linux system surface. It includes an Open >> Container Initiative (OCI) runtime called runsc that provides an >> isolation boundary between the application and the host kernel. The >> runsc runtime integrates with Docker and Kubernetes, making it simple >> to run sandboxed containers. >> >> gVisor takes a distinct approach to container sandboxing and makes a >> different set of technical trade-offs compared to existing sandbox >> technologies, thus providing new tools and ideas for the container >> security landscape. >> >> gVisor intercepts all system calls made by the application, and does >> the necessary work to service them. Importantly, gVisor does not >> simply redirect application system calls through to the host kernel. >> Instead, gVisor implements most kernel primitives (signals, file >> systems, futexes, pipes, mm, etc.) and has complete system call >> handlers built on top of these primitives. >> >> Since gVisor is itself a user-space application, it will make some >> host system calls to support its operation, but much like a VMM, it >> will not allow the application to directly control the system calls it >> makes." >> >> Maybe, it might be interesting to write down a comparison of OSv and >> gVisor >> and possibly, bring some ideas from them >> eg: check which syscalls are implemented (I suppose they have done >> some study to define which syscalls are more important) [2] >> >> [1] https://github.com/google/gvisor >> [2] https://github.com/google/gvisor/tree/master/pkg/abi/linux >> >> >> Kind Regards, >> >> Geraldo Netto >> Sapere Aude => Non dvcor, dvco >> http://exdev.sf.net/ >> > -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
在 2018年9月19日星期三 UTC+8上午10:00:36,Roman Shaposhnik写道: > > On Tue, Sep 18, 2018 at 5:48 PM, Qixuan Wu > wrote: > > > > > > 在 2018年9月19日星期三 UTC+8上午5:56:58,Nadav Har'El写道: > >> > >> > >> On Tue, Sep 18, 2018 at 11:59 AM, Qixuan Wu wrote: > >>> > >>> Hi all, > >>> > >>>We have some requirement to support standard docker OCI image. > >>> > >>>Currently OSv did not support 9pfs. Anyone are thinking of this or > not > >>> ? > >> > >> > >> Supporting 9p and virtfs has been on our wishlist for quite some time > (see > >> https://github.com/cloudius-systems/osv/issues/210) but nobody is > actively > >> working on it. > > > > > > This is a very important feature. If we can do it, it will be easy can > > support the compatibility with the OCI docker image. Some docker > container > > can securely run inside OSv. That we can call it is another secure > container > > solution, like kata container, gVisor. > > FWIW: I was looking to prototype 9pfs support for a hackathon back in > 2014. > It looked pretty manageable, frankly. Not sure I can help with coding > it up again, > but I can definitely help with whatever else may be needed. > I am searching the virtfs/9p source code from linux or some bsd code. But seems freebsd/netbsd still not support it. I only want the client, because qemu has the server already. Do you have any some suggestion for the code from where to port ? Thanks & Regards Qixuan. -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: About OSv support for docker image using 9pfs
Hi, Could you please be more specific? Do you want to run OSv in Docker or Docker in OSv? Waldek On Tuesday, September 18, 2018 at 4:59:42 AM UTC-4, Qixuan Wu wrote: > > Hi all, > >We have some requirement to support standard docker OCI image. > >Currently OSv did not support 9pfs. Anyone are thinking of this or not > ? > > Thanks > Qixuan Wu > -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
