Cross Column

Showing posts with label Virtual Machine. Show all posts
Showing posts with label Virtual Machine. Show all posts

Tuesday, January 15, 2019

OCI―Knowing Compute Service Basics

Video 1.  OCI Core 100 - Compute (Demo starts at 24:00)

 Oracle Cloud Infrastructure (OCI) Compute Service lets you provision and manage compute hosts,  known as instances.  

Instance Type


OCI offers two types of instances:
  • Bare Metal
    • Gives you dedicated physical server access (single-tenant model) for highest performance and strong isolation
    • Allows direct hardware access with all the security, capabilities, elasticity and scalability of OCI
  • Virtual Machine
    • A hypervisor to virtualize the underlying Bare Metal server into smaller VMs (multi-tenant model)
      • The virtualization makes it possible to run multiple VMs that are isolated from each other
      • VMs are ideal for running applications that do not require the performance and resources (CPU, memory, network bandwidth, storage) of an entire physical machine
Both types of instances are run on the same OCI stacks.
Figure 1.  Bare Metal Instances
Figure 2.  VM Standard Instances (Intel X7 & AMD)
Figure 3.  VM Dense I/O Instances
Figure 4.  GPU Instances (BM and VM)

Instance Shape


A shape is a template that determines the number of CPUs, amount of memory, and other resources allocated to a newly created instance.  OCI Compute Service enables you to select from a range of predefined shapes for both Bare Metal (BM) and Virtual Machine (VM) instances (see Figure 1-4):
  • Compute Standard E2 is based on AMD EPYCTM processor
  • 2 x 25 Gbps implies two NIC cards with 25 Gbps bandwidth
  • Network bandwidth is based on expected bandwidth for traffic within a VCN
  • Max vNICs numbers are for Linux
  • GPU (Nvdia)[2]
    • Volta is based on Tesla Volta GPUs
    • Pascal is based on Tesla Pascal GPUs
  • VM standard vs VM Dense IO shapes
    • VM Dense IO will provide NVMe drivers and VM Standard will provide block storage only

Figure 5.  Image Tab for Selecting the Image Build (highlighted: Oracle Images)

Instance Image


An image is a template of a virtual hard drive. The image determines the operating system and other software for an instance. 

On the Image tab (see Figure 5) you can optionally change the image build. By default, the latest build of the image is used to create the instance. You can select an older build of the image that is compatible with the shape you selected. Only compatible image builds are displayed in the list. You need to select a shape before you can change the image build.

The following images of different categories can be browsed on OCI Console:
  • Platform Images
    • Pre-built images for Oracle Linux, Microsoft Windows, Ubuntu and CentOS
      • Linux Images
        • Default set of firewall rules allow only SSH access (port 22)
          • Users (e.g. opc for Oracle/CentOS or ubuntu for Ubuntu) with sudo privileges are created automatically for instances and are configured for remote access over the SSH v2
        • Provide a startup script using cloud-init
      • Windows Images
        • User name opc created automatically with an one-time password
        • Include the Windows Update utility to get the latest Windows updates from Microsoft
    • See Oracle-provided images for more information
  • Oracle Images
    • Pre-built Oracle enterprise images and solutions enabled for OCI
  • Partner Images
    • Trusted third-party images published by Oracle partners
  • Custom Images
    • Custom images created (from an instance's boot disk) or imported into your OCI environment.  
      • When you create an image of a running instance, the instance shuts down and remains unavailable for several minutes. When the process is complete, the instance restarts.
      • Instances you launch from your custom image include customization, configuration, and software installed when you create the image
      • Custom images do not include the data from any attached block volumes
      • A custom image cannot exceed 300 GB
    • See Managing Custom Images for more details.
  • Boot Volumes
  • Image OCID
Image Import/Export
Read this Oracle whitepaper for more details.

Creating an Instance from a Custom Image


Follow these steps to launch a virtual machine instance on OCI by using a previously created custom image:
  1. From the Compute tab, select Instances
  2. Choose a compartment in which you have permission to work. 
  3. Click Create Instance. 
  4. In the Create Instance dialog box, provide the following information: 
    • Enter a name for the instance. 
    • Choose an availability domain. 
    • Choose Change Image Source
    • Choose Custom Image as the boot volume. 
    • Choose the custom image to use. 
    • Choose Virtual Machine as the instance type.
    • Choose a shape (only compatible shapes are available). 
    • Configure Boot Volume
      • You can change boot volume size and/or choose a key from Key Management to encrypt this volume
    • Choose to upload or paste SSH keys (public keys). 
    • Choose a VCN
    • Choose a subnet. 
  5. Click Create Instance.

Configuration Details
  • Name
    • You can add or change instance name later. The name doesn't need to be unique; an Oracle Cloud Identifier (OCID) uniquely identifies the instance.
  • Availability domain 
  • Image Source
    • When you click Change Image Source, the Browse All Images dialog opens with the operating system or image source options. The following options are available:
      • Platform Images, Partner Images, Oracle Images, Custom Images, Boot Volumes, Image OCID
  • Instance Type
    • Select Virtual Machine or Bare Metal Machine.
  • Instance Shape
    • When you click Change Shape, the Browse All Shapes dialog opens and is populated with the list of available VM or bare metal shapes based on what you selected for instance type.
    • See Compute Shapes for a list of the available bare metal and VM shapes. 
  • Boot Volume Size
    • The specified size must be larger than the selected image's default boot volume size.
    • See Custom Boot Volume Sizes for more information.
  • Encryption
    • Boot volumes are encrypted by default but you can optionally encrypt the data in this volume using your own Key Management encryption key. 
    • See Overview of Key Management for more information.
  • SSH key
    • The public key portion of the key pair you want to use for SSH access to the instance. 
  • Virtual Cloud Network Compartment
    • The compartment containing the network in which to create the instance.
  • Virtual Cloud Network
    • The network in which to create the instance.
  • Subnet Compartment
    • The compartment containing a subnet within the cloud network to attach the instance to.
  • Subnet
    • A subnet within the cloud network to attach the instance to. 
    • The subnets are either public or private
      • Private means the instances in that subnet can't have public IP addresses. 
    • For more information, see Access to the Internet.
  • Fault Domain (Advanced Options)
    • If you do not specify the fault domain, the system selects one for you. 
    • Once the instance has been created, if you want to change the fault domain you need to terminate the instance and launch a new instance in the preferred fault domain. 
    • For more information, see Fault Domains and Best Practices for Your Compute Instance
  • User Data (Advanced Options)
    • Data to be used by Cloud-Init to run custom scripts or provide custom Cloud-Init configuration. 
    • The file or script does not need to be base64-encoded, as the Console performs this encoding when the information is submitted. For information about how to take advantage of user data, see the Cloud-Init Documentation.
  • Tags (Optional)
    • To apply a defined tag, you must have permissions to use the tag namespace. 
    • For more information about tagging, see Resource Tags
  • Instance Configuration(Optional)[5]
    • Instance configurations allow you to define the configuration to use when creating Compute instances as part of an instance pool.
    • See Managing Compute Instances for more information.
  • VNIC (Optional)
    • A VNIC enables an instance to connect to a VCN and determines how the instance connects with endpoints inside and outside the VCN. 
    • Each instance automatically comes with a primary VNIC, and you can add secondary ones.
    • See Virtual Network Interface Cards (VNICs) for more information.
  • Console Connection (Optional)
  • Attached Block Volume (Optional)
    • You can attach  a block volume to an instance in order to expand the available storage on the instance. 
    • See Attaching a Volume for more information.

References

  1. Compute Service (OCI)
  2. General Availability of Virtual Machines with NVIDIA GPUs on Oracle Cloud Infrastructure
  3. Deploying Custom Operating System Images onOracle Cloud Infrastructure
  4. Oracle Cloud Infrastructure―OCI Key Management Basics
  5. Creating an Instance Configuration (OCI)
  6. Fault Domains (OCI)
  7. Best Practices for Your Compute Instance (OCI)
  8. Cloud-Init Documentation (OCI)
Posted by at 1 comment:
Labels: , , , , , , , , ,

Tuesday, December 1, 2015

Cloud: Find Out More about Your VM

If you can access a VM in a cloud and would like to find out more about it, here are what you can do on a Linux system.

lscpu


lscpu is a useful Linux command to uncover CPU architecture information.  It can print out the following VM information:
  • Hypervisor vendor[1]
  • Virtualization type 
  • Cpu virtualization extension[2]
Using two different servers (see below) as examples, we have found that:
  • Server #1
    • This is a Xen guest fully virtualized (HVM).
  • Server #2
    • This is a physical server.  However, it does have the virtualization extensions in hardware.
      • Another way to verify it is to:[3]
        • cat /proc/cpuinfo | grep vmx
Server #1

 $ lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                4
On-line CPU(s) list:   0-3
Thread(s) per core:    4
Core(s) per socket:    1
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 63
Stepping:              2
CPU MHz:               2294.924
BogoMIPS:              4589.84
Hypervisor vendor:     Xen
Virtualization type:   full
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              46080K
NUMA node0 CPU(s):     0-3

Server #2


$ lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                16
On-line CPU(s) list:   0-15
Thread(s) per core:    2
Core(s) per socket:    4
CPU socket(s):         2
NUMA node(s):          2
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 26
Stepping:              5
CPU MHz:               1600.000
BogoMIPS:              4521.27
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              8192K
NUMA node0 CPU(s):     0-3,8-11
NUMA node1 CPU(s):     4-7,12-15


virt-what


virt-what is another useful Linux command to detect if we are running in a virtual machine.  For example, Server #1 is a Xen guest fully virtualized as shown below:[4]

$ sudo virt-what
xen
xen-hvm

If virt-what is not installed in the system, you can install it using yum (an interactive, rpm based, package manager).

To find out which package "virt-what" is in, type:

$ yum whatprovides "*/virt-what"
Loaded plugins: aliases, changelog, downloadonly, kabi, presto, refresh-
              : packagekit, security, tmprepo, verify, versionlock
Loading support for kernel ABI
virt-what-1.11-1.1.el6.x86_64 : Detect if we are running in a virtual machine
Repo        : installed
Matched from:
Filename    : /usr/sbin/virt-what

To install the matched package, type (note that "-1.11-1.1.el6" in the middle of the full name has been removed):

# yum install virt-what.x86_64
Loaded plugins: aliases, changelog, downloadonly, kabi, presto, refresh-
              : packagekit, security, tmprepo, verify, versionlock
Loading support for kernel ABI
Setting up Install Process
Nothing to do


Finally, If nothing is printed and the "virt-what" exits with code 0 (or no error) as in Server #2, then it can mean either that the program is running on bare-metal or the program is running inside a type of virtual machine which we don't know about or cannot detect.

References

  1. How to check which hypervisor is used from my VM?
  2. Linux: Find Out If CPU Support Intel VT and AMD-V Virtualization Support
      • Hardware virtualization support:
        • vmx — Intel VT-x, virtualization support enabled in BIOS.
        • svm — AMD SVM,virtualization enabled in BIOS.
    1. Enabling Intel VT and AMD-V virtualization hardware extensions in BIOS
    2. Hardware-assisted virtualizion (HVM)
      • HVM support requires special CPU extensions - VT-x for Intel processors and AMD-V for AMD based machines. 
    3. Oracle Process Cloud Service 16.2.1 Release
    4. All Cloud-related articles on Xml and More


    Posted by at 1 comment:
    Labels: , , , , , , , ,

    Sunday, November 1, 2015

    Docker: Differences between Container and Full VM

    A virtual machine (VM) is an emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer, and their implementations may involve specialized hardware, software, or a combination of both.

    In this article, we will examine the differences between a Docker Container and a Full VM  (see Note 1).

    Docker Container


    Docker is a facility for creating encapsulated computer environments, each encapsulated computer environment is called a container.[2,7]

    Starting up a Docker container is lightning fast because:
    Each container shares the host computer's copy of the kernel.
    • However, each with its own running copy of Linux
    • This means there's no hypervisor, and no extended bootup

    In contrast, Virtual Machines implantation in KVM, VirtualBox or VMware is different.


    Terminology

    • Host OS vs Guest OS
      • Host OS
        • is the original OS installed on a computer
      • Guest OS
        • is installed in a virtual machine or disk partition in addition to the host or main OS
          • In a virtualization, a guest OS can be different from the host OS
          • In disk partitioning, a guest OS must be the same as the host OS
    • Hypervisor (or virtual machine monitor)
      • is a piece of computer software, firmware or hardware that creates and runs virtual machines.
      • A computer on which a hypervisor is running one or more virtual machines is defined as a host machine
      • Each virtual machine is called a guest machine.
    • Docker Container
      • A encapsulated computer environment created by Docker
      • Docker on Linux platforms
        • Building on top of facilities provided by the Linux kernel (primarily cgroups and namespaces)
        • Unlike a virtual machine, does not require or include a separate operating system
      • Docker on non-Linux platforms 
    • Docker daemon
      • is the persistent process that manages containers. 
        • Docker uses the same binary for both the daemon and client.
      • uses Linux-specific kernel features


    Container vs Full VM


    A full virtualized system gets its own set of resources allocated to it, and does minimal sharing. You get more isolation, but it is much heavier (requires more resources).  With Docker container you get less isolation, but they are more lightweight and require less resources. So you could easily run 1000's on a host, and it doesn't even blink.[1]

    Basically, a Docker container (see Note 1) and a full VM have different fundamental goals
    • VM is to fully emulate a foreign environment
      • Hypervisor in a full VM implementation is required to translate commands between Guest OS and Host OS
      • Each VM requires a full copy of the OS, the application being run and any supporting libraries
      • If you need to simultaneously run different operating systems (like Windows, OS/X or BSD), or run programs compiled for other operating systems: You need to do a full Virtual Machines implantation.
        • In contrast, the container OS (or, more accurately, the kernel) must be the same as the host OS and is shared between container and host (see Note 1).
    • Container is to make applications portable and self-contained
      • Each container shares the host computer's copy of the kernel. 
        • This means there's no hypervisor and no extended bootup.
      • The container engine is responsible for starting and stopping containers in a similar way to the hypervisor on a VM. 
        • However, processes running inside containers are equivalent to native processes on the host and do not incur the overheads associated with hypervisor execution.

    Notes

    1. In this article, we only focus on Docker implementations on Linux platforms. In other words, our discussions here exclude non-Linux platforms (i.e, Windows, Mac OS X, etc.).[2]
      • Because the Docker daemon uses Linux-specific kernel features, you can’t run Docker natively in either Windows or Mac OS X.
      • Docker on non-Linux platforms uses a Linux virtual machine to run the containers.

    Photo Credit

    References

    1. How is Docker different from a normal virtual machine? (Stackoverflow)
    2. Newbie's Overview of Docker
    3. Supported Installation (Docker)
    4. EXTERIOR: Using Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery
    5. Comparing Virtual Machines and Linux Containers Performance
    6. An Updated Performance Comparison of Virtual Machines and Linux Containers
    7. Security and Isolation Implementation in Docker Containers
    Posted by at 2 comments:
    Labels: , , , ,
    Subscribe to: Posts (Atom)