| |||||||||||||
LCE: The failure of operating systems and how we can fix itLCE: The failure of operating systems and how we can fix itPosted Nov 15, 2012 7:50 UTC (Thu) by epa (subscriber, #39769)Parent article: LCE: The failure of operating systems and how we can fix it
Glauber Costa is quite right that hypervisors are a response to the failure of the operating system to provide enough isolation between different processes or different users on the same machine. But there is another important way in which the operating system has failed, and that is in providing an interface which is wide enough to be usable and yet narrow enough to be completely specified and dependable.
Often a large application will specify a particular Linux distribution or Windows version it is 'certified' to run on. The vendor may even insist that its application be the only thing running on the machine, if you want to get support. It may require particular versions of system libraries because those were the ones it was tested with. And yes, I am talking about big companies here, where stupid things are done for stupid big-organization reasons, and if you use free software and compile from source you are free of this nonsense, blah blah. But bear with me and assume that at least some of the time there is a legitimate reason to require an exact operating system version for running an application. (If you have ever worked on a support desk, you will find this reality easier to accept.)
So what we start to see are 'appliances' where the application is packaged up with its operating system ready to load into a virtual machine. Instead of supplying a program which calls the complex interface provided by the kernel, C library, and other system libraries, the vendor supplies one which expects the 'ABI' of an idealized x86-compatible computer. It has proved easier to agree on that than to agree on the higher level interfaces. Even though, somewhat absurdly, it means that TCP/IP and filesystems and virtual memory are all being reimplemented inside the 'appliance', it works out more robust this way.
(Log in to post comments)
LCE: The failure of operating systems and how we can fix it Posted Nov 15, 2012 9:55 UTC (Thu) by robert_s (subscriber, #42402) [Link]
"it works out more robust this way."
Only because so far, little communication & cooperation between these appliances has been sought or required. If "appliances" are our new "processes" the fun is going to come when the equivalent of IPC is required.
And let's not even start talking about efficiency.
LCE: The failure of operating systems and how we can fix it Posted Nov 15, 2012 9:58 UTC (Thu) by epa (subscriber, #39769) [Link]
For better or worse inter-application communication will end up as being TCP/IP rather than via the filesystem or local IPC mechanisms.
LCE: The failure of operating systems and how we can fix it Posted Nov 15, 2012 16:04 UTC (Thu) by k3ninho (subscriber, #50375) [Link]
TCP/IP? That's a little broad: JSON via HTTP requests on port 80 (it's left to the reader to provide an insecure implementation via HTTPS/443).
LCE: The failure of operating systems and how we can fix it Posted Nov 22, 2012 6:08 UTC (Thu) by HelloWorld (guest, #56129) [Link]
What's the problem with IPC? The whole point of containers is to have better granularity: share the IPC namespace, but don't share the file system namespace so that you can use your own shared libraries.
LCE: The failure of operating systems and how we can fix it Posted Nov 22, 2012 8:13 UTC (Thu) by Fowl (subscriber, #65667) [Link]
Shared libraries often use IPC...
Plus people want to use containers for more serious "untrusted" isolation.
LCE: The failure of operating systems and how we can fix it Posted Nov 15, 2012 15:26 UTC (Thu) by raven667 (subscriber, #5198) [Link]
I think this is exactly right and is something I have noticed as well. I would also add that this is the reality of the micro kernel model, so in a way tannenbaum was right., micro kernels are the future, but we call them hypervisors.
LCE: The failure of operating systems and how we can fix it Posted Nov 15, 2012 18:01 UTC (Thu) by drag (subscriber, #31333) [Link]
And with KVM we call hypervisors "Linux"
LCE: The failure of operating systems and how we can fix it Posted Nov 15, 2012 20:09 UTC (Thu) by glommer (subscriber, #15592) [Link]
Which is a very big advantage of KVM, why I like it so much, and worked on it for so long.
But while you are reusing all of the infrastructure from the OS - awesome - you still have two schedulers, two virtual memory subsystems, two IO dispatchers, etc.
Containers, OTOH, are basically the Operating System taking resource isolation one step further, and allowing you to do all that without resorting to all the resource duplication you have with hypervisors - be your hypervisor your own OS or not.
Which of them suits you better, is up to you, your use cases, and personal preferences.
|
|||||||||||||