Loading…
October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Intermediate [clear filter]
Tuesday, October 4
 

11:15

Flotilla – Containerized Network Function Deployment at Enterprise Branch Offices - Sumanth Mysore Sathyanarayana, Deutsche Telekom
Traditionally network functions were getting deployed on specialized hardware appliances. But with the advent of Network Function Virtualization, these infrastructure services are now getting deployed as software inside VMs. This talk is about how Flotilla’s framework could be used to deploy these Network Functions inside containers and in doing so, understanding the benefits and challenges. Flotilla primarily provides three important features which are:
1. It acts as a self-service network function portal connecting multiple branch offices to the cloud.
2. It helps to establish dynamic vpn tunnels between the cloud and the branch offices.
3. It acts as a containerized network function deployer at the branch office, thereby bringing down the capital and operational expenses as well as decreasing the time for deployment and modifications required for the network functions.

Speakers
avatar for Sumanth M. Sathyanarayana

Sumanth M. Sathyanarayana

Sr Software Engineer, Twitch


Tuesday October 4, 2016 11:15 - 12:05
Tegel

11:15

Putting the Parts Together: Building a Secure Container Platform - Matthew Garrett, CoreOS
General purpose operating systems have to solve many problems, and that means they make compromises. You need to be able to install, upgrade and configure individual components, which means having a large surface area vulnerable to attack. More specialised products (such as phones and Chromebooks) benefit from being able to reduce that surface area. Can we do the same with containers?

Security technologies can be overly restrictive in general purpose operating systems. This presentation covers a range of technologies that can be used unobtrusively and effectively in container-focused designs. It will describe how features like dm-verity can provide filesystem-level assurance that binaries are unmodified, how the kernel keyring can be used to provide immutable trusted key stores, how secure boot can root all of this trust in firmware and how container introspection can stop attacks.

Speakers
MG

Matthew Garrett

Staff Security Developer, Google
Matthew Garrett is a security developer at Google, working on infrastructural security for Linux desktop and mobile platforms.


Tuesday October 4, 2016 11:15 - 12:05
Schinkel II/III

11:15

Firefighting Linux Kernel Regressions - Thorsten Leemhuis, Heise Medien GmbH
Learn how to improve Linux by testing new kernels and fighting regressions. Both is easy and in your own interest, as the kernel (which is at the heart of any Linux system) constantly changes. Those changes sometimes break things that used to work; in other cases the performance suffers. These regressions are annoying, but can be fixed easily – however only when noticed and investigated early enough, as it gets way harder to revert a change once it makes it into a new kernel release.

This talk and its live demo will show you how to quickly test upcoming kernel releases without messing up your system. It will also explain how to report problems in case you find any. While covering those areas Thorsten will share some insights he learned while tracking regressions for the Linux kernel versions 4.7 and 4.8.

Speakers
avatar for Thorsten Leemhuis

Thorsten Leemhuis

Editor, c't/Heise Medien
Thorsten works as an editor for Heise Medien, which publishes the German c't magazine and runs the tech news site heise.de. For both he writes a column called "Kernel Log", which regularly discusses developments in the Linux kernel and areas close to it. Thorsten also was a major... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Charlottenburg III

11:15

Geo-Replication and Disaster Recovery for Cloud Object Storage with Ceph Rados Gateway - Orit Wasserman, Red Hat
Ceph is a highly available distributed software defined storage, providing object, key/value and file-system interfaces. Ceph RGW (Rados Gateway) provides HTTP REST API that is S3 and openstack swift compatible.
Many users need storage systems that can span multiple data centers and geographies for disaster recovery and for better time response in remote locations.
This talk will give a brief Ceph architecture overview and then focus on the design and the new implementation of asynchronous Geo-Replication and disaster recovery features in Ceph Rados Gateway. We will also describe its configuration and usage.

Speakers
avatar for Orit Wasserman

Orit Wasserman

Senior Principal Software Engineer, Red Hat
Orit is a senior principal software engineer at Red Hat, focusing on Container and multi cloud storage. She was a principal architect at Lightbits labs working on NVMe/TCP software-defined storage. At Red Hat, she worked on Ceph object storage (Ceph Rados Gateway), a highly available... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Köpenick

11:15

OpenSSL After Heartbleed - Rich Salz & Tim Hudson, OpenSSL
OpenSSL is the most widely-deployed TLS library in the world. A simple programming mistake—failing to check an output length—shook up the project and generated a “re-key the Internet” event. This session will discuss what has happened within the project since then: an expanded team, increased transparency, more rigorous development processes, and greatly increased vitality.

Speakers
avatar for Tim Hudson

Tim Hudson

Dev Team, OpenSSL
Tim Hudson has been involved in system security for more than 20 years. Tim's day job is as the CTO at Cryptsoft where he provides advice and guidance on security technology design and architecture. Tim is involved in KMIP, PKCS#11, FIPS140, OASIS and SNIA and is a long time OpenSSL... Read More →
RS

Rich Salz

Dev Team, OpenSSL
Rich has spoken at RSA, Java-One, and LF Collab Summit, among others. He works at Akamai, helping to make the configuration simpler and more secure by default. He is a member of the OpenSSL development team. He co-chairs the IETF ACME (LetsEncrypt protocol) and Curdle (new ECC curve... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Potsdam I/II

11:15

Why You Hate Security, and What You Can do About It - Casey Schaufler, The Smack Project
Why you hate security, and what you can do about it (Casey Schaufler, Intel) - Regardless of the level at which you're doing your programming, security is going to get in the way. No amount of application abstraction or modern development process seems capable of shielding you from the barriers raised by security.
Let a deep security insider guide you through the reasons we have the security that drives you nuts. Then, with the aid of real world examples, you'll learn how to identify situations where security mechanisms are unnecessary, and the jargon needed to explain this to the people who insist on using them. There are lots of ways to make your life easier beyond turning off SELinux. The things that a developer can do up front to reduce exposure to security mechanisms will be explored. Finally, the issues around security and development process will be exposed.

Speakers
avatar for Casey Schaufler

Casey Schaufler

Engineer, Intel
Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and audit systems. His involvement in Linux began with the Linux Security Module work... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Potsdam III

11:15

Tuning Linux to Get the Best Performance from Varnish Cache - Per Buer, Varnish Software
Varnish Cache is used by 2.2 million websites including Pinterest, Vimeo and Tesla to cache web content, maximize web performance and reduce origin-server load. People often want to know how they can squeeze more performance from their Varnish Cache infrastructures. In most cases, the Linux configuration needs some fine tuning as its default configuration is not optimised for a high web performance web server like Varnish Cache.
Googling for tuning advice about Linux when it comes to Varnish Cache does not always yield helpful advice. Much of what comes back is either outdated or not quite right and the tuning advice could have a detrimental effect of your site’s availability.
This practical session aimed at sysadmins will explain how to tune both: your Varnish Cache and Linux. It will run through all Linux’s default values that need to be changed to achieve high web performance..

Speakers
PB

Per Buer

Varnish Software
Per Buer is the CTO and Founder of Varnish Software, the company behind Varnish Cache. He has nearly twenty years experience building and managing web-related solutions from infrastructure to web applications and in roles ranging from programmer to CEO. Per started his career with... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Hugos South

11:15

Container Orchestration with Docker Swarm, Mesos/Marathon and Kubernetes - Adrian Mouat, Container Solutions
Container orchestration is one of the most fierce battlegrounds in IT today, with several frameworks competing for control. In this talk, I'll explain what container orchestration is, and why it's important, before comparing and contrasting the major platforms: Docker Swarm, Mesos/Marathon and Kubernetes.

I'll use a simple web application as a running example, adapting it to run on each of the platforms in turn. This will allow us to drill down into details of the platforms and highlight their comparative advantages and disadvantages.

Speakers
avatar for Adrian Mouat

Adrian Mouat

Chief Scientist, Container Solutions
Adrian Mouat is Chief Scientist at Container Solutions and the author of the O'Reilly book "Using Docker". He has been a professional software developer for over 10 years, working on a wide range of projects from small webapps to large data mining platforms. His current focus is on... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Bellevue

12:15

An Exploration of Linux Container Network Monitoring and Visualization - Alban Crequy, Kinvolk
The Linux kernel provides a multitude of ways to show what your application containers are doing with the network: /proc, Netlink sockets, eBPF programs, traffic control, Netfilter conntrack, cgroups... the list goes on. In this talk we’ll explore how to utilize these tools to monitor container network activity. We’ll also looks at how we can interface these with Kubernetes, testing frameworks, and Weave Scope, a visualization and monitoring tool.

Speakers
AC

Alban Crequy

Co-founder & Software Engineer, Kinvolk
Originally from France, Alban currently lives in Berlin where he is a co-founder and software engineer at Kinvolk GmbH. He is the technical project lead for rkt, a container runtime for Linux. Before falling into containers, Alban worked on various projects core to modern Linux; kernel... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Tegel

12:15

Secure Application Development in the Age of Continuous Delivery - Tim Mackey, Black Duck Software
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container

Speakers
avatar for Tim Mackey

Tim Mackey

Senior Technical Evangelist, Black Duck by Synopsys
Tim Mackey is a technology evangelist for Black Duck Software specializing in the secure deployment of applications using virtualization, cloud and container technologies. Prior to joining Black Duck, Tim was most recently the community manager for XenServer and was part of the Citrix... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Schinkel II/III

12:15

Kernel Documentation: What We Have and How We'll Make it Better - Jonathan Corbet, LWN.net
It is often said that kernel developers don't care about documentation, but the truth can be seen in the kernel repository: thousands of documentation files and tens of thousands of kernel-doc comments. The problem is that it's all a bit ... messy. Your speaker, in the role of the kernel's documentation maintainer, is trying to clean things up a bit. The talk will cover the current state of kernel documentation, what's being done to make it better, and, along the way, some of the interesting challenges that come with being a kernel subsystem maintainer in general.

Speakers
avatar for Jonathan Corbet

Jonathan Corbet

Executive Editor, LWN.net


Tuesday October 4, 2016 12:15 - 13:05
Charlottenburg III

12:15

Solving the Paradox: Less Downtime - More Security - Hannes Kühnemund, SUSE
Minimizing downtime is at the heart of every IT manager because end users are more satisfied if their work isn't blocked by an system outage. However, downtime is unaviodable if a mandatory system updates must be applied in order to fix a critical security hole. But what if there is a technology that can solve this paradox by updating the system without downtime? The upstream project "livepatch", fed with the best from the distributor specific implementations kGraft from SUSE and kpatch from Red Hat, is about to make that happen for the Linux Kernel itself - the core component of every system, where patching would always require a reboot. In this presentation, Hannes Kühnemund will talk about recent developments, discuss the current state including a deep dive into challenges on the way.

Speakers
avatar for Hannes Kühnemund

Hannes Kühnemund

Sr. Product Manager, SUSE
As part of the global Product Management unit at SUSE, Hannes Kühnemund carries responsibility for two major SUSE products: SLE Live Patching and SLES for SAP Applications. Prior to joining SUSE, Kühnemund was with SAP for 14 years in different roles, such as Product Owner, Project... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Potsdam III

12:15

Building Distributed Systems without Docker, Using Docker Plumbing Projects - Patrick Chanezon & David Chung, Docker & Phil Estes, IBM
Docker provides an integrated and opinionated toolset to build, ship and run distributed applications. Over the past year, the Docker codebase has been refactored extensively to extract infrastructure plumbing components that can be used independently, following the UNIX philosophy of small tools doing one thing well: runC, containerd, swarmkit, hyperkit, vpnkit, datakit.

This talk will give an overview of these tools and how you can use them to build your own distributed systems without Docker.

Speakers
avatar for Patrick Chanezon

Patrick Chanezon

Chief Developer Advocate, Docker
As the Chief Developer Advocate for Docker, Patrick Chanezon helps drive the direction of the company’s open source projects, acting as an advocate for the developer community to assure that their requirements and issues are addressed in the Docker platform. From 2013 to 2015, he... Read More →
avatar for Phil Estes

Phil Estes

Distinguished Engineer & CTO, Container & Linux Strategy, IBM Cloud
Phil is a Distinguished Engineer in the office of the CTO for IBM Cloud, guiding IBM's strategy around containers and Linux. Phil is a founding maintainer of the CNCF containerd runtime project, and participates in the Open Container Initiative (OCI) as a member of the Technical Oversight... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Bellevue

14:30

Getting Started with Docker Services - Mike Goelzer, Docker
Docker Services are a new abstraction available in recent versions of the Docker platform. Unlike the familiar 'docker run' command, Services are used to declare a desired application state that the Docker Engine will maintain.

In this presentation, Mike Goelzer will introduce the audience to Docker Services, explaining what they are and how to use them to deploy multi-tier applications. Other topics covered: load balancing, service discovery, scaling, security, deployment models, and common network topologies.

I will also present a live demo of a microservice application deployed and configured using Docker Services. All demo code will be available in Github.

Speakers
avatar for Mike Goelzer

Mike Goelzer

Sr. PM & Platform Architect, Docker
Docker and container orchestration


Tuesday October 4, 2016 14:30 - 15:20
Bellevue

14:30

PM Infrastructure in the Linux Kernel - Current Status and Future - Rafael J. Wysocki, Intel OTC
Multiple subsystems in the Linux kernel are concerned with various aspects of energy efficiency. Some of them act on the system as a whole while the others focus on individual CPUs or IO devices. The majority of them have been developed in isolation and they work reasonably well individually, but that is often insufficient to address problems related to contemporary trends in hardware design and growing user expectations. Thus they have to be made work more closely with one another and with core kernel code like the CPU scheduler. Efforts to make that happen are under way and I will describe them. However, in the meantime the existing Linux PM infrastructure has to respond to the users' needs, so I will discuss its current status, the most important problems it is facing and some possible ways to address them.

Speakers
avatar for Rafael J. Wysocki

Rafael J. Wysocki

Software Engineer, Intel OTC
Rafael maintains the Linux kernel's core ACPI and power management code, including the core infrastructure for IO device PM, CPU PM and system suspend/hibernation. He works at Intel Open Source Technology Center as a Software Engineer focusing on the mainline Linux kernel. Rafael... Read More →


Tuesday October 4, 2016 14:30 - 15:20
Charlottenburg III

14:30

Container Orchestration: Swarm, Mesos, Kubernetes - Which Conductor? - Mike Bright, HPE
Oh my, as if we didn’t have enough container choices with LXC, Docker, rkt, LXD, we still have to choose a container orchestrator and there are lots of them !

Worse - the choice of orchestrator is the new industry battleground.
Feature sets increase rapidly and industry players are making acquisitions and investments.

It’s still early days in container orchestration and so existing solutions partially overlap meaning that combinations of orchestrators may be needed.

So how should you choose for your use case?

In this talk we’ll take a look at what is orchestration and why you need it.
We’ll look at the main contenders amongst Docker Swarm, Google’s Kubernetes, Apache Mesos as well as Fleet, Rancher/cattle and Juju.

We’ll compare and contrast the existing solutions, look at where they are heading and how you can use them in your solution today and tomorrow.

Speakers
avatar for Michael Bright

Michael Bright

Technical Trainer, @mjbright Consulting
Michael Bright, is a Technical Trainer for Docker, Kubernetes, Serverless, Micro-services. Based in Grenoble, France, he runs a Python user group, and is a co-organizer of the Docker and FOSS Meetup groups. He has a keen interest in Containers, Orchestration, Unikernels and Serverless... Read More →


Tuesday October 4, 2016 14:30 - 15:20
Schinkel II/III

14:30

Ceph Community Update - Lars Marowsky-Brée, SUSE
The Ceph project is the most vibrant and active Software-Defined-Storage project in the Linux world. With the recent "Jewel" release, significant functionality, stability, and performance work has been made available. By the time of LinuxCon Europe, we will already be close to the "Kraken" release, in preparation for the next long-term release "Luminous" in 2017. There is plenty of exciting work in the management tooling space, from GUIs to configuration management, and downstream activity and distribution adoption. Some of the features promise significant performance gains, or major new functionality like CephFS.

We will discuss the recent developments, current status of various features, and the roadmap of the Ceph project. We will also look at the state of the community and contributions.

Speakers
avatar for Lars Marowsky-Brée

Lars Marowsky-Brée

Depressed Engineer, SUSE
Lars is the architect for Software-Defined-Storage at SUSE, and represents SUSE on the Ceph Foundation Board of Governors. He lives in Berlin.


Tuesday October 4, 2016 14:30 - 15:20
Köpenick

14:30

Explain Yourself! Documentation for Better Code - Chris Ward, Crate.IO
Explain Yourself! Documentation for Better Code (Chris Ward) - How many times have you come across an awesome looking library or tool that you're keen to work with in your own project but can't even begin to understand how to use it?

Programmers are great at creating amazing and cutting-edge code, but not always so good and explaining themselves, and I want to help. In this presentation I want to draw upon my experience in writing tutorials and technical documentation to help you write clear, concise and usable documentation for your own projects.

We will cover topics such as:

- Why write documentation?
- Explaining your point and motivation
- Creating context and meaning
- Writing clear copy
- Creating meaningful examples and tutorials
- Documentation systems and formats
- Making documentation part of build processes
- Testing Docs
- Versioning of Docs

Speakers
avatar for Chris Ward

Chris Ward

Developer Advocate, Crate.IO
Developer Relations, Technical Writing and Editing, (Board) Game Design, Education, Explanation and always more to come.


Tuesday October 4, 2016 14:30 - 15:20
Potsdam I/II

14:30

An Introduction to Linux Control Groups (cgroups) - Michael Kerrisk, man7.org
Control groups (cgroups) are a method of grouping processes for the purpose of monitoring, management, and control. Using cgroups, we can: limit CPU and memory consumption; freeze and resume execution of a group; limit device access; limit the number of processes in a group; and much more. Cgroups are a key building block in modern container systems and are also used in systemd. This tutorial provides an introduction to cgroups, covering both v1 and the recently released v2. The focus is on understanding the operation of the cgroup system itself, rather than going into details of individual controllers. So we'll look at how to create and populate cgroups using shell commands that operate on the cgroup filesystem, and look at topics such as notification, inheritance, and delegation. Bring a laptop so you can walk through some of the examples. No previous cgroups knowledge is assumed.

Speakers
avatar for Michael Kerrisk

Michael Kerrisk

Trainer/consultant, man7.org Training and Consulting
Michael Kerrisk is the author of the acclaimed book, "The Linux Programming Interface" (http://man7.org/tlpi/), a guide and reference for system programming on Linux and UNIX. He contributes to the Linux kernel primarily via documentation, review, and testing of new kernel-user-space... Read More →


Tuesday October 4, 2016 14:30 - 16:20
Tegel

15:30

These Four Questions Will Quickly Tell You If Your Company's OSS Contribution Is Worthwhile - Duane O'Brien, Paypal
Who Cares? Are We Still Using It? Are We Committing Our Own Resources? Can We Develop It All In The Open? By asking these four questions of code you're considering for open source, you can quickly determine if the code is a good candidate, or if you should explore other options. We will look closely at these four questions, why they matter, how to use them, and what those other options might be.

Speakers
avatar for Duane O'Brien

Duane O'Brien

Head of Open Source, Indeed
Duane is the Head of Open Source at Indeed.com, the #1 job site in the world. He is passionate about enabling smart and meaningful contributions to the open source ecosystem by both developers and corporations. Duane navigates the path between engineering and management, drawing on... Read More →


Tuesday October 4, 2016 15:30 - 16:20
Tiergarten

15:30

User Namespace and Seccomp Support in Docker Engine - Paul Novarese, Docker
Isolation in Docker is mainly accomplished via cgroups and namespaces. User namespaces are the newest namespace to be supported by the Docker engine, and allow users to run containers as without elevated privileges, which has been a longstanding shortcoming and frequent target of both user frustration and feature requests. In addition, Seccomp support adds a new method of containment for running containers by providing both whitelist and blacklist based controls of system calls that are permitted and/or forbidden for containerized processes. In this session, we’ll look at these new features, examine basics of configuration, and do some live demos to see them in action.

Speakers
avatar for Paul Novarese

Paul Novarese

Technical Account Manager, Docker, Inc.
Paul has been working in the ops side of open source for over 20 years, providing technical support, training, and general consulting in both the largest and smallest data centers.


Tuesday October 4, 2016 15:30 - 16:20
Schinkel II/III

15:30

5 Containers for 5 Languages: Patterns for Software Development Using Containers - Mario Loriedo, Red Hat
Go, Rust, Swift, Haskell and JavaScript are among the hottest languages in 2016 and all have different features that will be exploited to show different patterns to build, test and run applications using containers.

Building upon an earlier workshop at BreizhCamp in 2015 (https://gist.github.com/l0rd/316164ad3f170cde9b12, http://l0rd.github.io/talks/containers-and-languages/), attendees will be lead through the development of samples applications written in different languages in order to illustrate different containers usage patterns.

After a short description of the language, the container and the pattern to use participants will be asked to put into practice these patterns using a sample project.

Speakers
avatar for Mario Loriedo

Mario Loriedo

Senior Principal Software Engineer, Red Hat
Mario is a Software Engineer at Red Hat and has been involved in various open source projects integrating containers and development tools. He is the principal architect of the open source project Eclipse Che.


Tuesday October 4, 2016 15:30 - 16:20
Charlottenburg I/II

15:30

Real Life Example of Scaling Load Balancing Using Open Source on Commodity Hardware - Pavlos Parissis, Booking.com
In order to increase the availability of your application, you place it behind a load balancer. Problem solved but another one is created! How do you make sure this upper layer doesn't become a bottleneck for you? Does it have enough capacity when you go full-on with HTTPS? You need it to be fast, resilient and easy to scale. In this talk I'll present how you combine network protocols and open source software to resolve these problems.

Speakers
avatar for Pavlos Parissis

Pavlos Parissis

Senior Unix System Administrator, Booking.com
Pavlos is a senior system administrator at booking.com, and has been with company for over five years. He's currently on the Global Traffic Distribution team, where he develops solutions and tools to ensure the reliability of the site. He works on load balancing, site speed and management... Read More →


Tuesday October 4, 2016 15:30 - 16:20
Hugos South

15:30

Building Efficient Parallel Testing Platforms with Docker - Laura Frank, Codeship
Fast and efficient software testing is easy with Docker. We often use containers to maintain parity across development, testing, and production environments, but we can also use containerization to significantly reduce time needed for testing by spinning up multiple instances of fully isolated testing environments and executing tests in parallel. This strategy also helps you maximize the utilization of infrastructure resources. The enhanced toolset provided by Docker makes this process simple and unobtrusive, and you’ll see how Docker Engine, Registry, and Compose can work together to make your tests fast.

Speakers
avatar for Laura Frank

Laura Frank

Director of Engineering, CloudBees
As the Director of Engineering at CloudBees and a Docker Captain, Laura's primary focus is making tools for other developers. At CloudBees, she works on improving the Docker infrastructure of the Codeship product and overall experience for all users of the CI/CD platform. Previously... Read More →


Tuesday October 4, 2016 15:30 - 16:20
Schöneberg

16:50

Networking Approaches in a Container World - Flavio Castelli, SUSE
Networking has always been a complicated and delicate topic. Things get even more complicated in the world of containers, where lots of containers are continuously being created and moved over entire data centers.

Several choices are available, each one having a slightly different implementation and its own peculiarities.
This leads to a lot of confusion when a networking solution has to be chosen.

This talk illustrates how the major networking solutions for Linux application containers work: their implementation details, their positive and negative aspects and how they influence the deployment of distributed applications.

Speakers
avatar for Flavio Castelli

Flavio Castelli

Engineering Manager, SUSE
Flavio Castelli is the engineering manager for the containers team at SUSE. Flavio has been following Docker since its early days and focused on its integration within the openSUSE and SUSE ecosystems. Flavio developed experience in creating and managing systems while working on products... Read More →


Tuesday October 4, 2016 16:50 - 17:40
Schinkel II/III
 
Wednesday, October 5
 

11:00

One Year of Deploying Applications with Docker, CoreOS, Kubernetes and Co. - Thomas Fricke, Endocode AG
The talk gives summary on one year of experience with containers in production. Rolling out distributed, heterogeneous applications was a difficult task. We present results from real customer projects, using Docker to deploy applications in a rapidly changing environment by Kubernetes and CoreOS.

Following a very strict approach, separating persistent and stateless applications, running everything in small units orchestrated by Kubernetes we could create descriptions of environments very rapidly, deploying complex environments with a single command. Examples in Java, Python and Ruby are shown. Security has been addressed to pass an extensive security audit.

The talk covers also operational challenges as implementing a deployment pipeline. logging under load, monitoring, distribution of passwords and configurations as limits to the containers resource management.

Speakers
avatar for Thomas Fricke

Thomas Fricke

CTO, Endocode AG
Thomas Fricke is the CTO of Endocode and a cloud architect. He likes to work with scaling applications, specially with distributed databases. He has worked as a development engineer, system, software and cloud architect for many years. Current topics are large scale system automation... Read More →



Wednesday October 5, 2016 11:00 - 11:50
Schinkel II/III

11:00

Container Defense in Depth - Scott McCarty, Red Hat
Defense in depth is an information assurance technique to protect a system from any particular attack by having multiple independent countermeasures in place. In a containerized world, defense in depth is applied by thinking about security within a container, on the container host and at the container platform layer.

This talk will cover numerous technologies and practices at each layer - from kernel quality, svirt, and SECCOMP, to measuring attack surface, use of root and patch remediation, to platform level authentication and authorization, these are the droids you are looking for.

This talk will help an end user understand the breadth of tooling that is available at each level and how they will help protect their system from intrusions and compromises.

Speakers
avatar for Scott McCarty

Scott McCarty

Technical Product Manager, Red Hat
At Red Hat, Scott McCarty is technical product manager for the container subsystem team, which enables key product capabilities in OpenShift Container Platform and Red Hat Enterprise Linux. Focus areas includes container runtimes, tools, and images. Working closely with engineering... Read More →



Wednesday October 5, 2016 11:00 - 11:50
Tegel

11:00

Linux-Kernel Memory Ordering: Help Arrives At Last! - Paul E. McKenney, IBM
It has been said that Documentation/memory-barriers.txt can be used to frighten small children, and perhaps this is true. But even if it is true, it is woefully inefficient. After all, there is a huge number of children in this world, so a correspondingly huge amount of time and effort would be required in order to read it to them all.

This situation clearly calls for an automated tool, which is the topic of this talk, and which is now available in prototype form. This tool takes short fragments of concurrent C code as input, and exhaustively analyzes the possible results. In other words, instead of perusing memory-barriers.txt to find the answer to a memory-ordering question, you can get your answer by writing a small test case and feeding it to the tool. This talk will give an introduction to this tool, describing how to use it and how it works, including a short demo.

Speakers
avatar for Paul McKenney

Paul McKenney

Distinguished Engineer, IBM Linux Technology Center, Beaverton
Paul E. McKenney is a Distinguished Engineer with the IBM Linux Technology Center, where he maintains the RCU implementation within the Linux kernel. He has been coding for four decades, more than half of that on parallel hardware. His prior lives include the DYNIX/ptx kernel at Sequent... Read More →


Wednesday October 5, 2016 11:00 - 11:50
Charlottenburg III

11:00

Locking Down Your Systemd Services - Lennart Poettering, Red Hat
systemd is the system and service manager of most of today's popular Linux distributions. This talk will focus on security features of systemd, that help developers and administrators to lock down system services in powerful ways, in order to build a more secure Operating System. Topics covered are: file system namespace features for services, networking lock-in, seccomp sandboxing, Linux security capabilities, integration with MAC security and many more. The talk will explain how many default services shipped in the various Linux distributions already make use of these security features to minimize impact of services, and how developers, devops engineers and administrators can enable this features easily for their own services, with just a few settings.

Speakers
LP

Lennart Poettering

Principal Software Engineer, Red Hat
Lennart works on systemd, for Red Hat.


Wednesday October 5, 2016 11:00 - 11:50
Köpenick

11:00

Container Orchestration Lab: Swarm, Mesos, Kubernetes - Haïkel Guémar, Fedora Project
There are many container orchestration choices available to the developer today.

In this lab we will look at several orchestrators gaining hands-on experience with them to understand the challenges, and how to do effective orchestration with one or more of the available solutions.

Docker Swarm
Google Kubernetes
Apache Mesos
Combining them

Please follow setup instructions here
http://bit.ly/2674h5J

Speakers
avatar for Haikel Guemar

Haikel Guemar

RDO release wrangler, Fedora Project
CentOS Cloud SIG developerRDO Engineering at Red HatStacker


Wednesday October 5, 2016 11:00 - 12:50
Charlottenburg I/II

12:00

entry_*.S: A Carefree Stroll through Kernel Entry Code - Borislav Petkov, SUSE
I have always wondered what happens when we enter the kernel from
userspace: what preparations does the hardware meet when the userspace
to kernel space switch instructions are executed and back, and what does
the kernel do when it executes a system call. There are also a bunch of
things it does before it executes the actual syscall so I try to look at
those too.

This talk is an attempt to demystify some of the aspects of the cryptic
x86 entry code in arch/x86/entry/ written in assembly and how does
that all fit with software-visible architecture of x86, what hardware
features are being used and how.

With the hope to get more people excited about this funky piece of the
kernel and maybe have the same fun we're having.

Speakers
BP

Borislav Petkov

SUSE
RAS/AMD kernel maintainer working currenly at SUSE Labs. Prior to that at AMDs Operating Systems Research Center doing Linux enablement and hardware debugging work.


Wednesday October 5, 2016 12:00 - 12:50
Charlottenburg III

12:00

Cloud Native Applications, Containers, Microservices, Platforms, CI-CD…Oh My!! - Fabio Chiodini, EMC
As a new user the World of Cloud native applications may appear to be daunting: containers, container clustering, Platforms, networking, CI/CD , .. oh my! It appears there are at least two approaches to do this: an assembled one where you pick and choose disparate tools/technologies to build this up and a prescriptive one where you embrace a platform that contains and harmonizes a subset of these tools/technologies. In this session you'll see some practical examples (with extensive demos) on how you can use one approach or the other using a sample, easy to understand demo application and understand the pros and cons.

Speakers
avatar for Fabio Chiodini

Fabio Chiodini

Principal System Engineer, EMC
Fabio Chiodini is a Principal System Engineer at EMC focusing on the EMC+VMware+Pivotal technical alliance. His role at EMC is a mix of passion and expertise: preparing cool (and risky) live demos and helping customers in adopting new technologies and processes in this brave new cloud-native... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Bellevue

12:00

OCI, Where Are We and Where Are We Going - Qiang Huang, Huawei
OCI (Open Container Initiative) is an open governance structure for the express purpose of creating open industry standards around container formats and runtime. Qiang Huang will introduce the constitution of OCI, duty and purpose of this organization, how this is important for container ecosystem and what benefit will people gain from it. He'll also talk about the status of OCI projects and the milestones and future plans of OCI.

Speakers
QH

Qiang Huang

Huawei
Qiang Huang is a software engineer who has been working in Huawei for 6 years, he has been working on container area since he joined the company. With experience in cgroup, namespace, LXC, CRIU, docker, OCI etc, he is now focusing on Docker and OCI and the ecosystem, as a maintainer... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Schöneberg

12:00

Rkt Architecture and Security Features - Luca Bruno, CoreOS
rkt is a container runtime engine developed by CoreOS that was designed for security. rkt can run the same container with varying degrees of protection, from lightweight, OS-level namespace and capabilities isolation to heavier, VM-level hardware virtualization. rkt’s primary interface comprises a single executable, rather than a background daemon, and rkt uses this design to easily integrate with existing init systems while minimizing exposure to threats.

Speakers
LB

Luca Bruno

CoreOS
Luca Bruno is a software and security engineer at CoreOS where he works on rkt, a modular and security ­minded container engine. Luca is currently focused on network and system security topics. He is a longtime FLOSS supporter and an active Debian developer. Born on the Italian Riviera... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Tegel

12:00

The World of 100G Networking - Christoph Lameter
2015 saw the arrival of multiple 100Gbps networking technologies: Fast 100G Ethernet switches, Mellanox released EDR (100G Infiniband) and Intel came up with OmniPath (also 100G). 2016 is therefore likely going to be a battleground of these competing technologies. Facebook already is supposed to upgrade their infrastructure to 100G in 2015 and its likely that others are going to follow. This talk gives an overview about the competing technologies in terms of technological differences and capabilities and then discusses the challenges of using various kernel interfaces to communicate at these high speeds (POSIX, RDMA, OFI).
Hopefully we can come up with some ideas how to improve the situation.

Speakers
avatar for Christoph Lameter

Christoph Lameter

R&D Team Lead, Jump Trading LLC
Christoph Lameter is working as a lead in research and development for Jump Trading LLC (an algorithmic trading company) in Chicago and maintains the slab allocators and the per cpu subsystems in the Linux Kernel. He contributed to a number of Linux projects since the initial kernel... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Potsdam I/II

14:30

Enforcing a Docker Container Security Policy - Thomas Sjögren, AB Svenska Spel
Even though the options to secure Docker containers are available, following a security baseline is often left to the user starting the container.

In this presentation Thomas Sjögren will show how to make a container, from image to runtime, a bit more secure and how to enforce a security policy by monitoring Docker events.

Speakers
avatar for Thomas Sjögren

Thomas Sjögren

System Technician, AB Svenska Spel
Thomas Sjögren is a system technician at AB Svenska Spel. He's one of the maintainers behind the docker/docker-bench-security project and contributor to the Center For Internet Security Docker Benchmark.


Wednesday October 5, 2016 14:30 - 15:20
Tegel

14:30

IPv6 for Server Admins and Client Developers - Thiago Macieira, Intel
IPv6 is the evolution of the Internet Protocol and was created in the late 1990s when it was clear that the then-current version (IPv4) would run out of available addresses soon. Soon after, software was converted to handle IPv6 and the all service providers began offering IPv6 connectivity. Right? Not really. It's been a chicken-and-the-egg problem: no apps supports it, so services don't support it, so no apps supports it. This session will go over the basics of IPv6, how it differs from IPv4 and what client and server developers should be aware of. It will go over the basic socket API and provide instruction for developers on how to write software capable of both IPv4 and v6, seamlessly. It will then discuss how IPv6 and certain features not available in IPv4 can be used for interesting functionality, but also what admins would want to be aware of to protect their systems.

Speakers
avatar for Thiago Macieira

Thiago Macieira

Engineer, Open Source Technology Center, Intel
Thiago Macieira holds a double degree in Engineering and an MBA. He has been involved in several Open Source projects for over 15 years and is an experienced C++ developer, having spent the better part of the last 10 years developing Qt and Qt-based software. He has been involved... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Potsdam I/II

14:30

Reimagining OpenStack - Samuel Ortiz, Intel
OpenStack is an open source alternative to proprietary cloud solutions, but customers struggle with deployment, scalability, and performance problems. Design a Cloud today and you’d approach things in a radically different way. Nova, OpenStack’s core compute component, is described as a "bloated busy kitchen filled with technical debt" by an original author. The open source CIAO project (Cloud Integrated Advanced Orchestrator) reimagines Cloud from scratch in the Go programming language. CIAO seeks to demonstrate how to move the needle on performance and meet the demands of the modern cloud. CIAO is fully TLS based, minimal config, easily updatable and optimized-for-speed. Containers and VMs are equal citizen user workloads, providing a scalable elastic cloud. This presentation will highlight CIAO’s innovative architecture and compare implementation details relative to OpenStack.

Speakers
SO

Samuel Ortiz

Principal Software Engineer, Intel
I work at the Intel Open Source Technology Center where I spend my time playing with containers, virtual machines, hypervisors and orchestrators. Although I am currently contributing to Kata Containers, CRI-O, QEMU, NEMU and rust-vmm, I used to work on obscure networking protocols... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Köpenick

14:30

What's Up in the Land of the Linux Kernel - Thorsten Leemhuis, Heise Medien GmbH
This presentation provides an overview of recent and current developments in the Linux kernel, which is the heart of any Linux system. The talk will discuss what major changes recent kernel versions brought and thus now show up in the latest Linux distributions. It will also discuss improvement the next kernel version will contain or are currently being discussed for later releases. In that scope the presentation sometimes will discuss changes in software which interacts closely with the kernel or its drivers (Mesa, nft, …)

In addition to new features this talk will sometimes take a metalevel look on kernel development: what is working well, how fast is it, what is done to improve things and what are the biggest challenges the kernel developers face right now.

Speakers
avatar for Thorsten Leemhuis

Thorsten Leemhuis

Editor, c't/Heise Medien
Thorsten works as an editor for Heise Medien, which publishes the German c't magazine and runs the tech news site heise.de. For both he writes a column called "Kernel Log", which regularly discusses developments in the Linux kernel and areas close to it. Thorsten also was a major... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Tiergarten

14:30

ELK: A Log Files Management Framework - Giovanni Bechis, SNB S.r.l.
Managing log files is every day harder when you have to districate with lot of gigabytes of data and different file formats.
The ELK stack (ElasticSearch, Logstash, Kibana) is a great solution to this problem, with Logstash you can collect, parse and manage log files in an easy and productive way from different sources.
It can also provide important informations out of your log files with an easy to use web interface, and it can be integrated with a monitoring and alerting system.
The ELK stack is not only dedicated to log management but it can be used to aggregate any kind of data in an impressive and very productive way.

Speakers
avatar for Giovanni Bechis

Giovanni Bechis

Ceo / Software Developer, SNB S.r.l.
I started working with Linux and *BSD in late 90's, I worked as Linux and FreeBSD system administrator in a software house. In 2005 I founded my own software house, we create web solutions, hosting and ICT solutions. From 2008 I am an OpeBSD committer and I develop ports and some... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Potsdam III

15:40

Docker Orchestration: Beyond the Basics - Aaron Lehmann, Docker
Docker Engine supports built-in Swarm orchestration that can run containers across a cluster of machines. While it's very easy to get started with orchestration in Docker, it's useful to understand some details in order to get the best results from a clustered deployment.

In this presentation, Aaron Lehmann will discuss best practices for running a cluster using Docker Engine's orchestration features. The presentation will go over how to get started with orchestration in Docker, and explain how to keep a cluster perfomant, secure, and reliable. No previous experience with Docker orchestration is necessary.

Attendees will learn how to properly deploy Docker orchestration for high availability with no single point of failure. They will also understand the security model and various security options.

Speakers
avatar for Aaron Lehmann

Aaron Lehmann

Software engineer, Docker
Aaron Lehmann is one of the authors and maintainers of the Docker SwarmKit open source project, which powers Docker's orchestration capabilities. In his work at Docker, he continues to enhance SwarmKit, and also contributes to Docker Engine and Docker Registry.


Wednesday October 5, 2016 15:40 - 16:30
Bellevue

15:40

VM-based Secure Container - Zhang Wei & Claudio Fontana, Huawei

Due to sharing the same kernel, native containers may never provide alone enough isolation and security without being run inside virtual infrastructure. Wei & Claudio have been workiing on a new VM-based Secure Container based on “RunV” which is an open source and an OCI-compatible runtime similar to “RunC”.

In the RunV community Wei has been working with developers from hyper.sh to make RunV compatible to the Docker API, so that it can integrate with higher level frameworks like Kubernetes and OpenStack and be deployable as easily as native containers.

Claudio has been optimizing virtualization components for this use case, removing legacy features and employing existing methods (Clear Containers) and new ways to boot quickly, decrease overheads, and improve performance. Novel work in the virtualizer and virtual firmware enables further improvements at the expense of fidelity to PC compatibility.


Speakers
WZ

Wei Zhang

Huawei
Zhang Wei & Claudio Fontana are both working for Huawei, in Beijing, China and Munich, Germany respectively. Zhang Wei is an active Docker contributor since 2015, with some speaking experience in the local circles.


Wednesday October 5, 2016 15:40 - 16:30
Tegel

15:40

Linux Kernel Security Update - James Morris, Oracle
In this presentation, I'll provide an update on the current state of the Linux kernel security subsystem. We'll start with a brief overview of Linux kernel security, then discuss 
changes which have occurred during the v4.0 kernel series. We'll also discuss the current threat landscape, and ongoing development in areas such as static checking, fuzzing, and kernel self-protection.

Speakers
avatar for James Morris

James Morris

Kernel Developer, Microsoft
James is the maintainer of the Linux security subsystem, and kernel engineer at Microsoft.


Wednesday October 5, 2016 15:40 - 16:30
Tiergarten

15:40

Graphite@Scale or How to Store Millon Metrics per Second - Vladimir Smirnov, Booking.com
This is a story about dealing with metrics at scale. A lot of metrics.

This is our story of the challenges we’ve faced at Booking.com and how we made our Graphite system handle millions of metrics per second.

Speakers
VS

Vladimir Smirnov

System Administrator, Booking.com
I've dealt with large scale systems design and administration in IT for over 6 years. For the last 8 month I've been working Booking.com, specializing in scaling our Graphite stack, improving its reliability and performance. We at Booking.com have hundreds of backend servers, hundreds... Read More →


Wednesday October 5, 2016 15:40 - 16:30
Potsdam III

16:40

Containers for Grownups: Migrating Traditional & Existing Applications - Scott McCarty, Red Hat
Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in production, there are a lot of things to think about when migrating existing applications to containers and running them in production.

Speakers
avatar for Scott McCarty

Scott McCarty

Technical Product Manager, Red Hat
At Red Hat, Scott McCarty is technical product manager for the container subsystem team, which enables key product capabilities in OpenShift Container Platform and Red Hat Enterprise Linux. Focus areas includes container runtimes, tools, and images. Working closely with engineering... Read More →



Wednesday October 5, 2016 16:40 - 17:30
Schinkel II/III

16:40

Orchestrating the Blockchain Using Containers - Andrew Kennedy, Cloudsoft
Blockchain technology is a new and exciting field, and being able to quickly test applications is essential for agile startups wanting to bring products to market quickly. We show how Clocker, a key open-source component of Cloudsoft AMP, can be used to orchestrate the deployment and scaling of a Hyperledger blockchain application. An OASIS CAMP blueprint is created to describe the application topology, which is then installed onto a managed cluster of Virtual Machines running Docker Engine and the Calico SDN.

- Open Source goodness - What are Cloudsoft AMP and Clocker
- The Hyperledger Blockchain Application Platform
- Describing Components and Topology
- Demo: Deploying and Managing a Hyperledger Blockchain Application

Speakers
avatar for Andrew Kennedy

Andrew Kennedy

Distributed Systems Hacker, Cloudsoft
Andrew is a Senior Software Engineer at Cloudsoft and the founder of the Clocker project. He is a contributor to several Open Source projects including jclouds and Qpid and is on the Apache Brooklyn PMC. Areas of interest include Distributed Systems, Virtualisation, Messaging, Information... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Charlottenburg I/II

16:40

Software Update Security: When the Going Gets Tough, Get TUF Going!- Riyaz Faizullabhoy & Lily Guo, Docker
Installing and updating software presents an interesting slate of security challenges.  The Update Framework (TUF) helps developers secure new or existing software update systems. TUF provides protection against data tampering, rollbacks, and many cases of key compromise. This presentation will discuss both the attacks that TUF protects against and how it actually does so under the hood. Additionally, this presentation will demonstrate the usability aspects of TUF as it is currently implemented in Docker Notary and Docker Content Trust, in particular how simple it is to recover from key compromise and delegate trust to collaborators. 

Speakers
avatar for Riyaz Faizullabhoy

Riyaz Faizullabhoy

Security Engineer, Docker, Inc
Riyaz is a security engineer at Docker, and previously researched systems security and malware detection at UC Berkeley. At Docker, he is currently focused on Notary: a content signing platform based on The Update Framework. Riyaz has previously spoken at LinuxCon North America, Docker... Read More →



Wednesday October 5, 2016 16:40 - 17:30
Tegel

16:40

Using Seccomp to Limit the Kernel Attack Surface - Michael Kerrisk, man7.org
Seccomp (secure computing) is a means to limit the system calls a program may make: it can be used to select exactly which system calls are permitted (or denied) and to restrict the arguments that may be passed to those system calls. System call filtering is achieved by writing BPF programs--programs written for a small in-kernel virtual machine that is able to examine system call numbers and arguments. Among other uses, seccomp is by now a key component of various container systems such as Docker and LXC. In this session, I'll provide a bottom-up view of seccomp before going on to examine the BPF virtual machine and some practical examples of filtering programs that restrict the set of permitted system calls. The goal is to give developers and administrators using container frameworks a solid understanding of a tool that has become a fundamental component of container frameworks.

Speakers
avatar for Michael Kerrisk

Michael Kerrisk

Trainer/consultant, man7.org Training and Consulting
Michael Kerrisk is the author of the acclaimed book, "The Linux Programming Interface" (http://man7.org/tlpi/), a guide and reference for system programming on Linux and UNIX. He contributes to the Linux kernel primarily via documentation, review, and testing of new kernel-user-space... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Köpenick

16:40

lguest: A Journey of Learning the Linux Kernel Internals - Daniel Baluta, Intel
Lguest is a small hypervisor for running Linux under Linux on x86 architecture and the best source to learn about virtualization and Linux kernel internals. The story was written by Rusty Russel around 2007, with several brave people trying to port it on x86_64 and ARM.

The lguest adventure will walk you into boot code, paravirtulization, x86 assembly arid lands, virtio, segmentation, virtual/physical memory, hypercalls, interrupts. Understanding lguest is an arduous journey but we have an amazing help in the comments and source code narrated with a great sense of humour by lguest master: Rusty.

At the end of the presentation you will be exposed to some of the challenges of porting lguest to other architectures, mainly x86_64 and ARM as the speaker heroically tried for the past few years.

Speakers
avatar for Daniel Baluta

Daniel Baluta

Linux Kernel Engineer at NXP, NXP
Daniel works at NXP in Romania hacking on Linux kernel audio drivers for i.MX boards. He is a teaching assistant for Operating System Internals class at University POLITEHNICA in Bucharest and very passionate about helping newcomers to the Linux kernel world while being a mentor for... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Charlottenburg III

16:40

NorNet -- Building an Inter-Continental Internet Testbed Based on Open Source Software - Thomas Dreibholz, Simula Research Laboratory
NorNet is an open, international Internet testbed platform for research on multi-homed systems. Multi-homed systems have the property of being connected to multiple Internet Service Providers (ISP) simultaneously, in order to still provide connectivity in case of ISP/network failures. Basis of NorNet is Linux, together with other Open Source software. At the moment, the testbed infrastructure spreads over 21 sites on 4 continents.

NorNet makes extensive use of advanced Linux features like virtualisation, file system features, routing rules, SCTP, MPTCP, and more. The global distribution creates further challenges. Goal of this talk is therefore to provide an overview of the problems that occurred when building the testbed, as well as solutions and lessons learned from solving these challenges. The idea is to present guidelines for utilising the advanced Linux features in own projects.

Speakers
avatar for Thomas Dreibholz

Thomas Dreibholz

Senior Research Engineer, Simula Research Laboratory
Thomas Dreibholz works as Senior Research Engineer at the Centre for Resilient Networks and Applications (CRNA) of the Simula Research Laboratory in Fornebu, Norway. He has published and presented more than 65 research contributions at international conferences and in journals. Furthermore... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Potsdam I/II
 
Thursday, October 6
 

10:50

FOSSology: Efficient License Analysis (in HD!) - Michael Jaeger, Siemens AG
The Linux Foundation Collaboration Project FOSSology is an OSS framework and Web application mostly used to identify licenses and copyrights in OSS components. FOSSology involves different scan approaches and with a streamlined UI, it allows for efficient assessment of scanner findings. The output is a clarification of involved licenses in OSS components. The tutorial will show and explain: * How does the license situation of open source software look like? * What does FOSSology find actually? * How to generate results with FOSSology for SPDX and debian-copyright files? * How to do reuse of already analyzed components when scanning a newer version? * How can I handle new license statements? * HD? FOSSology enables identification of licenses at a high precision level - the tutorial explains the pitfalls of license statement interpretation and how to cover that.

Speakers
avatar for Michael C. Jaeger

Michael C. Jaeger

SW360 Specialist, FOSSology.org / Siemens AG


Thursday October 6, 2016 10:50 - 11:40
Tiergarten

10:50

Fully Fault Tolerant Realtime Data Pipeline with Docker and Mesos - Rahul Kumar, Sigmoid
Developing an end-to-end big data application right from data ingestion, data enrichment and visualisation is a very cumbersome task. In this talk, I will demonstrate how to use Apache Mesos, Marathon, Apache Spark and Docker to build a scalable, fault tolerant, responsive data platform. The result will be a real-time big data application with self-healing features — a dream for every software developer. This talk is a collection of different recipe’s that will help the developer to understand Mesos ecosystem projects and Docker.Choosing the right technologies and tools during the development phase has a major impact on the success of the whole project. Apache Mesos provides the best cluster management system, Marathon gives the feature for long-running applications,Docker allows us to package an application with all of its dependencies into a standardized unit for software development.

Speakers
avatar for Rahul Kumar

Rahul Kumar

Technical Lead, Sigmoid
Rahul Kumar working as a Technical lead with Sigmoid, He has more than 4 years of experience in Data-driven distributed application development with Java , Scala , and Akka toolkit. He developed various real-time data analytics applications using Apache Hadoop, Mesos ecosystem projects... Read More →



Thursday October 6, 2016 10:50 - 11:40
Schinkel II/III

10:50

Orchestrating Linux Containers While Tolerating Failures - Drew Erny, Docker
Although containers are bringing a refreshing flexibility when deploying services in production, the management of those containers in such an environment still requires special care in order to keep the application up and running. In this regard, orchestration platforms like Docker, Kubernetes and Nomad have been trying to alleviate this responsibility, facilitating the task of deploying and maintaining the entire application stack in its desired state. This ensures that a service will be always running, tolerating machine failures, network erratic behavior or software updates and downtime.

The purpose of this talk is to explain the mechanisms used in the core Docker Engine orchestration platform (using a framework called swarmkit) to tolerate failures of services and machines, from cluster state replication and leader-election to container re-scheduling logic when a host goes down.

Speakers
DE

Drew Erny

Software Engineer, Docker
Drew Erny is a software engineer at Docker working on Swarmkit, the framework that power's Docker's new Swarm Mode.


Thursday October 6, 2016 10:50 - 11:40
Bellevue

10:50

Chrome OS Running Android in a Container - Dylan Reid, Google
Chromebooks recently added Google Play, the most popular app store in the world. In this presentation, Dylan will discuss the details of how the android system is run on Chromebooks, how kernel container and graphics driver features made this possible, how audio/video are played from the Android container, and how the famous Chromebook security level was maintained.

Speakers
DR

Dylan Reid

Software Engineer, Google
Dylan Reid (Google) - Dylan works on the Chromium OS project for Google. He has been focused on Chromium OS audio for the past few years, working on drivers, middle ware, audio processing and the Chrome browser. Recently he started the effort to run Android in a container on Chrome... Read More →


Thursday October 6, 2016 10:50 - 11:40
Hugos South

10:50

Persistent Memory Usage within Linux Environment - Maciej Maciejewski & Krzysztof Czurylo, Intel
Byte-addressable Persistent Memory is an emerging technology expected to soon have a dramatic and disruptive impact on software. Usage of persistent memory requires a different approach to data handling within applications.
In this talk we will examine the primary differences between persistent memory, storage devices, and regular DRAM. We shall present how Persistent Memory is exposed to the OS with ACPI extensions, and describe the resulting changes made upstream to the Linux kernel to provide direct access (known as "DAX" in Linux). We shall present how versatility of Persistent Memory can be utilized by the applications, and what impact does it have on the overall system. Finally, an open source library, known as the NVML (http://pmem.io), providing persistent memory allocation, transactions, and other features useful to applications will be shortly described.

Speakers
KC

Krzysztof Czuryło

Senior Software Engineer, Intel
Krzysztof Czuryło is a Software Architect at Intel, having over 15 years of experience in databases, networking/telecommunication and 3D graphics. For the last three years he is mostly focused on persistent memory programming and algorithms providing effective and fail-safe usage... Read More →
avatar for Maciej Maciejewski

Maciej Maciejewski

Senior Software Engineer, Intel
Maciej Maciejewski is a software professional working in a high-tech industry since 10 years. For eight years he has worked at ADVA Optical Networking as a Senior Software Manager, and an architect on distributed and stateless applications within network management systems area. Currently... Read More →


Thursday October 6, 2016 10:50 - 11:40
Potsdam I/II

11:50

Containers and Logging - Eduardo Silva, Treasure Data
The implementation of Linux Containers provides enough flexibility to isolate applications with restricted access to CPU, memory and networking within others. While this technology is stable and production ready, there are some challenges that still needs to be addressed for the containerized application when deployed at scale: Logging.

While some applications writes their logs to the file system, others use the generic STDOUT and STDERR interfaces; when the application runs on top of a framework or virtual machine (JVM), it may generate some extra information. Since monitoring is a must, handling this data coming from different sources and formats adds an exponential complexity, specially when scaling to thousands of containers.

In this presentation I will describe the Logging challenges for containerized applications and how this is being solved with Fluentd.

Speakers
avatar for Eduardo Silva

Eduardo Silva

Principal Engineer, Arm Treasure Data
Eduardo is a Principal Engineer at Arm Treasure Data. He currently leads the efforts to make logging and data processing more friendly and scalable in Embedded and Containerized systems such as Kubernetes. Maintainer of Fluent Bit, a lightweight log and stream processor Besides his... Read More →


Thursday October 6, 2016 11:50 - 12:40
Charlottenburg I/II

11:50

Build Your Own ChromeOS distro and Image Server - Ronald G. Minnich, Google
ChromeOS is a very popular software stack, and Chromebooks have recently passed Macs in market share. But the ChromeOS stack is for more than just end users: ChromeOS is an open source system which lets any user build their own version of the stack and, further, make their Chrome devices use that stack, from their server. In other words, you can buy a Chromebook, flip it to developer mode, and have it run *your* ChromeOS stack, not the one it comes with. Further, you can run your own server so that over the air (OTA) updates come from you, not anyone else, using the same technology that Google uses. If you are good with a screwdriver, you can even rewrite the keys so that you can run your Chromebook in its secure mode, but still use your distro and no other. In this talk, I'll describe how you build/run a ChromeOS OTA server and run your personal ChromeOS on any network-attached device.

Speakers
avatar for Ron Minnich

Ron Minnich

Software Engineer, Google
linuxboot, u-root, coreboot, linuxbios, ... all open source firmwarelinux kernel, servers,


Thursday October 6, 2016 11:50 - 12:40
Hugos South

11:50

Documenting Your Software Supply Chain with Linked Data - Yev Bronshteyn, Black Duck Software
What’s in your software other than your code? Most likely, other people’s software. And what’s inside that software? More other people’s software. And each layer of that vast layer cake comes with its own licensing license agreements, copyrights, origin information, and, alas, vulnerabilities. To document all that, you’d need far more than an ingredient label and, preferably, something other than a COPYING file the size of "War and Peace".

In this presentation, we’ll examine the possibilities offered by Linked Data. We’ll talk about the fundamentals of Linked Data and RDF, its incarnations and formats (Turtle, RDF/XML, Thrift, JSON-LD), query language (SPARQL), tooling, and more. We’ll then look at SPDX, Linux Foundation's standard for using Linked Data to document component relationships, licenses, copyrights, and even vulnerabilities.

Speakers
avatar for Yev Bronshteyn

Yev Bronshteyn

Senior Software Engineer - Alliances, Black Duck Software/Synopsys
Yev Bronshteyn is a Senior Software Engineer at Black Duck Software, working on solutions for open source governance and security. He is a contributor to the SPDX technical team, which defines the Linux Foundation standard for documenting deep software package information with linked... Read More →



Thursday October 6, 2016 11:50 - 12:40
Tiergarten

11:50

Extending Programming Languages with Persistent Memory Semantics - Piotr Balcer, Intel
The bulk of the Unix toolchain and related programming languages were created in the seventies and to this day programmers around the world use the same old POSIX standard, the C programming language and Unix-compatible operating systems (like Linux or OS X). The emerging non-volatile memory is a paradigm shifting technology that is poised to disrupt the current status quo. In this talk Piotr Balcer will present the state of the art research related to persistent memory language extensions and discuss the NVML (Non-Volatile Memory Library) team open source work around enabling existing languages to understand persistence.

Speakers
avatar for Piotr Balcer

Piotr Balcer

Software Engineer, Intel
Piotr Balcer is a software engineer with 4 years’ of experience working on storage related technologies at Intel Corporation. He received B.Eng. from the Gdansk University of Technology in 2014 where he studied system software engineering. For two years now he has been working on... Read More →


Thursday October 6, 2016 11:50 - 12:40
Potsdam III

11:50

Containers Infrastructure for Advanced Management - Federico Simoncelli, Red Hat
As the container ecosystem grows, the need for orchestration and advanced management is becoming more and more critical for an efficient, secure, and scalable deployment. This presentation will analyze all the common needs in container infrastructures in order to enable their own management. Each topic will be illustrated through the real-world experience gained in the effort of adding container management to ManageIQ, the leading Open Source cloud management platform.

With primary focus on container orchestration solutions such as Kubernetes and OpenShift, the presentation will cover, among other topics:

- Monitoring (Heapster)
- Time-Series databases for metrics (Hawkular)
- Analyzing metrics and events handling
- Images and containers fleecing (inspection)
- Security and errata notifications

Speakers
avatar for Federico Simoncelli

Federico Simoncelli

Associate Manager, Red Hat
Federico Simoncelli is an Associate Engineering Manager at Red Hat. He currently manages the container management team with main focus on CloudForms and OpenShift. Previously he served as Principal Software Engineer maintaining the oVirt/RHEV storage backend in VDSM and improving... Read More →


Thursday October 6, 2016 11:50 - 12:40
Schinkel II/III

16:00

CephFS and LXC: Container High Availability and Scalability, Redefined - Florian Haas, Hastexo
The Ceph 10.2.2 "Jewel" release earlier this year introduced full production support for CephFS, the distributed filesystem based upon the Ceph distributed storage stack. As a massively scalable, highly available, distributed filesystem, CephFS makes for an excellent basis for container support.

In this presentation, we'll introduce a simple, automated means of deploying and orchestrating LXC containers on CephFS, enabling high-density deployments of critical system infrastructure services within segmented application containers.

Speakers
avatar for Florian Haas

Florian Haas

VP Education, City Network
Florian runs the Education business unit at City Network, and helps people learn to use, understand, and deploy complex technology. He has worked exclusively with open source software since about 2002, and has been heavily involved in OpenStack and Ceph since early 2012, and in Open... Read More →


Thursday October 6, 2016 16:00 - 16:50
Schöneberg

16:00

Adding CPU Frequency Scaling for Your ARM Platform to Linux Kernel - Bartlomiej Zolnierkiewicz, Samsung Electronics Polska Sp. z o.o.
CPU frequency scaling is one of standard features implemented when adding new ARM platform support to Linux kernel. Most (if not all) recent ARM platforms are making use of the generic Device Tree based CPUfreq driver (cpufreq-dt). During This tutorial Bartlomiej will present the inner workings of the cpufreq-dt driver and will show all the steps (including mandatory Device Tree changes and optional clocks subsystem adjustments) needed to make the driver work on new ARM platform. Off-the-shelf Hardkernel's ODROID-XU3 board (which is Samsung Exynos5422 SoC based) will be used as the example hardware for showing the step-by-step implementation of CPU frequency scaling. The tutorial will end with discussion of advanced topics like how to enable software boost functionality, when to use generic ARM big.LITTLE CPUfreq driver and when there is a need to develop a new CPUfreq driver.

Speakers
avatar for Bartlomiej Zolnierkiewicz

Bartlomiej Zolnierkiewicz

Senior Software Engineer, Samsung Electronics Polska Sp. z o.o.
Bartlomiej is a Senior Software Engineer at Samsung R&D Institute Poland. Currently, he is improving Linux Kernel support for Samsung ARM Exynos SoCs series. Zolnierkiewicz has been contributing into the Linux Kernel since 2002, working mostly on various device drivers. He was the... Read More →


Thursday October 6, 2016 16:00 - 16:50
Köpenick

16:00

Bringing Android Explicit Fencing to Mainline: A New Era for Graphics - Gustavo Padovan, Collabora Ltd.
The talk will cover the current state of Explicit Fencing on Graphics. It first appeared on Linux as the Android Sync Framework to improve buffer handling between Kernel Drivers and the HWComposer. With explicit fencing userspace is responsible for synchronize between drivers sharing the same DMA buffer. It gets the buffers' fence from the Producer driver(GPU or Camera) and send it to the Consumer one (DRM) and vice-versa. The Consumer then wait the fence to signal before using the buffer. The fence signal when the buffer is ready for use, eg: When the GPU finishes processing it., the fence signal and the DRM driver can show it on screen.

Before only Implicit Fencing existed, where the kernel handles fencing between drivers internally with no userspace interference. There was no generic code, as each driver hacked its own implicit fencing mechanism, leading to hard to debug bugs.

Speakers
avatar for Gustavo Padovan

Gustavo Padovan

Software Engineer, Collabora
Gustavo Padovan holds a BSc. Computer Science from the University of Campinas, Brazil. He is Linux Kernel Developer and works at the open-source consultancy Collabora Ltd. In the Kernel he has worked in a number of areas, notably as Maintainer of the Bluetooth Subsystem and has been... Read More →


Thursday October 6, 2016 16:00 - 16:50
Charlottenburg III

16:00

Persistent Memory Extensions to libstdc++/libc++ - Tomasz Kapela, Intel
In the advent of a new, persistent memory enabled world, the current software
industry must prepare for the upcoming changes. Looking forward to meet those
new requirements set by the new type of hardware, a new standard API should be
introduced to ease the adoption of this new technology. During the development
of the Linux NVM (Non Volatile Memory) Library, it became apparent, that the C
API is complex and hard to use. To remove some of the pain points, a proposal
of a new C++ API was made. This presentation/talk will explain the design
process and decisions made during the implementation phase, as well as the
interaction with the existing implementations of the C++ standard library.

Speakers
avatar for Tomasz Kapela

Tomasz Kapela

Software Engineer, Intel
Tomasz Kapela is a software engineer with 6 years of experience in the industry. He majored in radio communication systems from the Gdansk University of Technology in 2010. Since then he worked as a software developer and systems designer in Radmor, where he designed and implemented... Read More →


Thursday October 6, 2016 16:00 - 16:50
Potsdam I/II

16:00

Resource Limitations for Your Containers- Stéphane Graber, Canonical
Back in the day, containers were mostly a local development tool, only trusted workloads were run inside them and it was expected that any given container could take all the resources of its host.

Over the past few years, things have changed a lot and containers are now everywhere, from embedded systems all the way to the largest supercomputers. It is not unusual for there to be several hundred containers running on any given system and having one of those bring the whole system down is simply unacceptable.

The Linux kernel offers a variety of features which combined together will let you restrict resource consumption for a given container as well as report resource usage back.

This talk will cover each of those and how to combine them to provide a good user experience, using the recent LXD work on resource limits as an example.

Speakers
avatar for Stéphane Graber

Stéphane Graber

Software Engineer, Canonical Ltd.
Stéphane Graber works as the technical lead for LXD at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at the various containers and other Linux related events.Stéphane is also a long time contributor to the Ubuntu Linuxdistribution... Read More →


Thursday October 6, 2016 16:00 - 16:50
Tegel

16:00

Lessons from Database Failures - Colin Charles, Percona
Lets learn from MySQL failures at scale, because we tie in the topic of High Availability, in where people are thinking about geographical redundancy, and even things like automatic failover. In the talk there will be case study material, e.g. where automatic failure caused Github to go offline, where Facebook doesn’t use fully automated failover but assisted failover, etc. How is the MySQL world making things better, for example by allowing you to use semi-synchronous replication to run fully scalable services. The talk starts off with an even almost stupid example of how a business died due to incorrect MySQL backup procedures. It will go on to talk about security and encryption at rest as well. So a mix of problems from the field, big “fail whales”, and how you should avoid them by properly architecting solutions

Speakers
avatar for Colin Charles

Colin Charles

principal consultant, grok
Colin Charles is the Managing Consultant at GrokOpen. Previously, Colin was on the founding team of MariaDB Server, worked at MySQL and Percona, and worked actively on the Fedora and OpenOffice.org projects. Colin has been a MySQL user since 2000. He’s well known within open source communities, enjoys building business and market entry in APAC and has spoken at many conferences... Read More →


Thursday October 6, 2016 16:00 - 16:50
Hugos South

17:00

How Linux Keeps Mission Critical Application Up 24x7 - Linda Wang, Red Hat
"Zero Down Time! " That is what most of the operating systems claimed to provide; but do they really have what it takes to keep enterprise mission critical applications up and running 24x7 for years on end; without replacing broken hardware or avoid security fixes? To accomplish such objective, it will take more than just one or two features here and there, but a suite of enterprise ready services and capabilities to help accomplish such undertaking. This presentation will walk through various capabilities that Linux operating system provides to help keep an enterprise production system up and running.

Speakers
LW

Linda Wang

Director, SW Engineering, Core Kernel, Red Hat, Inc.
Linda Wang is Director of Software Engineering in Red Hat Enterprise Linux Business Unit at Red Hat, Inc. Her group focus on the Core Kernel technologies such as memory management, scheduler, control group and namespaces. The open source projects that her team involved in are Live... Read More →


Thursday October 6, 2016 17:00 - 17:50
Hugos South

17:00

Game Changer: Software Defined Storage and Container Schedulers - David vonThenen, EMC {code}
One problem of running Enterprise Applications in container schedulers, like Apache Mesos and Kubernetes, has been making applications and their data highly available. To date, utilizing local disks on compute nodes has given us data persistence, but unfortunately does solve the data mobility problem required to make applications tolerate Agent node failures.

We will discuss what Software Defined Storage (SDS) is, how Software Defined Storage can transform local storage into an external globally accessible pool, how Mesos clusters can overcome this data mobility problem, and more importantly do so in such a way that is simple and easy to consume using an Apache Mesos Framework as a reference model. Will have a demonstration of Mesos Framework that will deploy a scale out software defined storage platform and deploy applications leveraging this new type of storage.

Speakers
avatar for David vonThenen

David vonThenen

Cloud Native Engineer, VMware
David vonThenen is a Cloud Native Engineer at VMware working in the container orchestrator space specifically around the Kubernetes and CNCF ecosystems. Some of his contributions have been in the Jaeger, Helm, Open Tracing, Prometheus, and cloud providers just to name a few. Prior... Read More →


Thursday October 6, 2016 17:00 - 17:50
Schöneberg

17:00

Using the Valgrind Framework to Build a Persistent Memory Error Detector - Krzysztof Czurylo & Tomasz Kapela, Intel
Valgrind is a popular, multi-platform instrumentation framework for building dynamic binary analysis tools. In the Linux community, it is mostly known and valued for a few popular tools: Memcheck - a memory-management error detector, and Helgrind/DRD - two threading bugs detectors.
In this talk, we will present a new tool built on Valgrind - Pmemcheck - yet another memory error detector designed specifically to detect problems with Persistent Memory programming.
First, we will talk about the motivation for creating new error detector and the reasons for which we have chosen Valgrind framework to create Pmemecheck. We will also shed some light on typical issues related to the use of byte-addressable persistent memory. Finally, we will present an in-depth view on the Pmemcheck design and the changes we have made to the core part of Valgrind to support persistent memory.

Speakers
KC

Krzysztof Czuryło

Senior Software Engineer, Intel
Krzysztof Czuryło is a Software Architect at Intel, having over 15 years of experience in databases, networking/telecommunication and 3D graphics. For the last three years he is mostly focused on persistent memory programming and algorithms providing effective and fail-safe usage... Read More →
avatar for Tomasz Kapela

Tomasz Kapela

Software Engineer, Intel
Tomasz Kapela is a software engineer with 6 years of experience in the industry. He majored in radio communication systems from the Gdansk University of Technology in 2010. Since then he worked as a software developer and systems designer in Radmor, where he designed and implemented... Read More →


Thursday October 6, 2016 17:00 - 17:50
Potsdam I/II

17:00

Cloud Anti-Patterns - Casey West, Pivotal
The value of embracing microservices, containers, and continuous delivery is powerful only when brought together in logical, scalable, and portable ways. When used incorrectly it’s increasingly easy to make things much worse for you and your team, and do it at scale.

For example, while microservices can be used to effectively isolate functionality, increase the speed of delivery, and help scale your team it can also be a way to inefficiently duplicate functionality and create single points of failure.

I’ll share anti-patterns and corresponding best practices based on my experience building application infrastructure and platforms, as well as the applications which are deployed to them.

Speakers
CW

Casey West

Principal Technologist, Cloud Foundry, Pivotal
Working in Internet infrastructure, web app security, and design taught Casey to be a paranoid, UX-oriented, problem solving Internet plumber; his earliest contributions to Perl live to this day on your Mac. Casey’s speaking and writing ranges from open source communities and culture... Read More →


Thursday October 6, 2016 17:00 - 17:50
Schinkel II/III

17:00

Containers: You are not Expected to Understand This - Bruno Barcarol Guimarães, Red Hat
The focus of container tooling has been on ease of use, shielding the developer from the intricacies of the kernel components. However, a deeper understanding of the implementation is critical to develop systems that take advantage of these technologies effectively.

This presentation explores the kernel and user-space elements that support the implementation and the use of containers, to clarify and allow critical reasoning about the advantages, disadvantages and limitations of their utilization.

Speakers
BB

Bruno Barcarol Guimarães

Red Hat
Bruno Barcarol Guimarães is a Software Engineer at Red Hat, currently working on Openshift. Past occupations include devops-before-we-knew-what-to-call-it of Django web applications and research projects on Computer Graphics and Artificial Intelligence. With a big soft spot for the... Read More →


Thursday October 6, 2016 17:00 - 17:50
Tegel
 
Friday, October 7
 

09:00

Tutorial: Heat, cloud-init and cloud-config: OpenStack Orchestration Deep Dive - Florian Haas, hastexo
OpenStack has excellent workload orchestration support — except the information required to use it is not always wonderfully accessible. This workshop helps you navigate the orchestration maze. In this technical workshop, you will be introduced to OpenStack Heat, cloud-init, and the hidden gems in cloud-config. Working on a live OpenStack infrastructure, you will learn how to deploy Heat orchestration templates, optimize instance configuration with cloud-init and cloud-config, and learn how to customize individual instances right from your Heat command line or the OpenStack Dashboard.

Speakers
avatar for Florian Haas

Florian Haas

VP Education, City Network
Florian runs the Education business unit at City Network, and helps people learn to use, understand, and deploy complex technology. He has worked exclusively with open source software since about 2002, and has been heavily involved in OpenStack and Ceph since early 2012, and in Open... Read More →


Friday October 7, 2016 09:00 - 12:00
Schöneberg

09:00

Tutorial: Comparing Container Orchestration Tools - Neependra Kumar Khare, CloudYuga
To deploy containers in production one would need to use some kind of orchestration tool like Docker Swarm, Kubernetes, Mesos Marathon, Nomad etc. In this lab/workshop we'll compare some of those tools and see pros/cons of them.

Speakers
avatar for Neependra Khare

Neependra Khare

Founder and Principal Consultant, CloudYuga Technologies
Neependra Khare is Founder and Principal Consultant at CloudYuga. CloufYuga provides training and consulting on Docker, Kubernetes, CoreOS, GO Programming etc. He is one of the Docker Captain as well and running Docker Meetup Group in Bangalore for more than 2 years. He is also the... Read More →


Friday October 7, 2016 09:00 - 12:00
Tiergarten

13:00

Tutorial: Orchestrating Containers in Production at Scale with Docker Swarm - Jerome Petazzoni, Docker
Docker is an open platform to build, ship, and run any application, anywhere. In this hands-on tutorial, you will learn how to deploy and scale applications using Docker "Swarm Mode" and its native clustering abilities.

We will cover the following topics:
- building and running micro-services with Docker Compose
- identifying bottlenecks and scaling containers
- concepts and features of SwarmKit, Swarm Mode, and Docker 1.12
- setup and management of a cluster with Swarm Mode
- operation of a local container registry
- deployment of the demo micro-services application on Swarm
- overlay networks concepts, administration, and debugging
- rolling updates and policies- centralized logging (using an ELK stack as an example)
- centralized metrics collection (using Intel Snap as an example)
- stateful services using local volumes
- scripting build and distribution of images
- distributed application bundles- advanced node management

Come with your laptop! You don't need to install anything before the workshop, as long as you have a web browser and a SSH client.

Each attendee will be given a cluster of 5 nodes for the duration of the workshop, and will be able to build, ship, and run the demo application on this cluster, to get hands-on experience.

Speakers
JP

Jerome Petazzoni

Tinkerer Extraordinaire, Docker Inc.
Jerome works at Docker, where he helps others to containerize all the things. In another life he built clouds when EC2 was just the name of a plane, developed a GIS to deploy dark fiber through the French subway, managed commando deployments of large-scale video streaming systems... Read More →


Friday October 7, 2016 13:00 - 17:00
Bellevue