HP-UX Containers
An introduction to the products and features of HP-UX Containers
Technical white paper
Table of contents
HP-UX 11i v3: The operating system of the mission-critical HP Converged Infrastructure ........................ 2
HP-UX Containers ......................................................................................................................... 2
Overview ................................................................................................................................. 3
Why HP-UX Containers? ................................................................................................................ 4
Container types ............................................................................................................................ 5
System containers ..................................................................................................................... 5
Workload containers ................................................................................................................. 6
HP 9000 containers .................................................................................................................. 7
Choosing the right container .......................................................................................................... 8
When to use an HP 9000 container ............................................................................................ 9
When to use a workload container ............................................................................................. 9
When to use a system container ............................................................................................... 10
For more information ................................................................................................................... 11
HP-UX 11i v3: The operating system of the mission-critical HP Converged Infrastructure
HP-UX 11i v3 is designed to simplify and unify IT, and deliver the always-on resiliency, dynamic optimization of
resources, and investment protection and stability demanded in mission-critical computing. It integrates proven UNIX
functionality with advances in high availability, security, partitioning, infrastructure and workload management, and
instant-capacity-on-demand. It delivers this functionality within the industry's one of the first mission-critical converged
infrastructures, to drive up flexibility while reducing risk and delivering compelling value.
HP-UX delivers built-in integration of virtualization and management software to dynamically enhance IT infrastructure.
Within the HP-UX 11i v3 Virtual Server Operating Environment, HP offers a comprehensive line of virtualization
capabilities designed to help customers get the most from their HP Integrity servers, by consolidating diverse
workloads to help improve ROI.
®
HP-UX Containers
The HP-UX Containers brand consists of two HP products: HP-UX Containers (previously known as HP-UX Secure
Resource Partitions) and HP 9000 Containers.
The HP-UX Containers product provides the core foundation for containers on HP-UX, in addition to two container
types: workload and system (new in HP-UX Containers v3). The HP 9000 Containers product can be added to
provide a third container type: HP 9000.
Figure 1: HP-UX Containers Portfolio
2
Overview
HP-UX Containers provide multiple container types used to create an isolated operating environment within a single
instance of the HP-UX 11i v3 operating system. HP-UX Containers allows the enterprise to host varied application
workloads in secure individual operating environments on a single physical server, thereby better utilizing server
resources (CPU, memory, and network access) and data center resources (power, cooling, and space).
All HP-UX Containers-enabled systems have a global view where the system level processes run. Processes running in
the global have no additional access restrictions to resources on the system; with the possible exception of cores that
have been dedicated to a container using PSETs.
System level administration functions such as container management, software maintenance with Software Distributor
(SD), device management, network interface management, kernel modifications, and system management utilities
such as smh(1M) should be done from the global. Any non-management or non-system-administrative applications on
the system should be hosted in a container. Some tasks such as file backup and recovery can be done from the global
view or from within a container.
HP-UX Containers utilizes Process Resource Manager (PRM) to set resource entitlements for containers on the system.
By assigning a container a PRM group, administrators can assign the container CPU and memory entitlements.
Resource entitlements consist of a guaranteed minimum amount of the resources and can optionally include resource
caps, ensuring the container does not exceed a predefined limit for the resource. CPU entitlements can utilize the Fair
Share Scheduler (FSS) in which multiple CPUs are shared across containers, each container having a guaranteed
minimum number of CPU shares. Container CPU entitlements can also utilize PSETs, allowing a number of cores to be
dedicated to that container and unusable by other containers or the global.
In addition to container type specific capabilities, all containers can utilize the following features:
• An isolated container home directory
• A dedicated network interface and IP address
• Container-specific login environment
• Isolated inter-process communication (IPC) and process view
• Dedicated per-container CPU and memory resource allocations
• Per-container initialization and shutdown capabilities
• Container-specific network security policies
• Import and export containers between systems to facilitate workload balancing
• Cloning to support high availability environments
3
Figure 2: HP-UX Containers and the Virtualization Continuum for HP-UX
HP-UX Containers is a component of the Virtualization Continuum for HP-UX and is compatible with HP-UX nPartitions,
HP-UX vPar, and Integrity Virtual Machine (VM) solutions. You can create containers in any HP-UX OS image; the OS
image can exist in an nPartition, vPar, Integrity VM, or directly on non-partitioned server hardware.
Why HP-UX Containers?
HP-UX Containers provides an ideal operating environment for consolidating multiple workloads on a single system.
This reduces the number of operating system environments requiring administration and support, minimizing “OS
sprawl” issues encountered with other virtualization models. Container technology is built into the operating system
itself, which allows containers to support small to large workloads with negligible overhead. HP-UX Containers
simplifies system resource management by providing the ability to automatically balance CPU and memory needs of
workloads running in containers. This “set and forget” method that lets HP-UX Containers dynamically adjust to meet
capacity requirements is balanced by an ability to cap the amount of CPU or memory that a container can use.
4
Container types
HP-UX Containers provides multiple container types. Each container type offers unique features, which allow
administrators to choose the container that best fits their workload requirements. The next section gives a brief
overview of each container type. For more information on system and workload containers, visit:
http://www.hp.com/go/virtualization-manuals.
For more information on HP 9000 containers, see the HP 9000 Containers Administrator’s Guide at:
http://www.hp.com/go/hp9000-containers.
System containers
System containers provide virtualization and private namespace capabilities that give users and applications the look
and feel of a private operating system instance. The unique namespace eases application deployment with out-of-the-box
implementations since it avoids name clashes that are common when consolidating workloads within one OS instance.
As with all container types, each system container has a private directory under /var/hpsrp. However, a process that
runs in a system container has its file system root set, using a secure chroot() at the containers private directory
(/var/hpsrp/$CONTAINER) instead of the system’s file system root (/). This allows each system container to have
their own copy of files that are accessed using the same file system path as other containers. For example, a system
container named sys1 would access its private passwd file using the standard path of /etc/passwd when that file’s
real path is /var/hpsrp/sys1/etc/passwd. System container sys2 would access its private passwd file using
/etc/passwd, which has a real path of /var/hpsrp/sys2/etc/passwd.
There are two types of file system layouts available for system containers (specified when you create a system
container):
• Shared: The container shares the /usr, /sbin, and /stand directories with the global (read-only)
• Private: The container only shares the /stand directory with the global (read-only); /usr and /sbin are private
(read/write) to the container.
See figure 3 for a detailed layout of a system container file system access.
Each system container has:
• A unique host and node name
• Local users and groups (including a local root user)
• Local NIS or LDAP domain
• Local password policies
• Local file system view (private or shared)
• Local system services (for example, init, sshd, pwgrd, syslogd, and inetd)
• Private network interface and IP address
• Private IPC namespace
• Local NFS Client and AutoFS support
Both system and workload containers are managed using the same tools, including the SRP Manager integrated with
SMH. Container management on HP-UX Containers v3 use the same commands and tools as HP-UX SRP v2, making
the transition from HP-UX SRP v2 to HP-UX Containers v3 easy for administrators.
5
Loading...