Rootconf 2015

DevOps and scaling infrastructure

Security Containers: how Snap CI leverages containers to safely run thousands of builds a day.

Submitted by Sahil Muthoo on Apr 9, 2015

Section: Full talk Technical level: Advanced Status: Rejected

Abstract

  • A deeper understanding of how container based virtualization works.

  • Appreciation for the trade-offs between isolation, levels of privilege and scale.

  • A real world example of building a cloud based Continuous Delivery platform, will serve as a case in point.

Outline

Mind map outlining the session: https://www.mindmeister.com/530078667/security-containers

Building a cloud based CI tool, comes with a unique set of challenges.

You’re running other people’s code on your infrastructure, thousands of times a day.

The system needs to be designed so that:

  • Users are free to do what they want inside their sandbox including running commands as root.
  • Users should not be able to do anything outside their sandboxes.
  • The system can run thousands of such builds per day per machine.

We will explore the trade-offs between these requirements - since each pulls in a slightly different direction.

Next we will incrementally break-down Snap CI’s solution in detail and explore potential
alternative approaches. Finally we’ll look at how things may change in the future.

Speaker bio

I love programming, unix and craft beer - in no particular order. I’m also one of the primary developers of
Snap CI. A hosted continous delivery platform that offers build pipelines in the cloud.

I’m currently busy building Dev To Prod. A screencast based platform with a focus on DevOps,
continuous delivery and mechanical sympathy.

Links

Slides

https://www.mindmeister.com/530078667/security-containers

Preview video

https://www.youtube.com/watch?v=uPI5X6s0788

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('You need to be a participant to comment.') }}

{{ formTitle }}
{{ gettext('Post a comment...') }}
{{ gettext('New comment') }}

{{ errorMsg }}