Your submission was sent successfully! Close

  1. Blog
  2. Article

Mark Baker
on 22 April 2015

Here comes Kilo and 15.04! Containers will never be the same again!


Today Ubuntu 15.04, codenamed Vivid Vervet, is released with a host of new features for clouds and servers. 15.04 comes a full year since the last Long Term Support (LTS) release and a year before the next LTS so represents a milestone in which we bring in and start to settle down features we want to have in 16.04. At Canonical, we see 15.04 as being all about containers. And OpenStack. And containers on OpenStack. However there are a host of other new features that are important too so we’ll run through as much as we can.

On-demand Webinar: Join Ubuntu Product Managers Dustin Kirkland and Mark Baker for a deep dive into 15.04 and how you can get working with OpenStack. Watch on-demand

LXD – the ‘container-visor’

Front and centre of 15.04 Server is LXD, the ‘hypervisor’ for containers. Canonical has long led the work on LXC, the Linux Containers upon which Docker was based and LXC has been in Ubuntu since 2012 so containers is in our blood.

LXD builds upon the work with LXC to create a multi-host container management daemon that enables containers to exhibit properties more like those of a VM. The key areas of increased capability are live migration and improved security profiling. LXD runs as a system level daemon and comes with a Rest API to be able to enable remote manipulation of the container environment, supporting commands such as start, stop and snapshot.

Containers created are non-privileged by default and work has gone into being able to set Apparmor profiles to minimise the chances of any privilege escalation if an application is compromised in any way. So the live migration of containers and security isolation through Apparmor profiles are two key features of 15.04 with LXD that will change the game with containers.

Whilst on the container theme, 15.04 releases with Docker 1.5 giving Docker fans a very recent version easily installable from the archive.

Server

The rest of the server environment has not been sitting idly by watching LXD do its thing though. 15.04 is the first Ubuntu release with systemd as the default init system. The goal with this release has been that end users will not notice any difference and feedback so far has been good. Of course system administrators needing to configure services will notice a difference and we hope they find the experience with systemd on Ubuntu to be comparable or better than that of systemd on other platforms.

Networking

Networking has had a couple of key updates as well: Ubuntu 15.04 comes with OpenvSwitch (OVS) 2.3.1 which offers much improved stability over earlier releases. The 15.04 kernel, 3.19 also comes with a number of key networking updates. For telcos and carriers who are increasingly looking at Ubuntu for NFV (Network Function Virtualisation) implementations, basic MPLS support makes an appearance. OVS gets improved support in the kernel too with OVS_FLOW_ATTR_PROBE, a new flag is useful for suppressing error logging while probing for datapath features using flow commands.

Kernel

15.04 releases with a 3.19 kernel. Aside from the networking enhancements already covered, there are improvements in several areas:

  • Ceph OSD operations are improved
  • Btrfs: support scrubbing and fast device replacement in RAID 5 and 6
  • Routing and switching offloading. This include devices supporting L2/L3 but also various flow offloading chips, including switches embedded into SR-IOV NICs

OpenStack Kilo

The networking enhancements will be beneficial to those users running OpenStack. Regular followers of Ubuntu and/or OpenStack will know that the OpenStack release cycle is modelled on that of Ubuntu with OpenStack also releasing every April and October. Ubuntu 15.04 includes a Ubuntu OpenStack fully updated to the new OpenStack Release, Kilo. Neutron networking in Kilo gets a boost by now supporting Dynamic Virtual Routing (DVR). This enables OpenStack users to implement multiple Neutron gateways removing the single node install bottleneck that could limit scalability of larger OpenStack clouds. We hope to run some scale testing with Kilo to compare to our previous scale tests and see what impact this has had.

Kilo brings key advances in Keystone federation enabling organisations with multiple OpenStack cloud implementations to manage identities far more efficiently. Keystone federation also enables hybrid cloud computing as on premise OpenStack clouds will be able to manage identities and authorisation with the many public clouds based on OpenStack. Also new with Ubuntu OpenStack is Designate, Designate, DNS as a service, provides a critical piece of functionality in for large scale OpenStack users. Designate can provide easy, self-service access to user level DNS requests and if integrated with a higher level zone manager can provide a complete end-to-end DNS service for OpenStack cloud instances.

Also, as you may expect, we have added support to OpenStack Nova for LXD. This means that Ubuntu OpenStack Kilo users can launch container instances based on LXD.

General Updates

At a package level, most key applications have had updates. Some of those worth drawing attention to are:

Databases

  • MySQL 5.6
  • Percona XtraDB 5.6
  • MariaDB 10.0.17

Virtualisation

  • libvirt 1.2.12
  • QEMU 2.2
  • libguest-fs 1.28

Overall this is a great milestone release on the road to 16.04. Containers and cloud continue to be a focus and set the stage nicely for 15.10 with even more container capabilities and OpenStack Liberty.

On-demand Webinar: Join Ubuntu Product Managers Dustin Kirkland and Mark Baker for a deep dive into 15.04 and how you can get working with OpenStack. Watch on-demand

Related posts


Serdar Vural
5 December 2023

Canonical joins the Sylva project

Canonical announcements Telecommunications

Canonical is proud to announce that we have joined the Sylva project of Linux Foundation Europe as a General Member. We aim to bring our open source infrastructure solutions to Sylva and contribute to the project’s goal of providing a platform to validate cloud-native telco functions. Sylva was created to accelerate the cloudification of ...


Canonical
5 September 2023

도커(Docker) 컨테이너 보안: 우분투 프로(Ubuntu Pro)로 FIPS 지원 컨테이너 이해하기

FIPS Security

오늘날 급변하는 디지털 환경에서 강력한 도커 컨테이너 보안 조치의 중요성은 아무리 강조해도 지나치지 않습니다. 컨테이너화된 계층도 규정 준수 표준의 적용을 받기 때문에 보안 문제 및 규정 준수 요구 사항이 발생합니다. 도커 컨테이너 보안 조치는 경량의 어플라이언스 유형 컨테이너(각 캡슐화 코드 및 해당 종속성)를 위협 및 취약성으로부터 보호하는 것을 수반합니다. 민감한 개인 데이터를 처리하는 데 의존하는 ...


Valentin Viennot
2 June 2023

Docker container security: demystifying FIPS-enabled containers with Ubuntu Pro

container Article

In today’s rapidly changing digital environment, the significance of robust Docker container security measures cannot be overstated. Even the containerised layer is subject to compliance standards, which raise security concerns and compliance requirements. ...