Slides from Rodric Rabbah & Philippe Suter's talk "OpenWhisk: A Serverless Computing Platform" at ContainerDays NYC 2016: dynamicinfradays.org/events/2016-nyc/programme.html#openwhisk
7. lower expenses
by caching Weather.com
responses since each
API call costs $
hence needs to offload
Weather.com “call” and
filtering server side
Now Dave wants to…
7
8. lower expenses
by caching Weather.com
responses since each
API call costs $
hence needs to offload
Weather.com “call” and
filtering server side
But does not want to…
configure and manage
servers, virtual machines,
and services ….
8
9. lower expenses
by caching Weather.com
responses since each
API call costs $
hence needs to offload
Weather.com “call” and
filtering server side
But does not want to…
configure and manage
servers, virtual machines,
and services ….
9
pay by the month for
resources that may
not be used
10. So how can Dave get what he wants?
10
enter serverless computing:
runtime as a service to execute
user “functions”
11. So how can Dave get what he wants?
11
enter serverless computing:
runtime as a service to execute
user “functions”
+ no infrastructure to maintain
+ pay as you go for what you use
+ managed security and elasticity
12. Serverless Platforms
Amazon Lambda
Google Cloud Functions
IBM OpenWhisk (open as in open source)
Microsoft Azure Functions
Startups: serverless.com, iron.io, apex.run, …
12
18. public static JsonObject main (JsonObject params) {
JsonObject reply = new JsonObject();
String name = params.get(“name”).getAsString();
System.out.println(“Hello ” + name);
reply.addProperty(“msg”, “Goodbye ” + name);
return reply;
}
Action: Java
18
19. Action: Swift
func main (params:[String:Any]) -> [String:Any] {
var reply = [String:Any] ()
if let name = params[“name”] as? String {
print(“Hello (name)”)
reply[“msg”] = “Goodbye (name)”
}
return reply
}
19
20. Action isolation
20
OpenWhisk desiderata…
• Run many actions concurrently on same machine
• Provide elastic scaling to run actions on different machines
• Limit cross-action interference: resource and process isolation
• OpenWhisk uses containers as units of isolation for actions
23. How OpenWhisk uses containers
23
controller
invoker
1 Deploying and managing traditional microservices
24. OpenWhisk system architecture
24
Edge
VMEdge
VM
Edge VM
Edge
VM
Edge
VM
Master VM
controller
Edge
VM
Edge
VM
Slave VM
invoker
action
container
action
container
action
container
action
container
action
container
action
container
action
container
action
container
• microservices deployed in docker containers
• open-source system middleware
• NoSQL (CouchDB) persistence
25. How OpenWhisk uses containers
25
2 Lightweight isolated execution environment for
arbitrary user code
action
containeraction
containeraction
containeraction
containeraction
containeraction
containeraction
containeraction
containeraction
container
action
containeraction
containeraction
containeraction
containeraction
containeraction
containeraction
containeraction
containeraction
container
Slave VM
51. Action containers
• Host user-written function
• Maintain the abstraction that
“action ≈ function”
•Provide a common REST interface
(JSON objects in and out)
Container
Input
JSON
Output
JSON
stdout
String
stderr
String
31
52. Warm & cold invocations
• Cold invocation: the action has not been invoked “recently”
• No container currently hosting the action code
• Factors affecting invocation latency:
• Database access time
• Container startup time (e.g. docker run)
• Language runtime startup time (e.g. JVM startup)
32
53. What we are not doing
• Create one Docker image for each action (docker build)
• On invocation,
• docker pullthe image in the invoker
• docker run
33
54. What we are not doing
• Create one Docker image for each action (docker build)
• On invocation,
• docker pullthe image in the invoker
• docker run
One image per action implies managing a potentially very large registry.
Docker operations generally are not very fast.
33
55. What we are doing
• Have a single Docker image for all actions of a given runtime
• E.g. NodeJS 6 stemcell container
• The image contains a webserver, exposing two endpoints:
• /init : dynamically loads the user code
• /code : executes the user code with a given payload
• The invoker starts stemcells independently of action invocations
• Invocations are not affected by container and runtime startup
34
58. HTTP proxy JSON /init /run
Node.js Express Native
eval(…) script, keep
function object in
memory.
Function invocation.
Swift Flask (Python)
Implicit:
Foundation
(NSJSONSerialization)
Compile script,
store binary.
Run binary with
subprocess.
Java
com.sun.net.httpserver.H
ttpServer
Explicit:
Google GSON
Dynamic classloading,
reflection to get handle
to main.
Reflective invoke.
Python Flask Implicit: stdlib
(import json)
Store script in memory.
Evaluate script with
exec(…).
Docker
In base image:
Flask
In base image:
deserialization from
string
In base image: no-op
In base image:
subprocess call
Action containers implementation overview
37
59. Docker in production: the not-so-great parts
• Security issues
• User namespaces only a recent addition
• Hard to impose limits on filesystem operations
• Containers can discover meta-information on other containers
• Concurrency issues
• Docker daemon causes kernel panics under (highly) concurrent loads
• Performance
• Relatively high latency when retrieving logs
38
60. Docker in production: the good parts
• On OpenWhisk itself
• “Same” environment/deployment for local development and production
• Easy to swap components in and out
• Action containers
• Lets us standardize at an HTTP API level
• Supporting new runtimes is straightforward
• Easy to test action containers in isolation
• The invokers are (almost) runtime-agnostic
39
61. • IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.
• Information regarding potential future products is intended to outline our general product direction and it should not be relied on in
making a purchasing decision.
• The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any
material, code or functionality. Information about potential future products may not be incorporated into any contract.
• The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
• Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual
throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the
amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed.
Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
Please note
40
63. Please note: notices and disclaimers
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not
tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the
ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained h erein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual
property right.
IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®,
FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG,
Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®,
PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®,
StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business
Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
42