Toggle Menu

<-- Back to schedule

Manageable application containers: lightning quick updates, scaleable security, easy high availability

Project: LXC, AppArmor, Pacemaker, Linux kernel (overlayfs)

We all love containers. Lightweight, container-based virtualization is an excellent alternative to the likes of KVM, and we have a large array of options to choose from: lxc, Docker, rkt, more to come.

However, seasoned enterprise sysadmins frequently balk at the idea of a self-contained operating system in a single image which, rather than ever being updated, only gets rebuilt when needed. The idea of two thousand Apache containers needing to be rebuilt because a critical library like OpenSSL has released its latest patch for an ugly security vulnerability is not tremendously appealing to most.

In this presentation, we cover an alternative approach: we use overlayfs, a fairly recent addition to the Linux kernel, in conjunction with a few configuration options to build a fully functional container environment for potentially hundreds of containers running on the same operating system distribution. We combine this with AppArmor (for mandatory access control) and Pacemaker (for high availability) to build a configuration where patches can be applied to hundreds of containers at once, with minimal downtime.

All tools presented are readily available in any contemporary Linux distribution; no magic is involved.

Florian Haas

Florian has worked in open source for more than 10 years. His main areas of interest include OpenStack, distributed storage, and orchestration. He has spoken at previous LCAs and also at OSCON, LinuxCon, the OpenStack Summit, and many other conferences. When he is not speaking, Florian discharges his duties as CEO of professional services firm hastexo (which has a strong open source focus), and also acts as a Principal Consultant serving hastexo's high-profile clients.

Geelong 2016

Our Emperor Penguin Sponsors


About Geelong

Geelong is Victoria's second largest city, located on Corio Bay, and within a short drive from popular beach-front communities on the Bellarine Peninsula as well as being the gateway to the famous Great Ocean Road

More Info » is widely regarded by delegates as one of the best community run Linux conferences worldwide and is the largest Linux and Open Source Software conference in the Asia-Pacific.

Read More »



Our Sponsors help make become the awesome conference everyone comes back to year after year. Come see who's on board this year, or find out how to get in contact with us

Sponsorship »