Containers? Ha! Ain't no party like a Tupperware party, boasts Facebook

No Docker or Kubernetes under The Social Network's hood

Ahmad Faiza / Shutterstock.com

OS Summit Facebook has its own container system it uses in place of Docker or Kubernetes.

The Social Network started working on "Tupperware" before other systems were "readily available" and it's glued to Facebook's internal services, production engineer Zoltan Puskas said during a presentation at the Open Source Summit in Prague.

The system is built on the open-source Btrfs file system and handles "big and small tasks" across Facebook's data centre clusters. Tupperware is geared towards long-running processes over batch loads and apparently helps the site efficiently scale tasks with familiar tools and customisation.

Which is cool, because some think containers are pointless.

Facebook's container images are stacked with a base OS layer, a customisation layer with SSH configurations and certificates, and finally an app layer for binaries and changing limited settings. The task runs at the tippy top.

Btrfs, which Puskas described as "really cool", saves space by allowing independent snapshots of sub volumes that don't copy data but metadata instead. You can reconstruct the parent volumes by looking at the diffs.

Buck is the backend automated build system, which creates layers in parallel as well as separating build and run time.

"This is really fast" and "low impact", Puskas boasted.

At a high level, using a command line interface, tasks can be sent to a scheduler, which requests resources from a resource manager and volleys them off to hosts.

On hosts, the Tupperware agent launches a helper process and containers themselves. Systemd is used by the Tupperware helper for controlling tasks such as building and running the containers, as it gives SSH login ability as well as a "familiar" debugging environment.

cgroup is also used for monitoring resources.

Puskas boasted that Facebook can "spin up hundreds of containers" in "less than five minutes" on a single VM. IO on disk is "never more than several per cent" and starting a container takes "less than half a per cent" of IO.

The containers also come with the ability to get a list of recent crashes –although if the situation is "complex" the developer has to go digging around their binary themselves.

When asked whether Facebook would be considering selling, open-sourcing or keeping its tools locked away in a vault, Puskas hesitated but said he "cannot tell the future".

Oleksander Iegorov, a systems architect at managed services provider GeeksForLess in Mykolayiv, Ukraine, told The Register in Prague that the presentation surprised him because, according to Facebook, Tupperware "emerged earlier than Docker or Kubernetes".

Usage by the wider world would "depend on how good the documentation would be", he added.

"I suspect that they are highly optimised for Facebook infrastructure" and likely the firm wouldn't open-source something that nobody would use. ®


Biting the hand that feeds IT © 1998–2017