View
173
Download
1
Category
Preview:
Citation preview
john culvinergithub: github.com/johnculvinerblog: johnculviner.comtwitter: @johnculvineremail: john@johnculviner.com
intro to
with a side of
About Me Free range, sometimes organic
Full-stack Independent Consultant @ Veritas in Roseville
Backend DevOps (Docker, Ansible, Linux etc) NoSql (ElasticSearch, MongoDB) Distributed systems (RabbitMQ, Kafka etc.) Node.js Groovy/Spring/Java C#
Front End Angular.js, React.js, Knockout.js, Durandal.js, jQuery, CSS/SASS etc. SPA development
Open Source “Street Cred” AngularAgility jQuery File Download FluentKnockoutHelpers
OverviewDocker
How does it work Why would I use it
Rancher What does it give me
Building a Clustered Docker + Rancher environment from scratch Terraform (DigitalOcean) Ansible Node.js Microservice
Objective:To leave feeling confident about if Docker might make sense for your next project (or might not!) and how to get started easily if it looks like it is the right tool for the job for you.
What is ?It’s all about the containers!
ImagesInternal Docker
Registryhostname: MY_REG:5000myapp:1.0
myapp:1.1
yourapp:1.0
yourapp:1.1
…
Public Docker Registry
AKA: hub.docker.comelasticsearch:5.0.0
elasticsearch:5.0.1
rabbitmq:3.6.4
rabbitmq:3.6.5
…
Any machine running DockerMY_REG:5000/
myapp:1.1elasticsearch:5.0.1
may equalwhen :tag not specified defaults to
Confused? Container vs Image
A container is an “instance” of an “immutable” imageCould be running or stoppedMy machine running Docker for Mac
Loaded Imagesmongo:latest
Running Containers
Image Namemongo:latestContainer Namemyfirstmongo
Image Namemongo:latestContainer Name mysecondmongo
…
Moderate Mongo Mess
mongo:latest isn’t terribly useful to know what the version really is
There is no external/port level access to the containers There are no volume mounts for persistent data (very bad for
perf on with high I/O applications) If the container dies it’s not coming up again without me
restarting it Fortunately? there is:
docker run --name=myfirstmongo --detach --publish="27017:27017" --restart=always --volume="/some/local/path:/data/db" mongo
A better way: docker-compose
Tearse & readily source controlled YAML definition
docker-compose.yml
Idempotence(to an extent)
docker-compose for CI/CD!Run isolated integration testing CI/CD of your whole
app stack from anywhere! (local, Jenkins etc.)Builds a local Dockerfile
Define DNS aliases of references
only available from my_appstdout/err comes out to pass/fail Jenkins build
Test command: stdout/err comes out of container to pass/fail the buildMongo only addressable to my_app at DNS “mongodb”No stdout/err
Real live chrome/selenium server in a container using xvfb
Benefits of Images & Containers
Better Isolation & Consistency with ImagesDocker Repository vs. Artifactory, NPM, Nuget etc.Debug a production image on my local machine
EX: Run 10 different YOUR_FAV_LANG apps using 10 different versions the runtime all on port 8080 on same box**with a SDN (software defined network)
Security**When you don’t run as root, use SELinux,
sandbox volumes among other things
+Docker
Building images with layersDone with a Dockerfile, lets do it!See layers with “docker inspect IMAGE_NAME”What we did:
image layer: alpine:latest
image layer: first_file added
image layer: second_file added
container: second-container
container: first-container
Layer re-creation/sharing Docker will re-use existing layers when it can:
When a layer changes subsequent layers are invalidated otherwise they are re-used
This effects:
Proportion of Image Size
Changes every build(probably)
npm install only runsif package.json (a dependency/package manifest) changes!
pull/push HTTP trafficserver filesystem usagerepository storage space
BUILD TIMES!
Docker ObservationsSet up development environment quickly
with a docker-compose for a projectE2E Integration testing easily with a docker-
composeImage consistency to production
stdout/stderr aggregation
QA serversmyapp:1.2.
3
PROD servers
myapp:1.2.3
DEV serversmyapp:1.2.
3
- Commit- Build- Test
deploy
server-a
server-b
server-c
server-d
ElasticSearch+
Kibana
stdout/err from all containers
Well that was cool for DEV but…
How do I run containers on multiple machines and orchestrate them?
How do I ensure HA (high availability)How do I load balance HTTP/S applicationsHow do I schedule based on load
Does Docker actually make sense to run real applications in PROD?
*well I have at least with less work and less downtime than other approaches I’ve encountered… so far
Partial lay of the land*
*as I see it: grain of salt please
+
What is ? A really slick UI that illustrates what is going
on in a very clear mannerActually helps you learn real Docker (full API
surface almost!) visually and then helps you script things after you have “pointed and clicked your way to success”
Easily runs in Docker container(s)Container orchestration/clustering support for a
variety of different platforms:
What is Cattle?A relatively simple container orchestration framework
that is natively supported by RancherPros
Built in layer 5 (haproxy based) load balancer that supports scaling, rolling upgrades, rollback changes etc.
Slick SDN (Software Defined Network) does DNS based round-robin inter-container network resolution
Simpler & quicker to get going than anything else “3AM Googleability” is very high / vibrant community Works with Docker rather than against it Realistically free! I’ve battle tested it and has worked well so far
Cons Scheduler is rather simple / no automatic container
creation support
+ +Setup entire stack from scratch in a repeatable
(idempotent), clear & source controllable manner*Some of the Rancher stuff we will “point and click our
way to success” for brevity and to show you the UI but I’ve done it before with 100% Ansible + docker/rancher-compose files.
RequirementsPOSIX shellDigitalOcean account with API key env variableSSH
~/.ssh/id_rsa + ~/.ssh/id_rsa.pub setupAnsible (get with Python, PIP)TerraformWeb browser
The Goal
docker0 docker2docker1 docker3rancher/server
rancher/agent
rancher/agent rancher/agent rancher/agent
Idempotent Cloud VM creation tool
Cloud VM Provider
Ubuntu 16.04Cloud VMsw/
Containers
IdempotentServer
ProvisioningTool
johnculviner/nodejs-echo-hostname
johnculviner/nodejs-echo-hostname
johnculviner/nodejs-echo-hostnamejohnculviner/nodejs-echo-hostname
johnculviner/nodejs-echo-hostnamejohnculviner/nodejs-echo-hostname
…… …
rancher haproxy load balancer
HTTPTraffic
+ few SSH commands
The codehttps://github.com/johnculviner/docker-rancher-presentation
E2E IRL IdeasA Jenkins pipeline build
questions/comments?
john culvinergithub: github.com/johnculvinerblog: johnculviner.comtwitter: @johnculvineremail: john@johnculviner.com
Recommended