44
Docker from Scratch Giacomo Vacca, Founder at RTCSoft, [email protected]

Docker From Scratch

Embed Size (px)

Citation preview

Page 1: Docker From Scratch

Docker from Scratch

Giacomo Vacca, Founder at RTCSoft, [email protected]

Page 2: Docker From Scratch

About me• 15 years “in the trenches cubicles”

• Developer of RTC (VoIP, IM, WebRTC) solutions

• Often dealing with DevOps topics

• Founder of RTCSoft in 2015

@giavac

https://github.com/giavac

[email protected]

Page 3: Docker From Scratch

Objective of this presentation

Page 4: Docker From Scratch

Docker usage scenarios• Run services

• Deployment mechanism

• Prototyping

• Testing

• Continuous Integration/Delivery

Page 5: Docker From Scratch

What’s in a name?

Page 6: Docker From Scratch

Previously on this show

http://www.slideshare.net/GiacomoVacca/docker-and-puppet-for-continuous-integration

Page 7: Docker From Scratch

What is Docker, really?• An Open-Source (Go) framework to manage “container virtualisation”

• Docker isolates multiple user spaces (file systems) inside the same host

• The user space instances are called “Containers”

• They give you the illusion of being inside a VM

• Think about “execution environments” or “sandboxes”

• No need for an hypervisor (and so very quick to launch)

• Requires x64 Linux and kernel 3.8+

Page 8: Docker From Scratch

Ingredients vs Cake

Page 9: Docker From Scratch

Virtual Machines vs Docker

Source: https://www.docker.com/what-docker

Page 10: Docker From Scratch

What Docker is not?

• A programming language

• An OS

• A Virtual Machine

• An image in the traditional hypervisor-based Virtual Machine concept

Page 11: Docker From Scratch

Where is Docker used?• Uber, eBay, BBC News, shopify, ING

• and many others…

• Used by Google Cloud (with the Container Engine + Kubernetes)

source: https://www.docker.com/customers

Page 12: Docker From Scratch

Who should know about Docker?• Developers

• Yes, even mobile developers

• Sysadmins

• “DevOps” people

• Architects/CTO/COO (want to save some money?)

• You (probably)

Page 13: Docker From Scratch

Glossary• Docker, aka Docker Engine: the daemon managing docker images and containers (using namespaces and cgroups). It

runs on the (Linux-based) Host.

• Docker client: the binary interacting with the Docker Engine.

• Docker Image: a filesystem (read-only template) used to create a Container (think “the binary”)

• Docker Container: a running image providing a service (think “the process”)

• Host: the computer running the Docker Engine

• Docker Registry: a private or public (Docker Hub) collection of Docker Images

• Docker Machine: provision hosts and install Docker on them

• Docker Compose: create and manage multi-container architectures

• Docker Swarm: orchestrating tool to provision and schedule containers

Page 14: Docker From Scratch

Architecture

From https://docs.docker.com

Page 15: Docker From Scratch

The Easiest Thing To Do…• $ docker run -it BASEIMAGE /bin/bash

• (will pull the BASEIMAGE layers)

• $ docker run -i -t ubuntu /bin/bash

• Do something inside the container (install packages, configure app): magic!

• $ docker commit CONTAINERID NEWIMAGELABEL

• Check created image with ‘docker images’

Page 16: Docker From Scratch

The layers

From https://docs.docker.com

Page 17: Docker From Scratch

Docker and the Kernel

• Containers interact with the kernel through system calls

• There are no parts of the kernel or kernel modules inside a container

• A container cannot use a different kernel (version) than the host

• The same kernel is shared by all the containers

Page 18: Docker From Scratch

Workflow• Build an image (Dockerfile + base images pulled automatically)

• docker build -t gvacca/nginx .

• Store image in a registry (public, e.g. Dockerhub, or private)

• docker push gvacca/nginx

• Pull image on the target host

• docker pull gvacca/nginx

• Run container on the target host

• docker run -it gvacca/nginx

Page 19: Docker From Scratch

Dockerfiles

• Files that contain the “recipe” to build an image

• Created and stored as any other source code

• Help defining and documenting the building process

• Define layer after layer the final image

Page 20: Docker From Scratch

Dockerfile - exampleFROM ubuntu:latest

MAINTAINER Giacomo Vacca <[email protected]>

RUN apt-get update

# Install nginx RUN apt-get -y -q install nginx

# Prepare target dir for website (Must match global.conf) RUN mkdir -p /var/www/html

# Configure nginx COPY nginx/nginx.conf /etc/nginx/nginx.conf COPY nginx/global.conf /etc/nginx/conf.d/global.conf

EXPOSE 8080

CMD [ "/usr/sbin/nginx" ]

Page 21: Docker From Scratch

Build an Imagedocker build -t USER/LABEL:TAG CONTEXT_PATH

$ docker build -t gvacca/nginx:1.0 .

The location of the Dockerfile defaults to ./Dockerfile

You can specify the actual Dockerfile path with ‘-f’, e.g.:

$ docker build -t gvacca/nginx -f ./Dockerfile.ubuntu

Analyze the “build history” of an image:

$docker history gvacca/nginx

The “build context” is composed by the files at a specified CONTEXT_PATH (dir or URL)

Page 22: Docker From Scratch

Build an imagegvacca@dockerubuntu:~simple_nginx$ sudo docker build -t gvacca/simple-nginx . Sending build context to Docker daemon 7.168 kB Step 1 : FROM ubuntu:14.04 ---> 1d073211c498 … Step 2 : MAINTAINER Giacomo Vacca <[email protected]> ---> Running in 10a8334becfd ---> 559310abf4fb Removing intermediate container 10a8334becfd Step 3 : RUN apt-get update ---> Running in 873b09debab0 … Step 8 : EXPOSE 8080 ---> Running in a27f73413c02 ---> f5ef8527f2a3 Removing intermediate container a27f73413c02 Step 9 : CMD /usr/sbin/nginx ---> Running in d99de19cc782 ---> df76d20cd00f Removing intermediate container d99de19cc782 Successfully built df76d20cd00f

Page 23: Docker From Scratch

List Available ImagesList locally available images:

$ docker images

Clean up useless images:

$ docker images -q --filter “dangling=true”

Page 24: Docker From Scratch

Push an Image to Registry

$ docker push gvacca/nginx URL

$ docker push USER/LABEL REGISTRY_URL

Page 25: Docker From Scratch

Pull an Image from Registry

$ docker pull gvacca/nginx

$ docker pull USER/LABEL

Will search in a local repo first, unless the full repo URL is specified.

Page 26: Docker From Scratch

Run a Container$ docker run -i -t gvacca/nginx

$ docker run [--name NAME] [options] USER/LABEL [command]

If the image is not found locally Docker searches it remotely.

A container runs as long as there’s an active process in foreground.

See also ‘docker start|stop|restart ID’

Page 27: Docker From Scratch

Check Running Containers$ docker ps [-a]

$ docker top

In general, use ‘docker info’ to get a summary

Page 28: Docker From Scratch

Entering inside a running container$ docker attach CONTAINER_NAME

$ docker exec -it CONTAINER_NAME COMMAND

$ docker exec -it gvacca/nginx /bin/bash

$ docker logs CONTAINER_NAME

Or show processes running inside a container:

$ docker top CONTAINER_NAME

Page 29: Docker From Scratch

Port MappingAssociation between the ports exposed by the container and the ports used on the host.

EXPOSE command for Dockerfile

Port mapping at run time: one or more ‘-p’ arguments to docker run.

No need for port mapping when the container is inside a network (see later).

You can expose port ranges (recent improvement).

Page 30: Docker From Scratch

Volumes

• Share a folder between host and container.

• VOLUME command inside the Dockerfile

• Dynamic volume association at run time: one or more ‘-v’ arguments.

• Volumes shared by an image are available even if the container is not running (but it needs to still exist).

Page 31: Docker From Scratch

Inspect a Container

$ docker inspect nginx

$ docker inspect CONTAINER_NAME

Page 32: Docker From Scratch

Output of inspect{ "Id": "c61b85d3a9451d2ac3bbe301f54dc97b0df13c2835d0fb1f6214db64929e646d", "Created": "2016-01-05T09:47:16.125279193Z", "Path": "/bin/sh", "Args": [ "-c", "nginx" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 16817, …

Page 33: Docker From Scratch

Keeping images clean$ apt-get remove --purge -y $BUILD_PACKAGES $(apt-mark showauto) && rm -rf /var/lib/apt/lists/*

https://www.dajobe.org/blog/2015/04/18/making-debian-docker-images-smaller/

Page 34: Docker From Scratch

Docker Toolbox• You can run a Docker environment on your OSX/Windows laptop

• Docker Toolbox installs Docker Machine (‘client-machine’), which creates a Linux Virtual Machine (with VirtualBox) for you, with Docker Engine inside

• Docker Toolbox installs a docker client (‘docker’) on your machine

• The docker client connects to the Docker Engine running inside the VM

https://www.docker.com/docker-toolbox

Page 35: Docker From Scratch

Run the containergvacca@dockerubuntu:simple_nginx$ sudo docker run -d --name nginx -p 8080:8080 -v $PWD/website:/var/www/html/website gvacca/simple-nginx add8d371f82f615ebbd121cea804511dcdafac893b14325366744797424fa44c

gvacca@dockerubuntu:simple_nginx$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES add8d371f82f gvacca/simple-nginx "/usr/sbin/nginx" 11 seconds ago Up 9 seconds 0.0.0.0:8080->8080/tcp nginx

gvacca@dockerubuntu:simple_nginx$ ps aux |grep docker root 792 0.0 4.7 693136 23740 ? Ssl Nov04 11:20 /usr/bin/docker daemon root 1977 0.0 2.6 152692 13172 ? Sl 11:26 0:00 docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.2 -container-port 8080

Page 36: Docker From Scratch

Networks of Containers• “docker network” defined since Docker 1.9

• Create an isolated network, then attach containers to it

• Containers on different networks by default don’t see each other

• Internal private addressing managed by Docker

• Brilliant for prototyping and emulating entire architectures

• Better have one single application per container

Page 37: Docker From Scratch

Docker inside DockerBut you need the privileged mode

Page 38: Docker From Scratch

Orchestration• Docker Composer

• Docker Swarm

• Google’s Kubernetes

• Apache Mesos

• Puppet & others

Page 39: Docker From Scratch

Docker as Slave for Jenkins• Associate specific Docker images to specific Jenkins build jobs

• Keep builds clean & reproducible (“Non-event releases”)

• Run slave containers on demand - stop them when not needed.

• Jenkins Plugin: https://wiki.jenkins-ci.org/display/JENKINS/Docker+Plugin

• Other Cloud methods, e.g. Mesos

Page 40: Docker From Scratch

Jenkins to build Docker images• A Jenkins job:

• Checks out a Dockerfile from a repo

• Builds the image

• Upload the new image in a registry

• May re-use images for new builds (careful about integrity)

Page 41: Docker From Scratch

Puppet to manage Docker containers• Module for docker: https://forge.puppetlabs.com/garethr/docker

• Installs Docker and required dependencies

• Launches the Docker daemon

• Sets DNS, users and other configuration items

• Pull images from selected repos

• Run containers (image + command)

Page 42: Docker From Scratch

Run Jenkins inside Docker• Manage Jenkins with a dedicated image + volume with data

• From the official Docker registry: https://hub.docker.com/_/jenkins/

docker run -d -p 8080:8080 -p 50000:50000 -v ~:/var/jenkins_home jenkins

• TCP 8080: Web UI

• TCP 50000: interface to connect slaves

Page 43: Docker From Scratch

Questions and AnswersThanks

Page 44: Docker From Scratch

Recommended Books• “The Docker book”, J. Turnbull, http://www.amazon.co.uk/Docker-

Book-Containerization-new-virtualization-ebook/dp/B00LRROTI4

• “Continuous Delivery”, J. Humble, http://www.amazon.com/Continuous-Delivery-Deployment-Automation-Addison-Wesley/dp/0321601912

• “Building Microservices”, S. Newman, http://shop.oreilly.com/product/0636920033158.do