Upload
jerome-petazzoni
View
552
Download
6
Embed Size (px)
DESCRIPTION
In this presentation we will introduce Docker, and how you can use it to build, ship, and run any application, anywhere. The presentation included short demos, links to further material, and of course Q&As. If you are already a seasoned Docker user, this presentation will probably be redundant; but if you started to use Docker and are still struggling with some of his facets, you'll learn some!
Citation preview
Docker
October 2014—Docker 1.2
@jpetazzo
● Wrote dotCloud PAAS deployment tools
– EC2, LXC, Puppet, Python, Shell, ØMQ...● Docker contributor
– Security, Networking...● Runs all kinds of crazy things in Docker
– Docker-in-Docker, VPN-in-Docker,KVM-in-Docker, Xorg-in-Docker...
Let's start with Questions
Raise your hand if you have ...
● Tried Docker (online tutorial)
Raise your hand if you have ...
● Tried Docker (online tutorial)● Tried the real Docker (e.g. deployed remote VM)
Raise your hand if you have ...
● Tried Docker (online tutorial)● Tried the real Docker (e.g. deployed remote VM)● Installed Docker locally (e.g. with boot2docker)
Raise your hand if you have ...
● Tried Docker (online tutorial)● Tried the real Docker (e.g. deployed remote VM)● Installed Docker locally (e.g. with boot2docker)● Written a Dockerfile (and built it!)
Raise your hand if you have ...
● Tried Docker (online tutorial)● Tried the real Docker (e.g. deployed remote VM)● Installed Docker locally (e.g. with boot2docker)● Written a Dockerfile (and built it!)● An image on Docker Hub (pushed or autobuilt)
Raise your hand if you have ...
● Tried Docker (online tutorial)● Tried the real Docker (e.g. deployed remote VM)● Installed Docker locally (e.g. with boot2docker)● Written a Dockerfile (and built it!)● An image on Docker Hub (pushed or autobuilt)● Deployed Docker images for dev/QA/test/prod...
Agenda
● What is Docker and Why it matters● What are containers● The Docker ecosystem (Engine, Hub, etc.)● Deployment options and first steps● What's next?
Whatis Docker
Whyit matters
Deploy everything
● Webapps● Backends● SQL, NoSQL● Big data● Message queues● … and more
Deploy almost everywhere
● Linux servers● VMs or bare metal● Any distro● Kernel 3.8+ (or RHEL 2.6.32)
Currently: focus on x86_64.
(But people reported success on arm.)
Deploy reliably & consistently
Deploy reliably & consistently
● If it works locally, it will work on the server● With exactly the same behavior● Regardless of versions● Regardless of distros● Regardless of dependencies
Deploy efficiently
● Containers are lightweight– Typical laptop runs 10-100 containers easily
– Typical server can run 100-1000 containers
● Containers can run at native speeds– Lies, damn lies, and other benchmarks:
http://qiita.com/syoyo/items/bea48de8d7c6d8c73435http://www.slideshare.net/BodenRussell/kvm-and-docker-lxc-benchmarking-with-openstack
Infiniband throughput and latency:no difference at all
Booting 15 OpenStack VMs:KVM vs Docker
Memory speed:Bare Metal vs Docker vs KVM
OK, but what is
Docker?
Docker Engine+ Docker Hub
= Docker Platform
The Docker Engine runs containers.
OK, but what is a
container?
High level approach:it's a lightweight VM
● Own process space● Own network interface● Can run stuff as root● Can have its own /sbin/init
(different from the host)
« Machine Container »
Low level approach:it's chroot on steroids
● Can also not have its own /sbin/init● Container = isolated process(es)● Share kernel with host● No device emulation (neither HVM nor PV)
« Application Container »
Stop.Demo time.
Alright, I get this.Containers = nimble Vms.
Let's just tell the CFO,and get back to work!
What happens when something becomes
10-100x cheaper?
Random example:testing
● Project X has 100 unit tests● Each test needs a pristine SQL database
Random example:testing
● Project X has 100 unit tests● Each test needs a pristine SQL database
● Plan A: spin up 1 database, clean after each use– If we don't clean correctly, random tests will fail
– Cleaning correctly can be expensive (e.g. reload DB)
Random example:testing
● Project X has 100 unit tests● Each test needs a pristine SQL database
● Plan B: spin up 100 databases– … in parallel: needs too much resources
– … one after the other: takes too long
Random example:testing
● Project X has 100 unit tests● Each test needs a pristine SQL database
● Plan C: spin up 100 databases in containers– fast, efficient (no overhead, copy-on-write)
– easy to implement without virtualization black belt
Containers make testing(and many other things)
way easier
The container metaphor
Problem: shipping goods
? ? ? ? ? ?
? ? ? ? ? ?
? ? ? ? ? ?
? ? ? ? ? ?
? ? ? ? ? ?
? ? ? ? ? ?
Solution:the intermodal shipping container
Solved!
Problem: shipping code
? ? ? ? ? ?
? ? ? ? ? ?
? ? ? ? ? ?
? ? ? ? ? ?
? ? ? ? ? ?
? ? ? ? ? ?
Solution:the Linux container
Solved!
Separation of concerns:Dave the Developer
● Inside my container:– my code
– my libraries
– my package manager
– my app
– my data
Separation of concerns:Oscar the Ops guy
● Outside the container:– logging
– remote access
– network configuration
– monitoring
Docker's Entourage
Docker: the cast
● Docker Engine● Docker Hub● Docker, the community● Docker Inc, the company
Docker Engine
● Open Source engine to commoditize LXC● Uses copy-on-write for quick provisioning● Written in Go, runs as a daemon, comes with a CLI● Everything exposed through a REST API● Allows to build images in standard, reproducible way● Allows to share images through registries● Defines standard format for containers
(stack of layers; 1 layer = tarball+metadata)
… Open Source?
● Nothing up the sleeve, everything on the table– Public GitHub repository: https://github.com/docker/docker
– Bug reports: GitHub issue tracker
– Mailing lists: docker-user, docker-dev (Google groups)
– IRC channels: #docker, #docker-dev (Freenode)
– New features: GitHub pull requests (see CONTRIBUTING.md)
– Docker Governance Advisory Board (elected by contributors)
Docker Hub
Collection of services to make Docker more useful.● Public registry
(push/pull your images for free)● Private registry
(push/pull secret images for $)● Automated builds
(link github/bitbucket repo; trigger build on commit)● More to come!
Docker, the community
● >600 contributors● ~20 core maintainers● >30,000 Dockerized projects on GitHub● >40,000 repositories on Docker Hub● >250 meetups in >90 cities in >30 countries● >1,500,000 downloads of boot2docker
Docker Inc, the company
● Headcount: ~60● Led by Open Source veteran Ben Golub
(GlusterFS)● Revenue:
– t-shirts and stickers featuring the cool blue whale
– SAAS delivered through Docker Hub
– Support & Training
Using Docker
One-time setup
● On your dev env (Linux, OS X, Windows)– boot2docker (25 MB VM image)
– Natively (if you run Linux)
● On your servers (Linux)– Packages (Ubuntu, Debian, Fedora, Gentoo, Arch...)
– Single binary install (Golang FTW!)
– Easy provisioning on Azure, Rackspace, Digital Ocean...
– Special distros: CoreOS, Project Atomic
Authoring imageswith a Dockerfile
FROM ubuntu:14.04
RUN apt-get updateRUN apt-get install -y nginxRUN echo 'Hi, I am in your container!' \ >/usr/share/nginx/html/index.html
CMD nginx -g "daemon off;"
EXPOSE 80
docker build -t jpetazzo/staticweb .docker run -P jpetazzo/staticweb
FROM ubuntu:12.04
RUN apt-get -y updateRUN apt-get install -y g++RUN apt-get install -y erlang-dev erlang-base-hipe ...RUN apt-get install -y libmozjs185-dev libicu-dev libtool ...RUN apt-get install -y make wget
RUN wget http://.../apache-couchdb-1.3.1.tar.gz \ | tar -C /tmp -zxf-RUN cd /tmp/apache-couchdb-* && ./configure && make install
RUN printf "[httpd]\nport = 8101\nbind_address = 0.0.0.0" \ > /usr/local/etc/couchdb/local.d/docker.ini
EXPOSE 8101CMD ["/usr/local/bin/couchdb"]
docker build -t jpetazzo/couchdb .
FROM debian:jessie
RUN apt-get -y updateRUN apt-get install -y python-pip
RUN mkdir /srcWORKDIR /src
ADD requirements.txt /srcRUN pip install -r requirements.txt
ADD . /srcRUN python setup.py install
Do you evenChef?
Puppet?Ansible?
Salt?
Summary
With Docker, I can:● put my software in containers● run those containers anywhere● write recipes to automatically build containers
Advanced concepts
● naming– give a unique name to your containers
● links– connect containers together
● volumes– separate code and data
– share data between containers
Let's speak
volumes
What is a volume?
● Directory in a container● Bypassing the copy-on-write system● Mapped to normal directory on the host● Zero I/O overhead (implemented as bind-mount)● Can be shared by multiple containers
What is a volume for?
● Fast I/O path with zero overhead(kept out of copy-on-write)
● Use specific device in container(e.g. that 24xSSD RAID10 for PostgreSQL WAL)
● Share data between containers(e.g. /var/log, /var/lib/mysql, ...)
Read more about volumes
● Docker Docs:https://docs.docker.com/userguide/dockervolumes/
● Additional insights:http://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/
Docker Futures
Non-contractual roadmap
● Provenance, signature (signed images)● On-prem Docker Hub● Orchestration● More execution backends (e.g. OpenVZ)● ______________ (your contributed feature here)
Recent features: 0.10
● TLS support for API access● Configurable DNS search● BTRFS is no longer experimental● Integration with systemd cgroups● Use proxy environment variables (for registry)
Recent features: 0.11
● SELinux integration(works better with CentOS)
● DNS integration for links(access linked containers by hostname)
● « docker run --net »– use host networking for high speed
– share network of another container
Recent features: 0.12
● docker pause/unpause● more importantly: 1.0 release candidate :-)
Docker 1.1
● .dockerignore(don't upload your .git anymore!)
● docker logs --tail– further logging improvements on the way
(truncate)
Docker 1.2
● New cool options for docker run
--restart=always/no/on-failure
--cap-add=NETADMIN
--cap-drop=CHOWN
--device=/dev/kvm:/dev/kvm
Coming soon(maybe)
● logging improvements● device mapper tuning● image squashing● ARM support● use secrets in builds
● volume management● hairpin nat● IPV6 support● seccomp + native● user namespaces
Thank you! Questions?
http://docker.com/
@docker
@jpetazzo