Upload
sandeep-karnawat
View
395
Download
5
Embed Size (px)
Citation preview
Docker Tech Talk1
Docker Tech Talk with Demo
Sandeep KarnawatPrincipal S/W Engineer
Docker Tech Talk2
Sample Agenda
1 Docker Background
2 How to Use Docker
3 Docker Inside
4 Docker Demo
Docker Tech Talk3
What is docker?
• Docker is:– An open platform for developers and sysadmins to develop, ship, and run
distributed applications [docker.io]– An open-source project that automates the deployment of applications
inside software containers by providing an additional layer of abstraction and automation of operating system-level virtualization on Linux [Wikipedia]
– A tool that can package an application and its dependencies in a virtual container that can run on any Linux server [451 Research]
Docker Tech Talk4
How is it different from VM?
Docker Tech Talk5
What does Docker look like?
• Docker is a client-server application.– Docker client and the daemon can run on the same system, or on different
machines– They communicate via sockets (or through a RESTful API).– Users interact with the client to command the daemon– The daemon, receiving those commands, does the job
Docker Tech Talk6
Sample Agenda
1 Docker Background
2 How to Use Docker
3 Docker Inside
4 Docker Application
Docker Tech Talk7
How to download a docker image
• docker pull <image_name>– Pull: fetch the image from the Docker Hub Registry
(registry.hub.docker.com)– Image_name: usually consist of user_name/image_name– E.g., sudo docker pull skarnawat/mytest_docker
Docker Tech Talk8
How to launch a docker container
• docker run –it <image_name> [command_name]– Option –t: allocate pseudo-terminal– Option –i: interactive mode– Eg: docker run –it mingwei/mytest_docker bash– Note: when you run “bash” option -i and –t are both needed– When you do not need “terminal”; use “–d” instead of “-it”
• Where is my container?– docker ps– docker ps –a (all containers you have run)
• How can I name my own container?– docker run –it –n mycontainer mingwei/mytest_docker bash
Docker Tech Talk9
How to generate a new image?
• Manually Create Image– A container is a running instance of an image– When all processes inside container exit, container is stopped – One way to create a new image:• Create a new container using “docker run –it <image> bash”• Issue commands: “apt-get install <software>”• Transform your container to an image:– docker commit <your_container_name> <your_new_image_name>– What if I didn’t name my container? • Use the automatically assigned container id instead.• Container id could be found using “docker ps “
Docker Tech Talk10
How to generate your own image
• Dockerfile– Like a makefile, you use it to automate the building of an image:• docker build –t <your_img_name> .• Your image is built using the Dockerfile in current directory• Docker file contains a sequence of commands
– Inside Dockerfile:• Updates will be applied to new image• FROM: base image you specify• RUN: run a command inside container• ADD: copy files into new image– Note: tar, gzip bzip2 and etc will be decompressed
• Other Directives:– http://docs.docker.com/reference/builder/
From ubuntu:14.04
Author: skarnawat
RUN apt-get install binutils
ADD myfile.tar /app VOLUME [“/yourdata”]…
Docker Tech Talk11
Docker Tech Talk12
Login to Existing Container
• You can’t login to an existing container, if– The container does not have terminal (launched with –d but not –it)– E.g., docker run –d skdocker/apache apache2ctl -D FOREGROUND
• Option1: sshd server– Using a sshd, you could login to existing container– Issues: manage passwords, keys
• Option2: use docker attach– Docker attach <container_name>
Docker Tech Talk13
Docker: Under the HoodImplementation and Details
Docker Tech Talk14
Docker Container Implementation
• Namespaces– Docker takes advantage of a technology called namespaces to provide the
isolated workspace we call the container.– One container cannot see names in another container’s namespace– The pid namespace: virtualized process names (PID: Process ID).– The net namespace: virtualized network interfaces, routing tables, etc.
(NET: Networking).– The mnt namespace: virtualized file system mount points (MNT: Mount).
Docker Tech Talk15
Linux Container Implementation
• Namespaces
• Control groups– provide a mechanism for performance isolation– Cgroup allows you to control the resource usage of:• CPUSET and CPU USAGE• Memory• Disk I/O• Device visibility
– Cgroup is maintained as a virtual file system (like proc): cgroupfs
Your diff (rw)
Your view
image #1
Base image (readonly)
File System (AUFS)
• AUFS: advanced union file system– Union of all images– Less storage– Maximum layers 127
Docker Tech Talk
16
image #2
Your diff (rw)
Your diff (ro)
Your diff (rw)
Your diff (ro)
Docker Tech Talk17
Docker and LXC
• Docker containers are in linux container format.
Docker Tech Talk18
Comparison
Docker
• Application container– Only application process is running
• Ship with file system support
• Use cgroups and namespace
• Has docker image repository
• Support versioning and commit
• Has API support
• Support SELinux and Apparmor
LXC
• Light weight virtual machine– A set of system daemons are running
• User need to config their file system
• Use cgroups and namespace
• No repository support (can’t move!)
• No support on image version
• No API, only configuration
• Support SELinux and Apparmor
It is still unclear which style of containers will win in the future
Docker Tech Talk19
Docker Start-up Process
• Command: docker run –it ubuntu bash• What happened?– Mount aufs (all diffs)• Transform image name to ID• Get all diffs required and merge them
– Prepare cgroup file system– Launch container process (using clone)• Clone(2) specify using new namespace• Exec docerinit (launch docker binary)• Prepare other file systems– Devfs, tmpfs, proc and etc– Symlinks for standard I/O
• Change root file system (pivot_root)• Drop capabilities– Capget(2)– Prctl(PR_CAPBSET_DROP, 0x.., 0, 0, 0)
Base image
Base image (readonly)
Diff (ro)Diff (ro)
Diff (ro)Diff (ro)
Diff (ro)
/var/lib/docker/aufs/diff/ID:
/var/lib/docker/aufs/mnt/Container_ID:
Docker Tech Talk20
Docker Start-up Process
• Command: Docker run –it ubuntu bash
• What happened?– Mount aufs (all diffs)– Prepare cgroup (resource management)– Launch container process (using clone)• Clone(2) specify using new namespace• Exec docerinit (launch docker binary)• Prepare other file systems– Devfs, tmpfs, proc and etc– Symlinks for standard I/O and etc
Container File System View
base=/var/lib/docker/aufs/mnt/Container_ID:
$base/dev
$base/etc/hostname
$base/etc/resolv.conf
$base/etc/hosts
$base/proc/proc/fd/0
Docker Tech Talk21
Docker Start-up Process
• Command: Docker run –it ubuntu bash
• What happened?– Mount aufs (all diffs)– Prepare cgroup (resource management)– Launch container process (using clone)• Clone(2) specify using new namespace• Exec docerinit (launch docker binary)• Prepare other file systems– Devfs, tmpfs, proc and etc– Symlinks for standard I/O
• Change root file system (pivot_root)
21
Container File System View
base=/var/lib/docker/aufs/mnt/Container_ID:
/dev
/etc/hostname
/etc/resolv.conf
/etc/hosts
/proc
22
Sample Agenda
1 Docker Background
2 How to Use Docker
3 Docker Inside
4 Docker Demo
Docker Tech Talk