SlideShare una empresa de Scribd logo

Ansible docker

QNIB Solutions
QNIB Solutions

(Yet another) introduction to docker followed by a discussion of what might be changed within the Configuration Management due to docker.

Tecnología
1 de 31
Descargar para leer sin conexión
Docker Introduction / Ansible
About Me 2 • Have worked • Iteration through L1/2/3 SysOps • Mostly german automotive sector • 01/2013 -> 10/2014 R&D @Bull SAS • Now • independent R&D / Freelancing • DevOps Eng. at Locafox (scale online) • Hot topics • Containerization • Log / Performance Management • GO-Lang • HPC Cluster Software Stack / Interconnect
Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine 3
Traditional vs. Lightweight Layers 4 SERVICE SERVICE SERVICE InitSystem InitSystem InitSystem Userland (OS) Userland (OS) Userland (OS) KERNEL KERNEL HYPERVISOR InitSystem HOST KERNEL SERVER KERNEL Userland (OS) SERVICE SERVICE SERVICE Userland (OS) Userland (OS) Userland (OS) InitSystem Userland (OS) HOST KERNEL SERVER Traditional Virtualisation Docker Containerisation
Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) 5
Process Namespace 6 $ docker run -ti --rm ubuntu:14.04 ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 10:24 ? 00:00:00 ps -ef $ Containers are not able to see processes outside of their scope.
Network Namespace 7 $ docker run -ti --rm ubuntu:14.04 ip -4 -o addr 1: lo inet 127.0.0.1/8 scope host lo 10: eth0 inet 172.17.0.4/16 scope global eth0 $ Each container got it’s own network stack (by default, configureable).
Namespace • Mount (do not mess with other file systems) • User (users are only valid within one container) • IPC (Interprocess communication only within) • UTS (hostname / domain name is unique) 8
Docker in a (Coco-)Nutshell 9 • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system
Dockerfile 10 $ cat Dockerfile # From which image to start from FROM fedora:20 # Who is in charge MAINTAINER "Christian Kniep <christian@qnib.org>" # Execute bash command RUN yum install -y stress # if no command is given, this command will be # executed at runtime (within a bash). CMD ["stress", "-c", "4"]
Build Dockerfile 11 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Running in 43fcf8d8393a ---> f1d0c1455565 Removing intermediate container 43fcf8d8393a Step 2 : CMD stress -c 4 ---> Running in bd6536dfabed ---> 24b99ee707fe Removing intermediate container bd6536dfabed Successfully built 24b99ee707fe $
Cached Builds 12 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Using cache ---> f1d0c1455565 Step 2 : CMD stress -c 4 ---> Using cache ---> 24b99ee707fe Successfully built 24b99ee707fe $ If the build step is already executed, it will be cached.
Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system 13
cgroups 14 4 CPU stress processes are bound to Core 0
cgroups [cont] 15 4 CPU stress processes are bound to Core 0 & 3
Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system • repositories public/private/certified • RedHat, Microsoft, Community backed 16
Docker details • (chroot)2 != Virtual Machine 17
Docker != VM (srsly!) http://en.wikipedia.org/wiki/Systemd Virtual Machine • Kicks off a complete Machine, hence the name! • EveryoneTM disables security • Hard to strip down 18 Docker • Only spawns one process (in theory, at least) • Easy to understand (theory, old friend)
Single Purpose 19
Single Process • Make SELinux useable? • one process • limited interactions • just simpler 20 https://www.youtube.com/watch?v=zWGFqMuEHdw
Docker details • (chroot)2 != Virtual Machine • Images and CoW 21
Images and CoW • An image is an immutable layer • A container is the RW layer, which is executed on-top 22 qnib/slave qnib/terminal qnib/supervisor qnib/fd20 Fedora qnib/of_build qnib/IB_build qnib/slurm_build qnib/build qnib/master qnib/gapi qnib/carbon qnib/elk copy-on-write /slurm FROM points to the parent-image and this relationship sticks. If the parent is changed, the child has to be rebuild.
Docker details • (chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 23
Network Port 24 The internal port 80 is exposed to the docker-host’s port 8080
Docker details • (chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 25
docker exec 26 Inject a new process into an already running container.
Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 27
Config Mgmt • Provisioning • Bootstrap DOCKER_HOST • Dockerfile vs. playbooks? • Orchestration • Multiple other project in the woods (Docker Swarm, Kubernetes, Apache Mesos[?], …) • Validation • Is the configuration within still valid? 28
Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 29
Ansible • docker module • Start/Stop Container • docker inventory • provide dynamic inventory by fetching info about running containers • docker facts • Use information about containers within Ansible 30
Thoughts • Containers mostly do not provide an SSH daemon • Connecting via • Docker is a nice way to check out playbook • Otherwise playbooks shouldn’t be used inside of Dockerfiles [IMHO] • Use Ansible to check configuration within container? • Setup SELinux rules using Ansible • Vagrant vs. Docker 31 docker exec <container> bash

Recomendados

Cloud, SDN, NFV
Cloud, SDN, NFVCloud, SDN, NFV
Cloud, SDN, NFVIgor D.C.
 
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud Hidetsugu Sugiyama
 
NFV Tutorial
NFV TutorialNFV Tutorial
NFV TutorialRashid Mijumbi
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFVBasim Aly (JNCIP-SP, JNCIP-ENT)
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험NHN FORWARD
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingThomas Graf
 
Large scale overlay networks with ovn: problems and solutions
Large scale overlay networks with ovn: problems and solutionsLarge scale overlay networks with ovn: problems and solutions
Large scale overlay networks with ovn: problems and solutionsHan Zhou
 
SDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDxCentral
 

Recomendados

Cloud, SDN, NFV
Cloud, SDN, NFVCloud, SDN, NFV
Cloud, SDN, NFVIgor D.C.
 
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud Hidetsugu Sugiyama
 
NFV Tutorial
NFV TutorialNFV Tutorial
NFV TutorialRashid Mijumbi
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFVBasim Aly (JNCIP-SP, JNCIP-ENT)
 
[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험[2018] 오픈스택 5년 운영의 경험
[2018] 오픈스택 5년 운영의 경험NHN FORWARD
 
SDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingSDN & NFV Introduction - Open Source Data Center Networking
SDN & NFV Introduction - Open Source Data Center NetworkingThomas Graf
 
Large scale overlay networks with ovn: problems and solutions
Large scale overlay networks with ovn: problems and solutionsLarge scale overlay networks with ovn: problems and solutions
Large scale overlay networks with ovn: problems and solutionsHan Zhou
 
SDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDN Basics – What You Need to Know about Software-Defined Networking
SDN Basics – What You Need to Know about Software-Defined NetworkingSDxCentral
 
Modular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack NeutronModular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack Neutronmestery
 
OpenStack and Kubernetes - A match made for Telco Heaven
OpenStack and Kubernetes - A match made for Telco HeavenOpenStack and Kubernetes - A match made for Telco Heaven
OpenStack and Kubernetes - A match made for Telco HeavenTrinath Somanchi
 
ONAP - Open Network Automation Platform
ONAP - Open Network Automation PlatformONAP - Open Network Automation Platform
ONAP - Open Network Automation PlatformAtul Pandey
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
OpenStack Architecture and Use Cases
OpenStack Architecture and Use CasesOpenStack Architecture and Use Cases
OpenStack Architecture and Use CasesJalal Mostafa
 
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개OpenStack Korea Community
 
SDN Architecture & Ecosystem
SDN Architecture & EcosystemSDN Architecture & Ecosystem
SDN Architecture & EcosystemKingston Smiler
 
NFV +SDN (Network Function Virtualization)
NFV +SDN (Network Function Virtualization)NFV +SDN (Network Function Virtualization)
NFV +SDN (Network Function Virtualization)Hamidreza Bolhasani
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationLinuxCon ContainerCon CloudOpen China
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesAnil Bidari ( CEO , Cloud Enabled)
 
NFV VNF Architecture
NFV VNF ArchitectureNFV VNF Architecture
NFV VNF Architecturejungbh
 
OpenShift Overview
OpenShift OverviewOpenShift Overview
OpenShift Overviewroundman
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFVCoreStack
 
Open network operating system (onos)
Open network operating system (onos)Open network operating system (onos)
Open network operating system (onos)Ameer Sameer
 
Openstack Trunk Port
Openstack Trunk PortOpenstack Trunk Port
Openstack Trunk Portbenceromsics
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 
Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Romana Project
 
SDN and NFV: Friends or Enemies
SDN and NFV: Friends or EnemiesSDN and NFV: Friends or Enemies
SDN and NFV: Friends or EnemiesJustyna Bak
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelOpen vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelNetronome
 
DevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and dockerDevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and dockerMark Stillwell
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual AppliancesJeremy Brown
 

Más contenido relacionado

La actualidad más candente

Modular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack NeutronModular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack Neutronmestery
 
OpenStack and Kubernetes - A match made for Telco Heaven
OpenStack and Kubernetes - A match made for Telco HeavenOpenStack and Kubernetes - A match made for Telco Heaven
OpenStack and Kubernetes - A match made for Telco HeavenTrinath Somanchi
 
ONAP - Open Network Automation Platform
ONAP - Open Network Automation PlatformONAP - Open Network Automation Platform
ONAP - Open Network Automation PlatformAtul Pandey
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
OpenStack Architecture and Use Cases
OpenStack Architecture and Use CasesOpenStack Architecture and Use Cases
OpenStack Architecture and Use CasesJalal Mostafa
 
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개OpenStack Korea Community
 
SDN Architecture & Ecosystem
SDN Architecture & EcosystemSDN Architecture & Ecosystem
SDN Architecture & EcosystemKingston Smiler
 
NFV +SDN (Network Function Virtualization)
NFV +SDN (Network Function Virtualization)NFV +SDN (Network Function Virtualization)
NFV +SDN (Network Function Virtualization)Hamidreza Bolhasani
 
NFV VNF Architecture
NFV VNF ArchitectureNFV VNF Architecture
NFV VNF Architecturejungbh
 
OpenShift Overview
OpenShift OverviewOpenShift Overview
OpenShift Overviewroundman
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFVCoreStack
 
Open network operating system (onos)
Open network operating system (onos)Open network operating system (onos)
Open network operating system (onos)Ameer Sameer
 
Openstack Trunk Port
Openstack Trunk PortOpenstack Trunk Port
Openstack Trunk Portbenceromsics
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 
Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Romana Project
 
SDN and NFV: Friends or Enemies
SDN and NFV: Friends or EnemiesSDN and NFV: Friends or Enemies
SDN and NFV: Friends or EnemiesJustyna Bak
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelOpen vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelNetronome
 

La actualidad más candente (20)

Modular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack NeutronModular Layer 2 In OpenStack Neutron
Modular Layer 2 In OpenStack Neutron
 
OpenStack and Kubernetes - A match made for Telco Heaven
OpenStack and Kubernetes - A match made for Telco HeavenOpenStack and Kubernetes - A match made for Telco Heaven
OpenStack and Kubernetes - A match made for Telco Heaven
 
ONAP - Open Network Automation Platform
ONAP - Open Network Automation PlatformONAP - Open Network Automation Platform
ONAP - Open Network Automation Platform
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack Neutron
 
OpenStack Architecture and Use Cases
OpenStack Architecture and Use CasesOpenStack Architecture and Use Cases
OpenStack Architecture and Use Cases
 
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
[OpenStack Days Korea 2016] Track2 - 아리스타 OpenStack 연동 및 CloudVision 솔루션 소개
 
SDN Architecture & Ecosystem
SDN Architecture & EcosystemSDN Architecture & Ecosystem
SDN Architecture & Ecosystem
 
NFV +SDN (Network Function Virtualization)
NFV +SDN (Network Function Virtualization)NFV +SDN (Network Function Virtualization)
NFV +SDN (Network Function Virtualization)
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
 
OpenStack Neutron behind the Scenes
OpenStack Neutron behind the ScenesOpenStack Neutron behind the Scenes
OpenStack Neutron behind the Scenes
 
NFV VNF Architecture
NFV VNF ArchitectureNFV VNF Architecture
NFV VNF Architecture
 
OpenShift Overview
OpenShift OverviewOpenShift Overview
OpenShift Overview
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFV
 
Open network operating system (onos)
Open network operating system (onos)Open network operating system (onos)
Open network operating system (onos)
 
Openstack Trunk Port
Openstack Trunk PortOpenstack Trunk Port
Openstack Trunk Port
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 
Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack
 
SDN and NFV: Friends or Enemies
SDN and NFV: Friends or EnemiesSDN and NFV: Friends or Enemies
SDN and NFV: Friends or Enemies
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelOpen vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream Kernel
 

Destacado

DevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and dockerDevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and dockerMark Stillwell
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual AppliancesJeremy Brown
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpiQNIB Solutions
 
Vagrant and Docker
Vagrant and DockerVagrant and Docker
Vagrant and DockerNascenia IT
 
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIB Solutions
 
Vagrant and docker
Vagrant and dockerVagrant and docker
Vagrant and dockerDuckDuckGo
 
Vagrant + Ansible + Docker
Vagrant + Ansible + DockerVagrant + Ansible + Docker
Vagrant + Ansible + DockerVijay Selvaraj
 
DevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleDevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleArnaud LEMAIRE
 
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...Samuel Lampa
 
An Introduction to Vagrant and Docker
An Introduction to Vagrant and DockerAn Introduction to Vagrant and Docker
An Introduction to Vagrant and DockerScott Lowe
 
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community MeetingFlash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community MeetingMark Guzdial
 
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community MeetingTalk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community MeetingMark Guzdial
 
Sinister sculptor part 2
Sinister sculptor part 2Sinister sculptor part 2
Sinister sculptor part 2Dana Archer
 
A new beginning pt.2
A new beginning pt.2A new beginning pt.2
A new beginning pt.2Dana Archer
 
United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์Nitchanan Riensombat
 
Ervan jonathan
Ervan jonathanErvan jonathan
Ervan jonathanErvan123
 

Destacado (20)

DevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and dockerDevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and docker
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual Appliances
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi
 
Vagrant and Docker
Vagrant and DockerVagrant and Docker
Vagrant and Docker
 
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
 
Vagrant and docker
Vagrant and dockerVagrant and docker
Vagrant and docker
 
Vagrant + Ansible + Docker
Vagrant + Ansible + DockerVagrant + Ansible + Docker
Vagrant + Ansible + Docker
 
DevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleDevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & Ansible
 
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
 
An Introduction to Vagrant and Docker
An Introduction to Vagrant and DockerAn Introduction to Vagrant and Docker
An Introduction to Vagrant and Docker
 
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community MeetingFlash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
 
Mga krusada
Mga krusadaMga krusada
Mga krusada
 
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community MeetingTalk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
 
M47 30
M47 30M47 30
M47 30
 
MIT to the NYSE: Journey from University Tech to M&A
MIT to the NYSE: Journey from University Tech to M&AMIT to the NYSE: Journey from University Tech to M&A
MIT to the NYSE: Journey from University Tech to M&A
 
Sinister sculptor part 2
Sinister sculptor part 2Sinister sculptor part 2
Sinister sculptor part 2
 
A new beginning pt.2
A new beginning pt.2A new beginning pt.2
A new beginning pt.2
 
United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์
 
Ervan jonathan
Ervan jonathanErvan jonathan
Ervan jonathan
 
Tik 6
Tik 6Tik 6
Tik 6
 

Similar a Ansible docker

Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!Adrian Otto
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetesDongwon Kim
 
Docker - From Walking To Running
Docker - From Walking To RunningDocker - From Walking To Running
Docker - From Walking To RunningGiacomo Vacca
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 PresentationSreenivas Makam
 
About docker in GDG Seoul
About docker in GDG SeoulAbout docker in GDG Seoul
About docker in GDG SeoulJude Kim
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...Akihiro Suda
 
[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at NuxeoNuxeo
 
Tech talk on docker with demo
Tech talk on docker with demoTech talk on docker with demo
Tech talk on docker with demoSandeep Karnawat
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSFrank Munz
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniTheFamily
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraDaniel Palstra
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochranedotCloud
 

Similar a Ansible docker (20)

Docker.ppt
Docker.pptDocker.ppt
Docker.ppt
 
presentation on Docker
presentation on Dockerpresentation on Docker
presentation on Docker
 
Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
Docker - From Walking To Running
Docker - From Walking To RunningDocker - From Walking To Running
Docker - From Walking To Running
 
Docker Presentation
Docker PresentationDocker Presentation
Docker Presentation
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
 
About docker in GDG Seoul
About docker in GDG SeoulAbout docker in GDG Seoul
About docker in GDG Seoul
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
 
[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo
 
Tech talk on docker with demo
Tech talk on docker with demoTech talk on docker with demo
Tech talk on docker with demo
 
Docker.ppt
Docker.pptDocker.ppt
Docker.ppt
 
Docker
DockerDocker
Docker
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCS
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Docker meetup-jan-2015
Docker meetup-jan-2015Docker meetup-jan-2015
Docker meetup-jan-2015
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
 
Django and Docker
Django and DockerDjango and Docker
Django and Docker
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
 

Último

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

Ansible docker

  • 2. About Me 2 • Have worked • Iteration through L1/2/3 SysOps • Mostly german automotive sector • 01/2013 -> 10/2014 R&D @Bull SAS • Now • independent R&D / Freelancing • DevOps Eng. at Locafox (scale online) • Hot topics • Containerization • Log / Performance Management • GO-Lang • HPC Cluster Software Stack / Interconnect
  • 3. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine 3
  • 4. Traditional vs. Lightweight Layers 4 SERVICE SERVICE SERVICE InitSystem InitSystem InitSystem Userland (OS) Userland (OS) Userland (OS) KERNEL KERNEL HYPERVISOR InitSystem HOST KERNEL SERVER KERNEL Userland (OS) SERVICE SERVICE SERVICE Userland (OS) Userland (OS) Userland (OS) InitSystem Userland (OS) HOST KERNEL SERVER Traditional Virtualisation Docker Containerisation
  • 5. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) 5
  • 6. Process Namespace 6 $ docker run -ti --rm ubuntu:14.04 ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 10:24 ? 00:00:00 ps -ef $ Containers are not able to see processes outside of their scope.
  • 7. Network Namespace 7 $ docker run -ti --rm ubuntu:14.04 ip -4 -o addr 1: lo inet 127.0.0.1/8 scope host lo 10: eth0 inet 172.17.0.4/16 scope global eth0 $ Each container got it’s own network stack (by default, configureable).
  • 8. Namespace • Mount (do not mess with other file systems) • User (users are only valid within one container) • IPC (Interprocess communication only within) • UTS (hostname / domain name is unique) 8
  • 9. Docker in a (Coco-)Nutshell 9 • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system
  • 10. Dockerfile 10 $ cat Dockerfile # From which image to start from FROM fedora:20 # Who is in charge MAINTAINER "Christian Kniep <christian@qnib.org>" # Execute bash command RUN yum install -y stress # if no command is given, this command will be # executed at runtime (within a bash). CMD ["stress", "-c", "4"]
  • 11. Build Dockerfile 11 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Running in 43fcf8d8393a ---> f1d0c1455565 Removing intermediate container 43fcf8d8393a Step 2 : CMD stress -c 4 ---> Running in bd6536dfabed ---> 24b99ee707fe Removing intermediate container bd6536dfabed Successfully built 24b99ee707fe $
  • 12. Cached Builds 12 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Using cache ---> f1d0c1455565 Step 2 : CMD stress -c 4 ---> Using cache ---> 24b99ee707fe Successfully built 24b99ee707fe $ If the build step is already executed, it will be cached.
  • 13. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system 13
  • 14. cgroups 14 4 CPU stress processes are bound to Core 0
  • 15. cgroups [cont] 15 4 CPU stress processes are bound to Core 0 & 3
  • 16. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system • repositories public/private/certified • RedHat, Microsoft, Community backed 16
  • 17. Docker details • (chroot)2 != Virtual Machine 17
  • 18. Docker != VM (srsly!) http://en.wikipedia.org/wiki/Systemd Virtual Machine • Kicks off a complete Machine, hence the name! • EveryoneTM disables security • Hard to strip down 18 Docker • Only spawns one process (in theory, at least) • Easy to understand (theory, old friend)
  • 20. Single Process • Make SELinux useable? • one process • limited interactions • just simpler 20 https://www.youtube.com/watch?v=zWGFqMuEHdw
  • 21. Docker details • (chroot)2 != Virtual Machine • Images and CoW 21
  • 22. Images and CoW • An image is an immutable layer • A container is the RW layer, which is executed on-top 22 qnib/slave qnib/terminal qnib/supervisor qnib/fd20 Fedora qnib/of_build qnib/IB_build qnib/slurm_build qnib/build qnib/master qnib/gapi qnib/carbon qnib/elk copy-on-write /slurm FROM points to the parent-image and this relationship sticks. If the parent is changed, the child has to be rebuild.
  • 23. Docker details • (chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 23
  • 24. Network Port 24 The internal port 80 is exposed to the docker-host’s port 8080
  • 25. Docker details • (chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 25
  • 26. docker exec 26 Inject a new process into an already running container.
  • 27. Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 27
  • 28. Config Mgmt • Provisioning • Bootstrap DOCKER_HOST • Dockerfile vs. playbooks? • Orchestration • Multiple other project in the woods (Docker Swarm, Kubernetes, Apache Mesos[?], …) • Validation • Is the configuration within still valid? 28
  • 29. Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 29
  • 30. Ansible • docker module • Start/Stop Container • docker inventory • provide dynamic inventory by fetching info about running containers • docker facts • Use information about containers within Ansible 30
  • 31. Thoughts • Containers mostly do not provide an SSH daemon • Connecting via • Docker is a nice way to check out playbook • Otherwise playbooks shouldn’t be used inside of Dockerfiles [IMHO] • Use Ansible to check configuration within container? • Setup SELinux rules using Ansible • Vagrant vs. Docker 31 docker exec <container> bash