V1. This document introduces Vagrant and Docker, tools for efficiently building and running virtual machines and containers. It discusses how Vagrant can be used to create standardized development environments and Docker allows building and sharing applications and their dependencies. V2. The document then covers how to install, access, customize, and provision Vagrant virtual machines as well as how to build, run, network, and manage Docker containers and images. V3. Advanced topics discussed include linking containers, using Docker Compose for orchestration, the Docker Hub registry, security considerations, and other Docker tools like Machine for provisioning remote hosts and Swarm for clustering.

1. VAGRANT/DOCKER INTRO
BUILDING VMS EFFICIENTLY WITH VAGRANT
STEPPING INTO THE CONTAINER WORLD WITH DOCKER
Created by /@zepag @XwaldRob

2. VAGRANT

3. WHAT IS IT?
A tool to build VMs based on boxes (ISOs)
Used to be as close as possible to Prod
Initially build for VirtualBox and extended
Written in Ruby
Free (VirtualBox) | Pay (VMWare Fusion)

4. WHY SHOULD I CARE?
Fast way to create a dedicated Dev environment
Pets vs Cattle: throw away VMs
It's much faster than creating a VM by hand and configuring it

5. HOW DO I INSTALL IT?
Get VirtualBox
Download the Vagrant (Mac/Linux/Win)installer
Get a Box

6. HOW DO I ACCESS IT
SERVICES
NAT
config.vm.network :forwarded_port, guest: 8080, host: 80
Private Network
config.vm.network "private_network", ip: "192.168.60.100"
Public Network
config.vm.network "public_network"
REMOTE CONNECTION
SSH/RDP

7. HOW DO I CUSTOMIZE IT?
config.vm.provider "virtualbox" do |vb|
# Display the VirtualBox GUI when booting the machine
# vb.gui =
# Customize the amount of memory on the VM:
vb.cpus = 4
vb.memory = 4096
config.vm.hostname = "dockerbox"
end

8. WHAT ABOUT CONFIGURATION MANAGEMENT?
ALL MAJOR PROVISIONERS ARE SUPPORTED
shell
Chef
Puppet
Ansible
CFEngine
...

9. CREATE A SINGLE VM
SHELL PROVISIONNING - PRIVATE NETWORK
> vagrant init chef/CentOS-7.0
Survival kit
up
halt
suspend
resume
reload
ssh
destroy

10. CREATE A CLUSTER
(1..$num_instances).each do |i|
config.vm.define vm_name = "%s-%02d" % [$instance_name_prefix, i] do |config|
config.vm.hostname = vm_name
...
end
config.vm.provider :virtualbox do |vb|
vb.gui = vm_gui
vb.memory = vm_memory
vb.cpus = vm_cpus
end
ip = "172.17.8.#{i+100}"
config.vm.network :private_network, ip: ip
[...]
end

11. DEMO: DOCKER VM
ANSIBLE PROVISIONING - PRIVATE NETWORK
---
- hosts: all
sudo: yes
sudo_user: root
tasks:
- name: Download latest docker binary archive
get_url:
url: http://get.docker.io/builds/Linux/x86_64/docker-latest.tgz
dest: /tmp
[...]

12. DOCKER

13. WHAT IS IT?
Docker is an open platform for developers and sysadmins to
build, ship, and run distributed applications. Consisting of
Docker Engine, a portable, lightweight runtime and packaging
tool, and Docker Hub, a cloud service for sharing applications
and automating workflows, Docker enables apps to be
quickly assembled from components and eliminates the
friction between development, QA, and production
environments. As a result, IT can ship faster and run the same
app, unchanged, on laptops, data center VMs, and any cloud.
( )docker.com

14. SOLOMON HYKES, DOCKER’S FOUNDER & CTO, GIVES AN OVERVIEW OF DOCKER IN THIS SHORT VIDEO
(7:16).

15. CONTAINERS?

16. RUNNING CONTAINERS EVERYWHERE!
The underlying technology is mature (cgroups, namespaces,
copy-on-write systems)
Ability to run on any Linux server today: physical, virtual, VM,
cloud, OpenStack...
Ability to switch easily from one host to the other
Self contained environment = no dependency hell

17. WHAT'S IN IT FOR DEVS AND OPS?
if you catch my drift ;-)

18. DEVS WORRY ABOUT
code
libraries
apps
data
all linux servers look the same

19. OPS WORRY ABOUT
logging
file system
monitoring
networking
all containers start, stop, copy, attach, etc ... the same way

20. THAT WAS THE ...
... DON'T BURST MY BUBBLE MOMENT

21. MODERN SOFTWARE FACTORY
THE SAME CONTAINER CAN GO FROM DEV, TO TEST, TO QA, TO PROD

22. DOCKER ARCHITECTURE
The Docker daemon
Receives and processes incoming Docker API requests
The Docker client
Command line tool - the docker binary
Talks to the Docker daemon via the Docker API
Docker Hub Registry
Public image registry
The Docker daemon talks to it via the registry API

23. TRY IT!

25. RUNNING DOCKER
Linux
native
OS X & Windows
via a virtual machine
to get Docker installedAll you need
Ubuntu, Mac OS X, Windows, AWS ec2, Arch Linux, CentOS, Crux Linux, Debian, Fedora, Frugalware,
GCE, Gentoo, IBM Softlayer, Joyent Compute Service, Microsoft Azure, Rackspace Cloud, RHEL,
Oracle Linux, Suse

26. THE "HELLO, WORLD" CONTAINER
We used one of the smallest, simplest images available: busybox
Busybox is typically used in embedded systems like routers, stripped down linux distros, ...
We ran a single process and echo'ed hello world
> docker run busybox echo "Hello World"
Hello, World

27. BARE-BONES UBUNTU ON CENTOS
Runs bash in a stripped ubuntu system on CentOS
> docker run -it ubuntu bash
root@6489e6302513:/# dpkg -l | wc -l
189
root@6489e6302513:/# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 07:27 ? 00:00:00 bash
root 18 1 0 07:28 ? 00:00:00 ps -ef
root@6489e6302513:/#

28. BACKGROUND CONTAINERS
A container that runs forever
A container running in the background
Listing runing containers
Show container logs (tailing)
Stop/Kill containers
Restart/Attach to a container

29. SO WHAT IS AN IMAGE?

30. DIFFERENCE BETWEEN CONTAINERS AND
IMAGES
An image is a read-only FS
A container is an encapsulated set of processes in a read-
write copy of that FS
docker run starts a container from an image

31. OOP ANALOGY
Images are conceptually similar to classes
Layers are conceptually similar to inheritance
Containers are conceptually similar to instances

32. HOW DO WE MODIFY IMAGES THEN?
We don't
We create a new container from that image
We make changes to that container
When done, we transform them into a new layer
A new image is created by staking the new layer on top of the
old one

33. IMAGE NAMESPACES
Root: centos
User (Docker Hub): bob/infinity
Self-Hosted: registry.example.com:5000/a-private-image

34. BUILDING IMAGES INTERACTIVELY
docker commit
docker tag
docker diff

35. BUILDING IMAGES WITH A DOCKERFILE
Dockerfile
FROM centos
ENV REFRESHED_AT 2015-06-11
RUN yum -y install wget
Run
docker build -t "bob/myimage" .

36. INSPECTING CONTAINERS
docker inspect presentation_pres_1 J '.[].Volumes'
If you want to parse JSON from the shell, use JQ
--format
docker inspect --format '{{ json .Created }}' presentation_pres_1

37. NETWORKING BASICS
All based on port mapping private addresses (because of IPV4)
-P --publish-all: will publish all exposed ports
-p host:guest: manual allocation

38. SO LET'S DO SOMETHING INTERESTING
CROSS COMPILING A GO APP
We'll download
We'll compile and run your app
We'll cross compile it for linux, windows and OS X
golang images

39. WORKING WITH VOLUMES
Bypassing the copy-on-write system to obtain native disk I/O
performance
Bypassing copy-on-write to leave some files out of docker
commit
Sharing a directory between multiple containers
Sharing a directory between the host and a container
Sharing a single file between the host and a container

40. VOLUMES
IN A COMMAND
docker run -d -v /var/lib/postgresql postgresql
IN A DOCKERFILE
Volume /var/lib/postgresql
Volumes
same performance an host I/O
content is not included into a resulting image
content can not be changed in a Dockerfile
can be shared across containers
exist independently of containers

41. USE CASES
You want to decide on your FS strategy (LVM, ZFS, BtrFS, ...)
You have a separate disk with better performance (SSD) or
resiliency (EBS) than the system disk, and you want to put
important data on that disk
You want to share a directory on your host with the container
What happens when you remove containers?
one container reference, last container orphan,
/var/lib/docker

42. LINKING CONTAINERS
USING NAMES AND LINKS TO COMMUNICATE ACROSS CONTAINERS
Benefit
container isolation
Drawback
operationally challenging (ambassadors, overlay
network)
Wordpress: 2 containers linked

43. DOCKER COMPOSE
"BIG ASS" COMMANDS CAN BE REDUCED TO NOTHING
wordpress:
image: wordpress
links:
- db:mysql
ports:
- 8080:80
db:
image: mysql
environment:
MYSQL_ROOT_PASSWORD: pass1234

44. DOCKER HUB
https://hub.docker.com/
push/pull/auto build (Github)
public/private($)
finding images/security

45. SECURITY
Do not expose the docker API!
And ... do not expose the docker API!
For good measue: do not expose the docker API!
If you do: TLS!!!
--privileged (full access) or --net host (sniff all traffic in and
out of the host)
There is more to it: containers don't contain, default user is
root, use external tools (SELinux)

46. TIP OF THE ICEBERG
Now that you know more about docker, there is docker machine that lets you create docker hosts on
VirtualBox, AWS ec2, Rackspace, ... There's docker Swarm that allows you to mange docker host
ckusters, Fleet/etcd (CoreOS), Kubernetes (Google), Consul (Hashicorp), Mesos (Apache/Twitter), etc
... for orchestration.
You've seen the tip of the iceberg ;)

47. DOCKER MACHINE
CREATE A DOCKER HOST WITH ONE COMMAND
> dm create -d amazonec2
--amazonec2-access-key akey
--amazonec2-instance-type t2.micro
--amazonec2-region us-east-1
--amazonec2-secret-key asecretkey
--amazonec2-vpc-id avpc
dockerec2
> dm create -d virtualbox dev

48. TODO
DOCKER SWARM
NATIVE CLUSTERING SYSTEM

49. This presentation was done with using in a
VM runnnig
revealjs Docker
Vagrant Centos 7

50. You can download the presentation and the demos on Github