This is the notes of a presentation I gave to our IT dept., people who know a lot about VMs! They include a description of differences betwen a VM and a container, why would someone would want to use Docker, how it works (at 30,000 feet), some hints of what are the hub and orchestration, some Dockerfiles examples: jenkins slave, jenkins master, sinopia server, etc. and finally some new features Docker is going to propose in the future and how I intend to mix Configuration tools, such as Ansible, and Docker.
2. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
➢used technologies
➢usage
➢future
3. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
➢used technologies
➢usage
➢future
4. Who is Docker
“Docker is an open source platform for developers and
sysadmins of distributed apps.”
Docker, Inc. is the company behind Docker
dotCloud → Y Combinator → 20.000$ → SF!
Who uses it?
5. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
➢used technologies
➢usage
➢future
6. What is application-level virtualization
Three types of virtualization technologies
1. emulation
2. virtualization
3. containers
7. Contents
➢a company and a platform
➢application-level virtualization
○ hw emulation
○ os virtualization
○ app containers
➢benefits
➢used technologies
➢usage
➢future
8. Emulation
hardware (cpu, ram, disk, etc.) is emulated
o e.g., QEMU
o allows:
| Application |
| Solaris |
| “emulation (e.g., of sparc)” |
| OS (e.g., Linux) |
| PC (e.g., intel) |
9. Contents
➢a company and a platform
➢application-level virtualization
○ hw emulation
○ os virtualization
○ app containers
➢benefits
➢used technologies
➢usage
➢future
10. Virtualization (VMs)
virtualization with same hardware
o e.g., VmWare, Virtualbox, Xen..
o allows:
| Application |
| Windows |
| “virtualization engine” |
| OS (e.g., Linux) |
| PC (e.g., intel) |
11. Contents
➢a company and a platform
➢application-level virtualization
○ hw emulation
○ os virtualization
○ app containers
➢benefits
➢used technologies
➢usage
➢future
12. Containers
an execution environment is virtualized
o e.g., Solaris Zones, Linux LXC, Docker..
o allows:
| Application |
| Linux-ubuntu’s rootFS2 |
| “Linux docker engine” |
| Linux-centOS, rootFS1 |
| PC (e.g., intel) |
o Note: other app-level isolation:
virtualenv, ruby rvm, go gvm..
13. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
➢used technologies
➢usage
➢future
14. Why use Docker
Some benefits of virtualizing applications are:
1. isolation
2. portability, shipping applications
3. specification of a complex system
15. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
○ isolation
○ portability
○ specification
➢used technologies
➢usage
➢future
16. Isolation
● set of minimal functions with fewer resources than VMs,
o app isolated from other apps
o app isolated from OS
→ protects OS and apps from bugs in one app
o but without much performance loss
● secure sandboxes,
o principle of least privilege
● (future) manage resource usage (limit, prio, measure)
17. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
○ isolation
○ portability
○ specification
➢used technologies
➢usage
➢future
18. Portability, Shipping Applications
❖ One App =
➢ binaries (exec, libs, etc.)
➢ data (assets, SQL DB, etc.)
➢ configs (/etc/config/files)
➢ logs
either in a container
or a composition
21. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
○ isolation
○ portability
○ specification
➢used technologies
➢usage
➢future
22. Specification of a complex system
● Developers use Version Control Systems (Mercurial,
git)
● DevOps use VCS as well for docs and scripts
o ascii docs, chef, puppet, ansible, salt stack, …
o and… Dockerfiles!
● Docker allows to version-control complex specifications:
o Dockerfile: how to build images
o docker-compose.yml: how to orchestrate them
23. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
➢used technologies
➢usage
➢future
24. How does Docker work
Used technologies:
1. lightweight virtualization
2. incremental images
3. Docker Hub: an image registry
25. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
➢used technologies
○ lightweight virtualization
○ incremental images
○ images registry
➢usage
➢future
26. Lightweight Virtualization
● Docker is based on Linux technologies
o namespaces, cgroups, capabilities
o driver = LXC
o or now → driver = Libcontainer
a standard interface to making containers
● Benefits
o low memory footprint
o low disk footprint (see incremetal images after)
o fast startup
27. Lightweight Virtualization (2)
● High level: we have a “lightweight VM”
o own process space
o own network interface
o can run as root
o can have its own /sbin/init
● Low level: “chroot on steroids”
o can also not have its own /sbin/init
o share kernel with host
o no device emulation
28. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
➢used technologies
○ lightweight virtualization
○ incremental images
○ images registry
➢usage
➢future
29. Incremental Images
● UnionFS
o files from separate FS
(branches) can be overlaid
o forming a single coherent FS
o branches may be read-only or read-write
● Docker Layers
o each layer is mounted on top of prior layers
o first layer = base image (scratch, busybox, ubuntu,..)
o a read-only layer = an image
o the top read-write layer = container
30. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
➢used technologies
○ lightweight virtualization
○ incremental images
○ images registry
➢usage
➢future
31. Docker Hub: an image registry
● part of the Docker ecosystem
o makes it easy to publish, search, and run containers
o private
or public
registries
32. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
➢used technologies
➢usage
➢future
33. How to build and run hello/Dockerfile
$ cat Dockerfile
FROM ubuntu ← on top of a “base image”
RUN touch /hello ← each instruction is cached
$ docker build -t hello .
Step 0 : FROM ubuntu:14.04
---> 9bd07e480c5b
Step 1 : RUN touch /hello
---> Running in b8dd4e965482
---> 164c3bf53715
Removing intermediate container b8dd4e965482
Successfully built 164c3bf53715
$ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
hello latest 164c3bf53715 38 seconds ago 192.7 MB
$ docker run -i -t hello /bin/bash ← specify a command to be run
root@1a210c0a1846:/# ls -ls /hello
0 -rw-r--r-- 1 root root 0 May 18 14:31 /hello
34. Dockerfiles (1)
e.g., a jenkins slave: python2slave/Dockerfile
FROM ubuntu:14.04 ← on top of a “base image” with tagged version specified
RUN adduser --quiet jenkins
RUN apt-get update && apt-get install -y python2.7 openssh-server
RUN mkdir -p /var/run/sshd ← create a dir
RUN apt-get install -y --no-install-recommends openjdk-7-jdk
[...]
RUN apt-get install -y python-argparse python-gdata python-pip
RUN pip install --upgrade python-redmine
COPY credentials/ /home/jenkins/credentials ← copy local data into the image
RUN chown -R jenkins:jenkins /home/jenkins/credentials/
EXPOSE 22 ← open only one port
CMD ["/usr/sbin/sshd", "-D"] ← finally run the app
35. Dockerfiles (2)
e.g., a nodejs serveur: docker_sinopia/Dockerfile
FROM dockerfile/nodejs ← on top of a more complex “base image”
MAINTAINER Keyvan Fatehi <keyvanfatehi@gmail.com> ← maintainer contact
RUN adduser --disabled-password --gecos "" sinopia
RUN mkdir -p /opt/sinopia/storage
WORKDIR /opt/sinopia
RUN npm install js-yaml sinopia
RUN chown -R sinopia:sinopia /opt/sinopia
USER sinopia ← sets the user id to use when running the image
ADD /config_gen.js /opt/sinopia/config_gen.js
ADD /start.sh /opt/sinopia/start.sh
EXPOSE 4873 ← open only one port
VOLUME /opt/sinopia ← make this directory accessible to other containers (or host)
CMD ["/opt/sinopia/start.sh"] ← finally run the app
36. from build and run → to pull and run
● reminder: an image can be stored in the Hub
37. How to pull and run docker_sinopia
[ (optional) $ docker pull keyvanfatehi/sinopia:latest ]
$ docker run --name sinopia -d -p 4873:4873 keyvanfatehi/sinopia:latest
$ docker logs -f sinopia
edit config (launch an ubuntu image with app=vi):
$ docker stop sinopia
$ docker run --volumes-from sinopia -it --rm ubuntu vi /opt/sinopia/config.yaml
$ docker start sinopia
$ docker logs -f sinopia
backup (find where a volume is located on the host)
$ crontab -l
59 * * * 1-5 /usr/bin/rsync -av `docker inspect sinopia | egrep
'/opt/sinopia.*/vfs/' | cut -d" -f4`/ /opt/sinopia >> /tmp/rsync.txt 2>&1
(Note: /opt/sinopia=/opt/docker/vfs/dir/6e20429fcad2e82be8b3…72d9a464ab8622b15)
38. How to orchestrate docker_jenkins
E.g., a jenkins master = a data container + a server container:
$ docker run -v /var/jenkins_home --name=data busybox true
$ docker build -t myjenkins .
$ docker run -d -u root -p 8081:8080 -p 50001:50001 --volumes-from=data --
name=master myjenkins
or:
$ vi docker-compose.yml
data:
image: busybox
volumes:
- /var/jenkins_home
master:
build .
ports:
- 50001:50000
volumes_from:
- data
$ docker-compose up
39. Contents
➢a company and a platform
➢application-level virtualization
➢benefits
➢used technologies
➢usage
➢future
40. Where are we going
● Competing standards: e.g., rkt from CoreOS
● Docker: native clustering, security, hub, …
o swarm: heterogeneous nodes, load balancing
o security: capabilities, image signing
o intranet “Docker Hubs”
● Where am I going:
o use orchestration (e.g., docker-compose , Kubernetes)
o use resource control (e.g., nofile limit)
o docker-level monitoring
o mixing Docker and Ansible
41. Docker vs Configuration Tools
Before
use Ansible to
● setup hardware/VM,
● install packages,
● deploy code,
● run services.
After
use Ansible to
● setup hardware/VM,
● install Docker,
● run containers.
use Dockerfiles to
● install packages,
● deploy code,
● run services.