Docker.io

Transcript

1. Ladislav Prskavec http://blog.prskavec.net @abtris 23.11.2013

2. None
3. None

4. 4 years docker packer Canonical's JuJu serf CloudFlare SoundCloud

5. What is docker?

6. an open source project to pack, ship and run any

   application as a lightweight container

7. Why container?

8. Analogy from logistics

9. None
10. None
11. None

12. build once, 
 run anywhere ~ developer

13. configure once, 
 run anything ~ operations

14. Containers are 
 to Virtual Machines 
 as threads are

    to processes. 
 Or you can think of them as chroots on steroids. ~ Will Sargent

15. What is container in docker? • Kernel namespaces (ipc, uts,

    mount, pid, network and user) • Chroots (using pivot_root) • Apparmor and SELinux profiles • Kernel capabilities • Control groups (cgroups) • AUFS or replacement in 0.7 version and later

16. SERVER HOST OS Docker Engine Container A Container B Container

    C

17. SERVER HOST OS Docker Engine Container A Container B Container

    C SERVER HOST OS Hypervisor Guest OS Guest OS Guest OS APP A APP B APP C

18. Basics

19. Installation

20. Finding and downloading images docker  search  ubuntu docker  pull  shykes/ubuntu

21. Running docker  run  ubuntu  /bin/echo  hello  world   ! docker

     run  -­‐i  -­‐t  ubuntu  /bin/bash

22. Committing your changes docker  ps  -­‐l docker  commit  ID  base/with_curl

23. Pushing an image to the repository docker  push  abtris/curl docker

     push  internal_repository:5000/curl

24. Image

25. None

26. Parent Image

27. Dockerfile Best Practices • Use the cache • Use tags

    • EXPOSE-ing ports • CMD and ENTRYPOINT syntax • CMD and ENTRYPOINT better together

28. Use the cache FROM  ubuntu:latest   MAINTAINER  Ladislav  Prskavec  

    ! RUN  echo  "deb  http://archive.ubuntu.com/ubuntu   precise  main  universe"  >  /etc/apt/sources.list   ! RUN  apt-­‐get  update     RUN  apt-­‐get  -­‐y  upgrade

29. Use tags ! docker  build  -­‐t="abtris/sentry"  .

30. EXPOSE-ing ports ! #  private  and  public  mapping   EXPOSE

     80:8080   ! #  private  only   EXPOSE  80

31. CMD and ENTRYPOINT ! ! CMD  /bin/echo   #  or

      CMD  ["/bin/echo"]

32. CMD and ENTRYPOINT better together RUN  apt-­‐get  install  -­‐y  rethinkdb

      ! #  Rethinkdb  process   EXPOSE  28015   #  Rethinkdb  admin  console   EXPOSE  8080   ! #  Create  the  /rethinkdb_data  dir  structure   RUN  /usr/bin/rethinkdb  create   ! ENTRYPOINT  ["/usr/bin/rethinkdb"]   ! CMD  ["-­‐-­‐help"]

33. Running  'rethinkdb'  will  create  a  new  data  directory  or  use

     an  existing  one,      and  serve  as  a  RethinkDB  cluster  node.   File  path  options:      -­‐d  [  -­‐-­‐directory  ]  path                      specify  directory  to  store  data  and  metadata      -­‐-­‐io-­‐threads  n                                        how  many  simultaneous  I/O  operations  can  happen                                                                          at  the  same  time   ! Machine  name  options:      -­‐n  [  -­‐-­‐machine-­‐name  ]  arg                  the  name  for  this  machine  (as  will  appear  in                                                                          the  metadata).    If  not  specified,  it  will  be                                                                          randomly  chosen  from  a  short  list  of  names.   ! Network  options:      -­‐-­‐bind  {all  |  addr}                              add  the  address  of  a  local  interface  to  listen                                                                          on  when  accepting  connections;  loopback                                                                          addresses  are  enabled  by  default      -­‐-­‐cluster-­‐port  port                              port  for  receiving  connections  from  other  nodes      -­‐-­‐driver-­‐port  port                                port  for  rethinkdb  protocol  client  drivers      -­‐o  [  -­‐-­‐port-­‐offset  ]  offset              all  ports  used  locally  will  have  this  value                                                                          added      -­‐j  [  -­‐-­‐join  ]  host:port                      host  and  port  of  a  rethinkdb  node  to  connect  to      ................. docker run crosbymichael/rethinkdb

34. info:  Running  rethinkdb  1.7.1-­‐0ubuntu1~precise  (GCC  4.6.3)...   info:  Running  on

     Linux  3.2.0-­‐45-­‐virtual  x86_64   info:  Loading  data  from  directory  /rethinkdb_data   warn:  Could  not  turn  off  filesystem  caching  for  database  file:  "/ rethinkdb_data/metadata"  (Is  the  file  located  on  a  filesystem   that  doesn't  support  direct  I/O  (e.g.  some  encrypted  or  journaled   file  systems)?)  This  can  cause  performance  problems.   warn:  Could  not  turn  off  filesystem  caching  for  database  file:  "/ rethinkdb_data/auth_metadata"  (Is  the  file  located  on  a   filesystem  that  doesn't  support  direct  I/O  (e.g.  some  encrypted   or  journaled  file  systems)?)  This  can  cause  performance  problems.   info:  Listening  for  intracluster  connections  on  port  29015   info:  Listening  for  client  driver  connections  on  port  28015   info:  Listening  for  administrative  HTTP  connections  on  port  8080   info:  Listening  on  addresses:  127.0.0.1,  172.16.42.13   info:  Server  ready   info:  Someone  asked  for  the  nonwhitelisted  file  /js/ handlebars.runtime-­‐1.0.0.beta.6.js,  if  this  should  be  accessible   add  it  to  the  whitelist. docker run crosbymichael/rethinkdb —bind all

35. FROM  ubuntu:latest   MAINTAINER  Ladislav  Prskavec  <[email protected]>   RUN  apt-­‐get

     update     RUN  apt-­‐get  -­‐y  upgrade   RUN  DEBIAN_FRONTEND=noninteractive  apt-­‐get  -­‐y  install   curl  apache2  libapache2-­‐mod-­‐php5  vim-­‐tiny     RUN  chown  -­‐R  www-­‐data:www-­‐data  /var/www/   EXPOSE  80   EXPOSE  22   CMD  ["/bin/bash"] git clone https://gist.github.com/abtris/7548643
 docker build . Dockerfile

36. Use raw Dockerfile 1. Cache wins. 2. Chef, ansible, etc,

    does not use cache. 3. Raw Dockerfile uses cache. 4. Raw Dockerfile wins.

37. Links • If you have a docker container with the

    name CONTAINER (specified by docker run -name CONTAINER) and in the Dockerfile, it has an exposed port: 
 EXPOSE 1337 • docker run -d -link CONTAINER:ALIAS -name LINKED user/wordpress • CONTAINER will show up in LINKED with the following environment variables:
 $ALIAS_PORT_1337_TCP_PORT $ALIAS_PORT_1337_TCP_ADDR

38. Container Lifecycle • docker run - creates a container. •

    docker stop stops it. • docker start will start it again. • docker restart restarts a container. • docker rm deletes a container. • docker attach will connect to a running container. • docker wait blocks until container stops.

39. Container Info • docker ps shows running containers. • docker

    ps -a shows running and stopped containers. • docker inspect looks at all the info on a container (including IP address). • docker logs gets logs from container. • docker events gets events from container. • docker port shows public facing port of container. • docker top shows running processes in container.

40. Import / Export • docker cp copies into a container.

    • docker export turns container fs into tarball.

41. Images Lifecycle • docker import creates an image from a

    tarball. • docker build creates image from Dockerfile. • docker commit creates image from a container. • docker rmi removes an image. • docker insert inserts a file from URL into image

42. Images Info • docker images shows all images • docker

    history shows history of image • docker tag tags an image to a name (local or registry)

43. Registry & Repository • docker search searches registry for image

    • docker pull pulls an image from registry to local machine • docker push pushes an image to the registry from local machine.

44. Good practices • Install a internal docker registry • Install

    Shipyard • Create base image • Build from your base image • Push your images • Save off your registry

45. Install a internal docker registry • Install an internal registry

    (the fast way) and run it as a daemon:
 
 docker  run  -­‐name  internal_registry  -­‐d  -­‐p   5000:5000  samalba/docker-­‐registry   • Alias server to localhost
 echo  "127.0.0.1            internal_registry"  >>  /etc/ host   • Check internal_registry exists and is running on port 5000:
 curl  -­‐-­‐get  -­‐-­‐verbose  http://internal_registry:5000/v1/ _ping

46. Create base image • Create a Dockerfile with initialization code

    such as `apt-get update / apt-get install’ etc: this is your base. • Build your base image, then push it to the internal registry with 
 
 docker  build  -­‐t  internal_registry:5000/ base  .

47. Build from your base image • Build all of your

    other Dockerfile pull from “base” instead of ubuntu. • Keep playing around until you have your images working.

48. Push your images • Push all of your images into

    the internal registry.
 
 docker  tag  IMAGE-­‐ID  abtris/apache
 
 docker  push  internal_registry:5000/apache

49. Save off your registry • If you need to blow

    away your Vagrant or set someone else up, it’s much faster to do it with all the images still intact:
 
 docker  export  internal_registry  >   internal_registry.tar
 
 gzip  internal_registry.tar
 
 mv  internal_registry.tar.gz  /vagrant

50. Projects uses docker http://deis.io/ https://flynn.io/ http://coreos.com/ https://github.com/progrium/dokku http://opdemand.com/

51. http://index.docker.io

52. None

53. https://index.docker.io/u/ abtris/devfest-2013/

54. http://shipyard-project.com/

55. docker.io ! https://plus.google.com/u/1/ communities/108146856671494713993 docker cheat sheet https://gist.github.com/wsargent/7049221 demo files

    https://github.com/abtris/devfest-2013 docker sources http://bit.ly/dockersources