Provisioning Docker Containers with SaltStack

Provisioning Docker Containers with SaltStack

How and why to reuse salt-states for provisioning docker containers.

What is provisioning
Provisioning Containers with Dockerfile
How it works
Pros and Cons
Provisioning Containers with Salt
How it works
Pros and Cons


Michael Pershyn

August 11, 2016


  1. Provisioning Containers Dockerfle + Salt by Michael Pershyn 11.08.2016

  2. 2 Agenda • What is provisioning • Provisioning Containers with

    Dockerfle – How it works – Pros and cons • Provisioning Containers with Salt – Motivation – How it works – Pros and cons
  3. 3 Docker “an open source project to pack, ship and

    run any application as a lightweights container”
  4. 4 Docker container

  5. 5 “supply with food, drink, or equipment, especially for a

    journey” What is provisioning (in general)
  6. 6 What is provisioning (in IT) Provisioning is the enterprise-wide

    confiuratioon, deploymenti and manaiementi of multiple types of IT system resources (servers, network, access, software, etc) Provisioning is the fourth step in the Operations, Administration, Maintenance and Provisioning (OAMP) management framework
  7. 7 Provisioning examples • Server provosoononi – set of actions

    to prepare a server with appropriate systems, data and software, and make it ready for network operation • User provosoononi • Netiwork provosoononi • Intierneti access provosoononi
  8. 8 Provisioning in docker • Provision docker – Docker for

    Mac (Hyperkit) or Docker Toolbox (VirtualBox) – docker-machine – sudo apt-get install docker • Provosoon contiaoner – Docker fle – … • Provision clusters – docker-compose – docker swarm – Mesos – ... • Provision your service – Run an app in docker-container
  9. 9 Provisioning Containers with Dockerfle • Dockerfle • For each

    line in Dockerfle there is an intermediate image created
  10. 10 Provisioning Containers with Dockerfle • Intermediate images are cached

    and reused
  11. 11 Committing containers

  12. 12 Docker commits tree

  13. 13 Pros and Cons of Dockerfle • Dockerfle is not

    perfect, but simple and pragmatic solution to get container up and running • There are other ways to solve provisioning problem and reproduce the state of the machines • Out of the box, Docker does not reuse existing states, recipes, cookbooks, playbooks, etc.
  14. 14 Software Confguration Management • Infrastructure as a code and

    robots, that control the state of the hosts
  15. 15 Keeping the server state under control • Track changes,

    locate and revert bad ones • Ensure the correct state is deployed – Bugs fxed once and forever • Avoid dangerous side-efects • Exclude manual intervention and human error
  16. 16 Provisioning container with salt • Why? – Reuse salt

    states – Keep the components state same in metal- provisioned production systems and in containers • How? – Usoni salti-call for one node – Using salt-minion & salt-master for multi-node confgurations
  17. 17 Why not every state works in docker • Docker

    is designed for one process – One app per container – No init process running, no systemd running • They are needed by some states – Runlevel • The container had actually “never” started…
  18. 18 Salty Docker in Jenkins • Same environment is used

    in Jenkins • The only dependency Jenkins needs is Docker. And Internet • Building environment is fast, because image cache is used
  19. 19 Example: tool.thrift and tool.lein • Every project has own

    Dockerfle • But the same thrift compiler and lein are used • There is no thrift-compiler packaged for latest version, therefore it is compiled and installed manually • There is no leiningen package for latest version, therefore it is downloaded and installed
  20. 20 Assume salt git submodule • Lets keep tool.lein in

    `salt-prod` and use it as a submodule • checked out on specifc commit • you can always revert to old state • you can branch from salt-prod and try something out
  21. 21 Example: Salty Dockerfle FROM debian:wheezy # Default to UTF-8

    file.encoding ENV LANG C.UTF-8 RUN apt-get update \ && apt-get install -y unzip curl htop tree dstat wget ca-certificates \ && rm -rf /var/lib/apt/lists/* # Salt install script uses runlevel (which is unknown) to help determine if packages are installed # This is a hack so installation will complete RUN ln -s /etc/rc2.d/ /etc/rc.d # Install salt-minion RUN wget -O /root/ RUN sh /root/ -D -X -U -p procps -p pciutils # Copy the salt states COPY salt /root/salt # Apply salt states RUN salt-call --local -l debug --retcode-passthrough --file-root=/root/salt/salt-prod/state state.sls tool.thrift RUN salt-call --local -l debug --retcode-passthrough --file-root=/root/salt/salt-prod/state state.sls tool.lein
  22. 22 Salty Dockerfle: Pros and Cons • Complexity +/- –

    extra-layer in provisioning – git submodule for salt repository – avoid long Dockerfles in favor of reusing existing salt states • Pulling the updates from salt repository – reusing tools – being on the same page about tools in diferent projects • Opportunity to test some salt states • If salt fles were updated, then cache is going to be invalid and all of the states after this step are going to be applied again, increasing the build time. Still faster, than in Vagrant, but remember, no runlevel, no init, no systemd. • You can easily recreate your build environment in Jenkins, without installing anything on Jenkins node, except Docker.
  23. 23 Questions?

  24. 24 Thank you Thank you