Docker Meetup @elasticbox– 03/05/2014 Introduction to Docker Victor Vieux, Docker Inc. @vieux 

Outline •  Whom is this for ? •  What’s a the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions 

Outline •  Whom is this for ? •  What’s a the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions 

Devs •  all languages •  all databases •  all O/S •  targeting Linux system Docker will eventually be able to target FreeBSD, Solaris, and maybe OS X 

Ops •  any distro •  any cloud •  any machine (physical, virtual…) •  recent kernels – at least 3.8 – Or the one that comes with RHEL 6.5 

Outline •  Whom is this for ? •  What’s a the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions 

The Matrix From Hell 

Another Matrix From Hell 

Solution: the intermodal shipping container 

Solved! 

Solution to the deployment problem: the Linux container 

Solved! 

Linux containers… Units of software delivery. •  run everywhere –  regardless of kernel version –  regardless of host distro •  (but container and host distro must match*) •  run anything –  if it can run on the host, it can run in the container –  i,e., if it can run on a Linux kernel, it can run *Unless you emulate CPU with QEMU and binfmt 

Outline •  Whom is this for ? •  What’s a the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions 

High level approach: lightweight VM •  own process space •  own network interface •  can run stuff as root •  can have it’s own /sbin/init (different from the host) “Machine Container” 

Low level approach: chroot on steroids •  can also not have it’s own /sbin/init •  container = isolated process(es) •  share kernel with the host “Application Container” 

Separation of concerns: dev POV •  inside my container: – my code – my libraries – my packages – my app – my data 

Separation of concerns: ops POV •  outside the container: – logging – remote access – network configuration – monitoring 

How does it works ? Isolation with namespaces •  pid •  mnt •  net •  uts •  ipc •  user 

How does it works ? Isolation with cgroups •  memory •  cpu •  blkio •  devices 

How does it works ? Copy-on-write storage •  unioning filesystems – AUFS, overlayFS •  snapshotting filesystems – BTRFS, ZFS •  copy-on-write block devices – Thin snapshots with LVM or device-mapper 

Storage efficiency: many options! 

Compute efficiency: almost no overhead •  Processes isolation –  but run straight on the host •  CPU performance –  equal to native performance •  Memory performance –  small overhead for (optional) accounting •  Network performance –  small overhead, can be reduced to zero 

Outline •  Whom is this for ? •  What’s a the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions 

Classic: hello world •  Get one base image (ubuntu, centos, busybox, …) $> docker pull ubuntu •  List images on you system $> docker images •  Display hello world $> docker run ubuntu:12.10 echo “hello world” 

Detached mode •  Run docker using the detach flag (-d) $> docker run –d busybox ping google.com •  Get container’s id $> docker ps •  Attach to the container $> docker attach •  Stop/Start/Restart the container $> docker stop/start/restart 

Container vs Images •  Remove a file from an image $> docker run busybox rm /etc/passwd •  The file is still there ?? $> docker run busybox cat /etc/passwd •  Commit the changes $> docker ps –n=2 #get the container’s id $> docker commit broken-busybox •  The file is gone $> docker run broken-busybox cat /etc/passwd 

Public index & Network •  Pull an apache image from the public index $> docker search apache $> docker pull creack/apache2 •  Run the image and check the ports $> docker run –d creack/apache2 $> docker ps •  Expose public ports $> docker run –d –p 8888:80 –p 4444:443 creack/apache2 $> docker ps 

Creating your 1st app: the interactive way •  Using docker in interactive mode $> docker run –i -t ubuntu bash root@82c63ee50c3d:/# root@82c63ee50c3d:/# apt-get update root@82c63ee50c3d:/# apt-get install memcached -y root@82c63ee50c3d:/# exit •  Commit the image $> docker commit `docker ps –q –l` vieux/memcached •  Start the image $> docker run –d –p 11211 –u daemon vieux/memcached memcached 

Creating your 1st app: the boring way •  Using run / commit $> docker ubuntu bash apt-get update $> $ID=(docker commit `docker ps –l –q`) $> docker run $ID apt-get install memcached -y $> docker commit `docker ps –q –l` vieux/memcached •  Define default configuration at commit $> docker commit -–run=‘{“Entrypoint”:[“memcached”]}’ •  Start the image $> docker run –d –p 11211 –u daemon vieux/memcached 

Creating your 1st app: the scripted way •  Write a Dockerfile # Memcache FROM UBUNTU MAINTAINER Victor Vieux RUN apt-get update RUN apt-get install memcached –y ENTRYPOINT [“memcached”] USER daemon EXPOSE 11211 •  Build the image $> docker build –t vieux/memcached •  Start the image $> docker run –d vieux/memcached # Memcache FROM UBUNTU:12.10 MAINTAINER Victor Vieux RUN apt-get update RUN apt-get install memcached –y ENTRYPOINT [“memcached”] USER daemon EXPOSE 11211   

Outline •  Whom is this for ? •  What’s a the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions 

Index •  http://index.docker.io •  Closed source •  Manage user accounts, trusted builds, comments, stars, etc... 

Registry •  https://github.com/dotcloud/docker-registry •  Open source, written in Python •  Manage actual images files. •  Multiple storage backend: – Local – S3 – Google Cloud Storage – etc… 

How to use a private registry $> docker push / •  Docker uses the namespace to know where to push, if the namespace is an url, it will push on this url #push in the namespace to the index $> docker push /   #push the to your a private registry $> docker push / •  Same mechanism for docker pull 

Example: push busybox to your registry # Rename add a new name to the busybox image $> docker tag busybox my.registry.com:5000/busybox       # Push the image to your registry $> docker push my.registry.com:5000/busybox   

Outline •  Whom is this for ? •  What’s a the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions 

Local development •  App running in prod http://app.vieux.fr/ •  Build local  $> docker build –t=app . •  Test local $> docker run –p 49200:8000 app  http://localhost:49200 •  Change some files •  Rebuild & test $> docker build –t=app . $> docker run –p 49200:8000 app 

Push to production •  Tag image in order to push it $> docker tag app registry.vieux.fr/app •  Push image to local registry $> docker push registry.vieux.fr/app •  On production server, download image $> docker pull registry.vieux.fr/app •  Start the new container $> docker run –d registry.vieux.fr/app   

Seamless update •  List running containers •  Update hipache config $> docker inspect –f ’{{.NetworkSettings.IPAddress}} $> redis-cli lset frontend:app.vieux.fr -1 http://: •  See the changes live http://app.vieux.fr/ 

Outline •  Whom is this for ? •  What’s a the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions 

Docker: the community •  10000+ GitHub stars •  300+ Contributors •  ~50% of all commits made by external contributors •  1500+ GitHub forks •  260k+ index pulls •  and counting… 

Docker: the future •  0.9 is about to be released, 1.0 around the corner... •  Supports AUFS, BTRFS and device-mapper as storage drivers, more to come… (ZFS?, OverlayFS?) •  Support our native go implementation and LXC as execution driver, more to come... (systemd-nspawn?) •  Stable plugins (as container?) API •  Introspection •  Image signature 

Thank you! Questions? http://docker.io http://docker.com @docker - @vieux