Ladislav Prskavec http://blog.prskavec.net @abtris 23.11.2013 

No content

No content

4 years docker packer Canonical's JuJu serf CloudFlare SoundCloud 

What is docker? 

an open source project to pack, ship and run any application as a lightweight container 

Why container? 

Analogy from logistics 

No content

No content

No content

build once, 
 run anywhere ~ developer 

configure once, 
 run anything ~ operations 

Containers are 
 to Virtual Machines 
 as threads are to processes. 
 Or you can think of them as chroots on steroids. ~ Will Sargent 

What is container in docker? • Kernel namespaces (ipc, uts, mount, pid, network and user) • Chroots (using pivot_root) • Apparmor and SELinux profiles • Kernel capabilities • Control groups (cgroups) • AUFS or replacement in 0.7 version and later 

SERVER HOST OS Docker Engine Container A Container B Container C 

SERVER HOST OS Docker Engine Container A Container B Container C SERVER HOST OS Hypervisor Guest OS Guest OS Guest OS APP A APP B APP C 

Basics 

Installation 

Finding and downloading images docker  search  ubuntu docker  pull  shykes/ubuntu 

Running docker  run  ubuntu  /bin/echo  hello  world   ! docker  run  -­‐i  -­‐t  ubuntu  /bin/bash 

Committing your changes docker  ps  -­‐l docker  commit  ID  base/with_curl 

Pushing an image to the repository docker  push  abtris/curl docker  push  internal_repository:5000/curl 

Image 

No content

Parent Image 

Dockerfile Best Practices • Use the cache • Use tags • EXPOSE-ing ports • CMD and ENTRYPOINT syntax • CMD and ENTRYPOINT better together 

Use the cache FROM  ubuntu:latest   MAINTAINER  Ladislav  Prskavec   ! RUN  echo  "deb  http://archive.ubuntu.com/ubuntu   precise  main  universe"  >  /etc/apt/sources.list   ! RUN  apt-­‐get  update     RUN  apt-­‐get  -­‐y  upgrade 

Use tags ! docker  build  -­‐t="abtris/sentry"  . 

EXPOSE-ing ports ! #  private  and  public  mapping   EXPOSE  80:8080   ! #  private  only   EXPOSE  80 

CMD and ENTRYPOINT ! ! CMD  /bin/echo   #  or   CMD  ["/bin/echo"] 

CMD and ENTRYPOINT better together RUN  apt-­‐get  install  -­‐y  rethinkdb   ! #  Rethinkdb  process   EXPOSE  28015   #  Rethinkdb  admin  console   EXPOSE  8080   ! #  Create  the  /rethinkdb_data  dir  structure   RUN  /usr/bin/rethinkdb  create   ! ENTRYPOINT  ["/usr/bin/rethinkdb"]   ! CMD  ["-­‐-­‐help"] 

Running  'rethinkdb'  will  create  a  new  data  directory  or  use  an  existing  one,      and  serve  as  a  RethinkDB  cluster  node.   File  path  options:      -­‐d  [  -­‐-­‐directory  ]  path                      specify  directory  to  store  data  and  metadata      -­‐-­‐io-­‐threads  n                                        how  many  simultaneous  I/O  operations  can  happen                                                                          at  the  same  time   ! Machine  name  options:      -­‐n  [  -­‐-­‐machine-­‐name  ]  arg                  the  name  for  this  machine  (as  will  appear  in                                                                          the  metadata).    If  not  specified,  it  will  be                                                                          randomly  chosen  from  a  short  list  of  names.   ! Network  options:      -­‐-­‐bind  {all  |  addr}                              add  the  address  of  a  local  interface  to  listen                                                                          on  when  accepting  connections;  loopback                                                                          addresses  are  enabled  by  default      -­‐-­‐cluster-­‐port  port                              port  for  receiving  connections  from  other  nodes      -­‐-­‐driver-­‐port  port                                port  for  rethinkdb  protocol  client  drivers      -­‐o  [  -­‐-­‐port-­‐offset  ]  offset              all  ports  used  locally  will  have  this  value                                                                          added      -­‐j  [  -­‐-­‐join  ]  host:port                      host  and  port  of  a  rethinkdb  node  to  connect  to      ................. docker run crosbymichael/rethinkdb 

info:  Running  rethinkdb  1.7.1-­‐0ubuntu1~precise  (GCC  4.6.3)...   info:  Running  on  Linux  3.2.0-­‐45-­‐virtual  x86_64   info:  Loading  data  from  directory  /rethinkdb_data   warn:  Could  not  turn  off  filesystem  caching  for  database  file:  "/ rethinkdb_data/metadata"  (Is  the  file  located  on  a  filesystem   that  doesn't  support  direct  I/O  (e.g.  some  encrypted  or  journaled   file  systems)?)  This  can  cause  performance  problems.   warn:  Could  not  turn  off  filesystem  caching  for  database  file:  "/ rethinkdb_data/auth_metadata"  (Is  the  file  located  on  a   filesystem  that  doesn't  support  direct  I/O  (e.g.  some  encrypted   or  journaled  file  systems)?)  This  can  cause  performance  problems.   info:  Listening  for  intracluster  connections  on  port  29015   info:  Listening  for  client  driver  connections  on  port  28015   info:  Listening  for  administrative  HTTP  connections  on  port  8080   info:  Listening  on  addresses:  127.0.0.1,  172.16.42.13   info:  Server  ready   info:  Someone  asked  for  the  nonwhitelisted  file  /js/ handlebars.runtime-­‐1.0.0.beta.6.js,  if  this  should  be  accessible   add  it  to  the  whitelist. docker run crosbymichael/rethinkdb —bind all 

FROM  ubuntu:latest   MAINTAINER  Ladislav  Prskavec     RUN  apt-­‐get  update     RUN  apt-­‐get  -­‐y  upgrade   RUN  DEBIAN_FRONTEND=noninteractive  apt-­‐get  -­‐y  install   curl  apache2  libapache2-­‐mod-­‐php5  vim-­‐tiny     RUN  chown  -­‐R  www-­‐data:www-­‐data  /var/www/   EXPOSE  80   EXPOSE  22   CMD  ["/bin/bash"] git clone https://gist.github.com/abtris/7548643
 docker build . Dockerfile 

Use raw Dockerfile 1. Cache wins. 2. Chef, ansible, etc, does not use cache. 3. Raw Dockerfile uses cache. 4. Raw Dockerfile wins. 

Links • If you have a docker container with the name CONTAINER (specified by docker run -name CONTAINER) and in the Dockerfile, it has an exposed port: 
 EXPOSE 1337 • docker run -d -link CONTAINER:ALIAS -name LINKED user/wordpress • CONTAINER will show up in LINKED with the following environment variables:
 $ALIAS_PORT_1337_TCP_PORT $ALIAS_PORT_1337_TCP_ADDR 

Container Lifecycle • docker run - creates a container. • docker stop stops it. • docker start will start it again. • docker restart restarts a container. • docker rm deletes a container. • docker attach will connect to a running container. • docker wait blocks until container stops. 

Container Info • docker ps shows running containers. • docker ps -a shows running and stopped containers. • docker inspect looks at all the info on a container (including IP address). • docker logs gets logs from container. • docker events gets events from container. • docker port shows public facing port of container. • docker top shows running processes in container. 

Import / Export • docker cp copies into a container. • docker export turns container fs into tarball. 

Images Lifecycle • docker import creates an image from a tarball. • docker build creates image from Dockerfile. • docker commit creates image from a container. • docker rmi removes an image. • docker insert inserts a file from URL into image 

Images Info • docker images shows all images • docker history shows history of image • docker tag tags an image to a name (local or registry) 

Registry & Repository • docker search searches registry for image • docker pull pulls an image from registry to local machine • docker push pushes an image to the registry from local machine. 

Good practices • Install a internal docker registry • Install Shipyard • Create base image • Build from your base image • Push your images • Save off your registry 

Install a internal docker registry • Install an internal registry (the fast way) and run it as a daemon:
 
 docker  run  -­‐name  internal_registry  -­‐d  -­‐p   5000:5000  samalba/docker-­‐registry   • Alias server to localhost
 echo  "127.0.0.1            internal_registry"  >>  /etc/ host   • Check internal_registry exists and is running on port 5000:
 curl  -­‐-­‐get  -­‐-­‐verbose  http://internal_registry:5000/v1/ _ping 

Create base image • Create a Dockerfile with initialization code such as `apt-get update / apt-get install’ etc: this is your base. • Build your base image, then push it to the internal registry with 
 
 docker  build  -­‐t  internal_registry:5000/ base  . 

Build from your base image • Build all of your other Dockerfile pull from “base” instead of ubuntu. • Keep playing around until you have your images working. 

Push your images • Push all of your images into the internal registry.
 
 docker  tag  IMAGE-­‐ID  abtris/apache
 
 docker  push  internal_registry:5000/apache 

Save off your registry • If you need to blow away your Vagrant or set someone else up, it’s much faster to do it with all the images still intact:
 
 docker  export  internal_registry  >   internal_registry.tar
 
 gzip  internal_registry.tar
 
 mv  internal_registry.tar.gz  /vagrant 

Projects uses docker http://deis.io/ https://flynn.io/ http://coreos.com/ https://github.com/progrium/dokku http://opdemand.com/ 

http://index.docker.io 

No content

https://index.docker.io/u/ abtris/devfest-2013/ 

http://shipyard-project.com/ 

docker.io ! https://plus.google.com/u/1/ communities/108146856671494713993 docker cheat sheet https://gist.github.com/wsargent/7049221 demo files https://github.com/abtris/devfest-2013 docker sources http://bit.ly/dockersources