Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Docker on ARM - Docker Meetup Bochum 2016-10

Docker on ARM - Docker Meetup Bochum 2016-10

Present the news Docker 1.12 feature at five Raspberry PI cluster's

* Why Docker?
* Present Docker on ARM
* Feature of the newest Docker swarming mode
* Setup some swarming examples
* Setup Traefik as ingress loadbalncer
* DevOps Tricks
* Photos of the nice hacking evening

Find the meetup examples at https://github.com/bee42/docker-on-rpi-lab.

Many Thanks to Docker Meetup Group Bochum
Peter

6ebe854441b4860e1df99176012c8fea?s=128

Peter Rossbach

October 31, 2016
Tweet

Transcript

  1. 1 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 <dieter@hypriot.com> @Quintus23M Docker Captain && Hypriot Pirate && <peter.rossbach@bee42.com> @PRossbach bee42 solutions gmbh be(e) not perfect...
  2. 2 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 IOT-hardware and mobiles everywhere Software services running at the cloud Software must be faster available Produce software with higher quality Make your services globally available Improve your service with customer feedback Reduce your cost Automate all Cooperate with a purpose - Create API's Secure your customer data
  3. 3 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 ask a lot of them...
  4. 4 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  5. 5 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Build, Ship and Run Any App, Anywhere
  6. 6 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 deliver prepackage and ready to run software
  7. 7 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  8. 8 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Docker works locally, at the cloud and your IOT devices with the same binary with the same functionality with the same version with the same filesystem layout with the same dependencies but currently with different Linux kernels! This dream is now reality... => The system is the asset => Code is a liability Chad Fowler
  9. 9 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Use Linux at bare metal or a virtual machine provider
  10. 10 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 but there exists a lot of competitors CoreOS Rocket | pure LXC | Ubuntu joyent | SmartOS | Open Container runc...
  11. 11 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Docker Engine 1.12.2 Docker native orchestration Official Docker on ARM support started Docker for Mac/Windows and Azure/AWS Docker Machine Swarming on ARM
  12. 12 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Management of multiple Docker Hosts Native Windows Docker Client available Fast Image Loading ( Registry 2.2) Manage Resources (CPU, MEMORY, IO-Net, IO-Block) Manage Linux Security features Access Container metrics and logging Volume- und MultiHost Network-Management Native Mac and Windows and better cloud support Native Windows- and ARM-Container support Clustering and Orchestration support
  13. 13 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 $ docker-machine ssh bee42-crew-01-001 # ssh pirate@192.168.<crewid>.<pi machine id> # password hypriot $ docker run -ti --rm queenshive:5000/bee42/rpi-alpine $ cat >Dockerfile <<EOF FROM resin/rpi-raspbian:jessie MAINTAINER Peter Rossbach <peter.rossbach@bee42.com> @PRossbach RUN apt-get update && apt-get install -y \ apache2 \ --no-install-recommends && \ rm -rf /var/lib/apt/lists/* EXPOSE 80 CMD [ "apache2ctl", "-D", "FOREGROUND", "-k", "start" ] EOF $ docker build -t bee42/rpi-apache:0.1 .
  14. 14 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 # test locally and then ship it $ docker run -p 80 -d bee42/rpi-apache:0.1 $ docker logs $(docker ps -lq) $ docker tag bee42/rpi-apache:0.1 queenshive:5000/bee42/rpi-apache:0.1 $ docker push queenshive:5000/bee42/rpi-apache:0.1 # run at every ARMv7 system $ docker run -d -p 80:80 queenshive:5000/bee42/rpi-apache:0.1
  15. 15 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Based on alpine linux distribution Compiled from source Run at FOREGROUND Send Logs to stdout/stderr All mods user www-data valid security check use the lable schema https://hub.docker.com/_/httpd/ http://label-schema.org/rc1/
  16. 16 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Service Container Stateless Stateful Process Container Tool Container Data Container Desktop Process Container https://github.com/jessfraz/dockerfiles
  17. 17 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Which real purpose has my image? Is it a hack or more? Exits a simpler or better software for the same purpose? Why I need a complete base linux distribution? Which Meta-Information the customer needed? Which lisence you must add? Which configuration the service needed? Can my customer monitoring the service? Which things can break my service? Is trust important for my customer? Which security checks you image need?
  18. 18 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  19. 19 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  20. 20 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Desired State Reconciliation Service Types Replicated Services Global Services Configurable Updates Parallelism Delay Restart Policies
  21. 21 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  22. 22 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Resource Awareness Constraints IDs names labels (e.g. node.labels.foo!=bar1) Strategies spread strategy least loaded nodes respect the constraints respect the resource requirements
  23. 23 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 State Store replicated (Raft based) extremely fast (in-memory reads) save snapshots Topology Management managers workers Node Management Pause/unpause drain/activate failure detection
  24. 24 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Mutual TLS CA Manage certs to all nodes Acceptance Policy auto accept manually accept require a secret to join the cluster Certificate Rotation rotated and reloaded transparently on every node default is 3 months, the minimum is 30 minutes
  25. 25 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 ClearFog SolidRun PRO router
  26. 26 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 $ URL=https://raw.githubusercontent.com/hypriot/flash/master $ curl -O $URL/$(uname -s)/flash $ chmod +x flash $ sudo mv flash /usr/local/bin/flash $ URL=https://github.com/hypriot/image-builder-rpi/releases/download/ $ flash \ --hostname bee42-rew-06-003 \ --ssid bee42-crew-06 \ --password beehive42 \ ${URL}/v1.1.0/hypriotos-rpi-v1.1.0.img.zip
  27. 27 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 https://github.com/emilevauge/whoamI $ docker run -d -P --name iamfoo queenshive:5000/bee42/rpi-whoami $ docker inspect --format '{{ .NetworkSettings.Ports }}' iamfoo map[80/tcp:[{0.0.0.0 32769}]] $ curl "http://0.0.0.0:32769" Hostname : 6e0030e67d6a IP : 127.0.0.1 IP : ::1 IP : 172.17.0.27 IP : fe80::42:acff:fe11:1b GET / HTTP/1.1 Host: 0.0.0.0:32769 User-Agent: curl/7.35.0 Accept: */* examples/docker/rpi-whoami
  28. 28 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 examples/docker/rpi-tomcat-8
  29. 29 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 $ docker $(docker-machine config bee42-crew-01-001) swarm init $ MACHINE=bee42-crew-01-002 $ SWARM_TOKEN=`docker $(docker-machine config bee42-crew-01-001) \ swarm join-token worker -q` $ docker $(docker-machine config $MACHINE) swarm join \ --token $SWARM_TOKEN \ $(docker-machine ip bee42-crew-01-001):2377 Second terminal $ docker-machine ssh bee42-crew-01-001 $ docker node ls
  30. 30 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 $ docker service create --name whoami queenshive:5000/bee42/whoami $ docker service update --replicas 2 whoami $ docker service inspect whoami [ { "ID": "ch1cizq1k61qigbswzdd0sryj", "Version": { "Index": 717 }, "CreatedAt": "2016-06-19T11:01:39.630354919Z", "UpdatedAt": "2016-06-19T11:02:20.137102719Z", "Spec": { "Name": "whoami", ... ] $ docker service inspect whoami |jq "{ name: .[].Spec.Name , replicas: .[].Spec.Mode.Replica { "name": "whoami", "replicas": 2 }
  31. 31 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Usage: docker service create [OPTIONS] IMAGE [COMMAND] [ARG...] Create a new service Options: --constraint value Placement constraints (default []) --endpoint-mode string Endpoint mode(Valid values: VIP, DNSRR) -e, --env value Set environment variables (default []) --help Print usage -l, --label value Service labels (default []) --limit-cpu value Limit CPUs (default 0.000) --limit-memory value Limit Memory (default 0 B) --mode string Service mode (replicated or global) (default "replicated") -m, --mount value Attach a mount to the service --name string Service name --network value Network attachments (default []) -p, --publish value Publish a port as a node port (default []) --replicas value Number of tasks (default none) --reserve-cpu value Reserve CPUs (default 0.000) --reserve-memory value Reserve Memory (default 0 B) --restart-condition string Restart when condition is met (none, on_failure, or any) --restart-delay value Delay between restart attempts (default none) --restart-max-attempts value Maximum number of restarts before giving up (default none) --restart-window value Window used to evalulate the restart policy (default none) --stop-grace-period value Time to wait before force killing a container (default none) --update-delay duration Delay between updates --update-parallelism uint Maximum number of tasks updated simultaneously -u, --user string Username or UID -w, --workdir string Working directory inside the container
  32. 32 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 $ eval $(docker-machine env swarm_master) $ docker service create --name cadvisor --mode global \ --mount type=bind,source=/,target=/rootfs/,writable=false \ --mount type=bind,source=/var/run/,target=/var/run/ \ --mount type=bind,source=/sys/,target=/sys/,writable=false \ --mount type=bind,source=/var/lib/docker/,target=/var/lib/docker/,writable= --publish 8080:8080 \ google/cadvisor:latest Add a new node, and service is started... WARNING: CAdvisor don't work at ARM at this moment!
  33. 33 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 UUID swarming # login to swarm manager $ docker build --build-arg UUID_VERSION=0.0.2 -t bee42/rpi-uuid:0.0.1 -f Dockerfile.uuid . $ docker tag bee42/rpi-uuid:0.0.1 queenshive:5000/bee42/rpi-uuid:0.0.1 $ docker push queenshive:5000/bee42/rpi-uuid:0.0.1 $ docker service create --name uuid queenshive:5000/bee42/rpi-uuid:0.0.1 $ docker service update --publish-add 9080:8080 uuid $ docker service update --replicas 2 uuid UUID next version $ docker build --build-arg UUID_VERSION=0.0.2 -t bee42/rpi-uuid:0.0.2 -f Dockerfile.uuid . $ docker tag bee42/rpi-uuid:0.0.2 queenshive:5000/bee42/rpi-uuid:0.0.2 $ docker push queenshive:5000/bee42/rpi-uuid:0.0.2 $ docker service update \ --replicas 4 \ --update-delay 10s \ --image queenshive:5000/bee42/rpi-uuid:0.0.2 uuid
  34. 34 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 $ curl 192.168.5.1:9080/uuid/index.jsp { "Container": "9e1daabe3fb2", "UUID": "37a971b7-1467-47de-90e2-20cd2d9de4df", "Date": "2016/10/25 14:30:25", "Timestamp": "1477405825", "Version": "0.0.2" }
  35. 35 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 $ docker run -it -d -p 5000:5000 \ -e HOST=192.168.5.1 \ -e PORT=5000 \ -v /var/run/docker.sock:/var/run/docker.sock \ queenshive:5000/bee42/swarm-visualizer https://github.com/ManoMarks/docker-swarm-visualizer
  36. 36 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  37. 37 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  38. 38 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Auto update to next software release A/B Testing Canary Deployment Multi-Network Handling Control the liveness with Healthcheck Swarming with prometheus - no scraper at this moment! Create a Visualizer for complex setups Volume Management and Docker Plugin's Check the API DAB Format and docker-compose
  39. 39 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  40. 40 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 $ docker swarm init $ SWARM_TOKEN=$(docker swarm join-token -q worker) $ SWARM_MASTER=$(docker info | grep -w 'Node Address' | awk '{print $3}') $ NUM_WORKERS=3 $ for i in $(seq "${NUM_WORKERS}"); do \ docker run -d --privileged --name worker-${i} \ --hostname=worker-${i} -p ${i}2375:2375 docker:1.12.2-dind \ docker --host=localhost:${i}2375 \ swarm join --token ${SWARM_TOKEN} ${SWARM_MASTER}:2377 \ done $ docker run -it -d -p 8000:8000 \ -e HOST=localhost -e PORT=8000 \ -v /var/run/docker.sock:/var/run/docker.sock \ manomarks/visualizer https://medium.com/@alexeiled/docker-swarm-cluster-with-docker-in- docker-on-macos-bdbb97d6bb07#.yry5s0jiv http://blog.terranillius.com/post/swarm_dind/ https://github.com/ManoMarks/docker-swarm-visualizer
  41. 41 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 setup external Ingress loadbalancer letsencrypt support docker swarming support https://traefik.io/
  42. 42 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 traefik: image: traefik command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG ports: - "80:80" - "8080:8080" volumes: - /var/run/docker.sock:/var/run/docker.sock - /dev/null:/traefik.toml whoami: image: emilevauge/whoami labels: - "traefik.backend=whoami" - "traefik.frontend.rule=Host:whoami.docker.localhost" Example shows: Access to one Docker Engine not a cluster ToDo: Present swarming mode - network and engine access?
  43. 43 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  44. 44 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 use old docker swarm use consul, etcd with registrator New docker swarm 1.12 provider needed! HELP! Accepted for release v1.1.0-rc2 https://github.com/containous/traefik/pull/602
  45. 45 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  46. 46 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  47. 47 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  48. 48 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  49. 49 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  50. 50 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  51. 51 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  52. 52 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  53. 53 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  54. 54 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Use a infrastructure first strategy Reduce you coupling Create brilliant API's Design for failure Setup machines and network automatically Safe your persistence data The system is the real asset Build your system for friends
  55. 55 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 View the slides as a docker container $ docker run -d -p 8000:80 \ rossbachp/docker-on-arm:docker-meetup-bochum-2016-10 $ open http://<docker host>:8000/docker-on-arm Slides available at container and PDF :-) dieter@hypriot.com @Qunitus23M Hypriot Pirates peter.rossbach@bee42.com @PRossbach Infrabricks Blog bee42
  56. 56 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Service benefit Lab: use my IT-brick knowledge to be faster informed Consulting: use my expertise to start smarter Training: let me help you to get a docker-brick expert Products: use my knowledge of the docker ecosystem peter.rossbach@bee42.com
  57. 57 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Dieter Reuter (@DockerCaptain, Hypriot Pirat) Peter Roßbach (Founder bee42, Docker Enabler, Apache Member, Systemarchitect) Niclas Mietz (Docker Nerd) Docker Meetup 25.10 2016 - 18 Uhr Bochum - Jahrhunderthaus http://www.meetup.com/de-DE/Docker- Bochum/events/234324255/ https://github.com/bee42/docker-on-rpi-lab
  58. 58 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  59. 59 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 bee42 crew meets docker community!
  60. 60 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 YEAH with Dieter, Guido, Peter and Niclas
  61. 61 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  62. 62 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Many Thanks to Niclas, Albert, Dmitry and Georg!
  63. 63 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  64. 64 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  65. 65 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  66. 66 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Many Thanks to Andreas: Your ODRIOD setup is brilliant!
  67. 67 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Docker Meetup 25.10 2016 - Bochum Docker on ARM - Hackergarden W-JAX 5-9.11 2016 - Munich Container Camp 15/16.11 - Darmstadt Global Docker Mentoring Week Docker Meetup Groups Düsseldorf & Bochum - 17.11 Düsseldorf Sponsor inVision && bee42 DevOpsCon 5-8.12 2016 - Munich Docker Basics Docker Advanced OpenSpace DockerCamp 12-14.12 2016 - Berlin Find my training offerings at https://blog.docker.com/2016/10/docker-global-mentor-week-2016/ http://www.meetup.com/de-DE/docker-dus/events/234915297/ http://www.bee42.com/training/ http://devops-training.de
  68. 68 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  69. 69 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Update Q1/2017 Docker Sonderheft
  70. 70 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Help to translate the book of Adrian Mouat (09/2016) Tobias Gesellchen and Co:) https://www.dpunkt.de/docker https://www.amazon.de/Docker-professionell-einsetzen- Entwickler-Admins/dp/3836239760
  71. 71 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 Work with the beekeeper!
  72. 72 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016
  73. 73 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 bee42 solutions gmbh starts the implementation of an Infrabricks line! Peter Rossbach DevOps and Container-enthusiast Infra-coder with passion System architect Java Developer Apache Tomcat Committer Member of the Apache Software Foundation Founder of the bee42 solutions gmbh CTO of the Setlog GmbH
  74. 74 / 74 © 2016 <peter.rossbach@bee42.com>, @PRossbach, Docker Meetup Bochum

    2016 https://blog.hypriot.com/ https://github.com/docker/docker https://github.com/docker/machine https://github.com/docker/swarm https://github.com/docker/compose https://github.com/docker/swarmkit https://github.com/docker/infrakit http://de.slideshare.net/Docker/docker-swarm-by-victor- vieux https://medium.com/@Jesse_White/docker-kata-001- 1aae05545e3d#.tj2dm7nvu https://kubernetes.io https://lostechies.com/gabrielschenker/2016/09/05/docker- and-swarm-mode-part-1/