Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ship it with Docker!

Ship it with Docker!

Introduction to Docker

Xabier Larrakoetxea

July 15, 2014
Tweet

More Decks by Xabier Larrakoetxea

Other Decks in Technology

Transcript

  1. Ship it with
    Docker

    View Slide

  2. View Slide

  3. http://www.docker.com/

    View Slide

  4. https://github.com/slok/favorshare-dockerfiles

    View Slide

  5. Properties

    View Slide

  6. Dot cloud
    V1 Python
    V2 Golang
    2013
    *nix

    View Slide

  7. What is it?

    View Slide

  8. LXC on steroids
    Portability
    Encapsulation
    Not VM
    Lightweight

    View Slide

  9. LXC
    Kernel namespaces
    Cgroups
    Chroot

    View Slide

  10. LXC
    Kernel namespaces
    Cgroups
    Chroot
    PID, mount, user,
    network, UTS, IPC
    isolation

    View Slide

  11. LXC
    Kernel namespaces
    Cgroups
    Chroot
    Cpu, memory, disk I/O isolation
    PID, mount, user,
    network, UTS, IPC
    isolation

    View Slide

  12. LXC
    Kernel namespaces
    Cgroups
    Chroot
    Cpu, memory, disk I/O isolation
    PID, mount, user,
    network, UTS, IPC
    isolation
    File system isolation

    View Slide

  13. Traditional VMs
    Server
    Host OS
    Hypervisor
    VM 1 VM 2 VM 3
    Guest OS
    /usr/bin, /usr/lib...
    App
    Guest OS
    /usr/bin, /usr/lib...
    App’
    Guest OS
    /usr/bin, /usr/lib...
    App 2

    View Slide

  14. Docker
    Server
    Host OS
    /bin, /lib...
    App 1
    /bin, /lib...
    Docker
    App 1’ App 2 App 2’ App 2’’ App 3 App 3’

    View Slide

  15. Docker
    Server
    Host OS
    /bin, /lib...
    App 1
    /bin, /lib...
    Docker
    App 1’ App 2 App 2’ App 2’’ App 3 App 3’
    That’s a Docker container

    View Slide

  16. Docker
    Server
    Host OS
    /bin, /lib...
    App 1
    /bin, /lib...
    Docker
    App 1’ App 2 App 2’ App 2’’ App 3 App 3’
    That’s a Docker container
    Shared FS with AUFS

    View Slide

  17. Docker container
    Kernel
    LXC AUFS
    Docker
    Base image (Ubuntu)
    Base image (CentOS)
    Image (Nginx)
    Image (Mysql)
    Container
    Container
    Image (SSH)
    Container

    View Slide

  18. Docker container
    Kernel
    LXC AUFS
    Docker
    Base image (Ubuntu)
    Base image (CentOS)
    Image (Nginx)
    Image (Mysql)
    Container
    Container
    Image (SSH)
    Container
    Parent
    references

    View Slide

  19. AUFS
    Layered FS
    Share common FS
    Mix RO & RW
    Used to share between containers
    http://aufs.sourceforge.net/

    View Slide

  20. Installation

    View Slide

  21. Linux >= 3.8
    AUFS
    LXC

    View Slide

  22. Ubuntu 14.04 LTS
    Docker 0.9.1

    View Slide

  23. Ubuntu 14.04 LTS
    Docker 0.9.1
    Production
    ready
    1.0
    http://docs.docker.com/installation/ubuntulinux/#ubuntu-trusty-1404-lts-64-bit

    View Slide

  24. $ docker version
    Client version: 1.0.1
    Client API version: 1.12
    Go version (client): go1.2.1
    Git commit (client): 990021a
    Server version: 1.0.1
    Server API version: 1.12
    Go version (server): go1.2.1
    Git commit (server): 990021a
    $ docker info
    Containers: 0
    Images: 0
    Storage Driver: aufs
    Root Dir: /var/lib/docker/aufs
    Dirs: 0
    Execution Driver: native-0.2
    Kernel Version: 3.13.0-30-generic
    WARNING: No swap limit support

    View Slide

  25. Terminology

    View Slide

  26. Docker image
    They don’t change
    Read only layer
    Used to build a container
    A container in the future could be an image

    View Slide

  27. Docker container
    Running process
    Self contained runtime env
    Built with one or more images
    commit changes to create image
    At least needs a process in foreground

    View Slide

  28. Index/registry
    Private or public servers
    upload their repos (Docker images)
    Share
    Analogy: Like a Github for docker images

    View Slide

  29. Repository
    Group of images (in a registry)
    User type
    Analogy: Like a Github repo with image(s)
    Top level type

    View Slide

  30. Repository
    Group of images (in a registry)
    User type
    Analogy: Like a Github repo with image(s)
    Top level type
    slok/playpython
    phusion/baseimage
    ubuntu
    redis
    postgres

    View Slide

  31. Basic stuff

    View Slide

  32. Get base image(s)
    https://registry.hub.docker.com/_/ubuntu/
    $ docker pull ubuntu
    Pulling repository ubuntu
    463ff6be4238: Download complete
    3db9c44f4520: Download complete
    ea7d6801c538: Download complete
    58faa899733f: Download complete
    195eb90b5349: Download complete
    c5881f11ded9: Download complete
    ef83896b7fb9: Download complete
    e54ca5efa2e9: Download complete
    511136ea3c5a: Download complete
    65b7e9ccb809: Download complete
    f8dd6bd14f58: Download complete
    a343823119db: Download complete
    8a1d8569bf87: Download complete
    3af9d794ad07: Download complete
    f127542f0b61: Download complete
    d7ac5e4f1812: Download complete
    6cfa4d1f33fb: Download complete
    bac448df371d: Download complete
    e7d62a8128cf: Download complete
    b7c6da90134e: Download complete
    ...

    View Slide

  33. Get base image(s)
    https://registry.hub.docker.com/_/ubuntu/
    $ docker pull ubuntu
    Pulling repository ubuntu
    463ff6be4238: Download complete
    3db9c44f4520: Download complete
    ea7d6801c538: Download complete
    58faa899733f: Download complete
    195eb90b5349: Download complete
    c5881f11ded9: Download complete
    ef83896b7fb9: Download complete
    e54ca5efa2e9: Download complete
    511136ea3c5a: Download complete
    65b7e9ccb809: Download complete
    f8dd6bd14f58: Download complete
    a343823119db: Download complete
    8a1d8569bf87: Download complete
    3af9d794ad07: Download complete
    f127542f0b61: Download complete
    d7ac5e4f1812: Download complete
    6cfa4d1f33fb: Download complete
    bac448df371d: Download complete
    e7d62a8128cf: Download complete
    b7c6da90134e: Download complete
    ...
    Downloaded all the images (layers)

    View Slide

  34. List images
    $ docker images
    REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
    ubuntu 14.10 58faa899733f 10 hours ago 196 MB
    ubuntu utopic 58faa899733f 10 hours ago 196 MB
    ubuntu precise ea7d6801c538 6 days ago 127.5 MB
    ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB
    ubuntu latest ef83896b7fb9 6 days ago 192.7 MB
    ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB
    ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB
    ubuntu quantal c5881f11ded9 12 days ago 172.2 MB
    ubuntu raring 463ff6be4238 12 days ago 169.4 MB
    ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB
    ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB
    ubuntu saucy 195eb90b5349 12 days ago 184.7 MB
    ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB
    ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB
    ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB
    # du -sh /var/lib/docker/aufs/
    1.6G /var/lib/docker/aufs/

    View Slide

  35. List images
    $ docker images
    REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
    ubuntu 14.10 58faa899733f 10 hours ago 196 MB
    ubuntu utopic 58faa899733f 10 hours ago 196 MB
    ubuntu precise ea7d6801c538 6 days ago 127.5 MB
    ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB
    ubuntu latest ef83896b7fb9 6 days ago 192.7 MB
    ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB
    ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB
    ubuntu quantal c5881f11ded9 12 days ago 172.2 MB
    ubuntu raring 463ff6be4238 12 days ago 169.4 MB
    ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB
    ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB
    ubuntu saucy 195eb90b5349 12 days ago 184.7 MB
    ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB
    ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB
    ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB
    # du -sh /var/lib/docker/aufs/
    1.6G /var/lib/docker/aufs/
    That’s 2727.5 MB

    View Slide

  36. List images
    $ docker images
    REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
    ubuntu 14.10 58faa899733f 10 hours ago 196 MB
    ubuntu utopic 58faa899733f 10 hours ago 196 MB
    ubuntu precise ea7d6801c538 6 days ago 127.5 MB
    ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB
    ubuntu latest ef83896b7fb9 6 days ago 192.7 MB
    ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB
    ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB
    ubuntu quantal c5881f11ded9 12 days ago 172.2 MB
    ubuntu raring 463ff6be4238 12 days ago 169.4 MB
    ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB
    ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB
    ubuntu saucy 195eb90b5349 12 days ago 184.7 MB
    ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB
    ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB
    ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB
    # du -sh /var/lib/docker/aufs/
    1.6G /var/lib/docker/aufs/
    That’s 2727.5 MB
    Images have alias

    View Slide

  37. Run container
    $ docker run ubuntu:trusty /bin/echo "Hello world!"
    Hello world!
    $ docker images
    REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
    ubuntu 14.10 58faa899733f 10 hours ago 196 MB
    ubuntu utopic 58faa899733f 10 hours ago 196 MB
    ubuntu precise ea7d6801c538 6 days ago 127.5 MB
    ubuntu 12.04 ea7d6801c538 6 days ago 127.5 MB
    ubuntu latest ef83896b7fb9 6 days ago 192.7 MB
    ubuntu trusty ef83896b7fb9 6 days ago 192.7 MB
    ubuntu 12.10 c5881f11ded9 12 days ago 172.2 MB
    ubuntu quantal c5881f11ded9 12 days ago 172.2 MB
    ubuntu raring 463ff6be4238 12 days ago 169.4 MB
    ubuntu 13.04 463ff6be4238 12 days ago 169.4 MB
    ubuntu 13.10 195eb90b5349 12 days ago 184.7 MB
    ubuntu saucy 195eb90b5349 12 days ago 184.7 MB
    ubuntu 14.04 e54ca5efa2e9 12 days ago 276.5 MB
    ubuntu 10.04 3db9c44f4520 10 weeks ago 183 MB
    ubuntu lucid 3db9c44f4520 10 weeks ago 183 MB
    “echo hello world” didn’t change container’s state so no new image

    View Slide

  38. Run container
    $ docker run ubuntu:trusty /bin/echo "Hello world!"
    Hello world!
    Docker caches every command that you run in a container
    The container needs a foreground process to keep running
    $ docker ps -a
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    3b2ba0029d69 ubuntu:latest /bin/echo 'Hello wor 3 seconds ago Exited (0) sharp_wozniak

    View Slide

  39. Run container
    $ docker run ubuntu:trusty /bin/echo "Hello world!"
    Hello world!
    $ docker ps -a
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    3b2ba0029d69 ubuntu:latest /bin/echo 'Hello wor 3 seconds ago Exited (0) sharp_wozniak
    The container finished so we use -a option
    The container needs a foreground process to keep running
    Docker caches every command that you run in a container

    View Slide

  40. Run container
    $ docker run ubuntu:trusty /bin/sh -c "while true; do echo hello world; sleep 1; done"
    hello world
    hello world
    ...
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    d82fe57ca931 ubuntu:latest /bin/sh -c 'while tr About a minute ago Up About a minute kickass_hoover
    We have a foreground process so the container keeps running
    Foreground container & Foreground process inside container

    View Slide

  41. Run container
    $ docker run ubuntu:trusty /bin/sh -c "while true; do echo hello world; sleep 1; done"
    hello world
    hello world
    ...
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    d82fe57ca931 ubuntu:latest /bin/sh -c 'while tr About a minute ago Up About a minute kickass_hoover
    Manage the container with this ID
    This keeps running until we stop
    We have a foreground process so the container keeps running
    Foreground container & Foreground process inside container

    View Slide

  42. Run container in background
    $ docker run -d ubuntu:trusty /bin/sh -c "while true; do echo hello world; sleep 1; done"
    cffc463c6b4a8f830355c0c29434f3322c97b075e98a5081487b433c1462b8b2
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    cffc463c6b4a ubuntu:latest /bin/sh -c 'while tr About a minute ago Up About a minute nostalgic_mcclintock
    Background container & Foreground process inside container
    We have a foreground process so the container keeps running

    View Slide

  43. Container logs
    $ docker logs d82fe57ca931
    hello world
    hello world
    ...
    The logs are the foreground process STDOUT

    View Slide

  44. Attach to a container
    $ docker attach d82fe57ca931
    hello world
    hello world
    ...
    Used to set the container as it was in Foreground
    Real time

    View Slide

  45. Stop a container
    $ docker stop d82fe57ca931
    d82fe57ca931

    View Slide

  46. Images

    View Slide

  47. Create own Redis container
    Ubuntu 14.04 LTS base image
    We could use a ready one: https://registry.hub.docker.com/_/redis/
    Example

    View Slide

  48. Interactive shell in container
    $ docker run -i -t ubuntu:trusty /bin/bash
    [email protected]:/#
    /bin/bash is a trick to have an fg process and a shell inside the container
    We have an interactive shell

    View Slide

  49. Interactive shell in container
    $ docker run -i -t ubuntu:trusty /bin/bash
    [email protected]:/#
    /bin/bash is a trick to have an fg process and a shell inside the container
    We have an interactive shell
    -i Sets STDIN when not attached too
    -t Opens a PTY (Pseudo TTY)

    View Slide

  50. Install Redis inside the container
    $ docker run -i -t ubuntu:trusty /bin/bash
    [email protected]:/# apt-get update
    ...
    [email protected]:/# apt-get install redis-server
    ...
    [email protected]:/# service redis-server start
    ...
    [email protected]:/# ps aux
    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
    root 1 0.0 0.0 18156 2004 ? Ss 18:09 0:00 /bin/bash
    redis 154 0.0 0.3 36996 7244 ? Ssl 18:16 0:00 /usr/bin/redis-server 127.0.0.1:6379
    root 157 0.0 0.0 15568 1140 ? R+ 18:16 0:00 ps aux
    All is happening inside the container

    View Slide

  51. Install Redis inside the container
    $ docker run -i -t ubuntu:trusty /bin/bash
    [email protected]:/# apt-get update
    ...
    [email protected]:/# apt-get install redis-server
    ...
    [email protected]:/# service redis-server start
    ...
    [email protected]:/# ps aux
    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
    root 1 0.0 0.0 18156 2004 ? Ss 18:09 0:00 /bin/bash
    redis 154 0.0 0.3 36996 7244 ? Ssl 18:16 0:00 /usr/bin/redis-server 127.0.0.1:6379
    root 157 0.0 0.0 15568 1140 ? R+ 18:16 0:00 ps aux
    All is happening inside the container
    Ready for use!

    View Slide

  52. Create Image from a container
    $ docker ps -a
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    c220646d55c3 ubuntu:latest /bin/bash 16 minutes ago Exited (0) 24 seconds ago berserk_bartik
    Exited or running containers can be commited
    773bc3dcf004120e38a0a8f1fb0036d886700bcb928cc8ce82e3d320aa38b660
    $ docker commit c220646d55c3 slok/redis

    View Slide

  53. Create Image from a container
    $ docker ps -a
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    c220646d55c3 ubuntu:latest /bin/bash 16 minutes ago Exited (0) 24 seconds ago berserk_bartik
    Exited or running containers can be commited
    773bc3dcf004120e38a0a8f1fb0036d886700bcb928cc8ce82e3d320aa38b660
    Container ID
    $ docker commit c220646d55c3 slok/redis
    Repository name = Image name = {USER}/{NAME}

    View Slide

  54. Run the image
    $ docker images
    REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
    slok/redis latest 773bc3dcf004 8 minutes ago 263.5 MB
    ubuntu utopic 58faa899733f 21 hours ago 196 MB
    ubuntu 14.10 58faa899733f 21 hours ago 196 MB
    ...
    $ docker run -i -t slok/redis /bin/bash
    [email protected]# ps aux
    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
    root 1 2.0 0.0 18156 1852 ? Ss 18:44 0:00 /bin/bash
    root 12 0.0 0.0 15568 1132 ? R+ 18:44 0:00 ps aux

    View Slide

  55. Run the image
    $ docker images
    REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
    slok/redis latest 773bc3dcf004 8 minutes ago 263.5 MB
    ubuntu utopic 58faa899733f 21 hours ago 196 MB
    ubuntu 14.10 58faa899733f 21 hours ago 196 MB
    ...
    $ docker run -i -t slok/redis /bin/bash
    [email protected]# ps aux
    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
    root 1 2.0 0.0 18156 1852 ? Ss 18:44 0:00 /bin/bash
    root 12 0.0 0.0 15568 1132 ? R+ 18:44 0:00 ps aux
    BAD! We need redis process running!
    $ docker run -d slok/redis /usr/bin/redis-server
    fbf7a9cedd3e956ed16fb652a4bdd0b50208755e4f8b36397f7ffbdfebd38c1b

    View Slide

  56. Run the image
    $ docker images
    REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
    slok/redis latest 773bc3dcf004 8 minutes ago 263.5 MB
    ubuntu utopic 58faa899733f 21 hours ago 196 MB
    ubuntu 14.10 58faa899733f 21 hours ago 196 MB
    ...
    $ docker run -i -t slok/redis /bin/bash
    [email protected]# ps aux
    USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
    root 1 2.0 0.0 18156 1852 ? Ss 18:44 0:00 /bin/bash
    root 12 0.0 0.0 15568 1132 ? R+ 18:44 0:00 ps aux
    BAD! We need redis process running!
    $ docker run -d slok/redis /usr/bin/redis-server
    fbf7a9cedd3e956ed16fb652a4bdd0b50208755e4f8b36397f7ffbdfebd38c1b
    Remember running the container in background

    View Slide

  57. Check running container
    $ docker logs fbf7a9cedd3
    [1] 01 Jul 18:51:34.756 # Warning: no config file specified, using the default config. In order to specify a
    config file use /usr/bin/redis-server /path/to/redis.conf
    _._
    _.-``__ ''-._
    _.-`` `. `_. ''-._ Redis 2.8.4 (00000000/0) 64 bit
    .-`` .-```. ```\/ _.,_ ''-._
    ( ' , .-` | `, ) Running in stand alone mode
    |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379
    | `-._ `._ / _.-' | PID: 1
    `-._ `-._ `-./ _.-' _.-'
    |`-._`-._ `-.__.-' _.-'_.-'|
    | `-._`-._ _.-'_.-' | http://redis.io
    `-._ `-._`-.__.-'_.-' _.-'
    |`-._`-._ `-.__.-' _.-'_.-'|
    | `-._`-._ _.-'_.-' |
    `-._ `-._`-.__.-'_.-' _.-'
    `-._ `-.__.-' _.-'
    `-._ _.-'
    `-.__.-'
    [1] 01 Jul 18:51:34.760 # Server started, Redis version 2.8.4
    [1] 01 Jul 18:51:34.761 # WARNING overcommit_memory is set to 0! Background save may fail under low memory
    condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the
    command 'sysctl vm.overcommit_memory=1' for this to take effect.
    [1] 01 Jul 18:51:34.761 * The server is now ready to accept connections on port 6379

    View Slide

  58. Check running container
    $ docker inspect fbf7a9cedd3 |grep -i ipaddress
    "IPAddress": "172.17.0.8",
    $ redis-cli -h 172.17.0.8 -p 6379

    View Slide

  59. Check running container
    $ docker inspect fbf7a9cedd3 |grep -i ipaddress
    "IPAddress": "172.17.0.8",
    $ redis-cli -h 172.17.0.8 -p 6379
    BAD! We need to expose container ports!
    $ docker stop fbf7a9cedd3
    fbf7a9cedd3
    $ docker run -d -p 16379:6379 slok/redis /usr/bin/redis-server
    af5989ca5600aa51ac0441ddda0e595c2fdecaa59495a02c72767956bba47794
    Expose container port and map public address on
    port 16379 to private address 6379

    View Slide

  60. Check running container
    $ docker inspect af5989ca |grep -i ipaddress
    "IPAddress": "172.17.0.9",
    $ redis-cli -h 172.17.0.9 -p 6379
    172.17.0.9:6379>
    $ redis-cli -h 127.0.0.1 -p 16379
    127.0.0.1:16379>
    By default no ports are exposed, we need to use -p or -P
    -P exposes all, -p one or more with XXXX or YYYY:XXXX format

    View Slide

  61. Check running container
    $ docker inspect af5989ca |grep -i ipaddress
    "IPAddress": "172.17.0.9",
    $ redis-cli -h 172.17.0.9 -p 6379
    172.17.0.9:6379>
    $ redis-cli -h 127.0.0.1 -p 16379
    127.0.0.1:16379>
    Public access to mapped port
    Private access to container port
    By default no ports are exposed, we need to use -p or -P
    -P exposes all, -p one or more with XXXX or YYYY:XXXX format

    View Slide

  62. Ports

    View Slide

  63. Defaults
    $ docker run -d slok/redis /usr/bin/redis-server
    a14c64cd00d69e408da996375141ee9f8e9d85a67aa8015f6fdc3f5929aad365
    # netstat -ltnp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
    tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
    tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
    tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
    tcp6 0 0 :::22 :::* LISTEN 1594/sshd
    By default no ports are exposed
    Exposed ports by default are to all hosts (0.0.0.0)
    Exposed ports by default are TCP

    View Slide

  64. Bind container port
    $ docker run -d -p 12345:6379 slok/redis /usr/bin/redis-server
    28116f65156fb2cbb86436dd455d753b1549153eb8ea997db32d3573b18a1112
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    28116f65156f slok/redis:latest /usr/bin/redis-serve 30 seconds ago 0.0.0.0:12345->6379/tcp
    Used to map to a custom host port
    # netstat -ltnp
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
    tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
    tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
    tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
    tcp6 0 0 :::22 :::* LISTEN 1594/sshd
    tcp6 0 0 :::12345 :::* LISTEN 914/docker

    View Slide

  65. Bind container port
    $ docker run -d -p 12345:6379 slok/redis /usr/bin/redis-server
    28116f65156fb2cbb86436dd455d753b1549153eb8ea997db32d3573b18a1112
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    28116f65156f slok/redis:latest /usr/bin/redis-serve 30 seconds ago 0.0.0.0:12345->6379/tcp
    Used to map to a custom host port
    # netstat -ltnp
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
    tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
    tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
    tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
    tcp6 0 0 :::22 :::* LISTEN 1594/sshd
    tcp6 0 0 :::12345 :::* LISTEN 914/docker

    View Slide

  66. Bind random port
    $ docker run -d -p 6379 slok/redis /usr/bin/redis-server
    62debe2cd335c1515140c3708d21ba911f100f90eef19c265cbefdbecefe71f5
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    62debe2cd335 slok/redis:latest /usr/bin/redis-serve 9 seconds ago 0.0.0.0:49153->6379/tcp
    # netstat -ltnp
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
    tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
    tcp6 0 0 :::49153 :::* LISTEN 914/docker
    tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
    tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
    tcp6 0 0 :::22 :::* LISTEN 1594/sshd
    Ports are published in random high number ports

    View Slide

  67. Bind random port
    $ docker run -d -p 6379 slok/redis /usr/bin/redis-server
    62debe2cd335c1515140c3708d21ba911f100f90eef19c265cbefdbecefe71f5
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    62debe2cd335 slok/redis:latest /usr/bin/redis-serve 9 seconds ago 0.0.0.0:49153->6379/tcp
    # netstat -ltnp
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
    tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
    tcp6 0 0 :::49153 :::* LISTEN 914/docker
    tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
    tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
    tcp6 0 0 :::22 :::* LISTEN 1594/sshd
    Ports are published in random high number ports

    View Slide

  68. Bind to specified host
    $ docker run -d -p 127.0.0.1::6379 slok/redis /usr/bin/redis-server
    252fe309d2e937a1e1ab7fa874ef82f08cc4bd69700894aa243b6f130909f25f
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    7b44b7f5b46f slok/redis:latest /usr/bin/redis-serve 26 seconds ago 127.0.0.1:12345->6379/tcp
    252fe309d2e9 slok/redis:latest /usr/bin/redis-serve 45 seconds ago 127.0.0.1:49153->6379/tcp
    $ docker run -d -p 127.0.0.1:12345:6379 slok/redis /usr/bin/redis-server
    7b44b7f5b46f6b15e8e50cc627f28aab4ab4f5b877b934c57308a37020341af9
    # netstat -ltnp | grep docker
    tcp 0 0 127.0.0.1:49153 0.0.0.0:* LISTEN 914/docker
    tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN 914/docker

    View Slide

  69. Bind to specified host
    $ docker run -d -p 127.0.0.1::6379 slok/redis /usr/bin/redis-server
    252fe309d2e937a1e1ab7fa874ef82f08cc4bd69700894aa243b6f130909f25f
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    7b44b7f5b46f slok/redis:latest /usr/bin/redis-serve 26 seconds ago 127.0.0.1:12345->6379/tcp
    252fe309d2e9 slok/redis:latest /usr/bin/redis-serve 45 seconds ago 127.0.0.1:49153->6379/tcp
    $ docker run -d -p 127.0.0.1:12345:6379 slok/redis /usr/bin/redis-server
    7b44b7f5b46f6b15e8e50cc627f28aab4ab4f5b877b934c57308a37020341af9
    # netstat -ltnp | grep docker
    tcp 0 0 127.0.0.1:49153 0.0.0.0:* LISTEN 914/docker
    tcp 0 0 127.0.0.1:12345 0.0.0.0:* LISTEN 914/docker

    View Slide

  70. Bind UDP port
    $ docker run -d -p 44444:12345/udp ubuntu:14.04 /bin/nc -ul 12345
    710a2e5f0b6aaa9f85a2e9d37dc29441b7e5e8dbf1eed970ad1d26a81af2fdd4
    # sudo netstat -ltunp |grep docker
    tcp6 0 0 :::55555 :::* LISTEN 914/docker
    udp6 0 0 :::44444 :::* 914/docker
    $ docker run -d -p 55555:12345 ubuntu:14.04 /bin/nc -l 12345
    92f1d7f6d8001e112276e74c4479ab9f821c80a4de8047722f4a9a335cd859d1
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    92f1d7f6d800 ubuntu:14.04 /bin/nc -l 12345 About a minute ago 0.0.0.0:55555->12345/tcp
    710a2e5f0b6a ubuntu:14.04 /bin/nc -ul 12345 2 minutes ago 0.0.0.0:44444->12345/udp

    View Slide

  71. Bind UDP port
    $ docker run -d -p 44444:12345/udp ubuntu:14.04 /bin/nc -ul 12345
    710a2e5f0b6aaa9f85a2e9d37dc29441b7e5e8dbf1eed970ad1d26a81af2fdd4
    # sudo netstat -ltunp |grep docker
    tcp6 0 0 :::55555 :::* LISTEN 914/docker
    udp6 0 0 :::44444 :::* 914/docker
    $ docker run -d -p 55555:12345 ubuntu:14.04 /bin/nc -l 12345
    92f1d7f6d8001e112276e74c4479ab9f821c80a4de8047722f4a9a335cd859d1
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    92f1d7f6d800 ubuntu:14.04 /bin/nc -l 12345 About a minute ago 0.0.0.0:55555->12345/tcp
    710a2e5f0b6a ubuntu:14.04 /bin/nc -ul 12345 2 minutes ago 0.0.0.0:44444->12345/udp

    View Slide

  72. Publish all ports
    $ docker run -d -P slok/redis /usr/bin/redis-server
    6d4c1a61cefc4e29c69d6d2c695dd3acf4c34a8f213ad26b9442eb08d6d2f488
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    6d4c1a61cefc slok/redis:latest /usr/bin/redis-serve 39 seconds ago 0.0.0.0:49153->6379/tcp
    Ports are published in random high number ports
    -P maps all exposed ports in the container*
    # netstat -ltnp
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
    tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
    tcp6 0 0 :::49153 :::* LISTEN 914/docker
    tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
    tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
    tcp6 0 0 :::22 :::* LISTEN 1594/sshd

    View Slide

  73. Publish all ports
    $ docker run -d -P slok/redis /usr/bin/redis-server
    6d4c1a61cefc4e29c69d6d2c695dd3acf4c34a8f213ad26b9442eb08d6d2f488
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    6d4c1a61cefc slok/redis:latest /usr/bin/redis-serve 39 seconds ago 0.0.0.0:49153->6379/tcp
    Ports are published in random high number ports
    -P maps all exposed ports in the container*
    # netstat -ltnp
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
    tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
    tcp6 0 0 :::49153 :::* LISTEN 914/docker
    tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
    tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
    tcp6 0 0 :::22 :::* LISTEN 1594/sshd
    Random high number mapped port available

    View Slide

  74. Publish all ports
    $ docker run -d -P slok/redis /usr/bin/redis-server
    6d4c1a61cefc4e29c69d6d2c695dd3acf4c34a8f213ad26b9442eb08d6d2f488
    $ docker ps
    CONTAINER ID IMAGE COMMAND CREATED PORTS
    6d4c1a61cefc slok/redis:latest /usr/bin/redis-serve 39 seconds ago 0.0.0.0:49153->6379/tcp
    Ports are published in random high number ports
    -P maps all exposed ports in the container*
    # netstat -ltnp
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 714/rpcbind
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1594/sshd
    tcp 0 0 0.0.0.0:39997 0.0.0.0:* LISTEN 757/rpc.statd
    tcp6 0 0 :::49153 :::* LISTEN 914/docker
    tcp6 0 0 :::111 :::* LISTEN 714/rpcbind
    tcp6 0 0 :::46705 :::* LISTEN 757/rpc.statd
    tcp6 0 0 :::22 :::* LISTEN 1594/sshd
    Random high number mapped port available
    *Exposing ports are set in Dockerfiles
    We’ll see later!

    View Slide

  75. Linking

    View Slide

  76. Differences with exposed ports
    Used to link containers (using ports)
    Ports only accessible by containers
    We are using ports, but not exposed outside docker environment
    Don’t need to know specific ports
    More secure
    Ports shared in environment vars

    View Slide

  77. Give a name to the link
    $ docker run -d --name redis_eghost slok/redis /usr/bin/redis-server
    576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925
    We need to expose ports in a Dockerfile
    $ docker ps
    CONTAINER ID IMAGE COMMAND PORTS NAMES
    576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost
    $ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash
    2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816
    $ docker ps
    CONTAINER ID IMAGE COMMAND PORTS NAMES
    d205a37bcfdd ubuntu:14.04 /bin/bash checker
    576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost

    View Slide

  78. Give a name to the link
    $ docker run -d --name redis_eghost slok/redis /usr/bin/redis-server
    576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925
    We need to expose ports in a Dockerfile
    $ docker ps
    CONTAINER ID IMAGE COMMAND PORTS NAMES
    576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost
    Name the first contaner for linking
    $ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash
    2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816
    $ docker ps
    CONTAINER ID IMAGE COMMAND PORTS NAMES
    d205a37bcfdd ubuntu:14.04 /bin/bash checker
    576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost

    View Slide

  79. Give a name to the link
    $ docker run -d --name redis_eghost slok/redis /usr/bin/redis-server
    576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925
    We need to expose ports in a Dockerfile
    $ docker ps
    CONTAINER ID IMAGE COMMAND PORTS NAMES
    576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost
    Name the first contaner for linking
    $ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash
    2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816
    $ docker ps
    CONTAINER ID IMAGE COMMAND PORTS NAMES
    d205a37bcfdd ubuntu:14.04 /bin/bash checker
    576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost
    {LINK_CONTAINER_NAME} : {INTERNAL_ALIAS}

    View Slide

  80. Give a name to the link
    $ docker run -d --name redis_eghost slok/redis /usr/bin/redis-server
    576556e21f9dcaf7dab4a36b8bb3d12e028daaaf5aa68397f1e9f4cdc8455925
    We need to expose ports in a Dockerfile
    $ docker ps
    CONTAINER ID IMAGE COMMAND PORTS NAMES
    576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp redis_eghost
    Name the first contaner for linking
    $ docker run -di --name checker --link redis_eghost:redis ubuntu:14.04 /bin/bash
    2448ce8e1596c41e3e1109e76b63136eaa76a3a9cf1c461b3a715d5df7c3e816
    $ docker ps
    CONTAINER ID IMAGE COMMAND PORTS NAMES
    d205a37bcfdd ubuntu:14.04 /bin/bash checker
    576556e21f9d slok/redis:latest /usr/bin/redis-serve 6379/tcp checker/redis,redis_eghost
    {LINK_CONTAINER_NAME} : {INTERNAL_ALIAS}
    Linked!

    View Slide

  81. Discover link inside container
    $ docker run -d --name redis slok/redis /usr/bin/redis-server
    5fbba787207f4c87da20145391ec0e6c57f61c511bb00d118d05cf4a2145f5ae
    $ docker run ubuntu:14.04 env
    HOME=/
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    HOSTNAME=4252df779431
    $ docker run --name redis_checker --link redis:db ubuntu:14.04 env
    HOME=/
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    HOSTNAME=44ffc20b8b67
    DB_PORT=tcp://172.17.0.37:6379
    DB_PORT_6379_TCP=tcp://172.17.0.37:6379
    DB_PORT_6379_TCP_ADDR=172.17.0.37
    DB_PORT_6379_TCP_PORT=6379
    DB_PORT_6379_TCP_PROTO=tcp
    DB_NAME=/redis_checker/db
    Use env vars to connect services (and/or /etc/hosts)

    View Slide

  82. Discover link inside container
    $ docker run -d --name redis slok/redis /usr/bin/redis-server
    5fbba787207f4c87da20145391ec0e6c57f61c511bb00d118d05cf4a2145f5ae
    $ docker run ubuntu:14.04 env
    HOME=/
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    HOSTNAME=4252df779431
    $ docker run --name redis_checker --link redis:db ubuntu:14.04 env
    HOME=/
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    HOSTNAME=44ffc20b8b67
    DB_PORT=tcp://172.17.0.37:6379
    DB_PORT_6379_TCP=tcp://172.17.0.37:6379
    DB_PORT_6379_TCP_ADDR=172.17.0.37
    DB_PORT_6379_TCP_PORT=6379
    DB_PORT_6379_TCP_PROTO=tcp
    DB_NAME=/redis_checker/db
    Use env vars to connect services (and/or /etc/hosts)
    Use the alias in uppercase as prefix for env vars

    View Slide

  83. Using link inside container
    $ docker run -d --name redis slok/redis /usr/bin/redis-server
    5fbba787207f4c87da20145391ec0e6c57f61c511bb00d118d05cf4a2145f5ae
    Env vars only visible by the first process in the container (CMD or ENTRY)
    $ docker run -it slok/redis /bin/bash
    [email protected]:/# redis-cli
    Could not connect to Redis at 127.0.0.1:6379: Connection refused
    docker run -it --link redis:db slok/redis /bin/bash
    [email protected]:/# redis-cli -h $DB_PORT_6379_TCP_ADDR -p $DB_PORT_6379_TCP_PORT
    172.17.0.37:6379> set "hello" "world"
    OK
    172.17.0.37:6379> get "hello"
    "world"
    172.17.0.37:6379>

    View Slide

  84. Volumes

    View Slide

  85. External FS to the container
    Not AUFS
    Used to persist data
    Not destroyed with stopped container
    Real time changes, no delay

    View Slide

  86. Create a volume
    $ docker run -it -v /tmp ubuntu:14.04 /bin/bash
    [email protected]:/# touch /tmp/hello_world.txt
    $ docker inspect 02d027999022 | grep \"Volumes\" -A 2
    "Volumes": {
    "/tmp": "/var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d"
    },
    If the container is destroyed the volume is also destroyed
    # ls -la /var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d
    total 8
    drwxrwxrwx 2 root root 4096 Jul 3 12:52 .
    drwx------ 11 root root 4096 Jul 3 12:52 ..
    -rw-r--r-- 1 root root 0 Jul 3 12:52 hello_world.txt

    View Slide

  87. Create a volume
    $ docker run -it -v /tmp ubuntu:14.04 /bin/bash
    [email protected]:/# touch /tmp/hello_world.txt
    $ docker inspect 02d027999022 | grep \"Volumes\" -A 2
    "Volumes": {
    "/tmp": "/var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d"
    },
    If the container is destroyed the volume is also destroyed
    # ls -la /var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d
    total 8
    drwxrwxrwx 2 root root 4096 Jul 3 12:52 .
    drwx------ 11 root root 4096 Jul 3 12:52 ..
    -rw-r--r-- 1 root root 0 Jul 3 12:52 hello_world.txt
    Outside the container

    View Slide

  88. Container state & volume
    $ docker ps
    CONTAINER ID IMAGE COMMAND STATUS NAMES
    02d027999022 ubuntu:14.04 /bin/bash Exited (0) About a minute ago backstabbing_brown
    The volumes persist even if the container is stopped
    # ls -la /var/lib/docker/vfs/dir/1810314edc60faab2276e4311dab87b87db96a308893b988c44b73fbe49c156d
    total 8
    drwxrwxrwx 2 root root 4096 Jul 3 12:52 .
    drwx------ 11 root root 4096 Jul 3 12:52 ..
    -rw-r--r-- 1 root root 0 Jul 3 12:52 hello_world.txt
    $ docker stop 02d027999022
    02d027999022

    View Slide

  89. Mount custom directory
    $ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen
    $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
    total 8
    drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 .
    drwxr-xr-x 53 root root 4096 Jul 3 14:00 ..
    -rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen
    $ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash
    [email protected]:/# touch /tmp/more_chickeeeeeen
    $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
    total 8
    drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 .
    drwxrwxrwt 5 root root 4096 Jul 3 14:04 ..
    -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen
    -rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen
    Real time FS, The FS is mounted

    View Slide

  90. Mount custom directory
    $ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen
    $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
    total 8
    drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 .
    drwxr-xr-x 53 root root 4096 Jul 3 14:00 ..
    -rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen
    $ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash
    [email protected]:/# touch /tmp/more_chickeeeeeen
    $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
    total 8
    drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 .
    drwxrwxrwt 5 root root 4096 Jul 3 14:04 ..
    -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen
    -rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen
    “/tmp/i_like_kfc” is outside the container
    Real time FS, The FS is mounted

    View Slide

  91. Mount custom directory
    $ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen
    $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
    total 8
    drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 .
    drwxr-xr-x 53 root root 4096 Jul 3 14:00 ..
    -rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen
    $ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash
    [email protected]:/# touch /tmp/more_chickeeeeeen
    $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
    total 8
    drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 .
    drwxrwxrwt 5 root root 4096 Jul 3 14:04 ..
    -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen
    -rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen
    “/tmp/i_like_kfc” is outside the container
    Created outside the container
    Real time FS, The FS is mounted

    View Slide

  92. Mount custom directory
    $ mkdir /tmp/i_like_kfc && touch /tmp/i_like_kfc/chickeeeeeeen
    $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
    total 8
    drwxrwxr-x 2 1000 1000 4096 Jul 3 14:00 .
    drwxr-xr-x 53 root root 4096 Jul 3 14:00 ..
    -rw-rw-r-- 1 1000 1000 0 Jul 3 14:00 chickeeeeeeen
    $ docker run -it -v /tmp/i_like_kfc:/tmp ubuntu:14.04 /bin/bash
    [email protected]:/# touch /tmp/more_chickeeeeeen
    $ docker run -v /tmp/i_like_kfc:/tmp ubuntu:14.04 ls -la /tmp
    total 8
    drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:03 .
    drwxrwxrwt 5 root root 4096 Jul 3 14:04 ..
    -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:00 chickeeeeeeen
    -rw-r--r-- 1 root root 0 Jul 3 14:03 more_chickeeeeeen
    “/tmp/i_like_kfc” is outside the container
    Created in the container
    Created outside the container
    Real time FS, The FS is mounted

    View Slide

  93. Mount in read only mode
    By default is mounted in RW mode
    $ docker run -it -v /tmp/i_like_kfc:/tmp:ro ubuntu:14.04 /bin/bash
    [email protected]:/# touch /tmp/i_dont_like_kfc
    touch: cannot touch '/tmp/i_dont_like_kfc': Read-only file system

    View Slide

  94. Mount in read only mode
    By default is mounted in RW mode
    $ docker run -it -v /tmp/i_like_kfc:/tmp:ro ubuntu:14.04 /bin/bash
    [email protected]:/# touch /tmp/i_dont_like_kfc
    touch: cannot touch '/tmp/i_dont_like_kfc': Read-only file system
    Just add “ro”

    View Slide

  95. Owner and permissions
    $ whoami
    vagrant
    $ docker run -it -v /tmp/test:/tmp ubuntu:14.04 /bin/bash
    [email protected]:/# touch /tmp/root_file
    [email protected]:/# useradd slok
    [email protected]:/# su slok
    [email protected]:/$ touch /tmp/user_file
    [email protected]:/$ touch /tmp/user_744_file & chmod 744 /tmp/user_744_file
    [email protected]:/$ ls -la /tmp/
    total 8
    drwxrwxr-x 2 slok slok 4096 Jul 3 14:27 .
    drwxr-xr-x 55 root root 4096 Jul 3 14:27 ..
    -rw-r--r-- 1 root root 0 Jul 3 14:27 root_file
    -rwxr--r-- 1 slok slok 0 Jul 3 14:31 user_744_file
    -rw-rw-r-- 1 slok slok 0 Jul 3 14:27 user_file
    $ ls -la /tmp/test
    total 8
    drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:27 .
    drwxrwxrwt 6 root root 4096 Jul 3 14:28 ..
    -rw-r--r-- 1 root root 0 Jul 3 14:27 root_file
    -rwxr--r-- 1 vagrant vagrant 0 Jul 3 14:31 user_744_file
    -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:27 user_file

    View Slide

  96. Owner and permissions
    $ whoami
    vagrant
    $ docker run -it -v /tmp/test:/tmp ubuntu:14.04 /bin/bash
    [email protected]:/# touch /tmp/root_file
    [email protected]:/# useradd slok
    [email protected]:/# su slok
    [email protected]:/$ touch /tmp/user_file
    [email protected]:/$ touch /tmp/user_744_file & chmod 744 /tmp/user_744_file
    [email protected]:/$ ls -la /tmp/
    total 8
    drwxrwxr-x 2 slok slok 4096 Jul 3 14:27 .
    drwxr-xr-x 55 root root 4096 Jul 3 14:27 ..
    -rw-r--r-- 1 root root 0 Jul 3 14:27 root_file
    -rwxr--r-- 1 slok slok 0 Jul 3 14:31 user_744_file
    -rw-rw-r-- 1 slok slok 0 Jul 3 14:27 user_file
    $ ls -la /tmp/test
    total 8
    drwxrwxr-x 2 vagrant vagrant 4096 Jul 3 14:27 .
    drwxrwxrwt 6 root root 4096 Jul 3 14:28 ..
    -rw-r--r-- 1 root root 0 Jul 3 14:27 root_file
    -rwxr--r-- 1 vagrant vagrant 0 Jul 3 14:31 user_744_file
    -rw-rw-r-- 1 vagrant vagrant 0 Jul 3 14:27 user_file
    Outside the container, the
    owner (user) is the process
    running user
    In the container the owner
    remains

    View Slide

  97. Share volumes between containers
    $ docker run -it --name doge_container -v /opt ubuntu:14.04 /bin/bash
    [email protected]:/# echo "print('Hello world')" > /opt/say_hello.py
    $ docker run -it --volumes-from doge_container ubuntu:14.04 /bin/bash
    [email protected]:/# ls -la /opt/
    total 12
    drwxr-xr-x 2 root root 4096 Jul 3 18:00 .
    drwxr-xr-x 53 root root 4096 Jul 3 18:02 ..
    -rw-r--r-- 1 root root 21 Jul 3 18:00 say_hello.py
    [email protected]:/# python3 /opt/say_hello.py
    Hello world
    This is used to share directories across containers
    There is a pattern called data volume container (Check patterns section)

    View Slide

  98. Share volumes between containers
    $ docker run -it --name doge_container -v /opt ubuntu:14.04 /bin/bash
    [email protected]:/# echo "print('Hello world')" > /opt/say_hello.py
    Volume created!
    $ docker run -it --volumes-from doge_container ubuntu:14.04 /bin/bash
    [email protected]:/# ls -la /opt/
    total 12
    drwxr-xr-x 2 root root 4096 Jul 3 18:00 .
    drwxr-xr-x 53 root root 4096 Jul 3 18:02 ..
    -rw-r--r-- 1 root root 21 Jul 3 18:00 say_hello.py
    [email protected]:/# python3 /opt/say_hello.py
    Hello world
    This is used to share directories across containers
    There is a pattern called data volume container (Check patterns section)

    View Slide

  99. Share volumes between containers
    $ docker run -it --name doge_container -v /opt ubuntu:14.04 /bin/bash
    [email protected]:/# echo "print('Hello world')" > /opt/say_hello.py
    Volume created!
    $ docker run -it --volumes-from doge_container ubuntu:14.04 /bin/bash
    [email protected]:/# ls -la /opt/
    total 12
    drwxr-xr-x 2 root root 4096 Jul 3 18:00 .
    drwxr-xr-x 53 root root 4096 Jul 3 18:02 ..
    -rw-r--r-- 1 root root 21 Jul 3 18:00 say_hello.py
    [email protected]:/# python3 /opt/say_hello.py
    Hello world
    this container will mount all volumes from
    “doge_container” container
    This is used to share directories across containers
    There is a pattern called data volume container (Check patterns section)

    View Slide

  100. Share volumes between containers
    System
    Container(46293ef28846/
    doge_container)
    Container(491ad4c3df84)
    /bin
    /opt
    /usr
    /root
    /bin
    /opt
    /usr
    /root
    /var/lib/docker/vfs/dir/
    b7eb1d8264db8716c0a536e0c776d935bc3eada671a26194d1129066aa2a41c4
    45832b9c9b3117ee86778df6b6dafdeead36fb643494822cf40f095da0766baa
    /usr
    /opt
    /home
    Simple principle, mount directories from host OS to containers
    ...
    ...
    ...
    ...

    View Slide

  101. Share volumes between containers
    System
    Container(46293ef28846/
    doge_container)
    Container(491ad4c3df84)
    /bin
    /opt
    /usr
    /root
    /bin
    /opt
    /usr
    /root
    /var/lib/docker/vfs/dir/
    b7eb1d8264db8716c0a536e0c776d935bc3eada671a26194d1129066aa2a41c4
    45832b9c9b3117ee86778df6b6dafdeead36fb643494822cf40f095da0766baa
    /usr
    /opt
    /home
    Simple principle, mount directories from host OS to containers
    ...
    ...
    ...
    This was the volume creator, to mount his
    volumes we need to use it as reference
    with “volumes-from”
    ...

    View Slide

  102. Dockerfiles

    View Slide

  103. Automate
    Build images
    Easy update of images
    easy share
    Script composed by commands

    View Slide

  104. Dockerfile
    FROM ubuntu:14.04
    MAINTAINER Xabier Larrakoetxea
    # Update repos
    RUN apt-get update
    # Install redis
    RUN apt-get install -y redis-server
    # Expose Redis port 6379
    EXPOSE 6379
    CMD ["/usr/bin/redis-server"]
    Dockerfile structure

    View Slide

  105. Dockerfile
    FROM ubuntu:14.04
    MAINTAINER Xabier Larrakoetxea
    # Update repos
    RUN apt-get update
    # Install redis
    RUN apt-get install -y redis-server
    # Expose Redis port 6379
    EXPOSE 6379
    CMD ["/usr/bin/redis-server"]
    Dockerfile structure
    Declaration

    View Slide

  106. Dockerfile
    FROM ubuntu:14.04
    MAINTAINER Xabier Larrakoetxea
    # Update repos
    RUN apt-get update
    # Install redis
    RUN apt-get install -y redis-server
    # Expose Redis port 6379
    EXPOSE 6379
    CMD ["/usr/bin/redis-server"]
    Dockerfile structure
    Declaration
    Actions(logic)

    View Slide

  107. Dockerfile
    FROM ubuntu:14.04
    MAINTAINER Xabier Larrakoetxea
    # Update repos
    RUN apt-get update
    # Install redis
    RUN apt-get install -y redis-server
    # Expose Redis port 6379
    EXPOSE 6379
    CMD ["/usr/bin/redis-server"]
    Dockerfile structure
    Declaration
    Actions(logic)
    Configuration

    View Slide

  108. Dockerfile
    FROM ubuntu:14.04
    MAINTAINER Xabier Larrakoetxea
    # Update repos
    RUN apt-get update
    # Install redis
    RUN apt-get install -y redis-server
    # Expose Redis port 6379
    EXPOSE 6379
    CMD ["/usr/bin/redis-server"]
    Dockerfile structure
    Declaration
    Actions(logic)
    Configuration
    Run action

    View Slide

  109. Dockerfile
    FROM ubuntu:14.04
    MAINTAINER Xabier Larrakoetxea
    # Update repos
    RUN apt-get update
    # Install redis
    RUN apt-get install -y redis-server
    # Expose Redis port 6379
    EXPOSE 6379
    CMD ["/usr/bin/redis-server"]
    Dockerfile structure
    Declaration
    Actions(logic)
    Configuration
    Run action

    View Slide

  110. Dockerfile facts
    Instructions in order
    Format: INSTRUCTION arguments
    Use “#” for comments
    First instruction is FROM
    No case sensitive (std says instructions in uppercase)
    Some instructions create a new layer

    View Slide

  111. Dockerfile facts
    Instructions in order
    Format: INSTRUCTION arguments
    Use “#” for comments
    First instruction is FROM
    No case sensitive (std says instructions in uppercase)
    Some instructions create a new layer
    Lets check the com
    m
    ands

    View Slide

  112. Dockerfile
    FROM ubuntu:14.04
    ...
    Dockerfile command | FROM
    Dockerfile
    FROM slok/redis
    ...
    The base image, tells docker where to start from building the image
    Needs to be the first instruction in the Dockerfile
    Dockerfile
    FROM crosbymichael/python
    ...
    If no tag is specified then “latest“ will be taken

    View Slide

  113. Dockerfile command | MAINTAINER
    Dockerfile
    MAINTAINER Xabier Larrakoetxea
    ...
    Sets the author of the Dockerfile
    Dockerfile
    MAINTAINER Doge wow
    ...
    Dockerfile
    MAINTAINER Chuck Norris
    ...

    View Slide

  114. Dockerfile command | RUN
    Dockerfile
    RUN pip install django
    ...
    Dockerfile
    RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
    ...
    Dockerfile
    RUN ["wget", "http://python-distribute.org/distribute_setup.py"]
    ...
    Creates a new layer
    This layers are used as cache for other builds if they are the same
    Executes actions/commands

    View Slide

  115. Dockerfile command | RUN
    Dockerfile
    RUN pip install django
    ...
    Dockerfile
    RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list
    ...
    Dockerfile
    RUN ["wget", "http://python-distribute.org/distribute_setup.py"]
    ...
    Creates a new layer
    This layers are used as cache for other builds if they are the same
    Executes actions/commands
    Uses /sh/bin -c {RUN_ARGUMENTS}
    Uses exec format

    View Slide

  116. Dockerfile command | ENV
    Dockerfile
    ENV LANG en_US.UTF-8
    ...
    Sets env vars, this will be available for the next RUN instructions
    the containers that run from the built image will have the env vars setted
    Dockerfile
    ENV APP_ENVIRONMENT sandbox
    ...
    Dockerfile
    ENV DOGE such_env_var
    ...

    View Slide

  117. Dockerfile command | EXPOSE
    Dockerfile
    EXPOSE 9000
    ...
    Dockerfile
    EXPOSE 8125/udp
    ...
    Dockerfile
    EXPOSE 80:8080
    ...
    Map private exposed ports to public ones when running the container
    Never map public ports inside the Dockerfile

    View Slide

  118. Dockerfile command | EXPOSE
    Dockerfile
    EXPOSE 9000
    ...
    Dockerfile
    EXPOSE 8125/udp
    ...
    Dockerfile
    EXPOSE 80:8080
    ...
    Map private exposed ports to public ones when running the container
    Never map public ports inside the Dockerfile
    Private TCP port
    Private UDP port
    80 Private TCP port mapped to 8080 public TCP port

    View Slide

  119. Dockerfile command | VOLUME
    Dockerfile
    VOLUME /data
    ...
    Dockerfile
    VOLUME ["/data", "/etc/nginx/sites-enabled", "/var/log/nginx"]
    ...
    Dockerfile
    EXPOSE /opt/data:/data
    ...
    Mount public paths to private paths when running the container
    Never mount public to paths inside the Dockerfile

    View Slide

  120. Dockerfile command | VOLUME
    Dockerfile
    VOLUME /data
    ...
    Dockerfile
    VOLUME ["/data", "/etc/nginx/sites-enabled", "/var/log/nginx"]
    ...
    Dockerfile
    EXPOSE /opt/data:/data
    ...
    Mount public paths to private paths when running the container
    Never mount public to paths inside the Dockerfile
    mount container /data in host /mnt/opt
    Create multiple volumes
    Create /data volume

    View Slide

  121. Dockerfile command | ADD
    After the first ADD instructions the next RUN instructions don’t cache
    Dockerfile
    ADD ./statsd_config.js /var/lib/statsd/config.js
    ...
    If src is a tar archive, this will be copied and extracted
    ADD is to magical, use COPY instead when not extracting is needed (v1.0>=)
    Copy a relative (to dockerfile) file or directory into the image
    Dockerfile
    ADD postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf
    ...
    Dockerfile
    ADD /tar/apache-tomcat-7.0.47.tar.gz /opt
    ...

    View Slide

  122. Dockerfile command | ADD
    After the first ADD instructions the next RUN instructions don’t cache
    Dockerfile
    ADD ./statsd_config.js /var/lib/statsd/config.js
    ...
    If src is a tar archive, this will be copied and extracted
    ADD is to magical, use COPY instead when not extracting is needed (v1.0>=)
    Copy a relative (to dockerfile) file or directory into the image
    Dockerfile
    ADD postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf
    ...
    Dockerfile
    ADD /tar/apache-tomcat-7.0.47.tar.gz /opt
    ... This will extract the archive in images /opt

    View Slide

  123. Dockerfile command | COPY
    Copy a relative (to dockerfile) file or directory into the image
    After the first COPY instructions the next RUN instructions don’t cache
    Similar to ADD
    Dockerfile
    ADD ./statsd_config.js /var/lib/statsd/config.js
    ...
    Dockerfile
    COPY postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf
    ...
    Dockerfile
    COPY /tar/apache-tomcat-7.0.47.tar.gz /opt
    ...

    View Slide

  124. Dockerfile command | COPY
    Copy a relative (to dockerfile) file or directory into the image
    After the first COPY instructions the next RUN instructions don’t cache
    Similar to ADD
    Dockerfile
    ADD ./statsd_config.js /var/lib/statsd/config.js
    ...
    Dockerfile
    COPY postgresql.conf etc/postgresql/$PG_VERSION/main/postgresql.conf
    ...
    Dockerfile
    COPY /tar/apache-tomcat-7.0.47.tar.gz /opt
    ... This will not extract the archive in images /opt

    View Slide

  125. Dockerfile command | USER
    Sets the UID to use when running the image
    Sets the UID to use for any following RUN directives
    Dockerfile
    USER postgres
    ...
    Dockerfile
    USER nobody
    ...

    View Slide

  126. Dockerfile command | WORKDIR
    Sets the working directory for the RUN, CMD and ENTRYPOINT that follow it
    Dockerfile
    WORKDIR /etc/nginx
    ...
    Dockerfile
    WORKDIR /opt
    ...
    WORKDIR virtualenvs
    ...
    Could be use with absolute or relative paths

    View Slide

  127. Dockerfile command | WORKDIR
    Sets the working directory for the RUN, CMD and ENTRYPOINT that follow it
    Dockerfile
    WORKDIR /etc/nginx
    ...
    Dockerfile
    WORKDIR /opt
    ...
    WORKDIR virtualenvs
    ...
    Could be use with absolute or relative paths
    This will end in /opt/virtualenvs

    View Slide

  128. Dockerfile command | ONBUILD
    Dockerfile
    ONBUILD ADD . /src/app
    ONBUILD RUN /usr/local/bin/python-build --dir /src/app
    ...
    ONBUILD doesn’t affect this image built
    Triggered when another image is built based on this one
    Grand-child images doesn’t inherit this ONBUILD (Only direct ones)
    Dockerfile
    ONBUILD ADD . /opt/rails_demo
    ONBUILD WORKDIR /opt/rails_demo
    ONBUILD RUN rvm all do bundle install
    ONBUILD CMD rvm all do bundle exec rails server
    ...

    View Slide

  129. Dockerfile command | CMD
    CMD could be overwritten when we exec docker run executable params...
    Only one CMD entry per dockerfile
    Used with ENTRYPOINT is very powerful
    Dockerfile
    CMD ["/usr/local/bin/diamond", "-f"]
    ...
    Dockerfile
    CMD echo "This is a test." | wc -
    ...
    Dockerfile
    CMD ["--help"]
    ...
    Used to execute a command when running the container

    View Slide

  130. Dockerfile command | CMD
    CMD could be overwritten when we exec docker run executable params...
    Only one CMD entry per dockerfile
    Used with ENTRYPOINT is very powerful
    Dockerfile
    CMD ["/usr/local/bin/diamond", "-f"]
    ...
    Dockerfile
    CMD echo "This is a test." | wc -
    ...
    Dockerfile
    CMD ["--help"]
    ...
    Used to execute a command when running the container
    Array form: used like exec (Preferred form)
    As shell (/bin/sh -c)
    Used to pass params to ENTRYPOINT

    View Slide

  131. Dockerfile command | ENTRYPOINT
    ENTRYPOINT can’t be overwrite unlike CMD
    Only one ENTRYPOINT entry per dockerfile
    Used with CMD is very powerful
    Pass params to ENTRYPOINT with docker run {image} -d ...
    Dockerfile
    ENTRYPOINT ["/usr/bin/influxdb", "-config=/opt/influxdb/shared/config.toml"]
    ...
    Dockerfile
    ENTRYPOINT supervisor
    ...
    Used to execute a command when running the container
    Array form: used like exec (Preferred form)
    As shell (/bin/sh -c)

    View Slide

  132. Dockerfile command | ENTRYPOINT
    ENTRYPOINT can’t be overwrite unlike CMD
    Only one ENTRYPOINT entry per dockerfile
    Used with CMD is very powerful
    Pass params to ENTRYPOINT with docker run {image} -d ...
    Dockerfile
    ENTRYPOINT ["/usr/bin/influxdb", "-config=/opt/influxdb/shared/config.toml"]
    ...
    Dockerfile
    ENTRYPOINT supervisor
    ...
    Used to execute a command when running the container

    View Slide

  133. Simple example

    View Slide

  134. Nginx container
    Ubuntu 14.04 LTS base image
    We could use a ready one: https://registry.hub.docker.com/_/nginx/
    Example

    View Slide

  135. Structure
    $ tree ./nginx
    ./nginx/
    ├── Dockerfile
    └── nginx.conf

    View Slide

  136. Nginx config file
    nginx/nginx.conf
    daemon off;
    user www-data;
    worker_processes 4;
    pid /run/nginx.pid;
    events {
    worker_connections 768;
    }
    http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    gzip on;
    gzip_disable "msie6";
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
    }

    View Slide

  137. Nginx config file
    nginx/nginx.conf
    daemon off;
    user www-data;
    worker_processes 4;
    pid /run/nginx.pid;
    events {
    worker_connections 768;
    }
    http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
    gzip on;
    gzip_disable "msie6";
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
    }
    This is needed to run the process as a docker container

    View Slide

  138. Nginx Dockerfile
    nginx/Dockerfile
    FROM ubuntu:14.04
    MAINTAINER Xabier Larrakoetxea
    # Install nginx
    RUN sudo apt-get update
    RUN sudo apt-get install -y nginx
    VOLUME ["/etc/nginx", "/var/log/nginx"]
    EXPOSE 80 443
    COPY nginx.conf /etc/nginx/nginx.conf
    # This image should only run nginx, don't allow command overwrite
    ENTRYPOINT ["nginx"]

    View Slide

  139. Nginx Dockerfile
    nginx/Dockerfile
    FROM ubuntu:14.04
    MAINTAINER Xabier Larrakoetxea
    # Install nginx
    RUN sudo apt-get update
    RUN sudo apt-get install -y nginx
    VOLUME ["/etc/nginx", "/var/log/nginx"]
    EXPOSE 80 443
    COPY nginx.conf /etc/nginx/nginx.conf
    # This image should only run nginx, don't allow command overwrite
    ENTRYPOINT ["nginx"]
    We could change the settings and add new
    websites without rebuilding the image

    View Slide

  140. Build the image
    $ docker build -t slok/nginx ./nginx
    Sending build context to Docker daemon 4.096 kB
    Sending build context to Docker daemon
    Step 0 : FROM ubuntu:14.04
    ---> e54ca5efa2e9
    Step 1 : MAINTAINER Xabier Larrakoetxea
    ---> Using cache
    ---> f92949757538
    Step 2 : RUN sudo apt-get update
    ---> Using cache
    ---> 83553dd447a8
    Step 3 : RUN sudo apt-get install -y nginx
    ---> Using cache
    ---> 81d073ef2959
    Step 4 : VOLUME ["/etc/nginx", "/var/log/nginx"]
    ---> Using cache
    ---> d7bebdea21bc
    Step 5 : EXPOSE 80 443
    ---> Using cache
    ---> 884a359171c5
    Step 6 : COPY nginx.conf /etc/nginx/nginx.conf
    ---> 9367bdddab92
    Removing intermediate container 421ee775b2ac
    Step 7 : ENTRYPOINT ["nginx"]
    ---> Running in 720a2e174332
    ---> 6656d268c150
    Removing intermediate container 720a2e174332
    Successfully built 6656d268c150

    View Slide

  141. Run the image (container)
    $ docker run -d -p 10080:80 slok/nginx
    e55dd17a1b586f407d41eb93eaaf561c9f32609a7eab6e29c41e5f4dc50f3ebc
    $ curl 192.168.100.55:10080



    Welcome to nginx!
    <br/>body {<br/>width: 35em;<br/>margin: 0 auto;<br/>font-family: Tahoma, Verdana, Arial, sans-serif;<br/>}<br/>


    Welcome to nginx!
    If you see this page, the nginx web server is successfully installed and
    working. Further configuration is required.
    For online documentation and support please refer to
    nginx.org.

    Commercial support is available at
    nginx.com.
    Thank you for using nginx.


    View Slide

  142. Check persisten data
    $ docker ps -aq
    e55dd17a1b58
    $ docker inspect e55dd17a1b58 | grep -A 3 Volumes
    "Volumes": {
    "/etc/nginx": "/var/lib/docker/vfs/dir/f58bfb50312f75adbe51b7504230c69a8a3e098afa5943becbfc3b89b9547b6e",
    "/var/log/nginx": "/var/lib/docker/vfs/dir/faaa961e95ea51c49af5b27093a56f177a2341da8e11b061d80f34348d09ef36"
    },
    $ cat /var/lib/docker/vfs/dir/faaa961e.../access.log
    192.168.100.1 - - [06/Jul/2014:16:27:44 +0000] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (X11; Linux x86_64)
    AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36"
    192.168.100.1 - - [06/Jul/2014:16:27:44 +0000] "GET /favicon.ico HTTP/1.1" 404 208 "-" "Mozilla/5.0 (X11; Linux
    x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36"
    192.168.100.55 - - [06/Jul/2014:16:28:08 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0"
    192.168.100.55 - - [06/Jul/2014:16:29:18 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.35.0"

    View Slide

  143. Docker hub

    View Slide

  144. Share images
    Deploy hook
    Automated builds
    https://hub.docker.com

    View Slide

  145. Login
    $ docker login
    Username: slok
    Password:
    Email: [email protected]
    Login Succeeded

    View Slide

  146. Search
    $ docker search slok
    NAME DESCRIPTION STARS OFFICIAL AUTOMATED
    slok/nginx 0 [OK]
    slok/playpython 0
    $ docker search python
    NAME DESCRIPTION STARS OFFICIAL AUTOMATED
    fedora/python 18 [OK]
    parente/ipython-notebook IPython Notebook plus pandas, matplotlib, ... 8
    parente/ipython IPython 2.0 containerized and configured t... 5 [OK]
    mythmon/python-dev A base to start from for running Python apps. 4 [OK]
    google/python-runtime 4 [OK]
    dockerfile/python Trusted Python (https://www.python.org/) B... 4 [OK]
    python Python is a widely used general-purpose, h... 3
    scivm/scientific-python-2.7 Scientific Python 2.7 Ubuntu 12.04- Numpy,... 3 [OK]
    crosbymichael/ipython 3 [OK]
    scivm/scientific-python-3.3 Scientific Python 3.3 Ubuntu 12.04 Numpy, ... 2 [OK]
    google/python 2 [OK]

    View Slide

  147. Pull
    $ docker pull dockerfile/python
    Pulling repository dockerfile/python
    f86d6993fc7b: Download complete
    511136ea3c5a: Download complete
    5e66087f3ffe: Download complete
    4d26dd3ebc1c: Download complete
    d4010efcfd86: Download complete
    99ec81b80c55: Download complete
    b261bc65cd23: Download complete
    42404685406e: Download complete
    6cc69450fe19: Download complete
    efc4fbcd007f: Download complete
    2baeb2edbf92: Download complete
    ecd5c1cc18ac: Download complete
    1f089cc15e82: Download complete
    9f3000270ba2: Download complete
    4b49b0b7aa4c: Download complete
    8229e90e517b: Download complete
    $ docker pull dockerfile/python
    REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
    dockerfile/python latest f86d6993fc7b 6 weeks ago 643.8 MB

    View Slide

  148. Push
    $ docker push slok/nginx2
    The push refers to a repository [slok/nginx2] (len: 1)
    Sending image list
    Pushing repository slok/nginx2 (1 tags)
    511136ea3c5a: Image already pushed, skipping
    d7ac5e4f1812: Image already pushed, skipping
    2f4b4d6a4a06: Image already pushed, skipping
    83ff768040a0: Image already pushed, skipping
    6c37f792ddac: Image already pushed, skipping
    e54ca5efa2e9: Image already pushed, skipping
    f92949757538: Image successfully pushed
    83553dd447a8: Image successfully pushed
    81d073ef2959: Image successfully pushed
    d7bebdea21bc: Image successfully pushed
    884a359171c5: Image successfully pushed
    9367bdddab92: Image successfully pushed
    6656d268c150: Image successfully pushed
    Pushing tag for rev [6656d268c150] on {https://registry-1.docker.io/v1/repositories/slok/nginx2/tags/latest}

    View Slide

  149. Automated builds
    Other type of docker repo
    Don’t push images
    Refer to Dockerfile repositories
    Automatic builds when pushed changes
    http://docs.docker.com/docker-hub/builds/

    View Slide

  150. Patterns

    View Slide

  151. Data only container
    Data in a separate container
    No data in app containers
    Not attached to an image(easy upgrade)
    http://www.offermann.us/2013/12/tiny-docker-pieces-loosely-joined.html

    View Slide

  152. Data only container | differences
    System
    Postgresql
    container
    /var/lib/docker/vfs/dir/...
    /data
    b7eb1d8264db8716c0a536e0c776...
    ...
    Classic approach
    volume

    View Slide

  153. Data only container | differences
    System
    Postgresql
    container
    /var/lib/docker/vfs/dir/...
    /data
    b7eb1d8264db8716c0a536e0c776...
    ...
    Classic approach
    System
    Postgresql-data
    container
    /var/lib/docker/vfs/dir/...
    /data
    b7eb1d8264db8716c0a536e0c776...
    ...
    Data volume container approach
    volume
    volume
    Postgresql
    container
    /data
    ...
    volumes-from

    View Slide

  154. Data only container | data container
    Dockerfile
    FROM busybox
    MAINTAINER Xabier Larrakoetxea
    # Create data directory
    RUN mkdir /data
    # postgres UID = 102 & GID = 106
    RUN chown 102:106 /data
    RUN chmod 700 /data
    # Create
    VOLUME /data
    $ docker build -t postgresql-data ./postgresql-data/
    Sending build context to Docker daemon 2.56 kB
    Sending build context to Docker daemon
    Step 0 : FROM busybox
    ---> a9eb17255234
    Step 1 : MAINTAINER Xabier Larrakoetxea
    ---> Running in ad624b14dfbb
    ---> c303826067b8
    Removing intermediate container ad624b14dfbb
    Step 2 : RUN mkdir /data
    ---> Running in 11ad80bac58f
    ---> cf5c27ebbfe7
    Removing intermediate container 11ad80bac58f
    Step 3 : VOLUME /data
    ---> Running in 0fc55525bf62
    ---> b3c6cd1d3343
    Removing intermediate container 0fc55525bf62
    Successfully built b3c6cd1d3343

    View Slide

  155. Data only container | data container
    $ docker run -d --name postgresql-data postgresql-data
    fa64af7626476c7d39ca540d221f0c826630a44fd35c4d1222e99809b978205d
    $ docker ps -a
    CONTAINER ID IMAGE COMMAND CREATED STATUS NAMES
    fa64af762647 postgresql-data:latest /bin/sh 50 seconds ago Exited (0) postgresql-data
    Remember! volumes persist with stopped containers too, that’s the key
    $ docker run -d --name postgresql-data -v /var/lib/postgresql busybox
    99a239a8aca33baac21c897f7ce1342866517f1f30fdac4c28108c28de1b707b
    Same result but without using Dockerfiles, although using Dockerfiles is
    encourage

    View Slide

  156. Data only container | app container
    Dockerfile
    FROM ubuntu
    MAINTAINER Xabier Larrakoetxea
    RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8
    RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list
    RUN apt-get update
    RUN apt-get -y -q install python-software-properties software-properties-common
    RUN apt-get -y -q install postgresql-9.3 postgresql-client-9.3 postgresql-contrib-9.3
    USER postgres
    RUN /etc/init.d/postgresql start &&\
    psql --command "CREATE USER docker WITH SUPERUSER PASSWORD 'docker';" &&\
    createdb -O docker docker
    # Cofigure the database to use our data dir.
    RUN sed -i -e"s/data_directory =.*$/data_directory = '\/data'/" /etc/postgresql/9.3/main/postgresql.conf
    RUN echo "host all all 0.0.0.0/0 md5" >> /etc/postgresql/9.3/main/pg_hba.conf
    RUN echo "listen_addresses='*'" >> /etc/postgresql/9.3/main/postgresql.conf
    EXPOSE 5432
    VOLUME ["/etc/postgresql", "/var/log/postgresql", "/var/lib/postgresql"]
    CMD ["/usr/lib/postgresql/9.3/bin/postgres", "-D", "/var/lib/postgresql/9.3/main", "-c",
    "config_file=/etc/postgresql/9.3/main/postgresql.conf"]

    View Slide

  157. Data only container | run
    $ docker run --volumes-from postgresql-data postgresql /usr/lib/postgresql/9.3/bin/initdb -D /data
    fa64af7626476c7d39ca540d221f0c826630a44fd35c4d1222e99809b978205d
    $ docker run -d --name postgresql-data postgresql-data
    f2392b5be7cc83368c458d00e1ce7d23306b91b274aba22edc0b20e088b2024b
    1st run the data container(We made previously) only the first time
    2nd run the app container but initializing the database (will exit) only the first time
    $ docker run -d --volumes-from postgresql-data postgresql
    fa67e31dc8782c8e82933540a1aaa0c1a6a03d2c565b57d700a58f623d3c6504
    Run the app container(Init postgres database)

    View Slide

  158. Layer cache
    Dockerfile
    FROM busybox
    MAINTAINER Xabier Larrakoetxea

    RUN echo "Layer 1"
    RUN echo "Layer 2"
    RUN echo "Layer 3"
    RUN echo "Layer 4"
    RUN echo "Layer 5"
    COPY text.txt /tmp/test.txt
    RUN echo "Layer 6"
    RUN echo "Layer 7"
    Dockerfile
    FROM busybox
    MAINTAINER Xabier Larrakoetxea

    RUN echo "Layer 1"
    RUN echo "Layer 2"
    RUN echo "Layer 3"
    RUN echo "Layer 4"
    RUN echo "Layer 5"
    COPY text.txt /tmp/test.txt
    RUN echo "Layer 6"
    RUN echo "Layer 7"
    a9eb17255234
    c303826067b8
    917ba27e3824
    7e2f54c9001e
    5d913400970e
    eb97fe6a3755
    dc390db50bd4
    37aab9a11217
    e27033af6e6b
    56e45baa15ba
    d8f5c77247c0
    7a317623daf8
    edbc8e088d19

    View Slide

  159. Layer cache
    $ docker build ./test
    Sending build context to Docker daemon 3.072 kB
    Sending build context to Docker daemon
    Step 0 : FROM busybox
    ---> a9eb17255234
    Step 1 : MAINTAINER Xabier Larrakoetxea
    ---> Using cache
    ---> c303826067b8
    Step 2 : RUN echo "Layer 1"
    ---> Using cache
    ---> 917ba27e3824
    Step 3 : RUN echo "Layer 2"
    ---> Using cache
    ---> 7e2f54c9001e
    Step 4 : RUN echo "Layer 3"
    ---> Using cache
    ---> 5d913400970e
    Step 5 : RUN echo "Layer 4"
    ---> Using cache
    ---> eb97fe6a3755
    Step 6 : RUN echo "Layer 5"
    ---> Using cache
    ---> dc390db50bd4
    Step 7 : COPY text.txt /tmp/test.txt
    ---> d8f5c77247c0
    Removing intermediate container 5c7feddd3486
    Step 8 : RUN echo "Layer 6"
    ---> Running in 7a317623daf8
    Layer 6
    ---> 2befdb0f5c9d
    Removing intermediate container 7a317623daf8
    Step 9 : RUN echo "Layer 7"
    ---> Running in edbc8e088d19
    Layer 7
    ---> 1fee9b728152
    Removing intermediate container edbc8e088d19
    Successfully built 1fee9b728152
    Not cached
    Cached

    View Slide

  160. Base image reuse
    Ubuntu
    Python Ruby JDK
    Tomcat
    Postgres Mysql Redis
    Base
    Nginx
    RoR
    Django
    My_app
    Ansible
    Graphite Gitlab
    Gitlab

    View Slide

  161. Single app VS multiple app container
    Single container
    Container groups
    Separate containers

    View Slide

  162. Single container
    System
    container
    /var/lib/docker/vfs/dir/...
    b7eb1d8264db8716c0a536e0c776...
    volume
    Used in devboxes (Vagrant) and CI purpouse (Jenkins)
    Don’t use for production
    FS
    /usr
    ...
    /lib
    ...
    Supervisor
    /root
    /opt
    /var
    postgres nginx
    redis uwsgi
    workers workers
    Use supervisor or monit to manage all the containers

    View Slide

  163. Container groups
    System
    App container
    /var/lib/docker/vfs/dir/...
    b7eb1d8264db8716c0a536e0c776...
    volume
    Used in production and CI purpouse (Jenkins)
    FS
    /usr
    ...
    /lib
    ...
    Supervisor
    nginx uwsgi
    Use supervisor or monit to manage all the containers
    db container
    FS
    /usr
    ...
    /lib
    Supervisor
    redis postgres
    volume
    Easy management

    View Slide

  164. Separate containers
    System
    nginx container
    /var/lib/docker/vfs/dir/...
    b7eb1d8264db8716c0a536e0c776...
    Used in production
    FS
    ...
    ...
    nginx
    Big granularity, flexible
    uwsgi container
    FS
    ...
    uswgi
    postgres container
    FS
    ...
    postgres
    Link
    Link
    redis container
    FS
    ...
    redis
    Link
    Easy image update

    View Slide

  165. Tips

    View Slide

  166. Stop all the containers
    $ docker stop `docker ps -aq`
    c9a227990860
    4c9b8825dd10
    c6246e2bf765
    425a71780337
    17cc7e13c1ed
    17ceee72c3e0
    38436e110396
    491ad4c3df84
    46293ef28846
    d8d6a3ccbcbf
    3820a01f10ae

    View Slide

  167. Delete all the containers
    $ docker rm `docker ps -aq`
    c9a227990860
    4c9b8825dd10
    c6246e2bf765
    425a71780337
    17cc7e13c1ed
    17ceee72c3e0
    38436e110396
    491ad4c3df84
    46293ef28846
    d8d6a3ccbcbf
    3820a01f10ae
    Destructive command!
    Also deletes the volumes!

    View Slide

  168. Delete untagged images
    $ docker images
    REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
    3fddf4b9ccd0 27 minutes ago 299.1 MB
    daf1d121e239 7 hours ago 6.255 MB
    11f47fb8a321 8 hours ago 6.57 MB
    f644d2c20728 8 hours ago 6.57 MB
    slok/redis2 latest c2c45026cfb8 3 days ago 283 MB
    $ docker rmi `docker images |grep "" | awk '{print $3}'`
    Deleted: 3fddf4b9ccd0d91d2469f0afb7b8e458638375a24cb9f4742b91744a66b5ad9a
    Deleted: 3a448f3b216270a4ea8f2ad39d4d78287cfa3b7ec933f88723d87ceee385e4a4
    Deleted: 20aab9c6ed98d6db4c9d3824dc6243c12f6e03cd8dd0bcbef5f3ff97d715fc44
    Deleted: c0fac7a083b58b0a5ed818f01c2efb4901ef5bf88f3154b05d79df5fb65c3433
    Deleted: b5d683eefda9fa3d07eb4e0b85d09873e61702fb934f5a3c92b0c15b6b67340a
    Deleted: daf1d121e23966a7a0b8fc6ecf5b87e944d582f7f722e989e5472cf52d1653e3
    Deleted: 11f47fb8a3219e01f4585577d53687eb404eda2128106960a10a8d5cd1d7e714
    Deleted: 18b65d678d9f2047ce6423258de8eaaf37107a09abe3a2aaff30b367bd01570c
    Deleted: e37a502f8fba1a3406b2a3fce2a55d82059a77eb266a793d2243efcec62f9a4f
    Deleted: 954a4be53ea4b2253739d511daf78ec621b4411af79c68cb1338ae2e54267762
    Deleted: f644d2c20728195956e1e4ead8cdae964444ef7a62ddb32cd1db668ce19f2fbc
    Deleted: a275efe6feed558e1521f269c356bfa4d3c112de456ec624eb0926eb24d64078
    Deleted: e62491d8568fd34019de4e7bbdb3d81cad9ed0bd8796c236166a124949035791
    Destructive command!

    View Slide

  169. Thank you

    View Slide

  170. Questions

    View Slide

  171. Kudos

    View Slide

  172. Icons: Entypo, Flaticons, Octicons
    Typography: Google web fonts
    OS Logos: http://commons.wikimedia.org
    Github: https://github.com
    Google docs: https://docs.google.com
    Docker: https://docs.docker.com
    Docker guide: http://kencochrane.net
    Syntax highligter: http://markup.su/highlighter/

    View Slide

  173. Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
    http://xlarrakoetxea.org

    View Slide