Chef for Containers Using config management in your container workflow Tom Duffield Software Development Engineer at Chef Twitter: @tomduffield Fossetcon 2014
What are Linux containers? • Lightweight virtualization provided by libraries inside the Linux Kernel. • cgroups • namespaces • capabilities • selinux • apparmor • netlink • netfilter
What is Docker? • Utility that improves the usability of Linux Containers by providing: • a layered file system (Docker Images) • a cross-platform execution engine (Docker Engine) • a social space to share common libraries (Docker Hub)
Hypervisor Virtualization Server Host OS Hypervisor Guest OS bins/ libs app a Guest OS bins/ libs app d Guest OS bins/ libs app b Guest OS bins/ libs app c Virtual Machine
Chef Container allows you to: • define your container configuration using Chef recipes. • idempotently manage the running state of your container. • safely manage multiple services inside your container.
Chef Container is a great for handling: • installation and configuration of complex applications. • transitioning traditional architecture to containers. • handling last-mile configuration when container boots.
Understanding the PID1 Problem $ docker run busybox ps -ef PID USER COMMAND 1 root ps -ef • The command you specify via docker run replaces init and becomes the root process (PID1).
Addressing the PID1 Problem • The root process (PID1) is responsible for: • telling the container what processes it should run. • ensuring all child processes are properly managed.
knife container docker init $ knife container docker init NAMESPACE/IMAGE_NAME [options] Frequently Used Options Flag Description -f The base Docker image to use. The default is chef/ubuntu-12.04. -r Your Chef run list. -z Use chef-client local mode. -b Use Berkshelf to manage cookbook dependencies.
knife container docker build $ knife container docker build NAMESPACE/IMAGE_NAME [options] Frequently Used Options Flag Description --force Force the resolution of Chef dependencies.
Why use Chef Container? 1) Fast and easy transition from existing architecture. 2) Consistent configuration model across containerization solutions and types of architectures. 3) Mixed infrastructure environments. 4) Idempotency in your image build process and in your running containers. 5) Decreased overhead for configuration changes.
Roadmap • Rebuild images from a fresh base image. • Add multiple, custom tags to your Docker images. • Improved management of secure credentials. What would you like to see? Submit input and feedback! http://github.com/opscode/knife-container/issues http://github.com/opscode/chef-init/issues