Using Chef to manage your container workflow

Transcript

1. None

2. Chef for Containers Using config management in your container workflow

   Tom Duffield Software Development Engineer at Chef Twitter: @tomduffield Fossetcon 2014

3. Agenda Introduction to Docker Chef Container Knife Container Workflow More

   Information Questions

4. Introduction to Docker

5. What are Linux containers? • Lightweight virtualization provided by libraries

   inside the Linux Kernel. • cgroups • namespaces • capabilities • selinux • apparmor • netlink • netfilter

6. What is Docker? • Utility that improves the usability of

   Linux Containers by providing: • a layered file system (Docker Images) • a cross-platform execution engine (Docker Engine) • a social space to share common libraries (Docker Hub)

7. Hypervisor Virtualization Server Host OS Hypervisor Guest OS bins/ libs

   app a Guest OS bins/ libs app d Guest OS bins/ libs app b Guest OS bins/ libs app c Virtual Machine

8. Docker Containers Server Host OS bins/libs app b app d

   app c Container Docker Engine bins/libs app a

9. Benefits & Gaps of Containers Benefits Gaps Speed Portability Density

   Security Persistent State Credentials

10. Simple Docker Workflow Pull (Download) Run (Launch) Commit (Snapshot)

11. docker pull ubuntu:12.04 ubuntu 12.04

12. docker run ubuntu:12.04 apt-get update ubuntu 12.04 apt-get update 012345678

13. docker commit 012345678 ubuntu 12.04 apt-get update 012345678

14. docker run 012345678 apt-get upgrade ubuntu:12.04 apt-get update 012345678 apt-get

    upgrade ABCDEFG

15. docker commit ABCDEFG ubuntu:12.04 apt-get update ABCDEFG apt-get upgrade

16. The Dockerfile FROM ubuntu:12.04 RUN apt-get update RUN apt-get upgrade

17. Dockerfile Workflow Pull Build Run Run Commit

18. docker build mycontext FROM ubuntu:12.04 RUN apt-get update RUN apt-get

    install apache2 ADD myconf.conf \ /etc/apache2/sites-enabled/mysite ADD mysite /var/www/mysite Dockerfile myconf.conf mycontext mysite index.html Dockerfile

19. Chef Container

20. Chef Container is a package that provides configuration management for

    your containers.

21. Chef Container allows you to: • define your container configuration

    using Chef recipes. • idempotently manage the running state of your container. • safely manage multiple services inside your container.

22. Chef Container is a great for handling: • installation and

    configuration of complex applications. • transitioning traditional architecture to containers. • handling last-mile configuration when container boots.

23. Consistency Across Architectures Physical Virtual Cloud Container

24. Mixed Architecture Applications Development Test QA Prod

25. Understanding the PID1 Problem $ docker run busybox ps -ef

    PID USER COMMAND 1 root ps -ef • The command you specify via docker run replaces init and becomes the root process (PID1).

26. Addressing the PID1 Problem • The root process (PID1) is

    responsible for: • telling the container what processes it should run. • ensuring all child processes are properly managed.

27. Chef Container Components chef-client runit chef-init

28. runit is a lightweight, cross-platform init scheme you can use

    to ensure all child processes are properly managed. http://smarden.org/runit/

29. chef-init is a root process which can launch and manage

    multiple processes inside a container. https://github.com/opscode/chef-init

30. debian logo redhat logo centos logo init init init init

31. debian logo redhat logo centos logo docker

32. debian logo redhat logo centos logo chef-init chef-init chef-init chef-init

    docker runit runit runit runit

33. Knife Container Workflow

34. knife container TOOL SUBCOMMAND chef gem install knife-container

35. knife container docker init Generate Docker Context Download Base Docker

    Image Docker Components Chef Components

36. knife container docker init $ knife container docker init NAMESPACE/IMAGE_NAME

    [options] Frequently Used Options Flag Description -f The base Docker image to use. The default is chef/ubuntu-12.04. -r Your Chef run list. -z Use chef-client local mode. -b Use Berkshelf to manage cookbook dependencies.

37. v0 ubuntu-12.04 knife container docker init myorg/myapp

38. knife container docker build Resolve Chef Dependencies Build Docker Image

    Cleanup Chef Artifacts

39. knife container docker build $ knife container docker build NAMESPACE/IMAGE_NAME

    [options] Frequently Used Options Flag Description --force Force the resolution of Chef dependencies.

40. v0 ubuntu-12.04 knife container docker build myorg/myapp v1

41. v0 ubuntu-12.04 knife container docker build myorg/myapp v1 v2

42. Long Term Speed Benefits A B C D L1 L2

    L3 L4 R1 R2 R3 R4

43. Long Term Speed Benefits A B C D L1 L2

    L3 L4 R1 R2 R3 R4

44. ubuntu:12.04 L1 Image v1 ubuntu-12.04 CCR1 : R1-4 Image v1

    L2 L3 L4

45. ubuntu:12.04 L1 Image v2 ubuntu-12.04 CCR1 : R1-4 Image v2

    L2 L3 L4 CCR2 : R2

46. Why use Chef Container? 1) Fast and easy transition from

    existing architecture. 2) Consistent configuration model across containerization solutions and types of architectures. 3) Mixed infrastructure environments. 4) Idempotency in your image build process and in your running containers. 5) Decreased overhead for configuration changes.

47. More Information

48. Documentation Documentation: http://docs.getchef.com/containers.html Docker Images: https://hub.docker.com/u/chef Feedback: http://github.com/opscode/chef-init http://github.com/opscode/knife-container

49. Roadmap • Rebuild images from a fresh base image. •

    Add multiple, custom tags to your Docker images. • Improved management of secure credentials. What would you like to see? Submit input and feedback! http://github.com/opscode/knife-container/issues http://github.com/opscode/chef-init/issues

50. Questions? Tom Duffield | @tomduffield

51. None