A tutorial of Docker for Begineers

Transcript

1. A tutorial of Docker for beginners a.k.a. 夯的搭可⼩小教室 Tsundere Chen

   20150912

2. Outline • What is Docker? • What can I do

   with Docker? • Let’s get started with Docker! • The facts of Docker (containers, namespaces…etc) • Demo Time — WordPress ( NginX + PHP + MySQL) • Something More……

3. Who am I ? • 芦川 光 / 陳⼤大⽴立 •

   Ashikawa Hikari / Tsundere Chen • http://www.kisekinoashita.org • Python / AngularJS • SOSCET ⽂文書（？

4. OK…So,What is Docker?

5. None
6. None

7. It’s not ducker, it’s Docker.

8. Build, Ship, and Run Any App, Anywhere

9. Docker Docker containers wrap up a piece of software in

   a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server. This guarantees that it will always run the same, regardless of the environment it is running in. Blah Blah Blah ~~~~

10. Docker ( Again ) • It’s a container, not VM

    • Portable • Self-Sufficient • Light-Weight • Most important of all, it’s Open Source

11. VMs vs. Docker

12. Why Docker? • Speed! Ship Manual Deploy Auto Deploy Start

    Bare Metal Couple Days A few hours 15 Minutes 1 Minute Virtual Machine A few minutes A few minutes A few seconds In a minute Docker In seconds In seconds In seconds In seconds

13. Why Docker? • Footprint Normally, you can start • 10

    ~ 50 Virtual Machines • 100 ~ 1000 Docker Containers In the same time!

14. Why Docker? • It’s Containerization! Each container has its own

    • Network interface and IP address • Filesystem • Security • Resource Usage

15. What can I do with Docker? If you are Developer……

    • Continous Integration a.k.a. CI • Get rid of Dependency Problem • Everything in Docker

16. What can I do with Docker? If you are Normal

    User…… • Basically you can do everything just like on a real VM ……but faster.

17. What are we waiting for? Let’s get started!

18. Wait…… Before you start using Docker, here are things you

    must know. • Images • Containers • Repository

19. Images • Read-only Layer • Loads into container • Commit

    a container, and you get an image

20. Containers • Container comes from Image • You can create,

    start, stop, delete container • You can link containers together For example, Web Container can link with SQL Container

21. Repository • Bunch of Images • User Type • Top

    level Type

22. Let’s get started with Docker! • First, install Docker —

    curl -sSL https://get.docker.com/ | sh • Let’s pull Debian Jessie ! docker pull debian:jessie • Start a container with bash ! docker run -it debian:jessie bash

23. • After exit a container, list images and containers docker

    images & docker ps ( -a ) • Daemonize your container docker run -d debian:jessie /bin/sh -c “while true; do echo Hello World!; sleep 1; done;” docker logs <container_id> • Remove your container docker rm <container_id>

24. • Pull this image docker pull kisekinoashita/python2_pip • Use this

    Image to run Flask, and start a app. It’s already in kisekinoashita/Flask_Demo • Run this image! docker run -d -p 49500:5000 <image> python2 app.py

25. The facts of Docker

26. The facts of Docker • LXC • Cgroups • Kernel

    namespaces • AUFS

27. LXC • LinuX Container • Create, Start, Console, Stop, Destroy

28. AUFS LXC Docker Base Image (Ubuntu) Base Image (CentOS) Container

    Image (Apache) Container Kernel

29. But where are cgroups and namespaces ?

30. Namespaces Partition essential kernel structures to create virtual environments For

    example, you can have multiple processes with PID 234, in different environments Go with “ man namespaces ”

31. What’s in namespaces • pid ( Processes ) • net

    ( Network Interfaces, Routing ) • ipc ( System V IPC ) • mnt ( Mount Points, Filesystems ) • uts ( Hostname ) • user ( UIDs)

32. Namespaces — pid • Processes in pid can’t see processes

    of your whole system • Each pid namespace has its own PID #1 • pid namespaces are nested • A process can have multiple PIDs • Different pid namespaces can’t effect others

33. Namespaces — pid Main OS pid 456 pid 456 Container

    A Container B pid 456 pid 2273 pid 2365

34. Namespaces — net • Each net namespace has its own

    • Network Interfaces ( and its own localhost ) • IP address • Routing Table • iptables • How to communicate between containers? • UNIX domain sockets • Pairs of Virtual Network interfaces

35. Namespaces — net Docker 0 in Main OS Physical Network

    Interface eth0 in Container A eth0 in Container B

36. Namespaces — ipc • System V IPC • Recently, POSIX

    superseded IPC • Some stuff still use legacy IPC

37. Namespaces — ipc Container A Container B App A App

    B App A App B

38. Namespaces — mnt • A Better chroot • A mnt

    namespace can have its own rootfs • Filesystem in mnt namespace is visible only in this namespace • We will explain Filesystem with AUFS later

39. Namespace — uts • Hm…Just Hostname • It’s useful when

    you have thousands of containers and you need to use THAT one

40. Namespace — user • UID 42 in A container isn’t

    UID 42 in B container • It’s isolated too!

41. Next, we will talk about cgroups

42. Still awake?

43. CAT~~

44. cgroups • Resource limit • Prioritization • Accounting • Control

    • Isolation

45. cgroup — memory • Limit • Memory usage, Swap usage

    • Soft limit or Hard limit • Account • Measure how many resource you use • Isolation • “ Get Off My RAM !” • Reserve Memory because of Hard limit

46. cgroup — cpu • Limit • cpu.shares • Account •

    cpustat.usage • Isolation • cpuset.cpus

47. cgroup — Block I/O • Limit • blkio.throttle.{read,write}.{iops,bps}device • Drawback:

    only for sync I/O • Account • Number of I/Os, bytes, service time • Drawback: same as Limit • Isolation • Same as Limit Cgroup isn’t best solution of limiting I/O

48. Last, we are going to talk about AUFS

49. AUFS • Base on UnionFS • Read-Only Base, but Read-Write

    Directory • Your new data will be in /tmp/aufs

50. AUFS — example mount -t aufs \ -o br=/containers/leguest/rw=rw:/images/ubuntu-rootfs=ro \

    none /containers/leguest/rootfs Now, if you write in rootfs, changes will go into rw.

51. AUFS — Benefit • Use a single image • Get

    a Read-Write Filesystem • Nice to Page Cache • Track your changes easily

52. — from @jpetazzo’s slide “AUFS is the worst union filesystems

    out there; except for all the others that you have been tried”

53. So…is it all? Docker only use these stuff?

54. Remember this?

55. Docker — Isolation tools • systemd-nspawn • libvirt-lxc • libvirt-sandbox

    • qemu / kvm • BSD Jails • Solaris Zones • chroot

56. Demo Time! WordPress ( NginX + PHP + MySQL)

57. Wait! Something more……

58. Docker has … • Docker Kitematic ( GUI for OS

    X and Windows(beta) ) • Docker Compose ( used to be “ Fig ” ) • Docker Machine ( A Machine tweaked for Docker ) • Docker Swarm ( Host Clustering and Container Management ) • Docker Registry ( Registry Server )

59. Container OS • Core OS • Rancher OS • Red

    Hat Project Atomic • VMWare Photon • Snappy Ubuntu Core • Windows Nano Server

60. Some way to use Docker • Copy your stuff into

    Container, pack it, deploy it on the target Server Remember don’t pack your PERSONAL DATA!!!! • Link your Container together even they are on different Server • Run VPN, Remote Desktop…etc.

61. Questions • Why Docker need OS? • Can we run

    Docker under Windows environment? • Can I deploy my App to server with Docker? • Is Docker virtualization? • Is Docker really safe?

62. Q & A

63. Thank you 20150912