Non-traditional use of Docker (Nette Camp #3)

Non-traditional use of Docker Vladimír Kriška @ujovlado

$ whoami Brogrammer Developer at Keboola building ETL platform Keboola
Connection writing about it at 500.keboola.com WebElement organizer - web dev meetup (on hold) Rekurzia - custom dev trainings twitter.com/ujovlado 2

Why containers? 3

Why containers? Isolation Simplicity One container, one task, one process*
Lock environment No more "works on my machine" problems They're lightweight Almost as native (probably 99.9%) 4

Why Docker? 5

Why Docker? Most popular No VM needed* Easy to learn
Lightweight Fast startup Well supported Docker Compose Docker Swarm, etc. 6

Let's begin! 7

1. Standard usage (for dev) Docker le: FROM node:7 RUN
apt-get update -q \ && apt-get install apt-transport-https \ && wget https://dl.yarnpkg.com/debian/pubkey.gpg -O pubkey.gpg && apt-key add pubkey.gpg \ && echo "deb https://dl.yarnpkg.com/debian/ stable main" > /et && apt-get update -q \ && apt-get install yarn -y 8

docker-compose.yml: services: node: build: . ports: - "3000:3000" volumes: -
./:/code working_dir: /code tty: true command: sh -c 'yarn && yarn start' and: docker-compose run --rm --service-ports node 9

2. Helpers (e.g. in Travis) services: - docker script: -
... - docker-compose up -d udp-listener - php tests/run.php - docker-compose logs udp-listener | grep 'Some text' check if library made UDP request 10

3. Concurency problems (almost DIND) $ docker run --rm \
-v /var/run/docker.sock:/var/run/docker.sock \ docker:1.11 \ sh -c 'docker login \ && docker pull some-image \ && docker logout' mounting Docker socket to container Docker in container will run Docker on host logins will not con ict 11

4. Tools you don't want on host e.g. Ruby or
Node PHP ... 12

4.1. Travis CLI to run Travis CLI in container using
host FS FROM ruby:2 RUN gem install travis -v 1.8.2 --no-rdoc --no-ri ARG USER_NAME ARG USER_UID ARG USER_GID RUN groupadd --gid $USER_GID $USER_NAME RUN useradd --uid $USER_UID --gid $USER_GID $USER_NAME ENTRYPOINT ["travis"] 13

4.1. Travis CLI $ docker build -t travis \ --build-arg
USER_UID=ìd -u` \ --build-arg USER_GID=ìd -g` \ --build-arg USER_NAME=ìd -un` \ . $ docker run -i -t --rm \ -v "/home/vlado/workspace/travis-cli/.travis :/home/ìd -un`/.travis" \ -u ìd -u` \ travis 14

4.1. Travis CLI #!/bin/bash docker run -i -t --rm \
-v "/home/vlado/workspace/travis-cli/.travis :/home/`id -un`/.travis" \ -v "$PWD:$PWD" \ -w $PWD \ -u `id -u` \ travis "$@" 15

5. OpenVPN FROM debian:jessie RUN apt-get update -q \ &&
apt-get install openvpn ssh -y --no-install-recommends ARG USER_NAME ARG USER_UID ARG USER_GID RUN groupadd --gid $USER_GID $USER_NAME \ && useradd --uid $USER_UID --gid $USER_GID \ --shell /bin/bash $USER_NAME COPY entrypoint.sh /root/ ENTRYPOINT ["/root/entrypoint.sh"] 16

Entrypoint: openvpn --daemon --config $1 && su - $SU_USERNAME Build:
docker build -t openvpn \ --build-arg USER_UID=ìd -u` \ --build-arg USER_GID=ìd -g` \ --build-arg USER_NAME=ìd -un` \ . similar Travis CLI 17

Run script: #!/bin/bash SCRIPT_DIR=$(cd `dirname $0`; pwd -P) if [
! -f $SCRIPT_DIR/config/$1 ]; then echo "Specified config file not found" else docker run -i -t --rm \ --device "/dev/net/tun:/dev/net/tun" \ -v "$SCRIPT_DIR/config:/etc/openvpn/config" \ -v "/home/ìd -un`/.ssh:/home/ìd -un`/.ssh" \ -w "/etc/openvpn/config" \ --cap-add NET_ADMIN \ --env SU_USERNAME=ìd -un` \ openvpn $1 fi 18

6. Shared socket services: syslog: build: docker/syslog volumes: - ./docker/.syslog-datadir/socket:/syslog-socket
- ./docker/.syslog-datadir/log:/var/log syslog-watcher: image: debian:8 volumes_from: - syslog command: tail -f /var/log/syslog everything is a le 19

services: apache: build: docker/php-apache volumes: - ... - ./docker/.syslog-datadir/socket/log:/dev/log -
... links: - syslog now you can log to syslog and will see logs using "watcher" service 20

Conclusion you can run any service in Docker in Linux,
everything is a le -> can be mounted super fast onboarding (just docker run/up) clean host system ... 21

Questions? 22

Non-traditional use of Docker (Nette Camp #3)

Non-traditional use of Docker (Nette Camp #3)

Vladimír Kriška

More Decks by Vladimír Kriška

Other Decks in Programming

Featured

Transcript

Non-traditional use of Docker Vladimír Kriška @ujovlado

$ whoami Brogrammer Developer at Keboola building ETL platform Keboola

Why containers? 3

Why containers? Isolation Simplicity One container, one task, one process*

Why Docker? 5

Why Docker? Most popular No VM needed* Easy to learn

Let's begin! 7

1. Standard usage (for dev) Docker le: FROM node:7 RUN

docker-compose.yml: services: node: build: . ports: - "3000:3000" volumes: -

2. Helpers (e.g. in Travis) services: - docker script: -

3. Concurency problems (almost DIND) $ docker run --rm \

4. Tools you don't want on host e.g. Ruby or

4.1. Travis CLI to run Travis CLI in container using

4.1. Travis CLI $ docker build -t travis \ --build-arg

4.1. Travis CLI #!/bin/bash docker run -i -t --rm \

5. OpenVPN FROM debian:jessie RUN apt-get update -q \ &&

Entrypoint: openvpn --daemon --config $1 && su - $SU_USERNAME Build:

Run script: #!/bin/bash SCRIPT_DIR=$(cd `dirname $0`; pwd -P) if [

6. Shared socket services: syslog: build: docker/syslog volumes: - ./docker/.syslog-datadir/socket:/syslog-socket

services: apache: build: docker/php-apache volumes: - ... - ./docker/.syslog-datadir/socket/log:/dev/log -

Conclusion you can run any service in Docker in Linux,

Questions? 22