Introduction to Docker @edmodo

Docker Meetup @edmodo– 03/25/2014 Introduction to Docker Victor Vieux, Docker
Inc. @vieux

Outline •  Whom is this for ? •  What’s a
the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions

Devs •  all languages •  all databases •  all O/S
•  targeting Linux system Docker will eventually be able to target FreeBSD, Solaris, and maybe OS X

Ops •  any distro •  any cloud •  any machine
(physical, virtual…) •  recent kernels – at least 3.8 – Or the one that comes with RHEL 6.5

The Matrix From Hell

Another Matrix From Hell

Solution: the intermodal shipping container

Solved!

Solution to the deployment problem: the Linux container

Solved!

Linux containers… Units of software delivery. •  run everywhere – 
regardless of kernel version –  regardless of host distro •  (but container and host distro must match*) •  run anything –  if it can run on the host, it can run in the container –  i,e., if it can run on a Linux kernel, it can run *Unless you emulate CPU with QEMU and binfmt

High level approach: lightweight VM •  own process space • 
own network interface •  can run stuff as root •  can have it’s own /sbin/init (different from the host) “Machine Container”

Low level approach: chroot on steroids •  can also not
have it’s own /sbin/init •  container = isolated process(es) •  share kernel with the host “Application Container”

Separation of concerns: dev POV •  inside my container: – my
code – my libraries – my packages – my app – my data

Separation of concerns: ops POV •  outside the container: – logging
– remote access – network configuration – monitoring

How does it works ? Isolation with namespaces •  pid
•  mnt •  net •  uts •  ipc •  user

How does it works ? Isolation with cgroups •  memory
•  cpu •  blkio •  devices

How does it works ? Copy-on-write storage •  unioning filesystems
– AUFS, overlayFS •  snapshotting filesystems – BTRFS, ZFS •  copy-on-write block devices – Thin snapshots with LVM or device-mapper

Storage efficiency: many options!

Compute efficiency: almost no overhead •  Processes isolation –  but
run straight on the host •  CPU performance –  equal to native performance •  Memory performance –  small overhead for (optional) accounting •  Network performance –  small overhead, can be reduced to zero

Classic: hello world •  Get one base image (ubuntu, centos,
busybox, …) $> docker pull ubuntu •  List images on you system $> docker images •  Display hello world $> docker run ubuntu:12.10 echo “hello world”

Detached mode •  Run docker using the detach flag (-d)
$> docker run –d busybox ping google.com •  Get container’s id $> docker ps •  Attach to the container $> docker attach <container_id> •  Stop/Start/Restart the container $> docker stop/start/restart <container_id>

Container vs Images •  Remove a file from an image
$> docker run busybox rm /etc/passwd •  The file is still there ?? $> docker run busybox cat /etc/passwd •  Commit the changes $> docker ps –n=2 #get the container’s id $> docker commit <id> broken-busybox •  The file is gone $> docker run broken-busybox cat /etc/passwd

Public index & Network •  Pull an apache image from
the public index $> docker search apache $> docker pull creack/apache2 •  Run the image and check the ports $> docker run –d creack/apache2 $> docker ps •  Expose public ports $> docker run –d –p 8888:80 –p 4444:443 creack/apache2 $> docker ps

Creating your 1st app: the interactive way •  Using docker
in interactive mode $> docker run –i -t ubuntu bash root@82c63ee50c3d:/# root@82c63ee50c3d:/# apt-get update root@82c63ee50c3d:/# apt-get install memcached -y root@82c63ee50c3d:/# exit •  Commit the image $> docker commit `docker ps –q –l` vieux/memcached •  Start the image $> docker run –d –p 11211 –u daemon vieux/memcached memcached

Creating your 1st app: the boring way •  Using run
/ commit $> docker ubuntu bash apt-get update $> $ID=(docker commit `docker ps –l –q`) $> docker run $ID apt-get install memcached -y $> docker commit `docker ps –q –l` vieux/memcached •  Define default configuration at commit $> docker commit -–run=‘{“Entrypoint”:[“memcached”]}’ •  Start the image $> docker run –d –p 11211 –u daemon vieux/memcached

Creating your 1st app: the scripted way •  Write a
Dockerfile # Memcache FROM UBUNTU MAINTAINER Victor Vieux <[email protected]> RUN apt-get update RUN apt-get install memcached –y ENTRYPOINT [“memcached”] USER daemon EXPOSE 11211 •  Build the image $> docker build –t vieux/memcached •  Start the image $> docker run –d vieux/memcached # Memcache FROM UBUNTU:12.10 MAINTAINER Victor Vieux <[email protected]> RUN apt-get update RUN apt-get install memcached –y ENTRYPOINT [“memcached”] USER daemon EXPOSE 11211

Index •  http://index.docker.io •  Closed source •  Manage user accounts,
trusted builds, comments, stars, etc...

Registry •  https://github.com/dotcloud/docker-registry •  Open source, written in Python • 
Manage actual images files. •  Multiple storage backend: – Local – S3 – Google Cloud Storage – etc…

How to use a private registry $> docker push <namespace>/<name>
•  Docker uses the namespace to know where to push, if the namespace is an url, it will push on this url #push <image> in the namespace <namespace> to the index $> docker push <namespace>/<name> #push the <name> to your a private registry <url> $> docker push <url>/<name> •  Same mechanism for docker pull

Example: push busybox to your registry # Rename add a
new name to the busybox image $> docker tag busybox my.registry.com:5000/busybox # Push the image to your registry $> docker push my.registry.com:5000/busybox

Local development •  App running in prod http://app.vieux.fr/ •  Build
local $> docker build –t=app . •  Test local $> docker run –p 49200:8000 app http://localhost:49200 •  Change some files •  Rebuild & test $> docker build –t=app . $> docker run –p 49200:8000 app

Push to production •  Tag image in order to push
it $> docker tag app registry.vieux.fr/app •  Push image to local registry $> docker push registry.vieux.fr/app •  On production server, download image $> docker pull registry.vieux.fr/app •  Start the new container $> docker run –d registry.vieux.fr/app

Seamless update •  List running containers •  Update hipache config
$> docker inspect –f ’{{.NetworkSettings.IPAddress}} <id> $> redis-cli lset frontend:app.vieux.fr -1 http://<ip>:<port> •  See the changes live http://app.vieux.fr/

Docker: the community •  10000+ GitHub stars •  300+ Contributors
•  ~50% of all commits made by external contributors •  1500+ GitHub forks •  260k+ index pulls •  and counting…

Docker: the future •  0.9.1 was today, 1.0 around the
corner... •  Supports AUFS, BTRFS and device-mapper as storage drivers, more to come… (ZFS?, OverlayFS?) •  Support our native go implementation and LXC as execution driver, more to come... (systemd-nspawn?) •  Stable plugins (as container?) API •  Introspection •  Image signature

h"p://dockercon.com

Thank you! Questions? http://docker.io http://docker.com @docker - @vieux

Introduction to Docker @edmodo

Introduction to Docker @edmodo

More Decks by Victor Vieux

Other Decks in Technology

Featured

Transcript