Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Docker @edmodo

Introduction to Docker @edmodo

Introduction to Docker + Zero downtime deployment using Hipache

Victor Vieux

March 25, 2014
Tweet

More Decks by Victor Vieux

Other Decks in Technology

Transcript

  1. Docker Meetup @edmodo– 03/25/2014 Introduction to Docker Victor Vieux, Docker

    Inc. @vieux
  2. Outline •  Whom is this for ? •  What’s a

    the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions
  3. Outline •  Whom is this for ? •  What’s a

    the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions
  4. Devs •  all languages •  all databases •  all O/S

    •  targeting Linux system Docker will eventually be able to target FreeBSD, Solaris, and maybe OS X
  5. Ops •  any distro •  any cloud •  any machine

    (physical, virtual…) •  recent kernels – at least 3.8 – Or the one that comes with RHEL 6.5
  6. Outline •  Whom is this for ? •  What’s a

    the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions
  7. The Matrix From Hell

  8. Another Matrix From Hell

  9. Solution: the intermodal shipping container

  10. Solved!

  11. Solution to the deployment problem: the Linux container

  12. Solved!

  13. Linux containers… Units of software delivery. •  run everywhere – 

    regardless of kernel version –  regardless of host distro •  (but container and host distro must match*) •  run anything –  if it can run on the host, it can run in the container –  i,e., if it can run on a Linux kernel, it can run *Unless you emulate CPU with QEMU and binfmt
  14. Outline •  Whom is this for ? •  What’s a

    the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions
  15. High level approach: lightweight VM •  own process space • 

    own network interface •  can run stuff as root •  can have it’s own /sbin/init (different from the host) “Machine Container”
  16. Low level approach: chroot on steroids •  can also not

    have it’s own /sbin/init •  container = isolated process(es) •  share kernel with the host “Application Container”
  17. Separation of concerns: dev POV •  inside my container: – my

    code – my libraries – my packages – my app – my data
  18. Separation of concerns: ops POV •  outside the container: – logging

    – remote access – network configuration – monitoring
  19. How does it works ? Isolation with namespaces •  pid

    •  mnt •  net •  uts •  ipc •  user
  20. How does it works ? Isolation with cgroups •  memory

    •  cpu •  blkio •  devices
  21. How does it works ? Copy-on-write storage •  unioning filesystems

    – AUFS, overlayFS •  snapshotting filesystems – BTRFS, ZFS •  copy-on-write block devices – Thin snapshots with LVM or device-mapper
  22. Storage efficiency: many options!

  23. Compute efficiency: almost no overhead •  Processes isolation –  but

    run straight on the host •  CPU performance –  equal to native performance •  Memory performance –  small overhead for (optional) accounting •  Network performance –  small overhead, can be reduced to zero
  24. Outline •  Whom is this for ? •  What’s a

    the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions
  25. Classic: hello world •  Get one base image (ubuntu, centos,

    busybox, …) $> docker pull ubuntu •  List images on you system $> docker images •  Display hello world $> docker run ubuntu:12.10 echo “hello world”
  26. Detached mode •  Run docker using the detach flag (-d)

    $> docker run –d busybox ping google.com •  Get container’s id $> docker ps •  Attach to the container $> docker attach <container_id> •  Stop/Start/Restart the container $> docker stop/start/restart <container_id>
  27. Container vs Images •  Remove a file from an image

    $> docker run busybox rm /etc/passwd •  The file is still there ?? $> docker run busybox cat /etc/passwd •  Commit the changes $> docker ps –n=2 #get the container’s id $> docker commit <id> broken-busybox •  The file is gone $> docker run broken-busybox cat /etc/passwd
  28. Public index & Network •  Pull an apache image from

    the public index $> docker search apache $> docker pull creack/apache2 •  Run the image and check the ports $> docker run –d creack/apache2 $> docker ps •  Expose public ports $> docker run –d –p 8888:80 –p 4444:443 creack/apache2 $> docker ps
  29. Creating your 1st app: the interactive way •  Using docker

    in interactive mode $> docker run –i -t ubuntu bash root@82c63ee50c3d:/# root@82c63ee50c3d:/# apt-get update root@82c63ee50c3d:/# apt-get install memcached -y root@82c63ee50c3d:/# exit •  Commit the image $> docker commit `docker ps –q –l` vieux/memcached •  Start the image $> docker run –d –p 11211 –u daemon vieux/memcached memcached
  30. Creating your 1st app: the boring way •  Using run

    / commit $> docker ubuntu bash apt-get update $> $ID=(docker commit `docker ps –l –q`) $> docker run $ID apt-get install memcached -y $> docker commit `docker ps –q –l` vieux/memcached •  Define default configuration at commit $> docker commit -–run=‘{“Entrypoint”:[“memcached”]}’ •  Start the image $> docker run –d –p 11211 –u daemon vieux/memcached
  31. Creating your 1st app: the scripted way •  Write a

    Dockerfile # Memcache FROM UBUNTU MAINTAINER Victor Vieux <vieux@docker.com> RUN apt-get update RUN apt-get install memcached –y ENTRYPOINT [“memcached”] USER daemon EXPOSE 11211 •  Build the image $> docker build –t vieux/memcached •  Start the image $> docker run –d vieux/memcached # Memcache FROM UBUNTU:12.10 MAINTAINER Victor Vieux <vieux@docker.com> RUN apt-get update RUN apt-get install memcached –y ENTRYPOINT [“memcached”] USER daemon EXPOSE 11211  
  32. Outline •  Whom is this for ? •  What’s a

    the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions
  33. Index •  http://index.docker.io •  Closed source •  Manage user accounts,

    trusted builds, comments, stars, etc...
  34. Registry •  https://github.com/dotcloud/docker-registry •  Open source, written in Python • 

    Manage actual images files. •  Multiple storage backend: – Local – S3 – Google Cloud Storage – etc…
  35. How to use a private registry $> docker push <namespace>/<name>

    •  Docker uses the namespace to know where to push, if the namespace is an url, it will push on this url #push <image> in the namespace <namespace> to the index $> docker push <namespace>/<name>   #push the <name> to your a private registry <url> $> docker push <url>/<name> •  Same mechanism for docker pull
  36. Example: push busybox to your registry # Rename add a

    new name to the busybox image $> docker tag busybox my.registry.com:5000/busybox       # Push the image to your registry $> docker push my.registry.com:5000/busybox  
  37. Outline •  Whom is this for ? •  What’s a

    the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions
  38. Local development •  App running in prod http://app.vieux.fr/ •  Build

    local  $> docker build –t=app . •  Test local $> docker run –p 49200:8000 app  http://localhost:49200 •  Change some files •  Rebuild & test $> docker build –t=app . $> docker run –p 49200:8000 app
  39. Push to production •  Tag image in order to push

    it $> docker tag app registry.vieux.fr/app •  Push image to local registry $> docker push registry.vieux.fr/app •  On production server, download image $> docker pull registry.vieux.fr/app •  Start the new container $> docker run –d registry.vieux.fr/app  
  40. Seamless update •  List running containers •  Update hipache config

    $> docker inspect –f ’{{.NetworkSettings.IPAddress}} <id> $> redis-cli lset frontend:app.vieux.fr -1 http://<ip>:<port> •  See the changes live http://app.vieux.fr/
  41. Outline •  Whom is this for ? •  What’s a

    the problem ? •  What’s a Container ? •  Docker 101 •  Docker index vs registry & How-To •  Demo: Deployment with zero downtime •  Docker future •  Questions
  42. Docker: the community •  10000+ GitHub stars •  300+ Contributors

    •  ~50% of all commits made by external contributors •  1500+ GitHub forks •  260k+ index pulls •  and counting…
  43. Docker: the future •  0.9.1 was today, 1.0 around the

    corner... •  Supports AUFS, BTRFS and device-mapper as storage drivers, more to come… (ZFS?, OverlayFS?) •  Support our native go implementation and LXC as execution driver, more to come... (systemd-nspawn?) •  Stable plugins (as container?) API •  Introspection •  Image signature
  44. h"p://dockercon.com    

  45. Thank you! Questions? http://docker.io http://docker.com @docker - @vieux