Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Docking your services with Docker

Docking your services with Docker

A presentation showing how docker & LXC will (future tense) change our lives.

Haggai Philip Zagury

January 28, 2014
Tweet

More Decks by Haggai Philip Zagury

Other Decks in Technology

Transcript

  1. FullStack Developers Israel Hosted by: Docking micro services with Haggai

     Philip  Zagury   28.1.2014 Google Campus T.A
  2. {    } Haggai Philip Zagury, DevOps Engineer over 10

    years of DevOps expertise •  Continuous integration •  Continuous delivery •  It Operations •  Configuration management
  3. “ “  I am a member of Tikal's DevOps/ALM group.

    With over 15 members, we meet, share, contribute and code together on a monthly basis
  4. } FABRIC   *  n   MONOLITHIC style for SOA/MSA

    service  A   service  B   service  C  
  5. text MONOLITHIC “style” •  Much more “base images” in order

    to save time •  Deployment takes much longer (ad hoc configuration) •  Consolidate in order to save time •  Backup & Restore ? doesn’t save time :( •  Security ? System provisioning (& OS provisioning)  
  6. text MONOLITHIC “style” • Kernel  version  not  supported   • Other  component's

     depend  on  that   • Wait  for  next  release  /  OS  upgrade   I  need  xyz  installed  
  7. text More images == GB/$$/PERF Between 100MB & nGB Cost

    in storage … [ e.g. S3 ] Cost in performance [ VMware …]
  8. } FABRIC   *  n   Choose 1 tool for

    the job ?! service  A   service  B   service  C  
  9. Containers   •  OSLV  -­‐  OperaJng  System  Level  VirtualizaJon  (link)

      •  API  &  tooling,  which  enable  *nix  users  to  easily   create  and  manage  system  or  applicaJon   containers.    
  10. text Linux Containers (LXC) - Why ? Why now ?

      •  Solaris Zones (containers - link) •  Vserver •  Openvz •  Chroot Isn't there enough container tech ?   •  Solaris not widely used as linux/freebsd … •  Linux kernel support ( >= 2.6.27 ) •  Application segmentation •  We really need it !!! => “.service” era
  11. text Linux Containers (LXC) - Why ? Limitation   • 

    Kernel namespaces [ isolated processes, network etc ] •  Chroot & Seccomp (isolation) •  Control groups (a.k.a cgroups)   Features   • Only Linux !
  12. Why DOCKER ? Why? •  A wrapper for LXC • 

    An abstraction layer for LXC + features So Why not “plain old” LXC ? •  Portable deployments across machines •  LXC alone doesn't guarantee that ! •  Docker build - a “build tool” designed for portability •  Application centric / OS centric [ Docker’s API ] •  SHA-1 (git like) based versioning •  DRY / Reuse - 1 base image for many applications •  Sharing - index (global) or registry (private / on prem)
  13. text Docker ( & LXC ) Solve ! •  Daemon

    per container ISOLATION   Any  version  is  supported  
  14. text Docker ( & LXC ) Solve ! SECURITY  

    •  Daemon per container ISOLATION   •  Container == Independent ( user/group/service etc) •  New version == new container ( not toe trading …)
  15. text Docker ( & LXC ) Solve ! SECURITY  

    •  Daemon per container ISOLATION   •  Container == Independent ( user/group/service etc) •  New version == new container ( not toe trading …) PORTABILITY   •  Container on DEV machine => to production •  Deploy from private registry •  Rollback == latest -1
  16. VM  vs  Container   •  No hypervisor layer •  No

    lib duplication •  Shared kernel •  VMS are “heavy” •  5-10 x Faster •  Startup time •  VMS are “heavy” •  Better utilize HW (cloud)
  17. Docker   Micro service example Host  /  VM    

    •  ROR  front  end   •  Key-­‐value  store  
  18. The developer workflow •  How do we test locally ?

    { if running on windows / OSX } •  Define an interface with operations ?
  19. Vagrant & Docker Vagrant.configure("2") do |config| config.vm.box = "dummy" config.vm.provider

    :docker do |docker| docker.image = "your/image:tag" docker.cmd = ["/path/to/your", "command"] end end vagrant  plugin  install  docker-­‐provider     -­‐  docker  friendly  vagrant  image  
  20. Fast,  isolated  development   environments  using  Docker.   •  Define

    your application’s environment •  OS •  Packages •  Configuration ! etc •  Number of machines ? •  Define a container via Dockerfile •  Use that Dockerfile to define your environment (via yaml file) web:      build:  .      links:        -­‐  db      ports:        -­‐  8000:8000   db:      image:  hagzag/pgsql   workflow  
  21. Search & Get an image docker  search  <keyword>    

    root@docker-­‐poc:/tmp#  docker  search  centos*6   NAME                                                              DESCRIPTION                                                                                STARS          OFFICIAL      TRUSTED   saltstack/centos-­‐6                                                                                                                                        0                                                  [OK]   salgest/centos-­‐6                                                                                                                                          0                                                  [OK]   saltstack/centos-­‐6-­‐minimal                                                                                                                        1                                                  [OK]   leifw/tokumx-­‐buildslave-­‐centos-­‐6                                                                                                          0                                                  [OK]   tenforward/centos-­‐i386                            CentOS  6  32bit  image                                                        0   hansode/rpmbuilder-­‐rhel6                        CentOS-­‐6  with  rpmdevtools                                  0   ...   hgp://index.Docker.io  
  22. Define your own Dockerfile  -­‐>  Redis  server  running  in  a

     container     #  Docker  Image/tag   FROM                  ubuntu:12.10   #  command(s)  to  execute  on  container     RUN                        apt-­‐get  update   RUN                        apt-­‐get  -­‐y  install  redis-­‐server   #  what  port  to  listen  on   EXPOSE            6379   #  once  container  is  acJve  what  binary  to  run   ENTRYPOINT      ["/usr/bin/redis-­‐server"]  
  23. Docker - Choose base docker  pull  user/container-­‐name     root@docker-­‐poc:/tmp#

     docker  pull  saltstack/centos-­‐6-­‐minimal   Pulling  repository  saltstack/centos-­‐6-­‐minimal   aca320b373f2:  Download  complete   f2f28f99c5fd:  Download  complete   bf9724189396:  Download  complete   e7adb01c55f6:  Download  complete   a3f13a39bbbe:  Download  complete       Git  style  “tags”   Salt  –  inside  …  
  24. Docker build build  from  Dockerfile       docker  build

     .     Step  1  :  FROM  ubuntu:12.10    -­‐-­‐-­‐>  b750fe79269d   Step  2  :  RUN  apt-­‐get  update    -­‐-­‐-­‐>  Running  in  0d768rc284d   Fetched  9813  kB  in  20s  (481  kB/s)    -­‐-­‐-­‐>  46a6f0556e96   Step  3  :  RUN  apt-­‐get  -­‐y  install  redis-­‐server    -­‐-­‐-­‐>  Running  in  5ea88c37d21f   The  following  extra  packages  will  be  installed:      libjemalloc1   The  following  NEW  packages  will  be  installed:      libjemalloc1  redis-­‐server   0  upgraded,  2  newly  installed,  0  to  remove  and  0  not  upgraded.   Need  to  get  319  kB  of  archives.    
  25. Docker build …   Processing  triggers  for  ureadahead  ...  

     -­‐-­‐-­‐>  ba4030995701   Step  4  :  EXPOSE  6379    -­‐-­‐-­‐>  Running  in  24720beda74b    -­‐-­‐-­‐>  6fdf06372117   Step  5  :  ENTRYPOINT  ["/usr/bin/redis-­‐server"]    -­‐-­‐-­‐>  Running  in  c9b9480840ad    -­‐-­‐-­‐>  a6dd4adbb425   Successfully  built  a6dd4adbb425     docker  images   REPOSITORY                                      TAG                                  IMAGE  ID                        CREATED                          VIRTUAL  SIZE   <none>                                              <none>                            a6dd4adbb425                8  minutes  ago              297.2  MB  
  26. Docker tag & push docker  tag  a6dd4adbb425  localhost:5000/redis_hagzag    

      docker  push  localhost:5000/redis_hagzag   The  push  refers  to  a  repository  [localhost:5000/redis_hagzag]  (len:  1)   Sending  image  list   Pushing  repository  localhost:5000/redis_hagzag  (1  tags)   27cf78414709:  Image  successfully  pushed   b750fe79269d:  Image  successfully  pushed   46a6f0556e96:  Image  successfully  pushed   ba4030995701:  Image  successfully  pushed   6fdf06372117:  Image  successfully  pushed   a6dd4adbb425:  Image  successfully  pushed   Pushing  tags  for  rev  [a6dd4adbb425]  on  {hgp://localhost:5000/v1/repositories/ redis_hagzag/tags/latest}  
  27. The Deployment workflow •  Provide docker-registry service / interface • 

    Monitoring & Logging facilities •  Data binding / persistent configuration
  28. Docker   Our service Host  /  VM     • 

    Using  –name  &  -­‐link   •  Linking  containers  by   reference  (not  ip)   build  run  +  -­‐name,  build  run  +  -­‐link  tag  =  complete  “.service”  on  a  single  node  
  29. Docker run & ps docker  run  -­‐name  redis  -­‐d  a6dd4adbb425

            docker  ps   CONTAINER  ID                IMAGE                              COMMAND                                CREATED                          STATUS                            PORTS                                        NAMES   9026507ef675                a6dd4adbb425    /usr/bin/redis-­‐serve      12  minutes  ago            Up  12  minutes              6379/tcp                                   redis   7e88dcb96856                registry:0.6.1            /bin/sh  -­‐c  cd  /docke      9  days  ago                    Up  40  minutes              0.0.0.0:5000-­‐>5000/ tcp      condescending_thompson    
  30. What we achieved ? In container responsibility •  Latest code

    •  Dependencies Out container responsibility •  Security & Remote access •  Logging •  Monitoring •  Networking take  tag  “latest”  of  app  A   docker  push  <reg-­‐name>/app-­‐1   docker  pull  <reg-­‐name>/app-­‐1   Immutability ? - not just yet … but we are getting close
  31. Evolving with Docker OpsEnv   •  FIG   •  Vagrant

     –  buggy   •  Chef-­‐docker  (hgps://github.com/bflad/chef-­‐docker)     •  Chef  Docker  registry  ( hgp://community.opscode.com/cookbooks/docker-­‐registry)     DevEnv   •  Chef-­‐docker  (hgps://github.com/bflad/chef-­‐docker)     •  Chef  Docker  registry  ( hgp://community.opscode.com/cookbooks/docker-­‐registry)     •  Puppet  docker  (hgp://forge.puppetlabs.com/garethr/docker)     •  DOTCLOUDS  (focke  authors)  –  About  to  base  PASS  based  on  Docker  
  32. text To Summarize •  Very promising & almost J production

    ready •  A great complementary to existing CM tooling •  Simplifies deployment (I know it doesn’t seem so)