Your SlideShare is downloading. ×

Docker.io

3,786
views

Published on

Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at …

Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.

Published in: Technology

1 Comment
8 Likes
Statistics
Notes
No Downloads
Views
Total Views
3,786
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
37
Comments
1
Likes
8
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Ladislav Prskavec http://blog.prskavec.net @abtris 23.11.2013
  • 2. docker 4 years CloudFlare packer SoundCloud Canonical's JuJu serf
  • 3. What is docker?
  • 4. an open source project to pack, ship and run any application as a lightweight container
  • 5. Why container?
  • 6. Analogy from logistics
  • 7. build once, 
 run anywhere ~ developer
  • 8. configure once, 
 run anything ~ operations
  • 9. Containers are 
 to Virtual Machines 
 as threads are to processes. 
 Or you can think of them as chroots on steroids. ~ Will Sargent
  • 10. What is container in docker? • Kernel namespaces (ipc, uts, mount, pid, network and user) • Chroots (using pivot_root) • Apparmor and SELinux profiles • Kernel capabilities • Control groups (cgroups) • AUFS or replacement in 0.7 version and later
  • 11. Container A Container B Docker Engine HOST OS SERVER Container C
  • 12. APP A Container A Container B Container C APP B APP C Guest OS Guest OS Guest OS Docker Engine Hypervisor HOST OS HOST OS SERVER SERVER
  • 13. Basics
  • 14. Installation
  • 15. Finding and downloading images docker  search  ubuntu docker  pull  shykes/ubuntu
  • 16. Running docker  run  ubuntu  /bin/echo  hello  world   ! docker  run  -­‐i  -­‐t  ubuntu  /bin/bash
  • 17. Committing your changes docker  ps  -­‐l docker  commit  ID  base/with_curl
  • 18. Pushing an image to the repository docker  push  abtris/curl docker  push  internal_repository:5000/curl
  • 19. Image
  • 20. Parent Image
  • 21. Dockerfile Best Practices • Use the cache • Use tags • EXPOSE-ing ports • CMD and ENTRYPOINT syntax • CMD and ENTRYPOINT better together
  • 22. Use the cache FROM  ubuntu:latest   MAINTAINER  Ladislav  Prskavec   ! RUN  echo  "deb  http://archive.ubuntu.com/ubuntu   precise  main  universe"  >  /etc/apt/sources.list   ! RUN  apt-­‐get  update     RUN  apt-­‐get  -­‐y  upgrade
  • 23. Use tags ! docker  build  -­‐t="abtris/sentry"  .
  • 24. EXPOSE-ing ports ! #  private  and  public  mapping   EXPOSE  80:8080   ! #  private  only   EXPOSE  80
  • 25. CMD and ENTRYPOINT ! ! CMD  /bin/echo   #  or   CMD  ["/bin/echo"]
  • 26. CMD and ENTRYPOINT better together RUN  apt-­‐get  install  -­‐y  rethinkdb   ! #  Rethinkdb  process   EXPOSE  28015   #  Rethinkdb  admin  console   EXPOSE  8080   ! #  Create  the  /rethinkdb_data  dir  structure   RUN  /usr/bin/rethinkdb  create   ! ENTRYPOINT  ["/usr/bin/rethinkdb"]   ! CMD  ["-­‐-­‐help"]
  • 27. docker run crosbymichael/rethinkdb Running  'rethinkdb'  will  create  a  new  data  directory  or  use  an  existing  one,      and  serve  as  a  RethinkDB  cluster  node.   File  path  options:      -­‐d  [  -­‐-­‐directory  ]  path                      specify  directory  to  store  data  and  metadata      -­‐-­‐io-­‐threads  n                                        how  many  simultaneous  I/O  operations  can  happen                                                                          at  the  same  time   ! Machine  name  options:      -­‐n  [  -­‐-­‐machine-­‐name  ]  arg                  the  name  for  this  machine  (as  will  appear  in                                                                          the  metadata).    If  not  specified,  it  will  be                                                                          randomly  chosen  from  a  short  list  of  names.   ! Network  options:      -­‐-­‐bind  {all  |  addr}                              add  the  address  of  a  local  interface  to  listen                                                                          on  when  accepting  connections;  loopback                                                                          addresses  are  enabled  by  default      -­‐-­‐cluster-­‐port  port                              port  for  receiving  connections  from  other  nodes      -­‐-­‐driver-­‐port  port                                port  for  rethinkdb  protocol  client  drivers      -­‐o  [  -­‐-­‐port-­‐offset  ]  offset              all  ports  used  locally  will  have  this  value                                                                          added      -­‐j  [  -­‐-­‐join  ]  host:port                      host  and  port  of  a  rethinkdb  node  to  connect  to      .................
  • 28. docker run crosbymichael/rethinkdb —bind all info:  Running  rethinkdb  1.7.1-­‐0ubuntu1~precise  (GCC  4.6.3)...   info:  Running  on  Linux  3.2.0-­‐45-­‐virtual  x86_64   info:  Loading  data  from  directory  /rethinkdb_data   warn:  Could  not  turn  off  filesystem  caching  for  database  file:  "/ rethinkdb_data/metadata"  (Is  the  file  located  on  a  filesystem   that  doesn't  support  direct  I/O  (e.g.  some  encrypted  or  journaled   file  systems)?)  This  can  cause  performance  problems.   warn:  Could  not  turn  off  filesystem  caching  for  database  file:  "/ rethinkdb_data/auth_metadata"  (Is  the  file  located  on  a   filesystem  that  doesn't  support  direct  I/O  (e.g.  some  encrypted   or  journaled  file  systems)?)  This  can  cause  performance  problems.   info:  Listening  for  intracluster  connections  on  port  29015   info:  Listening  for  client  driver  connections  on  port  28015   info:  Listening  for  administrative  HTTP  connections  on  port  8080   info:  Listening  on  addresses:  127.0.0.1,  172.16.42.13   info:  Server  ready   info:  Someone  asked  for  the  nonwhitelisted  file  /js/ handlebars.runtime-­‐1.0.0.beta.6.js,  if  this  should  be  accessible   add  it  to  the  whitelist.
  • 29. git clone https://gist.github.com/abtris/7548643
 docker build . FROM  ubuntu:latest   MAINTAINER  Ladislav  Prskavec  <ladislav@prskavec.net>   RUN  apt-­‐get  update     RUN  apt-­‐get  -­‐y  upgrade   RUN  DEBIAN_FRONTEND=noninteractive  apt-­‐get  -­‐y  install   curl  apache2  libapache2-­‐mod-­‐php5  vim-­‐tiny     RUN  chown  -­‐R  www-­‐data:www-­‐data  /var/www/   EXPOSE  80   EXPOSE  22   CMD  ["/bin/bash"] Dockerfile
  • 30. Use raw Dockerfile 1. Cache wins. 2. Chef, ansible, etc, does not use cache. 3. Raw Dockerfile uses cache. 4. Raw Dockerfile wins.
  • 31. Links • If you have a docker container with the name CONTAINER (specified by docker run -name CONTAINER) and in the Dockerfile, it has an exposed port: 
 EXPOSE 1337 • docker run -d -link CONTAINER:ALIAS -name LINKED user/wordpress • CONTAINER will show up in LINKED with the following environment variables:
 $ALIAS_PORT_1337_TCP_PORT $ALIAS_PORT_1337_TCP_ADDR
  • 32. Container Lifecycle • docker run - creates a container. • docker stop stops it. • docker start will start it again. • docker restart restarts a container. • docker rm deletes a container. • docker attach will connect to a running container. • docker wait blocks until container stops.
  • 33. Container Info • docker ps shows running containers. • docker ps -a shows running and stopped containers. • docker inspect looks at all the info on a container (including IP address). • docker logs gets logs from container. • docker events gets events from container. • docker port shows public facing port of container. • docker top shows running processes in container.
  • 34. Import / Export • docker cp copies into a container. • docker export turns container fs into tarball.
  • 35. Images Lifecycle • docker import creates an image from a tarball. • docker build creates image from Dockerfile. • docker commit creates image from a container. • docker rmi removes an image. • docker insert inserts a file from URL into image
  • 36. Images Info • docker images shows all images • docker history shows history of image • docker tag tags an image to a name (local or registry)
  • 37. Registry & Repository • docker search searches registry for image • docker pull pulls an image from registry to local machine • docker push pushes an image to the registry from local machine.
  • 38. Good practices • Install a internal docker registry • Install Shipyard • Create base image • Build from your base image • Push your images • Save off your registry
  • 39. Install a internal docker registry Install an internal registry (the fast way) and run it as a daemon:
 • 
 docker  run  -­‐name  internal_registry  -­‐d  -­‐p   5000:5000  samalba/docker-­‐registry   • Alias server to localhost
 echo  "127.0.0.1            internal_registry"  >>  /etc/ host   • Check internal_registry exists and is running on port 5000:
 curl  -­‐-­‐get  -­‐-­‐verbose  http://internal_registry:5000/v1/ _ping
  • 40. Create base image • Create a Dockerfile with initialization code such as `apt-get update / apt-get install’ etc: this is your base. • Build your base image, then push it to the internal registry with 
 
 docker  build  -­‐t  internal_registry:5000/ base  .
  • 41. Build from your base image • Build all of your other Dockerfile pull from “base” instead of ubuntu. • Keep playing around until you have your images working.
  • 42. Push your images Push all of your images into the internal registry.
 • 
 docker  tag  IMAGE-­‐ID  abtris/apache
 
 docker  push  internal_registry:5000/apache
  • 43. Save off your registry If you need to blow away your Vagrant or set someone else up, it’s much faster to do it with all the images still intact:
 • 
 docker  export  internal_registry  >   internal_registry.tar
 
 gzip  internal_registry.tar
 
 mv  internal_registry.tar.gz  /vagrant
  • 44. Projects uses docker http://opdemand.com/ http://deis.io/ http://coreos.com/ https://flynn.io/ https://github.com/progrium/dokku
  • 45. http://index.docker.io
  • 46. https://index.docker.io/u/ abtris/devfest-2013/
  • 47. http://shipyard-project.com/
  • 48. docker.io ! https://plus.google.com/u/1/ communities/108146856671494713993 demo files https://github.com/abtris/devfest-2013 docker cheat sheet https://gist.github.com/wsargent/7049221 docker sources http://bit.ly/dockersources