Ladislav Prskavec
http://blog.prskavec.net
@abtris
23.11.2013
docker

4 years

CloudFlare
packer

SoundCloud
Canonical's JuJu

serf
What is docker?
an open source project to pack,
ship and run any application as
a lightweight container
Why container?
Analogy from logistics
build once, 

run anywhere
~ developer
configure once, 

run anything
~ operations
Containers are 

to Virtual Machines 

as threads are to processes. 

Or you can think of them as
chroots on steroids.

~ ...
What is container in docker?
•

Kernel namespaces (ipc, uts, mount, pid, network
and user)

•

Chroots (using pivot_root)
...
Container
A

Container
B

Docker Engine

HOST OS

SERVER

Container
C
APP
A

Container
A

Container
B

Container
C

APP
B

APP
C

Guest OS

Guest OS

Guest OS

Docker Engine

Hypervisor

HOST ...
Basics
Installation
Finding and
downloading images
docker	
  search	
  ubuntu
docker	
  pull	
  shykes/ubuntu
Running
docker	
  run	
  ubuntu	
  /bin/echo	
  hello	
  world	
  
!

docker	
  run	
  -­‐i	
  -­‐t	
  ubuntu	
  /bin/bash
Committing your
changes
docker	
  ps	
  -­‐l
docker	
  commit	
  ID	
  base/with_curl
Pushing an image to
the repository
docker	
  push	
  abtris/curl
docker	
  push	
  internal_repository:5000/curl
Image
Parent Image
Dockerfile Best Practices
•

Use the cache

•

Use tags

•

EXPOSE-ing ports

•

CMD and ENTRYPOINT syntax

•

CMD and ENTR...
Use the cache
FROM	
  ubuntu:latest	
  
MAINTAINER	
  Ladislav	
  Prskavec	
  
!

RUN	
  echo	
  "deb	
  http://archive.ub...
Use tags
!

docker	
  build	
  -­‐t="abtris/sentry"	
  .
EXPOSE-ing ports
!

#	
  private	
  and	
  public	
  mapping	
  
EXPOSE	
  80:8080	
  
!

#	
  private	
  only	
  
EXPOSE	...
CMD and ENTRYPOINT
!
!

CMD	
  /bin/echo	
  
#	
  or	
  
CMD	
  ["/bin/echo"]
CMD and ENTRYPOINT
better together
RUN	
  apt-­‐get	
  install	
  -­‐y	
  rethinkdb	
  

!
#	
  Rethinkdb	
  process	
  
E...
docker run crosbymichael/rethinkdb
Running	
  'rethinkdb'	
  will	
  create	
  a	
  new	
  data	
  directory	
  or	
  use	...
docker run crosbymichael/rethinkdb —bind all
info:	
  Running	
  rethinkdb	
  1.7.1-­‐0ubuntu1~precise	
  (GCC	
  4.6.3).....
git clone https://gist.github.com/abtris/7548643

docker build .
FROM	
  ubuntu:latest	
  
MAINTAINER	
  Ladislav	
  Prska...
Use raw Dockerfile
1. Cache wins.
2. Chef, ansible, etc, does not use cache.
3. Raw Dockerfile uses cache.
4. Raw Dockerfile ...
Links
•

If you have a docker container with the name CONTAINER
(specified by docker run -name CONTAINER) and in the
Docker...
Container Lifecycle
•

docker run - creates a container.

•

docker stop stops it.

•

docker start will start it again.

...
Container Info
•

docker ps shows running containers.

•

docker ps -a shows running and stopped containers.

•

docker in...
Import / Export

•

docker cp copies into a container.

•

docker export turns container fs into tarball.
Images Lifecycle
•

docker import creates an image from a tarball.

•

docker build creates image from Dockerfile.

•

dock...
Images Info
•

docker images shows all images

•

docker history shows history of image

•

docker tag tags an image to a ...
Registry & Repository
•

docker search searches registry for image

•

docker pull pulls an image from registry to local
m...
Good practices
•

Install a internal docker registry

•

Install Shipyard

•

Create base image

•

Build from your base i...
Install a internal docker
registry
Install an internal registry (the fast way) and run it as a
daemon:


•




docker	
  r...
Create base image
•

Create a Dockerfile with initialization code such as
`apt-get update / apt-get install’ etc: this is y...
Build from your base image

•

Build all of your other Dockerfile pull from “base”
instead of ubuntu.

•

Keep playing arou...
Push your images
Push all of your images into the internal registry.


•




docker	
  tag	
  IMAGE-­‐ID	
  abtris/apache
...
Save off your registry
If you need to blow away your Vagrant or set
someone else up, it’s much faster to do it with all
th...
Projects uses docker
http://opdemand.com/
http://deis.io/

http://coreos.com/
https://flynn.io/

https://github.com/progriu...
http://index.docker.io
https://index.docker.io/u/
abtris/devfest-2013/
http://shipyard-project.com/
docker.io
!

https://plus.google.com/u/1/
communities/108146856671494713993
demo files
https://github.com/abtris/devfest-20...
Docker.io
Docker.io
Docker.io
Docker.io
Docker.io
Docker.io
Docker.io
Upcoming SlideShare
Loading in...5
×

Docker.io

4,841

Published on

Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.

Published in: Technology
1 Comment
9 Likes
Statistics
Notes
No Downloads
Views
Total Views
4,841
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
40
Comments
1
Likes
9
Embeds 0
No embeds

No notes for slide

Docker.io

  1. 1. Ladislav Prskavec http://blog.prskavec.net @abtris 23.11.2013
  2. 2. docker 4 years CloudFlare packer SoundCloud Canonical's JuJu serf
  3. 3. What is docker?
  4. 4. an open source project to pack, ship and run any application as a lightweight container
  5. 5. Why container?
  6. 6. Analogy from logistics
  7. 7. build once, 
 run anywhere ~ developer
  8. 8. configure once, 
 run anything ~ operations
  9. 9. Containers are 
 to Virtual Machines 
 as threads are to processes. 
 Or you can think of them as chroots on steroids. ~ Will Sargent
  10. 10. What is container in docker? • Kernel namespaces (ipc, uts, mount, pid, network and user) • Chroots (using pivot_root) • Apparmor and SELinux profiles • Kernel capabilities • Control groups (cgroups) • AUFS or replacement in 0.7 version and later
  11. 11. Container A Container B Docker Engine HOST OS SERVER Container C
  12. 12. APP A Container A Container B Container C APP B APP C Guest OS Guest OS Guest OS Docker Engine Hypervisor HOST OS HOST OS SERVER SERVER
  13. 13. Basics
  14. 14. Installation
  15. 15. Finding and downloading images docker  search  ubuntu docker  pull  shykes/ubuntu
  16. 16. Running docker  run  ubuntu  /bin/echo  hello  world   ! docker  run  -­‐i  -­‐t  ubuntu  /bin/bash
  17. 17. Committing your changes docker  ps  -­‐l docker  commit  ID  base/with_curl
  18. 18. Pushing an image to the repository docker  push  abtris/curl docker  push  internal_repository:5000/curl
  19. 19. Image
  20. 20. Parent Image
  21. 21. Dockerfile Best Practices • Use the cache • Use tags • EXPOSE-ing ports • CMD and ENTRYPOINT syntax • CMD and ENTRYPOINT better together
  22. 22. Use the cache FROM  ubuntu:latest   MAINTAINER  Ladislav  Prskavec   ! RUN  echo  "deb  http://archive.ubuntu.com/ubuntu   precise  main  universe"  >  /etc/apt/sources.list   ! RUN  apt-­‐get  update     RUN  apt-­‐get  -­‐y  upgrade
  23. 23. Use tags ! docker  build  -­‐t="abtris/sentry"  .
  24. 24. EXPOSE-ing ports ! #  private  and  public  mapping   EXPOSE  80:8080   ! #  private  only   EXPOSE  80
  25. 25. CMD and ENTRYPOINT ! ! CMD  /bin/echo   #  or   CMD  ["/bin/echo"]
  26. 26. CMD and ENTRYPOINT better together RUN  apt-­‐get  install  -­‐y  rethinkdb   ! #  Rethinkdb  process   EXPOSE  28015   #  Rethinkdb  admin  console   EXPOSE  8080   ! #  Create  the  /rethinkdb_data  dir  structure   RUN  /usr/bin/rethinkdb  create   ! ENTRYPOINT  ["/usr/bin/rethinkdb"]   ! CMD  ["-­‐-­‐help"]
  27. 27. docker run crosbymichael/rethinkdb Running  'rethinkdb'  will  create  a  new  data  directory  or  use  an  existing  one,      and  serve  as  a  RethinkDB  cluster  node.   File  path  options:      -­‐d  [  -­‐-­‐directory  ]  path                      specify  directory  to  store  data  and  metadata      -­‐-­‐io-­‐threads  n                                        how  many  simultaneous  I/O  operations  can  happen                                                                          at  the  same  time   ! Machine  name  options:      -­‐n  [  -­‐-­‐machine-­‐name  ]  arg                  the  name  for  this  machine  (as  will  appear  in                                                                          the  metadata).    If  not  specified,  it  will  be                                                                          randomly  chosen  from  a  short  list  of  names.   ! Network  options:      -­‐-­‐bind  {all  |  addr}                              add  the  address  of  a  local  interface  to  listen                                                                          on  when  accepting  connections;  loopback                                                                          addresses  are  enabled  by  default      -­‐-­‐cluster-­‐port  port                              port  for  receiving  connections  from  other  nodes      -­‐-­‐driver-­‐port  port                                port  for  rethinkdb  protocol  client  drivers      -­‐o  [  -­‐-­‐port-­‐offset  ]  offset              all  ports  used  locally  will  have  this  value                                                                          added      -­‐j  [  -­‐-­‐join  ]  host:port                      host  and  port  of  a  rethinkdb  node  to  connect  to      .................
  28. 28. docker run crosbymichael/rethinkdb —bind all info:  Running  rethinkdb  1.7.1-­‐0ubuntu1~precise  (GCC  4.6.3)...   info:  Running  on  Linux  3.2.0-­‐45-­‐virtual  x86_64   info:  Loading  data  from  directory  /rethinkdb_data   warn:  Could  not  turn  off  filesystem  caching  for  database  file:  "/ rethinkdb_data/metadata"  (Is  the  file  located  on  a  filesystem   that  doesn't  support  direct  I/O  (e.g.  some  encrypted  or  journaled   file  systems)?)  This  can  cause  performance  problems.   warn:  Could  not  turn  off  filesystem  caching  for  database  file:  "/ rethinkdb_data/auth_metadata"  (Is  the  file  located  on  a   filesystem  that  doesn't  support  direct  I/O  (e.g.  some  encrypted   or  journaled  file  systems)?)  This  can  cause  performance  problems.   info:  Listening  for  intracluster  connections  on  port  29015   info:  Listening  for  client  driver  connections  on  port  28015   info:  Listening  for  administrative  HTTP  connections  on  port  8080   info:  Listening  on  addresses:  127.0.0.1,  172.16.42.13   info:  Server  ready   info:  Someone  asked  for  the  nonwhitelisted  file  /js/ handlebars.runtime-­‐1.0.0.beta.6.js,  if  this  should  be  accessible   add  it  to  the  whitelist.
  29. 29. git clone https://gist.github.com/abtris/7548643
 docker build . FROM  ubuntu:latest   MAINTAINER  Ladislav  Prskavec  <ladislav@prskavec.net>   RUN  apt-­‐get  update     RUN  apt-­‐get  -­‐y  upgrade   RUN  DEBIAN_FRONTEND=noninteractive  apt-­‐get  -­‐y  install   curl  apache2  libapache2-­‐mod-­‐php5  vim-­‐tiny     RUN  chown  -­‐R  www-­‐data:www-­‐data  /var/www/   EXPOSE  80   EXPOSE  22   CMD  ["/bin/bash"] Dockerfile
  30. 30. Use raw Dockerfile 1. Cache wins. 2. Chef, ansible, etc, does not use cache. 3. Raw Dockerfile uses cache. 4. Raw Dockerfile wins.
  31. 31. Links • If you have a docker container with the name CONTAINER (specified by docker run -name CONTAINER) and in the Dockerfile, it has an exposed port: 
 EXPOSE 1337 • docker run -d -link CONTAINER:ALIAS -name LINKED user/wordpress • CONTAINER will show up in LINKED with the following environment variables:
 $ALIAS_PORT_1337_TCP_PORT $ALIAS_PORT_1337_TCP_ADDR
  32. 32. Container Lifecycle • docker run - creates a container. • docker stop stops it. • docker start will start it again. • docker restart restarts a container. • docker rm deletes a container. • docker attach will connect to a running container. • docker wait blocks until container stops.
  33. 33. Container Info • docker ps shows running containers. • docker ps -a shows running and stopped containers. • docker inspect looks at all the info on a container (including IP address). • docker logs gets logs from container. • docker events gets events from container. • docker port shows public facing port of container. • docker top shows running processes in container.
  34. 34. Import / Export • docker cp copies into a container. • docker export turns container fs into tarball.
  35. 35. Images Lifecycle • docker import creates an image from a tarball. • docker build creates image from Dockerfile. • docker commit creates image from a container. • docker rmi removes an image. • docker insert inserts a file from URL into image
  36. 36. Images Info • docker images shows all images • docker history shows history of image • docker tag tags an image to a name (local or registry)
  37. 37. Registry & Repository • docker search searches registry for image • docker pull pulls an image from registry to local machine • docker push pushes an image to the registry from local machine.
  38. 38. Good practices • Install a internal docker registry • Install Shipyard • Create base image • Build from your base image • Push your images • Save off your registry
  39. 39. Install a internal docker registry Install an internal registry (the fast way) and run it as a daemon:
 • 
 docker  run  -­‐name  internal_registry  -­‐d  -­‐p   5000:5000  samalba/docker-­‐registry   • Alias server to localhost
 echo  "127.0.0.1            internal_registry"  >>  /etc/ host   • Check internal_registry exists and is running on port 5000:
 curl  -­‐-­‐get  -­‐-­‐verbose  http://internal_registry:5000/v1/ _ping
  40. 40. Create base image • Create a Dockerfile with initialization code such as `apt-get update / apt-get install’ etc: this is your base. • Build your base image, then push it to the internal registry with 
 
 docker  build  -­‐t  internal_registry:5000/ base  .
  41. 41. Build from your base image • Build all of your other Dockerfile pull from “base” instead of ubuntu. • Keep playing around until you have your images working.
  42. 42. Push your images Push all of your images into the internal registry.
 • 
 docker  tag  IMAGE-­‐ID  abtris/apache
 
 docker  push  internal_registry:5000/apache
  43. 43. Save off your registry If you need to blow away your Vagrant or set someone else up, it’s much faster to do it with all the images still intact:
 • 
 docker  export  internal_registry  >   internal_registry.tar
 
 gzip  internal_registry.tar
 
 mv  internal_registry.tar.gz  /vagrant
  44. 44. Projects uses docker http://opdemand.com/ http://deis.io/ http://coreos.com/ https://flynn.io/ https://github.com/progrium/dokku
  45. 45. http://index.docker.io
  46. 46. https://index.docker.io/u/ abtris/devfest-2013/
  47. 47. http://shipyard-project.com/
  48. 48. docker.io ! https://plus.google.com/u/1/ communities/108146856671494713993 demo files https://github.com/abtris/devfest-2013 docker cheat sheet https://gist.github.com/wsargent/7049221 docker sources http://bit.ly/dockersources
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×