Automate drupal deployments with linux containers, docker and vagrant


Published on

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Automate drupal deployments with linux containers, docker and vagrant

  1. 1. Automate Drupal deployments with Linux Containers, Vagrant and Docker An overview of deployment strategies @ricardoamaro
  2. 2. Free/Opensource software lover Senior Cloud Engineer @Acquia infrastructure/devops Drupalist & Linux enthusiast Father, artist, community facilitator @ricardoamaro About me
  3. 3. Vicente e Dália About us
  4. 4. 1. The sad VirtualMachine story 2. Containers and non-containers 3. Drupal on LXC 4. How to Puppetize a container 5. Docker & LXC 6. Shipping containers with Drupal today’s agenda
  5. 5. Hardware virtualization or platform virtualization refers to the creation of a virtual machine that acts like a real computer with an operating system. Software executed on these virtual machines is separated from the underlying hardware resources. What is virtualization?
  6. 6. Cloud infrastructure providers like Amazon Web Service sell virtual machines. EC2 revenue is expected to surpass $1B in revenue this year. That's a lot of VMs… Why should i care? Increase + efficiency + availability + security Reduce - costs - hardware - energy
  7. 7. Virtual Machine platforms
  8. 8. ➢ We are also paying for lot of avoidable overhead. ➢ The Virtual Machine is a full-blown operating system image. ➢ This is a heavyweight solution to run applications in the cloud. The sad Virtual Machine story...
  9. 9. What is the solution?
  10. 10. Containers used to be terrible, but not anymoreContainers used to be terrible, but not anymore A new concept, a new hope
  11. 11. Because LXC is ready to roll!
  12. 12. On any recent Linux Kernel near you!
  13. 13. Source : Virtual Machines vs Containers Virtualization and paravirtualization require a full operating system image for each instance.
  14. 14. Source : Virtual Machines vs Containers Containers can share a single Linux Kernel and, optionally, other binary and library resources.
  15. 15. The time to provision Source :
  16. 16. mount /dev/sda /target chroot /target but that had no resource and security isolation goals for multi-tenant designs... From the simple concept of “chroot” source:
  17. 17. Cpu Devices Processes Memory Disk space Network Whatifyoucouldcontrol...
  18. 18. Openvz & LXC Need control over specific host resources cgroups Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour. ~$ ls /sys/fs/cgroup blkio cpu cpuacct cpuset devices freezer hugetlb memory perf_event example: lxc-cgroup -n foo cpuset.cpus "0,3" Containers & Cgroups
  19. 19. ricardo@ricardo-box:~$ sudo lxc-checkconfig Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.8.0-26-generic --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: missing Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig LXC on Ubuntu
  20. 20. Since Ubuntu 12.04, containers are constrained by apparmor by default - /usr/bin/lxc-start is automatically transitioned to its own profile, where it is only allowed to mount into the container’s tree. - The default policy attempts to protect the host from accidental container abuses – such as writing to /proc/sysrq- trigger and /proc/mem, - Each container configuration can specify a custom profile. On Ubuntu 13.04 - We are able to exploit user namespaces and support stacked apparmor profiles - Apport hooks for better debug support, - Greater scriptability by providing a liblxc api. By 14.04 User namespace should support container use by unprivileged users. Other resources: LXC Security with Apparmor
  21. 21. Wait… I don’t have to use heavy virtualboxes? Let’s start with Vagrant and puppetize it! You just need that guy
  22. 22. You will get: 1. Drupal (latest version) 2. Nginx 3. Php + php-fpm 4. Mysql 5. Phpmyadmin 6. xhprof 7. xdebug 8. composer My contribution to Drupal Containers
  23. 23. Install latest Vagrant from: or later. Install lxc + redir. sudo dpkg -i vagrant_1.2.7_x86_64.deb sudo apt-get install lxc redir Vagrant LXC (demo) - Install
  24. 24. Get the code from: git clone git cd ~/drupal-lxc-vagrant-docker 1 - Clone the code
  25. 25. vagrant plugin install vagrant-lxc vagrant up --provider=lxc sudo lxc-ls --fancy # redirect port 80 to the host sudo redir --lport=80 --cport=80 --caddr={container ip} & # and/or edit the /etc/hosts file with: ${IP} drupal phpmyadmin xhprof 2 - Get the plugin & deploy
  26. 26. Now… I have to buildthis every time?
  27. 27. use Docker
  28. 28. Docker Who??
  29. 29. this Docker and ship them has containers
  30. 30. Ship containers? Build Once, Run Anywhere
  31. 31. Install docker: sudo apt-get -y install docker curl | sudo sh -x Import container to docker: sudo tar -C /var/lib/lxc/{container name}/rootfs/ -c . | sudo docker import - dev/drupal Start docker: sudo docker run -i -t -p :80 dev/drupal /bin/bash The image is already pushed to, and can be pulled using: sudo docker pull ricardoamaro/drupal You can ship your image into a Docker container
  32. 32. Or... build it the Docker way:
  33. 33. the Commands: attach Attach to a running container commit Create a new image from a container's changes diff Inspect changes on a container's filesystem export Stream the contents of a container as a tar archive history Show the history of an image images List images import Create a new filesystem image from the contents of a tarball info Display system-wide information inspect Return low-level information on a container kill Kill a running container login Register or Login to the docker registry server logs Fetch the logs of a container port Lookup the public-facing port which is NAT-ed to PRIVATE_PORT ps List containers pull Pull an image or a repository to the docker registry server push Push an image or a repository to the docker registry server restart Restart a running container rm Remove a container rmi Remove an image run Run a command in a new container start Start a stopped container stop Stop a running container tag Tag an image into a repository version Show the docker version information wait Block until a container stops, then print its exit code The docker is awesome! the Api the Registry
  34. 34. Docker on Docker (v0.6)
  35. 35. Container layers to be used for hosting applications Continuous Deployments & Development
  36. 36. Changes to the container can be committed to the central index or rolled back Just commit the good apples
  37. 37. Openstack and Docker... The future has a bonus extra:
  38. 38. “Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc.” And it supports Docker containers! This project is open-source and available at: ...with the Nova driver
  39. 39. Develop the box in layers Use only one Linux Kernel Deploy quickly Build Once, Run Anywhere Awesomeness!
  40. 40. @ricardoamaro Questions? Locate this session at the DrupalCon Prague website: Click the “Take the survey” link
  41. 41. THANK YOU! @ricardoamaro Locate this session at the DrupalCon Prague website: Click the “Take the survey” link