Automate drupal deployments with linux containers, docker and vagrant

  • 7,535 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
7,535
On Slideshare
0
From Embeds
0
Number of Embeds
9

Actions

Shares
Downloads
76
Comments
0
Likes
6

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Automate Drupal deployments with Linux Containers, Vagrant and Docker An overview of deployment strategies @ricardoamaro
  • 2. Free/Opensource software lover Senior Cloud Engineer @Acquia Drupal.org infrastructure/devops Drupalist & Linux enthusiast Father, artist, community facilitator @ricardoamaro About me
  • 3. Vicente e Dália About us
  • 4. 1. The sad VirtualMachine story 2. Containers and non-containers 3. Drupal on LXC 4. How to Puppetize a container 5. Docker & LXC 6. Shipping containers with Drupal today’s agenda
  • 5. Hardware virtualization or platform virtualization refers to the creation of a virtual machine that acts like a real computer with an operating system. Software executed on these virtual machines is separated from the underlying hardware resources. What is virtualization?
  • 6. Cloud infrastructure providers like Amazon Web Service sell virtual machines. EC2 revenue is expected to surpass $1B in revenue this year. That's a lot of VMs… Why should i care? Increase + efficiency + availability + security Reduce - costs - hardware - energy
  • 7. Virtual Machine platforms
  • 8. ➢ We are also paying for lot of avoidable overhead. ➢ The Virtual Machine is a full-blown operating system image. ➢ This is a heavyweight solution to run applications in the cloud. The sad Virtual Machine story...
  • 9. What is the solution?
  • 10. Containers used to be terrible, but not anymoreContainers used to be terrible, but not anymore A new concept, a new hope
  • 11. Because LXC is ready to roll!
  • 12. On any recent Linux Kernel near you!
  • 13. Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud Virtual Machines vs Containers Virtualization and paravirtualization require a full operating system image for each instance.
  • 14. Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud Virtual Machines vs Containers Containers can share a single Linux Kernel and, optionally, other binary and library resources.
  • 15. The time to provision Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud
  • 16. mount /dev/sda /target chroot /target but that had no resource and security isolation goals for multi-tenant designs... From the simple concept of “chroot” source: http://openvz.org
  • 17. Cpu Devices Processes Memory Disk space Network Whatifyoucouldcontrol...
  • 18. Openvz & LXC Need control over specific host resources cgroups Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour. ~$ ls /sys/fs/cgroup blkio cpu cpuacct cpuset devices freezer hugetlb memory perf_event example: lxc-cgroup -n foo cpuset.cpus "0,3" Containers & Cgroups https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
  • 19. ricardo@ricardo-box:~$ sudo lxc-checkconfig Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.8.0-26-generic --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: missing Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig LXC on Ubuntu
  • 20. Since Ubuntu 12.04, containers are constrained by apparmor by default - /usr/bin/lxc-start is automatically transitioned to its own profile, where it is only allowed to mount into the container’s tree. - The default policy attempts to protect the host from accidental container abuses – such as writing to /proc/sysrq- trigger and /proc/mem, - Each container configuration can specify a custom profile. On Ubuntu 13.04 - We are able to exploit user namespaces and support stacked apparmor profiles - Apport hooks for better debug support, - Greater scriptability by providing a liblxc api. By 14.04 User namespace should support container use by unprivileged users. Other resources: http://www.ibm.com/developerworks/linux/library/l-lxc-security/index.html https://wiki.ubuntu.com/LxcSecurity http://wiki.ubuntu.com/UserNamespace LXC Security with Apparmor
  • 21. Wait… I don’t have to use heavy virtualboxes? Let’s start with Vagrant and puppetize it! You just need that guy
  • 22. You will get: 1. Drupal (latest version) 2. Nginx 3. Php + php-fpm 4. Mysql 5. Phpmyadmin 6. xhprof 7. xdebug 8. composer https://github.com/ricardoamaro/drupal-lxc-vagrant-docker My contribution to Drupal Containers
  • 23. Install latest Vagrant from: http://downloads.vagrantup.com/tags/v1.2.7 or later. Install lxc + redir. sudo dpkg -i vagrant_1.2.7_x86_64.deb sudo apt-get install lxc redir Vagrant LXC (demo) - Install
  • 24. Get the code from: https://github.com/ricardoamaro/drupal-lxc-vagrant-docker git clone git@github.com:ricardoamaro/drupal-lxc-vagrant-docker. git cd ~/drupal-lxc-vagrant-docker 1 - Clone the code
  • 25. vagrant plugin install vagrant-lxc vagrant up --provider=lxc sudo lxc-ls --fancy # redirect port 80 to the host sudo redir --lport=80 --cport=80 --caddr={container ip} & # and/or edit the /etc/hosts file with: ${IP} drupal phpmyadmin xhprof 2 - Get the plugin & deploy
  • 26. Now… I have to buildthis every time?
  • 27. use Docker
  • 28. Docker Who??
  • 29. this Docker and ship them has containers
  • 30. Ship containers? Build Once, Run Anywhere
  • 31. Install docker: sudo apt-get -y install docker curl get.docker.io | sudo sh -x Import container to docker: sudo tar -C /var/lib/lxc/{container name}/rootfs/ -c . | sudo docker import - dev/drupal Start docker: sudo docker run -i -t -p :80 dev/drupal /bin/bash The image is already pushed to https://index.docker.io, and can be pulled using: sudo docker pull ricardoamaro/drupal You can ship your image into a Docker container
  • 32. https://github.com/ricardoamaro/docker-drupal https://github.com/ricardoamaro/docker-drupal-nginx Or... build it the Docker way:
  • 33. the Commands: attach Attach to a running container commit Create a new image from a container's changes diff Inspect changes on a container's filesystem export Stream the contents of a container as a tar archive history Show the history of an image images List images import Create a new filesystem image from the contents of a tarball info Display system-wide information inspect Return low-level information on a container kill Kill a running container login Register or Login to the docker registry server logs Fetch the logs of a container port Lookup the public-facing port which is NAT-ed to PRIVATE_PORT ps List containers pull Pull an image or a repository to the docker registry server push Push an image or a repository to the docker registry server restart Restart a running container rm Remove a container rmi Remove an image run Run a command in a new container start Start a stopped container stop Stop a running container tag Tag an image into a repository version Show the docker version information wait Block until a container stops, then print its exit code The docker is awesome! the Api http://docs.docker.io/en/latest/api/registry_index_spec/ the Registry http://docs.docker.io/en/latest/api/index_api/
  • 34. Docker on Docker (v0.6)
  • 35. Container layers to be used for hosting applications Continuous Deployments & Development
  • 36. Changes to the container can be committed to the central index or rolled back Just commit the good apples
  • 37. Openstack and Docker... The future has a bonus extra: http://blog.docker.io/2013/06/openstack-docker-manage-linux-containers-with-nova/ https://wiki.openstack.org/wiki/Docker
  • 38. “Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc.” And it supports Docker containers! This project is open-source and available at: https://github.com/dotcloud/openstack-docker. ...with the Nova driver
  • 39. Develop the box in layers Use only one Linux Kernel Deploy quickly Build Once, Run Anywhere Awesomeness!
  • 40. @ricardoamaro Questions? Locate this session at the DrupalCon Prague website: https://prague2013.drupal.org/node/388 Click the “Take the survey” link
  • 41. THANK YOU! @ricardoamaro Locate this session at the DrupalCon Prague website: https://prague2013.drupal.org/node/388 Click the “Take the survey” link