0
Automate Drupal deployments with
Linux Containers, Vagrant and Docker
An overview of deployment strategies
@ricardoamaro
Free/Opensource software lover
Senior Cloud Engineer @Acquia
Drupal.org infrastructure/devops
Drupalist & Linux enthusiast...
Vicente e Dália
About us
1. The sad VirtualMachine story
2. Containers and non-containers
3. Drupal on LXC
4. How to Puppetize a container
5. Docke...
Hardware virtualization or platform
virtualization refers to the creation of a
virtual machine that acts like a real
compu...
Cloud infrastructure providers like Amazon Web Service sell virtual
machines. EC2 revenue is expected to surpass $1B in re...
Virtual Machine platforms
➢ We are also paying for lot of
avoidable overhead.
➢ The Virtual Machine is a full-blown
operating system image.
➢ This i...
What is the solution?
Containers used to be terrible, but not anymoreContainers used to be terrible, but not anymore
A new concept, a new hope
Because LXC is ready to roll!
On any recent Linux Kernel near you!
Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud
Virtual Mach...
Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud
Virtual Mach...
The time to provision
Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-fut...
mount /dev/sda /target
chroot /target
but that had no resource and security isolation goals
for multi-tenant designs...
Fr...
Cpu
Devices
Processes
Memory
Disk space
Network
Whatifyoucouldcontrol...
Openvz & LXC
Need
control
over
specific
host
resources
cgroups
Control Groups provide a mechanism for aggregating/partitio...
ricardo@ricardo-box:~$ sudo lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configu...
Since Ubuntu 12.04, containers are constrained by apparmor by default
- /usr/bin/lxc-start is automatically transitioned t...
Wait…
I don’t have to use
heavy virtualboxes?
Let’s start with Vagrant
and puppetize it!
You just need that guy
You will get:
1. Drupal (latest version)
2. Nginx
3. Php + php-fpm
4. Mysql
5. Phpmyadmin
6. xhprof
7. xdebug
8. composer
...
Install latest Vagrant from: http://downloads.vagrantup.com/tags/v1.2.7 or later.
Install lxc + redir.
sudo dpkg -i vagran...
Get the code from:
https://github.com/ricardoamaro/drupal-lxc-vagrant-docker
git clone git@github.com:ricardoamaro/drupal-...
vagrant plugin install vagrant-lxc
vagrant up --provider=lxc
sudo lxc-ls --fancy
# redirect port 80 to the host
sudo redir...
Now…
I have to
buildthis
every time?
use Docker
Docker Who??
this Docker
and ship them has containers
Ship containers? Build Once, Run Anywhere
Install docker:
sudo apt-get -y install docker
curl get.docker.io | sudo sh -x
Import container to docker:
sudo tar -C /va...
https://github.com/ricardoamaro/docker-drupal
https://github.com/ricardoamaro/docker-drupal-nginx
Or... build it the Docke...
the Commands:
attach Attach to a running container
commit Create a new image from a container's changes
diff Inspect chang...
Docker on Docker (v0.6)
Container layers to be used for hosting applications
Continuous Deployments & Development
Changes to the container can be committed
to the central index or rolled back
Just commit the good apples
Openstack and Docker...
The future has a bonus extra:
http://blog.docker.io/2013/06/openstack-docker-manage-linux-containe...
“Nova is intended to be modular and easy to extend and adapt. It supports many
different hypervisors (KVM and Xen to name ...
Develop the box in layers
Use only one Linux Kernel
Deploy quickly
Build Once, Run Anywhere
Awesomeness!
@ricardoamaro
Questions?
Locate this session at the DrupalCon Prague website:
https://prague2013.drupal.org/node/388
Click...
THANK YOU!
@ricardoamaro
Locate this session at the DrupalCon Prague website:
https://prague2013.drupal.org/node/388
Click...
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant
Upcoming SlideShare
Loading in...5
×

Automate drupal deployments with linux containers, docker and vagrant

8,239

Published on

Published in: Technology

Transcript of "Automate drupal deployments with linux containers, docker and vagrant "

  1. 1. Automate Drupal deployments with Linux Containers, Vagrant and Docker An overview of deployment strategies @ricardoamaro
  2. 2. Free/Opensource software lover Senior Cloud Engineer @Acquia Drupal.org infrastructure/devops Drupalist & Linux enthusiast Father, artist, community facilitator @ricardoamaro About me
  3. 3. Vicente e Dália About us
  4. 4. 1. The sad VirtualMachine story 2. Containers and non-containers 3. Drupal on LXC 4. How to Puppetize a container 5. Docker & LXC 6. Shipping containers with Drupal today’s agenda
  5. 5. Hardware virtualization or platform virtualization refers to the creation of a virtual machine that acts like a real computer with an operating system. Software executed on these virtual machines is separated from the underlying hardware resources. What is virtualization?
  6. 6. Cloud infrastructure providers like Amazon Web Service sell virtual machines. EC2 revenue is expected to surpass $1B in revenue this year. That's a lot of VMs… Why should i care? Increase + efficiency + availability + security Reduce - costs - hardware - energy
  7. 7. Virtual Machine platforms
  8. 8. ➢ We are also paying for lot of avoidable overhead. ➢ The Virtual Machine is a full-blown operating system image. ➢ This is a heavyweight solution to run applications in the cloud. The sad Virtual Machine story...
  9. 9. What is the solution?
  10. 10. Containers used to be terrible, but not anymoreContainers used to be terrible, but not anymore A new concept, a new hope
  11. 11. Because LXC is ready to roll!
  12. 12. On any recent Linux Kernel near you!
  13. 13. Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud Virtual Machines vs Containers Virtualization and paravirtualization require a full operating system image for each instance.
  14. 14. Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud Virtual Machines vs Containers Containers can share a single Linux Kernel and, optionally, other binary and library resources.
  15. 15. The time to provision Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud
  16. 16. mount /dev/sda /target chroot /target but that had no resource and security isolation goals for multi-tenant designs... From the simple concept of “chroot” source: http://openvz.org
  17. 17. Cpu Devices Processes Memory Disk space Network Whatifyoucouldcontrol...
  18. 18. Openvz & LXC Need control over specific host resources cgroups Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour. ~$ ls /sys/fs/cgroup blkio cpu cpuacct cpuset devices freezer hugetlb memory perf_event example: lxc-cgroup -n foo cpuset.cpus "0,3" Containers & Cgroups https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
  19. 19. ricardo@ricardo-box:~$ sudo lxc-checkconfig Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.8.0-26-generic --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: missing Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig LXC on Ubuntu
  20. 20. Since Ubuntu 12.04, containers are constrained by apparmor by default - /usr/bin/lxc-start is automatically transitioned to its own profile, where it is only allowed to mount into the container’s tree. - The default policy attempts to protect the host from accidental container abuses – such as writing to /proc/sysrq- trigger and /proc/mem, - Each container configuration can specify a custom profile. On Ubuntu 13.04 - We are able to exploit user namespaces and support stacked apparmor profiles - Apport hooks for better debug support, - Greater scriptability by providing a liblxc api. By 14.04 User namespace should support container use by unprivileged users. Other resources: http://www.ibm.com/developerworks/linux/library/l-lxc-security/index.html https://wiki.ubuntu.com/LxcSecurity http://wiki.ubuntu.com/UserNamespace LXC Security with Apparmor
  21. 21. Wait… I don’t have to use heavy virtualboxes? Let’s start with Vagrant and puppetize it! You just need that guy
  22. 22. You will get: 1. Drupal (latest version) 2. Nginx 3. Php + php-fpm 4. Mysql 5. Phpmyadmin 6. xhprof 7. xdebug 8. composer https://github.com/ricardoamaro/drupal-lxc-vagrant-docker My contribution to Drupal Containers
  23. 23. Install latest Vagrant from: http://downloads.vagrantup.com/tags/v1.2.7 or later. Install lxc + redir. sudo dpkg -i vagrant_1.2.7_x86_64.deb sudo apt-get install lxc redir Vagrant LXC (demo) - Install
  24. 24. Get the code from: https://github.com/ricardoamaro/drupal-lxc-vagrant-docker git clone git@github.com:ricardoamaro/drupal-lxc-vagrant-docker. git cd ~/drupal-lxc-vagrant-docker 1 - Clone the code
  25. 25. vagrant plugin install vagrant-lxc vagrant up --provider=lxc sudo lxc-ls --fancy # redirect port 80 to the host sudo redir --lport=80 --cport=80 --caddr={container ip} & # and/or edit the /etc/hosts file with: ${IP} drupal phpmyadmin xhprof 2 - Get the plugin & deploy
  26. 26. Now… I have to buildthis every time?
  27. 27. use Docker
  28. 28. Docker Who??
  29. 29. this Docker and ship them has containers
  30. 30. Ship containers? Build Once, Run Anywhere
  31. 31. Install docker: sudo apt-get -y install docker curl get.docker.io | sudo sh -x Import container to docker: sudo tar -C /var/lib/lxc/{container name}/rootfs/ -c . | sudo docker import - dev/drupal Start docker: sudo docker run -i -t -p :80 dev/drupal /bin/bash The image is already pushed to https://index.docker.io, and can be pulled using: sudo docker pull ricardoamaro/drupal You can ship your image into a Docker container
  32. 32. https://github.com/ricardoamaro/docker-drupal https://github.com/ricardoamaro/docker-drupal-nginx Or... build it the Docker way:
  33. 33. the Commands: attach Attach to a running container commit Create a new image from a container's changes diff Inspect changes on a container's filesystem export Stream the contents of a container as a tar archive history Show the history of an image images List images import Create a new filesystem image from the contents of a tarball info Display system-wide information inspect Return low-level information on a container kill Kill a running container login Register or Login to the docker registry server logs Fetch the logs of a container port Lookup the public-facing port which is NAT-ed to PRIVATE_PORT ps List containers pull Pull an image or a repository to the docker registry server push Push an image or a repository to the docker registry server restart Restart a running container rm Remove a container rmi Remove an image run Run a command in a new container start Start a stopped container stop Stop a running container tag Tag an image into a repository version Show the docker version information wait Block until a container stops, then print its exit code The docker is awesome! the Api http://docs.docker.io/en/latest/api/registry_index_spec/ the Registry http://docs.docker.io/en/latest/api/index_api/
  34. 34. Docker on Docker (v0.6)
  35. 35. Container layers to be used for hosting applications Continuous Deployments & Development
  36. 36. Changes to the container can be committed to the central index or rolled back Just commit the good apples
  37. 37. Openstack and Docker... The future has a bonus extra: http://blog.docker.io/2013/06/openstack-docker-manage-linux-containers-with-nova/ https://wiki.openstack.org/wiki/Docker
  38. 38. “Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc.” And it supports Docker containers! This project is open-source and available at: https://github.com/dotcloud/openstack-docker. ...with the Nova driver
  39. 39. Develop the box in layers Use only one Linux Kernel Deploy quickly Build Once, Run Anywhere Awesomeness!
  40. 40. @ricardoamaro Questions? Locate this session at the DrupalCon Prague website: https://prague2013.drupal.org/node/388 Click the “Take the survey” link
  41. 41. THANK YOU! @ricardoamaro Locate this session at the DrupalCon Prague website: https://prague2013.drupal.org/node/388 Click the “Take the survey” link
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×