Automate drupal deployments with linux containers, docker and vagrant
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Automate drupal deployments with linux containers, docker and vagrant

  • 7,849 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
7,849
On Slideshare
5,556
From Embeds
2,293
Number of Embeds
9

Actions

Shares
Downloads
75
Comments
0
Likes
6

Embeds 2,293

http://www.scoop.it 2,253
http://plus.url.google.com 26
https://twitter.com 5
http://posts.docker.com 4
http://www.linkedin.com 1
https://duckduckgo.com 1
https://tweetdeck.twitter.com 1
http://webcache.googleusercontent.com 1
https://www.linkedin.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Automate Drupal deployments with Linux Containers, Vagrant and Docker An overview of deployment strategies @ricardoamaro
  • 2. Free/Opensource software lover Senior Cloud Engineer @Acquia Drupal.org infrastructure/devops Drupalist & Linux enthusiast Father, artist, community facilitator @ricardoamaro About me
  • 3. Vicente e Dália About us
  • 4. 1. The sad VirtualMachine story 2. Containers and non-containers 3. Drupal on LXC 4. How to Puppetize a container 5. Docker & LXC 6. Shipping containers with Drupal today’s agenda
  • 5. Hardware virtualization or platform virtualization refers to the creation of a virtual machine that acts like a real computer with an operating system. Software executed on these virtual machines is separated from the underlying hardware resources. What is virtualization?
  • 6. Cloud infrastructure providers like Amazon Web Service sell virtual machines. EC2 revenue is expected to surpass $1B in revenue this year. That's a lot of VMs… Why should i care? Increase + efficiency + availability + security Reduce - costs - hardware - energy
  • 7. Virtual Machine platforms
  • 8. ➢ We are also paying for lot of avoidable overhead. ➢ The Virtual Machine is a full-blown operating system image. ➢ This is a heavyweight solution to run applications in the cloud. The sad Virtual Machine story...
  • 9. What is the solution?
  • 10. Containers used to be terrible, but not anymoreContainers used to be terrible, but not anymore A new concept, a new hope
  • 11. Because LXC is ready to roll!
  • 12. On any recent Linux Kernel near you!
  • 13. Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud Virtual Machines vs Containers Virtualization and paravirtualization require a full operating system image for each instance.
  • 14. Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud Virtual Machines vs Containers Containers can share a single Linux Kernel and, optionally, other binary and library resources.
  • 15. The time to provision Source : http://www.linuxjournal.com/content/containers%E2%80%94not-virtual-machines%E2%80%94are-future-cloud
  • 16. mount /dev/sda /target chroot /target but that had no resource and security isolation goals for multi-tenant designs... From the simple concept of “chroot” source: http://openvz.org
  • 17. Cpu Devices Processes Memory Disk space Network Whatifyoucouldcontrol...
  • 18. Openvz & LXC Need control over specific host resources cgroups Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behaviour. ~$ ls /sys/fs/cgroup blkio cpu cpuacct cpuset devices freezer hugetlb memory perf_event example: lxc-cgroup -n foo cpuset.cpus "0,3" Containers & Cgroups https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
  • 19. ricardo@ricardo-box:~$ sudo lxc-checkconfig Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.8.0-26-generic --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: missing Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig LXC on Ubuntu
  • 20. Since Ubuntu 12.04, containers are constrained by apparmor by default - /usr/bin/lxc-start is automatically transitioned to its own profile, where it is only allowed to mount into the container’s tree. - The default policy attempts to protect the host from accidental container abuses – such as writing to /proc/sysrq- trigger and /proc/mem, - Each container configuration can specify a custom profile. On Ubuntu 13.04 - We are able to exploit user namespaces and support stacked apparmor profiles - Apport hooks for better debug support, - Greater scriptability by providing a liblxc api. By 14.04 User namespace should support container use by unprivileged users. Other resources: http://www.ibm.com/developerworks/linux/library/l-lxc-security/index.html https://wiki.ubuntu.com/LxcSecurity http://wiki.ubuntu.com/UserNamespace LXC Security with Apparmor
  • 21. Wait… I don’t have to use heavy virtualboxes? Let’s start with Vagrant and puppetize it! You just need that guy
  • 22. You will get: 1. Drupal (latest version) 2. Nginx 3. Php + php-fpm 4. Mysql 5. Phpmyadmin 6. xhprof 7. xdebug 8. composer https://github.com/ricardoamaro/drupal-lxc-vagrant-docker My contribution to Drupal Containers
  • 23. Install latest Vagrant from: http://downloads.vagrantup.com/tags/v1.2.7 or later. Install lxc + redir. sudo dpkg -i vagrant_1.2.7_x86_64.deb sudo apt-get install lxc redir Vagrant LXC (demo) - Install
  • 24. Get the code from: https://github.com/ricardoamaro/drupal-lxc-vagrant-docker git clone git@github.com:ricardoamaro/drupal-lxc-vagrant-docker. git cd ~/drupal-lxc-vagrant-docker 1 - Clone the code
  • 25. vagrant plugin install vagrant-lxc vagrant up --provider=lxc sudo lxc-ls --fancy # redirect port 80 to the host sudo redir --lport=80 --cport=80 --caddr={container ip} & # and/or edit the /etc/hosts file with: ${IP} drupal phpmyadmin xhprof 2 - Get the plugin & deploy
  • 26. Now… I have to buildthis every time?
  • 27. use Docker
  • 28. Docker Who??
  • 29. this Docker and ship them has containers
  • 30. Ship containers? Build Once, Run Anywhere
  • 31. Install docker: sudo apt-get -y install docker curl get.docker.io | sudo sh -x Import container to docker: sudo tar -C /var/lib/lxc/{container name}/rootfs/ -c . | sudo docker import - dev/drupal Start docker: sudo docker run -i -t -p :80 dev/drupal /bin/bash The image is already pushed to https://index.docker.io, and can be pulled using: sudo docker pull ricardoamaro/drupal You can ship your image into a Docker container
  • 32. https://github.com/ricardoamaro/docker-drupal https://github.com/ricardoamaro/docker-drupal-nginx Or... build it the Docker way:
  • 33. the Commands: attach Attach to a running container commit Create a new image from a container's changes diff Inspect changes on a container's filesystem export Stream the contents of a container as a tar archive history Show the history of an image images List images import Create a new filesystem image from the contents of a tarball info Display system-wide information inspect Return low-level information on a container kill Kill a running container login Register or Login to the docker registry server logs Fetch the logs of a container port Lookup the public-facing port which is NAT-ed to PRIVATE_PORT ps List containers pull Pull an image or a repository to the docker registry server push Push an image or a repository to the docker registry server restart Restart a running container rm Remove a container rmi Remove an image run Run a command in a new container start Start a stopped container stop Stop a running container tag Tag an image into a repository version Show the docker version information wait Block until a container stops, then print its exit code The docker is awesome! the Api http://docs.docker.io/en/latest/api/registry_index_spec/ the Registry http://docs.docker.io/en/latest/api/index_api/
  • 34. Docker on Docker (v0.6)
  • 35. Container layers to be used for hosting applications Continuous Deployments & Development
  • 36. Changes to the container can be committed to the central index or rolled back Just commit the good apples
  • 37. Openstack and Docker... The future has a bonus extra: http://blog.docker.io/2013/06/openstack-docker-manage-linux-containers-with-nova/ https://wiki.openstack.org/wiki/Docker
  • 38. “Nova is intended to be modular and easy to extend and adapt. It supports many different hypervisors (KVM and Xen to name a few), different database backends (SQLite, MySQL, and PostgreSQL, for instance), different types of user databases (LDAP or SQL), etc.” And it supports Docker containers! This project is open-source and available at: https://github.com/dotcloud/openstack-docker. ...with the Nova driver
  • 39. Develop the box in layers Use only one Linux Kernel Deploy quickly Build Once, Run Anywhere Awesomeness!
  • 40. @ricardoamaro Questions? Locate this session at the DrupalCon Prague website: https://prague2013.drupal.org/node/388 Click the “Take the survey” link
  • 41. THANK YOU! @ricardoamaro Locate this session at the DrupalCon Prague website: https://prague2013.drupal.org/node/388 Click the “Take the survey” link