SlideShare a Scribd company logo
1 of 31
Download to read offline
Docker 
Introduction / Ansible
About Me 
2 
• Have worked 
• Iteration through L1/2/3 SysOps 
• Mostly german automotive sector 
• 01/2013 -> 10/2014 R&D @Bull SAS 
• Now 
• independent R&D / Freelancing 
• DevOps Eng. at Locafox (scale online) 
• Hot topics 
• Containerization 
• Log / Performance Management 
• GO-Lang 
• HPC Cluster Software Stack / Interconnect
Docker in a (Coco-)Nutshell 
• (chroot)2 != Virtual Machine 
3
Traditional vs. Lightweight 
Layers 
4 
SERVICE SERVICE SERVICE 
InitSystem InitSystem InitSystem 
Userland (OS) Userland (OS) Userland (OS) 
KERNEL KERNEL 
HYPERVISOR 
InitSystem 
HOST KERNEL 
SERVER 
KERNEL 
Userland (OS) 
SERVICE 
SERVICE SERVICE 
Userland (OS) Userland (OS) Userland (OS) 
InitSystem 
Userland (OS) 
HOST KERNEL 
SERVER 
Traditional Virtualisation Docker Containerisation
Docker in a (Coco-)Nutshell 
• (chroot)2 != Virtual Machine 
• Builds on-top LinuX Containers (LXC) 
• Kernel namespaces (isolation) 
5
Process Namespace 
6 
$ docker run -ti --rm ubuntu:14.04 ps -ef 
UID PID PPID C STIME TTY TIME CMD 
root 1 0 0 10:24 ? 00:00:00 ps -ef 
$ 
Containers are not able to see processes 
outside of their scope.
Network Namespace 
7 
$ docker run -ti --rm ubuntu:14.04 ip -4 -o addr 
1: lo inet 127.0.0.1/8 scope host lo 
10: eth0 inet 172.17.0.4/16 scope global eth0 
$ 
Each container got it’s own network stack 
(by default, configureable).
Namespace 
• Mount (do not mess with other file systems) 
• User (users are only valid within one container) 
• IPC (Interprocess communication only within) 
• UTS (hostname / domain name is unique) 
8
Docker in a (Coco-)Nutshell 
9 
• (chroot)2 != Virtual Machine 
• Builds on-top LinuX Containers (LXC) 
• Kernel namespaces (isolation) 
• cgroups (resource mgmt) 
• intuitive build system
Dockerfile 
10 
$ cat Dockerfile 
# From which image to start from 
FROM fedora:20 
# Who is in charge 
MAINTAINER "Christian Kniep <christian@qnib.org>" 
# Execute bash command 
RUN yum install -y stress 
# if no command is given, this command will be 
# executed at runtime (within a bash). 
CMD ["stress", "-c", "4"]
Build Dockerfile 
11 
$ docker build -q -t locafox/stress . 
Step 0 : FROM fedora:20 
---> 7d3f07f8de5f 
Step 1 : RUN yum install -y stress 
---> Running in 43fcf8d8393a 
---> f1d0c1455565 
Removing intermediate container 43fcf8d8393a 
Step 2 : CMD stress -c 4 
---> Running in bd6536dfabed 
---> 24b99ee707fe 
Removing intermediate container bd6536dfabed 
Successfully built 24b99ee707fe 
$
Cached Builds 
12 
$ docker build -q -t locafox/stress . 
Step 0 : FROM fedora:20 
---> 7d3f07f8de5f 
Step 1 : RUN yum install -y stress 
---> Using cache 
---> f1d0c1455565 
Step 2 : CMD stress -c 4 
---> Using cache 
---> 24b99ee707fe 
Successfully built 24b99ee707fe 
$ 
If the build step is already executed, it will be cached.
Docker in a (Coco-)Nutshell 
• (chroot)2 != Virtual Machine 
• Builds on-top LinuX Containers (LXC) 
• Kernel namespaces (isolation) 
• cgroups (resource mgmt) 
• intuitive build system 
13
cgroups 
14 
4 CPU stress processes 
are bound to Core 0
cgroups [cont] 
15 
4 CPU stress processes 
are bound to Core 0 & 3
Docker in a (Coco-)Nutshell 
• (chroot)2 != Virtual Machine 
• Builds on-top LinuX Containers (LXC) 
• Kernel namespaces (isolation) 
• cgroups (resource mgmt) 
• intuitive build system 
• repositories public/private/certified 
• RedHat, Microsoft, Community backed 
16
Docker details 
• (chroot)2 != Virtual Machine 
17
Docker != VM (srsly!) 
http://en.wikipedia.org/wiki/Systemd 
Virtual Machine 
• Kicks off a complete Machine, hence the name! 
• EveryoneTM disables security 
• Hard to strip down 
18 
Docker 
• Only spawns one process (in theory, at least) 
• Easy to understand (theory, old friend)
Single Purpose 
19
Single Process 
• Make SELinux useable? 
• one process 
• limited interactions 
• just simpler 
20 
https://www.youtube.com/watch?v=zWGFqMuEHdw
Docker details 
• (chroot)2 != Virtual Machine 
• Images and CoW 
21
Images and CoW 
• An image is an immutable layer 
• A container is the RW layer, 
which is executed on-top 
22 
qnib/slave 
qnib/terminal 
qnib/supervisor 
qnib/fd20 
Fedora 
qnib/of_build 
qnib/IB_build 
qnib/slurm_build 
qnib/build 
qnib/master 
qnib/gapi 
qnib/carbon 
qnib/elk 
copy-on-write 
/slurm 
FROM points to the 
parent-image and this 
relationship sticks. If the 
parent is changed, the 
child has to be rebuild.
Docker details 
• (chroot)2 != Virtual Machine 
• Images and CoW 
• Ports 
• docker exec (since 1.3) 
23
Network Port 
24 
The internal port 80 is 
exposed to the docker-host’s 
port 8080
Docker details 
• (chroot)2 != Virtual Machine 
• Images and CoW 
• Ports 
• docker exec (since 1.3) 
25
docker exec 
26 
Inject a new process 
into an already running 
container.
Ansible + Docker 
• Purpose of Config-Mgmt 
• Provisioning 
• Orchestration 
• Validation 
• Ansible 
• docker module 
• docker inventory 
• docker facts 
27
Config Mgmt 
• Provisioning 
• Bootstrap DOCKER_HOST 
• Dockerfile vs. playbooks? 
• Orchestration 
• Multiple other project in the woods 
(Docker Swarm, Kubernetes, Apache Mesos[?], …) 
• Validation 
• Is the configuration within still valid? 
28
Ansible + Docker 
• Purpose of Config-Mgmt 
• Provisioning 
• Orchestration 
• Validation 
• Ansible 
• docker module 
• docker inventory 
• docker facts 
29
Ansible 
• docker module 
• Start/Stop Container 
• docker inventory 
• provide dynamic inventory by fetching info about 
running containers 
• docker facts 
• Use information about containers within Ansible 
30
Thoughts 
• Containers mostly do not provide an SSH daemon 
• Connecting via 
• Docker is a nice way to check out playbook 
• Otherwise playbooks shouldn’t be used inside of Dockerfiles [IMHO] 
• Use Ansible to check configuration within container? 
• Setup SELinux rules using Ansible 
• Vagrant vs. Docker 
31 
docker exec <container> bash

More Related Content

What's hot

An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSXScott Lowe
 
CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes Adnan Rashid
 
2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful Services2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful ServicesThomas Graf
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep diveTrinath Somanchi
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on LinuxEtsuji Nakai
 
Introduction to openshift
Introduction to openshiftIntroduction to openshift
Introduction to openshiftMamathaBusi
 
NFV Orchestration for Telcos using OpenStack Tacker
NFV Orchestration for Telcos using OpenStack TackerNFV Orchestration for Telcos using OpenStack Tacker
NFV Orchestration for Telcos using OpenStack TackerSridhar Ramaswamy
 
Why sdn
Why sdnWhy sdn
Why sdnlz1dsb
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack NetworkingIlya Shakhat
 
What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19ShapeBlue
 
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift  Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud OpenShift  Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud Hidetsugu Sugiyama
 
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...Vietnam Open Infrastructure User Group
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Diverajdeep
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
Openstack Trunk Port
Openstack Trunk PortOpenstack Trunk Port
Openstack Trunk Portbenceromsics
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleMihai Criveti
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
 

What's hot (20)

An Introduction to VMware NSX
An Introduction to VMware NSXAn Introduction to VMware NSX
An Introduction to VMware NSX
 
CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes CKA Certified Kubernetes Administrator Notes
CKA Certified Kubernetes Administrator Notes
 
2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful Services2015 FOSDEM - OVS Stateful Services
2015 FOSDEM - OVS Stateful Services
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep dive
 
How VXLAN works on Linux
How VXLAN works on LinuxHow VXLAN works on Linux
How VXLAN works on Linux
 
Introduction to openshift
Introduction to openshiftIntroduction to openshift
Introduction to openshift
 
NFV Orchestration for Telcos using OpenStack Tacker
NFV Orchestration for Telcos using OpenStack TackerNFV Orchestration for Telcos using OpenStack Tacker
NFV Orchestration for Telcos using OpenStack Tacker
 
Why sdn
Why sdnWhy sdn
Why sdn
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack Networking
 
What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19What's Coming in CloudStack 4.19
What's Coming in CloudStack 4.19
 
Ansible - Hands on Training
Ansible - Hands on TrainingAnsible - Hands on Training
Ansible - Hands on Training
 
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift  Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud OpenShift  Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
 
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
 
OpenvSwitch Deep Dive
OpenvSwitch Deep DiveOpenvSwitch Deep Dive
OpenvSwitch Deep Dive
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real project
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Openstack Trunk Port
Openstack Trunk PortOpenstack Trunk Port
Openstack Trunk Port
 
Nfv
NfvNfv
Nfv
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image Lifecycle
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals Training
 

Viewers also liked

DevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and dockerDevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and dockerMark Stillwell
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual AppliancesJeremy Brown
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpiQNIB Solutions
 
Vagrant and Docker
Vagrant and DockerVagrant and Docker
Vagrant and DockerNascenia IT
 
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIB Solutions
 
Vagrant and docker
Vagrant and dockerVagrant and docker
Vagrant and dockerDuckDuckGo
 
Vagrant + Ansible + Docker
Vagrant + Ansible + DockerVagrant + Ansible + Docker
Vagrant + Ansible + DockerVijay Selvaraj
 
DevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleDevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleArnaud LEMAIRE
 
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...Samuel Lampa
 
An Introduction to Vagrant and Docker
An Introduction to Vagrant and DockerAn Introduction to Vagrant and Docker
An Introduction to Vagrant and DockerScott Lowe
 
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community MeetingFlash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community MeetingMark Guzdial
 
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community MeetingTalk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community MeetingMark Guzdial
 
Sinister sculptor part 2
Sinister sculptor part 2Sinister sculptor part 2
Sinister sculptor part 2Dana Archer
 
A new beginning pt.2
A new beginning pt.2A new beginning pt.2
A new beginning pt.2Dana Archer
 
United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์Nitchanan Riensombat
 
Ervan jonathan
Ervan jonathanErvan jonathan
Ervan jonathanErvan123
 

Viewers also liked (20)

DevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and dockerDevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and docker
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual Appliances
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi
 
Vagrant and Docker
Vagrant and DockerVagrant and Docker
Vagrant and Docker
 
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
 
Vagrant and docker
Vagrant and dockerVagrant and docker
Vagrant and docker
 
Vagrant + Ansible + Docker
Vagrant + Ansible + DockerVagrant + Ansible + Docker
Vagrant + Ansible + Docker
 
DevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleDevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & Ansible
 
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
 
An Introduction to Vagrant and Docker
An Introduction to Vagrant and DockerAn Introduction to Vagrant and Docker
An Introduction to Vagrant and Docker
 
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community MeetingFlash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
 
Mga krusada
Mga krusadaMga krusada
Mga krusada
 
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community MeetingTalk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
 
M47 30
M47 30M47 30
M47 30
 
MIT to the NYSE: Journey from University Tech to M&A
MIT to the NYSE: Journey from University Tech to M&AMIT to the NYSE: Journey from University Tech to M&A
MIT to the NYSE: Journey from University Tech to M&A
 
Sinister sculptor part 2
Sinister sculptor part 2Sinister sculptor part 2
Sinister sculptor part 2
 
A new beginning pt.2
A new beginning pt.2A new beginning pt.2
A new beginning pt.2
 
United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์
 
Ervan jonathan
Ervan jonathanErvan jonathan
Ervan jonathan
 
Tik 6
Tik 6Tik 6
Tik 6
 

Similar to Ansible docker

Using Docker with OpenStack - Hands On!
 Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!Adrian Otto
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetesDongwon Kim
 
Docker - From Walking To Running
Docker - From Walking To RunningDocker - From Walking To Running
Docker - From Walking To RunningGiacomo Vacca
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 PresentationSreenivas Makam
 
About docker in GDG Seoul
About docker in GDG SeoulAbout docker in GDG Seoul
About docker in GDG SeoulJude Kim
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...Akihiro Suda
 
[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at NuxeoNuxeo
 
Tech talk on docker with demo
Tech talk on docker with demoTech talk on docker with demo
Tech talk on docker with demoSandeep Karnawat
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSFrank Munz
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniTheFamily
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraDaniel Palstra
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochranedotCloud
 

Similar to Ansible docker (20)

Docker.ppt
Docker.pptDocker.ppt
Docker.ppt
 
presentation on Docker
presentation on Dockerpresentation on Docker
presentation on Docker
 
Using Docker with OpenStack - Hands On!
 Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
Docker - From Walking To Running
Docker - From Walking To RunningDocker - From Walking To Running
Docker - From Walking To Running
 
Docker Presentation
Docker PresentationDocker Presentation
Docker Presentation
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
 
About docker in GDG Seoul
About docker in GDG SeoulAbout docker in GDG Seoul
About docker in GDG Seoul
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
 
[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo
 
Tech talk on docker with demo
Tech talk on docker with demoTech talk on docker with demo
Tech talk on docker with demo
 
Docker.ppt
Docker.pptDocker.ppt
Docker.ppt
 
Docker
DockerDocker
Docker
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCS
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Docker meetup-jan-2015
Docker meetup-jan-2015Docker meetup-jan-2015
Docker meetup-jan-2015
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
 
Django and Docker
Django and DockerDjango and Docker
Django and Docker
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
 

Recently uploaded

Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Why Agile? - A handbook behind Agile Evolution
Why Agile? - A handbook behind Agile EvolutionWhy Agile? - A handbook behind Agile Evolution
Why Agile? - A handbook behind Agile EvolutionDEEPRAJ PATHAK
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Which standard is best for your content?
Which standard is best for your content?Which standard is best for your content?
Which standard is best for your content?Rustici Software
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Dynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationDynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationBuild Intuit
 

Recently uploaded (20)

Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Why Agile? - A handbook behind Agile Evolution
Why Agile? - A handbook behind Agile EvolutionWhy Agile? - A handbook behind Agile Evolution
Why Agile? - A handbook behind Agile Evolution
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Which standard is best for your content?
Which standard is best for your content?Which standard is best for your content?
Which standard is best for your content?
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Dynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationDynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientation
 

Ansible docker

  • 2. About Me 2 • Have worked • Iteration through L1/2/3 SysOps • Mostly german automotive sector • 01/2013 -> 10/2014 R&D @Bull SAS • Now • independent R&D / Freelancing • DevOps Eng. at Locafox (scale online) • Hot topics • Containerization • Log / Performance Management • GO-Lang • HPC Cluster Software Stack / Interconnect
  • 3. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine 3
  • 4. Traditional vs. Lightweight Layers 4 SERVICE SERVICE SERVICE InitSystem InitSystem InitSystem Userland (OS) Userland (OS) Userland (OS) KERNEL KERNEL HYPERVISOR InitSystem HOST KERNEL SERVER KERNEL Userland (OS) SERVICE SERVICE SERVICE Userland (OS) Userland (OS) Userland (OS) InitSystem Userland (OS) HOST KERNEL SERVER Traditional Virtualisation Docker Containerisation
  • 5. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) 5
  • 6. Process Namespace 6 $ docker run -ti --rm ubuntu:14.04 ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 10:24 ? 00:00:00 ps -ef $ Containers are not able to see processes outside of their scope.
  • 7. Network Namespace 7 $ docker run -ti --rm ubuntu:14.04 ip -4 -o addr 1: lo inet 127.0.0.1/8 scope host lo 10: eth0 inet 172.17.0.4/16 scope global eth0 $ Each container got it’s own network stack (by default, configureable).
  • 8. Namespace • Mount (do not mess with other file systems) • User (users are only valid within one container) • IPC (Interprocess communication only within) • UTS (hostname / domain name is unique) 8
  • 9. Docker in a (Coco-)Nutshell 9 • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system
  • 10. Dockerfile 10 $ cat Dockerfile # From which image to start from FROM fedora:20 # Who is in charge MAINTAINER "Christian Kniep <christian@qnib.org>" # Execute bash command RUN yum install -y stress # if no command is given, this command will be # executed at runtime (within a bash). CMD ["stress", "-c", "4"]
  • 11. Build Dockerfile 11 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Running in 43fcf8d8393a ---> f1d0c1455565 Removing intermediate container 43fcf8d8393a Step 2 : CMD stress -c 4 ---> Running in bd6536dfabed ---> 24b99ee707fe Removing intermediate container bd6536dfabed Successfully built 24b99ee707fe $
  • 12. Cached Builds 12 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Using cache ---> f1d0c1455565 Step 2 : CMD stress -c 4 ---> Using cache ---> 24b99ee707fe Successfully built 24b99ee707fe $ If the build step is already executed, it will be cached.
  • 13. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system 13
  • 14. cgroups 14 4 CPU stress processes are bound to Core 0
  • 15. cgroups [cont] 15 4 CPU stress processes are bound to Core 0 & 3
  • 16. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system • repositories public/private/certified • RedHat, Microsoft, Community backed 16
  • 17. Docker details • (chroot)2 != Virtual Machine 17
  • 18. Docker != VM (srsly!) http://en.wikipedia.org/wiki/Systemd Virtual Machine • Kicks off a complete Machine, hence the name! • EveryoneTM disables security • Hard to strip down 18 Docker • Only spawns one process (in theory, at least) • Easy to understand (theory, old friend)
  • 20. Single Process • Make SELinux useable? • one process • limited interactions • just simpler 20 https://www.youtube.com/watch?v=zWGFqMuEHdw
  • 21. Docker details • (chroot)2 != Virtual Machine • Images and CoW 21
  • 22. Images and CoW • An image is an immutable layer • A container is the RW layer, which is executed on-top 22 qnib/slave qnib/terminal qnib/supervisor qnib/fd20 Fedora qnib/of_build qnib/IB_build qnib/slurm_build qnib/build qnib/master qnib/gapi qnib/carbon qnib/elk copy-on-write /slurm FROM points to the parent-image and this relationship sticks. If the parent is changed, the child has to be rebuild.
  • 23. Docker details • (chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 23
  • 24. Network Port 24 The internal port 80 is exposed to the docker-host’s port 8080
  • 25. Docker details • (chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 25
  • 26. docker exec 26 Inject a new process into an already running container.
  • 27. Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 27
  • 28. Config Mgmt • Provisioning • Bootstrap DOCKER_HOST • Dockerfile vs. playbooks? • Orchestration • Multiple other project in the woods (Docker Swarm, Kubernetes, Apache Mesos[?], …) • Validation • Is the configuration within still valid? 28
  • 29. Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 29
  • 30. Ansible • docker module • Start/Stop Container • docker inventory • provide dynamic inventory by fetching info about running containers • docker facts • Use information about containers within Ansible 30
  • 31. Thoughts • Containers mostly do not provide an SSH daemon • Connecting via • Docker is a nice way to check out playbook • Otherwise playbooks shouldn’t be used inside of Dockerfiles [IMHO] • Use Ansible to check configuration within container? • Setup SELinux rules using Ansible • Vagrant vs. Docker 31 docker exec <container> bash