Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Why everyone is excited about Docker
(and you should too...)

Published in: Technology


  1. 1. MILAN november 28th/29th 2014 Carlo Bonamico Why everyone is excited about Docker (and you should too...) - NIS s.r.l. – Genova Java User Group Twitter: @carlobonamico
  2. 2. Didn't you hear these at least once?  Can you deploy my application? It's for Linux...  Yes, but which distribution? release? patch?  Why the deploy failed? Didn't you test the app?  Yes, but the production environment is slightly different  The new version is having some issues, can you rollback to the previous one, please?  Yes, but it will take some hours – if John hasn't already gone home – in that case he'll do it on monday  Can you debug this production problem?  Yes, but I need an hosted DEV environment as I can't run all the needed VMs on my laptop
  3. 3. In the beginning...  We moved from physical server to VMs  performance and resource usage issues  Got more security and hardware independence  but creating a VM still takes time  Some hosting / cloud providers took advantage of kernel-level virtualization  LXC  OpenVZ  But out-of-reach of the common man Dev  Try setting up LXC...
  4. 4. Then in 2013 (please fake drum roll)  Solomon Hykes (@solomonstre) started Docker as an internal project within hosting  to make Linux Containers an order of magnitude easier  and more powerful, too  Open Sourced in March 2013  in a week, it went to the top projects on GitHub   A catalyst for innovative work on containers  shortly, several other key projects converged
  5. 5. Fast Forward to mid-2014  Major Open Source project with contributions from all the big names in IT  Google, RedHat, OpenShift, Ubuntu ...  DotCloud → Docker Inc.   All cloud big and small names are in a rush to provide Docker hosting  Amazon, CloudFoundry, Linode, Digital Ocean…  and Microsoft !  both for Azure and soon for the new Windows Server...
  6. 6. But why should I join the party?  In short, Docker makes creating  Development  Test  and Production  environments an order of magnitude  simpler  faster  and completely portable  across both local and cloud infrastructure
  7. 7. Docker hello world...  What's happening here? user@laptop:~$ docker pull ubuntu:14.04.1 user@laptop:~$ docker run ubuntu:14.04.1 echo "Hello World" Hello World  And here? user@laptop:~$ docker run ­t ­i ubuntu:14.04.1 /bin/bash root@d1fa8fcb4518:/# ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var root@d1fa8fcb4518:/# python bash: python: command not found root@d1fa8fcb4518:/#
  8. 8. Behind the scenes...  I run the docker cli (Command Line Interface ) user@laptop:~$ docker run ­t ­i ubuntu:14.04.1 /bin/bash  the CLI connects to docker daemon by REST API,  which asks the Linux kernel to create a new container d1fa8fcb4518  and runs /bin/bash in it, so root@d1fa8fcb4518:/# ls bin boot dev etc home lib lib64 media ...  lists the filesystem of the container (!= from host OS) root@d1fa8fcb4518:/# python bash: python: command not found
  9. 9. So what's inside Docker?  Isolation layer based on kernel namespaces  separate process trees, network, user IDs and mounted file systems  Resource isolation through cgroups  CPU, memory, block I/O and network  Standard interface through libcontainer  based on libvirt, LXC and systemd-nspawn  And more...
  10. 10. How are data & containers stored?  AUFS Another Union Filesystem  possibly other snapshotting fs (zfs) / block device (LVM)  Layered approach  rootfs → kernel layer  bootfs → a Linux distribution  emacs  apache  application  Copy-on-Write approach – à la subversion (SVN)
  11. 11. Containers, Images and Index  A Container is a running instance  can run 100-1000 containers per host  An Image is a static snapshot  in turn based on a series of layers  unique hash for each layer, so  Images are basically versioned (think git)  can be tagged ubuntu:14.04.1  can be updated by applying layer deltas  Images can be stored in an Index  local and remote indexes (think maven / npm repos)
  12. 12. So a container is like a lighter/better Virtual Machine? Well...
  13. 13. VM vs Container  A Virtual Machine  needs an hypervisor  and a full OS inside  Bigger footprint  RAM needed  Storage space  Tend to be slower  2 filesystems, 2 OSes  Strong resource management  A Container  talks to the host kernel  Smaller footprint  no RAM needed for Guest OS  differential storage  Tend to be faster  direct CPU access  Less sophisticated resource management
  14. 14. VM vs Container
  15. 15. Great! but tell me about security  Are containers less secure than Vms?  the answer is nuanced...   Can I use Docker in Production?  Sure! many Internet companies trust it  But a container still needs good System Administration & InfoSec practices!  limiting privileges, avoiding unsecure defaults, etc... ­linux­conta iners­lxc­and­security ­security­s elinux Avoid This!
  16. 16. Docker workflow
  17. 17. Start with a dockerfile  Define an image for running Tomcat 7  inspired by FROM java:7­jre RUN groupadd ­r tomcat && useradd ­r ­­create­home ­g tomcat tomcat ENV CATALINA_HOME /usr/local/tomcat ENV PATH $CATALINA_HOME/bin:$PATH RUN mkdir ­p "$CATALINA_HOME" && chown tomcat:tomcat "$CATALINA_HOME" WORKDIR $CATALINA_HOME USER tomcat ENV TOMCAT_MAJOR 7 ENV TOMCAT_VERSION 7.0.57
  18. 18. Dockerfiles - continued ENV TOMCAT_TGZ_URL­$ TOMCAT_MAJ OR/v$TOMCAT_VERSION/bin/apache­tomcat­$ TOMCAT_VERSION .tar.gz RUN curl ­SL "$TOMCAT_TGZ_URL" ­o tomcat.tar.gz && curl ­SL "$TOMCAT_TGZ_URL.asc" ­o tomcat.tar.gz.asc && tar ­xvf tomcat.tar.gz ­­strip­components= 1 && rm bin/*.bat && rm tomcat.tar.gz* EXPOSE 8080 CMD ["", "run"]  Public repo of Dockerfiles, with automatic build 
  19. 19. Building an image  Build the image from the Dockerfile docker build .  You can then do further edits, then docker build .  And archive the image locally docker commit 38b73dfecc3c docker­simple­samples­web  And tag it docker tag 47432ccfea81 docker­simple­samples­web: 1.0  List local images docker images
  20. 20. Starting a container  Start a container interactively docker run ­i ­t docker­simple­samples­web /bin/bash  Start a container as a daemon  using defaul entrypoint docker run ­d docker­simple­samples­web: 1.0  Check running containers docker ps  And stopping it  docker stop <<id>>  Check also stopped containers docker ps ­a
  21. 21. Attaching to a running container  Using nsenter docker inspect ­­format "{{ .State.Pid }}" determined_bardeen nsenter ­­target $PID ­­mount ­­uts ­­ipc ­­net ­­pid
  22. 22. Storing and Sharing data  Creating a Container to host a data Volume #Dockerfile FROM busybox VOLUME /var/lib/mysql CMD /bin/sh  Create the Image docker build ­­tag carlobonamico/datastore  Create the Container docker run ­d ­name pgsql_data ­v /var/lib/pgsql/ carlobonamico/datastore  Attach the volume to another container docker run ­d ­volumes­from pgsql_data cb/postgres­db
  23. 23. Publishing  To the Central Registry docker push carlobonamico/docker­simple­samples­web  need a free account on  Tag and publish to a private repository  docker tag 8dbd9e392a96 my­local­repo: 5000/docker­simple­samples­web  You need ­registry
  24. 24. Deploy to the cloud  On cloud server docker pull carlobonamico/docker­simple­samples­web: 2  Run it docker run ­d carlobonamico/docker­s... ­samples­web: 2  Upgrade it docker pull carlobonamico/docker­s... ­samples­web: 2.1  Run it docker run ­d carlobonamico/docker­s... ­samples­web: 2.1  Rollback to previous version docker run ­d carlobonamico/docker­s... ­samples­web: 2
  25. 25. So what do I get?  If I am a Dev  recreate complex environments on a laptop  If I am a Tester  easy to recreate applications deployments and data  If I am an Ops person  less configuration effort  more standardization  In general  lots of pre-packaged components   quickly deploy (groups of) packages  even multiple versions at the same time But many other benefits to come...
  26. 26. Docker and DevOps DevOps is a software development method that stresses communication, collaboration and integration between software developers and IT professionals, as a response to the interdependence of Dev and Ops.   Docker gives a common, seamless collaboration model and workflow between Dev and Ops  clearer separation of responsibilities  Docker and DevOps by Gene Kim 
  27. 27. Docker helps Continuous Delivery Continuous Delivery of value to users through a constant flow of incremental product/service improvements along the entire pipeline Idea → Implementation → Test → Deploy → Prod  4 Practices of Continuous Delivery (from the book)  Build binaries only once  package them in containers  Same mechanism to deploy to every environment  and move the containers across environments  Smoke test your deployment, & If anything fails, stop the line!
  28. 28. Docker helps with CD's 8 principles  Releasing/deploying MUST be repeatable and reliable  containers  Automate everything!  docker is fully scriptable and has an API  If somethings difficult or painful, do it more often  containers are quick to deploy many times a day  Keep everything in source control  including dockerfiles!  Done means “released”  it's containers all the way to production  Build quality in!  containers support frequent and realistic testing  Everybody has responsibility for the release process  see DevOps slide...  Improve continuously
  29. 29. What do I put in a Docker image?  The traditional Way  VM-like approach  SSH, init.d  several apps in the same container    Useful in the transition phase or to run existing SW  The Docker Way  run a service per container  purists say a single process per container!
  30. 30. From a single container
  31. 31. To many containers  Two key drivers  Scalability  Microservices
  32. 32. Microservices Instead of big, monolitic, black-hole-like single app implement a network of collaborating simple services “a bit like SOA, but done right”  Componentization via Services  Organized around Business Capabilities  Products not Projects  Smart endpoints and dumb pipes  Decentralized Governance  Decentralized Data Management  Infrastructure Automation  Design for failure  Evolutionary Design It looks like Docker is a perfect match!
  33. 33. SOLID Design Principles  Apply @unclebobmartin S.O.L.I.D. principles to entire architecture  Separation of Concerns → microservices  Open for extension, Closed for modification → Immutable Infrastructure  never “change” a container: add a new one with the new version then discard the old one ­infrastructure/  Liskov Substitution Principle → APIs, service contracts  Interface Segregation Principle → micro-APIs  Dependency Inversion Principle → container linking
  34. 34. Linking containers  Run a DB  and give it a name docker run ­d ­­name db postgres:9.3.5  Run a Web server docker rm ­f carlobonamico/web  does not see the db  Run a Web Server linked to the DB  with automatic local dns alias registration docker run ­d ­P ­­link db:db carlobonamico/d­s­s­web
  35. 35. Principles of Package Design  How do I split functionality across Containers?  REP The Release Reuse Equivalency Principle  The granule of reuse is the granule of release  CCP The Common Closure Principle  Classes that change together are packaged together  CRP The Common Reuse Principle  Classes that are used together are packaged together  ADP The Acyclic Dependencies Principle  The dependency graph must have no cycles  SDP The Stable Dependencies Principle  Depend in the direction of stability  SAP The Stable Abstractions Principle  Abstractness increases with stability  Thank you again, Uncle Bob
  36. 36. Managing Development and Production clusters  Fig  create DEV environm.  fig.yml web: build: . command: catalina .sh run links: ­db ports: ­" 8000:8000" db: image: postgres  Then (think vagrant-up) fig up   open source  ooglecloudplatform/k ubernetes  manage prod clusters  use it on Google Compute Engine  or download on premises
  37. 37. Ansible and Docker  So I do not need a configuration management system anymore?  Well, you still need to  Create images  Manage the Docker host  Ansible to the rescue!
  38. 38. Ansible  Simple yet incredibly powerful Open Source configuration management and orchestration tool  Infrastructure as data  re­as­data­with­ansible­for­easier­continuous­deliver y  Ansible can support Docker in two ways   1) Manage the docker host with docker module  e.g. create a container running Tomcat docker: image=centos command="service tomcat6 start" ports=808
  39. 39. Building Images with Ansible  2) Copy and launch ansible playbook in Dockerfile ­and­buil ding­docker­with­ansible ­docker­presentati on  Use base image with ansible from FROM ansible/ubuntu14.04­ansible MAINTAINER yourname RUN git clone /tmp/myapp WORKDIR /tmp/myapp ADD inventory /etc/ansible/hosts RUN ansible­playbook myapp.yml ­c local EXPOSE 22 3000 ENTRYPOINT [“/home/app/tomcat/bin/ run”]
  40. 40. So, where do I start?  Try the samples ­simple­sample s  Great interactive tutorial at  ­prac tices/  Try Docker in the Cloud  with Koding ide ­is­docker/
  41. 41. References  Cloud architectures ­field­guide/   Microservices ­mucon   Distributions to put around and inside a container?   Docker and Windows ­and­microsoft­i ntegrating­docker­with­windows­server­and­microsoft­a zure
  42. 42. Thank you!  Other presentations   Follow me on Twitter  @carlobonamico  updates on Docker, Ansible, Continuous Delivery  and some AngularJS!  Contact me  /  My company 
  43. 43. Running on Mac/Windows  Boot2docker  A minimalistic VM – just SSH + docker   Download and launch the installer ­installer/ rele ases/latest  Launch docker Boot2Docker Start