SlideShare a Scribd company logo

Docker in pratice -chenyifei

D
dotCloud
Technology
1 of 31
Download to read offline
Lightweight virtualization -- docker in practice • Baidu BAE team -- Chen YiFei • 2013-10.25 2013/12/5
Outline • 1. Lightweight virtualization • What is Lightweight virtualization? • What technology is behind Lightweight virtualization? • 2. BAE and docker • What is docker? • Why does BAE choose docker? • How does BAE use docker? • 3. Docker developments and forecast
What is Lightweight virtualization technology • From Linux-process perspective • What are the surrounding environments and resources involved when the processes are running? • • • • • Linux Kernel File System Network System PID, UID, IPC and other resources memory, disk, CPU and other resources • Each process sees the same surroundings • All processes share these same resources 2013/12/5
What is Lightweight virtualization technology • With development in technology, new requirements are formed: •Resource isolation: different processes need their own independent surroundings •Resource constrains: some processes can only have limited resources a group of processes • Ability to isolate and set limitations to them 2013/12/5
What is Lightweight virtualization technology • Requirements are summarized as follows: • for a group of processs • Allocate separate operating environment • File System • Network System • PID, UID, UTS, mount, IPC namespace • Able to limit resources they can use • Memory • CPU • Network Traffic • Disk Space • Disk read and write frequency • It would ideal if interference between process groups can be eliminated
What is Lightweight virtualization technology • Lightweight virtualization is the technology used to fulfill these requirements • The process groups that meet the above restrictions are called "lightweight virtual machine" or Container • Process Container concept was first introduced by Google engineers in 2006 • http://lwn.net/Articles/199643/ • http://lwn.net/Articles/236038/ • wikipedia definition • http://en.wikipedia.org/wiki/Operating_systemlevel_virtualization 2013/12/5
What is Lightweight virtualization technology • Demonstration 2013/12/5
Lightweight virtualization --technologies and projects • Underlying technology: • • • • namespace/cgroups veth union fs(AUFS) netfilter/chroot/tc/quota • Low-level container management • LXC/libvirt • Security related • grsec/apparmor/SELinux • High-level container/image management • docker/warden/lmctfy/openVZ
Lightweight virtualization -- technologies and projects cloudfoundry/heroku/dotcloud/appfog/openshift docker warden LXC lmctfy openvz libvirt namespace/cgroups/netfilter/tc/veth/quota/union fs grsec apparmor SELinx
BAE and docker --what is docker • A complete solution for Lightweight virtual machine. • Open source project developed by dotCloud • https://www.docker.io/ • https://github.com/dotcloud/docker • Introduced about 6 months ago, ranked first in language activity by Github GO language
BAE and docker --what is docker • Based on LXC tools , but easier to use • AUFS: speedy creation of container, cool image management. • Client-Server Architecture • REST API: Clear interface • Command-line tool: easy to use
BAE and docker --what is BAE • http://developer.baidu.com • Baidu PAAS platform for developers 2013/12/5
BAE and docker --why does BAE choose docker • The dilemma of traditional PAAS • GAE is the instigator • Resource isolation and resource constraints are achieved through sandbox technology • High cost of platform development and maintenance • Many limitations, and high cost of learning • High cost of application migration and development • Developers complain much
BAE and docker --why does BAE choose docker • PAAS based on sandbox techology Machine php-fpm process with sandbox app-A app-B app-C
BAE and docker --why does BAE choose docker • Container technology brought the light: • Get rid of the sandbox; through Container technology, resource is isolated and limited in the outer layer • No language level restrictions, significantly reduce development costs • Supporting new programming language made extremely simple • cost of platform development and maintenance is significantly lowered • Industry trends: Emerging PAAS platform have chosen Container • Cloudfoudry/openshift/heroku/dotcloud/appfog
BAE and docker --why does BAE choose docker • PAAS based on container technology Machine Container Container php-fpm php-fpm app-B app-A Container php-fpm app-C
BAE and docker --why does BAE choose docker • BAE2.0 platform is a sandbox-based PAAS • We are deeply troubled by the sandbox • Noting Container technology, began preliminary research and exploration
BAE and docker -- technology option one: to develop by ourself • Internal virtual machine team gave the following solution: • openstack + libvirt • Functionally, it meets the basic needs • Problems: • the most important requirements are not addressed: • Need frequent creation and deletion of Container • Need to create and delete container within a few seconds • Actually creation of the Container takes more than 15 seconds (not acceptable) • Openstack superfluous • Not enough confidence in the quality of the code • Lack of follow-up technical support
BAE and docker -- technology option two: warden • The warden from cloudfoundry • warden is a more complete solution • However: • not familiar with Ruby • deang tightly coupled with warden • Not active enough in the technical community
BAE and docker -- get to know docker • By chance, talked to docker evangelist Jerome Petazzoni • Assessment for docker • Functionally, it meets the main needs • Intrepid: Virtual machine can be quickly created and deleted • Intrepid: incremental image management capabilities • Code easier to read; has confidence to solve problem • tech community are very active and all view it with good future
BAE and docker -- docker in practice • Docker's resource isolation meet the basic needs • the main development work: • better resource limitation • More comprehensive security restrictions • for the public PAAS platform, security is the most important. 2013/12/5
BAE and docker -- docker in practice • Better resource limitation: • memory • CPU • Disk space • quota • Disk read and write • blkio • Network bandwidth • tc • setrlimit
BAE and docker -- docker in practice • More comprehensive security restrictions • grsec: most important • apparmor: • LXC tools: • lxc.drop_capabilities • Lxc.device.deny • strict iptables rules • account managment • random root password • deny root login • scanning for suspicious running processes
BAE and docker -- docker in practice • using docker private image registry to take care of image management problem
BAE and docker -- docker in practice • the problem we meet and solved: • containers can't work after docker server restart • our patch has been accepted • unstable during pressure test: • create iptable rule may fail • container can't be stopped or deleted sometimes • too many threads created by docker server
the development of docker -- ecosystem thriving • • • • CoreOS Yandex – Cocaine Flynn - https :/ / flynn.io / The latest version of OpenStack Havana has the native support for docker • ...
the development of docker -- the cooperation with Redhat • Docker’s key step: • take full advantage of the powerful network management capabilities of libvirt • Use the device-mapper technology to remove the dependence on AUFS • Use SELinux to resolve security issues • will be able to run on Red Hat's Linux distributions • Openshift integrated support for docker
the development of docker -- the main problem to be solved • Security • user namespace is used to solve root privilege problem • using SELinux for security • Support more Linux distributions • With AUFS constraints, currently only supports ubuntu • Support more architectures • Currently only supports x86-64
docker forecast • Will become the leader in this field • Cloudfoundry, openshift will support docker • open source PAAS project based on docker will be born, and be developed with Go language • A growing number of emerging open source project will commence on docker
Reference • • • • • • • • • • http://www.infoq.com/articles/docker-containers http://en.wikipedia.org/wiki/Operating_system-level_virtualization http://en.wikipedia.org/wiki/LXC http://en.wikipedia.org/wiki/Cgroups http://en.wikipedia.org/wiki/Linux_Containers http://en.wikipedia.org/wiki/Aufs http://libvirt.org/ http://linuxcontainers.org/ https://wiki.ubuntu.com/LxcSecurity http://lwn.net/Articles/236038/
Reference • http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloudpart • http://blog.dotcloud.com/kernel-secrets-from-the-paasgarage-part-24-c • http://www.nsnam.org/wiki/index.php/HOWTO_Use_Linux _Containers_to_set_up_virtual_networks • http://openvz.org/Main_Page • http://aufs.sourceforge.net/ • http://blog.docker.io/2013/08/containers-docker-howsecure-are-they/

Recommended

DockerCon Keynote Ben Golub
DockerCon Keynote Ben GolubDockerCon Keynote Ben Golub
DockerCon Keynote Ben GolubdotCloud
 
Are VM Passé?
Are VM Passé? Are VM Passé?
Are VM Passé? dotCloud
 
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013dotCloud
 
Docker, a new LINUX container technology based light weight virtualization
Docker, a new LINUX container technology based light weight virtualizationDocker, a new LINUX container technology based light weight virtualization
Docker, a new LINUX container technology based light weight virtualizationSuresh Balla
 
Building a smarter application Stack by Tomas Doran from Yelp
Building a smarter application Stack by Tomas Doran from YelpBuilding a smarter application Stack by Tomas Doran from Yelp
Building a smarter application Stack by Tomas Doran from YelpdotCloud
 
Docker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registryDocker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registrydotCloud
 
Docker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDocker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDr Ganesh Iyer
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 

Recommended

DockerCon Keynote Ben Golub
DockerCon Keynote Ben GolubDockerCon Keynote Ben Golub
DockerCon Keynote Ben GolubdotCloud
 
Are VM Passé?
Are VM Passé? Are VM Passé?
Are VM Passé? dotCloud
 
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013dotCloud
 
Docker, a new LINUX container technology based light weight virtualization
Docker, a new LINUX container technology based light weight virtualizationDocker, a new LINUX container technology based light weight virtualization
Docker, a new LINUX container technology based light weight virtualizationSuresh Balla
 
Building a smarter application Stack by Tomas Doran from Yelp
Building a smarter application Stack by Tomas Doran from YelpBuilding a smarter application Stack by Tomas Doran from Yelp
Building a smarter application Stack by Tomas Doran from YelpdotCloud
 
Docker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registryDocker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registrydotCloud
 
Docker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDocker 101 - High level introduction to docker
Docker 101 - High level introduction to dockerDr Ganesh Iyer
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 
Docker and Containers overview - Docker Workshop
Docker and Containers overview - Docker WorkshopDocker and Containers overview - Docker Workshop
Docker and Containers overview - Docker WorkshopJonas Rosland
 
Docker at Spotify - Dockercon14
Docker at Spotify - Dockercon14Docker at Spotify - Dockercon14
Docker at Spotify - Dockercon14dotCloud
 
Docker Overview - Rise of the Containers
Docker Overview - Rise of the ContainersDocker Overview - Rise of the Containers
Docker Overview - Rise of the ContainersRyan Hodgin
 
Dockerize the World - presentation from Hradec Kralove
Dockerize the World - presentation from Hradec KraloveDockerize the World - presentation from Hradec Kralove
Dockerize the World - presentation from Hradec Kralovedamovsky
 
Why Docker
Why DockerWhy Docker
Why DockerdotCloud
 
Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015Jonas Rosland
 
Microservices using relocatable Docker containers
Microservices using relocatable Docker containersMicroservices using relocatable Docker containers
Microservices using relocatable Docker containersMauricio Garavaglia
 
Intro Docker october 2013
Intro Docker october 2013Intro Docker october 2013
Intro Docker october 2013dotCloud
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 
Docker Registry V2
Docker Registry V2Docker Registry V2
Docker Registry V2Docker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker, Inc.
 
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...dotCloud
 
Immutable infrastructure with Docker and EC2
Immutable infrastructure with Docker and EC2Immutable infrastructure with Docker and EC2
Immutable infrastructure with Docker and EC2dotCloud
 
Docker workshop
Docker workshopDocker workshop
Docker workshopMichał Kurzeja
 
Basic docker for developer
Basic docker for developerBasic docker for developer
Basic docker for developerWeerayut Hongsa
 
Introduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerIntroduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerChris Taylor
 
Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...
Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...
Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...Zohar Stolar
 
Docker SF Meetup January 2016
Docker SF Meetup January 2016Docker SF Meetup January 2016
Docker SF Meetup January 2016Patrick Chanezon
 
Docker based-pipelines
Docker based-pipelinesDocker based-pipelines
Docker based-pipelinesDevOps.com
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker EcosystemDmitry Skaredov
 
ISIS PAPYRUS - Comment optimiser la gestion des cas dossiers pour améliorer...
ISIS PAPYRUS - Comment optimiser la gestion des cas dossiers pour améliorer...ISIS PAPYRUS - Comment optimiser la gestion des cas dossiers pour améliorer...
ISIS PAPYRUS - Comment optimiser la gestion des cas dossiers pour améliorer...Documation Gestion de l'information et du document numérique en entreprise
 
Biodiversité et changements climatiques
Biodiversité et changements climatiquesBiodiversité et changements climatiques
Biodiversité et changements climatiquesJacques Prescott
 

More Related Content

What's hot

Docker and Containers overview - Docker Workshop
Docker and Containers overview - Docker WorkshopDocker and Containers overview - Docker Workshop
Docker and Containers overview - Docker WorkshopJonas Rosland
 
Docker at Spotify - Dockercon14
Docker at Spotify - Dockercon14Docker at Spotify - Dockercon14
Docker at Spotify - Dockercon14dotCloud
 
Docker Overview - Rise of the Containers
Docker Overview - Rise of the ContainersDocker Overview - Rise of the Containers
Docker Overview - Rise of the ContainersRyan Hodgin
 
Dockerize the World - presentation from Hradec Kralove
Dockerize the World - presentation from Hradec KraloveDockerize the World - presentation from Hradec Kralove
Dockerize the World - presentation from Hradec Kralovedamovsky
 
Why Docker
Why DockerWhy Docker
Why DockerdotCloud
 
Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015Jonas Rosland
 
Microservices using relocatable Docker containers
Microservices using relocatable Docker containersMicroservices using relocatable Docker containers
Microservices using relocatable Docker containersMauricio Garavaglia
 
Intro Docker october 2013
Intro Docker october 2013Intro Docker october 2013
Intro Docker october 2013dotCloud
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 
Docker Registry V2
Docker Registry V2Docker Registry V2
Docker Registry V2Docker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker, Inc.
 
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...dotCloud
 
Immutable infrastructure with Docker and EC2
Immutable infrastructure with Docker and EC2Immutable infrastructure with Docker and EC2
Immutable infrastructure with Docker and EC2dotCloud
 
Basic docker for developer
Basic docker for developerBasic docker for developer
Basic docker for developerWeerayut Hongsa
 
Introduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerIntroduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerChris Taylor
 
Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...
Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...
Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...Zohar Stolar
 
Docker SF Meetup January 2016
Docker SF Meetup January 2016Docker SF Meetup January 2016
Docker SF Meetup January 2016Patrick Chanezon
 
Docker based-pipelines
Docker based-pipelinesDocker based-pipelines
Docker based-pipelinesDevOps.com
 

What's hot (20)

Docker and Containers overview - Docker Workshop
Docker and Containers overview - Docker WorkshopDocker and Containers overview - Docker Workshop
Docker and Containers overview - Docker Workshop
 
Docker at Spotify - Dockercon14
Docker at Spotify - Dockercon14Docker at Spotify - Dockercon14
Docker at Spotify - Dockercon14
 
Docker Overview - Rise of the Containers
Docker Overview - Rise of the ContainersDocker Overview - Rise of the Containers
Docker Overview - Rise of the Containers
 
Dockerize the World - presentation from Hradec Kralove
Dockerize the World - presentation from Hradec KraloveDockerize the World - presentation from Hradec Kralove
Dockerize the World - presentation from Hradec Kralove
 
Why Docker
Why DockerWhy Docker
Why Docker
 
Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015Docker and containers - For Boston Docker Meetup Workshop in March 2015
Docker and containers - For Boston Docker Meetup Workshop in March 2015
 
Microservices using relocatable Docker containers
Microservices using relocatable Docker containersMicroservices using relocatable Docker containers
Microservices using relocatable Docker containers
 
Intro Docker october 2013
Intro Docker october 2013Intro Docker october 2013
Intro Docker october 2013
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Docker Registry V2
Docker Registry V2Docker Registry V2
Docker Registry V2
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
 
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
 
Immutable infrastructure with Docker and EC2
Immutable infrastructure with Docker and EC2Immutable infrastructure with Docker and EC2
Immutable infrastructure with Docker and EC2
 
Docker workshop
Docker workshopDocker workshop
Docker workshop
 
Basic docker for developer
Basic docker for developerBasic docker for developer
Basic docker for developer
 
Introduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerIntroduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and Docker
 
Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...
Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...
Introduction to containers running dockers using kubernetes - הרצאה לכנס מיק...
 
Docker SF Meetup January 2016
Docker SF Meetup January 2016Docker SF Meetup January 2016
Docker SF Meetup January 2016
 
Docker based-pipelines
Docker based-pipelinesDocker based-pipelines
Docker based-pipelines
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
 

Viewers also liked

Biodiversité et changements climatiques
Biodiversité et changements climatiquesBiodiversité et changements climatiques
Biodiversité et changements climatiquesJacques Prescott
 
Isis papyrus adaptative case management
Isis papyrus adaptative case managementIsis papyrus adaptative case management
Isis papyrus adaptative case managementVeilleMag
 
2015 B2B Content Marketing Benchmarks, Budgets and Trends - North America by ...
2015 B2B Content Marketing Benchmarks, Budgets and Trends - North America by ...2015 B2B Content Marketing Benchmarks, Budgets and Trends - North America by ...
2015 B2B Content Marketing Benchmarks, Budgets and Trends - North America by ...Content Marketing Institute
 
Expérience Consommateur : 3 principes que les marques ne peuvent plus ignorer
Expérience Consommateur : 3 principes que les marques ne peuvent plus ignorerExpérience Consommateur : 3 principes que les marques ne peuvent plus ignorer
Expérience Consommateur : 3 principes que les marques ne peuvent plus ignoreriProspect Canada
 
VMware Performance for Gurus - A Tutorial
VMware Performance for Gurus - A TutorialVMware Performance for Gurus - A Tutorial
VMware Performance for Gurus - A TutorialRichard McDougall
 
Developing a Progressive Mobile Strategy
Developing a Progressive Mobile StrategyDeveloping a Progressive Mobile Strategy
Developing a Progressive Mobile StrategyDave Olsen
 
ReST (Representational State Transfer) Explained
ReST (Representational State Transfer) ExplainedReST (Representational State Transfer) Explained
ReST (Representational State Transfer) ExplainedDhananjay Nene
 
7 Rules for Writing Blog Posts That Get Read and Shared
7 Rules for Writing Blog Posts That Get Read and Shared7 Rules for Writing Blog Posts That Get Read and Shared
7 Rules for Writing Blog Posts That Get Read and SharedMichael Hyatt
 
Routage dans les réseaux de capteurs segonde partie
Routage dans les réseaux de capteurs segonde partie Routage dans les réseaux de capteurs segonde partie
Routage dans les réseaux de capteurs segonde partie Tuenkam Steve
 
IGARSS_Presentation_Rodrigo_Jose_Pisani.ppt
IGARSS_Presentation_Rodrigo_Jose_Pisani.pptIGARSS_Presentation_Rodrigo_Jose_Pisani.ppt
IGARSS_Presentation_Rodrigo_Jose_Pisani.pptgrssieee
 
Instruction-level countermeasure against buffer overflow attacks
Instruction-level countermeasure against buffer overflow attacksInstruction-level countermeasure against buffer overflow attacks
Instruction-level countermeasure against buffer overflow attacksFrancesco Gadaleta
 
Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionNetwork Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionPramod M Mithyantha
 
airforce catching slide
airforce catching slideairforce catching slide
airforce catching slideguestd08ead
 
Insansız hava araçları
Insansız hava araçlarıInsansız hava araçları
Insansız hava araçlarıMete Cantekin
 
Scalable threat modelling with risk patterns
Scalable threat modelling with risk patternsScalable threat modelling with risk patterns
Scalable threat modelling with risk patternsStephen de Vries
 
Threat modeling with architectural risk patterns
Threat modeling with architectural risk patternsThreat modeling with architectural risk patterns
Threat modeling with architectural risk patternsStephen de Vries
 

Viewers also liked (20)

ISIS PAPYRUS - Comment optimiser la gestion des cas dossiers pour améliorer...
ISIS PAPYRUS - Comment optimiser la gestion des cas dossiers pour améliorer...ISIS PAPYRUS - Comment optimiser la gestion des cas dossiers pour améliorer...
ISIS PAPYRUS - Comment optimiser la gestion des cas dossiers pour améliorer...
 
Biodiversité et changements climatiques
Biodiversité et changements climatiquesBiodiversité et changements climatiques
Biodiversité et changements climatiques
 
Isis papyrus adaptative case management
Isis papyrus adaptative case managementIsis papyrus adaptative case management
Isis papyrus adaptative case management
 
Agile in startUps
Agile in startUpsAgile in startUps
Agile in startUps
 
2015 B2B Content Marketing Benchmarks, Budgets and Trends - North America by ...
2015 B2B Content Marketing Benchmarks, Budgets and Trends - North America by ...2015 B2B Content Marketing Benchmarks, Budgets and Trends - North America by ...
2015 B2B Content Marketing Benchmarks, Budgets and Trends - North America by ...
 
Expérience Consommateur : 3 principes que les marques ne peuvent plus ignorer
Expérience Consommateur : 3 principes que les marques ne peuvent plus ignorerExpérience Consommateur : 3 principes que les marques ne peuvent plus ignorer
Expérience Consommateur : 3 principes que les marques ne peuvent plus ignorer
 
VMware Performance for Gurus - A Tutorial
VMware Performance for Gurus - A TutorialVMware Performance for Gurus - A Tutorial
VMware Performance for Gurus - A Tutorial
 
Developing a Progressive Mobile Strategy
Developing a Progressive Mobile StrategyDeveloping a Progressive Mobile Strategy
Developing a Progressive Mobile Strategy
 
ReST (Representational State Transfer) Explained
ReST (Representational State Transfer) ExplainedReST (Representational State Transfer) Explained
ReST (Representational State Transfer) Explained
 
7 Rules for Writing Blog Posts That Get Read and Shared
7 Rules for Writing Blog Posts That Get Read and Shared7 Rules for Writing Blog Posts That Get Read and Shared
7 Rules for Writing Blog Posts That Get Read and Shared
 
Routage dans les réseaux de capteurs segonde partie
Routage dans les réseaux de capteurs segonde partie Routage dans les réseaux de capteurs segonde partie
Routage dans les réseaux de capteurs segonde partie
 
IGARSS_Presentation_Rodrigo_Jose_Pisani.ppt
IGARSS_Presentation_Rodrigo_Jose_Pisani.pptIGARSS_Presentation_Rodrigo_Jose_Pisani.ppt
IGARSS_Presentation_Rodrigo_Jose_Pisani.ppt
 
Instruction-level countermeasure against buffer overflow attacks
Instruction-level countermeasure against buffer overflow attacksInstruction-level countermeasure against buffer overflow attacks
Instruction-level countermeasure against buffer overflow attacks
 
Network Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure SelectionNetwork Intrusion Detection and Countermeasure Selection
Network Intrusion Detection and Countermeasure Selection
 
Toll like receptor (TLR)
Toll like receptor (TLR)Toll like receptor (TLR)
Toll like receptor (TLR)
 
airforce catching slide
airforce catching slideairforce catching slide
airforce catching slide
 
Insansız hava araçları
Insansız hava araçlarıInsansız hava araçları
Insansız hava araçları
 
Scalable threat modelling with risk patterns
Scalable threat modelling with risk patternsScalable threat modelling with risk patterns
Scalable threat modelling with risk patterns
 
Threat modeling with architectural risk patterns
Threat modeling with architectural risk patternsThreat modeling with architectural risk patterns
Threat modeling with architectural risk patterns
 
Sukhoi su 35
Sukhoi su 35Sukhoi su 35
Sukhoi su 35
 

Similar to Docker in pratice -chenyifei

Lightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in PracticeLightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in PracticeDocker, Inc.
 
Using Docker in production: Get started today!
Using Docker in production: Get started today!Using Docker in production: Get started today!
Using Docker in production: Get started today!Clarence Bakirtzidis
 
Dockerize the World
Dockerize the WorldDockerize the World
Dockerize the Worlddamovsky
 
DockerCon 2015: Docker Engine Breakout Session
DockerCon 2015: Docker Engine Breakout SessionDockerCon 2015: Docker Engine Breakout Session
DockerCon 2015: Docker Engine Breakout SessionDocker, Inc.
 
DockerCon US 2015 - Engine Breakout Session
DockerCon US 2015 - Engine Breakout SessionDockerCon US 2015 - Engine Breakout Session
DockerCon US 2015 - Engine Breakout SessionArnaud Porterie
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochranedotCloud
 
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM France Lab
 
Containers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciContainers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciRajesh Kolla
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaRoman Dembitsky
 
Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source John Willis
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep DiveWill Kinard
 
Docker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsDocker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsRamit Surana
 
Preparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentPreparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentDave Ward
 
Docker introduction
Docker introductionDocker introduction
Docker introductionJo Ee Liew
 
Intro to Docker October 2013
Intro to Docker October 2013Intro to Docker October 2013
Intro to Docker October 2013Docker, Inc.
 
Docker crash course
Docker crash courseDocker crash course
Docker crash coursenispas
 

Similar to Docker in pratice -chenyifei (20)

Lightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in PracticeLightweight Virtualization Docker in Practice
Lightweight Virtualization Docker in Practice
 
Using Docker in production: Get started today!
Using Docker in production: Get started today!Using Docker in production: Get started today!
Using Docker in production: Get started today!
 
Dockerize the World
Dockerize the WorldDockerize the World
Dockerize the World
 
Docker
DockerDocker
Docker
 
DockerCon 2015: Docker Engine Breakout Session
DockerCon 2015: Docker Engine Breakout SessionDockerCon 2015: Docker Engine Breakout Session
DockerCon 2015: Docker Engine Breakout Session
 
DockerCon US 2015 - Engine Breakout Session
DockerCon US 2015 - Engine Breakout SessionDockerCon US 2015 - Engine Breakout Session
DockerCon US 2015 - Engine Breakout Session
 
Django and Docker
Django and DockerDjango and Docker
Django and Docker
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
 
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
 
Containers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciContainers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aci
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 Barcelona
 
Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source Alibaba Cloud Conference 2016 - Docker Open Source
Alibaba Cloud Conference 2016 - Docker Open Source
 
Docker Containers Deep Dive
Docker Containers Deep DiveDocker Containers Deep Dive
Docker Containers Deep Dive
 
OpenStack Summit
OpenStack SummitOpenStack Summit
OpenStack Summit
 
Docker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsDocker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and tools
 
Preparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentPreparing your dockerised application for production deployment
Preparing your dockerised application for production deployment
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Intro to Docker October 2013
Intro to Docker October 2013Intro to Docker October 2013
Intro to Docker October 2013
 
Docker crash course
Docker crash courseDocker crash course
Docker crash course
 

More from dotCloud

John Engates Keynote at Dockercon 14
John Engates Keynote at Dockercon 14John Engates Keynote at Dockercon 14
John Engates Keynote at Dockercon 14dotCloud
 
OpenStack - Docker - Rackspace HQ
OpenStack - Docker - Rackspace HQOpenStack - Docker - Rackspace HQ
OpenStack - Docker - Rackspace HQdotCloud
 
Wot2013云计算架构师峰会 -陈轶飞2
Wot2013云计算架构师峰会 -陈轶飞2Wot2013云计算架构师峰会 -陈轶飞2
Wot2013云计算架构师峰会 -陈轶飞2dotCloud
 
Docker introduction
Docker introductionDocker introduction
Docker introductiondotCloud
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
 
Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire
Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire
Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire dotCloud
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwiliodotCloud
 
Dockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @TwitterDockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @TwitterdotCloud
 
Introduction to Docker - Docker workshop @Twitter
Introduction to Docker - Docker workshop @TwitterIntroduction to Docker - Docker workshop @Twitter
Introduction to Docker - Docker workshop @TwitterdotCloud
 
Docker links | Docker workshop #2 at Twitter
Docker links | Docker workshop #2 at TwitterDocker links | Docker workshop #2 at Twitter
Docker links | Docker workshop #2 at TwitterdotCloud
 
Dockerfile Basics | Docker workshop #2 at twitter, 2013-11-05
Dockerfile Basics | Docker workshop #2 at twitter, 2013-11-05Dockerfile Basics | Docker workshop #2 at twitter, 2013-11-05
Dockerfile Basics | Docker workshop #2 at twitter, 2013-11-05dotCloud
 
[Open stack] heat + docker
[Open stack] heat + docker[Open stack] heat + docker
[Open stack] heat + dockerdotCloud
 
Dockerizing WordPress
Dockerizing WordPressDockerizing WordPress
Dockerizing WordPressdotCloud
 
Building images from dockerfiles
Building images from dockerfilesBuilding images from dockerfiles
Building images from dockerfilesdotCloud
 
Docker at DevTable
Docker at DevTableDocker at DevTable
Docker at DevTabledotCloud
 
Docker presentation | Paris Docker Meetup
Docker presentation | Paris Docker MeetupDocker presentation | Paris Docker Meetup
Docker presentation | Paris Docker MeetupdotCloud
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013dotCloud
 
Installing and running Postfix within a docker container from the command line
Installing and running Postfix within a docker container from the command lineInstalling and running Postfix within a docker container from the command line
Installing and running Postfix within a docker container from the command linedotCloud
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013dotCloud
 

More from dotCloud (20)

John Engates Keynote at Dockercon 14
John Engates Keynote at Dockercon 14John Engates Keynote at Dockercon 14
John Engates Keynote at Dockercon 14
 
OpenStack - Docker - Rackspace HQ
OpenStack - Docker - Rackspace HQOpenStack - Docker - Rackspace HQ
OpenStack - Docker - Rackspace HQ
 
Wot2013云计算架构师峰会 -陈轶飞2
Wot2013云计算架构师峰会 -陈轶飞2Wot2013云计算架构师峰会 -陈轶飞2
Wot2013云计算架构师峰会 -陈轶飞2
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
 
Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire
Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire
Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
Dockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at TwilioDockerizing stashboard - Docker meetup at Twilio
Dockerizing stashboard - Docker meetup at Twilio
 
Dockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @TwitterDockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @Twitter
 
Introduction to Docker - Docker workshop @Twitter
Introduction to Docker - Docker workshop @TwitterIntroduction to Docker - Docker workshop @Twitter
Introduction to Docker - Docker workshop @Twitter
 
Docker links | Docker workshop #2 at Twitter
Docker links | Docker workshop #2 at TwitterDocker links | Docker workshop #2 at Twitter
Docker links | Docker workshop #2 at Twitter
 
Dockerfile Basics | Docker workshop #2 at twitter, 2013-11-05
Dockerfile Basics | Docker workshop #2 at twitter, 2013-11-05Dockerfile Basics | Docker workshop #2 at twitter, 2013-11-05
Dockerfile Basics | Docker workshop #2 at twitter, 2013-11-05
 
[Open stack] heat + docker
[Open stack] heat + docker[Open stack] heat + docker
[Open stack] heat + docker
 
Dockerizing WordPress
Dockerizing WordPressDockerizing WordPress
Dockerizing WordPress
 
Building images from dockerfiles
Building images from dockerfilesBuilding images from dockerfiles
Building images from dockerfiles
 
Docker at DevTable
Docker at DevTableDocker at DevTable
Docker at DevTable
 
Docker presentation | Paris Docker Meetup
Docker presentation | Paris Docker MeetupDocker presentation | Paris Docker Meetup
Docker presentation | Paris Docker Meetup
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
 
Installing and running Postfix within a docker container from the command line
Installing and running Postfix within a docker container from the command lineInstalling and running Postfix within a docker container from the command line
Installing and running Postfix within a docker container from the command line
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
 

Recently uploaded

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

Docker in pratice -chenyifei

  • 1. Lightweight virtualization -- docker in practice • Baidu BAE team -- Chen YiFei • 2013-10.25 2013/12/5
  • 2. Outline • 1. Lightweight virtualization • What is Lightweight virtualization? • What technology is behind Lightweight virtualization? • 2. BAE and docker • What is docker? • Why does BAE choose docker? • How does BAE use docker? • 3. Docker developments and forecast
  • 3. What is Lightweight virtualization technology • From Linux-process perspective • What are the surrounding environments and resources involved when the processes are running? • • • • • Linux Kernel File System Network System PID, UID, IPC and other resources memory, disk, CPU and other resources • Each process sees the same surroundings • All processes share these same resources 2013/12/5
  • 4. What is Lightweight virtualization technology • With development in technology, new requirements are formed: •Resource isolation: different processes need their own independent surroundings •Resource constrains: some processes can only have limited resources a group of processes • Ability to isolate and set limitations to them 2013/12/5
  • 5. What is Lightweight virtualization technology • Requirements are summarized as follows: • for a group of processs • Allocate separate operating environment • File System • Network System • PID, UID, UTS, mount, IPC namespace • Able to limit resources they can use • Memory • CPU • Network Traffic • Disk Space • Disk read and write frequency • It would ideal if interference between process groups can be eliminated
  • 6. What is Lightweight virtualization technology • Lightweight virtualization is the technology used to fulfill these requirements • The process groups that meet the above restrictions are called "lightweight virtual machine" or Container • Process Container concept was first introduced by Google engineers in 2006 • http://lwn.net/Articles/199643/ • http://lwn.net/Articles/236038/ • wikipedia definition • http://en.wikipedia.org/wiki/Operating_systemlevel_virtualization 2013/12/5
  • 7. What is Lightweight virtualization technology • Demonstration 2013/12/5
  • 8. Lightweight virtualization --technologies and projects • Underlying technology: • • • • namespace/cgroups veth union fs(AUFS) netfilter/chroot/tc/quota • Low-level container management • LXC/libvirt • Security related • grsec/apparmor/SELinux • High-level container/image management • docker/warden/lmctfy/openVZ
  • 9. Lightweight virtualization -- technologies and projects cloudfoundry/heroku/dotcloud/appfog/openshift docker warden LXC lmctfy openvz libvirt namespace/cgroups/netfilter/tc/veth/quota/union fs grsec apparmor SELinx
  • 10. BAE and docker --what is docker • A complete solution for Lightweight virtual machine. • Open source project developed by dotCloud • https://www.docker.io/ • https://github.com/dotcloud/docker • Introduced about 6 months ago, ranked first in language activity by Github GO language
  • 11. BAE and docker --what is docker • Based on LXC tools , but easier to use • AUFS: speedy creation of container, cool image management. • Client-Server Architecture • REST API: Clear interface • Command-line tool: easy to use
  • 12. BAE and docker --what is BAE • http://developer.baidu.com • Baidu PAAS platform for developers 2013/12/5
  • 13. BAE and docker --why does BAE choose docker • The dilemma of traditional PAAS • GAE is the instigator • Resource isolation and resource constraints are achieved through sandbox technology • High cost of platform development and maintenance • Many limitations, and high cost of learning • High cost of application migration and development • Developers complain much
  • 14. BAE and docker --why does BAE choose docker • PAAS based on sandbox techology Machine php-fpm process with sandbox app-A app-B app-C
  • 15. BAE and docker --why does BAE choose docker • Container technology brought the light: • Get rid of the sandbox; through Container technology, resource is isolated and limited in the outer layer • No language level restrictions, significantly reduce development costs • Supporting new programming language made extremely simple • cost of platform development and maintenance is significantly lowered • Industry trends: Emerging PAAS platform have chosen Container • Cloudfoudry/openshift/heroku/dotcloud/appfog
  • 16. BAE and docker --why does BAE choose docker • PAAS based on container technology Machine Container Container php-fpm php-fpm app-B app-A Container php-fpm app-C
  • 17. BAE and docker --why does BAE choose docker • BAE2.0 platform is a sandbox-based PAAS • We are deeply troubled by the sandbox • Noting Container technology, began preliminary research and exploration
  • 18. BAE and docker -- technology option one: to develop by ourself • Internal virtual machine team gave the following solution: • openstack + libvirt • Functionally, it meets the basic needs • Problems: • the most important requirements are not addressed: • Need frequent creation and deletion of Container • Need to create and delete container within a few seconds • Actually creation of the Container takes more than 15 seconds (not acceptable) • Openstack superfluous • Not enough confidence in the quality of the code • Lack of follow-up technical support
  • 19. BAE and docker -- technology option two: warden • The warden from cloudfoundry • warden is a more complete solution • However: • not familiar with Ruby • deang tightly coupled with warden • Not active enough in the technical community
  • 20. BAE and docker -- get to know docker • By chance, talked to docker evangelist Jerome Petazzoni • Assessment for docker • Functionally, it meets the main needs • Intrepid: Virtual machine can be quickly created and deleted • Intrepid: incremental image management capabilities • Code easier to read; has confidence to solve problem • tech community are very active and all view it with good future
  • 21. BAE and docker -- docker in practice • Docker's resource isolation meet the basic needs • the main development work: • better resource limitation • More comprehensive security restrictions • for the public PAAS platform, security is the most important. 2013/12/5
  • 22. BAE and docker -- docker in practice • Better resource limitation: • memory • CPU • Disk space • quota • Disk read and write • blkio • Network bandwidth • tc • setrlimit
  • 23. BAE and docker -- docker in practice • More comprehensive security restrictions • grsec: most important • apparmor: • LXC tools: • lxc.drop_capabilities • Lxc.device.deny • strict iptables rules • account managment • random root password • deny root login • scanning for suspicious running processes
  • 24. BAE and docker -- docker in practice • using docker private image registry to take care of image management problem
  • 25. BAE and docker -- docker in practice • the problem we meet and solved: • containers can't work after docker server restart • our patch has been accepted • unstable during pressure test: • create iptable rule may fail • container can't be stopped or deleted sometimes • too many threads created by docker server
  • 26. the development of docker -- ecosystem thriving • • • • CoreOS Yandex – Cocaine Flynn - https :/ / flynn.io / The latest version of OpenStack Havana has the native support for docker • ...
  • 27. the development of docker -- the cooperation with Redhat • Docker’s key step: • take full advantage of the powerful network management capabilities of libvirt • Use the device-mapper technology to remove the dependence on AUFS • Use SELinux to resolve security issues • will be able to run on Red Hat's Linux distributions • Openshift integrated support for docker
  • 28. the development of docker -- the main problem to be solved • Security • user namespace is used to solve root privilege problem • using SELinux for security • Support more Linux distributions • With AUFS constraints, currently only supports ubuntu • Support more architectures • Currently only supports x86-64
  • 29. docker forecast • Will become the leader in this field • Cloudfoundry, openshift will support docker • open source PAAS project based on docker will be born, and be developed with Go language • A growing number of emerging open source project will commence on docker
  • 31. Reference • http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloudpart • http://blog.dotcloud.com/kernel-secrets-from-the-paasgarage-part-24-c • http://www.nsnam.org/wiki/index.php/HOWTO_Use_Linux _Containers_to_set_up_virtual_networks • http://openvz.org/Main_Page • http://aufs.sourceforge.net/ • http://blog.docker.io/2013/08/containers-docker-howsecure-are-they/