7. CONTAINERS
• chroot
Sandboxing (chroot jails)
• Linux containers (LXC)
chroot + OS isolation
• Docker
LXC + packaging
What? You're Not Using Docker?
8. CONTAINERS
What? You're Not Using Docker?
Mechani
sm
Operating system License
Availabl
e
since/be
tween
Features
File
system
isolatio
n
Copy on
Write
Disk
quotas
I/O rate
limiting
Memory
limits
CPU
quotas
Network
isolatio
n
Partition
checkpo
inting
and live
migratio
n
Root
privileg
e
isolatio
n
chroot
most UNIX-like
operating systems
varies by
operating
system
1982 Partial No No No No No No No No
LXC Linux GNU GPLv2 2014 Yes
Partial. Yes
withBtrfs.
Partial. Yes
withLVM or
Disk quota.
Yes Yes Yes Yes No Ye [9
Docker
Linux (using LXC),
Windows/OS X (using
LXC inside a lightweight
Linux image)
Apache
License 2.0
2013 Yes Yes Not directly Not directly Yes Yes Yes No No
Drawn from http://wki.pe/Operating_system%E2%80%93level_virtualization
Commercial alternative
Parallels
Virtuozzo
Containers
Linux, Windows Proprietary 2001 Yes Yes Yes Yes Yes Yes Yes Yes Yes
9. WHAT YOU CAN DO
• Continuous Integration
• Continuous Delivery
• Distributed Applications
• Easy Application Deployment
• Platform-as-a-Service (PaaS)
What? You're Not Using Docker?
10. DOCKER COMMANDS
$ docker
Usage: docker [OPTIONS] COMMAND [arg...]
-H=[unix:///var/run/docker.sock]: tcp://host:port to bind/connect to or unix://path/to/socket to use
A self-sufficient runtime for linux containers.
What? You're Not Using Docker?
Commands:
attach Attach to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders from a container's filesystem to the host path
diff Inspect changes on a container's filesystem
events Get real time events from the server
export Stream the contents of a container as a tar archive
history Show the history of an image
images List images
import Create a new filesystem image from the contents of a tarball
info Display system-wide information
inspect Return low-level information on a container
kill Kill a running container
load Load an image from a tar archive
login Register or log in to a Docker registry server
logout Log out from a Docker registry server
logs Fetch the logs of a container
port Lookup the public-facing port that is NAT-ed to PRIVATE_PORT
pause Pause all processes within a container
ps List containers
pull Pull an image or a repository from a Docker registry server
push Push an image or a repository to a Docker registry server
restart Restart a running container
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save an image to a tar archive
search Search for an image on the Docker Hub
start Start a stopped container
stop Stop a running container
tag Tag an image into a repository
top Lookup the running processes of a container
unpause Unpause a paused container
version Show the Docker version information
wait Block until a container stops, then print its exit code
11. DOCKER JARGON
• Docker an open platform for developers and sysadmins to build, ship, and run
distributed applications anywhere. It uses the same binary for daemons and clients
• Docker Hub a registry of Docker images
• Dockerfile A simple script listing the commands to build a Docker image. Invoked with
What? You're Not Using Docker?
docker build
• Daemon options Environment options including networking, storage, and exec
through the libcontainer execution driver
• boot2docker A minimal Virtualbox to run docker on OS X