Shipping Applications to Production in Containers with Docker

Jérôme Petazzoni
Docker in production
Jérôme Petazzoni Docker Inc.
@jpetazzo @docker
Jérôme Petazzoni (@jpetazzo)
Grumpy French DevOps
- Go away or I will replace you with a very small shell script
Wrote dotCloud PAAS deployment tools
- EC2, LXC, Puppet, Python, Shell, ØMQ...
Docker contributor
- Security, networking...
Runs all kinds of crazy things in Docker
- Docker-in-Docker, VPN-in-Docker,
KVM-in-Docker, Xorg-in-Docker...
Outline
Quick recap on Docker and its 1.0 release
“Solved” problems: install, build, distribute
Service discovery & general plumbing
Orchestration (running many containers)
Performance (measuring it & improving it)
Configuration management
Sysadmin chores: logging, backups, remote access
One-slide elevator pitch about Docker
Docker is an Open Source engine for containers
- build, ship, run your applications within containers (=lightweight VMs)
Docker enables separation of concerns
- devs put their apps in containers
- ops run the containers
It's (probably) one of the most active FOSS projects today
- more than 500 contributors in the last year
- includes major contributions from e.g. Google, Red Hat...
Docker 1.0 1.1 1.1.1 is here!
Docker 1.0 released last month for DockerCon
Random pick of recent features:
- pause/unpause (helps to get consistent commit/snapshot)
- SELinux (for, you know, security)
- network superpowers with docker run --net …
More importantly: it's stamped “production-ready”
- you can buy support contracts, training...
(in addition to the traditional t-shirts and stickers )☺
Installation
On your dev machine: boot2docker
- tiny VM (25 MB), works with all virtualization types
- wrapper script (OS X only) to run docker CLI locally
- future improvements: shared volumes with docker run -v …
On your servers: which distro?
- use something recent (Ubuntu 14.04 LTS, RHEL 7, Fedora 20...)
- special distros: CoreOS, Project Atomic — new but promising
Build with Dockerfiles
FROM ubuntu:14.04
MAINTAINER Docker Education Team <education@docker.com>
RUN apt-get update
RUN apt-get install -y nginx
RUN echo 'Hi, I am in your container' 
>/usr/share/nginx/html/index.html
CMD [ "nginx", "-g", "daemon off;" ]
EXPOSE 80
Build with Dockerfiles
Great for most purposes
- caching system allows full rebuilds that are still fast
Drawbacks (a.k.a. work in progress)
- separate build/run environments
(don't ship that 5 GB build image if you just need the 10 MB artifact)
- entitlement, credentials, and other secrets
(what if the build process needs to access a private repository?)
Workarounds
- use two Dockerfiles; keep Dockerfiles and images private
Distribute and ship images
Docker Hub
- docker push, docker pull: it's magic!
- public and private images
- no on prem version yet; but it's one of the most requested features
Run your own registry
- docker run registry # “docker run -P” to expose it to LAN
- defaults to local storage
- can use cloud object storage (Swift, GCE, S3, Elliptics...)
Distribute and ship images
Hack around docker load/save
- load/save works with plain tarballs
- put them wherever you want them
- https://github.com/blake-education/dogestry (much image, such docker, wow)
Work in progress: pluggable transports
- many things are damn good at moving diffs (git, rsync...)
- can we borrow something from them?
Service discovery
There's more than one way to do it
- inject everything we need through environment
docker run -e DB_HOST=… -e DB_PORT=… -e …
- bind-mount a configuration file into the container
docker run -v /etc/docker/config/myapp.yaml:/config.yaml …
- resolve everything we need through a highly-available key-value store
(zookeeper, etcd, consul...)
- resolve everything we need through DNS
(consul, skydns, skydock, dnsmasq...)
How do they compare?
Let's grade those
different methods!
But first, let's look at
links
Docker links
docker run -d --name frontdb mysqlimage
docker run -d --link frontdb:sql webimage
DNS entries are created in containers
Environment variables are injected in 2nd
container
SQL_PORT=tcp://172.17.0.10:5432
SQL_PORT_5432_TCP=tcp://172.17.0.10:5432
SQL_PORT_5432_TCP_ADDR=172.17.0.10
SQL_PORT_5432_TCP_PORT=5432
SQL_PORT_5432_TCP_PROTO=tcp
Doesn't work across multiple Docker hosts
Service discovery:
environment variables
Easy to integrate in your code
- is there any language that does not support environment variables?
Easy to setup
- start services, lookup ports, inject variables
Even easier with links
- fully automatic if using only one host
Static
- if a service moves, cannot update environment variables
Environment
variables:
B
Service discovery:
bind-mount configuration file
Easy to integrate in your code
- again, is there a language without a decent JSON/YAML parser?
Easy to setup
- just like environment variables, but generate a file
Kind of dynamic
- it's possible to update the configuration files while services run
But not really
- services have to detect the change and reload the file
Bind-mount
configuration file:
B
Service discovery:
key-value store
Harder to integrate in your code
- HTTP requests instead of getenv are not too hard, but still
Harder to setup
- must setup the key-value store; on multiple nodes
Kind of dynamic
- most of those key-value stores support “watch” operation
But not really
- services still have to detect the change and reload the file
Key-value
stores:
D
Service discovery:
DNS
Easy to integrate in your code
- in most cases, no integration is needed at all, works out of the box
Harder to setup*
- must setup a DNS system that you can easily update
Dynamic
- you can update DNS zones, no problem
No “push”, but...
- services won't detect a change, but if something wrong happens
(and results into a disconnection) they might re-resolve and retry
*Except on a single host, if you use links, since they automatically create DNS entries.
DNS:
B
Are we doomed?
Links, take two
The ambassador pattern
host 1 (database)
docker run -d -name frontdb mysqlimage
docker run -d -link frontdb:sql wiring
host 2 (web tier)
docker run -d -name frontdb wiring
docker run -d -link frontdb:sql nginximage
database host web host
database container
I'm frontdb!
web container
I want to talk to frontdb!
wiring container
I actually talk to frontdb!
wiring container
I pretend I'm frontdb!
docker
link
docker
link
?
database host web host
database container
I'm frontdb!
web container
I want to talk to frontdb!
wiring container
I actually talk to frontdb!
wiring container
I pretend I'm frontdb!
docker
link
docker
link
?
Shipping Applications to Production in Containers with Docker
database host web host
database container
I'm frontdb!
web container
I want to talk to frontdb!
wiring container
I actually talk to frontdb!
wiring container
I pretend I'm frontdb!
docker
link
docker
link
UNICORNS
“...Unicorns?”
Work in progress, but you can look at:
- Docksul
https://github.com/progrium/docksul
- Grand Ambassador
https://github.com/cpuguy83/docker-grand-ambassador
Or roll your own
- use some highly-available key-value store (yup, they're back too!)
- HAProxy, stunnel, iptables...
Service discovery:
links with ambassadors
Easy to integrate in your code
- it's still environment variables
Easy to setup in dev, harder in production
- use normal links in dev; get the big guns out only in prod
Dynamic
- the ambassadors can reroute traffic if necessary
Ambassadors:
A
But warning:
construction area
(They're still work in progress)
Orchestration
There's more than one way to do it (again!)
- describe your stack in files (Fig, Maestro-NG, Ansible and other CMs)
- submit requests through an API (Mesos)
- implement something that looks like a PAAS (Flynn, Deis, OpenShift)
- the “new wave” (Kubernetes, Centurion, Helios...)
- OpenStack (because OpenStack can do everything!)
Introducing the
Docker orchestration
flowchart
Do you (want to) use OpenStack?
Yes
- if you are building a PAAS, keep an eye on Solum
(and consider contributing)
- if you are moving VM workloads to containers, use Nova
(that's probably what you already have; just enable the Docker driver)
- otherwise, use Heat
(and use Docker resources in your Heat templates)
No
- go to next slide
Are you looking for a PAAS?
Yes
- CloudFoundry (Ruby, but increasing % Go)
- Deis (Python, Docker-ish, runs on top of CoreOS)
- Dokku (A few 100s of line of Bash!)
- Flynn (Go, bleeding edge)
- OpenShift geard (Go)
Choose wisely (or go to the next slide)
- http://blog.lusis.org/blog/2014/06/14/paas-for-realists/
“I don’t think ANY of the current private PaaS solutions are a fit right now.”
How many Docker hosts do you have?
Only one per app or environment
- Fig
A few (up to ~10)
- Maestro-NG
- your favorite CM (e.g. Ansible has a nice Docker module)
A lot
- Mesos
- have a look at (and contribute to) the “new wave”
(Centurion, Helios, Kubernetes...)
Work in progress: libswarm
Run <something> that...
- exposes the Docker API
- talks to real Docker hosts
- spins Docker hosts up and down as needed
- takes care of scheduling, plumbing, scaling...
Use your normal client to talk to that <something>
- it looks like a Docker host
- but it's an elastic, scalable, dynamic, magic Docker host
https://github.com/docker/libswarm
Performance: measure things
cgroups give us per-container...
- CPU usage
- memory usage (fine-grained: cache and resident set size)
- I/O usage (per device, reads vs writes, in bytes and in ops)
cgroups don't give us...
- network metrics (have to do tricks with network namespaces)
https://github.com/google/cadvisor
http://jpetazzo.github.io/2013/10/08/docker-containers-metrics/
Performance: tweak things
There isn't much to tweak!
- CPU: native
- I/O: native on volumes
(make sure that your data set etc. is on volumes)
- memory: no overhead if you disable memory accounting
(userful for HPC; probably not for everything else)
- network: no overhead if you run with “--net host”
(useful for >1 Gb/s workloads)
(or if you have a high packet rate; e.g. VOIP, gaming...)
Configuration management
There is more than one way do to it (surprise!)
If you don't use a CM system yet, you don't have to
- If you're familiar with a CM system, you can use it to encode small-
scale deployments (up to, say, 10 nodes)
Using CM to manage Docker hosts makes sense
But Dockerfiles will be great for apps themselves
If you really want to keep using your recipes,
here's how to integrate!
Configuration management,
if you want to mix VMs and containers
Author a single generic Docker image with your
favorite CM, “locked and loaded”
When creating a container from that image, you give
it its identity (certificate/node name/...)
When the container starts, it contacts the server,
which gives it its configuration (manifests, cookbooks...)
After a moment, it will converge to desired state
Downside: slow to converge; not 100% reliable
Configuration management,
if you want to mix VMs and containers
Author a single generic Docker image with your
favorite CM, “locked and loaded”
When creating a container from that image, you give
it its identity (certificate/node name/...)
When the container starts, it contacts the server,
which gives it its configuration (manifests, cookbooks...)
After a moment, it will converge to desired state
Downside: slow to converge; not 100% reliable
NOT RECOMMENDED
Configuration management,
the “immutable infrastructure” way
Author a single generic Docker image with your
favorite CM, to be used as a base for other images
Author other Docker images:
FROM me/my_base_puppet_image
ADD manifests/ /etc/puppet/manifests
RUN puppet apply --certname db1138.dystopia.io
Once the image is baked, you don't have to fry it
(i.e. it's ready to run without extra steps)
Downside: build new image to make a change
(can be seen as an advantage)
Configuration management,
the “immutable infrastructure” way
Author a single generic Docker image with your
favorite CM, to be used as a base for other images
Author other Docker images:
FROM me/my_base_puppet_image
ADD manifests/ /etc/puppet/manifests
RUN puppet apply --certname db1138.dystopia.io
Once the image is baked, you don't have to fry it
(i.e. it's ready to run without extra steps)
Downside: build new image to make a change
(can be seen as an advantage)
SLIGHTLY BETTER
(BUT STILL KIND OF MEH)
Sysadmin chores
Backups
Logging
Remote access
We all know that those are just a small sample of the many boring,
necessary evil deeds that sysadmins must commit once in a while.
File-level backups
Use volumes
docker run --name mysqldata -v /var/lib/mysql busybox true
docker run --name mysql --volumes-from mysqldata mysql
docker run --rm --volumes-from mysqldata mysqlbackup 
tar -cJf- /var/lib/mysql | stream-it-to-the-cloud.py
Of course, you can use anything fancier than tar
(e.g. rsync, tarsnap...)
Data-level backups
Use links
docker run --name mysql mysql
docker run --rm --link mysql:db mysqlbackup 
mysqldump --all-databases | stream-it-to-the-cloud.py
Can be combined with volumes
- put the SQL dump on a volume
- then backup that volume with file-level tools (previous slide)
Logging for legacy apps
Legacy = let me write to eleventy jillion arbitrary files
in /var/lib/tomcat/logs!
Solution: volumes
docker run --name logs -v /var/lib/tomcat/logs busybox true
docker run --name tomcat --volumes-from logs my_tomcat_image
- Inspect logs:
docker run --rm --volumes-from logs ubuntu bash
- Ship logs to something else:
docker run --name logshipper --volumes-from logs sawmill
Logging for dockerized apps
Dockerized = I only write to stdout
Solution: Docker CLI/API
docker run --name tomcat dockerized_tomcat
docker logs tomcat
docker run -v /var/run/docker.sock:/var/run/docker.sock 
logshipper docker logs tomcat | pipestash ...
Caveat: logs are not rotated (but PR is on the way)
Remote access
If you own the host: SSH to host + nsenter
https://github.com/jpetazzo/nsenter
If you don't own the host: SSH in the container
https://github.com/phusion/baseimage-docker
More on that topic (“do I need SSHD in containers?”):
http://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/
In the future:
- run separate SSH container
- log into that
- “hop” onto the target container
Docker
in production
Containers, containers everywhere!
Not an actual book (yet)
Thank you!
Questions?
http://www.docker.com/
@docker
@jpetazzo
Come talk about Docker tomorrow:
- 10:40am: office hours (expo hall table A)
- evening: meet-up at New Relic
1 of 53

Recommended

Docker by Example - Basics by
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics Ganesh Samarthyam
20.1K views160 slides
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12 by
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12dotCloud
4.9K views36 slides
Docker - The Linux Container by
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux ContainerBalaji Rajan
13.5K views21 slides
Introduction To Docker by
Introduction To DockerIntroduction To Docker
Introduction To DockerHamilton Turner
11.8K views43 slides
Docker from A to Z, including Swarm and OCCS by
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSFrank Munz
1.5K views88 slides
Docker and Containers for Development and Deployment — SCALE12X by
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
25.5K views82 slides

More Related Content

What's hot

Architecting .NET Applications for Docker and Container Based Deployments by
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsBen Hall
14.4K views101 slides
Docker Introductory workshop by
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshopRuncy Oommen
537 views104 slides
Introduction to docker by
Introduction to dockerIntroduction to docker
Introduction to dockerJohn Willis
3.2K views55 slides
Docker 101: An Introduction by
Docker 101: An IntroductionDocker 101: An Introduction
Docker 101: An IntroductionPOSSCON
930 views56 slides
Introduction to Docker and all things containers, Docker Meetup at RelateIQ by
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
2.2K views52 slides
Introduction To Docker by
Introduction To  DockerIntroduction To  Docker
Introduction To DockerDr. Syed Hassan Amin
578 views30 slides

What's hot(20)

Architecting .NET Applications for Docker and Container Based Deployments by Ben Hall
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based Deployments
Ben Hall14.4K views
Docker Introductory workshop by Runcy Oommen
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
Runcy Oommen537 views
Introduction to docker by John Willis
Introduction to dockerIntroduction to docker
Introduction to docker
John Willis3.2K views
Docker 101: An Introduction by POSSCON
Docker 101: An IntroductionDocker 101: An Introduction
Docker 101: An Introduction
POSSCON930 views
Introduction to Docker and all things containers, Docker Meetup at RelateIQ by dotCloud
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
dotCloud2.2K views
Introduction to Docker by Luong Vo
Introduction to DockerIntroduction to Docker
Introduction to Docker
Luong Vo418 views
OpenStack - Docker - Rackspace HQ by dotCloud
OpenStack - Docker - Rackspace HQOpenStack - Docker - Rackspace HQ
OpenStack - Docker - Rackspace HQ
dotCloud10.3K views
Docker Introduction by Peng Xiao
Docker IntroductionDocker Introduction
Docker Introduction
Peng Xiao1.6K views
Visualising Basic Concepts of Docker by vishnu rao
Visualising Basic Concepts of Docker Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker
vishnu rao1.1K views
Docker introduction by Phuc Nguyen
Docker introductionDocker introduction
Docker introduction
Phuc Nguyen1.3K views
Docker for the new Era: Introducing Docker,its components and tools by Ramit Surana
Docker for the new Era: Introducing Docker,its components and toolsDocker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and tools
Ramit Surana1.7K views
Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire by dotCloud
Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire
Introduction to dockerfile, SF Peninsula Software Development Meetup @Guidewire
dotCloud2.8K views
Docker and the Linux Kernel by Docker, Inc.
Docker and the Linux KernelDocker and the Linux Kernel
Docker and the Linux Kernel
Docker, Inc.16.7K views
Docker intro by Oleg Z
Docker introDocker intro
Docker intro
Oleg Z490 views
Docker worshop @Twitter - How to use your own private registry by dotCloud
Docker worshop @Twitter - How to use your own private registryDocker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registry
dotCloud7.4K views

Similar to Shipping Applications to Production in Containers with Docker

Docker Online Meetup #3: Docker in Production by
Docker Online Meetup #3: Docker in ProductionDocker Online Meetup #3: Docker in Production
Docker Online Meetup #3: Docker in ProductionDocker, Inc.
2K views52 slides
Sheep it by
Sheep itSheep it
Sheep itlxfontes
1.2K views47 slides
Introduction to Docker at the Azure Meet-up in New York by
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkJérôme Petazzoni
3.9K views72 slides
Containers, Docker, and Microservices: the Terrific Trio by
Containers, Docker, and Microservices: the Terrific TrioContainers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific TrioJérôme Petazzoni
17.7K views61 slides
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration by
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, OrchestrationThe Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, OrchestrationErica Windisch
2.3K views119 slides
Agile Brown Bag - Vagrant & Docker: Introduction by
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Partner S.A.
1.2K views50 slides

Similar to Shipping Applications to Production in Containers with Docker(20)

Docker Online Meetup #3: Docker in Production by Docker, Inc.
Docker Online Meetup #3: Docker in ProductionDocker Online Meetup #3: Docker in Production
Docker Online Meetup #3: Docker in Production
Docker, Inc.2K views
Sheep it by lxfontes
Sheep itSheep it
Sheep it
lxfontes1.2K views
Introduction to Docker at the Azure Meet-up in New York by Jérôme Petazzoni
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New York
Jérôme Petazzoni3.9K views
Containers, Docker, and Microservices: the Terrific Trio by Jérôme Petazzoni
Containers, Docker, and Microservices: the Terrific TrioContainers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific Trio
Jérôme Petazzoni17.7K views
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration by Erica Windisch
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, OrchestrationThe Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
Erica Windisch2.3K views
Agile Brown Bag - Vagrant & Docker: Introduction by Agile Partner S.A.
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Partner S.A.1.2K views
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic... by Codemotion
Why everyone is excited about Docker (and you should too...) -  Carlo Bonamic...Why everyone is excited about Docker (and you should too...) -  Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Codemotion765 views
Docker 0.11 at MaxCDN meetup in Los Angeles by Jérôme Petazzoni
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
Jérôme Petazzoni6.1K views
Introduction to Docker and deployment and Azure by Jérôme Petazzoni
Introduction to Docker and deployment and AzureIntroduction to Docker and deployment and Azure
Introduction to Docker and deployment and Azure
Jérôme Petazzoni2.1K views
Docker Tips And Tricks at the Docker Beijing Meetup by Jérôme Petazzoni
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing Meetup
Jérôme Petazzoni34.4K views
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of... by Jérôme Petazzoni
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Jérôme Petazzoni5.3K views
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn by PROIDEA
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik DornJDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
PROIDEA698 views
Linux containers & Devops by Maciej Lasyk
Linux containers & DevopsLinux containers & Devops
Linux containers & Devops
Maciej Lasyk11.9K views
Accelerate your development with Docker by Andrey Hristov
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
Andrey Hristov320 views
Accelerate your software development with Docker by Andrey Hristov
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
Andrey Hristov364 views

More from Jérôme Petazzoni

Use the Source or Join the Dark Side: differences between Docker Community an... by
Use the Source or Join the Dark Side: differences between Docker Community an...Use the Source or Join the Dark Side: differences between Docker Community an...
Use the Source or Join the Dark Side: differences between Docker Community an...Jérôme Petazzoni
3.1K views38 slides
Orchestration for the rest of us by
Orchestration for the rest of usOrchestration for the rest of us
Orchestration for the rest of usJérôme Petazzoni
1.9K views52 slides
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu... by
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
20.4K views56 slides
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ... by
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...Jérôme Petazzoni
5.2K views46 slides
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu... by
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Jérôme Petazzoni
10.9K views49 slides
Containers, docker, and security: state of the union (Bay Area Infracoders Me... by
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Jérôme Petazzoni
7K views43 slides

More from Jérôme Petazzoni(20)

Use the Source or Join the Dark Side: differences between Docker Community an... by Jérôme Petazzoni
Use the Source or Join the Dark Side: differences between Docker Community an...Use the Source or Join the Dark Side: differences between Docker Community an...
Use the Source or Join the Dark Side: differences between Docker Community an...
Jérôme Petazzoni3.1K views
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu... by Jérôme Petazzoni
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Jérôme Petazzoni20.4K views
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ... by Jérôme Petazzoni
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Docker : quels enjeux pour le stockage et réseau ? Paris Open Source Summit ...
Jérôme Petazzoni5.2K views
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu... by Jérôme Petazzoni
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Jérôme Petazzoni10.9K views
Containers, docker, and security: state of the union (Bay Area Infracoders Me... by Jérôme Petazzoni
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...
From development environments to production deployments with Docker, Compose,... by Jérôme Petazzoni
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
Jérôme Petazzoni33K views
How to contribute to large open source projects like Docker (LinuxCon 2015) by Jérôme Petazzoni
How to contribute to large open source projects like Docker (LinuxCon 2015)How to contribute to large open source projects like Docker (LinuxCon 2015)
How to contribute to large open source projects like Docker (LinuxCon 2015)
Jérôme Petazzoni8.9K views
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC... by Jérôme Petazzoni
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...
Jérôme Petazzoni7.4K views
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon by Jérôme Petazzoni
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConAnatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Jérôme Petazzoni96.9K views
Microservices. Microservices everywhere! (At OSCON 2015) by Jérôme Petazzoni
Microservices. Microservices everywhere! (At OSCON 2015)Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)
Jérôme Petazzoni8.1K views
Deploy microservices in containers with Docker and friends - KCDC2015 by Jérôme Petazzoni
Deploy microservices in containers with Docker and friends - KCDC2015Deploy microservices in containers with Docker and friends - KCDC2015
Deploy microservices in containers with Docker and friends - KCDC2015
Jérôme Petazzoni8.9K views
Containers: from development to production at DevNation 2015 by Jérôme Petazzoni
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015
Jérôme Petazzoni6.4K views
Immutable infrastructure with Docker and containers (GlueCon 2015) by Jérôme Petazzoni
Immutable infrastructure with Docker and containers (GlueCon 2015)Immutable infrastructure with Docker and containers (GlueCon 2015)
Immutable infrastructure with Docker and containers (GlueCon 2015)
Jérôme Petazzoni20.2K views
The Docker ecosystem and the future of application deployment by Jérôme Petazzoni
The Docker ecosystem and the future of application deploymentThe Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deployment
Jérôme Petazzoni2.9K views
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition by Jérôme Petazzoni
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Jérôme Petazzoni6.5K views
Introduction to Docker, December 2014 "Tour de France" Edition by Jérôme Petazzoni
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
Jérôme Petazzoni3.8K views
Containerization is more than the new Virtualization: enabling separation of ... by Jérôme Petazzoni
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...

Recently uploaded

Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool by
Extending KVM Host HA for Non-NFS Storage -  Alex Ivanov - StorPoolExtending KVM Host HA for Non-NFS Storage -  Alex Ivanov - StorPool
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPoolShapeBlue
123 views10 slides
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsShapeBlue
238 views13 slides
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T by
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TShapeBlue
152 views34 slides
Initiating and Advancing Your Strategic GIS Governance Strategy by
Initiating and Advancing Your Strategic GIS Governance StrategyInitiating and Advancing Your Strategic GIS Governance Strategy
Initiating and Advancing Your Strategic GIS Governance StrategySafe Software
176 views68 slides
Qualifying SaaS, IaaS.pptx by
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxSachin Bhandari
1K views8 slides
NTGapps NTG LowCode Platform by
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform Mustafa Kuğu
423 views30 slides

Recently uploaded(20)

Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool by ShapeBlue
Extending KVM Host HA for Non-NFS Storage -  Alex Ivanov - StorPoolExtending KVM Host HA for Non-NFS Storage -  Alex Ivanov - StorPool
Extending KVM Host HA for Non-NFS Storage - Alex Ivanov - StorPool
ShapeBlue123 views
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by ShapeBlue
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
ShapeBlue238 views
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T by ShapeBlue
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
ShapeBlue152 views
Initiating and Advancing Your Strategic GIS Governance Strategy by Safe Software
Initiating and Advancing Your Strategic GIS Governance StrategyInitiating and Advancing Your Strategic GIS Governance Strategy
Initiating and Advancing Your Strategic GIS Governance Strategy
Safe Software176 views
NTGapps NTG LowCode Platform by Mustafa Kuğu
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform
Mustafa Kuğu423 views
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue by ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue263 views
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava... by ShapeBlue
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...
ShapeBlue145 views
The Power of Heat Decarbonisation Plans in the Built Environment by IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE79 views
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue by ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlueCloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
CloudStack Managed User Data and Demo - Harikrishna Patnala - ShapeBlue
ShapeBlue135 views
"Surviving highload with Node.js", Andrii Shumada by Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays56 views
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online by ShapeBlue
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
ShapeBlue221 views
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by ShapeBlue
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
ShapeBlue206 views
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by ShapeBlue
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue159 views
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue by ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue203 views
Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 -  Week 4 Session 8Business Analyst Series 2023 -  Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray10123 views
State of the Union - Rohit Yadav - Apache CloudStack by ShapeBlue
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
ShapeBlue297 views
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue by ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlueCloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
CloudStack Object Storage - An Introduction - Vladimir Petrov - ShapeBlue
ShapeBlue138 views

Shipping Applications to Production in Containers with Docker

  • 1. Docker in production Jérôme Petazzoni Docker Inc. @jpetazzo @docker
  • 2. Jérôme Petazzoni (@jpetazzo) Grumpy French DevOps - Go away or I will replace you with a very small shell script Wrote dotCloud PAAS deployment tools - EC2, LXC, Puppet, Python, Shell, ØMQ... Docker contributor - Security, networking... Runs all kinds of crazy things in Docker - Docker-in-Docker, VPN-in-Docker, KVM-in-Docker, Xorg-in-Docker...
  • 3. Outline Quick recap on Docker and its 1.0 release “Solved” problems: install, build, distribute Service discovery & general plumbing Orchestration (running many containers) Performance (measuring it & improving it) Configuration management Sysadmin chores: logging, backups, remote access
  • 4. One-slide elevator pitch about Docker Docker is an Open Source engine for containers - build, ship, run your applications within containers (=lightweight VMs) Docker enables separation of concerns - devs put their apps in containers - ops run the containers It's (probably) one of the most active FOSS projects today - more than 500 contributors in the last year - includes major contributions from e.g. Google, Red Hat...
  • 5. Docker 1.0 1.1 1.1.1 is here! Docker 1.0 released last month for DockerCon Random pick of recent features: - pause/unpause (helps to get consistent commit/snapshot) - SELinux (for, you know, security) - network superpowers with docker run --net … More importantly: it's stamped “production-ready” - you can buy support contracts, training... (in addition to the traditional t-shirts and stickers )☺
  • 6. Installation On your dev machine: boot2docker - tiny VM (25 MB), works with all virtualization types - wrapper script (OS X only) to run docker CLI locally - future improvements: shared volumes with docker run -v … On your servers: which distro? - use something recent (Ubuntu 14.04 LTS, RHEL 7, Fedora 20...) - special distros: CoreOS, Project Atomic — new but promising
  • 7. Build with Dockerfiles FROM ubuntu:14.04 MAINTAINER Docker Education Team <education@docker.com> RUN apt-get update RUN apt-get install -y nginx RUN echo 'Hi, I am in your container' >/usr/share/nginx/html/index.html CMD [ "nginx", "-g", "daemon off;" ] EXPOSE 80
  • 8. Build with Dockerfiles Great for most purposes - caching system allows full rebuilds that are still fast Drawbacks (a.k.a. work in progress) - separate build/run environments (don't ship that 5 GB build image if you just need the 10 MB artifact) - entitlement, credentials, and other secrets (what if the build process needs to access a private repository?) Workarounds - use two Dockerfiles; keep Dockerfiles and images private
  • 9. Distribute and ship images Docker Hub - docker push, docker pull: it's magic! - public and private images - no on prem version yet; but it's one of the most requested features Run your own registry - docker run registry # “docker run -P” to expose it to LAN - defaults to local storage - can use cloud object storage (Swift, GCE, S3, Elliptics...)
  • 10. Distribute and ship images Hack around docker load/save - load/save works with plain tarballs - put them wherever you want them - https://github.com/blake-education/dogestry (much image, such docker, wow) Work in progress: pluggable transports - many things are damn good at moving diffs (git, rsync...) - can we borrow something from them?
  • 11. Service discovery There's more than one way to do it - inject everything we need through environment docker run -e DB_HOST=… -e DB_PORT=… -e … - bind-mount a configuration file into the container docker run -v /etc/docker/config/myapp.yaml:/config.yaml … - resolve everything we need through a highly-available key-value store (zookeeper, etcd, consul...) - resolve everything we need through DNS (consul, skydns, skydock, dnsmasq...)
  • 12. How do they compare? Let's grade those different methods!
  • 13. But first, let's look at links
  • 14. Docker links docker run -d --name frontdb mysqlimage docker run -d --link frontdb:sql webimage DNS entries are created in containers Environment variables are injected in 2nd container SQL_PORT=tcp://172.17.0.10:5432 SQL_PORT_5432_TCP=tcp://172.17.0.10:5432 SQL_PORT_5432_TCP_ADDR=172.17.0.10 SQL_PORT_5432_TCP_PORT=5432 SQL_PORT_5432_TCP_PROTO=tcp Doesn't work across multiple Docker hosts
  • 15. Service discovery: environment variables Easy to integrate in your code - is there any language that does not support environment variables? Easy to setup - start services, lookup ports, inject variables Even easier with links - fully automatic if using only one host Static - if a service moves, cannot update environment variables
  • 17. Service discovery: bind-mount configuration file Easy to integrate in your code - again, is there a language without a decent JSON/YAML parser? Easy to setup - just like environment variables, but generate a file Kind of dynamic - it's possible to update the configuration files while services run But not really - services have to detect the change and reload the file
  • 19. Service discovery: key-value store Harder to integrate in your code - HTTP requests instead of getenv are not too hard, but still Harder to setup - must setup the key-value store; on multiple nodes Kind of dynamic - most of those key-value stores support “watch” operation But not really - services still have to detect the change and reload the file
  • 21. Service discovery: DNS Easy to integrate in your code - in most cases, no integration is needed at all, works out of the box Harder to setup* - must setup a DNS system that you can easily update Dynamic - you can update DNS zones, no problem No “push”, but... - services won't detect a change, but if something wrong happens (and results into a disconnection) they might re-resolve and retry *Except on a single host, if you use links, since they automatically create DNS entries.
  • 25. The ambassador pattern host 1 (database) docker run -d -name frontdb mysqlimage docker run -d -link frontdb:sql wiring host 2 (web tier) docker run -d -name frontdb wiring docker run -d -link frontdb:sql nginximage
  • 26. database host web host database container I'm frontdb! web container I want to talk to frontdb! wiring container I actually talk to frontdb! wiring container I pretend I'm frontdb! docker link docker link ?
  • 27. database host web host database container I'm frontdb! web container I want to talk to frontdb! wiring container I actually talk to frontdb! wiring container I pretend I'm frontdb! docker link docker link ?
  • 29. database host web host database container I'm frontdb! web container I want to talk to frontdb! wiring container I actually talk to frontdb! wiring container I pretend I'm frontdb! docker link docker link UNICORNS
  • 30. “...Unicorns?” Work in progress, but you can look at: - Docksul https://github.com/progrium/docksul - Grand Ambassador https://github.com/cpuguy83/docker-grand-ambassador Or roll your own - use some highly-available key-value store (yup, they're back too!) - HAProxy, stunnel, iptables...
  • 31. Service discovery: links with ambassadors Easy to integrate in your code - it's still environment variables Easy to setup in dev, harder in production - use normal links in dev; get the big guns out only in prod Dynamic - the ambassadors can reroute traffic if necessary
  • 33. But warning: construction area (They're still work in progress)
  • 34. Orchestration There's more than one way to do it (again!) - describe your stack in files (Fig, Maestro-NG, Ansible and other CMs) - submit requests through an API (Mesos) - implement something that looks like a PAAS (Flynn, Deis, OpenShift) - the “new wave” (Kubernetes, Centurion, Helios...) - OpenStack (because OpenStack can do everything!)
  • 36. Do you (want to) use OpenStack? Yes - if you are building a PAAS, keep an eye on Solum (and consider contributing) - if you are moving VM workloads to containers, use Nova (that's probably what you already have; just enable the Docker driver) - otherwise, use Heat (and use Docker resources in your Heat templates) No - go to next slide
  • 37. Are you looking for a PAAS? Yes - CloudFoundry (Ruby, but increasing % Go) - Deis (Python, Docker-ish, runs on top of CoreOS) - Dokku (A few 100s of line of Bash!) - Flynn (Go, bleeding edge) - OpenShift geard (Go) Choose wisely (or go to the next slide) - http://blog.lusis.org/blog/2014/06/14/paas-for-realists/ “I don’t think ANY of the current private PaaS solutions are a fit right now.”
  • 38. How many Docker hosts do you have? Only one per app or environment - Fig A few (up to ~10) - Maestro-NG - your favorite CM (e.g. Ansible has a nice Docker module) A lot - Mesos - have a look at (and contribute to) the “new wave” (Centurion, Helios, Kubernetes...)
  • 39. Work in progress: libswarm Run <something> that... - exposes the Docker API - talks to real Docker hosts - spins Docker hosts up and down as needed - takes care of scheduling, plumbing, scaling... Use your normal client to talk to that <something> - it looks like a Docker host - but it's an elastic, scalable, dynamic, magic Docker host https://github.com/docker/libswarm
  • 40. Performance: measure things cgroups give us per-container... - CPU usage - memory usage (fine-grained: cache and resident set size) - I/O usage (per device, reads vs writes, in bytes and in ops) cgroups don't give us... - network metrics (have to do tricks with network namespaces) https://github.com/google/cadvisor http://jpetazzo.github.io/2013/10/08/docker-containers-metrics/
  • 41. Performance: tweak things There isn't much to tweak! - CPU: native - I/O: native on volumes (make sure that your data set etc. is on volumes) - memory: no overhead if you disable memory accounting (userful for HPC; probably not for everything else) - network: no overhead if you run with “--net host” (useful for >1 Gb/s workloads) (or if you have a high packet rate; e.g. VOIP, gaming...)
  • 42. Configuration management There is more than one way do to it (surprise!) If you don't use a CM system yet, you don't have to - If you're familiar with a CM system, you can use it to encode small- scale deployments (up to, say, 10 nodes) Using CM to manage Docker hosts makes sense But Dockerfiles will be great for apps themselves If you really want to keep using your recipes, here's how to integrate!
  • 43. Configuration management, if you want to mix VMs and containers Author a single generic Docker image with your favorite CM, “locked and loaded” When creating a container from that image, you give it its identity (certificate/node name/...) When the container starts, it contacts the server, which gives it its configuration (manifests, cookbooks...) After a moment, it will converge to desired state Downside: slow to converge; not 100% reliable
  • 44. Configuration management, if you want to mix VMs and containers Author a single generic Docker image with your favorite CM, “locked and loaded” When creating a container from that image, you give it its identity (certificate/node name/...) When the container starts, it contacts the server, which gives it its configuration (manifests, cookbooks...) After a moment, it will converge to desired state Downside: slow to converge; not 100% reliable NOT RECOMMENDED
  • 45. Configuration management, the “immutable infrastructure” way Author a single generic Docker image with your favorite CM, to be used as a base for other images Author other Docker images: FROM me/my_base_puppet_image ADD manifests/ /etc/puppet/manifests RUN puppet apply --certname db1138.dystopia.io Once the image is baked, you don't have to fry it (i.e. it's ready to run without extra steps) Downside: build new image to make a change (can be seen as an advantage)
  • 46. Configuration management, the “immutable infrastructure” way Author a single generic Docker image with your favorite CM, to be used as a base for other images Author other Docker images: FROM me/my_base_puppet_image ADD manifests/ /etc/puppet/manifests RUN puppet apply --certname db1138.dystopia.io Once the image is baked, you don't have to fry it (i.e. it's ready to run without extra steps) Downside: build new image to make a change (can be seen as an advantage) SLIGHTLY BETTER (BUT STILL KIND OF MEH)
  • 47. Sysadmin chores Backups Logging Remote access We all know that those are just a small sample of the many boring, necessary evil deeds that sysadmins must commit once in a while.
  • 48. File-level backups Use volumes docker run --name mysqldata -v /var/lib/mysql busybox true docker run --name mysql --volumes-from mysqldata mysql docker run --rm --volumes-from mysqldata mysqlbackup tar -cJf- /var/lib/mysql | stream-it-to-the-cloud.py Of course, you can use anything fancier than tar (e.g. rsync, tarsnap...)
  • 49. Data-level backups Use links docker run --name mysql mysql docker run --rm --link mysql:db mysqlbackup mysqldump --all-databases | stream-it-to-the-cloud.py Can be combined with volumes - put the SQL dump on a volume - then backup that volume with file-level tools (previous slide)
  • 50. Logging for legacy apps Legacy = let me write to eleventy jillion arbitrary files in /var/lib/tomcat/logs! Solution: volumes docker run --name logs -v /var/lib/tomcat/logs busybox true docker run --name tomcat --volumes-from logs my_tomcat_image - Inspect logs: docker run --rm --volumes-from logs ubuntu bash - Ship logs to something else: docker run --name logshipper --volumes-from logs sawmill
  • 51. Logging for dockerized apps Dockerized = I only write to stdout Solution: Docker CLI/API docker run --name tomcat dockerized_tomcat docker logs tomcat docker run -v /var/run/docker.sock:/var/run/docker.sock logshipper docker logs tomcat | pipestash ... Caveat: logs are not rotated (but PR is on the way)
  • 52. Remote access If you own the host: SSH to host + nsenter https://github.com/jpetazzo/nsenter If you don't own the host: SSH in the container https://github.com/phusion/baseimage-docker More on that topic (“do I need SSHD in containers?”): http://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/ In the future: - run separate SSH container - log into that - “hop” onto the target container
  • 53. Docker in production Containers, containers everywhere! Not an actual book (yet) Thank you! Questions? http://www.docker.com/ @docker @jpetazzo Come talk about Docker tomorrow: - 10:40am: office hours (expo hall table A) - evening: meet-up at New Relic