Tuesday, July 15, 14
Packing It In: Images, Containers,
and Config Management
Michael Goetz
Sr. Consulting Engineer @ Chef
mpgoetz@getchef.com
...
Who am I?
• Sr. Consulting Engineer @ Chef
• 8+ years of experience planning, managing
and operating web scale and enterpr...
This talk isn’t about joining a cult...
• Lots of opinions exist that claim to be the “only right
way” to manage your syst...
So what are my options?
• Artisanal machines made of metal and sweat
• Pristine virtual machines
• Isolated containers
• J...
Artisanal machines made of metal and sweat
• Do we really need to talk about why this sucks?
• If you want to work on arti...
Containers vs. Virtual Machines
• Containers consist of an application
and its dependencies, running in
isolation in userl...
Hurray! We can go back to golden images, right?
• The “golden image” problem still exists with containers, but on a much s...
What about configuration management?
• Convergence - coming to a desired end state
• Congruence - building a result from a...
Tuesday, July 15, 14
Let’s talk real world here...
• My application system has:
• An OS layer that rarely changes
• A few supporting applicatio...
So wait... that still seems like a lot of work
• With 3 layers of your application stack to maintain, it feels like the ma...
What is Packer?
• Half the battle is keeping VM images up-
to-date
• The more time spent refreshing VM
images, the more ta...
What is Docker?
• Docker combines Linux containers (LXC) with AUFS to
create portable, lightweight application containers
...
What is Chef?
• Chef is an automation platform that manages
infrastructure as code
• Configuration of systems is performed...
Chef-Container
• A version of chef-client that includes
components to support running the chef-
client from within a Linux...
The knife-container plugin
• Used to initialize and build containers
•knife container docker init
•knife container docker ...
Let’s get to building!
• Starting with a solid foundation is key to success
• Identify the core components that are unlike...
Demo: Building the VM
Tuesday, July 15, 14
Building the Docker factory
• We need a repeatable factory for building Docker
images for the supporting applications
• Ch...
Demo: Building the Docker Factory
Tuesday, July 15, 14
Bringing it all together
• Now that we have our base VM and Docker factory
running, let’s manage an active application sta...
Demo: Using Chef to manage the entire system
Tuesday, July 15, 14
Wrapping Up
• Don’t join a cult
• Use what works to make things faster, more secure and more stable
• Keep the base VM sma...
Want to know more?
• Release: Chef Container 0.2.0 (beta) - http://www.getchef.com/blog/2014/07/15/
release-chef-container...
Thank You!
Michael Goetz
mpgoetz@getchef.com
@michaelpgoetz
Tuesday, July 15, 14
Upcoming SlideShare
Loading in …5
×

Packing It In: Images, Containers, and Config Management

1,772 views

Published on

Learn about the many different tools gaining momentum to manage system configurations. Hear about when you should think about configuration management tools and when it might be OK to just pack it into a re-usable image. We’ll cover the basics around Docker and Packer before diving into a full-stack example leveraging all three topics in harmony together.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,772
On SlideShare
0
From Embeds
0
Number of Embeds
44
Actions
Shares
0
Downloads
22
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Packing It In: Images, Containers, and Config Management

  1. 1. Tuesday, July 15, 14
  2. 2. Packing It In: Images, Containers, and Config Management Michael Goetz Sr. Consulting Engineer @ Chef mpgoetz@getchef.com Tuesday, July 15, 14
  3. 3. Who am I? • Sr. Consulting Engineer @ Chef • 8+ years of experience planning, managing and operating web scale and enterprise applications • Avid woodworker Tuesday, July 15, 14
  4. 4. This talk isn’t about joining a cult... • Lots of opinions exist that claim to be the “only right way” to manage your systems • The true path is the best combination that makes you go faster, in a safe and secure manner • Use a toolbox, not one tool http://leavingthecult.com/ Tuesday, July 15, 14
  5. 5. So what are my options? • Artisanal machines made of metal and sweat • Pristine virtual machines • Isolated containers • Just-in-time automatic configuration management • All (or some) of the above? Tuesday, July 15, 14
  6. 6. Artisanal machines made of metal and sweat • Do we really need to talk about why this sucks? • If you want to work on artisan crafts, take up woodworking http://www.juggernautwoodworking.com/images/carve.jpg Tuesday, July 15, 14
  7. 7. Containers vs. Virtual Machines • Containers consist of an application and its dependencies, running in isolation in userland outside the kernel. • Virtual Machines create an entire machine, including a fully functional operating system. https://www.docker.io/static/img/about/docker_vm.jpg Tuesday, July 15, 14
  8. 8. Hurray! We can go back to golden images, right? • The “golden image” problem still exists with containers, but on a much smaller scale • A dozen “server” images become dozens of “container” images • AUFS layering mitigates some sprawl, but has a limit • Modularity of applications without convergence of the entire system just kicks the can down the road http://images.smh.com.au/2011/10/28/2737998/ipad-art-wide-shipping-420x0.jpg Tuesday, July 15, 14
  9. 9. What about configuration management? • Convergence - coming to a desired end state • Congruence - building a result from a blank state • Always building from scratch can be time consuming • Specification of application versions becomes extremely important • Changes can happen unexpectedly if you don’t plan ahead Convergence is like fixing the outcome and compute the route (like a GPS finder), and congruence is about repeating a recipe in a sequence of known steps to massage a system into shape” – Mark Burgess Tuesday, July 15, 14
  10. 10. Tuesday, July 15, 14
  11. 11. Let’s talk real world here... • My application system has: • An OS layer that rarely changes • A few supporting applications that change semi- frequently • My application code that changes rapidly • This can translate to: • VM image to act as a base OS + some deltas • Container images for supporting applications • Configuration management to maintain overall state Tuesday, July 15, 14
  12. 12. So wait... that still seems like a lot of work • With 3 layers of your application stack to maintain, it feels like the maintenance demand will only go up • We’ll use three tools to manage each layer: • Packer - building and maintaining images (virtual machine host) • Chef - building Docker images, provisioning the VM and managing the configuration of running containers • Docker - running the containers Tuesday, July 15, 14
  13. 13. What is Packer? • Half the battle is keeping VM images up- to-date • The more time spent refreshing VM images, the more table flipping that will ensue • Packer is tool for creating identical machine images for multiple platforms from a single source configuration • Makes programmatically building VM images super easy! {    "builders":  [{        "type":  "amazon-­‐ebs",        "region":  "us-­‐east-­‐1",        "source_ami":  "ami-­‐8ade42ba",        "instance_type":  "m3.medium",        "ssh_username":  "ubuntu",        "ami_name":  "my  ami  {{timestamp}}"    }],    "provisioners":  [{        "type":  "chef-­‐solo",        "cookbook_paths":  ["cookbooks"],        "json":  {            "name":  "my_node",            "run_list":  [                "recipe[docker]",                "recipe[my_application]"            ]        }    }] } Tuesday, July 15, 14
  14. 14. What is Docker? • Docker combines Linux containers (LXC) with AUFS to create portable, lightweight application containers • Docker containers are running instances of Docker images • Docker images can be shared via a public or private registry • Containers can be single application processes or lightweight virtual machines if a supervisor is provided. Tuesday, July 15, 14
  15. 15. What is Chef? • Chef is an automation platform that manages infrastructure as code • Configuration of systems is performed by reusable recipes that are shared across your entire infrastructure • Information about the various infrastructure components is cataloged and made available to to inform the rest of the topology configuration • Chef can run on demand or as a managed service to keep infrastructure convergent Tuesday, July 15, 14
  16. 16. Chef-Container • A version of chef-client that includes components to support running the chef- client from within a Linux container • Packaged with chef-client, runit and chef-init • Allows you to bootstrap the container without an SSH connection • Use chef-client resources the same way in a container as on any UNIX- or Linux- based platform • Can manage multiple services within a single container using chef-init & runit Tuesday, July 15, 14
  17. 17. The knife-container plugin • Used to initialize and build containers •knife container docker init •knife container docker build • Docker support today, other containers planned • Berkshelf integration • Supports Chef-Zero or Chef-Client modes Tuesday, July 15, 14
  18. 18. Let’s get to building! • Starting with a solid foundation is key to success • Identify the core components that are unlikely to change, but are different from default settings • Security policies/applications • Image hardening • Core component packages • Docker tooling • The goal is to create a minimal base VM, combined with the components that are consistently configured across your entire application infrastructure Tuesday, July 15, 14
  19. 19. Demo: Building the VM Tuesday, July 15, 14
  20. 20. Building the Docker factory • We need a repeatable factory for building Docker images for the supporting applications • Chef-container lets us use our existing Chef cookbooks to create reusable Docker images • The key to success is isolation - create the smallest Docker images that will work • Hook up your continuous integration system to crank out new images as cookbooks are updated Tuesday, July 15, 14
  21. 21. Demo: Building the Docker Factory Tuesday, July 15, 14
  22. 22. Bringing it all together • Now that we have our base VM and Docker factory running, let’s manage an active application stack • Chef will provision servers with the base VM, build and run the Docker containers • Ongoing convergence of the overall desired state of the system will be managed by chef-clients running inside each container. Tuesday, July 15, 14
  23. 23. Demo: Using Chef to manage the entire system Tuesday, July 15, 14
  24. 24. Wrapping Up • Don’t join a cult • Use what works to make things faster, more secure and more stable • Keep the base VM small, but not too small • Use containers to manage isolated, reusable applications • Maintain a convergent infrastructure with automated configuration management Tuesday, July 15, 14
  25. 25. Want to know more? • Release: Chef Container 0.2.0 (beta) - http://www.getchef.com/blog/2014/07/15/ release-chef-container-0-2-0-beta/ • Chef Containers Documentation - http://docs.opscode.com/containers.html • Video demo - https://www.youtube.com/watch? v=nSB9rHG1_FQ&feature=youtu.be • Packer - http://www.packer.io/ • Docker - http://www.docker.com/ Tuesday, July 15, 14
  26. 26. Thank You! Michael Goetz mpgoetz@getchef.com @michaelpgoetz Tuesday, July 15, 14

×