Perspectives on Docker

RightScale
RightScaleRightScale
Perspectives on Docker 10 things not to forget before deploying Docker in production Docker Meetup @ RightScale Raphael Simon & Thorsten von Eicken October 21st 2014
Docker from Theory to Production How to cruise … … and what to avoid
Containers vs. Virtual Machines Differences: ● Size ● Boot time ● Performance ● Isolation ● Compatibility
Containers vs. Processes textbook process regs PGM MEM proc real process regs MEM proc /etc /lib /bin container regs MEM proc /etc /lib /bin net ⇒Containers are processes with env, not mini-VMs
Docker Benefits @RightScale 1. Dev & ops contract Dev responsible for app containers contents Ops responsible for container surrounds Not against devops, but ops handles >30 apps 2. App portability Make it easier for our customers to run an app anywhere VMs need to be customized for each cloud (or bare metal) Rather than installing apps each time, just drop down containers
Containers in a VM Container 1 Runs app 1 Tenant A Container 2 Runs app 2 Tenant A VM 1 Tenant A Host 1 Container 3 Runs app 3 Tenant B Container 4 Runs app 4 Tenant B VM 1 Tenant B ● Containers are produced by development ● VMs are produced and managed by ops ● Hosts are managed by the cloud provider Do not trust containers to provide a hard security boundary
10 Things not to Forget before deploying Docker in production
1. Logging – how Docker does it Docker captures stdout/stderr docker logs command prints combined stdout/err docker logs -f : running tail (from the beginning!) $ docker run --name hello -d busybox echo hello Santa Barbara a3c0caa675e106cc0cf208dade762afcc341ed5b9ea8f3d75b6e2092745a5faa $ docker logs hello hello Santa Barbara $
1: Logging – how not to do it ● Log to stdout/stderr and collect them in the VM ○ Not all apps log to stdout/err, many don’t add timestamps ○ No log rotation (can use logrotate with copytruncate) ○ No tailing to ship the logs ● Run syslog daemon inside the container ○ Containers ≠ VMs ○ Configuration hell
1: Logging – solutions ● Bind-mount /tmp/dev -> /dev ○ Can’t bind-mount /dev/log! ○ Move /dev/log to /tmp/dev/log ○ See http://jpetazzo.github.io/2014/08/24/syslog-docker/ ● Fix docker daemon to handle logging ○ Fixing stdout/err is happening (#7195) ○ Ready to add support for syslog source, but not active container docker syslog file stdout/err json
2: Monitoring – how not to do it ● Monitoring daemon inside each container ○ Container ≠ VM ○ Monitoring daemons require privs ○ Configuration/management hell
Monitoring – how to do it ● Collect stats in VM using container-aware monitoring ○ Stats are in /sys/fs/cgroup/… See: Docker doc article on run-time metrics ○ Docker support: cAdvisor, DataDog, … ? ● Or just monitor at the process level $ docker run --name hello -d busybox sleep 60 3a804b088b432035c5cee541f4baef3cc728d27dded3378fd253c6b4abeb077a $ cat /sys/fs/cgroup/cpuacct/docker/3a804b088b432035c5cee541f4ba ef3cc728d27dded3378fd253c6b4abeb077a/cpuacct.usage_percpu 630924 4774818 7494614 3622216
3. Secrets – how not to do it DEMO
3. Secrets – Solutions Setup context prior to build: $ cat Makefile # Setup context then build image build: Dockerfile git clone git@github.com:rightscale/docker_demo docker build -t raphael/demo . rm -rf docker_demo $ cat Dockerfile FROM rightscale/ruby-212 ADD docker_demo /docker_demo
3. Secrets – Take away ● Each Dockerfile ADD and RUN command results in a new committed layer ● All image layers (built or pulled) are readily accessible ● For now: Make sure to remove any unnecessary credential from the context prior to building ● In the future: Take advantage of “nested builds”, see #7115
4. Container access ● Launch image manually with custom command to troubleshoot ● Inspect files inside running container ● Launch shell into running container using docker exec (new in 1.3) $ docker exec -it hopeful_shockley /bin/sh # ps -ax PID TTY STAT TIME COMMAND 1 ? Ss+ 0:00 /bin/bash ← Main container process 43 ? S 0:00 /bin/sh 49 ? R+ 0:00 ps -ax
5. Aufs vs. btrfs ● aufs corruption of container filesystems, scope unknown, issue #7229 ● btrfs seems to work better (default in CoreOS) ● btrfs “requires” separate partition $ mkfs.btrfs /dev/xvdb $ mount /dev/xvdb /mnt $ mkdir -p /mnt/docker $ ln -sf /mnt/docker /var/lib/docker $ sed -i -e '/DOCKER_OPTS/s/.*/DOCKER_OPTS="-s=btrfs"/' /etc/default/docker $ restart docker
6. Got Infinite disk space? ● Container logs grow indefinitely ○ Use logrotate with copytruncate ● Containers accumulate indefinitely ○ Becomes an issue if containers are frequently restarted due to upgrades or crashes ○ Use docker run --rm ■ but then how do you troubleshoot? ○ Write script to docker rm old unused containers?
7. Huge Containers – how not to do it Overlays don’t go away FROM ubuntu:14.04 RUN apt-get update RUN apt-get install -y libjpeg RUN apt-get install -y libjpeg-dev build-essential gcc 109 MB ADD source /build 5 MB? WORKDIR /build - RUN ./configure 0 MB RUN make 100 MB? RUN make install CMD /usr/local/bin/myexe
7. Huge Containers – solutions Use a tools container, share build results via volume In the future: “nested builds” #7115, “squash” #4232 ? FROM ubuntu:14.04 VOLUME /opt/app ADD src /build WORKDIR /build RUN apt-get update RUN apt-get install -y libjpeg-dev build-essential gcc RUN ./configure RUN make RUN make install RUN mkdir -p /opt/app RUN cp -r /build/out/* /opt/app/
8. Very slow container downloads ● Downloading docker images is very slow ● The problem isn’t bandwidth… see #7291 ● Caching can help depending on use-case Boot time steps Docker RightScript Launch and boot 53s 49s Prep VM environment 36s 16s Install & launch zookeeper, redis, kafka, mariadb, graphite, statsd 4m57s 1m5s Install ruby n/a 54s Install & launch custom apps 2m23s 3m3s TOTAL 8m50s 6m8s
9. Backups Userguide: backup-restore-or-migrate-data-volumes ● Create DB container with /data volume ● Backup /data “anytime” from the VM ● Or launch 2nd backup container with --volumes-from ➣ Simple in a 1-off server, but how to automate in general?
10. Docker Clusters ● Does Docker Cluster software solve all these issues? ● Kubernetes, Mesos, Fleet, … ○ apparently not (yet?) ● But, they require an overlay network… Container 1 Runs app 1 172.16.4.3 VM 1 Container 2 Runs app 1 172.16.4.6 VM 2 10.0.0.1 10.0.0.2
Wrapping up Why docker? ● dev-to-CI-to-prod workflow ● portability: same container in different VMs Putting it into production: ● simple for one-off apps ● still WIP for system-wide deployment Overall very promising and great to work with Most pain points are actively being worked on
Perspectives on Docker 10 things not to forget before deploying Docker in production — the end — Raphael Simon & Thorsten von Eicken
1 of 25

Perspectives on Docker

Download to read offline
Technology

Slides from Docker Meetup Santa Barbara http://www.meetup.com/Docker-Santa-Barbara/events/211823612/

RightScale
RightScaleRightScale

Recommended

Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned RightScale
16.8K views36 slides
The Lies We Tell Our Code (#seascale 2015 04-22)The Lies We Tell Our Code (#seascale 2015 04-22)
The Lies We Tell Our Code (#seascale 2015 04-22)Casey Bisson
8.8K views63 slides
Solving Real World Production Problems with DockerSolving Real World Production Problems with Docker
Solving Real World Production Problems with DockerMarc Campbell
775 views29 slides
Learn docker in 90 minutesLearn docker in 90 minutes
Learn docker in 90 minutesLarry Cai
22.8K views20 slides
Docker 101 @KACST Saudi HPC 2016Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016Walid Shaari
5.2K views59 slides
Hide your development environment and application in a containerHide your development environment and application in a container
Hide your development environment and application in a containerJohan Janssen
5.2K views71 slides

More Related Content

What's hot

App container rktApp container rkt
App container rktXiaofeng Guo
1.5K views108 slides

What's hot(20)

Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
dotCloud3.1K views
Docker 初探,實驗室中的運貨鯨Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨
Ruoshi Ling6.3K views
[DockerCon 2019] Hardening Docker daemon with Rootless mode[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode
Akihiro Suda34.1K views
Using docker to develop NAS applicationsUsing docker to develop NAS applications
Using docker to develop NAS applications
Terry Chen1.2K views
App container rktApp container rkt
App container rkt
Xiaofeng Guo1.5K views
Docker - introductionDocker - introduction
Docker - introduction
Michał Kurzeja782 views
Docker at Flux7Docker at Flux7
Docker at Flux7
Aater Suleman15K views
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
Michael Boelen8.7K views
Docker 101 - from 0 to Docker in 30 minutesDocker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutes
Luciano Fiandesio861 views
Introduction to dockerIntroduction to docker
Introduction to docker
Justyna Ilczuk2.5K views
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing Meetup
Jérôme Petazzoni34.4K views
Tech Talk - VagrantTech Talk - Vagrant
Tech Talk - Vagrant
Thomas Krille826 views
Docker 101 - Intro to DockerDocker 101 - Intro to Docker
Docker 101 - Intro to Docker
Adrian Otto10.2K views
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGHDeploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Erica Windisch53.4K views
Intro- Docker Native for OSX and WindowsIntro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
Thomas Chacko670 views
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/20146 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
Christian Beedgen16.2K views
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
Jérôme Petazzoni33K views
Containers: The What, Why, and HowContainers: The What, Why, and How
Containers: The What, Why, and How
Sneha Inguva4.9K views
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
謝 宗穎6.6K views
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
Ganesh Samarthyam20.1K views

Viewers also liked

Open design at large scaleOpen design at large scale
Open design at large scaleshykes
8.1K views14 slides
Docker DeploymentsDocker Deployments
Docker DeploymentsDocker, Inc.
27.2K views14 slides
Node Powered MobileNode Powered Mobile
Node Powered MobileTim Caswell
2.6K views36 slides
Real Time Web with NodeReal Time Web with Node
Real Time Web with NodeTim Caswell
11.3K views29 slides

Viewers also liked(20)

Open design at large scaleOpen design at large scale
Open design at large scale
shykes8.1K views
Open Design at large scale by Solomon HykesOpen Design at large scale by Solomon Hykes
Open Design at large scale by Solomon Hykes
Docker, Inc.24.7K views
Docker DeploymentsDocker Deployments
Docker Deployments
Docker, Inc.27.2K views
Introduction to docker and docker composeIntroduction to docker and docker compose
Introduction to docker and docker compose
Lalatendu Mohanty2.8K views
Node Powered MobileNode Powered Mobile
Node Powered Mobile
Tim Caswell2.6K views
Real Time Web with NodeReal Time Web with Node
Real Time Web with Node
Tim Caswell11.3K views
Application Logging With The ELK StackApplication Logging With The ELK Stack
Application Logging With The ELK Stack
benwaine4.1K views
Docker Swarm & MachineDocker Swarm & Machine
Docker Swarm & Machine
Eueung Mulyana562 views
ELK: Moose-ively scaling your log systemELK: Moose-ively scaling your log system
ELK: Moose-ively scaling your log system
Avleen Vig16.9K views
muCon 2016: "Seven (More) Deadly Sins of Microservices"muCon 2016: "Seven (More) Deadly Sins of Microservices"
muCon 2016: "Seven (More) Deadly Sins of Microservices"
Daniel Bryant858 views
Building large scale applications in yarn with apache twillBuilding large scale applications in yarn with apache twill
Building large scale applications in yarn with apache twill
Henry Saputra29.5K views
Harnessing the power of YARN with Apache TwillHarnessing the power of YARN with Apache Twill
Harnessing the power of YARN with Apache Twill
Terence Yim50.4K views
Using machine learning to determine drivers of bounce and conversionUsing machine learning to determine drivers of bounce and conversion
Using machine learning to determine drivers of bounce and conversion
Tammy Everts5.5K views
Fall in Love with Graphs and Metrics using GrafanaFall in Love with Graphs and Metrics using Grafana
Fall in Love with Graphs and Metrics using Grafana
torkelo11.5K views
Модель системы Continuous Integration в компании Positive Technologies | Тиму...Модель системы Continuous Integration в компании Positive Technologies | Тиму...
Модель системы Continuous Integration в компании Positive Technologies | Тиму...
Positive Hack Days18.6K views
Grafana and MySQL - Benefits and ChallengesGrafana and MySQL - Benefits and Challenges
Grafana and MySQL - Benefits and Challenges
Philip Wernersbach17.3K views
Icinga Camp Barcelona - Current State of IcingaIcinga Camp Barcelona - Current State of Icinga
Icinga Camp Barcelona - Current State of Icinga
Icinga30.8K views
Monitoring the #DevOps wayMonitoring the #DevOps way
Monitoring the #DevOps way
Theo Schlossnagle9.5K views
Alexei Vladishev - Opening SpeechAlexei Vladishev - Opening Speech
Alexei Vladishev - Opening Speech
Zabbix11.2K views
Andrew Nelson - Zabbix and SNMP on LinuxAndrew Nelson - Zabbix and SNMP on Linux
Andrew Nelson - Zabbix and SNMP on Linux
Zabbix12K views

Similar to Perspectives on Docker

Docker king-d00mDocker king-d00m
Docker king-d00mOkars Gavriševs
433 views122 slides

Similar to Perspectives on Docker(20)

Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
Ben Hall1.6K views
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
Docker, Inc.1.3K views
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
Docker, Inc.1.6K views
Docker king-d00mDocker king-d00m
Docker king-d00m
Okars Gavriševs433 views
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
Jérôme Petazzoni6.1K views
Docker primer and tipsDocker primer and tips
Docker primer and tips
Samuel Chow108 views
Adventures in docker composeAdventures in docker compose
Adventures in docker compose
LinkMe Srl1.5K views
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik DornJDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
PROIDEA698 views
DCEU 18: Developing with Docker ContainersDCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker Containers
Docker, Inc.595 views
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
Docker, Inc.467 views
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
Carlo Bonamico4.8K views
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to production
muayyad alsadi2.3K views
JOSA TechTalk: Taking Docker to ProductionJOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to Production
Jordan Open Source Association8.3K views
Docker Basics & Alfresco Content ServicesDocker Basics & Alfresco Content Services
Docker Basics & Alfresco Content Services
Sujay Pillai595 views
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
Thomas Tong, FRM, PMP424 views
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet1.8K views
Containers without docker | DevNation Tech TalkContainers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech Talk
Red Hat Developers3.3K views
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdf
Abid Malik353 views
Docker in everyday developmentDocker in everyday development
Docker in everyday development
Justyna Ilczuk2.1K views
Docker linuxday 2015Docker linuxday 2015
Docker linuxday 2015
Massimiliano Dessì1.2K views

More from RightScale

More from RightScale(20)

10 Must-Have Automated Cloud Policies for IT Governance10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance
RightScale2.9K views
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsKubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
RightScale1.7K views
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScale
RightScale1.3K views
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowPrepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
RightScale1.1K views
How to Set Up a Cloud Cost Optimization Process for your EnterpriseHow to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your Enterprise
RightScale2.5K views
Multi-Cloud Management with RightScale CMP (Demo)Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)
RightScale889 views
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMComparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
RightScale2.2K views
How to Allocate and Report Cloud Costs with RightScale OptimaHow to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale Optima
RightScale569 views
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
RightScale977 views
Using RightScale CMP with Cloud Provider ToolsUsing RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider Tools
RightScale699 views
Best Practices for Multi-Cloud Security and ComplianceBest Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and Compliance
RightScale1.5K views
Automating Multi-Cloud Policies for AWS, Azure, Google, and MoreAutomating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
RightScale500 views
The 5 Stages of Cloud Management for EnterprisesThe 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for Enterprises
RightScale1.2K views
9 Ways to Reduce Cloud Storage Costs9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs
RightScale2.4K views
Serverless Comparison: AWS vs Azure vs Google vs IBMServerless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBM
RightScale7.5K views
Best Practices for Cloud Managed Services Providers: The Path to CMP SuccessBest Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
RightScale1.7K views
Cloud Storage Comparison: AWS vs Azure vs Google vs IBMCloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
RightScale7.4K views
2018 Cloud Trends: RightScale State of the Cloud Report2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report
RightScale2.4K views
Got a Multi-Cloud Strategy? How RightScale CMP HelpsGot a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP Helps
RightScale432 views
How to Manage Cloud Costs with RightScale OptimaHow to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale Optima
RightScale630 views

Recently uploaded

Recently uploaded(20)

Liqid: Composable CXL PreviewLiqid: Composable CXL Preview
Liqid: Composable CXL Preview
CXL Forum118 views
JCon Live 2023 - Lice coding some integration problemsJCon Live 2023 - Lice coding some integration problems
JCon Live 2023 - Lice coding some integration problems
Bernd Ruecker61 views
AI: mind, matter, meaning, metaphors, being, becoming, life valuesAI: mind, matter, meaning, metaphors, being, becoming, life values
AI: mind, matter, meaning, metaphors, being, becoming, life values
Twain Liu 刘秋艳28 views
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk76 views
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya51 views
MemVerge: Memory Viewer SoftwareMemVerge: Memory Viewer Software
MemVerge: Memory Viewer Software
CXL Forum115 views
AMD: 4th Generation EPYC CXL DemoAMD: 4th Generation EPYC CXL Demo
AMD: 4th Generation EPYC CXL Demo
CXL Forum117 views
"Role of a CTO in software outsourcing company", Yuriy Nakonechnyy"Role of a CTO in software outsourcing company", Yuriy Nakonechnyy
"Role of a CTO in software outsourcing company", Yuriy Nakonechnyy
Fwdays35 views
"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi
"AI Startup Growth from Idea to 1M ARR", Oleksandr Uspenskyi
Fwdays23 views
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf
Eleanor McHugh34 views
Micron CXL product and architecture updateMicron CXL product and architecture update
Micron CXL product and architecture update
CXL Forum23 views
.conf Go 2023 - SIEM project @ SNF.conf Go 2023 - SIEM project @ SNF
.conf Go 2023 - SIEM project @ SNF
Splunk163 views
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk75 views
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the Metaverse
Mark Billinghurst389 views
Java 21 and Beyond- A Roadmap of Innovations .pdfJava 21 and Beyond- A Roadmap of Innovations .pdf
Java 21 and Beyond- A Roadmap of Innovations .pdf
Ana-Maria Mihalceanu51 views
GigaIO: The March of Composability Onward to Memory with CXLGigaIO: The March of Composability Onward to Memory with CXL
GigaIO: The March of Composability Onward to Memory with CXL
CXL Forum118 views
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman20 views
Astera Labs: Intelligent Connectivity for Cloud and AI InfrastructureAstera Labs: Intelligent Connectivity for Cloud and AI Infrastructure
Astera Labs: Intelligent Connectivity for Cloud and AI Infrastructure
CXL Forum118 views
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...
Prity Khastgir IPR Strategic India Patent Attorney Amplify Innovation23 views
Business Analyst Series 2023 - Week 3 Session 5Business Analyst Series 2023 - Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray1042 views

Perspectives on Docker

  • 1. Perspectives on Docker 10 things not to forget before deploying Docker in production Docker Meetup @ RightScale Raphael Simon & Thorsten von Eicken October 21st 2014
  • 2. Docker from Theory to Production How to cruise … … and what to avoid
  • 3. Containers vs. Virtual Machines Differences: ● Size ● Boot time ● Performance ● Isolation ● Compatibility
  • 4. Containers vs. Processes textbook process regs PGM MEM proc real process regs MEM proc /etc /lib /bin container regs MEM proc /etc /lib /bin net ⇒Containers are processes with env, not mini-VMs
  • 5. Docker Benefits @RightScale 1. Dev & ops contract Dev responsible for app containers contents Ops responsible for container surrounds Not against devops, but ops handles >30 apps 2. App portability Make it easier for our customers to run an app anywhere VMs need to be customized for each cloud (or bare metal) Rather than installing apps each time, just drop down containers
  • 6. Containers in a VM Container 1 Runs app 1 Tenant A Container 2 Runs app 2 Tenant A VM 1 Tenant A Host 1 Container 3 Runs app 3 Tenant B Container 4 Runs app 4 Tenant B VM 1 Tenant B ● Containers are produced by development ● VMs are produced and managed by ops ● Hosts are managed by the cloud provider Do not trust containers to provide a hard security boundary
  • 7. 10 Things not to Forget before deploying Docker in production
  • 8. 1. Logging – how Docker does it Docker captures stdout/stderr docker logs command prints combined stdout/err docker logs -f : running tail (from the beginning!) $ docker run --name hello -d busybox echo hello Santa Barbara a3c0caa675e106cc0cf208dade762afcc341ed5b9ea8f3d75b6e2092745a5faa $ docker logs hello hello Santa Barbara $
  • 9. 1: Logging – how not to do it ● Log to stdout/stderr and collect them in the VM ○ Not all apps log to stdout/err, many don’t add timestamps ○ No log rotation (can use logrotate with copytruncate) ○ No tailing to ship the logs ● Run syslog daemon inside the container ○ Containers ≠ VMs ○ Configuration hell
  • 10. 1: Logging – solutions ● Bind-mount /tmp/dev -> /dev ○ Can’t bind-mount /dev/log! ○ Move /dev/log to /tmp/dev/log ○ See http://jpetazzo.github.io/2014/08/24/syslog-docker/ ● Fix docker daemon to handle logging ○ Fixing stdout/err is happening (#7195) ○ Ready to add support for syslog source, but not active container docker syslog file stdout/err json
  • 11. 2: Monitoring – how not to do it ● Monitoring daemon inside each container ○ Container ≠ VM ○ Monitoring daemons require privs ○ Configuration/management hell
  • 12. Monitoring – how to do it ● Collect stats in VM using container-aware monitoring ○ Stats are in /sys/fs/cgroup/… See: Docker doc article on run-time metrics ○ Docker support: cAdvisor, DataDog, … ? ● Or just monitor at the process level $ docker run --name hello -d busybox sleep 60 3a804b088b432035c5cee541f4baef3cc728d27dded3378fd253c6b4abeb077a $ cat /sys/fs/cgroup/cpuacct/docker/3a804b088b432035c5cee541f4ba ef3cc728d27dded3378fd253c6b4abeb077a/cpuacct.usage_percpu 630924 4774818 7494614 3622216
  • 13. 3. Secrets – how not to do it DEMO
  • 14. 3. Secrets – Solutions Setup context prior to build: $ cat Makefile # Setup context then build image build: Dockerfile git clone git@github.com:rightscale/docker_demo docker build -t raphael/demo . rm -rf docker_demo $ cat Dockerfile FROM rightscale/ruby-212 ADD docker_demo /docker_demo
  • 15. 3. Secrets – Take away ● Each Dockerfile ADD and RUN command results in a new committed layer ● All image layers (built or pulled) are readily accessible ● For now: Make sure to remove any unnecessary credential from the context prior to building ● In the future: Take advantage of “nested builds”, see #7115
  • 16. 4. Container access ● Launch image manually with custom command to troubleshoot ● Inspect files inside running container ● Launch shell into running container using docker exec (new in 1.3) $ docker exec -it hopeful_shockley /bin/sh # ps -ax PID TTY STAT TIME COMMAND 1 ? Ss+ 0:00 /bin/bash ← Main container process 43 ? S 0:00 /bin/sh 49 ? R+ 0:00 ps -ax
  • 17. 5. Aufs vs. btrfs ● aufs corruption of container filesystems, scope unknown, issue #7229 ● btrfs seems to work better (default in CoreOS) ● btrfs “requires” separate partition $ mkfs.btrfs /dev/xvdb $ mount /dev/xvdb /mnt $ mkdir -p /mnt/docker $ ln -sf /mnt/docker /var/lib/docker $ sed -i -e '/DOCKER_OPTS/s/.*/DOCKER_OPTS="-s=btrfs"/' /etc/default/docker $ restart docker
  • 18. 6. Got Infinite disk space? ● Container logs grow indefinitely ○ Use logrotate with copytruncate ● Containers accumulate indefinitely ○ Becomes an issue if containers are frequently restarted due to upgrades or crashes ○ Use docker run --rm ■ but then how do you troubleshoot? ○ Write script to docker rm old unused containers?
  • 19. 7. Huge Containers – how not to do it Overlays don’t go away FROM ubuntu:14.04 RUN apt-get update RUN apt-get install -y libjpeg RUN apt-get install -y libjpeg-dev build-essential gcc 109 MB ADD source /build 5 MB? WORKDIR /build - RUN ./configure 0 MB RUN make 100 MB? RUN make install CMD /usr/local/bin/myexe
  • 20. 7. Huge Containers – solutions Use a tools container, share build results via volume In the future: “nested builds” #7115, “squash” #4232 ? FROM ubuntu:14.04 VOLUME /opt/app ADD src /build WORKDIR /build RUN apt-get update RUN apt-get install -y libjpeg-dev build-essential gcc RUN ./configure RUN make RUN make install RUN mkdir -p /opt/app RUN cp -r /build/out/* /opt/app/
  • 21. 8. Very slow container downloads ● Downloading docker images is very slow ● The problem isn’t bandwidth… see #7291 ● Caching can help depending on use-case Boot time steps Docker RightScript Launch and boot 53s 49s Prep VM environment 36s 16s Install & launch zookeeper, redis, kafka, mariadb, graphite, statsd 4m57s 1m5s Install ruby n/a 54s Install & launch custom apps 2m23s 3m3s TOTAL 8m50s 6m8s
  • 22. 9. Backups Userguide: backup-restore-or-migrate-data-volumes ● Create DB container with /data volume ● Backup /data “anytime” from the VM ● Or launch 2nd backup container with --volumes-from ➣ Simple in a 1-off server, but how to automate in general?
  • 23. 10. Docker Clusters ● Does Docker Cluster software solve all these issues? ● Kubernetes, Mesos, Fleet, … ○ apparently not (yet?) ● But, they require an overlay network… Container 1 Runs app 1 172.16.4.3 VM 1 Container 2 Runs app 1 172.16.4.6 VM 2 10.0.0.1 10.0.0.2
  • 24. Wrapping up Why docker? ● dev-to-CI-to-prod workflow ● portability: same container in different VMs Putting it into production: ● simple for one-off apps ● still WIP for system-wide deployment Overall very promising and great to work with Most pain points are actively being worked on
  • 25. Perspectives on Docker 10 things not to forget before deploying Docker in production — the end — Raphael Simon & Thorsten von Eicken