Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Docker workshop

  • Login to see the comments

Docker workshop

  1. 1. Docker Workshop Evans Ye 2014.10.13
  2. 2. Agenda • Docker and underlying technologies • Running Docker containers • Building Docker images • The official Docker hub
  3. 3. Containers offer faster automation
  4. 4. Docker Container • A container is a group of isolated processes – cgroups – namespace • Isolated processes run straight on the host – native CPU performance – minimal memory overhead – minimal network performance overhead
  5. 5. 7 CGroups
  6. 6. Cgroups (control groups) • Linux kernel feature • Groups of processes • Resource limitations – Like limits.conf but the scope is a set of processes instead of uid/gid • May be nested
  7. 7. Cgroups submodules • memory • CPU • network IO • disk IO
  8. 8. 10 Namespaces
  9. 9. namespaces • Linux kernel feature • wrap particular global system resource in an abstracted, isolated instance • May be nested
  10. 10. Different kinds of namespaces
  11. 11. #TrendInsight Running Docker Containers
  12. 12. Run Docker container in boot2docker directly
  13. 13. Create a container with interactive shell $ docker run -t -i base:centos62 /bin/bash [root@4d8c4b81f6d7 /]# exit (exited) $ -t, --tty Allocate a pseudo-TTY $ -i, --interactive Keep STDIN open even if not attached
  14. 14. Check containers’ status $ docker ps (only running containers are shown) $ docker ps –a (all)
  15. 15. Reattach in stopped container $ docker start -i 4d8c4b81f6d7 [root@4d8c4b81f6d7 /]#
  16. 16. or use docker exec instead $ docker start 4d8c4b81f6d7 $ docker exec –ti 4d8c4b81f6d7 bash [root@4d8c4b81f6d7 /]#
  17. 17. Take a look at Docker run command $ docker run -t -i base:centos62 /bin/bash
  18. 18. Command + args $ docker run base:centos62 /bin/cat /etc/hosts
  19. 19. Name a container $ docker run -ti --name foo base:centos62 /bin/bash $ docker ps -a $ docker rm foo destroy foo container
  20. 20. Destroy all containers $ docker rm `docker ps --no-trunc -aq` (except running containers, they must be stopped first) $ docker rm -f `docker ps --no-trunc -aq` (force destroy all containers)
  21. 21. Create ephemeral container $ docker run -ti --rm base:centos62 /bin/bash [root@4d8c4b81f6d7 /]# exit (destroyed upon exit) $ docker ps -a
  22. 22. Ports forwarding (publish) $ docker run -ti -p 80:80 base:centos62 /bin/bash # yum install httpd # echo "hello world" > /var/www/html/index.html # service httpd start $ curl localhost:80
  23. 23. What does Docker port forwarding do? Windows / OS X boot2docker Container Container 80 80
  24. 24. 27 Well, I need to render it in browsers…
  25. 25. How about this? Windows / OS X boot2docker Container Container 80 80 80
  26. 26. Doable via Vagrant $ vim Vagrantfile
  27. 27. The solution Windows / OS X boot2docker Container Container 80 80 80  Docker port forwarding Vagrant port forwarding
  28. 28. More about Docker ports forwarding $ docker run -ti -p 80:80 base:centos62 /bin/bash • -p, --publish Publish a container's port to the host • format: – ip:hostPort:containerPort (10.1.1.1:80:80) – ip::containerPort (10.1.1.1::80) – hostPort:containerPort (80:80)
  29. 29. Volume (like sync folder) $ docker run -ti --name apache -v /httpd-logs:/var/log/httpd base:centos62 /bin/bash # touch /var/log/httpd/foo $ ls /http-logs
  30. 30. Volume from other container (useful to share data) $ docker run -ti --volumes-from apache base:centos62 /bin/bash # ls /var/log/httpd
  31. 31. Link $ docker run -ti --link apache:apache.trendmicro.com base:centos62 /bin/bash # cat /etc/hosts • Exposes information from source container to recipient container in two ways: – Environment variables – Updating the /etc/hosts file • format: – name:alias
  32. 32. useful in multi-node situation 12/25/2014 service (hadoop-client) data (hadoop-client) link
  33. 33. Docker in client/server mode Windows / OS X boot2docker (Docker client) Linux server Docker Engine Container Container
  34. 34. Server: bind Docker engine to a tcp port $ docker -d -H 10.1.1.1:2375 -H unix:///var/run/docker.sock • -d, --daemon daemon mode • -H, --host the socket(s) to bind in daemon mode
  35. 35. Docker client $ export DOCKER_HOST=tcp://10.1.1.1:2375 $ docker images $ docker run -ti --rm centos:centos6 /bin/bash (start container on the server) • Note: – expose tcp port could let someone get root access to the host – not recommended in open network
  36. 36. Running containers in background (Detached mode) $ hadoop=$(docker run -d -p 50070:50070 tmh6:centos62) $ docker inspect $hadoop
  37. 37. 40 Vagrant creates Docker containers in detached mode
  38. 38. Some other VM-like operations $ docker stop $hadoop $ docker start $hadoop $ docker kill $hadoop $ docker rm $hadoop https://docs.docker.com/reference/commandline/cli/
  39. 39. #TrendInsight Building Docker Images
  40. 40. 43 There are two ways to build docker images
  41. 41. First: commit an existing container • Do changes manually, then commit  quick and dirty  suitable for experiment  might be deleted in the future
  42. 42. Second: Build from Dockerfile • Dockerfile is a series of instructions • Use "Docker build" command to build images • pros: – build images automatically by following instructions – visible and easy to understand instructions – enable Docker specific functions in the image – repeatability
  43. 43. A sample httpd service Dockerfile FROM base:centos62 COPY index.html /var/www/html/index.html RUN yum -y install httpd EXPOSE 80 CMD ["/usr/sbin/httpd", "-D", "FOREGROUND"]
  44. 44. Build $ mkdir apache-server $ cd apache-server $ echo "our first docker image" > index.html $ vi Dockerfile (paste the sample and save it) $ docker build -t apache:0.1 ./
  45. 45. Build context • docker build -t apache:0.1 ./ • ./ will be transferred to Docker daemon as build context • Must have a Dockerfile there – ./Dockerfile • DO NOT build at / – docker build -t apache:0.1 /
  46. 46. Run the apache image $ docker run -d --name apache apache:0.1 $ docker run -ti --rm --link apache:a01 base:centos62 /bin/bash # curl $A01_PORT_80_TCP_ADDR (you see how link and expose work together)
  47. 47. 50 Use entrypoint to bind a specific executable to the image
  48. 48. An httpd service example FROM base:centos62 COPY index.html /var/www/html/index.html RUN yum -y install httpd EXPOSE 80 ENTRYPOINT ["/usr/sbin/httpd"] CMD ["-D", "FOREGROUND"]
  49. 49. The difference $ docker run -ti --rm apache:0.1 /bin/bash # (get into the container) $ docker run -ti --rm apache:0.2 /bin/bash show httpd helper message  the only thing you can do is to pass args to httpd
  50. 50. Make sure init script always being executed FROM base:centos62 … ENTRYPOINT ["init_wrapper_script"] CMD ["default_args"] https://docs.docker.com/articles/dockerfile_best-practices/
  51. 51. SHIPPING CONTAINERS
  52. 52. Tagging an image $ docker tag -h • dockerhub.evansye.com/base:centos62 – REGISTRYHOST = dockerhub.evansye.com – NAME = base – TAG = centos62
  53. 53. #TrendInsight The official Docker hub
  54. 54. Redis $ docker run -d --name some-redis redis $ docker run -ti --rm --link some-redis:redis redis /bin/bash # redis-cli -h $REDIS_PORT_6379_TCP_ADDR -p $REDIS_PORT_6379_TCP_PORT https://registry.hub.docker.com/_/redis/
  55. 55. MySQL $ docker run -d --name some-mysql -e MYSQL_ROOT_PASSWORD=demo mysql $ docker run -it --link some-mysql:mysql --rm mysql sh -c 'exec mysql -h"$MYSQL_PORT_3306_TCP_ADDR" -P"$MYSQL_PORT_3306_TCP_PORT" -uroot -p"$MYSQL_ENV_MYSQL_ROOT_PASSWORD"' https://registry.hub.docker.com/_/mysql/
  56. 56. Jenkins $ docker run -d -p 8080:8080 Jenkins http://HOST_IP:8080 https://registry.hub.docker.com/_/jenkins/
  57. 57. Private Docker registry $ docker run -d -p 5000:5000 registry $ docker tag IMAGE HOST_IP:5000/NAME:TAG $ docker push HOST_IP:5000/NAME:TAG https://registry.hub.docker.com/_/registry/
  58. 58. #TrendInsight Summary
  59. 59. Recap docker run • we’ve learned: – port forwarding – volume mounting – linking containers together – running containers at remote
  60. 60. Recap docker build • we’ve learned: – how to write a Dockerfile – how expose and link work together – use entrypoint to bind a specific executable with image – ship images to the registry
  61. 61. #TrendInsight Q & A
  62. 62. Re-associate Vagrant with VM • VBoxManage list vms • cd .vagrant/machines/docker- platform/virtualbox/ • touch id • echo 33ca… > id

×