Mathieu Buffenoir, profile picture
Uploaded byMathieu Buffenoir
PDF, PPTX1,074 views

2015 DockerCon Using Docker in production at bity.com

The document discusses the development and deployment of Bity.com, a regulated Bitcoin broker in Switzerland, utilizing Docker and Ansible for a scalable and efficient infrastructure. It details the transition from traditional environments to a containerized setup, the challenges faced, and the lessons learned throughout the process. Future plans include exploring Docker optimization and orchestration solutions to enhance their deployment strategy.

Embed presentation

Download as PDF, PPTX
A bitcoin broker on Docker Mathieu Buffenoir @MBuffenoir Sebastien Goasguen @sebgoa 1
Mathieu Buffenoir CTO Bity.com VP of Swiss Bitcoin Association @MBuffenoir Sebastien Goasguen VP Apache CloudStack Author of O’Reilly Docker cookbook @sebgoa
Outline What is Bity ? From nothing to Docker Docker-compose in dev env Ansible for cloud providers Ansible for docker orchestration Lessons learned Future
4 What is Bity.com ? Buy, sell and store bitcoins Regulated Hosted in Switzerland Small team Fast-moving space
5
6 Our needs Follow the “Twelve factor” app recommendations. Scalable, CI/CD -> Docker Cloud (Paas) + Hosted in Switzerland -> Exoscale
Our tech stack
8 Infrastructure design
9 Zero to Prod in 8 months ?
“It works on my machine” syndrome Gain velocity Increased team collaboration Thanks to : Increased reproducibility Easy portability
Difficulty on-boarding developers Difficulty developing across team due to time to setup environment Teams working on different part of the infrastructure Challenges to gain velocity
Steps
Nothing to Docker Code on developer laptop with custom environment Zero portability (i.e /source/tree ) Use of Vagrant box Reproducibility of development environment (i.e / source/tree/Vagrantfile ) Use of Vagrant box and Docker Build image for applications and publish for collaboration (i.e /source/tree/Dockerfile +Vagrantfile) $ docker build -t sbex/bity .
 $ docker run -d -p 80:80 sbex/bity
Private repositories on Bitbucket Private repositories on Docker Hub Automated builds Web Hooks from Bitbucket to Docker hub Web Hooks from DockerHub to Jenkins Docker Hub
dev server: $ docker-compose up CI/CD for dev
16 One docker-compose file to deploy entire infra Great for developers and testing Used to test parts of applications with latest image from repo Used prior to merging in staging Docker-compose for dev env
17 One compose file to run all infra in dev
18 Impossible to run command inside containers How to deal with secrets ? At the time, no Swarm so compose was a single host dev tool Limitations of compose
19 Going to production in the cloud
20 Choosing a Cloud and “config” tool Need a Swiss sovereign cloud Need a tool to configure: security groups key pairs manage instances Not a configuration management tool to deploy apps.
Dev (server or laptop + docker-compose) on bitcoin-testnet Staging (cloudstack + ansible) on bitcoin-testnet Prod (cloudstack + ansible) on bitcoin-mainnet separate branches for code and different image tags 21 Environments
$ git merge dev staging tags $ ansible-playbook deploy.yml staging environment Deploying on staging env
23 Create Cloud Infrastructure at Will
- name: Start Backend VM local_action: module: cloudstack_vm name: backendpublic template: "{{ template }}" service_offering: "{{ instance_type }}" security_groups: [ 'backend_public' ] ssh_key: "{{ ssh_key }}" user_data: "{{ lookup('file', '../files/backend_userdata.yml') }}" register: backend_public tags: create_vm Ansible CloudStack module - name: backend SecGroup local_action: module: cloudstack_sg name: database description: Backend public tags: secgroup
25 Ansible Docker module in Ansible core Deploying/Managing containers with Ansible
26 - name: Set Docker login credentials command: docker login -u foobar -e {{hub_email}} --password={{hub_password}} - name: Docker pull sbex/angular-frontend command: docker pull sbex/angular-frontend - name: Start bity docker: image: sbex/angular-frontend detach: true restart_policy: always name: bity ports: 80:80 tags: start_container Ansible docker module
27 Ansible and logdriver - name: Start backend public docker: name: backend image: sbex/backend restart_policy: always volumes: - /app/_env:/usr/src/app/_env:ro detach: true ports: 8000:8000 log_driver: syslog log_opt: syslog-address: udp://{{hostvars['logserver'].ansible_ssh_host}}:5000 syslog-facility: local0 syslog-tag: backendpublic
28 Ansible to configure containers - name: Create directory for settings file: path=/app/_env state=directory - name: Create json settings from template template: src=env.j2 dest=/app/_env/env.json ... - name: Create tables command: docker exec -ti backend ./manage.py migrate
29 Dealing with secrets No secrets in container images Use Ansible vault to encrypt all secrets in playbooks stored in bitbucket $ ansible-vault create /path/to/file.yml $ ansible-vault encrypt /path/to/file.yml $ ansible-vault decrypt /path/to/file.yml $ ansible-vault rekey /path/to/file.yml
30 Container “Orchestration” Every application has its role Several playbooks $ ansible-playbook deploy.yml $ ansible-playbook upgrade.yml $ ansible-playbook stop.yml $ ansible-playbook start.yml
31 Early on: Logspout to ELK Now: Logdriver (ansible 2.0) syslog driver to logstash with ELK Test/deploy monitoring with docker-compose. Logging
32 ElasticSearch 1.7 (+data container) Logstash 1.5.3 (+conf for elk logs) Kibana 4 (+Dashboard for elk logs) cAdvisor (Collect & View containers performance) Ngnix Proxy 1.9.3 (for SSL + password access). One docker-compose runs
33
34 Container restart -> thanks to restart policy (docker > 1.6) Weird Ansible docker behavior at times Config as volume mounts (Too many env variables to handle) Cannot use compose in prod yet (vault, execute commands inside containers ) Lessons Learned
35 Currently using Ubuntu Investigate the use of Docker optimized OS (e.g coreOS, Atomic, RancherOS) Need Easy upgrade of Docker versions With new versions every 2 months, and possible change of recommended storage driver, we need an easy way to cleanly upgrade production systems Investigate the use of a Docker orchestrator, possible replacing Ansible docker module (e.g Swarm, Kubernetes, tutum…) Future
Thank you!MATHIEU BUFFENOIR @MBuffenoir
 mathieu@bity.com @sebgoa
 runseb@gmail.com SEBASTIEN GOASGUEN

More Related Content

PDF
The state of the swarm
byMathieu Buffenoir
 
PDF
Running Docker with OpenStack | Docker workshop #1
bydotCloud
 
PPTX
Introduction to docker
byBryan Yang
 
PDF
Docker orchestration using core os and ansible - Ansible IL 2015
byLeonid Mirsky
 
PDF
Docker 101 - from 0 to Docker in 30 minutes
byLuciano Fiandesio
 
PDF
Docker Compose to Production with Docker Swarm
byMario IC
 
PDF
Docker & FieldAware
byJakub Jarosz
 
PDF
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
byThomas Fricke
 
The state of the swarm
byMathieu Buffenoir
 
Running Docker with OpenStack | Docker workshop #1
bydotCloud
 
Introduction to docker
byBryan Yang
 
Docker orchestration using core os and ansible - Ansible IL 2015
byLeonid Mirsky
 
Docker 101 - from 0 to Docker in 30 minutes
byLuciano Fiandesio
 
Docker Compose to Production with Docker Swarm
byMario IC
 
Docker & FieldAware
byJakub Jarosz
 
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubern...
byThomas Fricke
 

What's hot

PDF
Docker up and running
byVictor S. Recio
 
PPTX
Couch to OpenStack: Cinder - August 6, 2013
byTrevor Roberts Jr.
 
PPTX
Couch to OpenStack: Glance - July, 23, 2013
byTrevor Roberts Jr.
 
PDF
Docker / Ansible
byStephane Manciot
 
PPTX
Intro- Docker Native for OSX and Windows
byThomas Chacko
 
PDF
이미지 기반의 배포 패러다임 Immutable infrastructure
byDaegwon Kim
 
PDF
CoreOSによるDockerコンテナのクラスタリング
byYuji ODA
 
PDF
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
by謝 宗穎
 
PDF
Docker 原理與實作
bykao kuo-tung
 
PPTX
Docker orchestration
byOpen Source Consulting
 
PDF
Rapid Development With Docker Compose
byJustin Crown
 
PPTX
Academy PRO: Docker. Lecture 3
byBinary Studio
 
PDF
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and Chef
bybridgetkromhout
 
PDF
Docker Overview
byRohit Jnagal
 
PDF
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
byErica Windisch
 
PPTX
Academy PRO: Docker. Part 1
byBinary Studio
 
PPTX
Docker Ecosystem: Part III - Machine
byMario IC
 
PDF
Continuous integration with Docker and Ansible
byDmytro Slupytskyi
 
PDF
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
byAtlassian
 
PDF
GDG Lima - Docker Compose
byMario IC
 
Docker up and running
byVictor S. Recio
 
Couch to OpenStack: Cinder - August 6, 2013
byTrevor Roberts Jr.
 
Couch to OpenStack: Glance - July, 23, 2013
byTrevor Roberts Jr.
 
Docker / Ansible
byStephane Manciot
 
Intro- Docker Native for OSX and Windows
byThomas Chacko
 
이미지 기반의 배포 패러다임 Immutable infrastructure
byDaegwon Kim
 
CoreOSによるDockerコンテナのクラスタリング
byYuji ODA
 
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
by謝 宗穎
 
Docker 原理與實作
bykao kuo-tung
 
Docker orchestration
byOpen Source Consulting
 
Rapid Development With Docker Compose
byJustin Crown
 
Academy PRO: Docker. Lecture 3
byBinary Studio
 
Scaling Next-Generation Internet TV on AWS With Docker, Packer, and Chef
bybridgetkromhout
 
Docker Overview
byRohit Jnagal
 
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
byErica Windisch
 
Academy PRO: Docker. Part 1
byBinary Studio
 
Docker Ecosystem: Part III - Machine
byMario IC
 
Continuous integration with Docker and Ansible
byDmytro Slupytskyi
 
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
byAtlassian
 
GDG Lima - Docker Compose
byMario IC
 

Similar to 2015 DockerCon Using Docker in production at bity.com

PDF
DockerCon EU 2015: Trading Bitcoin with Docker
byDocker, Inc.
 
PDF
Docker Internet Money Gateway
byMathieu Buffenoir
 
PDF
Docker img-no-disclosure
byMathieu Buffenoir
 
PDF
JOSA TechTalk: Taking Docker to Production
byJordan Open Source Association
 
PDF
Techtalks: taking docker to production
bymuayyad alsadi
 
PPT
Containers 101
byBlack Duck by Synopsys
 
PDF
Docker_AGH_v0.1.3
byWitold 'Ficio' Kopel
 
PDF
Real-World Docker: 10 Things We've Learned
byRightScale
 
PDF
Docker at Djangocon 2013 | Talk by Ken Cochrane
bydotCloud
 
PDF
Django and Docker
byDocker, Inc.
 
PDF
Dockercon EU 2014
byRafe Colton
 
PPTX
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...
byDocker, Inc.
 
PPTX
Docker Ecosystem on Azure
byPatrick Chanezon
 
PDF
Common primitives in Docker environments
byalexandru giurgiu
 
PDF
A Gentle Introduction to Docker and Containers
byDocker, Inc.
 
PDF
Docker 2014
byOpen Networking Perú (Opennetsoft)
 
PDF
Introduction to Docker - Learning containerization XP conference 2016
byXP Conference India
 
PDF
Docker-v3.pdf
byBruno Cornec
 
PDF
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
PPTX
Understanding the container landscape and it associated projects
byAnthony Chow
 
DockerCon EU 2015: Trading Bitcoin with Docker
byDocker, Inc.
 
Docker Internet Money Gateway
byMathieu Buffenoir
 
Docker img-no-disclosure
byMathieu Buffenoir
 
JOSA TechTalk: Taking Docker to Production
byJordan Open Source Association
 
Techtalks: taking docker to production
bymuayyad alsadi
 
Containers 101
byBlack Duck by Synopsys
 
Docker_AGH_v0.1.3
byWitold 'Ficio' Kopel
 
Real-World Docker: 10 Things We've Learned
byRightScale
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
bydotCloud
 
Django and Docker
byDocker, Inc.
 
Dockercon EU 2014
byRafe Colton
 
The Tale of a Docker-based Continuous Delivery Pipeline by Rafe Colton (ModCl...
byDocker, Inc.
 
Docker Ecosystem on Azure
byPatrick Chanezon
 
Common primitives in Docker environments
byalexandru giurgiu
 
A Gentle Introduction to Docker and Containers
byDocker, Inc.
 
Docker 2014
byOpen Networking Perú (Opennetsoft)
 
Introduction to Docker - Learning containerization XP conference 2016
byXP Conference India
 
Docker-v3.pdf
byBruno Cornec
 
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
Understanding the container landscape and it associated projects
byAnthony Chow
 

2015 DockerCon Using Docker in production at bity.com

  • 1.
    A bitcoin brokeron Docker Mathieu Buffenoir @MBuffenoir Sebastien Goasguen @sebgoa 1
  • 2.
    Mathieu Buffenoir CTO Bity.com VPof Swiss Bitcoin Association @MBuffenoir Sebastien Goasguen VP Apache CloudStack Author of O’Reilly Docker cookbook @sebgoa
  • 3.
    Outline What is Bity? From nothing to Docker Docker-compose in dev env Ansible for cloud providers Ansible for docker orchestration Lessons learned Future
  • 4.
    4 What is Bity.com? Buy, sell and store bitcoins Regulated Hosted in Switzerland Small team Fast-moving space
  • 5.
  • 6.
    6 Our needs Follow the“Twelve factor” app recommendations. Scalable, CI/CD -> Docker Cloud (Paas) + Hosted in Switzerland -> Exoscale
  • 7.
  • 8.
  • 9.
    9 Zero to Prodin 8 months ?
  • 10.
    “It works onmy machine” syndrome Gain velocity Increased team collaboration Thanks to : Increased reproducibility Easy portability
  • 11.
    Difficulty on-boarding developers Difficultydeveloping across team due to time to setup environment Teams working on different part of the infrastructure Challenges to gain velocity
  • 12.
  • 13.
    Nothing to Docker Codeon developer laptop with custom environment Zero portability (i.e /source/tree ) Use of Vagrant box Reproducibility of development environment (i.e / source/tree/Vagrantfile ) Use of Vagrant box and Docker Build image for applications and publish for collaboration (i.e /source/tree/Dockerfile +Vagrantfile) $ docker build -t sbex/bity .
 $ docker run -d -p 80:80 sbex/bity
  • 14.
    Private repositories onBitbucket Private repositories on Docker Hub Automated builds Web Hooks from Bitbucket to Docker hub Web Hooks from DockerHub to Jenkins Docker Hub
  • 15.
  • 16.
    16 One docker-compose fileto deploy entire infra Great for developers and testing Used to test parts of applications with latest image from repo Used prior to merging in staging Docker-compose for dev env
  • 17.
    17 One compose fileto run all infra in dev
  • 18.
    18 Impossible to runcommand inside containers How to deal with secrets ? At the time, no Swarm so compose was a single host dev tool Limitations of compose
  • 19.
  • 20.
    20 Choosing a Cloudand “config” tool Need a Swiss sovereign cloud Need a tool to configure: security groups key pairs manage instances Not a configuration management tool to deploy apps.
  • 21.
    Dev (server orlaptop + docker-compose) on bitcoin-testnet Staging (cloudstack + ansible) on bitcoin-testnet Prod (cloudstack + ansible) on bitcoin-mainnet separate branches for code and different image tags 21 Environments
  • 22.
    $ git mergedev staging tags $ ansible-playbook deploy.yml staging environment Deploying on staging env
  • 23.
  • 24.
    - name: StartBackend VM local_action: module: cloudstack_vm name: backendpublic template: "{{ template }}" service_offering: "{{ instance_type }}" security_groups: [ 'backend_public' ] ssh_key: "{{ ssh_key }}" user_data: "{{ lookup('file', '../files/backend_userdata.yml') }}" register: backend_public tags: create_vm Ansible CloudStack module - name: backend SecGroup local_action: module: cloudstack_sg name: database description: Backend public tags: secgroup
  • 25.
    25 Ansible Docker modulein Ansible core Deploying/Managing containers with Ansible
  • 26.
    26 - name: SetDocker login credentials command: docker login -u foobar -e {{hub_email}} --password={{hub_password}} - name: Docker pull sbex/angular-frontend command: docker pull sbex/angular-frontend - name: Start bity docker: image: sbex/angular-frontend detach: true restart_policy: always name: bity ports: 80:80 tags: start_container Ansible docker module
  • 27.
    27 Ansible and logdriver -name: Start backend public docker: name: backend image: sbex/backend restart_policy: always volumes: - /app/_env:/usr/src/app/_env:ro detach: true ports: 8000:8000 log_driver: syslog log_opt: syslog-address: udp://{{hostvars['logserver'].ansible_ssh_host}}:5000 syslog-facility: local0 syslog-tag: backendpublic
  • 28.
    28 Ansible to configurecontainers - name: Create directory for settings file: path=/app/_env state=directory - name: Create json settings from template template: src=env.j2 dest=/app/_env/env.json ... - name: Create tables command: docker exec -ti backend ./manage.py migrate
  • 29.
    29 Dealing with secrets Nosecrets in container images Use Ansible vault to encrypt all secrets in playbooks stored in bitbucket $ ansible-vault create /path/to/file.yml $ ansible-vault encrypt /path/to/file.yml $ ansible-vault decrypt /path/to/file.yml $ ansible-vault rekey /path/to/file.yml
  • 30.
    30 Container “Orchestration” Every applicationhas its role Several playbooks $ ansible-playbook deploy.yml $ ansible-playbook upgrade.yml $ ansible-playbook stop.yml $ ansible-playbook start.yml
  • 31.
    31 Early on: Logspout toELK Now: Logdriver (ansible 2.0) syslog driver to logstash with ELK Test/deploy monitoring with docker-compose. Logging
  • 32.
    32 ElasticSearch 1.7 (+datacontainer) Logstash 1.5.3 (+conf for elk logs) Kibana 4 (+Dashboard for elk logs) cAdvisor (Collect & View containers performance) Ngnix Proxy 1.9.3 (for SSL + password access). One docker-compose runs
  • 33.
  • 34.
    34 Container restart ->thanks to restart policy (docker > 1.6) Weird Ansible docker behavior at times Config as volume mounts (Too many env variables to handle) Cannot use compose in prod yet (vault, execute commands inside containers ) Lessons Learned
  • 35.
    35 Currently using Ubuntu Investigatethe use of Docker optimized OS (e.g coreOS, Atomic, RancherOS) Need Easy upgrade of Docker versions With new versions every 2 months, and possible change of recommended storage driver, we need an easy way to cleanly upgrade production systems Investigate the use of a Docker orchestrator, possible replacing Ansible docker module (e.g Swarm, Kubernetes, tutum…) Future
  • 36.