SlideShare a Scribd company logo
Docker 
Introduction / Ansible
About Me 
2 
• Have worked 
• Iteration through L1/2/3 SysOps 
• Mostly german automotive sector 
• 01/2013 -> 10/2014 R&D @Bull SAS 
• Now 
• independent R&D / Freelancing 
• DevOps Eng. at Locafox (scale online) 
• Hot topics 
• Containerization 
• Log / Performance Management 
• GO-Lang 
• HPC Cluster Software Stack / Interconnect
Docker in a (Coco-)Nutshell 
• (chroot)2 != Virtual Machine 
3
Traditional vs. Lightweight 
Layers 
4 
SERVICE SERVICE SERVICE 
InitSystem InitSystem InitSystem 
Userland (OS) Userland (OS) Userland (OS) 
KERNEL KERNEL 
HYPERVISOR 
InitSystem 
HOST KERNEL 
SERVER 
KERNEL 
Userland (OS) 
SERVICE 
SERVICE SERVICE 
Userland (OS) Userland (OS) Userland (OS) 
InitSystem 
Userland (OS) 
HOST KERNEL 
SERVER 
Traditional Virtualisation Docker Containerisation
Docker in a (Coco-)Nutshell 
• (chroot)2 != Virtual Machine 
• Builds on-top LinuX Containers (LXC) 
• Kernel namespaces (isolation) 
5
Process Namespace 
6 
$ docker run -ti --rm ubuntu:14.04 ps -ef 
UID PID PPID C STIME TTY TIME CMD 
root 1 0 0 10:24 ? 00:00:00 ps -ef 
$ 
Containers are not able to see processes 
outside of their scope.
Network Namespace 
7 
$ docker run -ti --rm ubuntu:14.04 ip -4 -o addr 
1: lo inet 127.0.0.1/8 scope host lo 
10: eth0 inet 172.17.0.4/16 scope global eth0 
$ 
Each container got it’s own network stack 
(by default, configureable).
Namespace 
• Mount (do not mess with other file systems) 
• User (users are only valid within one container) 
• IPC (Interprocess communication only within) 
• UTS (hostname / domain name is unique) 
8
Docker in a (Coco-)Nutshell 
9 
• (chroot)2 != Virtual Machine 
• Builds on-top LinuX Containers (LXC) 
• Kernel namespaces (isolation) 
• cgroups (resource mgmt) 
• intuitive build system
Dockerfile 
10 
$ cat Dockerfile 
# From which image to start from 
FROM fedora:20 
# Who is in charge 
MAINTAINER "Christian Kniep <christian@qnib.org>" 
# Execute bash command 
RUN yum install -y stress 
# if no command is given, this command will be 
# executed at runtime (within a bash). 
CMD ["stress", "-c", "4"]
Build Dockerfile 
11 
$ docker build -q -t locafox/stress . 
Step 0 : FROM fedora:20 
---> 7d3f07f8de5f 
Step 1 : RUN yum install -y stress 
---> Running in 43fcf8d8393a 
---> f1d0c1455565 
Removing intermediate container 43fcf8d8393a 
Step 2 : CMD stress -c 4 
---> Running in bd6536dfabed 
---> 24b99ee707fe 
Removing intermediate container bd6536dfabed 
Successfully built 24b99ee707fe 
$
Cached Builds 
12 
$ docker build -q -t locafox/stress . 
Step 0 : FROM fedora:20 
---> 7d3f07f8de5f 
Step 1 : RUN yum install -y stress 
---> Using cache 
---> f1d0c1455565 
Step 2 : CMD stress -c 4 
---> Using cache 
---> 24b99ee707fe 
Successfully built 24b99ee707fe 
$ 
If the build step is already executed, it will be cached.
Docker in a (Coco-)Nutshell 
• (chroot)2 != Virtual Machine 
• Builds on-top LinuX Containers (LXC) 
• Kernel namespaces (isolation) 
• cgroups (resource mgmt) 
• intuitive build system 
13
cgroups 
14 
4 CPU stress processes 
are bound to Core 0
cgroups [cont] 
15 
4 CPU stress processes 
are bound to Core 0 & 3
Docker in a (Coco-)Nutshell 
• (chroot)2 != Virtual Machine 
• Builds on-top LinuX Containers (LXC) 
• Kernel namespaces (isolation) 
• cgroups (resource mgmt) 
• intuitive build system 
• repositories public/private/certified 
• RedHat, Microsoft, Community backed 
16
Docker details 
• (chroot)2 != Virtual Machine 
17
Docker != VM (srsly!) 
http://en.wikipedia.org/wiki/Systemd 
Virtual Machine 
• Kicks off a complete Machine, hence the name! 
• EveryoneTM disables security 
• Hard to strip down 
18 
Docker 
• Only spawns one process (in theory, at least) 
• Easy to understand (theory, old friend)
Single Purpose 
19
Single Process 
• Make SELinux useable? 
• one process 
• limited interactions 
• just simpler 
20 
https://www.youtube.com/watch?v=zWGFqMuEHdw
Docker details 
• (chroot)2 != Virtual Machine 
• Images and CoW 
21
Images and CoW 
• An image is an immutable layer 
• A container is the RW layer, 
which is executed on-top 
22 
qnib/slave 
qnib/terminal 
qnib/supervisor 
qnib/fd20 
Fedora 
qnib/of_build 
qnib/IB_build 
qnib/slurm_build 
qnib/build 
qnib/master 
qnib/gapi 
qnib/carbon 
qnib/elk 
copy-on-write 
/slurm 
FROM points to the 
parent-image and this 
relationship sticks. If the 
parent is changed, the 
child has to be rebuild.
Docker details 
• (chroot)2 != Virtual Machine 
• Images and CoW 
• Ports 
• docker exec (since 1.3) 
23
Network Port 
24 
The internal port 80 is 
exposed to the docker-host’s 
port 8080
Docker details 
• (chroot)2 != Virtual Machine 
• Images and CoW 
• Ports 
• docker exec (since 1.3) 
25
docker exec 
26 
Inject a new process 
into an already running 
container.
Ansible + Docker 
• Purpose of Config-Mgmt 
• Provisioning 
• Orchestration 
• Validation 
• Ansible 
• docker module 
• docker inventory 
• docker facts 
27
Config Mgmt 
• Provisioning 
• Bootstrap DOCKER_HOST 
• Dockerfile vs. playbooks? 
• Orchestration 
• Multiple other project in the woods 
(Docker Swarm, Kubernetes, Apache Mesos[?], …) 
• Validation 
• Is the configuration within still valid? 
28
Ansible + Docker 
• Purpose of Config-Mgmt 
• Provisioning 
• Orchestration 
• Validation 
• Ansible 
• docker module 
• docker inventory 
• docker facts 
29
Ansible 
• docker module 
• Start/Stop Container 
• docker inventory 
• provide dynamic inventory by fetching info about 
running containers 
• docker facts 
• Use information about containers within Ansible 
30
Thoughts 
• Containers mostly do not provide an SSH daemon 
• Connecting via 
• Docker is a nice way to check out playbook 
• Otherwise playbooks shouldn’t be used inside of Dockerfiles [IMHO] 
• Use Ansible to check configuration within container? 
• Setup SELinux rules using Ansible 
• Vagrant vs. Docker 
31 
docker exec <container> bash

More Related Content

What's hot

KubeVirt 101
KubeVirt 101KubeVirt 101
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Weaveworks
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture   openstack summit va...Deep dive into highly available open stack architecture   openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...
Arthur Berezin
 
Linux女子部 firewalld徹底入門!
Linux女子部 firewalld徹底入門!Linux女子部 firewalld徹底入門!
Linux女子部 firewalld徹底入門!
Etsuji Nakai
 
Container Networking Deep Dive
Container Networking Deep DiveContainer Networking Deep Dive
Container Networking Deep Dive
Hirofumi Ichihara
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
Weaveworks
 
Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版
VirtualTech Japan Inc.
 
最近のJuju/MAAS について
最近のJuju/MAAS について最近のJuju/MAAS について
最近のJuju/MAAS について
VirtualTech Japan Inc.
 
SRv6 Mobile User Plane P4 proto-type
SRv6 Mobile User Plane P4 proto-typeSRv6 Mobile User Plane P4 proto-type
SRv6 Mobile User Plane P4 proto-type
Kentaro Ebisawa
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
Thomas Graf
 
[네전따] 네트워크 엔지니어에게 쿠버네티스는 어떤 의미일까요
[네전따] 네트워크 엔지니어에게 쿠버네티스는 어떤 의미일까요[네전따] 네트워크 엔지니어에게 쿠버네티스는 어떤 의미일까요
[네전따] 네트워크 엔지니어에게 쿠버네티스는 어떤 의미일까요
Jo Hoon
 
VPP事始め
VPP事始めVPP事始め
VPP事始め
npsg
 
Introduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a ServiceIntroduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a Service
Tesora
 
Prometheus monitoring from outside of Kubernetes
 〜どうして我々はKubernetes上のPromet...
Prometheus monitoring from outside of Kubernetes
 〜どうして我々はKubernetes上のPromet...Prometheus monitoring from outside of Kubernetes
 〜どうして我々はKubernetes上のPromet...
Prometheus monitoring from outside of Kubernetes
 〜どうして我々はKubernetes上のPromet...
whywaita
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
PLUMgrid
 
Telecom Infra Projectの取り組み -光伝送におけるハードとソフトの分離-
Telecom Infra Projectの取り組み -光伝送におけるハードとソフトの分離-Telecom Infra Projectの取り組み -光伝送におけるハードとソフトの分離-
Telecom Infra Projectの取り組み -光伝送におけるハードとソフトの分離-
HidekiNishizawa
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016]
IO Visor Project
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
HungWei Chiu
 
plotnetcfg入門 | Introduction to plotnetcfg
plotnetcfg入門 | Introduction to plotnetcfgplotnetcfg入門 | Introduction to plotnetcfg
plotnetcfg入門 | Introduction to plotnetcfg
Kentaro Ebisawa
 

What's hot (20)

KubeVirt 101
KubeVirt 101KubeVirt 101
KubeVirt 101
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture   openstack summit va...Deep dive into highly available open stack architecture   openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...
 
Linux女子部 firewalld徹底入門!
Linux女子部 firewalld徹底入門!Linux女子部 firewalld徹底入門!
Linux女子部 firewalld徹底入門!
 
Container Networking Deep Dive
Container Networking Deep DiveContainer Networking Deep Dive
Container Networking Deep Dive
 
Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)Introduction to the Container Network Interface (CNI)
Introduction to the Container Network Interface (CNI)
 
Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版Kubernetes雑にまとめてみた 2020年8月版
Kubernetes雑にまとめてみた 2020年8月版
 
最近のJuju/MAAS について
最近のJuju/MAAS について最近のJuju/MAAS について
最近のJuju/MAAS について
 
SRv6 Mobile User Plane P4 proto-type
SRv6 Mobile User Plane P4 proto-typeSRv6 Mobile User Plane P4 proto-type
SRv6 Mobile User Plane P4 proto-type
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
 
[네전따] 네트워크 엔지니어에게 쿠버네티스는 어떤 의미일까요
[네전따] 네트워크 엔지니어에게 쿠버네티스는 어떤 의미일까요[네전따] 네트워크 엔지니어에게 쿠버네티스는 어떤 의미일까요
[네전따] 네트워크 엔지니어에게 쿠버네티스는 어떤 의미일까요
 
VPP事始め
VPP事始めVPP事始め
VPP事始め
 
Introduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a ServiceIntroduction to OpenStack Trove & Database as a Service
Introduction to OpenStack Trove & Database as a Service
 
Prometheus monitoring from outside of Kubernetes
 〜どうして我々はKubernetes上のPromet...
Prometheus monitoring from outside of Kubernetes
 〜どうして我々はKubernetes上のPromet...Prometheus monitoring from outside of Kubernetes
 〜どうして我々はKubernetes上のPromet...
Prometheus monitoring from outside of Kubernetes
 〜どうして我々はKubernetes上のPromet...
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Telecom Infra Projectの取り組み -光伝送におけるハードとソフトの分離-
Telecom Infra Projectの取り組み -光伝送におけるハードとソフトの分離-Telecom Infra Projectの取り組み -光伝送におけるハードとソフトの分離-
Telecom Infra Projectの取り組み -光伝送におけるハードとソフトの分離-
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016]
 
Open vSwitch Introduction
Open vSwitch IntroductionOpen vSwitch Introduction
Open vSwitch Introduction
 
plotnetcfg入門 | Introduction to plotnetcfg
plotnetcfg入門 | Introduction to plotnetcfgplotnetcfg入門 | Introduction to plotnetcfg
plotnetcfg入門 | Introduction to plotnetcfg
 

Viewers also liked

DevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and dockerDevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and docker
Mark Stillwell
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual Appliances
Jeremy Brown
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi
QNIB Solutions
 
Vagrant and Docker
Vagrant and DockerVagrant and Docker
Vagrant and Docker
Nascenia IT
 
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIB Solutions
 
Vagrant and docker
Vagrant and dockerVagrant and docker
Vagrant and docker
DuckDuckGo
 
Vagrant + Ansible + Docker
Vagrant + Ansible + DockerVagrant + Ansible + Docker
Vagrant + Ansible + Docker
Vijay Selvaraj
 
DevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleDevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & Ansible
Arnaud LEMAIRE
 
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Samuel Lampa
 
An Introduction to Vagrant and Docker
An Introduction to Vagrant and DockerAn Introduction to Vagrant and Docker
An Introduction to Vagrant and Docker
Scott Lowe
 
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community MeetingFlash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Mark Guzdial
 
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community MeetingTalk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Mark Guzdial
 
MIT to the NYSE: Journey from University Tech to M&A
MIT to the NYSE: Journey from University Tech to M&AMIT to the NYSE: Journey from University Tech to M&A
MIT to the NYSE: Journey from University Tech to M&A
Venture Development Center, UMass Boston
 
Sinister sculptor part 2
Sinister sculptor part 2Sinister sculptor part 2
Sinister sculptor part 2
Dana Archer
 
A new beginning pt.2
A new beginning pt.2A new beginning pt.2
A new beginning pt.2
Dana Archer
 
United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์
Nitchanan Riensombat
 
Ervan jonathan
Ervan jonathanErvan jonathan
Ervan jonathan
Ervan123
 
Tik 6
Tik 6Tik 6

Viewers also liked (20)

DevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and dockerDevOps introduction with ansible, vagrant, and docker
DevOps introduction with ansible, vagrant, and docker
 
Hacking Virtual Appliances
Hacking Virtual AppliancesHacking Virtual Appliances
Hacking Virtual Appliances
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi
 
Vagrant and Docker
Vagrant and DockerVagrant and Docker
Vagrant and Docker
 
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...QNIBTerminal: Understand your datacenter by overlaying multiple information l...
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
 
Vagrant and docker
Vagrant and dockerVagrant and docker
Vagrant and docker
 
Vagrant + Ansible + Docker
Vagrant + Ansible + DockerVagrant + Ansible + Docker
Vagrant + Ansible + Docker
 
DevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & AnsibleDevOps, A brief introduction to Vagrant & Ansible
DevOps, A brief introduction to Vagrant & Ansible
 
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...Vagrant, Ansible and Docker - How they fit together for productive flexible d...
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
 
An Introduction to Vagrant and Docker
An Introduction to Vagrant and DockerAn Introduction to Vagrant and Docker
An Introduction to Vagrant and Docker
 
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community MeetingFlash Talk for the ECEP Alliance from the NSF BPC Community Meeting
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
 
Mga krusada
Mga krusadaMga krusada
Mga krusada
 
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community MeetingTalk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
 
M47 30
M47 30M47 30
M47 30
 
MIT to the NYSE: Journey from University Tech to M&A
MIT to the NYSE: Journey from University Tech to M&AMIT to the NYSE: Journey from University Tech to M&A
MIT to the NYSE: Journey from University Tech to M&A
 
Sinister sculptor part 2
Sinister sculptor part 2Sinister sculptor part 2
Sinister sculptor part 2
 
A new beginning pt.2
A new beginning pt.2A new beginning pt.2
A new beginning pt.2
 
United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์United Nations and what it has to do with ไทยแลนด์
United Nations and what it has to do with ไทยแลนด์
 
Ervan jonathan
Ervan jonathanErvan jonathan
Ervan jonathan
 
Tik 6
Tik 6Tik 6
Tik 6
 

Similar to Ansible docker

Docker.ppt
Docker.pptDocker.ppt
Docker.ppt
Ajit Mali
 
presentation on Docker
presentation on Dockerpresentation on Docker
presentation on Docker
Virendra Ruhela
 
Using Docker with OpenStack - Hands On!
 Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
Adrian Otto
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
Dongwon Kim
 
Docker - From Walking To Running
Docker - From Walking To RunningDocker - From Walking To Running
Docker - From Walking To Running
Giacomo Vacca
 
Docker Presentation
Docker PresentationDocker Presentation
Docker Presentation
Adhoura Academy
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
Sreenivas Makam
 
About docker in GDG Seoul
About docker in GDG SeoulAbout docker in GDG Seoul
About docker in GDG Seoul
Jude Kim
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
Akihiro Suda
 
[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo
Nuxeo
 
Tech talk on docker with demo
Tech talk on docker with demoTech talk on docker with demo
Tech talk on docker with demo
Sandeep Karnawat
 
Docker.ppt
Docker.pptDocker.ppt
Docker
DockerDocker
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCS
Frank Munz
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
TheFamily
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
Jérôme Petazzoni
 
Docker meetup-jan-2015
Docker meetup-jan-2015Docker meetup-jan-2015
Docker meetup-jan-2015
JITENDRA KUMAR PATEL
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
Daniel Palstra
 
Django and Docker
Django and DockerDjango and Docker
Django and Docker
Docker, Inc.
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
dotCloud
 

Similar to Ansible docker (20)

Docker.ppt
Docker.pptDocker.ppt
Docker.ppt
 
presentation on Docker
presentation on Dockerpresentation on Docker
presentation on Docker
 
Using Docker with OpenStack - Hands On!
 Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
Docker - From Walking To Running
Docker - From Walking To RunningDocker - From Walking To Running
Docker - From Walking To Running
 
Docker Presentation
Docker PresentationDocker Presentation
Docker Presentation
 
Docker 1.11 Presentation
Docker 1.11 PresentationDocker 1.11 Presentation
Docker 1.11 Presentation
 
About docker in GDG Seoul
About docker in GDG SeoulAbout docker in GDG Seoul
About docker in GDG Seoul
 
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
[Paris Container Day 2021] nerdctl: yet another Docker & Docker Compose imple...
 
[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo[NYC Meetup] Docker at Nuxeo
[NYC Meetup] Docker at Nuxeo
 
Tech talk on docker with demo
Tech talk on docker with demoTech talk on docker with demo
Tech talk on docker with demo
 
Docker.ppt
Docker.pptDocker.ppt
Docker.ppt
 
Docker
DockerDocker
Docker
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCS
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Docker meetup-jan-2015
Docker meetup-jan-2015Docker meetup-jan-2015
Docker meetup-jan-2015
 
Cohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel PalstraCohesion Techsessie Docker - Daniel Palstra
Cohesion Techsessie Docker - Daniel Palstra
 
Django and Docker
Django and DockerDjango and Docker
Django and Docker
 
Docker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken CochraneDocker at Djangocon 2013 | Talk by Ken Cochrane
Docker at Djangocon 2013 | Talk by Ken Cochrane
 

Recently uploaded

RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 

Recently uploaded (20)

RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 

Ansible docker

  • 2. About Me 2 • Have worked • Iteration through L1/2/3 SysOps • Mostly german automotive sector • 01/2013 -> 10/2014 R&D @Bull SAS • Now • independent R&D / Freelancing • DevOps Eng. at Locafox (scale online) • Hot topics • Containerization • Log / Performance Management • GO-Lang • HPC Cluster Software Stack / Interconnect
  • 3. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine 3
  • 4. Traditional vs. Lightweight Layers 4 SERVICE SERVICE SERVICE InitSystem InitSystem InitSystem Userland (OS) Userland (OS) Userland (OS) KERNEL KERNEL HYPERVISOR InitSystem HOST KERNEL SERVER KERNEL Userland (OS) SERVICE SERVICE SERVICE Userland (OS) Userland (OS) Userland (OS) InitSystem Userland (OS) HOST KERNEL SERVER Traditional Virtualisation Docker Containerisation
  • 5. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) 5
  • 6. Process Namespace 6 $ docker run -ti --rm ubuntu:14.04 ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 10:24 ? 00:00:00 ps -ef $ Containers are not able to see processes outside of their scope.
  • 7. Network Namespace 7 $ docker run -ti --rm ubuntu:14.04 ip -4 -o addr 1: lo inet 127.0.0.1/8 scope host lo 10: eth0 inet 172.17.0.4/16 scope global eth0 $ Each container got it’s own network stack (by default, configureable).
  • 8. Namespace • Mount (do not mess with other file systems) • User (users are only valid within one container) • IPC (Interprocess communication only within) • UTS (hostname / domain name is unique) 8
  • 9. Docker in a (Coco-)Nutshell 9 • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system
  • 10. Dockerfile 10 $ cat Dockerfile # From which image to start from FROM fedora:20 # Who is in charge MAINTAINER "Christian Kniep <christian@qnib.org>" # Execute bash command RUN yum install -y stress # if no command is given, this command will be # executed at runtime (within a bash). CMD ["stress", "-c", "4"]
  • 11. Build Dockerfile 11 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Running in 43fcf8d8393a ---> f1d0c1455565 Removing intermediate container 43fcf8d8393a Step 2 : CMD stress -c 4 ---> Running in bd6536dfabed ---> 24b99ee707fe Removing intermediate container bd6536dfabed Successfully built 24b99ee707fe $
  • 12. Cached Builds 12 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Using cache ---> f1d0c1455565 Step 2 : CMD stress -c 4 ---> Using cache ---> 24b99ee707fe Successfully built 24b99ee707fe $ If the build step is already executed, it will be cached.
  • 13. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system 13
  • 14. cgroups 14 4 CPU stress processes are bound to Core 0
  • 15. cgroups [cont] 15 4 CPU stress processes are bound to Core 0 & 3
  • 16. Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system • repositories public/private/certified • RedHat, Microsoft, Community backed 16
  • 17. Docker details • (chroot)2 != Virtual Machine 17
  • 18. Docker != VM (srsly!) http://en.wikipedia.org/wiki/Systemd Virtual Machine • Kicks off a complete Machine, hence the name! • EveryoneTM disables security • Hard to strip down 18 Docker • Only spawns one process (in theory, at least) • Easy to understand (theory, old friend)
  • 20. Single Process • Make SELinux useable? • one process • limited interactions • just simpler 20 https://www.youtube.com/watch?v=zWGFqMuEHdw
  • 21. Docker details • (chroot)2 != Virtual Machine • Images and CoW 21
  • 22. Images and CoW • An image is an immutable layer • A container is the RW layer, which is executed on-top 22 qnib/slave qnib/terminal qnib/supervisor qnib/fd20 Fedora qnib/of_build qnib/IB_build qnib/slurm_build qnib/build qnib/master qnib/gapi qnib/carbon qnib/elk copy-on-write /slurm FROM points to the parent-image and this relationship sticks. If the parent is changed, the child has to be rebuild.
  • 23. Docker details • (chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 23
  • 24. Network Port 24 The internal port 80 is exposed to the docker-host’s port 8080
  • 25. Docker details • (chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 25
  • 26. docker exec 26 Inject a new process into an already running container.
  • 27. Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 27
  • 28. Config Mgmt • Provisioning • Bootstrap DOCKER_HOST • Dockerfile vs. playbooks? • Orchestration • Multiple other project in the woods (Docker Swarm, Kubernetes, Apache Mesos[?], …) • Validation • Is the configuration within still valid? 28
  • 29. Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 29
  • 30. Ansible • docker module • Start/Stop Container • docker inventory • provide dynamic inventory by fetching info about running containers • docker facts • Use information about containers within Ansible 30
  • 31. Thoughts • Containers mostly do not provide an SSH daemon • Connecting via • Docker is a nice way to check out playbook • Otherwise playbooks shouldn’t be used inside of Dockerfiles [IMHO] • Use Ansible to check configuration within container? • Setup SELinux rules using Ansible • Vagrant vs. Docker 31 docker exec <container> bash