QNIB Solutions, profile picture
Uploaded byQNIB Solutions
PDF, PPTX4,592 views

Ansible docker

The document provides an overview of Docker, highlighting its differences from traditional virtual machines by emphasizing its use of Linux containers, kernel namespaces for isolation, and cgroups for resource management. It discusses the intuitive build system with Dockerfiles, caching of build steps, and the concept of images and layers in Docker. Additionally, it touches on the integration of Docker with Ansible for configuration management, orchestration, and validation in a containerized environment.

Technology
In this document
Powered by AI

Overview of Docker and Ansible with emphasis on experience in SysOps, containerization, and R&D roles in the automotive sector.

Highlights of Docker's architecture, differences with VMs, importance of namespaces, isolation, and resource management via cgroups.

Demonstration of how to create a Dockerfile, the build process, and the use of cached builds to optimize Docker image creation.

Illustration of using cgroups to bind processes to specific CPU cores for resource allocation in containers.

Insight into Docker images, copy-on-write strategy, and relationships between parent and child images.

Explanation of network port mapping within Docker containers and the ability to inject processes into running containers.

Overview of how Ansible can manage Docker containers for provisioning, orchestration, and configuration validation.

Final thoughts on container management, SSH limitations, and comparisons of Docker with other tools like Vagrant.

Embed presentation

Download as PDF, PPTX
Docker Introduction / Ansible
About Me 2 • Have worked • Iteration through L1/2/3 SysOps • Mostly german automotive sector • 01/2013 -> 10/2014 R&D @Bull SAS • Now • independent R&D / Freelancing • DevOps Eng. at Locafox (scale online) • Hot topics • Containerization • Log / Performance Management • GO-Lang • HPC Cluster Software Stack / Interconnect
Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine 3
Traditional vs. Lightweight Layers 4 SERVICE SERVICE SERVICE InitSystem InitSystem InitSystem Userland (OS) Userland (OS) Userland (OS) KERNEL KERNEL HYPERVISOR InitSystem HOST KERNEL SERVER KERNEL Userland (OS) SERVICE SERVICE SERVICE Userland (OS) Userland (OS) Userland (OS) InitSystem Userland (OS) HOST KERNEL SERVER Traditional Virtualisation Docker Containerisation
Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) 5
Process Namespace 6 $ docker run -ti --rm ubuntu:14.04 ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 10:24 ? 00:00:00 ps -ef $ Containers are not able to see processes outside of their scope.
Network Namespace 7 $ docker run -ti --rm ubuntu:14.04 ip -4 -o addr 1: lo inet 127.0.0.1/8 scope host lo 10: eth0 inet 172.17.0.4/16 scope global eth0 $ Each container got it’s own network stack (by default, configureable).
Namespace • Mount (do not mess with other file systems) • User (users are only valid within one container) • IPC (Interprocess communication only within) • UTS (hostname / domain name is unique) 8
Docker in a (Coco-)Nutshell 9 • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system
Dockerfile 10 $ cat Dockerfile # From which image to start from FROM fedora:20 # Who is in charge MAINTAINER "Christian Kniep <christian@qnib.org>" # Execute bash command RUN yum install -y stress # if no command is given, this command will be # executed at runtime (within a bash). CMD ["stress", "-c", "4"]
Build Dockerfile 11 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Running in 43fcf8d8393a ---> f1d0c1455565 Removing intermediate container 43fcf8d8393a Step 2 : CMD stress -c 4 ---> Running in bd6536dfabed ---> 24b99ee707fe Removing intermediate container bd6536dfabed Successfully built 24b99ee707fe $
Cached Builds 12 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Using cache ---> f1d0c1455565 Step 2 : CMD stress -c 4 ---> Using cache ---> 24b99ee707fe Successfully built 24b99ee707fe $ If the build step is already executed, it will be cached.
Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system 13
cgroups 14 4 CPU stress processes are bound to Core 0
cgroups [cont] 15 4 CPU stress processes are bound to Core 0 & 3
Docker in a (Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system • repositories public/private/certified • RedHat, Microsoft, Community backed 16
Docker details • (chroot)2 != Virtual Machine 17
Docker != VM (srsly!) http://en.wikipedia.org/wiki/Systemd Virtual Machine • Kicks off a complete Machine, hence the name! • EveryoneTM disables security • Hard to strip down 18 Docker • Only spawns one process (in theory, at least) • Easy to understand (theory, old friend)
Single Purpose 19
Single Process • Make SELinux useable? • one process • limited interactions • just simpler 20 https://www.youtube.com/watch?v=zWGFqMuEHdw
Docker details • (chroot)2 != Virtual Machine • Images and CoW 21
Images and CoW • An image is an immutable layer • A container is the RW layer, which is executed on-top 22 qnib/slave qnib/terminal qnib/supervisor qnib/fd20 Fedora qnib/of_build qnib/IB_build qnib/slurm_build qnib/build qnib/master qnib/gapi qnib/carbon qnib/elk copy-on-write /slurm FROM points to the parent-image and this relationship sticks. If the parent is changed, the child has to be rebuild.
Docker details • (chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 23
Network Port 24 The internal port 80 is exposed to the docker-host’s port 8080
Docker details • (chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 25
docker exec 26 Inject a new process into an already running container.
Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 27
Config Mgmt • Provisioning • Bootstrap DOCKER_HOST • Dockerfile vs. playbooks? • Orchestration • Multiple other project in the woods (Docker Swarm, Kubernetes, Apache Mesos[?], …) • Validation • Is the configuration within still valid? 28
Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 29
Ansible • docker module • Start/Stop Container • docker inventory • provide dynamic inventory by fetching info about running containers • docker facts • Use information about containers within Ansible 30
Thoughts • Containers mostly do not provide an SSH daemon • Connecting via • Docker is a nice way to check out playbook • Otherwise playbooks shouldn’t be used inside of Dockerfiles [IMHO] • Use Ansible to check configuration within container? • Setup SELinux rules using Ansible • Vagrant vs. Docker 31 docker exec <container> bash

More Related Content

PDF
Continuous integration with Docker and Ansible
byDmytro Slupytskyi
 
PDF
Containers: The What, Why, and How
bySneha Inguva
 
PDF
The state of the swarm
byMathieu Buffenoir
 
PPTX
Intro- Docker Native for OSX and Windows
byThomas Chacko
 
ODP
Why Docker? Dayton PHP, April 2017
byChris Tankersley
 
PDF
Developer workflow with docker
byLalatendu Mohanty
 
PDF
Wordcamp Bratislava 2017 - Docker! Why?
byAdam Štipák
 
PPTX
HP Advanced Technology Group: Docker and Ansible
byPatrick Galbraith
 
Continuous integration with Docker and Ansible
byDmytro Slupytskyi
 
Containers: The What, Why, and How
bySneha Inguva
 
The state of the swarm
byMathieu Buffenoir
 
Intro- Docker Native for OSX and Windows
byThomas Chacko
 
Why Docker? Dayton PHP, April 2017
byChris Tankersley
 
Developer workflow with docker
byLalatendu Mohanty
 
Wordcamp Bratislava 2017 - Docker! Why?
byAdam Štipák
 
HP Advanced Technology Group: Docker and Ansible
byPatrick Galbraith
 

What's hot

PDF
Docker From Scratch
byGiacomo Vacca
 
PDF
Docker Introduction
byMANAOUIL Karim
 
PDF
Docker and Kubernetes 101 workshop
bySathish VJ
 
PDF
An Introduction to Kubernetes
byImesh Gunaratne
 
PDF
Docker Introduction
bySparkbit
 
PDF
Docker Overview
byRohit Jnagal
 
PDF
Containerd Internals: Building a Core Container Runtime
byPhil Estes
 
PDF
Docker - introduction
byMichał Kurzeja
 
PDF
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
bydotCloud
 
PDF
Docker
byPatrick Oberdorf
 
PDF
runC: The little engine that could (run Docker containers) by Docker Captain ...
byDocker, Inc.
 
PDF
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
byAtlassian
 
PDF
Docker 101 - Intro to Docker
byAdrian Otto
 
PDF
Docker Started
byVictor S. Recio
 
PDF
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
bydotCloud
 
PDF
Docker 101 @KACST Saudi HPC 2016
byWalid Shaari
 
PPTX
Architecting .NET Applications for Docker and Container Based Deployments
byBen Hall
 
PDF
Intro To Docker
byJessica Lucci
 
PDF
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
bydotCloud
 
PDF
Breaking the RpiDocker challenge
byNicolas De Loof
 
Docker From Scratch
byGiacomo Vacca
 
Docker Introduction
byMANAOUIL Karim
 
Docker and Kubernetes 101 workshop
bySathish VJ
 
An Introduction to Kubernetes
byImesh Gunaratne
 
Docker Introduction
bySparkbit
 
Docker Overview
byRohit Jnagal
 
Containerd Internals: Building a Core Container Runtime
byPhil Estes
 
Docker - introduction
byMichał Kurzeja
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
bydotCloud
 
Docker
byPatrick Oberdorf
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
byDocker, Inc.
 
AtlasCamp 2015: The age of orchestration: From Docker basics to cluster manag...
byAtlassian
 
Docker 101 - Intro to Docker
byAdrian Otto
 
Docker Started
byVictor S. Recio
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
bydotCloud
 
Docker 101 @KACST Saudi HPC 2016
byWalid Shaari
 
Architecting .NET Applications for Docker and Container Based Deployments
byBen Hall
 
Intro To Docker
byJessica Lucci
 
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
bydotCloud
 
Breaking the RpiDocker challenge
byNicolas De Loof
 

Viewers also liked

PDF
An Introduction to Vagrant and Docker
byScott Lowe
 
PDF
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
byQNIB Solutions
 
PPTX
Vagrant and Docker
byNascenia IT
 
PPTX
Hacking Virtual Appliances
byJeremy Brown
 
PDF
2014 11-05 hpcac-kniep_christian_dockermpi
byQNIB Solutions
 
PPTX
Mga krusada
byJaspherDelaPena
 
PPTX
Sinister sculptor part 2
byDana Archer
 
PDF
Vagrant and docker
byDuckDuckGo
 
PPTX
DevOps, A brief introduction to Vagrant & Ansible
byArnaud LEMAIRE
 
PDF
Vagrant + Ansible + Docker
byVijay Selvaraj
 
PDF
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
bySamuel Lampa
 
PDF
DevOps introduction with ansible, vagrant, and docker
byMark Stillwell
 
PPTX
Ervan jonathan
byErvan123
 
PPTX
Tik 6
bykelvingozali9h
 
PPTX
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
byMark Guzdial
 
PPTX
MIT to the NYSE: Journey from University Tech to M&A
byVenture Development Center, UMass Boston
 
PPTX
A new beginning pt.2
byDana Archer
 
PPTX
M47 30
byNarumon Boonjareun
 
PDF
United Nations and what it has to do with ไทยแลนด์
byNitchanan Riensombat
 
PPTX
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
byMark Guzdial
 
An Introduction to Vagrant and Docker
byScott Lowe
 
QNIBTerminal: Understand your datacenter by overlaying multiple information l...
byQNIB Solutions
 
Vagrant and Docker
byNascenia IT
 
Hacking Virtual Appliances
byJeremy Brown
 
2014 11-05 hpcac-kniep_christian_dockermpi
byQNIB Solutions
 
Mga krusada
byJaspherDelaPena
 
Sinister sculptor part 2
byDana Archer
 
Vagrant and docker
byDuckDuckGo
 
DevOps, A brief introduction to Vagrant & Ansible
byArnaud LEMAIRE
 
Vagrant + Ansible + Docker
byVijay Selvaraj
 
Vagrant, Ansible and Docker - How they fit together for productive flexible d...
bySamuel Lampa
 
DevOps introduction with ansible, vagrant, and docker
byMark Stillwell
 
Ervan jonathan
byErvan123
 
Tik 6
bykelvingozali9h
 
Talk on Ebooks at the NSF BPC/CE21/STEM-C Community Meeting
byMark Guzdial
 
MIT to the NYSE: Journey from University Tech to M&A
byVenture Development Center, UMass Boston
 
A new beginning pt.2
byDana Archer
 
M47 30
byNarumon Boonjareun
 
United Nations and what it has to do with ไทยแลนด์
byNitchanan Riensombat
 
Flash Talk for the ECEP Alliance from the NSF BPC Community Meeting
byMark Guzdial
 

Similar to Ansible docker

PPTX
Powercoders · Docker · Fall 2021.pptx
byIgnacioTamayo2
 
PPTX
Docker and the Container Ecosystem
bypsconnolly
 
ODP
Linux containers & Devops
byMaciej Lasyk
 
PDF
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
byDocker, Inc.
 
PDF
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
bydotCloud
 
PDF
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
PDF
Introduction of Docker and Docker Compose
byDr. Ketan Parmar
 
PDF
Docker from scratch
byMichał Wójtowicz
 
PDF
Using Docker with OpenStack - Hands On!
byAdrian Otto
 
PDF
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
byElasTest Project
 
PPTX
Docker workshop
byEvans Ye
 
PDF
Docker Introduction + what is new in 0.9
byJérôme Petazzoni
 
PDF
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
byJérôme Petazzoni
 
PPTX
Dockerizing a Symfony2 application
byRoman Rodomansky
 
PDF
Introduction to Docker and Containers
byDocker, Inc.
 
PDF
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
byJérôme Petazzoni
 
PDF
Victor Vieux at Docker Paris Meetup #1
byDocker, Inc.
 
PDF
Docker presentation | Paris Docker Meetup
bydotCloud
 
PDF
Docker module 1
byLiang Bo
 
PDF
Talk on PHP Day Uruguay about Docker
byWellington Silva
 
Powercoders · Docker · Fall 2021.pptx
byIgnacioTamayo2
 
Docker and the Container Ecosystem
bypsconnolly
 
Linux containers & Devops
byMaciej Lasyk
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
byDocker, Inc.
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
bydotCloud
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
Introduction of Docker and Docker Compose
byDr. Ketan Parmar
 
Docker from scratch
byMichał Wójtowicz
 
Using Docker with OpenStack - Hands On!
byAdrian Otto
 
ExpoQA 2017 Using docker to build and test in your laptop and Jenkins
byElasTest Project
 
Docker workshop
byEvans Ye
 
Docker Introduction + what is new in 0.9
byJérôme Petazzoni
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
byJérôme Petazzoni
 
Dockerizing a Symfony2 application
byRoman Rodomansky
 
Introduction to Docker and Containers
byDocker, Inc.
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
byJérôme Petazzoni
 
Victor Vieux at Docker Paris Meetup #1
byDocker, Inc.
 
Docker presentation | Paris Docker Meetup
bydotCloud
 
Docker module 1
byLiang Bo
 
Talk on PHP Day Uruguay about Docker
byWellington Silva
 

Recently uploaded

PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
December Patch Tuesday
byIvanti
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
The year in review - MarvelClient in 2025
bypanagenda
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
December Patch Tuesday
byIvanti
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
AI Technology important knowledge ......
byutkarshj2007
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 

Ansible docker

  • 1.
  • 2.
    About Me 2 • Have worked • Iteration through L1/2/3 SysOps • Mostly german automotive sector • 01/2013 -> 10/2014 R&D @Bull SAS • Now • independent R&D / Freelancing • DevOps Eng. at Locafox (scale online) • Hot topics • Containerization • Log / Performance Management • GO-Lang • HPC Cluster Software Stack / Interconnect
  • 3.
    Docker in a(Coco-)Nutshell • (chroot)2 != Virtual Machine 3
  • 4.
    Traditional vs. Lightweight Layers 4 SERVICE SERVICE SERVICE InitSystem InitSystem InitSystem Userland (OS) Userland (OS) Userland (OS) KERNEL KERNEL HYPERVISOR InitSystem HOST KERNEL SERVER KERNEL Userland (OS) SERVICE SERVICE SERVICE Userland (OS) Userland (OS) Userland (OS) InitSystem Userland (OS) HOST KERNEL SERVER Traditional Virtualisation Docker Containerisation
  • 5.
    Docker in a(Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) 5
  • 6.
    Process Namespace 6 $ docker run -ti --rm ubuntu:14.04 ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 10:24 ? 00:00:00 ps -ef $ Containers are not able to see processes outside of their scope.
  • 7.
    Network Namespace 7 $ docker run -ti --rm ubuntu:14.04 ip -4 -o addr 1: lo inet 127.0.0.1/8 scope host lo 10: eth0 inet 172.17.0.4/16 scope global eth0 $ Each container got it’s own network stack (by default, configureable).
  • 8.
    Namespace • Mount(do not mess with other file systems) • User (users are only valid within one container) • IPC (Interprocess communication only within) • UTS (hostname / domain name is unique) 8
  • 9.
    Docker in a(Coco-)Nutshell 9 • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system
  • 10.
    Dockerfile 10 $cat Dockerfile # From which image to start from FROM fedora:20 # Who is in charge MAINTAINER "Christian Kniep <christian@qnib.org>" # Execute bash command RUN yum install -y stress # if no command is given, this command will be # executed at runtime (within a bash). CMD ["stress", "-c", "4"]
  • 11.
    Build Dockerfile 11 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Running in 43fcf8d8393a ---> f1d0c1455565 Removing intermediate container 43fcf8d8393a Step 2 : CMD stress -c 4 ---> Running in bd6536dfabed ---> 24b99ee707fe Removing intermediate container bd6536dfabed Successfully built 24b99ee707fe $
  • 12.
    Cached Builds 12 $ docker build -q -t locafox/stress . Step 0 : FROM fedora:20 ---> 7d3f07f8de5f Step 1 : RUN yum install -y stress ---> Using cache ---> f1d0c1455565 Step 2 : CMD stress -c 4 ---> Using cache ---> 24b99ee707fe Successfully built 24b99ee707fe $ If the build step is already executed, it will be cached.
  • 13.
    Docker in a(Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system 13
  • 14.
    cgroups 14 4CPU stress processes are bound to Core 0
  • 15.
    cgroups [cont] 15 4 CPU stress processes are bound to Core 0 & 3
  • 16.
    Docker in a(Coco-)Nutshell • (chroot)2 != Virtual Machine • Builds on-top LinuX Containers (LXC) • Kernel namespaces (isolation) • cgroups (resource mgmt) • intuitive build system • repositories public/private/certified • RedHat, Microsoft, Community backed 16
  • 17.
    Docker details •(chroot)2 != Virtual Machine 17
  • 18.
    Docker != VM(srsly!) http://en.wikipedia.org/wiki/Systemd Virtual Machine • Kicks off a complete Machine, hence the name! • EveryoneTM disables security • Hard to strip down 18 Docker • Only spawns one process (in theory, at least) • Easy to understand (theory, old friend)
  • 19.
  • 20.
    Single Process •Make SELinux useable? • one process • limited interactions • just simpler 20 https://www.youtube.com/watch?v=zWGFqMuEHdw
  • 21.
    Docker details •(chroot)2 != Virtual Machine • Images and CoW 21
  • 22.
    Images and CoW • An image is an immutable layer • A container is the RW layer, which is executed on-top 22 qnib/slave qnib/terminal qnib/supervisor qnib/fd20 Fedora qnib/of_build qnib/IB_build qnib/slurm_build qnib/build qnib/master qnib/gapi qnib/carbon qnib/elk copy-on-write /slurm FROM points to the parent-image and this relationship sticks. If the parent is changed, the child has to be rebuild.
  • 23.
    Docker details •(chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 23
  • 24.
    Network Port 24 The internal port 80 is exposed to the docker-host’s port 8080
  • 25.
    Docker details •(chroot)2 != Virtual Machine • Images and CoW • Ports • docker exec (since 1.3) 25
  • 26.
    docker exec 26 Inject a new process into an already running container.
  • 27.
    Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 27
  • 28.
    Config Mgmt •Provisioning • Bootstrap DOCKER_HOST • Dockerfile vs. playbooks? • Orchestration • Multiple other project in the woods (Docker Swarm, Kubernetes, Apache Mesos[?], …) • Validation • Is the configuration within still valid? 28
  • 29.
    Ansible + Docker • Purpose of Config-Mgmt • Provisioning • Orchestration • Validation • Ansible • docker module • docker inventory • docker facts 29
  • 30.
    Ansible • dockermodule • Start/Stop Container • docker inventory • provide dynamic inventory by fetching info about running containers • docker facts • Use information about containers within Ansible 30
  • 31.
    Thoughts • Containersmostly do not provide an SSH daemon • Connecting via • Docker is a nice way to check out playbook • Otherwise playbooks shouldn’t be used inside of Dockerfiles [IMHO] • Use Ansible to check configuration within container? • Setup SELinux rules using Ansible • Vagrant vs. Docker 31 docker exec <container> bash