Download as PDF, PPTX
![What's
that
container
doing
?
FROM fedora:20
MAINTAINER scollier <scollier@redhat.com>
RUN yum -y update && yum clean all
RUN yum -y install couchdb && yum clean all
RUN sed
-e 's/^bind_address = .*$/bind_address = 0.0.0.0/'
-i /etc/couchdb/default.ini
ADD local.ini /etc/couchdb/local.ini
EXPOSE 5984
CMD ["/bin/sh", "-e", "/usr/bin/couchdb",
"-a", "/etc/couchdb/default.ini",
"-a", "/etc/couchdb/local.ini",
"-b", "-r", "5", "-R"]](https://image.slidesharecdn.com/puppet-docker-150220131223-conversion-gate02/85/Beyond-Golden-Containers-Complementing-Docker-with-Puppet-11-320.jpg)
![class webserver {
package { 'httpd':
ensure => latest
} ->
file { '/etc/httpd/conf.d/local.conf':
ensure => file,
mode => 644,
source => 'puppet:///modules/httpd/local.conf',
} ->
service { 'httpd':
ensure => running,
enable => true,
subscribe => File['/etc/httpd/conf.d/local.conf'],
}
}
A
basic
manifest](https://image.slidesharecdn.com/puppet-docker-150220131223-conversion-gate02/85/Beyond-Golden-Containers-Complementing-Docker-with-Puppet-17-320.jpg)
![class webserver2 inherits webserver {
File['/etc/httpd/conf.d/local.conf'] {
source => 'puppet:///modules/httpd/other-local.conf',
}
}
Override
via
inheritance](https://image.slidesharecdn.com/puppet-docker-150220131223-conversion-gate02/85/Beyond-Golden-Containers-Complementing-Docker-with-Puppet-18-320.jpg)
![docker::run { 'appserver2':
image => 'fedora:20',
command => '/usr/sbin/init',
ports => ['80', '443'],
links => ['mysql:db'],
use_name => true,
volumes => ['/var/lib/couchdb',
'/var/log'],
volumes_from => 'appserver1',
memory_limit => 10485760, # bytes
username => 'appy',
hostname => 'app2.example.com',
env => ['FOO=BAR', 'FOO2=BAR2'],
dns => ['8.8.8.8', ‘8.8.4.4']
}
Running
containers](https://image.slidesharecdn.com/puppet-docker-150220131223-conversion-gate02/85/Beyond-Golden-Containers-Complementing-Docker-with-Puppet-29-320.jpg)
![Dockerfile
for
puppet
apply
FROM fedora:20
MAINTAINER James Turnbull <james@lovedthanlost.net>
ADD modules /tmp/modules
RUN yum -y install puppet;
puppet apply --modulepath=/tmp/modules
-e "class { 'nginx': service_ensure => disable }”;
rm -rf /tmp/modules
EXPOSE 80
CMD ["nginx"]](https://image.slidesharecdn.com/puppet-docker-150220131223-conversion-gate02/85/Beyond-Golden-Containers-Complementing-Docker-with-Puppet-32-320.jpg)
More Related Content
Similar to Beyond Golden Containers: Complementing Docker with Puppet
![Converting Your Dev Environment to a Docker Stack - php[world]](https://cdn.slidesharecdn.com/ss_thumbnails/convertyourdevenvironmenttoadockerstack-phpworld-191024133137-thumbnail.jpg?width=640&height=640&fit=bounds)
Beyond Golden Containers: Complementing Docker with Puppet
- 1. Beyond Golden Containers ComplementingDocker with Puppet David Lutterkort @lutterkort lutter@puppetlabs.com
- 3. Brief Interlude: What evenis Configuration ?
- 4. Any input to infrastructure is configura)on
- 5. Configura3on management: managing those inputs over )me at scale
- 6. Configura3on management: managing those inputs over )me at scale
- 7. Configura3on management: managing those inputs over 3me at scale Gareth Rushgrove
- 8.
- 9.
- 10. lang en_US.UTF-8 keyboard us … rootpw--iscrypted $1$uw6MV$m6VtUWPed4SqgoW6fKfTZ/ part / --size 1024 --fstype ext4 --ondisk sda repo --name=fedora —mirrorlist=… repo --name=updates —mirrorlist=… %packages @core %end %post curl http://example.com/the-script.pl | /usr/bin/perl What’s that machine doing ?
- 11. What's that container doing ? FROM fedora:20 MAINTAINER scollier <scollier@redhat.com> RUN yum -y update && yum clean all RUN yum -y install couchdb && yum clean all RUN sed -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' -i /etc/couchdb/default.ini ADD local.ini /etc/couchdb/local.ini EXPOSE 5984 CMD ["/bin/sh", "-e", "/usr/bin/couchdb", "-a", "/etc/couchdb/default.ini", "-a", "/etc/couchdb/local.ini", "-b", "-r", "5", "-R"]
- 12.
- 15. Puppet from 10,000 feet
- 16.
- 17. class webserver { package{ 'httpd': ensure => latest } -> file { '/etc/httpd/conf.d/local.conf': ensure => file, mode => 644, source => 'puppet:///modules/httpd/local.conf', } -> service { 'httpd': ensure => running, enable => true, subscribe => File['/etc/httpd/conf.d/local.conf'], } } A basic manifest
- 18. class webserver2 inheritswebserver { File['/etc/httpd/conf.d/local.conf'] { source => 'puppet:///modules/httpd/other-local.conf', } } Override via inheritance
- 23. Managing a Docker host
- 24. Gareth Rushgrove’s module: https://forge.puppetlabs.com/garethr/docker • Install docker • Manage images • Run containers • Version 3.3.2 just released
- 25. class { 'docker': tcp_bind=> 'tcp://127.0.0.1:4243', socket_bind => 'unix:///var/run/docker.sock', version => latest } Setting up Docker
- 26. docker::image { 'ubuntu': image_tag=> 'precise' } Pulling down images
- 27. docker::image { 'ubuntu': docker_file=> ‘/tmp/Dockerfile’ } Pulling down images
- 28. docker::image { 'ubuntu': docker_dir=> ‘/tmp/ubuntu_image’ } Pulling down images
- 29. docker::run { 'appserver2': image=> 'fedora:20', command => '/usr/sbin/init', ports => ['80', '443'], links => ['mysql:db'], use_name => true, volumes => ['/var/lib/couchdb', '/var/log'], volumes_from => 'appserver1', memory_limit => 10485760, # bytes username => 'appy', hostname => 'app2.example.com', env => ['FOO=BAR', 'FOO2=BAR2'], dns => ['8.8.8.8', ‘8.8.4.4'] } Running containers
- 30. docker::exec { ‘helloworld-uptime': detached=> true, command => '/usr/bin/uptime', container => 'helloworld', tty => true, } Running containers
- 31.
- 32. Dockerfile for puppet apply FROM fedora:20 MAINTAINER James Turnbull <james@lovedthanlost.net> ADD modules /tmp/modules RUN yum -y install puppet; puppet apply --modulepath=/tmp/modules -e "class { 'nginx': service_ensure => disable }”; rm -rf /tmp/modules EXPOSE 80 CMD ["nginx"]
- 33. > puppet dockerbuild --name lutter/myimage base.pp
- 34.
- 35. Not everything is a container
- 36. FROM fedora:20 MAINTAINER DavidLutterkort <lutter@watzmann.net> ADD puppet /tmp/puppet-docker RUN yum -y install puppet; /tmp/puppet-docker/bin/puppet-docker Dockerfile for puppet agent
- 37. > tree puppet puppet/ ├──bin │ └── puppet-docker ├── config.yaml └── ssl ├── agent-cert.pem ├── agent-private.pem ├── agent-public.pem └── ca.pem Support files
- 38. > cat puppet/config.yaml --- certname:docker.example.com server: puppet-master.example.com facts: container: docker build: true Configure agent run
- 39. FROM fedora:20 MAINTAINER DavidLutterkort <lutter@watzmann.net> ADD puppet /tmp/puppet-docker RUN yum -y install puppet; /tmp/puppet-docker/bin/puppet-docker Dockerfile for puppet agent
- 40. > puppet dockerbuild --name lutter/myimage
- 41.
- 42.
- 43.
- 44.
- 45. Correlate Images and Instances
- 46. Links • Manage container hosts with https://forge.puppetlabs.com/garethr/docker • Sample materials for puppet agent etc. at https://github.com/lutter/puppet-‐docker • Working examples https://github.com/garethr/puppet-‐docker-‐example https://github.com/garethr/puppet-‐docker-‐vnext-‐example Questions ?
Editor's Notes
- #2 /me ~ 1.5 years at PL, before at Red Hat provisioning → Razor Puppet contributions back to 2006 Augeas
- #3 Who has used Docker ? New (~ 2 years) Best way to use How do tools/processes need to change ? Gives ppl most of what they really wanted from virt Immutable artifact + application isolation
- #4 Research from the 1950’s
- #5 not just single node traditional: package/file/service … non-traditional: cloud resources network devices
- #6 manage all of it openssl update -> restart http sshd_config update -> restart sshd
- #7 one time setup is easy audit changes predict effect of changes
- #8 3 machines are easy 30 are hard 3000 impossible w/o tooling not solved by containers, problem just shifts
- #9 Puppet since 2006 What did people do before then ?
- #10 Configuration through Documents Word/txt/XML PITA → Golden Image
- #11 Perl script that does everything Consulting: Perl → Puppet Brittle Problematic with large numbers
- #12 custom DSL who knows globally what is in containers ?
- #13 ops complaint: no idea what is in containers they deploy
- #16 Who’s used/using Puppet ?
- #17 “What makes it special? What is secret sauce? Why is this a superior approach?”
- #19 Infrastructure as Code
- #20 Other customization mechanisms: Class parameters Data injection (Hiera) Modules
- #24 also: NC
- #25 ~ 2800 modules ~ 1000 authors
- #45 Abstraction of multi-machine API Plumb into docker module ECS/GCE/Kubernetes
- #46 Easy way to get VM/instance with Docker up and running Digital Ocean/EC2/Azure/GCP/desktop dirt Integrate with Puppet mgmt
- #47 Puppet for ‘personalization’ of container Puppet for auditing Several possible approaches Oneshot at container launch run cron or init + puppetd one agent per host
- #48 Reporting/auditing