This document discusses Docker concepts like images vs containers, base images, Dockerfiles, volumes, and ways of building Docker images. It also covers topics like configuration, discovery, routing, and other Docker tools. Specifically, it explains that images are blueprints for containers, containers are instances of images that are writeable, and images are not after creation. It also discusses choosing a base image, tags/versions, and dissects example Dockerfiles.
An on-going presentation for the Docker workshop on how to integrate docker into Vagrant as a provider. In order to remove the requirement of having a VM, and speedup development environments. It also features Puppet as the configuration management system.
The code can be found in: https://github.com/npoggi/vagrant-docker
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session I'd like to share our experience, including but not limited to:
- advanced vagrantfile configuration
- vm configuration tips for dev environment: performance, debug, tuning
- our wtf moments
- puphet/phansilbe: hot or not?
- tips for sharing a box
An on-going presentation for the Docker workshop on how to integrate docker into Vagrant as a provider. In order to remove the requirement of having a VM, and speedup development environments. It also features Puppet as the configuration management system.
The code can be found in: https://github.com/npoggi/vagrant-docker
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session I'd like to share our experience, including but not limited to:
- advanced vagrantfile configuration
- vm configuration tips for dev environment: performance, debug, tuning
- our wtf moments
- puphet/phansilbe: hot or not?
- tips for sharing a box
Ansible overview, architecture and concepts.
What is deploy? And how to deploying Symfony2 app with Ansible.
Thanks for http://www.slideshare.net/ramondelafuente/ansible-projectdeploy/.
Preparation study for Docker Event
Mulodo Open Study Group (MOSG) @Ho chi minh, Vietnam
http://www.meetup.com/Open-Study-Group-Saigon/events/229781420/
Ansible: How to Get More Sleep and Require Less CoffeeSarah Z
Why you need automation, configuration management and remote execution in your life. An intro to Ansible and how it can make your life in Ops infinitely easier.
With Vagrant 1.1, you can use the same configuration and workflow to spin up and provision machines in VirtualBox, VMware, AWS, RackSpace, and more. You get all the benefits of Vagrant with the power of working in whatever environment you need to.
In this talk, you’ll learn how to use the new multi-provider features of Vagrant to more effectively develop and test Chef cookbooks.
Dennis Matotek, Technical Lead Platforms at Experian Hitwise Australia, gave an excellent presentation on setting up puppet using vagrant, puppet and testing, including a full demo of rspec-puppet and Jenkins.
Puppet is a configuration management tool which allows easy deployment and configuration ranging from 1 to 1 thousand servers (and even more). Even though its common knowledge for devops, puppet is still a strange piece of software for developers. How does it work and what can it do for you as a developer?
Docker is popular open-source software containerization platform. It provides an ability to package software into standardised units on Docker for software development. In this hands-on introductory session, I introduce the concept of containers and provide an overview of Docker. Participants can learn important concepts in Docker step-by-step and learn by example by running commands with me. The main session involves using Docker CLI (Command Line Interface) covering all the key concepts such as creating images and managing containers. What is more, this workshop ends with a complete example of getting some amazing work done with ease using Docker. Presented in OSI Days '16: http://opensourceindia.in/osidays/workshops-osi-2016/
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session I'd like to share our experience, including but not limited to:
- advanced vagrantfile configuration
- vm configuration tips for dev environment: performance, debug, tuning
- our wtf moments
- puphet/phansilbe: hot or not?
- tips for sharing a box
Docker is an elegant software that empowers application developers to efficiently create containers and create parity between local and production environments. It is an increasingly popular platform that has revolutionized development over the last few years.
We at YipitData have dramatically scaled our technology platform through containerization and are big proponents of Docker. This slide deck will cover the "first mile" of developing in Docker and container architecture through the following topics:
- Explaining how Dockerfiles, images, and containers relate to one another
- Using the Docker CLI to launch and manage containers
- Best practices for writing Dockerfiles and optimizing images
- Tips and tricks for local development
By the end of the presentation, I hope you will be excited to experiment with Docker and discover more about this extremely valuable technology.
Disclaimer: YipitData is not endorsed by, directly affiliated with, maintained, authorized, or sponsored by Docker Inc.
Docker - Demo on PHP Application deployment Arun prasath
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
In this demo, I will show how to build a Apache image from a Dockerfile and deploy a PHP application which is present in an external folder using custom configuration files.
Ansible overview, architecture and concepts.
What is deploy? And how to deploying Symfony2 app with Ansible.
Thanks for http://www.slideshare.net/ramondelafuente/ansible-projectdeploy/.
Preparation study for Docker Event
Mulodo Open Study Group (MOSG) @Ho chi minh, Vietnam
http://www.meetup.com/Open-Study-Group-Saigon/events/229781420/
Ansible: How to Get More Sleep and Require Less CoffeeSarah Z
Why you need automation, configuration management and remote execution in your life. An intro to Ansible and how it can make your life in Ops infinitely easier.
With Vagrant 1.1, you can use the same configuration and workflow to spin up and provision machines in VirtualBox, VMware, AWS, RackSpace, and more. You get all the benefits of Vagrant with the power of working in whatever environment you need to.
In this talk, you’ll learn how to use the new multi-provider features of Vagrant to more effectively develop and test Chef cookbooks.
Dennis Matotek, Technical Lead Platforms at Experian Hitwise Australia, gave an excellent presentation on setting up puppet using vagrant, puppet and testing, including a full demo of rspec-puppet and Jenkins.
Puppet is a configuration management tool which allows easy deployment and configuration ranging from 1 to 1 thousand servers (and even more). Even though its common knowledge for devops, puppet is still a strange piece of software for developers. How does it work and what can it do for you as a developer?
Docker is popular open-source software containerization platform. It provides an ability to package software into standardised units on Docker for software development. In this hands-on introductory session, I introduce the concept of containers and provide an overview of Docker. Participants can learn important concepts in Docker step-by-step and learn by example by running commands with me. The main session involves using Docker CLI (Command Line Interface) covering all the key concepts such as creating images and managing containers. What is more, this workshop ends with a complete example of getting some amazing work done with ease using Docker. Presented in OSI Days '16: http://opensourceindia.in/osidays/workshops-osi-2016/
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session I'd like to share our experience, including but not limited to:
- advanced vagrantfile configuration
- vm configuration tips for dev environment: performance, debug, tuning
- our wtf moments
- puphet/phansilbe: hot or not?
- tips for sharing a box
Docker is an elegant software that empowers application developers to efficiently create containers and create parity between local and production environments. It is an increasingly popular platform that has revolutionized development over the last few years.
We at YipitData have dramatically scaled our technology platform through containerization and are big proponents of Docker. This slide deck will cover the "first mile" of developing in Docker and container architecture through the following topics:
- Explaining how Dockerfiles, images, and containers relate to one another
- Using the Docker CLI to launch and manage containers
- Best practices for writing Dockerfiles and optimizing images
- Tips and tricks for local development
By the end of the presentation, I hope you will be excited to experiment with Docker and discover more about this extremely valuable technology.
Disclaimer: YipitData is not endorsed by, directly affiliated with, maintained, authorized, or sponsored by Docker Inc.
Docker - Demo on PHP Application deployment Arun prasath
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
In this demo, I will show how to build a Apache image from a Dockerfile and deploy a PHP application which is present in an external folder using custom configuration files.
An overview on docker and container technology behind it. Lastly, we discuss few tools that might come handy when dealing with large number of containers management.
Docker and Puppet for Continuous IntegrationGiacomo Vacca
Today developers want to change the code, build and deploy often, even several times per day.
New versions of software may need to be tested on different distributions, and with different configurations.
Achieving this with Virtual Machines it’s possible, but it’s very resource and time consuming. Docker provides an incredibly good solution for this, in particular if combined with Continuous Integration tools like Jenkins and Configuration Management tools like Puppet.
This presentation focuses on the opportunities to configure automatically Docker images, use Docker containers as disposable workers during your tests, and even running your Continuous Integration system inside Docker.
This topic introduces tools to automate the development and deployment workflow of a WordPress web application.
I am showing the main benefits of such a workflow and how it allows making the installation and update of the project fully automatic, predictable, versioned, and ready to be integrated into a continuous deployment system. Tools like Docker and WP-CLI, will be introduced to implement that process along with a simple tool that I have developed to automatically deploy the basic data that a project needs to be up and running.
My mantra? No manual clicks whatsoever in the web interface for configuring WordPress!
DCSF 19 Building Your Development Pipeline Docker, Inc.
Oliver Pomeroy, Docker & Laura Tacho, Cloudbees
Enterprises often want to provide automation and standardisation on top of their container platform, using a pipeline to build and deploy their containerized applications. However this opens up new challenges; Do I have to build a new CI/CD Stack? Can I build my CI/CD pipeline with Kubernetes orchestration? What should my build agents look like? How do I integrate my pipeline into my enterprise container registry? In this session full of examples and how-to's, Olly and Laura will guide you through common situations and decisions related to your pipelines. We'll cover building minimal images, scanning and signing images, and give examples on how to enforce compliance standards and best practices across your teams.
SenchaCon 2016: Develop, Test & Deploy with Docker - Jonas Schwabe Sencha
Have you ever heard the phrase: "Everything works fine on my machine?" Docker is here to rescue you. Running your toolchain, Ext JS application, back-end server, and even your database - all in a standardized container format that can be transported and reused, throughout your process. In this session, you will learn how to automate a typical workflow, including developing, testing, and deploying, by using Docker containers and common continuous integration solutions.
Docker is not just about deploying containers to hundreds of servers. Developers need tools that help with day-to-day tasks and to do their job more effectively. Docker is a great addition to most workflows, from starting projects to writing utilities to make development less repetitive. Docker can help take care of many problems developers face during development such as “it works on my machine” as well as keeping tooling consistent between all of the people working on a project. See how easy it is to take an existing development setup and application and move it over to Docker, no matter your operating system.
3 years ago, Meetic chose to rebuild it's backend architecture using microservices and an event driven strategy. As we where moving along our old legacy application, testing features became gradually a pain, especially when those features rely on multiple changes across multiple components. Whatever the number of application you manage, unit testing is easy, as well as functional testing on a microservice. A good gherkin framework and a set of docker container can do the job. The real challenge is set in end-to-end testing even more when a feature can involve up to 60 different components.
To solve that issue, Meetic is building a Kubernetes strategy around testing. To do such a thing we need to :
- Be able to generate a docker container for each pull-request on any component of the stack
- Be able to create a full testing environment in the simplest way
- Be able to launch automated test on this newly created environment
- Have a clean-up process to destroy testing environment after tests To separate the various testing environment, we chose to use Kubernetes Namespaces each containing a variant of the Meetic stack. But when it comes to Kubernetes, managing multiple namespaces can be hard. Yaml configuration files need to be shared in a way that each people / automated job can access to them and modify them without impacting others.
This is typically why Meetic chose to develop it's own tool to manage namespace through a cli tool, or a REST API on which we can plug a friendly UI.
In this talk we will tell you the story of our CI/CD evolution to satisfy the need to create a docker container for each new pull request. And we will show you how to make end-to-end testing easier using Blackbeard, the tool we developed to handle the need to manage namespaces inspired by Helm.
DCEU 18: Building Your Development PipelineDocker, Inc.
Oliver Pomeroy - Solution Engineer, Docker
Laura Frank Tacho - Director of Engineering, CloudBees
Enterprises often want to provide automation and standardisation on top of their container platform, using a pipeline to build and deploy their containerized applications. However this opens up new challenges… Do I have to build a new CI/CD Stack? Can I build my CI/CD pipeline with Kubernetes orchestration? What should my build agents look like? How do I integrate my pipeline into my enterprise container registry? In this session full of examples and “how-to”s, Olly and Laura will guide you through common situations and decisions related to your pipelines. We’ll cover building minimal images, scanning and signing images, and give examples on how to enforce compliance standards and best practices across your teams.
WebSphere Application Server Liberty Profile and DockerDavid Currie
Presentation from IBM InterConnect 2015 covering a brief introduction to Docker, the relationship between IBM and Docker, and then using WebSphere Application Server Liberty Profile under Docker.
We talk about docker, what it is, why it matters, and how it can benefit us. This presentation is an introduction and delivered to local meetup in Indonesia.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
4. Image vs container
• an image is the blueprint for the container
• a container is an instance of the image
• the container is writeable, while an image is not
(after creation)
• the container state can be committed to form an
image
6. Choosing a base image
• They come in all sizes, for specialised or general
purposes.
• Majority based on some version of Ubuntu, but
many are also small (of size in MB) with a limited
toolset.
7. Choosing a base image
This is one of the questions dividing the community
into two camps:
Should my container run one process, or many?
my process as PID 1
vs
using an init process?
9. Tags / Versions
• Use some time to think through Docker tagging
• Tag is normally a version, but don’t need to be
• Special tag “latest” appended if no tag specified
• Metadata is a new feature - might change the scenarios
where tags was used earlier. Have not looked into it yet.
11. Dissecting a Dockerfile
FROM phusion/baseimage:0.9.16
# Set correct environment variables.
ENV HOME /root
# Regenerate SSH host keys.
# You may also comment out this instruction; the
# init system will auto-generate one during boot.
RUN /etc/my_init.d/00_regen_ssh_host_keys.sh
# Use baseimage-docker's init system.
CMD ["/sbin/my_init"]
# ...put your own build instructions here...
#RUN apt-get update && apt-get -y upgrade
# Clean up APT when done.
#RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
12. Dissecting a Dockerfile
FROM vimond.artifactoryonline.com/vimond-base
# automatically accept oracle license
RUN echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true
| /usr/bin/debconf-set-selections
RUN add-apt-repository ppa:webupd8team/java
&& apt-get update
&& apt-get -y upgrade
&& apt-get -y install
oracle-java8-set-default
oracle-java8-unlimited-jce-policy
oracle-java8-installer
libsnappy-java
python-software-properties
# Clean up APT when done.
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
ENV JAVA_HOME /usr/lib/jvm/java-8-oracle
13. Dissecting a Dockerfile
# vim:set ft=dockerfile:
FROM vimond.artifactoryonline.com/vimond-base-java-8
MAINTAINER Olve Sæther Hansen <olve@vimond.com>
# Set correct environment variables.
ENV HOME /root
# Regenerate SSH host keys. baseimage-docker does not contain any, so you
# have to do that yourself. You may also comment out this instruction; the
# init system will auto-generate one during boot.
RUN /etc/my_init.d/00_regen_ssh_host_keys.sh
# Use baseimage-docker's init system.
CMD ["/sbin/my_init"]
# automatically accept oracle license
#RUN echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true
# | /usr/bin/debconf-set-selections
RUN apt-get update
&& apt-get -y upgrade
&& apt-get -y install
python-pip
&& apt-get clean
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
RUN pip install cqlsh
#Swaps (ubuntu) dash with bash for easier sourceing
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
COPY docker-service.sh /tmp/docker-service.sh
COPY docker-service-startup-command.sh /etc/my_init.d/docker-service-startup-command.sh
RUN chmod a+x /etc/my_init.d/docker-service-startup-command.sh
ONBUILD COPY docker/docker-config.yml docker/docker.properties build/libs/*.jar target/*.jar /tmp/
ONBUILD RUN rm -fv /tmp/*tests*.jar
#Notes on variables below. $UPPER_CASE means variables to be evaluated at runtime, all file names in
#/etc/container_environment will be a variable name with the file content as value.
#Variables with $lower_case means the var should used only in the Dockerfile image build phase.
#This is for keeping the confusion at bay.
ONBUILD RUN source /tmp/docker.properties
&& useradd -ms /bin/bash -d /opt/$service_name -G docker_env $service_name
&& mkdir /var/log/${service_name}
&& mkdir /etc/service/${service_name}
&& mv /tmp/docker-service.sh /etc/service/$service_name/run
&& echo $service_name >> /etc/container_environment/SERVICE_NAME
[snip]
15. Ways of building images
• Image from direct container changes
• Dynamic Dockerfile
• Static Dockerfile
16. Things to think about
• size of image (.dockerignore)
• compile inside or outside of image?
• what to do about secrets?
• what do do about dependencies
• what to do about access to dependencies (repos)
• (sure I forgot something - anyone?)
19. hub.docker.com
• the GitHub for Docker
• IMO best for public images, as rights
management and building can be cumbersome
for private repositories
20. hub.<yoursite>.com
• The registry is open source, so it is possible to
run it locally
• Have not tried this - might be a sound solution
21. <yoursite>.artifactoryonline.com
• We went for this solution, as we already store our
jar-files, npm builds and gems in Artifactory.
• Some other nice features for image promotion
• Probable other solutions, both onsite or as a
service in this space
23. Mounted Volumes
• Mount files or folders from host to the container in RO or
RW mode.
• Useful for
• static data,
• complex configurations
• getting logs out of the container
• any dynamic data created in container that you want to
keep
24. Data Volume Container
• Data volumes can be created from scratch or from
a docker container which has a volume.
• use “—volume-from” command when starting/
creating other container
• useful for dynamic data that can be versioned,
shared and used in different environments
(e.g. databases)
25. What is going on inside a
container
• Can be a bit cumbersome, but possible to
introspect in many ways.
• top (processes are exposed to host)
• ssh (if ssh server enabled- re multiple processes)
• docker exec -t -i <container id> bash -l
• docker inspect <container id>
27. Docker Compose
• previously known as fig
• Tool for setting up several containers linked
together.
• Handled by a single configuration
• We use it to set up infrastructure and perform
integration tests
30. Configuration
• use production optimised defaults
• use a sane convention and override when needed
• make configuration expressible via system
variables when possible
(meaning no lists, maps etc)
32. Discovery
• Keep service discovery out of the service
• Keep service discovery out of the image containing
the service
• Use Docker events and have a dedicated
discovery agent running and reporting
34. Routing
• We have now many services/containers running, each on
a random port on different machines.
• How do we route traffic to and from?
• Docker Compose can help (also in prod systems)
• We decided to write HAProxy configs on the fly based on
Docker events (via a service discovery system - Consul
and Registrator)
• Consul-template reacts to events in consul, and rewrites
configuration files
35. HAProxy service routing
• Typically two HAProxy servers with identical configuration
• One front-end on port 80 that selects backend based on DNS
• One backend for each service
• Many load balanced servers (potentially) for each backend
• Service outage will rewrite configuration file and restart
HAProxy
• Service additions will rewrite configuration file and restart
HAProxy
36. Other interesting Docker
tools and notes
• Docker Machine
• Docker Swarm
• ECS from Amazon
• https://github.com/gliderlabs/logspout
• https://github.com/GoogleCloudPlatform/kubernetes
• Many others, but difficult to separate hype from
promising projects.