FROM ARM to Z: building, shipping, and
running a multi-platform Docker swarm
Chris Jones
Open Source Developer, IBM
Christy Perez
Open Source Developer, IBM
• What is "multi-arch?"
• Why is this needed?
• How to ...
• Examples
• docker manifest
Agenda
• Demo – Building images
• Demo – Shipping images
• Demo – Running Swarm
• Q&A
What are we talking about?
• GOAL: User
experience across
architectures is the
same
What
Why should I care?
$ docker run –it ubuntu
standard_init_linux.go:178: exec user process caused
“no such file or directory”
$ uname –m
s390x
$ docker run –it s390x/ubuntu
root@eb7051894530:/#
Why
$ docker run –it rethinkdb
standard_init_linux.go:178: exec user process caused
“no such file or directory”
$ uname –m
aarch64
$ docker run –it aarch64/rethinkdb
docker: Error response from daemon: repository
aarch64/rethinkdb not found: does not exist or no
pull access.
Why
• The user had to remember he was on a different
architecture
• Arch-dependent image names harm usability
• Siloed projects cause heartbreaks
What went wrong?
• Grow your project
• Strengths of other platforms
Benefits
How to multi-arch?
• actual hardware
• hardware assisted virtualization (KVM)
• full-system emulation (QEMU)
• user-mode emulation (binfmt_misc)
• cross-compiling
How
Building and running binaries
binfmt_misc
• Allows you to run ELF binaries that weren’t
compiled on your host architecture
• Maps non-native binaries to arch-specific
interpreters (e.g. QEMU)
• Pre-Configured in Docker for Mac!
binfmt_misc
# create magic number (ELF header bit) mappings
$ docker run –rm –privileged multiarch/qemu-user-
static:register
# verify our magic numbers were added, aka our
# Rolodex has been created.
$ ls /proc/sys/fs/binfmt_misc/
aarch64 arm ppc64le s390x …
binfmt_misc – ppc64le e.g.
# download interpreter
$ curl -fsSL https://github.com/multiarch/qemu-user-
static/releases/download/v2.8.1/x86_64_qemu-ppc64le-
static.tar.gz -o ~/x86_64_qemu-ppc64le-static.tar.gz
# unzip to /usr/bin/qemu-ppc64le-static
$ tar -xvzf ~/x86_64_qemu-ppc64le-static.tar.gz -C
/usr/bin/qemu-ppc64le-static
binfmt_misc – ppc64le e.g.
# docker run ppc64le image and mount bin
$ docker run -it --rm -v /usr/bin/qemu-ppc64le-
static:/usr/bin/qemu-ppc64le-static /
ppc64le/busybox:latest uname –m
uname -m
ppc64le
binfmt_misc – ppc64le e.g.
# docker run ppc64le image
$ docker run -it --rm ppc64le/busybox:latest uname -m
uname -m
ppc64le
Docker for Mac
Cross-compiling in go
$ GOOS=linux GOARCH=arm go build
complex cross-compiling in go
Advice (Wisdom?)
├── Dockerfile
├── Dockerfile.aarch64
├── Dockerfile.armhf
├── Dockerfile.ppc64le
├── Dockerfile.s390x
├── Dockerfile.simple
├── Dockerfile.solaris
├── Dockerfile.windows
Makefiles, Dockerfiles & build scripts
• Multiple Dockerfiles (e.g.
Dockerfile.armf)
• Don't hard-code in arch in
packages, etc.
• If you must...
• ifdefs & build constraints
Optimizations
zfs.go:// +build linux freebsd solaris
zfs_unsupported.go:// +build !linux,!freebsd,!solaris
Where does docker fit?
• Multi-arch support in registry (Jan 2016)
• Skopeo Project
(https://github.com/projectatomic/skopeo)
• Phil Estes' tool
(https://github.com/estesp/manifest-tool)
• PR to add "docker manifest" (PR #27455)
History
What's a manifest?
• Image metadata
- Layers
- References
- OS
- Arch
- etc.
What's a manifest list?
• A multi-arch "image"
• Contains image manifests
• Engine decides which to pull
• Not tied to image name
• Extra image detail
myrepo/mylist
amd64 image amrhf image
ppc64le image
docker manifest
• "Shallow pull" of image: manifest only
• Pushing multi-architecture image names to
registry
`docker manifest` command
# create interactively using cli
$ docker manifest create tophj/busybox busybox /
aarch64/busybox armhf/busybox ppc64le/busybox /
s390x/busybox
$ docker manifest annotate tophj/busybox /
armhf/busybox --os linux --arch arm --osFeature f1
$ docker manifest push tophj/busybox
docker manifest
# or create using yaml
$ docker manifest push
-f clnperez_hw.yaml
docker manifest - yaml
docker manifest inspect tophj/busybox
docker manifest inspect busybox
docker manifest
Putting it all together:
docker swarm
tophj/demo
tophj/demo
• tophj/ppc64le-demo
• tophj/x86_64-demo
• tophj/armhf -demo
• tophj/s390x-demo
├── Dockerfile.armhf
├── Dockerfile.ppc64le
├── Dockerfile.s390x
├── Dockerfile.x86_64
├── img
│ ├── captain_logo.png
│ ├── captain.png
│ ├── christy_logo.png
│ ├── christy.png
│ ├── pink.png
│ └── tophj.png
└── server.go
docker swarm demo
# create our tophj/demo manifest list which points to our
# architecture specific images
$ docker manifest create tophj/demo tophj/x86_64-demo 
tophj/armhf-demo tophj/ppc64le-demo tophj/s390x-demo
docker swarm demo
# annotate to change armhf to arm
$ docker manifest annotate tophj/demo tophj/armhf-demo 
--os linux --arch arm
# finally push the manifest list
$ docker manifest push tophj/demo
docker swarm demo
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER
STATUS
3nisms9qfi27ko0683bylxyud s390 Ready Active
7jwo7d5braat1l6n63j8xfue6 * x86_64 Ready Active Leader
n5tqx2yk77123sjiapqwmu14e armhf Ready Active
u30pwzlt5hthwbbsdok8nxyh8 ppc64le Ready Active
docker swarm demo
# start the swarm service using the multi-arch image name
$ docker service create --mode global --name dockercon -p 8082:8080 tophj/demo
# start a simple load-balancer for fun
$ docker run -itd -p 80:81 --name nginx -v /christy/nginx:/etc/nginx nginx
# visit the IP of your load balancer in your browser
# be sure to refresh for multi-arch fun
docker swarm demo
docker swarm demo
bit.ly/multiarch-docker
Resources
• Server image:
https://c1.staticflickr.com/4/3519/3462607995_150a6b2624_b.jpg
• HtcpcpTeapot image:
https://commons.wikimedia.org/wiki/File:Htcpcp_teapot.jpg
• Raspberry Pi is a trademark of the Raspberry Pi Foundation.
• https://github.com/dockersamples/docker-swarm-visualizer
• ARMHF VM from Scaleway
• X86 VM from DigitalOcean
References & Legal
Thank You!
Go forth and multi-arch!
@docker #dockercon

From Arm to Z: Building, Shipping, and Running a Multi-platform Docker Swarm - Christy Perez and Christopher Jones, IBM

  • 1.
    FROM ARM toZ: building, shipping, and running a multi-platform Docker swarm Chris Jones Open Source Developer, IBM Christy Perez Open Source Developer, IBM
  • 2.
    • What is"multi-arch?" • Why is this needed? • How to ... • Examples • docker manifest Agenda • Demo – Building images • Demo – Shipping images • Demo – Running Swarm • Q&A
  • 3.
    What are wetalking about?
  • 4.
    • GOAL: User experienceacross architectures is the same What
  • 7.
  • 8.
    $ docker run–it ubuntu standard_init_linux.go:178: exec user process caused “no such file or directory” $ uname –m s390x $ docker run –it s390x/ubuntu root@eb7051894530:/# Why
  • 9.
    $ docker run–it rethinkdb standard_init_linux.go:178: exec user process caused “no such file or directory” $ uname –m aarch64 $ docker run –it aarch64/rethinkdb docker: Error response from daemon: repository aarch64/rethinkdb not found: does not exist or no pull access. Why
  • 11.
    • The userhad to remember he was on a different architecture • Arch-dependent image names harm usability • Siloed projects cause heartbreaks What went wrong?
  • 12.
    • Grow yourproject • Strengths of other platforms Benefits
  • 13.
  • 14.
    • actual hardware •hardware assisted virtualization (KVM) • full-system emulation (QEMU) • user-mode emulation (binfmt_misc) • cross-compiling How Building and running binaries
  • 15.
  • 16.
    • Allows youto run ELF binaries that weren’t compiled on your host architecture • Maps non-native binaries to arch-specific interpreters (e.g. QEMU) • Pre-Configured in Docker for Mac! binfmt_misc
  • 18.
    # create magicnumber (ELF header bit) mappings $ docker run –rm –privileged multiarch/qemu-user- static:register # verify our magic numbers were added, aka our # Rolodex has been created. $ ls /proc/sys/fs/binfmt_misc/ aarch64 arm ppc64le s390x … binfmt_misc – ppc64le e.g.
  • 19.
    # download interpreter $curl -fsSL https://github.com/multiarch/qemu-user- static/releases/download/v2.8.1/x86_64_qemu-ppc64le- static.tar.gz -o ~/x86_64_qemu-ppc64le-static.tar.gz # unzip to /usr/bin/qemu-ppc64le-static $ tar -xvzf ~/x86_64_qemu-ppc64le-static.tar.gz -C /usr/bin/qemu-ppc64le-static binfmt_misc – ppc64le e.g.
  • 20.
    # docker runppc64le image and mount bin $ docker run -it --rm -v /usr/bin/qemu-ppc64le- static:/usr/bin/qemu-ppc64le-static / ppc64le/busybox:latest uname –m uname -m ppc64le binfmt_misc – ppc64le e.g.
  • 21.
    # docker runppc64le image $ docker run -it --rm ppc64le/busybox:latest uname -m uname -m ppc64le Docker for Mac
  • 22.
  • 23.
    $ GOOS=linux GOARCH=armgo build complex cross-compiling in go
  • 24.
  • 25.
    ├── Dockerfile ├── Dockerfile.aarch64 ├──Dockerfile.armhf ├── Dockerfile.ppc64le ├── Dockerfile.s390x ├── Dockerfile.simple ├── Dockerfile.solaris ├── Dockerfile.windows Makefiles, Dockerfiles & build scripts • Multiple Dockerfiles (e.g. Dockerfile.armf) • Don't hard-code in arch in packages, etc.
  • 26.
    • If youmust... • ifdefs & build constraints Optimizations zfs.go:// +build linux freebsd solaris zfs_unsupported.go:// +build !linux,!freebsd,!solaris
  • 27.
  • 28.
    • Multi-arch supportin registry (Jan 2016) • Skopeo Project (https://github.com/projectatomic/skopeo) • Phil Estes' tool (https://github.com/estesp/manifest-tool) • PR to add "docker manifest" (PR #27455) History
  • 29.
    What's a manifest? •Image metadata - Layers - References - OS - Arch - etc.
  • 30.
    What's a manifestlist? • A multi-arch "image" • Contains image manifests • Engine decides which to pull • Not tied to image name • Extra image detail myrepo/mylist amd64 image amrhf image ppc64le image
  • 31.
  • 32.
    • "Shallow pull"of image: manifest only • Pushing multi-architecture image names to registry `docker manifest` command
  • 33.
    # create interactivelyusing cli $ docker manifest create tophj/busybox busybox / aarch64/busybox armhf/busybox ppc64le/busybox / s390x/busybox $ docker manifest annotate tophj/busybox / armhf/busybox --os linux --arch arm --osFeature f1 $ docker manifest push tophj/busybox docker manifest
  • 34.
    # or createusing yaml $ docker manifest push -f clnperez_hw.yaml docker manifest - yaml
  • 35.
    docker manifest inspecttophj/busybox docker manifest inspect busybox docker manifest
  • 36.
    Putting it alltogether: docker swarm
  • 37.
  • 38.
  • 39.
    ├── Dockerfile.armhf ├── Dockerfile.ppc64le ├──Dockerfile.s390x ├── Dockerfile.x86_64 ├── img │ ├── captain_logo.png │ ├── captain.png │ ├── christy_logo.png │ ├── christy.png │ ├── pink.png │ └── tophj.png └── server.go docker swarm demo
  • 40.
    # create ourtophj/demo manifest list which points to our # architecture specific images $ docker manifest create tophj/demo tophj/x86_64-demo tophj/armhf-demo tophj/ppc64le-demo tophj/s390x-demo docker swarm demo
  • 41.
    # annotate tochange armhf to arm $ docker manifest annotate tophj/demo tophj/armhf-demo --os linux --arch arm # finally push the manifest list $ docker manifest push tophj/demo docker swarm demo
  • 42.
    $ docker nodels ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 3nisms9qfi27ko0683bylxyud s390 Ready Active 7jwo7d5braat1l6n63j8xfue6 * x86_64 Ready Active Leader n5tqx2yk77123sjiapqwmu14e armhf Ready Active u30pwzlt5hthwbbsdok8nxyh8 ppc64le Ready Active docker swarm demo
  • 43.
    # start theswarm service using the multi-arch image name $ docker service create --mode global --name dockercon -p 8082:8080 tophj/demo # start a simple load-balancer for fun $ docker run -itd -p 80:81 --name nginx -v /christy/nginx:/etc/nginx nginx # visit the IP of your load balancer in your browser # be sure to refresh for multi-arch fun docker swarm demo
  • 44.
  • 45.
  • 46.
    • Server image: https://c1.staticflickr.com/4/3519/3462607995_150a6b2624_b.jpg •HtcpcpTeapot image: https://commons.wikimedia.org/wiki/File:Htcpcp_teapot.jpg • Raspberry Pi is a trademark of the Raspberry Pi Foundation. • https://github.com/dockersamples/docker-swarm-visualizer • ARMHF VM from Scaleway • X86 VM from DigitalOcean References & Legal
  • 47.
    Thank You! Go forthand multi-arch! @docker #dockercon