Introduction to Docker

An Introduction
A pecha-kucha inspired presentation
by Nissan Dookeran
1of 401

2of 402
Static website
Web frontend
User DB
Queue Analytics DB
Background workers
API endpoint
nginx 1.5 + modsecurity + openssl + bootstrap 2
postgresql + pgv8 + v8
hadoop + hive + thrift + OpenJDK
Ruby + Rails + sass + Unicorn
Redis + redis-sentinel
Python 3.0 + celery + pyredis + libcurl + ffmpeg + libopencv + nodejs +
phantomjs
Python 2.7 + Flask + pyredis + celery + psycopg + postgresql-client
Development VM
QA server
Public Cloud
Disaster recovery
Contributor’s laptop
Production Servers
The Challenge
Multiplicityof
Stacks
Multiplicityof
hardware
environments
Production Cluster
Customer Data Center
Doservicesand
appsinteract
appropriately?
CanImigrate
smoothlyand
quickly?

of 403
The Matrix From Hell
Static website
Web frontend
Background workers
User DB
Analytics DB
Queue
Developmen
t VM
QA Server
Single Prod
Server
Onsite
Cluster
Public Cloud
Contributor’
s laptop
Customer
Servers
? ? ? ? ? ? ?
? ? ? ? ? ? ?
? ? ? ? ? ? ?
? ? ? ? ? ? ?
? ? ? ? ? ? ?
? ? ? ? ? ? ?

of 404
Static website Web frontendUser DB Queue Analytics DB
Development
VM
QA server Public Cloud Contributor’s
laptop
Docker is a shipping container system
for code
MultiplicityofStacks
Multiplicityof
hardware
environments
Production
Cluster
Customer Data
Center
Doservicesand
appsinteract
appropriately?
CanImigrate
smoothlyand
quickly
…that can be manipulated using
standard operations and run
consistently on virtually any
hardware platform
An engine that enables any
payload to be encapsulated
as a lightweight, portable,
self-sufficient container…

of 405
Static website
Web frontend
Background workers
User DB
Analytics DB
Queue
Developmen
t VM
QA Server
Single Prod
Server
Onsite
Cluster
Public Cloud
Contributor’
s laptop
Customer
Servers
Docker eliminates the matrix from
Hell

Of 406
Why it works—separation of concerns
• Dan the Developer
– Worries about what’s “inside”
the container
• His code
• His Libraries
• His Package Manager
• His Apps
• His Data
– All Linux servers look the same
• Oscar the Ops Guy
• Worries about what’s “outside”
the container
• Logging
• Remote access
• Monitoring
• Network config
• All containers start, stop, copy,
attach, migrate, etc. the same
way

Of 407
App
A
Containers vs. VMs
Hypervisor (Type 2)
Host OS
Server
Gues
t
OS
Bins/
Libs
App
A’
Gues
t
OS
Bins/
Libs
App
B
Gues
t
OS
Bins/
Libs
AppA’
Docker
Host OS
Server
Bins/Libs
AppA
Bins/Libs
AppB
AppB’
AppB’
AppB’
VM
Container
Containers are isolated,
but share OS and, where
appropriate, bins/libraries
Gues
t
OS
Gues
t
OS
…result is significantly faster deployment,
much less overhead, easier migration,
faster restart

Of 408
Why are Docker containers
lightweight?
Bins/
Libs
App
A
Original App
(No OS to take
up space, resources,
or require restart)
AppΔ
Bins
/
App
A
Bins/
Libs
App
A’
Gues
t
OS
Bins/
Libs
Modified App
Copy on write
capabilities allow
us to only save the diffs
Between container A
and container
A’
VMs
Every app, every copy of an
app, and every slight modification
of the app requires a new virtual server
App
A
Gues
t
OS
Bins/
Libs
Copy of
App
No OS. Can
Share bins/libs
App
A
Gues
t
OS
Gues
t
OS
VMs Containers

Of 409
What are the basics of the Docker
system?
Source
Code
Repositor
y
Dockerfil
e
For
A
Docker Engine
Docker
Container
Image
Registry
Build
Docker
Host 2 OS (Linux)
ContainerA
Container
B
Container
C
ContainerA
Push
Search
Pull
Run
Host 1 OS (Linux)

Of 4010
Changes and Updates
Docker Engine
Docker
Container
Image
Registry
Docker Engine
Push
Update
Bins/
Libs
App
A
AppΔ
Bins
/
Base
Container
Image
Host is now running A’’
Container
Mod A’’
AppΔ
Bins
/
Bins/
Libs
App
A
Bins
/
Bins/
Libs
App
A’’
Host running A wants to upgrade to A’’.
Requests update. Gets only diffs
Container
Mod A’

Of 4011
Ecosystem Support
• Operating systems
– Virtually any distribution with a 2.6.32+ kernel
– Red Hat/Docker collaboration to make work across RHEL 6.4+, Fedora, and other members of the family (2.6.32 +)
– CoreOS—Small core OS purpose built with Docker
• OpenStack
– Docker integration into NOVA (& compatibility with Glance, Horizon, etc.) accepted for Havana release
• Private PaaS
– OpenShift
– Solum (Rackspace, OpenStack)
– Other TBA
• Public PaaS
– Deis, Voxoz, Cocaine (Yandex), Baidu PaaS
• Public IaaS
– Native support in Rackspace, Digital Ocean,+++
– AMI (or equivalent) available for AWS & other
• DevOps Tools
– Integrations with Chef, Puppet, Jenkins, Travis, Salt, Ansible +++
• Orchestration tools
– Mesos, Heat, ++
– Shipyard & others purpose built for Docker
• Applications
– 1000’s of Dockerized applications available at index.docker.io

Getting Started
• Verify you have Oracle VirtualBox 4.3.x
• Install Docker
(https://docs.docker.com/installation/)
• UPDATE: Use https://www.docker.com/docker-
toolbox
– Installs Docker Client, Docker Machine, Docker
Compose, Docker Kitematic, VirtualBox
– NOTE: for OS X, you can use brew: brew install
docker-machine
– Windows: need to have HVT (Hyper-V)
• Understand the architecture
• Smoke test
Of 4014

Smoke Test Environment: (1)
Of 4016
Run the following commands from shell:
docker info
Output:
Containers: 0
Images: 0
Storage Driver: aufs
Root Dir: /mnt/sda1/var/lib/docker/aufs
Backing Filesystem: tmpfs
Dirs: 0
Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.1.10-boot2docker
Operating System: Boot2Docker 1.8.3 (TCL 6.4); master : af8b089 - Mon Oct 12 18:56:54 UTC 2015
CPUs: 1
Total Memory: 1.956 GiB
Name: default
ID: 54V7:OQNP:A4GT:D2T5:USDN:QLUG:PDOC:4I7I:I3O4:XW62:RCUP:24A7
Debug mode (server): true
File Descriptors: 10
Goroutines: 16
System Time: 2015-10-15T23:34:17.354643925Z
EventsListeners: 0
Init SHA1:
Init Path: /usr/local/bin/docker
Docker Root Dir: /mnt/sda1/var/lib/docker
Labels:
provider=virtualbox

Smoke Test Environment (2)
Of 4017
Run the following commands from shell:
docker ps
Output:
CONTAINER ID IMAGE COMMAND
CREATED STATUS PORTS
NAMES

Pull a Docker image
Of 4018
Pull Centos7 from DockerHub (http://docker.io)
docker pull centos:7
output:
ceposta@postamac(~) $ docker pull centos:7
7: Pulling from library/centos
fa5be2806d4c: Pull complete
0cd86ce0a197: Pull complete
e9407f1d4b65: Pull complete
c9853740aa05: Pull complete
e9fa5d3a0d0e: Pull complete
Digest:
sha256:def5c79bc29849815dec7dddc8f75530a9115c94d5b17e0e6807f92990
2fab62
Status: Downloaded newer image for centos:7

List Docker images
Of 4021
List locally, installed images
docker images
output:
ceposta@postamac(~) $ docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos 7 e9fa5d3a0d0e 2 days ago 172.3 MB
Show all images, including intermediate
docker images -a
output:
ceposta@postamac(~) $ docker images -a
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
centos 7 e9fa5d3a0d0e 2 days ago 172.3 MB
<none> <none> c9853740aa05 2 days ago 172.3 MB
<none> <none> e9407f1d4b65 2 days ago 172.3 MB
<none> <none> 0cd86ce0a197 2 days ago 172.3 MB
<none> <none> fa5be2806d4c 5 weeks ago 0 B

Run a Docker container
Of 4022
Let’s run a linux command inside a docker container:
docker run --rm centos:7 echo "hello world"
output:
ceposta@postamac(~) $ docker run --rm centos:7 echo "hello world"
hello world
Woah, what happened? It just printed out "hello, world"?
So what?

Of 4023
Let’s run a shell inside a docker container:
docker run -it --rm centos:7 bash
output:
[root@d7dfcc490cbe /]# _
Cool! We have a bash shell, and a minimal distro of
Centos 7! Did you see how fast that booted up? Typing
ls -l /etc/*-release from the new bash prompt
shows us we indeed have a Centos 7 distro:
[root@c2c2b8a65afe /]# ls -l /etc/*-release
-rw-r--r-- 1 root root 38 Mar 31 2015 /etc/centos-release
-rw-r--r-- 1 root root 393 Mar 31 2015 /etc/os-release
lrwxrwxrwx 1 root root 14 Aug 14 21:00 /etc/redhat-release -> centos-
release
lrwxrwxrwx 1 root root 14 Aug 14 21:00 /etc/system-release -> centos-
release

Of 4024
Run some other commands from within the
container:
hostname -f
cat /etc/hosts
ps aux
yum -y install vim
ip a
A real linux distro right? Did you notice that
ps aux didn’t show too many processes?

Of 4025
Let’s do some destructive stuff:
rm -fr /usr/sbin
Wuh? you deleted all of the sacred system tools!?
Let’s delete some user tools too
rm -fr /usr/bin
output:
[root@c2c2b8a65afe /]# ls
bash: /usr/bin/ls: No such file or directory
Whoops… cannot ls or do anything useful anymore.
What have we done!?

Of 4026
No worries! Just exit the container and fire
up a new one:
Everything is back! Phew….

Of 4027
No worries! Just exit the container and fire
up a new one:
Everything is back! Phew….

Run Apache Tomcat in a Docker
container
Of 4028
Now let’s run a JVM based application like Apache Tomcat:
docker run --rm -p 8888:8080 tomcat:8.0
Since the Tomcat 8.0 docker image doesn’t exist, Docker will try to automatically pull it
from the registry. Give it a moment, and you should see tomcat start successfully:
16-Oct-2015 18:30:51.541 INFO [localhost-startStop-1]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory
/usr/local/tomcat/webapps/manager has finished in 28 ms
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory
/usr/local/tomcat/webapps/examples
/usr/local/tomcat/webapps/examples has finished in 566 ms
/usr/local/tomcat/webapps/ROOT
/usr/local/tomcat/webapps/ROOT has finished in 45 ms
16-Oct-2015 18:30:52.176 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["http-nio-8080"]
16-Oct-2015 18:30:52.206 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["ajp-nio-8009"]
16-Oct-2015 18:30:52.208 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 1589 ms

container
Of 4029
Let’s explore that command for a quick sec:
docker run --rm -p 8888:8080 tomcat:8.0
•--rm tells us that we want to remove the
container (delete) when it’s done running
•-p 8888:8080 tells us we want to map the
container’s port 8080 to the host port of 8888
So if we try to connect to http://localhost:8888
we should be able to reach our tomcat server!

container
Of 4030
Well, not quite. Why not?
Problem:
Our Docker Host has been mapped properly, but we cannot reach it
from our host (Windows/MacOSX) because the VM does not expose
those ports.
Solution:
Map ports for tomcat
How: Enable port forwarding between the VM Host (windows/Mac) and
the VM Guest (Docker host):

container
Of 4031

container
Of 4032
Now navigate in a browser to http://localhost:8888

container
Of 4033
We have a running container that has tomcat in it! WooHoo! Let’s explore the
tomcat container really quick. Fire up a new shell window (separate than the
running tomcat docker container from previous)
docker ps
output:
ceposta@postamac(~) $ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
PORTS NAMES
c2c059a3baab tomcat:8.0 "catalina.sh run" 36 minutes ago Up 36 minutes
0.0.0.0:8888->8080/tcp dreamy_kowalevski
Let’s log into the container to explore:
docker exec -it <container_id> bash
We should now be at the bash prompt for the tomcat container. Feel free to
explore around a bit.

container
Of 4034
Now exit out of the tomcat container
exit
And switch back to the other window where we ran tomcat. Let’s
CTR+C that window and exit the docker container.
We should have no containers running:
docker ps
Nor should we have any stopped containers:
docker ps -a
This is because we used the --rm command when we started the
tomcat container, so it will automatically remove the container.

container
Of 4035
Here are some other useful docker run flags:
•--name give your container a unique name
•-d run your container in daemon mode (in the background)
•--dns give your container a different nameserver from the host
•-it interactive with tty (wouldn’t use this with -d)
•-e pass in environment variables to the container
•--expose expose ports from the docker container
•-P expose all published ports on the container
•-p map a specific port from the container to the host
host:container
Also commands like --link and --volume (a little more advanced).

container
Of 4036
Let’s use some of those previous run command-line flags and start tomcat in
the background:
docker run -d --name="tomcat8" -p 8888:8080 tomcat:8.0
Note, we also gave this container a name, so we can refer to it by name instead
of container id:
docker logs tomcat8
output:
examples
/usr/local/tomcat/webapps/examples has finished in 526 ms
/usr/local/tomcat/webapps/ROOT
/usr/local/tomcat/webapps/ROOT has finished in 60 ms
16-Oct-2015 19:19:20.515 INFO [main] org.apache.coyote.AbstractProtocol.start Starting
ProtocolHandler ["http-nio-8080"]
16-Oct-2015 19:19:20.527 INFO [main] org.apache.coyote.AbstractProtocol.start Starting
ProtocolHandler ["ajp-nio-8009"]
16-Oct-2015 19:19:20.547 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in
1497 ms

container
Of 4037
Feel free to play around with the container a little bit
more. When finished, stop the container:
docker stop tomcat8
If you run docker ps you shouldn’t see the container
running any more. However, docker run -a will show
all containers even the stopped ones. We can remove a
container with:
docker rm tomcat8
Then neither docker ps nor docker ps -a should
show the container.

Next steps
Of 4038
• Register for a DockerHub account - https://hub.docker.com
• Read up on Dockerfile syntax to create your own Docker images and best practices
• http://docs.docker.com/engine/reference/builder/
• https://docs.docker.com/engine/articles/dockerfile_best-practices/
• Feel free to check out some of my Dockerfiles on DockerHub
• https://hub.docker.com/u/nissan/
• Feel free to also check out some of the Dockerfiles I am working on in GitHub
• https://github.com/nissan?tab=repositories

References/Further Readings
• Red Hat Workshops – Intro to Docker and
Kubernetes (next steps walkthru on
Docker/Tomcat setup)
• Slideshare – Introduction to Docker
Of 4039

Introduction to Docker

More Related Content

What's hot

Viewers also liked

Similar to Introduction to Docker

Recently uploaded

Introduction to Docker

Editor's Notes