Linux Container Brief for IEEE WG P2302Boden Russell
A brief into to Linux Containers presented to IEEE working group P2302 (InterCloud standards and portability). This deck covers:
- Definitions and motivations for containers
- Container technology stack
- Containers vs Hypervisor VMs
- Cgroups
- Namespaces
- Pivot root vs chroot
- Linux Container image basics
- Linux Container security topics
- Overview of Linux Container tooling functionality
- Thoughts on container portability and runtime configuration
- Container tooling in the industry
- Container gaps
- Sample use cases for traditional VMs
Overall, a bulk of this deck is covered in other material I have posted here. However there are a few new slides in this deck, most notability some thoughts on container portability and runtime config.
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
This document provides an introduction to Docker. It discusses key Docker concepts like OS virtualization using containers as opposed to virtual machines. Containers isolate processes and filesystems using cgroups, namespaces and UnionFS. Namespaces provide isolation for processes, networking, mounts etc. Cgroups are used to limit, account and isolate resource usage. The document also covers Docker storage and networking as well as security best practices.
Rooting Out Root: User namespaces in DockerPhil Estes
This talk on the progress to bring user namespace support into Docker was presented by Phil Estes at LinuxCon/ContainerCon 2015 on Wednesday, Aug. 19th, 2015
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
This talk was delivered at DockerCon Europe 2015 in Barcelona.
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the last stop of the "Tour de France" in Bordeaux. It is slightly different from the presentation which was shown in the other cities (http://www.slideshare.net/jpetazzo/introduction-to-docker-december-2014-tour-de-france-edition), and includes a detailed history of dotCloud and Docker and a few other differences.
Special thanks to https://twitter.com/LilliJane and https://twitter.com/zirkome, who gave me the necessary motivation to put together this slightly different presentation, since they had already seen the other presentation in Paris :-)
Linux Container Brief for IEEE WG P2302Boden Russell
A brief into to Linux Containers presented to IEEE working group P2302 (InterCloud standards and portability). This deck covers:
- Definitions and motivations for containers
- Container technology stack
- Containers vs Hypervisor VMs
- Cgroups
- Namespaces
- Pivot root vs chroot
- Linux Container image basics
- Linux Container security topics
- Overview of Linux Container tooling functionality
- Thoughts on container portability and runtime configuration
- Container tooling in the industry
- Container gaps
- Sample use cases for traditional VMs
Overall, a bulk of this deck is covered in other material I have posted here. However there are a few new slides in this deck, most notability some thoughts on container portability and runtime config.
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
This document provides an introduction to Docker. It discusses key Docker concepts like OS virtualization using containers as opposed to virtual machines. Containers isolate processes and filesystems using cgroups, namespaces and UnionFS. Namespaces provide isolation for processes, networking, mounts etc. Cgroups are used to limit, account and isolate resource usage. The document also covers Docker storage and networking as well as security best practices.
Rooting Out Root: User namespaces in DockerPhil Estes
This talk on the progress to bring user namespace support into Docker was presented by Phil Estes at LinuxCon/ContainerCon 2015 on Wednesday, Aug. 19th, 2015
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
Linux containers are different from Solaris Zones or BSD Jails: they use discrete kernel features like cgroups, namespaces, SELinux, and more. We will describe those mechanisms in depth, as well as demo how to put them together to produce a container. We will also highlight how different container runtimes compare to each other.
This talk was delivered at DockerCon Europe 2015 in Barcelona.
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the last stop of the "Tour de France" in Bordeaux. It is slightly different from the presentation which was shown in the other cities (http://www.slideshare.net/jpetazzo/introduction-to-docker-december-2014-tour-de-france-edition), and includes a detailed history of dotCloud and Docker and a few other differences.
Special thanks to https://twitter.com/LilliJane and https://twitter.com/zirkome, who gave me the necessary motivation to put together this slightly different presentation, since they had already seen the other presentation in Paris :-)
Adrian Otto from Rackspace will present his perspective of "Docker 101", for Docker novices. Learn the difference between Dockerfiles, containers, running containers, terminated containers, container images, Docker Registry, and a demo of the Docker CLI that goes beyond what you learn from the online simulator.
Docker is an open platform for building and running distributed applications across multiple isolated containers. It allows encapsulating applications into lightweight executable packages called containers that include all necessary dependencies. The document discusses Docker's architecture, components, image layers, repositories, building images using Dockerfiles, and challenges in implementing Docker in real-world systems due to limitations in separating runtime configuration and data. Competition in the container space from projects like Rocket, Project Atomic, and Vagga is also discussed.
This document summarizes a Docker meetup event in Puebla, Mexico celebrating the 4th anniversary of Docker. The meetup included talks about Docker platform and hands-on labs. Ramon Morales gave a presentation about Docker and its components including images, containers, registries, and Docker Engine. He explained how Docker works and potential use cases. The event aimed to educate the local developer community about Docker and encourage participation in the global Docker community.
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
This document provides an introduction and overview of Linux containers as next-generation virtualization for cloud computing. It discusses how Linux containers provide better performance and flexibility than traditional virtual machines through the use of cgroups and namespaces. It also covers how containerization is gaining industry momentum and provides lower total cost of ownership through integration with modern Linux kernels and open source tooling. Finally, it defines key Linux container technologies, compares containers to hypervisors, and discusses building and securing Linux containers.
Docker is an open-source tool that allows developers to easily deploy applications inside isolated containers. Kubernetes is an open-source system for automating deployment and management of containerized applications across clusters of hosts. It coordinates containerized applications across nodes by providing mechanisms for scheduling, service discovery, and load balancing. The key components of Kubernetes include Pods, Services, ReplicationControllers, Scheduler, API Server, etcd and Nodes.
Describes what is lightweight virtualization and containers, and the low-level mechanisms in the Linux kernel that it relies on: namespaces, cgroups. It also gives details on AUFS. Those component together are the key to understanding how modern systems like Docker (http://www.docker.io/) work.
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Jérôme Petazzoni
Containers, Docker, and Security: State of the Union
This document discusses the past, present, and future of container security with Docker. It summarizes that container isolation used to be a major concern but improvements have been made through finer-grained permissions and immutable containers. Image provenance is now a bigger issue but techniques like Docker Content Trust (Notary) help address it. Defense in depth with both containers and VMs is recommended. The security of containers continues to improve through practices like better upgrades, security benchmarks, and policies.
This document summarizes key aspects of Docker internals, including how it provides isolation using namespaces and cgroups, manages images using AUFS and layers, and runs and manages containers via its daemon. It outlines Docker's use of isolation, images, process management, and roadmap for future versions including new backend interfaces and improved service discovery.
The document provides instructions for installing Red Hat Enterprise Linux 6 (RHEL 6) using the basic graphical installation process, including requirements for hardware, partitioning disks, setting the hostname and time zone, creating users and passwords, and selecting installation options. It outlines the steps to boot from the installation media, navigate the installation screens to configure language and keyboard settings, storage selection, networking configuration, and partitioning disks for the root, boot and swap partitions.
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
LXC, Docker, and the future of software delivery | LinuxCon 2013dotCloud
This document discusses Linux containers and Docker. It describes how Linux containers provide isolation using namespaces and cgroups to allow applications to run consistently across different environments. Docker builds on Linux containers to make them easy to use, create, share, and deploy. Docker allows building images from Dockerfiles, sharing images in registries, and developing hybrid cloud workflows. The document outlines Docker's roadmap and growing ecosystem of tools and projects building on Docker.
This document discusses Docker internals and components. It covers:
1. Docker provides build once, configure once capabilities to deploy applications everywhere reliably, consistently, efficiently and cheaply.
2. Docker components include the Docker daemon, libcontainer, cgroups, namespaces, AUFS/BTRFS/dm-thinp, and the kernel-userspace interface.
3. Docker uses filesystem isolation through layering, copy-on-write, caching and differencing using union filesystems like AUFS to provide efficient sharing of files between containers.
This document discusses using Docker to create an automated dump analysis environment called dumpdocker. It describes how Docker can be used to containerize an application and its dependencies to easily recreate the runtime environment of a crashed server for debugging purposes. Dump analysis is currently difficult due to the need to setup complex debugging environments, but Docker simplifies this process. The dumpdocker project aims to leverage Docker to automatically analyze crash dumps and provide initial analysis reports.
This document discusses using Docker for development and delivery environments. It begins with an introduction to Docker, explaining that it is an open platform for building, shipping and running distributed applications using lightweight containers. It then covers benefits of Docker like portability and reduced dependencies compared to traditional VMs. The document shows how to install and configure Docker, build Docker images from Dockerfiles, run containers from images using docker-compose, modify images and redeploy them. It also discusses using Docker to build microservices applications with independent, upgradeable services in separate containers.
The document provides an overview of containerization basics using Docker. It defines key Docker terminology like images, containers, daemon, client, and Docker Hub. It explains how to run a static website in a container, view running containers and images, build and push custom images to a private registry. It also covers container logging and setting up a private Docker registry using the registry image.
The document discusses Docker and container orchestration tools. It begins with an agenda on multi-machine Docker swarms and alternatives like Kubernetes and Mesos. It then covers setting up a multi-node Docker swarm across two virtual machines, deploying an application to the swarm, and accessing the clustered application. Moby Project is introduced as the new name for Docker's open source components to distinguish them from commercial Docker products. Tools like Kitematic, Docker's Universal Control Plane, and Panamax are also briefly mentioned.
1. Create a Dockerfile that defines the base image, installs Nginx and any modules, and exposes ports 80 and 443.
2. Build the image from the Dockerfile using "docker build ."
3. Run a container from the new image and publish the ports so Nginx is accessible.
Linux containers provide isolation between applications using namespaces and cgroups. While containers appear similar to VMs, they do not fully isolate applications and some security risks remain. To improve container security, Docker recommends: 1) not running containers as root, 2) dropping capabilities like CAP_SYS_ADMIN, 3) enabling user namespaces, and 4) using security modules like SELinux. However, containers cannot fully isolate applications that need full hardware or kernel access, so virtual machines may be needed in some cases.
The document provides an agenda for a DevOps with Containers training over 4 days. Day 1 covers Docker commands and running containers. Day 2 focuses on Docker images, networks, and storage. Day 3 introduces Docker Compose. Day 4 is about Kubernetes container orchestration. The training covers key Docker and DevOps concepts through presentations, videos, labs, and reading materials.
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsElasTest Project
This document discusses using Docker to build and test applications in laptops and Jenkins. It begins with an introduction to the author and their background/expertise. It then covers virtualization and containers, including VirtualBox, Vagrant, and Docker. The main concepts of Docker like images, containers, registries are defined. Hands-on examples are provided for running basic Docker commands, managing the lifecycle of containers, exposing network services, and managing Docker images. Building a simple Python web application image is demonstrated as a first example of creating a custom Docker image.
Adrian Otto from Rackspace will present his perspective of "Docker 101", for Docker novices. Learn the difference between Dockerfiles, containers, running containers, terminated containers, container images, Docker Registry, and a demo of the Docker CLI that goes beyond what you learn from the online simulator.
Docker is an open platform for building and running distributed applications across multiple isolated containers. It allows encapsulating applications into lightweight executable packages called containers that include all necessary dependencies. The document discusses Docker's architecture, components, image layers, repositories, building images using Dockerfiles, and challenges in implementing Docker in real-world systems due to limitations in separating runtime configuration and data. Competition in the container space from projects like Rocket, Project Atomic, and Vagga is also discussed.
This document summarizes a Docker meetup event in Puebla, Mexico celebrating the 4th anniversary of Docker. The meetup included talks about Docker platform and hands-on labs. Ramon Morales gave a presentation about Docker and its components including images, containers, registries, and Docker Engine. He explained how Docker works and potential use cases. The event aimed to educate the local developer community about Docker and encourage participation in the global Docker community.
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
This document provides an introduction and overview of Linux containers as next-generation virtualization for cloud computing. It discusses how Linux containers provide better performance and flexibility than traditional virtual machines through the use of cgroups and namespaces. It also covers how containerization is gaining industry momentum and provides lower total cost of ownership through integration with modern Linux kernels and open source tooling. Finally, it defines key Linux container technologies, compares containers to hypervisors, and discusses building and securing Linux containers.
Docker is an open-source tool that allows developers to easily deploy applications inside isolated containers. Kubernetes is an open-source system for automating deployment and management of containerized applications across clusters of hosts. It coordinates containerized applications across nodes by providing mechanisms for scheduling, service discovery, and load balancing. The key components of Kubernetes include Pods, Services, ReplicationControllers, Scheduler, API Server, etcd and Nodes.
Describes what is lightweight virtualization and containers, and the low-level mechanisms in the Linux kernel that it relies on: namespaces, cgroups. It also gives details on AUFS. Those component together are the key to understanding how modern systems like Docker (http://www.docker.io/) work.
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...Jérôme Petazzoni
Containers, Docker, and Security: State of the Union
This document discusses the past, present, and future of container security with Docker. It summarizes that container isolation used to be a major concern but improvements have been made through finer-grained permissions and immutable containers. Image provenance is now a bigger issue but techniques like Docker Content Trust (Notary) help address it. Defense in depth with both containers and VMs is recommended. The security of containers continues to improve through practices like better upgrades, security benchmarks, and policies.
This document summarizes key aspects of Docker internals, including how it provides isolation using namespaces and cgroups, manages images using AUFS and layers, and runs and manages containers via its daemon. It outlines Docker's use of isolation, images, process management, and roadmap for future versions including new backend interfaces and improved service discovery.
The document provides instructions for installing Red Hat Enterprise Linux 6 (RHEL 6) using the basic graphical installation process, including requirements for hardware, partitioning disks, setting the hostname and time zone, creating users and passwords, and selecting installation options. It outlines the steps to boot from the installation media, navigate the installation screens to configure language and keyboard settings, storage selection, networking configuration, and partitioning disks for the root, boot and swap partitions.
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxConJérôme Petazzoni
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
LXC, Docker, and the future of software delivery | LinuxCon 2013dotCloud
This document discusses Linux containers and Docker. It describes how Linux containers provide isolation using namespaces and cgroups to allow applications to run consistently across different environments. Docker builds on Linux containers to make them easy to use, create, share, and deploy. Docker allows building images from Dockerfiles, sharing images in registries, and developing hybrid cloud workflows. The document outlines Docker's roadmap and growing ecosystem of tools and projects building on Docker.
This document discusses Docker internals and components. It covers:
1. Docker provides build once, configure once capabilities to deploy applications everywhere reliably, consistently, efficiently and cheaply.
2. Docker components include the Docker daemon, libcontainer, cgroups, namespaces, AUFS/BTRFS/dm-thinp, and the kernel-userspace interface.
3. Docker uses filesystem isolation through layering, copy-on-write, caching and differencing using union filesystems like AUFS to provide efficient sharing of files between containers.
This document discusses using Docker to create an automated dump analysis environment called dumpdocker. It describes how Docker can be used to containerize an application and its dependencies to easily recreate the runtime environment of a crashed server for debugging purposes. Dump analysis is currently difficult due to the need to setup complex debugging environments, but Docker simplifies this process. The dumpdocker project aims to leverage Docker to automatically analyze crash dumps and provide initial analysis reports.
This document discusses using Docker for development and delivery environments. It begins with an introduction to Docker, explaining that it is an open platform for building, shipping and running distributed applications using lightweight containers. It then covers benefits of Docker like portability and reduced dependencies compared to traditional VMs. The document shows how to install and configure Docker, build Docker images from Dockerfiles, run containers from images using docker-compose, modify images and redeploy them. It also discusses using Docker to build microservices applications with independent, upgradeable services in separate containers.
The document provides an overview of containerization basics using Docker. It defines key Docker terminology like images, containers, daemon, client, and Docker Hub. It explains how to run a static website in a container, view running containers and images, build and push custom images to a private registry. It also covers container logging and setting up a private Docker registry using the registry image.
The document discusses Docker and container orchestration tools. It begins with an agenda on multi-machine Docker swarms and alternatives like Kubernetes and Mesos. It then covers setting up a multi-node Docker swarm across two virtual machines, deploying an application to the swarm, and accessing the clustered application. Moby Project is introduced as the new name for Docker's open source components to distinguish them from commercial Docker products. Tools like Kitematic, Docker's Universal Control Plane, and Panamax are also briefly mentioned.
1. Create a Dockerfile that defines the base image, installs Nginx and any modules, and exposes ports 80 and 443.
2. Build the image from the Dockerfile using "docker build ."
3. Run a container from the new image and publish the ports so Nginx is accessible.
Linux containers provide isolation between applications using namespaces and cgroups. While containers appear similar to VMs, they do not fully isolate applications and some security risks remain. To improve container security, Docker recommends: 1) not running containers as root, 2) dropping capabilities like CAP_SYS_ADMIN, 3) enabling user namespaces, and 4) using security modules like SELinux. However, containers cannot fully isolate applications that need full hardware or kernel access, so virtual machines may be needed in some cases.
The document provides an agenda for a DevOps with Containers training over 4 days. Day 1 covers Docker commands and running containers. Day 2 focuses on Docker images, networks, and storage. Day 3 introduces Docker Compose. Day 4 is about Kubernetes container orchestration. The training covers key Docker and DevOps concepts through presentations, videos, labs, and reading materials.
ExpoQA 2017 Using docker to build and test in your laptop and JenkinsElasTest Project
This document discusses using Docker to build and test applications in laptops and Jenkins. It begins with an introduction to the author and their background/expertise. It then covers virtualization and containers, including VirtualBox, Vagrant, and Docker. The main concepts of Docker like images, containers, registries are defined. Hands-on examples are provided for running basic Docker commands, managing the lifecycle of containers, exposing network services, and managing Docker images. Building a simple Python web application image is demonstrated as a first example of creating a custom Docker image.
This document discusses containerization and the Docker ecosystem. It provides a brief history of containerization technologies and an overview of Docker components like Docker Engine, Docker Hub, and Docker Inc. It also discusses developing with Docker through concepts like Dockerfiles, images, and Fig for running multi-container apps. More advanced topics covered include linking containers, volumes, Docker Machine for provisioning, and clustering with Swarm and Kubernetes.
Dockerizing Symfony2 application. Why Docker is so cool And what is Docker? And what are Containers? How they works? What are the ecosystem of Docker? And how to dockerize your web application (can be based on Symfony2 framework)?
Using Docker with OpenStack - Hands On!Adrian Otto
This document outlines an agenda for a hands-on Docker workshop. It includes 3 lessons and 3 hands-on labs. Lesson 1 provides an introduction to Docker concepts like Docker images, containers, and Dockerfiles. Lab 1 guides students on using docker-machine to spin up containers and get shells on Docker hosts. Lesson 2 covers writing Dockerfiles. Lab 2 involves writing Dockerfiles. Lesson 3 discusses linking and networking containers, while Lab 3 demonstrates linking containers on the same and different hosts.
Docker is an open platform for developing, shipping, and running distributed applications. It allows applications to be shipped and run in lightweight containers that can run on any Linux server. Docker uses operating-system-level virtualization and cgroups isolation to deliver lightweight containers quickly. Key features of Docker include portability, lightweight containers that share resources and isolate processes, and automated workflows.
This document discusses Docker, containers, and how Docker addresses challenges with complex application deployment. It provides examples of how Docker has helped companies reduce deployment times and improve infrastructure utilization. Key points covered include:
- Docker provides a platform to build, ship and run distributed applications using containers.
- Containers allow for decoupled services, fast iterative development, and scaling applications across multiple environments like development, testing, and production.
- Docker addresses the complexity of deploying applications with different dependencies and targets by using a standardized "container system" analogous to intermodal shipping containers.
- Companies using Docker have seen benefits like reducing deployment times from 9 months to 15 minutes and improving infrastructure utilization.
This document discusses Docker, containers, and containerization. It begins by explaining why containers and Docker have become popular, noting that modern applications are increasingly decoupled services that require fast, iterative development and deployment to multiple environments. It then discusses how deployment has become complex with diverse stacks, frameworks, databases and targets. Docker addresses this problem by providing a standardized way to package applications into containers that are portable and can run anywhere. The document provides examples of results organizations have seen from using Docker, such as significantly reduced deployment times and increased infrastructure efficiency. It also covers Docker concepts like images, containers, the Dockerfile and Docker Compose.
Running the Oracle SOA Suite Environment in a Docker ContainerGuido Schmutz
Running the Oracle SOA Suite Environment in a Docker Container
The document discusses running the Oracle SOA Suite environment in a Docker container. It begins with an introduction to Docker and its benefits over virtual machines. It then demonstrates various Docker commands like run, logs, images, ps to launch and manage containers. It also covers building custom images using Dockerfiles. The document provides examples to showcase common Docker tasks like committing changes to an image, pulling images, stopping and removing containers.
This document introduces Docker containers and provides examples of using Docker for networking containers across virtual machines. It discusses setting up a GRE tunnel between two VMs to connect their Docker interfaces and allow containers running on different VMs to communicate. Specific commands are provided to configure the Docker and overlay networks on each VM, establish the GRE tunnel, and run a sample container to test the connectivity.
An overview of Docker and Linux containers. There are three parts:
An introduction to Docker and containers
A demo that the audience can try out
An overview of the various vendors and groups in this space
The demo is meant to be a simple, step-by-step recipe that introduces the basic commands and ends by spinning up a node.js app using two linked containers: node and redis.
The final section explores the companies and groups that are working on containers, either complementing Docker's contributions or in direct competition with them.
Docker allows building portable software that can run anywhere by packaging an application and its dependencies in a standardized unit called a container. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes can replicate containers, provide load balancing, coordinate updates between containers, and ensure availability. Defining applications as Kubernetes resources allows them to be deployed and updated easily across a cluster.
- Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. It allows applications to run securely isolated in user-defined containers across any infrastructure.
- Docker uses Linux kernel features like cgroups and namespaces to provide isolation and allocate resources only to the containers that "need" them. This makes containers lightweight and efficient.
- Docker images are read-only templates that serve as the basis for containers. Images are built from Dockerfiles containing a series of commands to assemble an image. Containers are run from images and are read-write.
This document provides an overview of Docker containers and developer workflows using Docker. It defines containers and images, and explains how Docker abstracts machine-specific settings to allow containers to run on different machines. Popular Docker images are listed, and benefits of using Docker for development are outlined. Common Docker commands are also described.
Docker from A to Z, including Swarm and OCCSFrank Munz
This document provides an overview of Docker from A to Z including using Docker with Oracle Container Cloud Service. It discusses basics of Docker including how it provides isolation using Linux namespaces and cgroups. It compares Docker containers to virtual machines and covers Docker images, containers, limitations, networking, security concerns and suggestions. It also discusses using Docker with Oracle technologies including Dockerfiles on GitHub, the Oracle Container Registry, and Oracle Container Cloud Service.
Originally Presented at WebSummit 2015. Find all the materials for the workshop here: https://github.com/emccode/training/tree/master/docker-workshop/websummit
Docker introduction.
References : The Docker Book : Containerization is the new virtualization
http://www.amazon.in/Docker-Book-Containerization-new-virtualization-ebook/dp/B00LRROTI4/ref=sr_1_1?ie=UTF8&qid=1422003961&sr=8-1&keywords=docker+book
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Tech talk on docker with demo
1. Docker Tech Talk with Demo
Docker Tech Talk
1
Sandeep Karnawat
Principal S/W Engineer
2. Sample Agenda
1 Docker Background
2 How to Use Docker
3 Docker Inside
4 Docker Demo
Docker Tech Talk
2
3. What is docker?
• Docker is:
– An open platform for developers and sysadmins to develop, ship, and run
distributed applications [docker.io]
– An open-source project that automates the deployment of applications
inside software containers by providing an additional layer of abstraction
and automation of operating system-level virtualization on Linux
[Wikipedia]
– A tool that can package an application and its dependencies in a virtual
container that can run on any Linux server [451 Research]
Docker Tech Talk
3
4. How is it different from VM?
Docker Tech Talk
4
5. What does Docker look like?
• Docker is a client-server application.
– Docker client and the daemon can run on the same system, or on different
machines
– They communicate via sockets (or through a RESTful API).
– Users interact with the client to command the daemon
– The daemon, receiving those commands, does the job
Docker Tech Talk
5
6. Sample Agenda
1 Docker Background
2 How to Use Docker
3 Docker Inside
4 Docker Application
Docker Tech Talk
6
7. How to download a docker image
• docker pull <image_name>
– Pull: fetch the image from the Docker Hub Registry
(registry.hub.docker.com)
– Image_name: usually consist of user_name/image_name
– E.g., sudo docker pull skarnawat/mytest_docker
Docker Tech Talk
7
8. How to launch a docker container
• docker run –it <image_name> [command_name]
– Option –t: allocate pseudo-terminal
– Option –i: interactive mode
– Eg: docker run –it mingwei/mytest_docker bash
– Note: when you run “bash” option -i and –t are both needed
– When you do not need “terminal”; use “–d” instead of “-it”
• Where is my container?
– docker ps
– docker ps –a (all containers you have run)
• How can I name my own container?
– docker run –it –n mycontainer mingwei/mytest_docker bash
Docker Tech Talk
8
9. How to generate a new image?
• Manually Create Image
– A container is a running instance of an image
– When all processes inside container exit, container is stopped
– One way to create a new image:
• Create a new container using “docker run –it <image> bash”
• Issue commands: “apt-get install <software>”
• Transform your container to an image:
– docker commit <your_container_name> <your_new_image_name>
– What if I didn’t name my container?
• Use the automatically assigned container id instead.
• Container id could be found using “docker ps “
Docker Tech Talk
9
10. How to generate your own image
• Dockerfile
– Like a makefile, you use it to automate the building of an image:
• docker build –t <your_img_name> .
• Your image is built using the Dockerfile in current directory
• Docker file contains a sequence of commands
– Inside Dockerfile:
• Updates will be applied to new image
• FROM: base image you specify
• RUN: run a command inside container
• ADD: copy files into new image
– Note: tar, gzip bzip2 and etc will be decompressed
• Other Directives:
– http://docs.docker.com/reference/builder/
Docker Tech Talk
10
From ubuntu:14.04
Author: skarnawat
RUN apt-get install binutils
ADD myfile.tar /app
VOLUME [“/yourdata”]
…
12. Login to Existing Container
• You can’t login to an existing container, if
– The container does not have terminal (launched with –d but not –it)
– E.g., docker run –d skdocker/apache apache2ctl -D FOREGROUND
• Option1: sshd server
– Using a sshd, you could login to existing container
– Issues: manage passwords, keys
• Option2: use docker attach
– Docker attach <container_name>
Docker Tech Talk
12
14. Docker Container Implementation
• Namespaces
– Docker takes advantage of a technology called namespaces to provide the
isolated workspace we call the container.
– One container cannot see names in another container’s namespace
– The pid namespace: virtualized process names (PID: Process ID).
– The net namespace: virtualized network interfaces, routing tables, etc.
(NET: Networking).
– The mnt namespace: virtualized file system mount points (MNT: Mount).
Docker Tech Talk
14
15. Linux Container Implementation
• Namespaces
• Control groups
– provide a mechanism for performance isolation
– Cgroup allows you to control the resource usage of:
• CPUSET and CPU USAGE
• Memory
• Disk I/O
• Device visibility
– Cgroup is maintained as a virtual file system (like proc): cgroupfs
Docker Tech Talk
15
16. Your diff
(rw)
Your
view
image #1
Base image
(readonly)
File System (AUFS)
• AUFS: advanced union file system
– Union of all images
– Less storage
– Maximum layers 127
Docker Tech Talk
16
image #2
Your diff
(rw)
Your diff
(ro)
Your diff
(rw)
Your diff
(ro)
17. Docker and LXC
• Docker containers are in linux
container format.
Docker Tech Talk
17
18. Comparison
Docker
• Application container
– Only application process is running
• Ship with file system support
• Use cgroups and namespace
• Has docker image repository
• Support versioning and commit
• Has API support
• Support SELinux and Apparmor
LXC
• Light weight virtual machine
– A set of system daemons are running
• User need to config their file system
• Use cgroups and namespace
• No repository support (can’t move!)
• No support on image version
• No API, only configuration
• Support SELinux and Apparmor
Docker Tech Talk
18
It is still unclear which style of containers will win in the future
19. Docker Start-up Process
• Command: docker run –it ubuntu bash
• What happened?
– Mount aufs (all diffs)
• Transform image name to ID
• Get all diffs required and merge them
– Prepare cgroup file system
– Launch container process (using clone)
• Clone(2) specify using new namespace
• Exec docerinit (launch docker binary)
• Prepare other file systems
– Devfs, tmpfs, proc and etc
– Symlinks for standard I/O
• Change root file system (pivot_root)
• Drop capabilities
– Capget(2)
– Prctl(PR_CAPBSET_DROP, 0x.., 0, 0, 0)
Docker Tech Talk
19
Base image
Base image
(readonly)
Diff (ro)
Diff (ro)
Diff (ro)
Diff (ro)
Diff (ro)
/var/lib/docker/aufs/diff/ID:
/var/lib/docker/aufs/mnt/Container_ID:
20. Docker Start-up Process
• Command: Docker run –it ubuntu bash
• What happened?
– Mount aufs (all diffs)
– Prepare cgroup (resource management)
– Launch container process (using clone)
• Clone(2) specify using new namespace
• Exec docerinit (launch docker binary)
• Prepare other file systems
– Devfs, tmpfs, proc and etc
– Symlinks for standard I/O and etc
Docker Tech Talk
20
Container File System View
base=/var/lib/docker/aufs/mnt/Container_ID:
$base/dev
$base/etc/hostname
$base/etc/resolv.conf
$base/etc/hosts
$base/proc/proc/fd/0
21. Docker Start-up Process
• Command: Docker run –it ubuntu bash
• What happened?
– Mount aufs (all diffs)
– Prepare cgroup (resource management)
– Launch container process (using clone)
• Clone(2) specify using new namespace
• Exec docerinit (launch docker binary)
• Prepare other file systems
– Devfs, tmpfs, proc and etc
– Symlinks for standard I/O
• Change root file system (pivot_root)
Docker Tech Talk
2121
Container File System View
base=/var/lib/docker/aufs/mnt/Container_ID:
/dev
/etc/hostname
/etc/resolv.conf
/etc/hosts
/proc
22. Sample Agenda
1 Docker Background
2 How to Use Docker
3 Docker Inside
4 Docker Demo
Docker Tech Talk
22
Just say “we put different explanation” because it shows different features.
Only talks about right hand side
Should mention there are lots of images available in docker.io
Simple explain on username and image_name
We could mention tag
Should clarify image_name
And command
Explicitly say that -d means “daemon”
Don’t read those bullets
How to script the generation of docker images
Hwo the tag system works
http://blog.docker.com/author/jerome/
http://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/
Practise this slide. Yes, it is possible but not the docker way of doing this!
Go faster for previous 10 slides
Explain nsenter
https://docs.docker.com/introduction/understanding-docker/
Just talk about:
Pid:
Net:
User namespace (simple explain)
https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
It will help you do performance
http://www.thegeekstuff.com/2013/05/linux-aufs/
Animation should show diff from “ro” to “rw”
Check if docker in windows is still using virtual machine.
Say efficient union file system in docker
Say the difference and based on the different goals, the following are the differences.
Pick up the most interesting point!!
Spent less on this paper !!!