SlideShare uma empresa Scribd logo

Docker Online Meetup #3: Docker in Production

Docker, Inc.
Docker, Inc.
1 de 52
Baixar para ler offline
Docker in production Containers, containers everywhere! Not an actual book (yet) Docker Online Meetup www.docker.com @docker
Jérôme Petazzoni (@jpetazzo) Grumpy French DevOps - Go away or I will replace you with a very small shell script Wrote dotCloud PAAS deployment tools - EC2, LXC, Puppet, Python, Shell, ØMQ... Docker contributor - Security, networking... Runs all kinds of crazy things in Docker - Docker-in-Docker, VPN-in-Docker, KVM-in-Docker, Xorg-in-Docker...
Outline Quick recap on Docker and its 1.0 release “Solved” problems: install, build, distribute Service discovery & general plumbing Orchestration (running many containers) Performance (measuring it & improving it) Configuration management Sysadmin chores: logging, backups, remote access
Docker 1.0 1.1 1.1.1 1.1.2 is here! Docker 1.0 released last month for DockerCon Random pick of recent features: - pause/unpause (helps to get consistent commit/snapshot) - SELinux (for, you know, security) - network superpowers with docker run --net … More importantly: it's stamped “production-ready” - you can buy support contracts, training... (in addition to the traditional t-shirts and stickers )☺
Installation On your dev machine: boot2docker - tiny VM (25 MB), works with all virtualization types - wrapper script (OS X only) to run docker CLI locally - future improvements: shared volumes with docker run -v … On your servers: which distro? - use something recent (Ubuntu 14.04 LTS, RHEL 7, Fedora 20...) - special distros: CoreOS, Project Atomic — new but promising
Build with Dockerfiles FROM ubuntu:14.04 MAINTAINER Docker Education Team <education@docker.com> RUN apt-get update RUN apt-get install -y nginx RUN echo 'Hi, I am in your container' >/usr/share/nginx/html/index.html CMD [ "nginx", "-g", "daemon off;" ] EXPOSE 80
Build with Dockerfiles Great for most purposes - caching system allows full rebuilds that are still fast Drawbacks (a.k.a. work in progress) - separate build/run environments (don't ship that 5 GB build image if you just need the 10 MB artifact) - entitlement, credentials, and other secrets (what if the build process needs to access a private repository?) Workarounds - use two Dockerfiles; keep Dockerfiles and images private
Distribute and ship images Docker Hub - docker push, docker pull: it's magic! - public and private images - no on prem version yet; but it's one of the most requested features Run your own registry - docker run registry # “docker run -P” to expose it to LAN - defaults to local storage - can use cloud object storage (Swift, GCE, S3, Elliptics...)
Distribute and ship images Hack around docker load/save - load/save works with plain tarballs - put them wherever you want them - https://github.com/blake-education/dogestry (much image, such docker, wow) Work in progress: pluggable transports - many things are damn good at moving diffs (git, rsync...) - can we borrow something from them?
Service discovery There's more than one way to do it - inject everything we need through environment docker run -e DB_HOST=… -e DB_PORT=… -e … - bind-mount a configuration file into the container docker run -v /etc/docker/config/myapp.yaml:/config.yaml … - resolve everything we need through a highly-available key-value store (zookeeper, etcd, consul...) - resolve everything we need through DNS (consul, skydns, skydock, dnsmasq...)
How do they compare? Let's grade those different methods!
But first, let's look at links
Docker links docker run -d --name frontdb mysqlimage docker run -d --link frontdb:sql webimage DNS entries are created in containers Environment variables are injected in 2nd container SQL_PORT=tcp://172.17.0.10:5432 SQL_PORT_5432_TCP=tcp://172.17.0.10:5432 SQL_PORT_5432_TCP_ADDR=172.17.0.10 SQL_PORT_5432_TCP_PORT=5432 SQL_PORT_5432_TCP_PROTO=tcp Doesn't work across multiple Docker hosts
Service discovery: environment variables Easy to integrate in your code - is there any language that does not support environment variables? Easy to setup - start services, lookup ports, inject variables Even easier with links - fully automatic if using only one host Static - if a service moves, cannot update environment variables
Environment variables: B
Service discovery: bind-mount configuration file Easy to integrate in your code - again, is there a language without a decent JSON/YAML parser? Easy to setup - just like environment variables, but generate a file Kind of dynamic - it's possible to update the configuration files while services run But not really - services have to detect the change and reload the file
Bind-mount configuration file: B
Service discovery: key-value store Harder to integrate in your code - HTTP requests instead of getenv are not too hard, but still Harder to setup - must setup the key-value store; on multiple nodes Kind of dynamic - most of those key-value stores support “watch” operation But not really - services still have to detect the change and reload the file
Key-value stores: D
Service discovery: DNS Easy to integrate in your code - in most cases, no integration is needed at all, works out of the box Harder to setup* - must setup a DNS system that you can easily update Dynamic - you can update DNS zones, no problem No “push”, but... - services won't detect a change, but if something wrong happens (and results into a disconnection) they might re-resolve and retry *Except on a single host, if you use links, since they automatically create DNS entries.
DNS: B
Are we doomed?
Links, take two
The ambassador pattern host 1 (database) docker run -d -name frontdb mysqlimage docker run -d -link frontdb:sql wiring host 2 (web tier) docker run -d -name frontdb wiring docker run -d -link frontdb:sql nginximage
database host web host database container I'm frontdb! web container I want to talk to frontdb! wiring container I actually talk to frontdb! wiring container I pretend I'm frontdb! docker link docker link ?
database host web host database container I'm frontdb! web container I want to talk to frontdb! wiring container I actually talk to frontdb! wiring container I pretend I'm frontdb! docker link docker link ?
database host web host database container I'm frontdb! web container I want to talk to frontdb! wiring container I actually talk to frontdb! wiring container I pretend I'm frontdb! docker link docker link UNICORNS
“...Unicorns?” Work in progress, but you can look at: - Docksul https://github.com/progrium/docksul - Grand Ambassador https://github.com/cpuguy83/docker-grand-ambassador Or roll your own - use some highly-available key-value store (yup, they're back too!) - HAProxy, stunnel, iptables...
Service discovery: links with ambassadors Easy to integrate in your code - it's still environment variables Easy to setup in dev, harder in production - use normal links in dev; get the big guns out only in prod Dynamic - the ambassadors can reroute traffic if necessary
Ambassadors: A
But warning: construction area (They're still work in progress)
Orchestration There's more than one way to do it (again!) - describe your stack in files (Fig, Maestro-NG, Ansible and other CMs) - submit requests through an API (Mesos) - implement something that looks like a PAAS (Flynn, Deis, OpenShift) - the “new wave” (Kubernetes, Centurion, Helios...) - OpenStack (because OpenStack can do everything!)
Introducing the Docker orchestration flowchart
Do you (want to) use OpenStack? Yes - if you are building a PAAS, keep an eye on Solum (and consider contributing) - if you are moving VM workloads to containers, use Nova (that's probably what you already have; just enable the Docker driver) - otherwise, use Heat (and use Docker resources in your Heat templates) No - go to next slide
Are you looking for a PAAS? Yes - CloudFoundry (Ruby, but increasing % Go) - Deis (Python, Docker-ish, runs on top of CoreOS) - Dokku (A few 100s of line of Bash!) - Flynn (Go, bleeding edge) - Tsuru (Go, more mature) - OpenShift geard (Go again!) Choose wisely (or go to the next slide) - http://blog.lusis.org/blog/2014/06/14/paas-for-realists/ “I don’t think ANY of the current private PaaS solutions are a fit right now.”
How many Docker hosts do you have? Only one per app or environment - Fig A few (up to ~10) - Maestro-NG - your favorite CM (e.g. Ansible has a nice Docker module) A lot - Mesos - have a look at (and contribute to) the “new wave” (Centurion, Helios, Kubernetes...)
Work in progress: libswarm Run <something> that... - exposes the Docker API - talks to real Docker hosts - spins Docker hosts up and down as needed - takes care of scheduling, plumbing, scaling... Use your normal client to talk to that <something> - it looks like a Docker host - but it's an elastic, scalable, dynamic, magic Docker host https://github.com/docker/libswarm
Performance: measure things cgroups give us per-container... - CPU usage - memory usage (fine-grained: cache and resident set size) - I/O usage (per device, reads vs writes, in bytes and in ops) cgroups don't give us... - network metrics (have to do tricks with network namespaces) https://github.com/google/cadvisor http://jpetazzo.github.io/2013/10/08/docker-containers-metrics/
Performance: tweak things There isn't much to tweak! - CPU: native - I/O: native on volumes (make sure that your data set etc. is on volumes) - memory: no overhead if you disable memory accounting (userful for HPC; probably not for everything else) - network: no overhead if you run with “--net host” (useful for >1 Gb/s workloads) (or if you have a high packet rate; e.g. VOIP, gaming...)
Configuration management There is more than one way do to it (surprise!) If you don't use a CM system yet, you don't have to - If you're familiar with a CM system, you can use it to encode small- scale deployments (up to, say, 10 nodes) Using CM to manage Docker hosts makes sense But Dockerfiles will be great for apps themselves If you really want to keep using your recipes, here's how to integrate!
Configuration management, if you want to mix VMs and containers Author a single generic Docker image with your favorite CM, “locked and loaded” When creating a container from that image, you give it its identity (certificate/node name/...) When the container starts, it contacts the server, which gives it its configuration (manifests, cookbooks...) After a moment, it will converge to desired state Downside: slow to converge; not 100% reliable
Configuration management, if you want to mix VMs and containers Author a single generic Docker image with your favorite CM, “locked and loaded” When creating a container from that image, you give it its identity (certificate/node name/...) When the container starts, it contacts the server, which gives it its configuration (manifests, cookbooks...) After a moment, it will converge to desired state Downside: slow to converge; not 100% reliable NOT RECOMMENDED
Configuration management, the “immutable infrastructure” way Author a single generic Docker image with your favorite CM, to be used as a base for other images Author other Docker images: FROM me/my_base_puppet_image ADD manifests/ /etc/puppet/manifests RUN puppet apply --certname db1138.dystopia.io Once the image is baked, you don't have to fry it (i.e. it's ready to run without extra steps) Downside: build new image to make a change (can be seen as an advantage)
Configuration management, the “immutable infrastructure” way Author a single generic Docker image with your favorite CM, to be used as a base for other images Author other Docker images: FROM me/my_base_puppet_image ADD manifests/ /etc/puppet/manifests RUN puppet apply --certname db1138.dystopia.io Once the image is baked, you don't have to fry it (i.e. it's ready to run without extra steps) Downside: build new image to make a change (can be seen as an advantage) SLIGHTLY BETTER (BUT STILL KIND OF MEH)
Sysadmin chores Backups Logging Remote access We all know that those are just a small sample of the many boring, necessary evil deeds that sysadmins must commit once in a while.
File-level backups Use volumes docker run --name mysqldata -v /var/lib/mysql busybox true docker run --name mysql --volumes-from mysqldata mysql docker run --rm --volumes-from mysqldata mysqlbackup tar -cJf- /var/lib/mysql | stream-it-to-the-cloud.py Of course, you can use anything fancier than tar (e.g. rsync, tarsnap...)
Data-level backups Use links docker run --name mysql mysql docker run --rm --link mysql:db mysqlbackup mysqldump --all-databases | stream-it-to-the-cloud.py Can be combined with volumes - put the SQL dump on a volume - then backup that volume with file-level tools (previous slide)
Logging for legacy apps Legacy = let me write to eleventy jillion arbitrary files in /var/lib/tomcat/logs! Solution: volumes docker run --name logs -v /var/lib/tomcat/logs busybox true docker run --name tomcat --volumes-from logs my_tomcat_image - Inspect logs: docker run --rm --volumes-from logs ubuntu bash - Ship logs to something else: docker run --name logshipper --volumes-from logs sawmill
Logging for dockerized apps Dockerized = I only write to stdout Solution: Docker CLI/API docker run --name tomcat dockerized_tomcat docker logs tomcat docker run -v /var/run/docker.sock:/var/run/docker.sock logshipper docker logs tomcat | pipestash ... Caveat: logs are not rotated (but PR is on the way)
Remote access If you own the host: SSH to host + nsenter https://github.com/jpetazzo/nsenter If you don't own the host: SSH in the container https://github.com/phusion/baseimage-docker More on that topic (“do I need SSHD in containers?”): http://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/ In the future: - run separate SSH container - log into that - “hop” onto the target container
Docker in production Containers, containers everywhere! Not an actual book (yet) Thank you! Questions? www.docker.com @docker

Recomendados

Cassandra and docker
Cassandra and dockerCassandra and docker
Cassandra and docker
Ben Bromhead
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12X
Jérôme Petazzoni
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
Jérôme Petazzoni
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
Runcy Oommen
 
A Hands-on Introduction to Docker
A Hands-on Introduction to DockerA Hands-on Introduction to Docker
A Hands-on Introduction to Docker
CodeOps Technologies LLP
 
Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)
Jérôme Petazzoni
 
Cassandra and Docker Lessons Learned
Cassandra and Docker Lessons LearnedCassandra and Docker Lessons Learned
Cassandra and Docker Lessons Learned
DataStax Academy
 
Introducing Docker
Introducing DockerIntroducing Docker
Introducing Docker
Francesco Pantano
 

Recomendados

Cassandra and docker
Cassandra and dockerCassandra and docker
Cassandra and docker
Ben Bromhead
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12X
Jérôme Petazzoni
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
Jérôme Petazzoni
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshop
Runcy Oommen
 
A Hands-on Introduction to Docker
A Hands-on Introduction to DockerA Hands-on Introduction to Docker
A Hands-on Introduction to Docker
CodeOps Technologies LLP
 
Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)Microservices. Microservices everywhere! (At OSCON 2015)
Microservices. Microservices everywhere! (At OSCON 2015)
Jérôme Petazzoni
 
Cassandra and Docker Lessons Learned
Cassandra and Docker Lessons LearnedCassandra and Docker Lessons Learned
Cassandra and Docker Lessons Learned
DataStax Academy
 
Introducing Docker
Introducing DockerIntroducing Docker
Introducing Docker
Francesco Pantano
 
Docker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing Meetup
Jérôme Petazzoni
 
Introduction to Docker and deployment and Azure
Introduction to Docker and deployment and AzureIntroduction to Docker and deployment and Azure
Introduction to Docker and deployment and Azure
Jérôme Petazzoni
 
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerRunning High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Sematext Group, Inc.
 
Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77
chhorn
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
ViSenze - Artificial Intelligence for the Visual Web
 
Django via Docker
Django via DockerDjango via Docker
Django via Docker
Brenden West
 
Docker
DockerDocker
Docker
Chen Chun
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
Liang Bo
 
Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
Build High-Performance, Scalable, Distributed Applications with Stacks of Co... Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
Yandex
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCS
Frank Munz
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
Boden Russell
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
Liang Bo
 
Docker
DockerDocker
Docker
Brian Hogan
 
Docker.io
Docker.ioDocker.io
Docker.io
Ladislav Prskavec
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Justyna Ilczuk
 
ABCs of docker
ABCs of dockerABCs of docker
ABCs of docker
Sabyrzhan Tynybayev
 
Portable TeX Documents (PTD): PackagingCon 2021
Portable TeX Documents (PTD): PackagingCon 2021Portable TeX Documents (PTD): PackagingCon 2021
Portable TeX Documents (PTD): PackagingCon 2021
Jonathan Fine
 
Docker and the Container Ecosystem
Docker and the Container EcosystemDocker and the Container Ecosystem
Docker and the Container Ecosystem
psconnolly
 
Running Django on Docker: a workflow and code
Running Django on Docker: a workflow and codeRunning Django on Docker: a workflow and code
Running Django on Docker: a workflow and code
Danielle Madeley
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
Balaji Rajan
 
Monitoring Containers at New Relic by Sean Kane
Monitoring Containers at New Relic by Sean Kane Monitoring Containers at New Relic by Sean Kane
Monitoring Containers at New Relic by Sean Kane
Docker, Inc.
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
Docker, Inc.
 

Mais conteúdo relacionado

Mais procurados

KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
Boden Russell
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
Balaji Rajan
 

Mais procurados (20)

Docker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing Meetup
 
Introduction to Docker and deployment and Azure
Introduction to Docker and deployment and AzureIntroduction to Docker and deployment and Azure
Introduction to Docker and deployment and Azure
 
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on DockerRunning High Performance and Fault Tolerant Elasticsearch Clusters on Docker
Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker
 
Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Django via Docker
Django via DockerDjango via Docker
Django via Docker
 
Docker
DockerDocker
Docker
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
 
Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
Build High-Performance, Scalable, Distributed Applications with Stacks of Co... Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
Build High-Performance, Scalable, Distributed Applications with Stacks of Co...
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCS
 
KVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStackKVM and docker LXC Benchmarking with OpenStack
KVM and docker LXC Benchmarking with OpenStack
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
 
Docker
DockerDocker
Docker
 
Docker.io
Docker.ioDocker.io
Docker.io
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
ABCs of docker
ABCs of dockerABCs of docker
ABCs of docker
 
Portable TeX Documents (PTD): PackagingCon 2021
Portable TeX Documents (PTD): PackagingCon 2021Portable TeX Documents (PTD): PackagingCon 2021
Portable TeX Documents (PTD): PackagingCon 2021
 
Docker and the Container Ecosystem
Docker and the Container EcosystemDocker and the Container Ecosystem
Docker and the Container Ecosystem
 
Running Django on Docker: a workflow and code
Running Django on Docker: a workflow and codeRunning Django on Docker: a workflow and code
Running Django on Docker: a workflow and code
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
 

Destaque

Monitoring Containers at New Relic by Sean Kane
Monitoring Containers at New Relic by Sean Kane Monitoring Containers at New Relic by Sean Kane
Monitoring Containers at New Relic by Sean Kane
Docker, Inc.
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
Docker, Inc.
 
Experiences with AWS immutable deploys and job processing
Experiences with AWS immutable deploys and job processingExperiences with AWS immutable deploys and job processing
Experiences with AWS immutable deploys and job processing
Docker, Inc.
 
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Docker, Inc.
 
Containerize All the (Multi-Platform) Things! by Phil Estes
Containerize All the (Multi-Platform) Things! by Phil EstesContainerize All the (Multi-Platform) Things! by Phil Estes
Containerize All the (Multi-Platform) Things! by Phil Estes
Docker, Inc.
 
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...
Docker, Inc.
 
DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...
DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...
DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...
Docker, Inc.
 
Building a Platform with Django, Docker and Salt
Building a Platform with Django, Docker and SaltBuilding a Platform with Django, Docker and Salt
Building a Platform with Django, Docker and Salt
Docker, Inc.
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
Docker, Inc.
 
Building a Smarter Application Stack
Building a Smarter Application StackBuilding a Smarter Application Stack
Building a Smarter Application Stack
Docker, Inc.
 

Destaque (20)

Monitoring Containers at New Relic by Sean Kane
Monitoring Containers at New Relic by Sean Kane Monitoring Containers at New Relic by Sean Kane
Monitoring Containers at New Relic by Sean Kane
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
 
DockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life Observations
 
Experiences with AWS immutable deploys and job processing
Experiences with AWS immutable deploys and job processingExperiences with AWS immutable deploys and job processing
Experiences with AWS immutable deploys and job processing
 
DockerCon SF 2015: How to talk to humans
DockerCon SF 2015: How to talk to humansDockerCon SF 2015: How to talk to humans
DockerCon SF 2015: How to talk to humans
 
Developer Week
Developer WeekDeveloper Week
Developer Week
 
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF Meetup
 
DockerCon EU 2015: Compute as an Interruption Forget the Servers
DockerCon EU 2015: Compute as an Interruption Forget the ServersDockerCon EU 2015: Compute as an Interruption Forget the Servers
DockerCon EU 2015: Compute as an Interruption Forget the Servers
 
Containerize All the (Multi-Platform) Things! by Phil Estes
Containerize All the (Multi-Platform) Things! by Phil EstesContainerize All the (Multi-Platform) Things! by Phil Estes
Containerize All the (Multi-Platform) Things! by Phil Estes
 
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...
DockerCon EU 2015: It's in the game: the path to micro-services at Electronic...
 
Docker Links
Docker LinksDocker Links
Docker Links
 
DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...
DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...
DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...
 
Building a Platform with Django, Docker and Salt
Building a Platform with Django, Docker and SaltBuilding a Platform with Django, Docker and Salt
Building a Platform with Django, Docker and Salt
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
 
Docker at Spotify
Docker at SpotifyDocker at Spotify
Docker at Spotify
 
OpenStack Summit
OpenStack SummitOpenStack Summit
OpenStack Summit
 
Building a Smarter Application Stack
Building a Smarter Application StackBuilding a Smarter Application Stack
Building a Smarter Application Stack
 
Securing your Containers (Meetup at Docker HQ 4/7)
Securing your Containers (Meetup at Docker HQ 4/7)Securing your Containers (Meetup at Docker HQ 4/7)
Securing your Containers (Meetup at Docker HQ 4/7)
 
Why should I care about stateful containers?
Why should I care about stateful containers?Why should I care about stateful containers?
Why should I care about stateful containers?
 

Semelhante a Docker Online Meetup #3: Docker in Production

Containers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific TrioContainers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific Trio
Jérôme Petazzoni
 

Semelhante a Docker Online Meetup #3: Docker in Production (20)

Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with Docker
 
Containers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific TrioContainers, Docker, and Microservices: the Terrific Trio
Containers, Docker, and Microservices: the Terrific Trio
 
Docker 101
Docker 101 Docker 101
Docker 101
 
Sheep it
Sheep itSheep it
Sheep it
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Introduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New YorkIntroduction to Docker at the Azure Meet-up in New York
Introduction to Docker at the Azure Meet-up in New York
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
Dockerizing a Symfony2 application
Dockerizing a Symfony2 applicationDockerizing a Symfony2 application
Dockerizing a Symfony2 application
 
Agile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: IntroductionAgile Brown Bag - Vagrant & Docker: Introduction
Agile Brown Bag - Vagrant & Docker: Introduction
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
 
Docker 2014
Docker 2014Docker 2014
Docker 2014
 
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, OrchestrationThe Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
 
Containerization Is More than the New Virtualization
Containerization Is More than the New VirtualizationContainerization Is More than the New Virtualization
Containerization Is More than the New Virtualization
 
Thotcon - All aboard the Fail Whale
Thotcon - All aboard the Fail WhaleThotcon - All aboard the Fail Whale
Thotcon - All aboard the Fail Whale
 
Docker Ecosystem on Azure
Docker Ecosystem on AzureDocker Ecosystem on Azure
Docker Ecosystem on Azure
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Continuous Integration with Docker on AWS
Continuous Integration with Docker on AWSContinuous Integration with Docker on AWS
Continuous Integration with Docker on AWS
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 

Mais de Docker, Inc.

Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 

Mais de Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Docker Online Meetup #3: Docker in Production

  • 1. Docker in production Containers, containers everywhere! Not an actual book (yet) Docker Online Meetup www.docker.com @docker
  • 2. Jérôme Petazzoni (@jpetazzo) Grumpy French DevOps - Go away or I will replace you with a very small shell script Wrote dotCloud PAAS deployment tools - EC2, LXC, Puppet, Python, Shell, ØMQ... Docker contributor - Security, networking... Runs all kinds of crazy things in Docker - Docker-in-Docker, VPN-in-Docker, KVM-in-Docker, Xorg-in-Docker...
  • 3. Outline Quick recap on Docker and its 1.0 release “Solved” problems: install, build, distribute Service discovery & general plumbing Orchestration (running many containers) Performance (measuring it & improving it) Configuration management Sysadmin chores: logging, backups, remote access
  • 4. Docker 1.0 1.1 1.1.1 1.1.2 is here! Docker 1.0 released last month for DockerCon Random pick of recent features: - pause/unpause (helps to get consistent commit/snapshot) - SELinux (for, you know, security) - network superpowers with docker run --net … More importantly: it's stamped “production-ready” - you can buy support contracts, training... (in addition to the traditional t-shirts and stickers )☺
  • 5. Installation On your dev machine: boot2docker - tiny VM (25 MB), works with all virtualization types - wrapper script (OS X only) to run docker CLI locally - future improvements: shared volumes with docker run -v … On your servers: which distro? - use something recent (Ubuntu 14.04 LTS, RHEL 7, Fedora 20...) - special distros: CoreOS, Project Atomic — new but promising
  • 6. Build with Dockerfiles FROM ubuntu:14.04 MAINTAINER Docker Education Team <education@docker.com> RUN apt-get update RUN apt-get install -y nginx RUN echo 'Hi, I am in your container' >/usr/share/nginx/html/index.html CMD [ "nginx", "-g", "daemon off;" ] EXPOSE 80
  • 7. Build with Dockerfiles Great for most purposes - caching system allows full rebuilds that are still fast Drawbacks (a.k.a. work in progress) - separate build/run environments (don't ship that 5 GB build image if you just need the 10 MB artifact) - entitlement, credentials, and other secrets (what if the build process needs to access a private repository?) Workarounds - use two Dockerfiles; keep Dockerfiles and images private
  • 8. Distribute and ship images Docker Hub - docker push, docker pull: it's magic! - public and private images - no on prem version yet; but it's one of the most requested features Run your own registry - docker run registry # “docker run -P” to expose it to LAN - defaults to local storage - can use cloud object storage (Swift, GCE, S3, Elliptics...)
  • 9. Distribute and ship images Hack around docker load/save - load/save works with plain tarballs - put them wherever you want them - https://github.com/blake-education/dogestry (much image, such docker, wow) Work in progress: pluggable transports - many things are damn good at moving diffs (git, rsync...) - can we borrow something from them?
  • 10. Service discovery There's more than one way to do it - inject everything we need through environment docker run -e DB_HOST=… -e DB_PORT=… -e … - bind-mount a configuration file into the container docker run -v /etc/docker/config/myapp.yaml:/config.yaml … - resolve everything we need through a highly-available key-value store (zookeeper, etcd, consul...) - resolve everything we need through DNS (consul, skydns, skydock, dnsmasq...)
  • 11. How do they compare? Let's grade those different methods!
  • 12. But first, let's look at links
  • 13. Docker links docker run -d --name frontdb mysqlimage docker run -d --link frontdb:sql webimage DNS entries are created in containers Environment variables are injected in 2nd container SQL_PORT=tcp://172.17.0.10:5432 SQL_PORT_5432_TCP=tcp://172.17.0.10:5432 SQL_PORT_5432_TCP_ADDR=172.17.0.10 SQL_PORT_5432_TCP_PORT=5432 SQL_PORT_5432_TCP_PROTO=tcp Doesn't work across multiple Docker hosts
  • 14. Service discovery: environment variables Easy to integrate in your code - is there any language that does not support environment variables? Easy to setup - start services, lookup ports, inject variables Even easier with links - fully automatic if using only one host Static - if a service moves, cannot update environment variables
  • 16. Service discovery: bind-mount configuration file Easy to integrate in your code - again, is there a language without a decent JSON/YAML parser? Easy to setup - just like environment variables, but generate a file Kind of dynamic - it's possible to update the configuration files while services run But not really - services have to detect the change and reload the file
  • 18. Service discovery: key-value store Harder to integrate in your code - HTTP requests instead of getenv are not too hard, but still Harder to setup - must setup the key-value store; on multiple nodes Kind of dynamic - most of those key-value stores support “watch” operation But not really - services still have to detect the change and reload the file
  • 20. Service discovery: DNS Easy to integrate in your code - in most cases, no integration is needed at all, works out of the box Harder to setup* - must setup a DNS system that you can easily update Dynamic - you can update DNS zones, no problem No “push”, but... - services won't detect a change, but if something wrong happens (and results into a disconnection) they might re-resolve and retry *Except on a single host, if you use links, since they automatically create DNS entries.
  • 24. The ambassador pattern host 1 (database) docker run -d -name frontdb mysqlimage docker run -d -link frontdb:sql wiring host 2 (web tier) docker run -d -name frontdb wiring docker run -d -link frontdb:sql nginximage
  • 25. database host web host database container I'm frontdb! web container I want to talk to frontdb! wiring container I actually talk to frontdb! wiring container I pretend I'm frontdb! docker link docker link ?
  • 26. database host web host database container I'm frontdb! web container I want to talk to frontdb! wiring container I actually talk to frontdb! wiring container I pretend I'm frontdb! docker link docker link ?
  • 27.
  • 28. database host web host database container I'm frontdb! web container I want to talk to frontdb! wiring container I actually talk to frontdb! wiring container I pretend I'm frontdb! docker link docker link UNICORNS
  • 29. “...Unicorns?” Work in progress, but you can look at: - Docksul https://github.com/progrium/docksul - Grand Ambassador https://github.com/cpuguy83/docker-grand-ambassador Or roll your own - use some highly-available key-value store (yup, they're back too!) - HAProxy, stunnel, iptables...
  • 30. Service discovery: links with ambassadors Easy to integrate in your code - it's still environment variables Easy to setup in dev, harder in production - use normal links in dev; get the big guns out only in prod Dynamic - the ambassadors can reroute traffic if necessary
  • 32. But warning: construction area (They're still work in progress)
  • 33. Orchestration There's more than one way to do it (again!) - describe your stack in files (Fig, Maestro-NG, Ansible and other CMs) - submit requests through an API (Mesos) - implement something that looks like a PAAS (Flynn, Deis, OpenShift) - the “new wave” (Kubernetes, Centurion, Helios...) - OpenStack (because OpenStack can do everything!)
  • 35. Do you (want to) use OpenStack? Yes - if you are building a PAAS, keep an eye on Solum (and consider contributing) - if you are moving VM workloads to containers, use Nova (that's probably what you already have; just enable the Docker driver) - otherwise, use Heat (and use Docker resources in your Heat templates) No - go to next slide
  • 36. Are you looking for a PAAS? Yes - CloudFoundry (Ruby, but increasing % Go) - Deis (Python, Docker-ish, runs on top of CoreOS) - Dokku (A few 100s of line of Bash!) - Flynn (Go, bleeding edge) - Tsuru (Go, more mature) - OpenShift geard (Go again!) Choose wisely (or go to the next slide) - http://blog.lusis.org/blog/2014/06/14/paas-for-realists/ “I don’t think ANY of the current private PaaS solutions are a fit right now.”
  • 37. How many Docker hosts do you have? Only one per app or environment - Fig A few (up to ~10) - Maestro-NG - your favorite CM (e.g. Ansible has a nice Docker module) A lot - Mesos - have a look at (and contribute to) the “new wave” (Centurion, Helios, Kubernetes...)
  • 38. Work in progress: libswarm Run <something> that... - exposes the Docker API - talks to real Docker hosts - spins Docker hosts up and down as needed - takes care of scheduling, plumbing, scaling... Use your normal client to talk to that <something> - it looks like a Docker host - but it's an elastic, scalable, dynamic, magic Docker host https://github.com/docker/libswarm
  • 39. Performance: measure things cgroups give us per-container... - CPU usage - memory usage (fine-grained: cache and resident set size) - I/O usage (per device, reads vs writes, in bytes and in ops) cgroups don't give us... - network metrics (have to do tricks with network namespaces) https://github.com/google/cadvisor http://jpetazzo.github.io/2013/10/08/docker-containers-metrics/
  • 40. Performance: tweak things There isn't much to tweak! - CPU: native - I/O: native on volumes (make sure that your data set etc. is on volumes) - memory: no overhead if you disable memory accounting (userful for HPC; probably not for everything else) - network: no overhead if you run with “--net host” (useful for >1 Gb/s workloads) (or if you have a high packet rate; e.g. VOIP, gaming...)
  • 41. Configuration management There is more than one way do to it (surprise!) If you don't use a CM system yet, you don't have to - If you're familiar with a CM system, you can use it to encode small- scale deployments (up to, say, 10 nodes) Using CM to manage Docker hosts makes sense But Dockerfiles will be great for apps themselves If you really want to keep using your recipes, here's how to integrate!
  • 42. Configuration management, if you want to mix VMs and containers Author a single generic Docker image with your favorite CM, “locked and loaded” When creating a container from that image, you give it its identity (certificate/node name/...) When the container starts, it contacts the server, which gives it its configuration (manifests, cookbooks...) After a moment, it will converge to desired state Downside: slow to converge; not 100% reliable
  • 43. Configuration management, if you want to mix VMs and containers Author a single generic Docker image with your favorite CM, “locked and loaded” When creating a container from that image, you give it its identity (certificate/node name/...) When the container starts, it contacts the server, which gives it its configuration (manifests, cookbooks...) After a moment, it will converge to desired state Downside: slow to converge; not 100% reliable NOT RECOMMENDED
  • 44. Configuration management, the “immutable infrastructure” way Author a single generic Docker image with your favorite CM, to be used as a base for other images Author other Docker images: FROM me/my_base_puppet_image ADD manifests/ /etc/puppet/manifests RUN puppet apply --certname db1138.dystopia.io Once the image is baked, you don't have to fry it (i.e. it's ready to run without extra steps) Downside: build new image to make a change (can be seen as an advantage)
  • 45. Configuration management, the “immutable infrastructure” way Author a single generic Docker image with your favorite CM, to be used as a base for other images Author other Docker images: FROM me/my_base_puppet_image ADD manifests/ /etc/puppet/manifests RUN puppet apply --certname db1138.dystopia.io Once the image is baked, you don't have to fry it (i.e. it's ready to run without extra steps) Downside: build new image to make a change (can be seen as an advantage) SLIGHTLY BETTER (BUT STILL KIND OF MEH)
  • 46. Sysadmin chores Backups Logging Remote access We all know that those are just a small sample of the many boring, necessary evil deeds that sysadmins must commit once in a while.
  • 47. File-level backups Use volumes docker run --name mysqldata -v /var/lib/mysql busybox true docker run --name mysql --volumes-from mysqldata mysql docker run --rm --volumes-from mysqldata mysqlbackup tar -cJf- /var/lib/mysql | stream-it-to-the-cloud.py Of course, you can use anything fancier than tar (e.g. rsync, tarsnap...)
  • 48. Data-level backups Use links docker run --name mysql mysql docker run --rm --link mysql:db mysqlbackup mysqldump --all-databases | stream-it-to-the-cloud.py Can be combined with volumes - put the SQL dump on a volume - then backup that volume with file-level tools (previous slide)
  • 49. Logging for legacy apps Legacy = let me write to eleventy jillion arbitrary files in /var/lib/tomcat/logs! Solution: volumes docker run --name logs -v /var/lib/tomcat/logs busybox true docker run --name tomcat --volumes-from logs my_tomcat_image - Inspect logs: docker run --rm --volumes-from logs ubuntu bash - Ship logs to something else: docker run --name logshipper --volumes-from logs sawmill
  • 50. Logging for dockerized apps Dockerized = I only write to stdout Solution: Docker CLI/API docker run --name tomcat dockerized_tomcat docker logs tomcat docker run -v /var/run/docker.sock:/var/run/docker.sock logshipper docker logs tomcat | pipestash ... Caveat: logs are not rotated (but PR is on the way)
  • 51. Remote access If you own the host: SSH to host + nsenter https://github.com/jpetazzo/nsenter If you don't own the host: SSH in the container https://github.com/phusion/baseimage-docker More on that topic (“do I need SSHD in containers?”): http://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/ In the future: - run separate SSH container - log into that - “hop” onto the target container
  • 52. Docker in production Containers, containers everywhere! Not an actual book (yet) Thank you! Questions? www.docker.com @docker