SlideShare uma empresa Scribd logo

Take care of hundred containers and not go crazy

Honza Horák
Honza Horák

This document summarizes Honza Horak's presentation on strategies for managing a large portfolio of container images. It discusses sharing sources and scripts across versions to reduce duplication and simplify maintenance. Templating approaches are presented to generate downstream variants from a single upstream source. Maintaining common packages and scripts in intermediate layers is suggested to facilitate reuse. The use of automated tests for container images on each change is also advocated to prevent regressions.

Engenharia
1 de 39
Baixar para ler offline
Take Care of Hundred Containers ...and Not Go Crazy Honza Horak DevConf.cz, Brno January 26th, 2018
I had a dream... 2 ...like every second boy in Czechia that time
I had a dream... 3 ...like every second boy in Czechia that time
ABOUT /me 4 Honza Horak Location ● Brno Background ● Databases, Python, Ruby ● Containers ○ Red Hat Software Collections ○ CentOS ○ Fedora
The final goal 5 (when developing container images) #> docker run -d -e MYSQL_ROOT_PASSWORD=pass mariadb-102 … is to make them work nicely in ...
The final goal 6 (when developing container images) #> docker run -d -e MYSQL_ROOT_PASSWORD=pass mariadb-102 #> oc new-app mariadb-102 -e MYSQL_ROOT_PASSWORD=pass #> oc process -f mariadb.json | oc create -f - … is to make them work nicely in ...
DEVELOP != MAINTAIN
Size of the portfolio matters 8 RHSCL based container images ● MariaDB ● PostgreSQL ● MySQL ● MongoDB ● Python ● Ruby ● NodeJS ● PHP ● Perl ● Apache ● Nginx ● Varnish ● … rhscl/mariadb-100-rhel7 f26/mariadb centos/mariadb-100-centos7 f27/mariadb centos/mariadb-101-centos7 centos/mariadb-102-centos7 rhscl/mariadb-101-rhel7 rhscl/mariadb-102-rhel7
PORTFOLIO GROWS QUICKLY.
10
EVERYTHING WILL BE FINE, IF...
Sources for container image 12 Downstream (e.g. Fedora dist-git component) Dockerfile README.md root/etc/my.cnf root/usr/bin/container-entrypoint root/usr/bin/run-mysqld root/usr/bin/run-mysqld-master root/usr/bin/run-mysqld-slave root/usr/libexec/container-setup root/usr/share/container-scripts/mysql/common.sh root/usr/share/container-scripts/mysql/helpers.sh root/usr/share/container-scripts/mysql/my-base.cnf.template root/usr/share/container-scripts/mysql/my-master.cnf.template root/usr/share/container-scripts/mysql/my-paas.cnf.template test/run
Upstream vs. Downstream 13 1 upstream repository -> 8 downstream repositories ● MariaDB ● PostgreSQL ● MySQL ● MongoDB ● Python ● Ruby ● NodeJS ● PHP ● Perl ● Apache ● Nginx ● Varnish ● … rhscl/mariadb-100-rhel7 f26/mariadb centos/mariadb-100-centos7 f27/mariadb centos/mariadb-101-centos7 centos/mariadb-102-centos7 rhscl/mariadb-101-rhel7 rhscl/mariadb-102-rhel7
Sources for container image 14 Upstream (http://github.com/sclorg/mariadb-container) 10.0/ 10.1/ 10.2/ |- /Dockerfile |- /Dockerfile.rhel7 |- /Dockerfile.fedora |- /README.md |- /root/etc/my.cnf |- /root/usr/bin/container-entrypoint |- /root/usr/bin/run-mysqld |- /tests/run |- /tests/run-openshift examples/ |- /mariadb-ephemeral.json ...
Sources for container image 15 ...tend to duplicate content. 10.1/ |- /Dockerfile |- /Dockerfile.rhel7 |- /Dockerfile.fedora |- /root/etc/my.cnf |- /root/usr/bin/container-entrypoint |- ... 10.2/ |- /Dockerfile |- /Dockerfile.rhel7 |- /Dockerfile.fedora |- /root/etc/my.cnf |- /root/usr/bin/container-entrypoint |- ...
SHARE SOURCES.
SAME SOURCES => SAME USER EXPERIENCE.
Common scripts for more versions 18 Click to add subtitle ... if [ -v MYSQL_ROOT_PASSWORD ]; then log_info "Setting password for MySQL root user ..." if [ "$MYSQL_VERSION" > "10.0" ] ; then mysql $mysql_flags <<EOSQL CREATE USER IF NOT EXISTS 'root'@'%'; EOSQL fi mysql $mysql_flags <<EOSQL GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' WITH GRANT OPTION; EOSQL Fi ...
Differences between versions 19 Click to add subtitle $> diff -up 10.1/Dockerfile 10.2/Dockerfile ... RUN yum install -y centos-release-scl-rh && yum-config-manager --enable centos-sclo-rh-testing && - INSTALL_PKGS="rsync tar shadow-utils rh-mariadb101" && + INSTALL_PKGS="rsync tar shadow-utils rh-mariadb102" && yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && rpm -V $INSTALL_PKGS && yum clean all ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/mysql - MYSQL_PREFIX=/opt/rh/rh-mariadb101/root/usr - ENABLED_COLLECTIONS=rh-mariadb101 + MYSQL_PREFIX=/opt/rh/rh-mariadb102/root/usr + ENABLED_COLLECTIONS=rh-mariadb102 ...
SAME SCRIPTS FOR ALL VERSIONS. DIFFERENCES IN DOCKERFILES ONLY.
INSERT DESIGNATOR, IF NEEDED Let’s share some files 21 By putting them one dir up. Duplicate only different files. 10.2/ |- /Dockerfile |- /Dockerfile.rhel7 |- /README.md |- /root/etc/my.cnf |- /root/usr/bin/run-mysqld |- /tests/run 10.2/ |- /Dockerfile |- /Dockerfile.rhel7 |- /README.md root-common/ |- /etc/my.cnf |- /usr/bin/run-mysqld tests/ |- /run
INSERT DESIGNATOR, IF NEEDED Using shared files for docker build 22 While respecting docker build context dir. Dockerfile does not need to be in root of the docker build context. $> cd 10.2 $> cat Dockerfile ... COPY root/ / ... #> docker build . $> cd 10.2 $> cat Dockerfile ... COPY 10.2/root/ / ... #> docker build ..
Downstream structure 23 e.g. Fedora dist-git component needs to include a symlink 10.2 -> . Dockerfile README.md root/etc/my.cnf root/usr/bin/container-entrypoint root/usr/bin/run-mysqld root/usr/bin/run-mysqld-master root/usr/bin/run-mysqld-slave root/usr/libexec/container-setup root/usr/share/container-scripts/mysql/common.sh root/usr/share/container-scripts/mysql/helpers.sh root/usr/share/container-scripts/mysql/my-base.cnf.template root/usr/share/container-scripts/mysql/my-master.cnf.template root/usr/share/container-scripts/mysql/my-paas.cnf.template test/run
TEMPLATING.
Use one copy of everything in upstream 25 And generate specific variant for downstream only. -FROM rhel-7 +FROM {{ config.docker.from }} -ENV POSTGRESQL_VERSION=9.6 -RUN yum install rh-postgresql96 && +ENV POSTGRESQL_VERSION={{ spec.version }} +RUN yum install {{ spec.scl }} && yum clean all
INSERT DESIGNATOR, IF NEEDED Distgen 26 A simple make+bash+python based templating for container sources. 9.5/ |- /Dockerfile |- /Dockerfile.rhel7 |- /README.md 9.6/ |- /Dockerfile |- /Dockerfile.rhel7 |- /README.md ... src/ |- /Dockerfile |- /README.md ... |- rhel-7-x86_64.yaml |- centos-7-x86_64.yaml |- fedora-27-x86_64.yaml WIP pull-requests: https://github.com/sclorg/postgresql-container/pull/203 https://github.com/sclorg/container-common-scripts/pull/38
Distgen 27 Simple templating system Advantates ● One copy of everything ● More precise README.md ● Scripts without too many IFs Disadvantages ● Sources are not anymore usable directly as a documentation ● Contributors are required to use some specific workflow ○ make build ● Generated output not seen immediately
GITHUB SUBMODULES.
GitHub sub-modules work for “libraries” 29 And not bite... $> git ls-files container-common-scripts common/ common/build.sh common/clean.sh common/common.mk common/.git common/LICENSE common/Makefile common/README.md common/tag.sh common/test-lib-openshift.sh common/test-lib.sh common/test.sh
SHARE PACKAGES AND SCRIPTS IN AN INTERMEDIATE LAYER.
Sharing common RPMs and scripts 31 RHEL Server Base An intermediate layer Common scripts Another intermediate layer Common devel libraries Python runtime Ruby runtime MariaDB server Example of intermediate container images Django App for XYZ
Intermediate Container Images 32 Advantages Container layers help us to share and maintain on one place ● RPMs ○ various devel libraries ○ basic tools ○ common dependencies ● Scripts ○ fix-permissions ○ cgroup-limits ○ rpm-file-permissions RHEL Server Base Basic tools: findutils, unzip, fix-permissions, cgroup-limits, … Common dependencies: npm, common devel libraries Python runtime: pip, S2i scripts (assemble, run)
Intermediate Container Images 33 Disadvantages Maintenance of more layers require: ● Building in right order ○ OSBS ○ Chain Rebuilds ● Tests whether we’re using correct base image RHEL Server Base Basic tools: findutils, unzip, fix-permissions, cgroup-limits, … Common dependencies: npm, common devel libraries Python runtime: pip, S2i scripts (assemble, run)
Maintaining package & container image 34 How often the build is needed. CONTAINER IMAGE MAINTAINER Bundling by design. New build on parent change. New build on RPM change. New build on container source change. PACKAGE MAINTAINER No bundling. New build for each fix.
DOES IT STILL WORK?
AUTOMATIC TESTS FOR EVERY CONTAINER IMAGE.
Tests for containers 37 What to test ● Focus on container API When to test ● For every pull-request ● After each commit Environment: ● Automation everywhere ● Quick feedback via docker run … ● OpenShift quickstart templates via oc cluster up MTF workshop today at 2pm.
AVOID DUPLICATION. USE AUTOMATED TESTS.
THANK YOU plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews

Recomendados

Inside Sqale's Backend at Sapporo Ruby Kaigi 2012
Inside Sqale's Backend at Sapporo Ruby Kaigi 2012Inside Sqale's Backend at Sapporo Ruby Kaigi 2012
Inside Sqale's Backend at Sapporo Ruby Kaigi 2012
Gosuke Miyashita
 
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
Омские ИТ-субботники
 
What Have Syscalls Done for you Lately?
What Have Syscalls Done for you Lately?What Have Syscalls Done for you Lately?
What Have Syscalls Done for you Lately?
Docker, Inc.
 
Automating Mendix application deployments with Nix
Automating Mendix application deployments with NixAutomating Mendix application deployments with Nix
Automating Mendix application deployments with Nix
Sander van der Burg
 
Embedded Linux Odp
Embedded Linux OdpEmbedded Linux Odp
Embedded Linux Odp
ghessler
 
Super powered Drupal development with docker
Super powered Drupal development with dockerSuper powered Drupal development with docker
Super powered Drupal development with docker
Maciej Lukianski
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?
Marko Bevc
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
Ted Jung
 

Recomendados

Inside Sqale's Backend at Sapporo Ruby Kaigi 2012
Inside Sqale's Backend at Sapporo Ruby Kaigi 2012Inside Sqale's Backend at Sapporo Ruby Kaigi 2012
Inside Sqale's Backend at Sapporo Ruby Kaigi 2012
Gosuke Miyashita
 
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
2017-03-11 02 Денис Нелюбин. Docker & Ansible - лучшие друзья DevOps
Омские ИТ-субботники
 
What Have Syscalls Done for you Lately?
What Have Syscalls Done for you Lately?What Have Syscalls Done for you Lately?
What Have Syscalls Done for you Lately?
Docker, Inc.
 
Automating Mendix application deployments with Nix
Automating Mendix application deployments with NixAutomating Mendix application deployments with Nix
Automating Mendix application deployments with Nix
Sander van der Burg
 
Embedded Linux Odp
Embedded Linux OdpEmbedded Linux Odp
Embedded Linux Odp
ghessler
 
Super powered Drupal development with docker
Super powered Drupal development with dockerSuper powered Drupal development with docker
Super powered Drupal development with docker
Maciej Lukianski
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?
Marko Bevc
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
Ted Jung
 
Docker slides
Docker slidesDocker slides
Docker slides
Ayla Khan
 
COSCUP 2016 - ROS + Gazebo機器人模擬器工作坊
COSCUP 2016 - ROS + Gazebo機器人模擬器工作坊COSCUP 2016 - ROS + Gazebo機器人模擬器工作坊
COSCUP 2016 - ROS + Gazebo機器人模擬器工作坊
Po-Jen Lai
 
Intro django
Intro djangoIntro django
Intro django
Alexander Lyabah
 
Inside Sqale's Backend at RubyConf Taiwan 2012
Inside Sqale's Backend at RubyConf Taiwan 2012Inside Sqale's Backend at RubyConf Taiwan 2012
Inside Sqale's Backend at RubyConf Taiwan 2012
Gosuke Miyashita
 
Inside Sqale's Backend at YAPC::Asia Tokyo 2012
Inside Sqale's Backend at YAPC::Asia Tokyo 2012Inside Sqale's Backend at YAPC::Asia Tokyo 2012
Inside Sqale's Backend at YAPC::Asia Tokyo 2012
Gosuke Miyashita
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
lutter
 
Using Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutionsUsing Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutions
Sander van der Burg
 
PHP Development Tools
PHP Development ToolsPHP Development Tools
PHP Development Tools
Antony Abramchenko
 
Programming in Linux Environment
Programming in Linux EnvironmentProgramming in Linux Environment
Programming in Linux Environment
Dongho Kang
 
JDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin Stożek
JDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin StożekJDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin Stożek
JDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin Stożek
PROIDEA
 
Extend Redis with Modules
Extend Redis with ModulesExtend Redis with Modules
Extend Redis with Modules
Itamar Haber
 
Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)
Susan Potter
 
nix-processmgmt: An experimental Nix-based process manager-agnostic framework
nix-processmgmt: An experimental Nix-based process manager-agnostic frameworknix-processmgmt: An experimental Nix-based process manager-agnostic framework
nix-processmgmt: An experimental Nix-based process manager-agnostic framework
Sander van der Burg
 
Power to the People: Redis Lua Scripts
Power to the People: Redis Lua ScriptsPower to the People: Redis Lua Scripts
Power to the People: Redis Lua Scripts
Itamar Haber
 
E bpf and dynamic tracing for mariadb db as (mariadb day during fosdem 2020)
E bpf and dynamic tracing for mariadb db as (mariadb day during fosdem 2020)E bpf and dynamic tracing for mariadb db as (mariadb day during fosdem 2020)
E bpf and dynamic tracing for mariadb db as (mariadb day during fosdem 2020)
Valeriy Kravchuk
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scripting
Tony Fabeen
 
CoreOS + Kubernetes @ All Things Open 2015
CoreOS + Kubernetes @ All Things Open 2015CoreOS + Kubernetes @ All Things Open 2015
CoreOS + Kubernetes @ All Things Open 2015
Brandon Philips
 
Docker.io
Docker.ioDocker.io
Docker.io
Ladislav Prskavec
 
CoreOS: Control Your Fleet
CoreOS: Control Your FleetCoreOS: Control Your Fleet
CoreOS: Control Your Fleet
Matthew Jones
 
Dockerizing Symfony Applications - Symfony Live Berlin 2014
Dockerizing Symfony Applications - Symfony Live Berlin 2014Dockerizing Symfony Applications - Symfony Live Berlin 2014
Dockerizing Symfony Applications - Symfony Live Berlin 2014
D
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
dotCloud
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
Leo Lorieri
 

Mais conteúdo relacionado

Mais procurados

Inside Sqale's Backend at RubyConf Taiwan 2012
Inside Sqale's Backend at RubyConf Taiwan 2012Inside Sqale's Backend at RubyConf Taiwan 2012
Inside Sqale's Backend at RubyConf Taiwan 2012
Gosuke Miyashita
 
Inside Sqale's Backend at YAPC::Asia Tokyo 2012
Inside Sqale's Backend at YAPC::Asia Tokyo 2012Inside Sqale's Backend at YAPC::Asia Tokyo 2012
Inside Sqale's Backend at YAPC::Asia Tokyo 2012
Gosuke Miyashita
 
JDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin Stożek
JDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin StożekJDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin Stożek
JDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin Stożek
PROIDEA
 
Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)
Susan Potter
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scripting
Tony Fabeen
 
Dockerizing Symfony Applications - Symfony Live Berlin 2014
Dockerizing Symfony Applications - Symfony Live Berlin 2014Dockerizing Symfony Applications - Symfony Live Berlin 2014
Dockerizing Symfony Applications - Symfony Live Berlin 2014
D
 

Mais procurados (20)

Docker slides
Docker slidesDocker slides
Docker slides
 
COSCUP 2016 - ROS + Gazebo機器人模擬器工作坊
COSCUP 2016 - ROS + Gazebo機器人模擬器工作坊COSCUP 2016 - ROS + Gazebo機器人模擬器工作坊
COSCUP 2016 - ROS + Gazebo機器人模擬器工作坊
 
Intro django
Intro djangoIntro django
Intro django
 
Inside Sqale's Backend at RubyConf Taiwan 2012
Inside Sqale's Backend at RubyConf Taiwan 2012Inside Sqale's Backend at RubyConf Taiwan 2012
Inside Sqale's Backend at RubyConf Taiwan 2012
 
Inside Sqale's Backend at YAPC::Asia Tokyo 2012
Inside Sqale's Backend at YAPC::Asia Tokyo 2012Inside Sqale's Backend at YAPC::Asia Tokyo 2012
Inside Sqale's Backend at YAPC::Asia Tokyo 2012
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
 
Using Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutionsUsing Nix and Docker as automated deployment solutions
Using Nix and Docker as automated deployment solutions
 
PHP Development Tools
PHP Development ToolsPHP Development Tools
PHP Development Tools
 
Programming in Linux Environment
Programming in Linux EnvironmentProgramming in Linux Environment
Programming in Linux Environment
 
JDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin Stożek
JDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin StożekJDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin Stożek
JDO 2019: Kubernetes logging techniques with a touch of LogSense - Marcin Stożek
 
Extend Redis with Modules
Extend Redis with ModulesExtend Redis with Modules
Extend Redis with Modules
 
Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)Functional Operations (Functional Programming at Comcast Labs Connect)
Functional Operations (Functional Programming at Comcast Labs Connect)
 
nix-processmgmt: An experimental Nix-based process manager-agnostic framework
nix-processmgmt: An experimental Nix-based process manager-agnostic frameworknix-processmgmt: An experimental Nix-based process manager-agnostic framework
nix-processmgmt: An experimental Nix-based process manager-agnostic framework
 
Power to the People: Redis Lua Scripts
Power to the People: Redis Lua ScriptsPower to the People: Redis Lua Scripts
Power to the People: Redis Lua Scripts
 
E bpf and dynamic tracing for mariadb db as (mariadb day during fosdem 2020)
E bpf and dynamic tracing for mariadb db as (mariadb day during fosdem 2020)E bpf and dynamic tracing for mariadb db as (mariadb day during fosdem 2020)
E bpf and dynamic tracing for mariadb db as (mariadb day during fosdem 2020)
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scripting
 
CoreOS + Kubernetes @ All Things Open 2015
CoreOS + Kubernetes @ All Things Open 2015CoreOS + Kubernetes @ All Things Open 2015
CoreOS + Kubernetes @ All Things Open 2015
 
Docker.io
Docker.ioDocker.io
Docker.io
 
CoreOS: Control Your Fleet
CoreOS: Control Your FleetCoreOS: Control Your Fleet
CoreOS: Control Your Fleet
 
Dockerizing Symfony Applications - Symfony Live Berlin 2014
Dockerizing Symfony Applications - Symfony Live Berlin 2014Dockerizing Symfony Applications - Symfony Live Berlin 2014
Dockerizing Symfony Applications - Symfony Live Berlin 2014
 

Semelhante a Take care of hundred containers and not go crazy

Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Docker, Inc.
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
Docker, Inc.
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
Docker, Inc.
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo..."Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
Yandex
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Jérôme Petazzoni
 

Semelhante a Take care of hundred containers and not go crazy (20)

Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
 
Kubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with PodmanKubernetes Story - Day 1: Build and Manage Containers with Podman
Kubernetes Story - Day 1: Build and Manage Containers with Podman
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo..."Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
 
Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortals
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructure
 
Developing with-devstack
Developing with-devstackDeveloping with-devstack
Developing with-devstack
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionIntroduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
 
Docker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12xDocker and-containers-for-development-and-deployment-scale12x
Docker and-containers-for-development-and-deployment-scale12x
 
The internals and the latest trends of container runtimes
The internals and the latest trends of container runtimesThe internals and the latest trends of container runtimes
The internals and the latest trends of container runtimes
 
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of...
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)Introduction to Docker (as presented at December 2013 Global Hackathon)
Introduction to Docker (as presented at December 2013 Global Hackathon)
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
 

Último

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 

Último (20)

Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf22-prompt engineering noted slide shown.pdf
22-prompt engineering noted slide shown.pdf
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 

Take care of hundred containers and not go crazy

  • 1. Take Care of Hundred Containers ...and Not Go Crazy Honza Horak DevConf.cz, Brno January 26th, 2018
  • 2. I had a dream... 2 ...like every second boy in Czechia that time
  • 3. I had a dream... 3 ...like every second boy in Czechia that time
  • 4. ABOUT /me 4 Honza Horak Location ● Brno Background ● Databases, Python, Ruby ● Containers ○ Red Hat Software Collections ○ CentOS ○ Fedora
  • 5. The final goal 5 (when developing container images) #> docker run -d -e MYSQL_ROOT_PASSWORD=pass mariadb-102 … is to make them work nicely in ...
  • 6. The final goal 6 (when developing container images) #> docker run -d -e MYSQL_ROOT_PASSWORD=pass mariadb-102 #> oc new-app mariadb-102 -e MYSQL_ROOT_PASSWORD=pass #> oc process -f mariadb.json | oc create -f - … is to make them work nicely in ...
  • 8. Size of the portfolio matters 8 RHSCL based container images ● MariaDB ● PostgreSQL ● MySQL ● MongoDB ● Python ● Ruby ● NodeJS ● PHP ● Perl ● Apache ● Nginx ● Varnish ● … rhscl/mariadb-100-rhel7 f26/mariadb centos/mariadb-100-centos7 f27/mariadb centos/mariadb-101-centos7 centos/mariadb-102-centos7 rhscl/mariadb-101-rhel7 rhscl/mariadb-102-rhel7
  • 10. 10
  • 11. EVERYTHING WILL BE FINE, IF...
  • 12. Sources for container image 12 Downstream (e.g. Fedora dist-git component) Dockerfile README.md root/etc/my.cnf root/usr/bin/container-entrypoint root/usr/bin/run-mysqld root/usr/bin/run-mysqld-master root/usr/bin/run-mysqld-slave root/usr/libexec/container-setup root/usr/share/container-scripts/mysql/common.sh root/usr/share/container-scripts/mysql/helpers.sh root/usr/share/container-scripts/mysql/my-base.cnf.template root/usr/share/container-scripts/mysql/my-master.cnf.template root/usr/share/container-scripts/mysql/my-paas.cnf.template test/run
  • 13. Upstream vs. Downstream 13 1 upstream repository -> 8 downstream repositories ● MariaDB ● PostgreSQL ● MySQL ● MongoDB ● Python ● Ruby ● NodeJS ● PHP ● Perl ● Apache ● Nginx ● Varnish ● … rhscl/mariadb-100-rhel7 f26/mariadb centos/mariadb-100-centos7 f27/mariadb centos/mariadb-101-centos7 centos/mariadb-102-centos7 rhscl/mariadb-101-rhel7 rhscl/mariadb-102-rhel7
  • 14. Sources for container image 14 Upstream (http://github.com/sclorg/mariadb-container) 10.0/ 10.1/ 10.2/ |- /Dockerfile |- /Dockerfile.rhel7 |- /Dockerfile.fedora |- /README.md |- /root/etc/my.cnf |- /root/usr/bin/container-entrypoint |- /root/usr/bin/run-mysqld |- /tests/run |- /tests/run-openshift examples/ |- /mariadb-ephemeral.json ...
  • 15. Sources for container image 15 ...tend to duplicate content. 10.1/ |- /Dockerfile |- /Dockerfile.rhel7 |- /Dockerfile.fedora |- /root/etc/my.cnf |- /root/usr/bin/container-entrypoint |- ... 10.2/ |- /Dockerfile |- /Dockerfile.rhel7 |- /Dockerfile.fedora |- /root/etc/my.cnf |- /root/usr/bin/container-entrypoint |- ...
  • 17. SAME SOURCES => SAME USER EXPERIENCE.
  • 18. Common scripts for more versions 18 Click to add subtitle ... if [ -v MYSQL_ROOT_PASSWORD ]; then log_info "Setting password for MySQL root user ..." if [ "$MYSQL_VERSION" > "10.0" ] ; then mysql $mysql_flags <<EOSQL CREATE USER IF NOT EXISTS 'root'@'%'; EOSQL fi mysql $mysql_flags <<EOSQL GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' WITH GRANT OPTION; EOSQL Fi ...
  • 19. Differences between versions 19 Click to add subtitle $> diff -up 10.1/Dockerfile 10.2/Dockerfile ... RUN yum install -y centos-release-scl-rh && yum-config-manager --enable centos-sclo-rh-testing && - INSTALL_PKGS="rsync tar shadow-utils rh-mariadb101" && + INSTALL_PKGS="rsync tar shadow-utils rh-mariadb102" && yum install -y --setopt=tsflags=nodocs $INSTALL_PKGS && rpm -V $INSTALL_PKGS && yum clean all ENV CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/mysql - MYSQL_PREFIX=/opt/rh/rh-mariadb101/root/usr - ENABLED_COLLECTIONS=rh-mariadb101 + MYSQL_PREFIX=/opt/rh/rh-mariadb102/root/usr + ENABLED_COLLECTIONS=rh-mariadb102 ...
  • 20. SAME SCRIPTS FOR ALL VERSIONS. DIFFERENCES IN DOCKERFILES ONLY.
  • 21. INSERT DESIGNATOR, IF NEEDED Let’s share some files 21 By putting them one dir up. Duplicate only different files. 10.2/ |- /Dockerfile |- /Dockerfile.rhel7 |- /README.md |- /root/etc/my.cnf |- /root/usr/bin/run-mysqld |- /tests/run 10.2/ |- /Dockerfile |- /Dockerfile.rhel7 |- /README.md root-common/ |- /etc/my.cnf |- /usr/bin/run-mysqld tests/ |- /run
  • 22. INSERT DESIGNATOR, IF NEEDED Using shared files for docker build 22 While respecting docker build context dir. Dockerfile does not need to be in root of the docker build context. $> cd 10.2 $> cat Dockerfile ... COPY root/ / ... #> docker build . $> cd 10.2 $> cat Dockerfile ... COPY 10.2/root/ / ... #> docker build ..
  • 23. Downstream structure 23 e.g. Fedora dist-git component needs to include a symlink 10.2 -> . Dockerfile README.md root/etc/my.cnf root/usr/bin/container-entrypoint root/usr/bin/run-mysqld root/usr/bin/run-mysqld-master root/usr/bin/run-mysqld-slave root/usr/libexec/container-setup root/usr/share/container-scripts/mysql/common.sh root/usr/share/container-scripts/mysql/helpers.sh root/usr/share/container-scripts/mysql/my-base.cnf.template root/usr/share/container-scripts/mysql/my-master.cnf.template root/usr/share/container-scripts/mysql/my-paas.cnf.template test/run
  • 25. Use one copy of everything in upstream 25 And generate specific variant for downstream only. -FROM rhel-7 +FROM {{ config.docker.from }} -ENV POSTGRESQL_VERSION=9.6 -RUN yum install rh-postgresql96 && +ENV POSTGRESQL_VERSION={{ spec.version }} +RUN yum install {{ spec.scl }} && yum clean all
  • 26. INSERT DESIGNATOR, IF NEEDED Distgen 26 A simple make+bash+python based templating for container sources. 9.5/ |- /Dockerfile |- /Dockerfile.rhel7 |- /README.md 9.6/ |- /Dockerfile |- /Dockerfile.rhel7 |- /README.md ... src/ |- /Dockerfile |- /README.md ... |- rhel-7-x86_64.yaml |- centos-7-x86_64.yaml |- fedora-27-x86_64.yaml WIP pull-requests: https://github.com/sclorg/postgresql-container/pull/203 https://github.com/sclorg/container-common-scripts/pull/38
  • 27. Distgen 27 Simple templating system Advantates ● One copy of everything ● More precise README.md ● Scripts without too many IFs Disadvantages ● Sources are not anymore usable directly as a documentation ● Contributors are required to use some specific workflow ○ make build ● Generated output not seen immediately
  • 29. GitHub sub-modules work for “libraries” 29 And not bite... $> git ls-files container-common-scripts common/ common/build.sh common/clean.sh common/common.mk common/.git common/LICENSE common/Makefile common/README.md common/tag.sh common/test-lib-openshift.sh common/test-lib.sh common/test.sh
  • 30. SHARE PACKAGES AND SCRIPTS IN AN INTERMEDIATE LAYER.
  • 31. Sharing common RPMs and scripts 31 RHEL Server Base An intermediate layer Common scripts Another intermediate layer Common devel libraries Python runtime Ruby runtime MariaDB server Example of intermediate container images Django App for XYZ
  • 32. Intermediate Container Images 32 Advantages Container layers help us to share and maintain on one place ● RPMs ○ various devel libraries ○ basic tools ○ common dependencies ● Scripts ○ fix-permissions ○ cgroup-limits ○ rpm-file-permissions RHEL Server Base Basic tools: findutils, unzip, fix-permissions, cgroup-limits, … Common dependencies: npm, common devel libraries Python runtime: pip, S2i scripts (assemble, run)
  • 33. Intermediate Container Images 33 Disadvantages Maintenance of more layers require: ● Building in right order ○ OSBS ○ Chain Rebuilds ● Tests whether we’re using correct base image RHEL Server Base Basic tools: findutils, unzip, fix-permissions, cgroup-limits, … Common dependencies: npm, common devel libraries Python runtime: pip, S2i scripts (assemble, run)
  • 34. Maintaining package & container image 34 How often the build is needed. CONTAINER IMAGE MAINTAINER Bundling by design. New build on parent change. New build on RPM change. New build on container source change. PACKAGE MAINTAINER No bundling. New build for each fix.
  • 35. DOES IT STILL WORK?
  • 36. AUTOMATIC TESTS FOR EVERY CONTAINER IMAGE.
  • 37. Tests for containers 37 What to test ● Focus on container API When to test ● For every pull-request ● After each commit Environment: ● Automation everywhere ● Quick feedback via docker run … ● OpenShift quickstart templates via oc cluster up MTF workshop today at 2pm.