Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Docker From Scratch

Giacomo Vacca
Giacomo Vacca

Docker provides a new, powerful way of prototyping, testing and deploying applications on cloud-based infrastructures. In this seminar we delve into the concept of Docker containers without requiring any previous knowledge from the audience.

1 of 44
Download to read offline
Docker from Scratch Giacomo Vacca, Founder at RTCSoft, gv@rtcsoft.net
About me • 15 years “in the trenches cubicles” • Developer of RTC (VoIP, IM, WebRTC) solutions • Often dealing with DevOps topics • Founder of RTCSoft in 2015 @giavac https://github.com/giavac gv@rtcsoft.net
Objective of this presentation
Docker usage scenarios • Run services • Deployment mechanism • Prototyping • Testing • Continuous Integration/Delivery
What’s in a name?
Previously on this show http://www.slideshare.net/GiacomoVacca/docker-and-puppet-for-continuous-integration
What is Docker, really? • An Open-Source (Go) framework to manage “container virtualisation” • Docker isolates multiple user spaces (file systems) inside the same host • The user space instances are called “Containers” • They give you the illusion of being inside a VM • Think about “execution environments” or “sandboxes” • No need for an hypervisor (and so very quick to launch) • Requires x64 Linux and kernel 3.8+
Ingredients vs Cake
Virtual Machines vs Docker Source: https://www.docker.com/what-docker
What Docker is not? • A programming language • An OS • A Virtual Machine • An image in the traditional hypervisor-based Virtual Machine concept
Where is Docker used? • Uber, eBay, BBC News, shopify, ING • and many others… • Used by Google Cloud (with the Container Engine + Kubernetes) source: https://www.docker.com/customers
Who should know about Docker? • Developers • Yes, even mobile developers • Sysadmins • “DevOps” people • Architects/CTO/COO (want to save some money?) • You (probably)
Glossary • Docker, aka Docker Engine: the daemon managing docker images and containers (using namespaces and cgroups). It runs on the (Linux-based) Host. • Docker client: the binary interacting with the Docker Engine. • Docker Image: a filesystem (read-only template) used to create a Container (think “the binary”) • Docker Container: a running image providing a service (think “the process”) • Host: the computer running the Docker Engine • Docker Registry: a private or public (Docker Hub) collection of Docker Images • Docker Machine: provision hosts and install Docker on them • Docker Compose: create and manage multi-container architectures • Docker Swarm: orchestrating tool to provision and schedule containers
Architecture From https://docs.docker.com
The Easiest Thing To Do… • $ docker run -it BASEIMAGE /bin/bash • (will pull the BASEIMAGE layers) • $ docker run -i -t ubuntu /bin/bash • Do something inside the container (install packages, configure app): magic! • $ docker commit CONTAINERID NEWIMAGELABEL • Check created image with ‘docker images’
The layers From https://docs.docker.com
Docker and the Kernel • Containers interact with the kernel through system calls • There are no parts of the kernel or kernel modules inside a container • A container cannot use a different kernel (version) than the host • The same kernel is shared by all the containers
Workflow • Build an image (Dockerfile + base images pulled automatically) • docker build -t gvacca/nginx . • Store image in a registry (public, e.g. Dockerhub, or private) • docker push gvacca/nginx • Pull image on the target host • docker pull gvacca/nginx • Run container on the target host • docker run -it gvacca/nginx
Dockerfiles • Files that contain the “recipe” to build an image • Created and stored as any other source code • Help defining and documenting the building process • Define layer after layer the final image
Dockerfile - example FROM ubuntu:latest MAINTAINER Giacomo Vacca <gv@rtcsoft.net> RUN apt-get update # Install nginx RUN apt-get -y -q install nginx # Prepare target dir for website (Must match global.conf) RUN mkdir -p /var/www/html # Configure nginx COPY nginx/nginx.conf /etc/nginx/nginx.conf COPY nginx/global.conf /etc/nginx/conf.d/global.conf EXPOSE 8080 CMD [ "/usr/sbin/nginx" ]
Build an Image docker build -t USER/LABEL:TAG CONTEXT_PATH $ docker build -t gvacca/nginx:1.0 . The location of the Dockerfile defaults to ./Dockerfile You can specify the actual Dockerfile path with ‘-f’, e.g.: $ docker build -t gvacca/nginx -f ./Dockerfile.ubuntu Analyze the “build history” of an image: $docker history gvacca/nginx The “build context” is composed by the files at a specified CONTEXT_PATH (dir or URL)
Build an image gvacca@dockerubuntu:~simple_nginx$ sudo docker build -t gvacca/simple-nginx . Sending build context to Docker daemon 7.168 kB Step 1 : FROM ubuntu:14.04 ---> 1d073211c498 … Step 2 : MAINTAINER Giacomo Vacca <gv@rtcsoft.net> ---> Running in 10a8334becfd ---> 559310abf4fb Removing intermediate container 10a8334becfd Step 3 : RUN apt-get update ---> Running in 873b09debab0 … Step 8 : EXPOSE 8080 ---> Running in a27f73413c02 ---> f5ef8527f2a3 Removing intermediate container a27f73413c02 Step 9 : CMD /usr/sbin/nginx ---> Running in d99de19cc782 ---> df76d20cd00f Removing intermediate container d99de19cc782 Successfully built df76d20cd00f
List Available Images List locally available images: $ docker images Clean up useless images: $ docker images -q --filter “dangling=true”
Push an Image to Registry $ docker push gvacca/nginx URL $ docker push USER/LABEL REGISTRY_URL
Pull an Image from Registry $ docker pull gvacca/nginx $ docker pull USER/LABEL Will search in a local repo first, unless the full repo URL is specified.
Run a Container $ docker run -i -t gvacca/nginx $ docker run [--name NAME] [options] USER/LABEL [command] If the image is not found locally Docker searches it remotely. A container runs as long as there’s an active process in foreground. See also ‘docker start|stop|restart ID’
Check Running Containers $ docker ps [-a] $ docker top In general, use ‘docker info’ to get a summary
Entering inside a running container $ docker attach CONTAINER_NAME $ docker exec -it CONTAINER_NAME COMMAND $ docker exec -it gvacca/nginx /bin/bash $ docker logs CONTAINER_NAME Or show processes running inside a container: $ docker top CONTAINER_NAME
Port Mapping Association between the ports exposed by the container and the ports used on the host. EXPOSE command for Dockerfile Port mapping at run time: one or more ‘-p’ arguments to docker run. No need for port mapping when the container is inside a network (see later). You can expose port ranges (recent improvement).
Volumes • Share a folder between host and container. • VOLUME command inside the Dockerfile • Dynamic volume association at run time: one or more ‘-v’ arguments. • Volumes shared by an image are available even if the container is not running (but it needs to still exist).
Inspect a Container $ docker inspect nginx $ docker inspect CONTAINER_NAME
Output of inspect { "Id": "c61b85d3a9451d2ac3bbe301f54dc97b0df13c2835d0fb1f6214db64929e646d", "Created": "2016-01-05T09:47:16.125279193Z", "Path": "/bin/sh", "Args": [ "-c", "nginx" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 16817, …
Keeping images clean $ apt-get remove --purge -y $BUILD_PACKAGES $(apt-mark showauto) && rm -rf /var/lib/apt/lists/* https://www.dajobe.org/blog/2015/04/18/making-debian-docker-images-smaller/
Docker Toolbox • You can run a Docker environment on your OSX/Windows laptop • Docker Toolbox installs Docker Machine (‘client-machine’), which creates a Linux Virtual Machine (with VirtualBox) for you, with Docker Engine inside • Docker Toolbox installs a docker client (‘docker’) on your machine • The docker client connects to the Docker Engine running inside the VM https://www.docker.com/docker-toolbox
Run the container gvacca@dockerubuntu:simple_nginx$ sudo docker run -d --name nginx -p 8080:8080 -v $PWD/website:/var/www/html/website gvacca/simple-nginx add8d371f82f615ebbd121cea804511dcdafac893b14325366744797424fa44c gvacca@dockerubuntu:simple_nginx$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES add8d371f82f gvacca/simple-nginx "/usr/sbin/nginx" 11 seconds ago Up 9 seconds 0.0.0.0:8080->8080/tcp nginx gvacca@dockerubuntu:simple_nginx$ ps aux |grep docker root 792 0.0 4.7 693136 23740 ? Ssl Nov04 11:20 /usr/bin/docker daemon root 1977 0.0 2.6 152692 13172 ? Sl 11:26 0:00 docker-proxy - proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.2 -container-port 8080
Networks of Containers • “docker network” defined since Docker 1.9 • Create an isolated network, then attach containers to it • Containers on different networks by default don’t see each other • Internal private addressing managed by Docker • Brilliant for prototyping and emulating entire architectures • Better have one single application per container
Docker inside Docker But you need the privileged mode
Orchestration • Docker Composer • Docker Swarm • Google’s Kubernetes • Apache Mesos • Puppet & others
Docker as Slave for Jenkins • Associate specific Docker images to specific Jenkins build jobs • Keep builds clean & reproducible (“Non-event releases”) • Run slave containers on demand - stop them when not needed. • Jenkins Plugin: https://wiki.jenkins-ci.org/display/JENKINS/Docker +Plugin • Other Cloud methods, e.g. Mesos
Jenkins to build Docker images • A Jenkins job: • Checks out a Dockerfile from a repo • Builds the image • Upload the new image in a registry • May re-use images for new builds (careful about integrity)
Puppet to manage Docker containers • Module for docker: https://forge.puppetlabs.com/garethr/docker • Installs Docker and required dependencies • Launches the Docker daemon • Sets DNS, users and other configuration items • Pull images from selected repos • Run containers (image + command)
Run Jenkins inside Docker • Manage Jenkins with a dedicated image + volume with data • From the official Docker registry: https://hub.docker.com/_/jenkins/ docker run -d -p 8080:8080 -p 50000:50000 -v ~:/var/jenkins_home jenkins • TCP 8080: Web UI • TCP 50000: interface to connect slaves
Questions and Answers Thanks
Recommended Books • “The Docker book”, J. Turnbull, http://www.amazon.co.uk/Docker- Book-Containerization-new-virtualization-ebook/dp/B00LRROTI4 • “Continuous Delivery”, J. Humble, http://www.amazon.com/ Continuous-Delivery-Deployment-Automation-Addison-Wesley/dp/ 0321601912 • “Building Microservices”, S. Newman, http://shop.oreilly.com/ product/0636920033158.do

More Related Content

Docker From Scratch

  • 1. Docker from Scratch Giacomo Vacca, Founder at RTCSoft, gv@rtcsoft.net
  • 2. About me • 15 years “in the trenches cubicles” • Developer of RTC (VoIP, IM, WebRTC) solutions • Often dealing with DevOps topics • Founder of RTCSoft in 2015 @giavac https://github.com/giavac gv@rtcsoft.net
  • 3. Objective of this presentation
  • 4. Docker usage scenarios • Run services • Deployment mechanism • Prototyping • Testing • Continuous Integration/Delivery
  • 6. Previously on this show http://www.slideshare.net/GiacomoVacca/docker-and-puppet-for-continuous-integration
  • 7. What is Docker, really? • An Open-Source (Go) framework to manage “container virtualisation” • Docker isolates multiple user spaces (file systems) inside the same host • The user space instances are called “Containers” • They give you the illusion of being inside a VM • Think about “execution environments” or “sandboxes” • No need for an hypervisor (and so very quick to launch) • Requires x64 Linux and kernel 3.8+
  • 9. Virtual Machines vs Docker Source: https://www.docker.com/what-docker
  • 10. What Docker is not? • A programming language • An OS • A Virtual Machine • An image in the traditional hypervisor-based Virtual Machine concept
  • 11. Where is Docker used? • Uber, eBay, BBC News, shopify, ING • and many others… • Used by Google Cloud (with the Container Engine + Kubernetes) source: https://www.docker.com/customers
  • 12. Who should know about Docker? • Developers • Yes, even mobile developers • Sysadmins • “DevOps” people • Architects/CTO/COO (want to save some money?) • You (probably)
  • 13. Glossary • Docker, aka Docker Engine: the daemon managing docker images and containers (using namespaces and cgroups). It runs on the (Linux-based) Host. • Docker client: the binary interacting with the Docker Engine. • Docker Image: a filesystem (read-only template) used to create a Container (think “the binary”) • Docker Container: a running image providing a service (think “the process”) • Host: the computer running the Docker Engine • Docker Registry: a private or public (Docker Hub) collection of Docker Images • Docker Machine: provision hosts and install Docker on them • Docker Compose: create and manage multi-container architectures • Docker Swarm: orchestrating tool to provision and schedule containers
  • 15. The Easiest Thing To Do… • $ docker run -it BASEIMAGE /bin/bash • (will pull the BASEIMAGE layers) • $ docker run -i -t ubuntu /bin/bash • Do something inside the container (install packages, configure app): magic! • $ docker commit CONTAINERID NEWIMAGELABEL • Check created image with ‘docker images’
  • 17. Docker and the Kernel • Containers interact with the kernel through system calls • There are no parts of the kernel or kernel modules inside a container • A container cannot use a different kernel (version) than the host • The same kernel is shared by all the containers
  • 18. Workflow • Build an image (Dockerfile + base images pulled automatically) • docker build -t gvacca/nginx . • Store image in a registry (public, e.g. Dockerhub, or private) • docker push gvacca/nginx • Pull image on the target host • docker pull gvacca/nginx • Run container on the target host • docker run -it gvacca/nginx
  • 19. Dockerfiles • Files that contain the “recipe” to build an image • Created and stored as any other source code • Help defining and documenting the building process • Define layer after layer the final image
  • 20. Dockerfile - example FROM ubuntu:latest MAINTAINER Giacomo Vacca <gv@rtcsoft.net> RUN apt-get update # Install nginx RUN apt-get -y -q install nginx # Prepare target dir for website (Must match global.conf) RUN mkdir -p /var/www/html # Configure nginx COPY nginx/nginx.conf /etc/nginx/nginx.conf COPY nginx/global.conf /etc/nginx/conf.d/global.conf EXPOSE 8080 CMD [ "/usr/sbin/nginx" ]
  • 21. Build an Image docker build -t USER/LABEL:TAG CONTEXT_PATH $ docker build -t gvacca/nginx:1.0 . The location of the Dockerfile defaults to ./Dockerfile You can specify the actual Dockerfile path with ‘-f’, e.g.: $ docker build -t gvacca/nginx -f ./Dockerfile.ubuntu Analyze the “build history” of an image: $docker history gvacca/nginx The “build context” is composed by the files at a specified CONTEXT_PATH (dir or URL)
  • 22. Build an image gvacca@dockerubuntu:~simple_nginx$ sudo docker build -t gvacca/simple-nginx . Sending build context to Docker daemon 7.168 kB Step 1 : FROM ubuntu:14.04 ---> 1d073211c498 … Step 2 : MAINTAINER Giacomo Vacca <gv@rtcsoft.net> ---> Running in 10a8334becfd ---> 559310abf4fb Removing intermediate container 10a8334becfd Step 3 : RUN apt-get update ---> Running in 873b09debab0 … Step 8 : EXPOSE 8080 ---> Running in a27f73413c02 ---> f5ef8527f2a3 Removing intermediate container a27f73413c02 Step 9 : CMD /usr/sbin/nginx ---> Running in d99de19cc782 ---> df76d20cd00f Removing intermediate container d99de19cc782 Successfully built df76d20cd00f
  • 23. List Available Images List locally available images: $ docker images Clean up useless images: $ docker images -q --filter “dangling=true”
  • 24. Push an Image to Registry $ docker push gvacca/nginx URL $ docker push USER/LABEL REGISTRY_URL
  • 25. Pull an Image from Registry $ docker pull gvacca/nginx $ docker pull USER/LABEL Will search in a local repo first, unless the full repo URL is specified.
  • 26. Run a Container $ docker run -i -t gvacca/nginx $ docker run [--name NAME] [options] USER/LABEL [command] If the image is not found locally Docker searches it remotely. A container runs as long as there’s an active process in foreground. See also ‘docker start|stop|restart ID’
  • 27. Check Running Containers $ docker ps [-a] $ docker top In general, use ‘docker info’ to get a summary
  • 28. Entering inside a running container $ docker attach CONTAINER_NAME $ docker exec -it CONTAINER_NAME COMMAND $ docker exec -it gvacca/nginx /bin/bash $ docker logs CONTAINER_NAME Or show processes running inside a container: $ docker top CONTAINER_NAME
  • 29. Port Mapping Association between the ports exposed by the container and the ports used on the host. EXPOSE command for Dockerfile Port mapping at run time: one or more ‘-p’ arguments to docker run. No need for port mapping when the container is inside a network (see later). You can expose port ranges (recent improvement).
  • 30. Volumes • Share a folder between host and container. • VOLUME command inside the Dockerfile • Dynamic volume association at run time: one or more ‘-v’ arguments. • Volumes shared by an image are available even if the container is not running (but it needs to still exist).
  • 31. Inspect a Container $ docker inspect nginx $ docker inspect CONTAINER_NAME
  • 32. Output of inspect { "Id": "c61b85d3a9451d2ac3bbe301f54dc97b0df13c2835d0fb1f6214db64929e646d", "Created": "2016-01-05T09:47:16.125279193Z", "Path": "/bin/sh", "Args": [ "-c", "nginx" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 16817, …
  • 33. Keeping images clean $ apt-get remove --purge -y $BUILD_PACKAGES $(apt-mark showauto) && rm -rf /var/lib/apt/lists/* https://www.dajobe.org/blog/2015/04/18/making-debian-docker-images-smaller/
  • 34. Docker Toolbox • You can run a Docker environment on your OSX/Windows laptop • Docker Toolbox installs Docker Machine (‘client-machine’), which creates a Linux Virtual Machine (with VirtualBox) for you, with Docker Engine inside • Docker Toolbox installs a docker client (‘docker’) on your machine • The docker client connects to the Docker Engine running inside the VM https://www.docker.com/docker-toolbox
  • 35. Run the container gvacca@dockerubuntu:simple_nginx$ sudo docker run -d --name nginx -p 8080:8080 -v $PWD/website:/var/www/html/website gvacca/simple-nginx add8d371f82f615ebbd121cea804511dcdafac893b14325366744797424fa44c gvacca@dockerubuntu:simple_nginx$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES add8d371f82f gvacca/simple-nginx "/usr/sbin/nginx" 11 seconds ago Up 9 seconds 0.0.0.0:8080->8080/tcp nginx gvacca@dockerubuntu:simple_nginx$ ps aux |grep docker root 792 0.0 4.7 693136 23740 ? Ssl Nov04 11:20 /usr/bin/docker daemon root 1977 0.0 2.6 152692 13172 ? Sl 11:26 0:00 docker-proxy - proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.2 -container-port 8080
  • 36. Networks of Containers • “docker network” defined since Docker 1.9 • Create an isolated network, then attach containers to it • Containers on different networks by default don’t see each other • Internal private addressing managed by Docker • Brilliant for prototyping and emulating entire architectures • Better have one single application per container
  • 37. Docker inside Docker But you need the privileged mode
  • 38. Orchestration • Docker Composer • Docker Swarm • Google’s Kubernetes • Apache Mesos • Puppet & others
  • 39. Docker as Slave for Jenkins • Associate specific Docker images to specific Jenkins build jobs • Keep builds clean & reproducible (“Non-event releases”) • Run slave containers on demand - stop them when not needed. • Jenkins Plugin: https://wiki.jenkins-ci.org/display/JENKINS/Docker +Plugin • Other Cloud methods, e.g. Mesos
  • 40. Jenkins to build Docker images • A Jenkins job: • Checks out a Dockerfile from a repo • Builds the image • Upload the new image in a registry • May re-use images for new builds (careful about integrity)
  • 41. Puppet to manage Docker containers • Module for docker: https://forge.puppetlabs.com/garethr/docker • Installs Docker and required dependencies • Launches the Docker daemon • Sets DNS, users and other configuration items • Pull images from selected repos • Run containers (image + command)
  • 42. Run Jenkins inside Docker • Manage Jenkins with a dedicated image + volume with data • From the official Docker registry: https://hub.docker.com/_/jenkins/ docker run -d -p 8080:8080 -p 50000:50000 -v ~:/var/jenkins_home jenkins • TCP 8080: Web UI • TCP 50000: interface to connect slaves
  • 44. Recommended Books • “The Docker book”, J. Turnbull, http://www.amazon.co.uk/Docker- Book-Containerization-new-virtualization-ebook/dp/B00LRROTI4 • “Continuous Delivery”, J. Humble, http://www.amazon.com/ Continuous-Delivery-Deployment-Automation-Addison-Wesley/dp/ 0321601912 • “Building Microservices”, S. Newman, http://shop.oreilly.com/ product/0636920033158.do