Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of Docker 1 0 !

If you're not familiar yet with Docker, here is your chance to catch up. This presentation includes a quick overview of the Open Source Docker Engine, and its associated services delivered through the Docker Hub. Recent features are listed, as well as a glimpse at what's next in the Docker world. This presentation was given during OSCON, at a meet-up hosted by New Relic, with co-presentations from CoreOS and Rackspace OnMetal.

1 of 69
Download to read offline

1

Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of Docker 1 0 !

2

Docker 1.0 1 0 1 Docker 1.1.1 1 0 1 Docker 1.1.2 1 0 1 July 2014—Docker 1.1.2

3

@jpetazzo ● Wrote dotCloud PAAS deployment tools – EC2, LXC, Puppet, Python, Shell, ØMQ... ● Docker contributor – Security, Networking... ● Runs all kinds of crazy things in Docker – Docker-in-Docker, VPN-in-Docker, KVM-in-Docker, Xorg-in-Docker...

4

Let's start with Questions

5

Raise your hand if you have ... ● Tried Docker (online tutorial)

6

Raise your hand if you have ... ● Tried Docker (online tutorial) ● Tried the real Docker (e.g. deployed remote VM)

7

Raise your hand if you have ... ● Tried Docker (online tutorial) ● Tried the real Docker (e.g. deployed remote VM) ● Installed Docker locally (e.g. with boot2docker)

8

Raise your hand if you have ... ● Tried Docker (online tutorial) ● Tried the real Docker (e.g. deployed remote VM) ● Installed Docker locally (e.g. with boot2docker) ● Written a Dockerfile (and built it!)

9

Raise your hand if you have ... ● Tried Docker (online tutorial) ● Tried the real Docker (e.g. deployed remote VM) ● Installed Docker locally (e.g. with boot2docker) ● Written a Dockerfile (and built it!) ● An image on Docker Hub (pushed or autobuilt)

10

Raise your hand if you have ... ● Tried Docker (online tutorial) ● Tried the real Docker (e.g. deployed remote VM) ● Installed Docker locally (e.g. with boot2docker) ● Written a Dockerfile (and built it!) ● An image on Docker Hub (pushed or autobuilt) ● Deployed Docker images for dev/QA/test/prod...

11

Agenda ● What is Docker and Why it matters ● What are containers ● The Docker ecosystem (Engine, Hub, etc.) ● Deployment options and first steps ● Docker 1.0, or 1.1, or 1.1.1

12

What is Docker Why it matters

13

Deploy everything ● Webapps ● Backends ● SQL, NoSQL ● Big data ● Message queues ● … and more

14

Deploy almost everywhere ● Linux servers ● VMs or bare metal ● Any distro ● Kernel 3.8+ (or RHEL 2.6.32) Currently: focus on x86_64. (But people reported success on arm.)

15

Deploy reliably & consistently

16

Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of Docker 1 0 !

17

Deploy reliably & consistently ● If it works locally, it will work on the server ● With exactly the same behavior ● Regardless of versions ● Regardless of distros ● Regardless of dependencies

18

Deploy efficiently ● Containers are lightweight – Typical laptop runs 10-100 containers easily – Typical server can run 100-1000 containers ● Containers can run at native speeds – Lies, damn lies, and other benchmarks: http://qiita.com/syoyo/items/bea48de8d7c6d8c73435 http://www.slideshare.net/BodenRussell/kvm-and-docker-lxc-benchmarking-with-openstack

19

Infiniband throughput and latency: no difference at all

20

Booting 15 OpenStack VMs: KVM vs Docker

21

Memory speed: Bare Metal vs Docker vs KVM

22

OK, but what is Docker?

23

Docker runs containers.

24

OK, but what is a container?

25

High level approach: it's a lightweight VM ● Own process space ● Own network interface ● Can run stuff as root ● Can have its own /sbin/init (different from the host) « Machine Container »

26

Low level approach: it's chroot on steroids ● Can also not have its own /sbin/init ● Container = isolated process(es) ● Share kernel with host ● No device emulation (neither HVM nor PV) « Application Container »

27

Stop. Demo time.

28

Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of Docker 1 0 !

29

Alright, I get this. Containers = nimble Vms. Let's just tell the CFO, and get back to work!

30

Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of Docker 1 0 !

31

What happens when something becomes 10-100x cheaper?

32

Random example: testing ● Project X has 100 unit tests ● Each test needs a pristine SQL database

33

Random example: testing ● Project X has 100 unit tests ● Each test needs a pristine SQL database ● Plan A: spin up 1 database, clean after each use – If we don't clean correctly, random tests will fail – Cleaning correctly can be expensive (e.g. reload DB)

34

Random example: testing ● Project X has 100 unit tests ● Each test needs a pristine SQL database ● Plan B: spin up 100 databases – … in parallel: needs too much resources – … one after the other: takes too long

35

Random example: testing ● Project X has 100 unit tests ● Each test needs a pristine SQL database ● Plan C: spin up 100 databases in containers – fast, efficient (no overhead, copy-on-write) – easy to implement without virtualization black belt

36

Containers make testing (and many other things) way easier

37

The container metaphor

38

Problem: shipping goods ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

39

Solution: the intermodal shipping container

40

Solved!

41

Problem: shipping code ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

42

Solution: the Linux container

43

Solved!

44

Separation of concerns: Dave the Developer ● Inside my container: – my code – my libraries – my package manager – my app – my data

45

Separation of concerns: Oscar the Ops guy ● Outside the container: – logging – remote access – network configuration – monitoring

46

Docker's Entourage

47

Docker: the cast ● Docker Engine ● Docker Hub ● Docker, the community ● Docker Inc, the company

48

Docker Engine ● Open Source engine to commoditize LXC ● Uses copy-on-write for quick provisioning ● Written in Go, runs as a daemon, comes with a CLI ● Everything exposed through a REST API ● Allows to build images in standard, reproducible way ● Allows to share images through registries ● Defines standard format for containers (stack of layers; 1 layer = tarball+metadata)

49

… Open Source? ● Nothing up the sleeve, everything on the table – Public GitHub repository: https://github.com/dotcloud/docker – Bug reports: GitHub issue tracker – Mailing lists: docker-user, docker-dev (Google groups) – IRC channels: #docker, #docker-dev (Freenode) – New features: GitHub pull requests (see CONTRIBUTING.md) – Docker Governance Advisory Board (elected by contributors)

50

Docker Hub Collection of services to make Docker more useful. ● Public registry (push/pull your images for free) ● Private registry (push/pull secret images for $) ● Automated builds (link github/bitbucket repo; trigger build on commit) ● More to come!

51

Docker, the community ● >500 contributors ● ~20 core maintainers ● >8,000 Dockerized projects on GitHub ● >20,000 repositories on Docker Hub ● >250 meetups in >90 cities in >30 countries ● >500,000 downloads of boot2docker

52

Docker Inc, the company ● Headcount: ~50 ● Led by Open Source veteran Ben Golub (GlusterFS) ● Revenue: – t-shirts and stickers featuring the cool blue whale – SAAS delivered through Docker Hub – Support & Training

53

Using Docker

54

One-time setup ● On your dev env (Linux, OS X, Windows) – boot2docker (25 MB VM image) – Natively (if you run Linux) ● On your servers (Linux) – Packages (Ubuntu, Debian, Fedora, Gentoo, Arch...) – Single binary install (Golang FTW!) – Easy provisioning on Rackspace, Digital Ocean, EC2, GCE... – Special distros: CoreOS, Project Atomic

55

Authoring images with a Dockerfile

56

FROM ubuntu:14.04 RUN apt-get update RUN apt-get install -y nginx RUN echo 'Hi, I am in your container!' >/usr/share/nginx/html/index.html CMD nginx -g "daemon off;" EXPOSE 80 docker build -t jpetazzo/staticweb . docker run -P jpetazzo/staticweb

57

Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of Docker 1 0 !

58

FROM ubuntu:12.04 RUN apt-get -y update RUN apt-get install -y g++ RUN apt-get install -y erlang-dev erlang-base-hipe ... RUN apt-get install -y libmozjs185-dev libicu-dev libtool ... RUN apt-get install -y make wget RUN wget http://.../apache-couchdb-1.3.1.tar.gz | tar -C /tmp -zxf- RUN cd /tmp/apache-couchdb-* && ./configure && make install RUN printf "[httpd]nport = 8101nbind_address = 0.0.0.0" > /usr/local/etc/couchdb/local.d/docker.ini EXPOSE 8101 CMD ["/usr/local/bin/couchdb"] docker build -t jpetazzo/couchdb .

59

FROM debian:jessie RUN apt-get -y update RUN apt-get install -y python-pip RUN mkdir /src WORKDIR /src ADD requirements.txt /src RUN pip install -r requirements.txt ADD . /src RUN python setup.py install

60

Do you even Chef? Puppet? Ansible? Salt?

61

Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of Docker 1 0 !

62

Summary With Docker, I can: ● put my software in containers ● run those containers anywhere ● write recipes to automatically build containers

63

Advanced concepts ● naming – give a unique name to your containers ● links – connect containers together ● volumes – separate code and data – share data between containers

64

Recent features: 0.10 ● TLS support for API access ● Configurable DNS search ● BTRFS is no longer experimental ● Integration with systemd cgroups ● Use proxy environment variables (for registry)

65

Recent features: 0.11 ● SELinux integration (works better with CentOS) ● DNS integration for links (access linked containers by hostname) ● « docker run --net » – use host networking for high speed – share network of another container

66

Recent features: 0.12 ● docker pause/unpause ● more importantly: 1.0 release candidate :-)

67

Docker 1.1 ● .dockerignore (don't upload your .git anymore!) ● docker logs --tail – further logging improvements on the way (truncate)

68

Coming soon (maybe) ● logging improvements ● device access ● device mapper tuning ● image squashing ● ARM support ● use secrets in builds ● volume management ● hairpin nat ● IPV6 support ● capabilities fine-tuning ● seccomp + native ● user namespaces

69

Thank you! Questions? http://docker.com/ @docker @jpetazzo

More Related Content

Docker 1 0 1 0 1: a Docker introduction, actualized for the stable release of Docker 1 0 !

  • 2. Docker 1.0 1 0 1 Docker 1.1.1 1 0 1 Docker 1.1.2 1 0 1 July 2014—Docker 1.1.2
  • 3. @jpetazzo ● Wrote dotCloud PAAS deployment tools – EC2, LXC, Puppet, Python, Shell, ØMQ... ● Docker contributor – Security, Networking... ● Runs all kinds of crazy things in Docker – Docker-in-Docker, VPN-in-Docker, KVM-in-Docker, Xorg-in-Docker...
  • 5. Raise your hand if you have ... ● Tried Docker (online tutorial)
  • 6. Raise your hand if you have ... ● Tried Docker (online tutorial) ● Tried the real Docker (e.g. deployed remote VM)
  • 7. Raise your hand if you have ... ● Tried Docker (online tutorial) ● Tried the real Docker (e.g. deployed remote VM) ● Installed Docker locally (e.g. with boot2docker)
  • 8. Raise your hand if you have ... ● Tried Docker (online tutorial) ● Tried the real Docker (e.g. deployed remote VM) ● Installed Docker locally (e.g. with boot2docker) ● Written a Dockerfile (and built it!)
  • 9. Raise your hand if you have ... ● Tried Docker (online tutorial) ● Tried the real Docker (e.g. deployed remote VM) ● Installed Docker locally (e.g. with boot2docker) ● Written a Dockerfile (and built it!) ● An image on Docker Hub (pushed or autobuilt)
  • 10. Raise your hand if you have ... ● Tried Docker (online tutorial) ● Tried the real Docker (e.g. deployed remote VM) ● Installed Docker locally (e.g. with boot2docker) ● Written a Dockerfile (and built it!) ● An image on Docker Hub (pushed or autobuilt) ● Deployed Docker images for dev/QA/test/prod...
  • 11. Agenda ● What is Docker and Why it matters ● What are containers ● The Docker ecosystem (Engine, Hub, etc.) ● Deployment options and first steps ● Docker 1.0, or 1.1, or 1.1.1
  • 13. Deploy everything ● Webapps ● Backends ● SQL, NoSQL ● Big data ● Message queues ● … and more
  • 14. Deploy almost everywhere ● Linux servers ● VMs or bare metal ● Any distro ● Kernel 3.8+ (or RHEL 2.6.32) Currently: focus on x86_64. (But people reported success on arm.)
  • 15. Deploy reliably & consistently
  • 17. Deploy reliably & consistently ● If it works locally, it will work on the server ● With exactly the same behavior ● Regardless of versions ● Regardless of distros ● Regardless of dependencies
  • 18. Deploy efficiently ● Containers are lightweight – Typical laptop runs 10-100 containers easily – Typical server can run 100-1000 containers ● Containers can run at native speeds – Lies, damn lies, and other benchmarks: http://qiita.com/syoyo/items/bea48de8d7c6d8c73435 http://www.slideshare.net/BodenRussell/kvm-and-docker-lxc-benchmarking-with-openstack
  • 19. Infiniband throughput and latency: no difference at all
  • 20. Booting 15 OpenStack VMs: KVM vs Docker
  • 21. Memory speed: Bare Metal vs Docker vs KVM
  • 24. OK, but what is a container?
  • 25. High level approach: it's a lightweight VM ● Own process space ● Own network interface ● Can run stuff as root ● Can have its own /sbin/init (different from the host) « Machine Container »
  • 26. Low level approach: it's chroot on steroids ● Can also not have its own /sbin/init ● Container = isolated process(es) ● Share kernel with host ● No device emulation (neither HVM nor PV) « Application Container »
  • 29. Alright, I get this. Containers = nimble Vms. Let's just tell the CFO, and get back to work!
  • 31. What happens when something becomes 10-100x cheaper?
  • 32. Random example: testing ● Project X has 100 unit tests ● Each test needs a pristine SQL database
  • 33. Random example: testing ● Project X has 100 unit tests ● Each test needs a pristine SQL database ● Plan A: spin up 1 database, clean after each use – If we don't clean correctly, random tests will fail – Cleaning correctly can be expensive (e.g. reload DB)
  • 34. Random example: testing ● Project X has 100 unit tests ● Each test needs a pristine SQL database ● Plan B: spin up 100 databases – … in parallel: needs too much resources – … one after the other: takes too long
  • 35. Random example: testing ● Project X has 100 unit tests ● Each test needs a pristine SQL database ● Plan C: spin up 100 databases in containers – fast, efficient (no overhead, copy-on-write) – easy to implement without virtualization black belt
  • 36. Containers make testing (and many other things) way easier
  • 38. Problem: shipping goods ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
  • 41. Problem: shipping code ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
  • 44. Separation of concerns: Dave the Developer ● Inside my container: – my code – my libraries – my package manager – my app – my data
  • 45. Separation of concerns: Oscar the Ops guy ● Outside the container: – logging – remote access – network configuration – monitoring
  • 47. Docker: the cast ● Docker Engine ● Docker Hub ● Docker, the community ● Docker Inc, the company
  • 48. Docker Engine ● Open Source engine to commoditize LXC ● Uses copy-on-write for quick provisioning ● Written in Go, runs as a daemon, comes with a CLI ● Everything exposed through a REST API ● Allows to build images in standard, reproducible way ● Allows to share images through registries ● Defines standard format for containers (stack of layers; 1 layer = tarball+metadata)
  • 49. … Open Source? ● Nothing up the sleeve, everything on the table – Public GitHub repository: https://github.com/dotcloud/docker – Bug reports: GitHub issue tracker – Mailing lists: docker-user, docker-dev (Google groups) – IRC channels: #docker, #docker-dev (Freenode) – New features: GitHub pull requests (see CONTRIBUTING.md) – Docker Governance Advisory Board (elected by contributors)
  • 50. Docker Hub Collection of services to make Docker more useful. ● Public registry (push/pull your images for free) ● Private registry (push/pull secret images for $) ● Automated builds (link github/bitbucket repo; trigger build on commit) ● More to come!
  • 51. Docker, the community ● >500 contributors ● ~20 core maintainers ● >8,000 Dockerized projects on GitHub ● >20,000 repositories on Docker Hub ● >250 meetups in >90 cities in >30 countries ● >500,000 downloads of boot2docker
  • 52. Docker Inc, the company ● Headcount: ~50 ● Led by Open Source veteran Ben Golub (GlusterFS) ● Revenue: – t-shirts and stickers featuring the cool blue whale – SAAS delivered through Docker Hub – Support & Training
  • 54. One-time setup ● On your dev env (Linux, OS X, Windows) – boot2docker (25 MB VM image) – Natively (if you run Linux) ● On your servers (Linux) – Packages (Ubuntu, Debian, Fedora, Gentoo, Arch...) – Single binary install (Golang FTW!) – Easy provisioning on Rackspace, Digital Ocean, EC2, GCE... – Special distros: CoreOS, Project Atomic
  • 56. FROM ubuntu:14.04 RUN apt-get update RUN apt-get install -y nginx RUN echo 'Hi, I am in your container!' >/usr/share/nginx/html/index.html CMD nginx -g "daemon off;" EXPOSE 80 docker build -t jpetazzo/staticweb . docker run -P jpetazzo/staticweb
  • 58. FROM ubuntu:12.04 RUN apt-get -y update RUN apt-get install -y g++ RUN apt-get install -y erlang-dev erlang-base-hipe ... RUN apt-get install -y libmozjs185-dev libicu-dev libtool ... RUN apt-get install -y make wget RUN wget http://.../apache-couchdb-1.3.1.tar.gz | tar -C /tmp -zxf- RUN cd /tmp/apache-couchdb-* && ./configure && make install RUN printf "[httpd]nport = 8101nbind_address = 0.0.0.0" > /usr/local/etc/couchdb/local.d/docker.ini EXPOSE 8101 CMD ["/usr/local/bin/couchdb"] docker build -t jpetazzo/couchdb .
  • 59. FROM debian:jessie RUN apt-get -y update RUN apt-get install -y python-pip RUN mkdir /src WORKDIR /src ADD requirements.txt /src RUN pip install -r requirements.txt ADD . /src RUN python setup.py install
  • 62. Summary With Docker, I can: ● put my software in containers ● run those containers anywhere ● write recipes to automatically build containers
  • 63. Advanced concepts ● naming – give a unique name to your containers ● links – connect containers together ● volumes – separate code and data – share data between containers
  • 64. Recent features: 0.10 ● TLS support for API access ● Configurable DNS search ● BTRFS is no longer experimental ● Integration with systemd cgroups ● Use proxy environment variables (for registry)
  • 65. Recent features: 0.11 ● SELinux integration (works better with CentOS) ● DNS integration for links (access linked containers by hostname) ● « docker run --net » – use host networking for high speed – share network of another container
  • 66. Recent features: 0.12 ● docker pause/unpause ● more importantly: 1.0 release candidate :-)
  • 67. Docker 1.1 ● .dockerignore (don't upload your .git anymore!) ● docker logs --tail – further logging improvements on the way (truncate)
  • 68. Coming soon (maybe) ● logging improvements ● device access ● device mapper tuning ● image squashing ● ARM support ● use secrets in builds ● volume management ● hairpin nat ● IPV6 support ● capabilities fine-tuning ● seccomp + native ● user namespaces