using docker with puppet - puppetconf 2014

Docker and PuppetContainerization is the new virtualization

What's this allabout?

What is Docker?

Containervirtualization

Build, ship, run

Build once.

Run in manyplaces.

Isolated, layered,standard and

content agnostic

But this isn'tnew?!!?

So why should I care?Software delivery mechanism - a bit like a package!

Put your application in a container, run it anywhere

A bit like a VM but ...

Caring

Containers boot faster

Containers have less overhead

Containers bring native performance

Containers are Cloud & VM-compatible

Docker BasicsImage & DockerfileThe Docker HubContainer

Building Docker images

FROM ubuntu MAINTAINER James Turnbull "james@example.com"

RUN apt-get -qqy update RUN apt-get install -qqy apache2 ADD index.html /var/www/

ENV APACHE_RUN_USER www-data ENV APACHE_RUN_GROUP www-data ENV APACHE_LOG_DIR /var/log/apache2

EXPOSE 80

ENTRYPOINT ["/usr/sbin/apache2"] CMD ["-D", "FOREGROUND"]

Building the image

$ sudo docker build -t="jamtur01/apache2" .

Sharing the image

$ sudo docker push jamtur01/apache2

Running the container

$ sudo docker run -ti -p 80:80 jamtur01/apache2

Docker andPuppet

So does theDockerfile solve

all?

Well sorta...It depends.

Doesn't have to deal with low-level stuffDoesn't have to convergeRebuilds are fast and cachedAllows inheritance and compositionEasy learning curve

But...

Doesn't deal with low-level stuffDoesn't define resource dependenciesDoesn't define what runs when

Dockerfileversus

Shell script

Shell scriptsOkay for simple stacksImperativeRarely idempotent

Dockerfileversus

ConfigurationManagement

The GoodHandles low-level stuffAbstracts detailsEnsures convergence to a known stateLibrary of reusable, composabletemplates

The BadSteep learning curveGenerally requires a triggerResource-intensive

Digging and fixing,Having so much fun

Working together,They get the job done

BeforeUse Puppet to setup hardware,

install packages, deploy code, runservices.

AfterUse Puppet to setup hardware,install Docker, run containers.

Use Dockerfiles to installpackages, deploy code, run

services.

Install Dockerwith Puppet

Should I runPuppet in mycontainers?

Nope!

Should I usePuppet to build

my images?

Yep!

Deploying aPuppet-powered

container

Puppet Apply

FROM ubuntu:14.04

MAINTAINER James Turnbull "james@example.com"

RUN apt-get -qqy update RUN apt-get -qqy install rubygems RUN gem install --no-ri --no-rdoc puppet

RUN mkdir /puppet WORKDIR /puppet ADD site.pp /puppet/site.pp

RUN puppet apply site.pp

Librarian Puppet

FROM ubuntu:14.04 MAINTAINER James Turnbull "james@example.com"

RUN apt-get -y -q install wget git-core rubygems RUN gem install --no-ri --no-rdoc puppet librarian-puppet

ADD Puppetfile / RUN librarian-puppet install RUN puppet apply --modulepath=/modules -e "class { 'nginx': }" RUN echo "daemon off;" >> /etc/nginx/nginx.conf

EXPOSE 80

CMD ["nginx"]

But there's more!

What if we could get rid of...SSHd - Access via nsenter or docker execCrond in a containerLogging in a container

Creates a newarchitecture

Separates orthogonal concernsDon't rebuild your app to change servicesHave different policies in domainsShip lighter apps