Thiago Rondon, thiago@b-datum.comTechnical meeting b-datum

Monday, December 2, 13

VMs vs Containers

SERVER

Host OS

Hypervisor (Type 2)

Guest OS

Bin/libs

Guest OS

Bin/libs

Guest OS

Bin/libs

App A App A’ App B

SERVER

Host OS

Bin/libs Bin/libs

App A

App A’

App B

App B’

dock

er

container

VM

Monday, December 2, 13

Containers

App A

Bin/libs

App A’

Original App Copy of App Modified App

No OS to takeup space, resources,or require restart.

No OS. Can share/bin/libs

Union file system allowsus to only save the diffs.

Between container A and container A’

Monday, December 2, 13

LXC

• LXC (LinuX Containers) let you run a Linux system within another Linux system.

• a container is a group of processes on a Linux box, put together in an isolated environment.

• Inside the box, it look like a VM.

• Outside the box, it looks like a normal processes.

“chroot() on steroids”

Monday, December 2, 13

why LXC ?

• Speed - Fast boots, create VM, deploy tasks

• small footprint

• Virtualization - Own [net interface,fs]

• Isolation security and resources.

Monday, December 2, 13

AUFS

• Another Union File System

• Copy-on-write at the FS layer.

Monday, December 2, 13

Cgroup

• ulimit for groups of processes.

• limit, account and isolate resources.

• not perfect for limit I/O.

Monday, December 2, 13

Good example ?

• Do everything you do in VM, but fast!

• How many VMs do you need ?

• Continuous integration !!

Monday, December 2, 13

docker is user-friendly interface to LXC.

Monday, December 2, 13

docker did all the following...

• It downloaded the base image from the docker index

• it created a new LXC container

• It allocated a filesystem for it

• Mounted a read-write layer

• Allocated a network interface

• Setup an IP for it, with network address translation

• And then executed a process in there

• Captured its output and printed it to you

Monday, December 2, 13

Let’s rock.

• docker  search  ubuntu

• docker  pull  ubuntu

• docker  run  ubuntu  echo  “hello  b-­‐datum”

• docker  run  ubuntu  apt-­‐get  install  -­‐y  memcached

• docker  run  -­‐t  -­‐i  ubuntu  /bin/bash

Monday, December 2, 13

Dockfile#  just  for  testFROM  ubuntuRUN  apt-­‐get  install  -­‐y  memcachedMAINTAINER  Thiago  Rondon,  thiago@b-­‐datum.com

ENTRYPOINT  [“memcached”]USER  daemonEXPOSE  11211

docker build -t mymemcached - < MyDockFile

Monday, December 2, 13

docker exposes git-like commands for comminting changes to running

containers.Changes can be commited.

possible by AUFS.

Monday, December 2, 13

Images

• docker  ps  -­‐l

• docker  commit  xxx  mystuff/memcached

• docker  inspect  mystuff/memcached

• docker  images

• docker  push  mystuff/memcached

Monday, December 2, 13

images & commits

Monday, December 2, 13

History

• docker history

• docker commit

• docker images -viz | dot -Tpng -o docker.png

• docker images -tree

Monday, December 2, 13

Credits

• http://docker.io

Monday, December 2, 13