dockerize all the things
TRANSCRIPT
Dockerize All The Things!
Chris Tankersley
@dragonmantank
SunshinePHP 2015
SunshinePHP 2015 1
Who Am I
• PHP Programmer for over 10 years
• Sysadmin/DevOps for around 8 years
• Using Linux for more than 15 years
• https://github.com/dragonmantank
SunshinePHP 2015 2
Docker
SunshinePHP 2015 3
What Is Docker?
“Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. Consisting of Docker Engine, a portable, lightweight runtime and packaging tool, and Docker Hub, a cloud service for sharing applications and automating workflows, Docker enables apps to be quickly assembled from components and eliminates the friction between development, QA, and production environments.”
SunshinePHP 2015 4
https://www.docker.com/whatisdocker/
What is it from a technical standpoint?
• Docker is a wrapper around Containers
• Docker Engine is the packaging portion that builds and runs the containers
• Docker Hub allows you to publish images for others to use
• Docker Machine is a bare-metal provisioning tool
• Docker Swarm is an load-balancing deployment tool
• Docker Compose is a multi-container build system
SunshinePHP 2015 5
Containers
SunshinePHP 2015 6
Normal Bare-Metal Server
SunshinePHP 2015 7
CPU RAM HD Network
Operating System
nginx PHP DB
Virtual Machines
SunshinePHP 2015 8
CPU RAM HD Network
Operating System
nginx PHP DB
Operating System
nginx PHP DB
Operating System
Hypervisor
Containers
SunshinePHP 2015 9
CPU RAM HD Network
Operating System
nginxnginx PHP DB PHP DB
Docker can use many different containers
• Since 0.9.0 it supports:• LXC (Linux Containers) – Started with LXC when it was released
• OpenVZ
• Systemd-nspawn
• libvert-sandbox
• Qemu/kvm
• BSD Jails
• Solaris Zones
• chroot
SunshinePHP 2015 10
Still regulated to Linux, BSD, and Solaris
• No native container drivers for OSX or Windows, as they don’t have their own container architecture
• Microsoft is helping with working on a Hyper-V container driver though
• I don’t think there is anything native planned for OSX
SunshinePHP 2015 11
Let’s use Docker
SunshinePHP 2015 12
Running a container
• `docker run` will run a container
• This will not restart an existing container, just create a new one
• docker run [options] IMAGE [command] [arguments]• [options ]modify the docker process for this container
• IMAGE is the image to use
• [command] is the command to run inside the container
• [arguments] are arguments for the command
SunshinePHP 2015 13
Running a simple shell
SunshinePHP 2015 14
Running Two Webservers
SunshinePHP 2015 15
Some Notes
• All three containers are 100% self contained
• Docker containers share common ancestors, but keep their own files
• `docker run` parameters:• --rm – Destroy a container once it exits
• -d – Run in the background (daemon mode)
• -i – Run in interactive mode
• --name – Give the container a name
• -p [local port]:[container port] – Forward the local port to the container port
SunshinePHP 2015 16
Volumes
SunshinePHP 2015 17
Modifying a running container
• `docker exec` can run a command inside of an existing container
• Use Volumes to share data
SunshinePHP 2015 18
Persistent Data with Volumes
• You can designate a volume with -v
• Volumes can be shared amongst containers
• Volumes can mount data from the host system
SunshinePHP 2015 19
Mounting from the host machine
SunshinePHP 2015 20
Mounting from the host isn’t perfect
• The container now has a window into your host machine
• Permissions can get screwy if you are modifying in the container• Most things it creates will be root by default, and you probably aren’t root on
the host machine
• Host-mounted volumes are not portable at all
SunshinePHP 2015 21
Container Data Volumes
• Uses a small container that does nothing but stores data
• Have our app containers use the data volume to store data
• Use ‘editor containers’ to go in and modify data when needed
SunshinePHP 2015 22
Mounting Data Volumes
SunshinePHP 2015 23
Why not run SSH inside of the container?
• Well, you can…
• Docker is designed for one command per container
• If you need to modify data, then you need to change your setup
• If you have to run SSH, then you need a way to run SSH and your command
SunshinePHP 2015 24
Why go through the hassle?
• Data volumes are portable
• Data volumes are safer
• Separates the app containers from data• Production can use a data volume, dev can use a host volume
• Our app containers stay small
SunshinePHP 2015 25
Network Linking
SunshinePHP 2015 26
Docker Links
• Allows containers to ‘see’ each other over the network
• Each container thinks the other one is just another machine
• Containers all have an internal network address, so we don’t need to expose everything through the host
SunshinePHP 2015 27
More Traditional Setup
SunshinePHP 2015 28
INTARWEBS Nginx PHP-FPM
Data Volume
Port 9000
Editor
Let’s Build It
SunshinePHP 2015 29
More Notes!
• We can now rebuild sections of the app as needed
• We can restart nginx without impacting PHP
• We can extend much easier
• Linked containers will not update if they are stopped/started• If we upgrade PHP, we have to destroy/create the web_server container again
SunshinePHP 2015 30
Creating your own Images
SunshinePHP 2015 31
Dockerfile
• Dockerfile is the configuration steps for an image
• Can be created from scratch, or based on another image
• Allows you to add files, create default volumes, ports, etc
• Can be used privately or pushed to Docker Hub
SunshinePHP 2015 32
FROM phusion/baseimage:0.9.10
# …
CMD ["/sbin/my_init"]
# Nginx-PHP Installation
RUN apt-get update
RUN apt-get install -y vim git curl wget build-essential python-software-properties\
php5-cli php5-fpm php5-mysql php5-pgsql php5-sqlite php5-curl\
php5-gd php5-mcrypt php5-intl php5-imap php5-tidy mysql-client
# …
RUN mkdir /var/www
ADD build/default /etc/nginx/sites-available/default
# …
EXPOSE 80 22
VOLUME /var/www
VOLUME /etc/nginx
VOLUME /etc/php/
VOLUME /var/log
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
SunshinePHP 2015 33
Build it
docker build -t tag_name ./
• This runs through the Dockerfile and generates the image
• We can now use the tag name to run the image
SunshinePHP 2015 34
Other Helpful Commands
SunshinePHP 2015 35
Inspect a container
docker inspect [options] CONTAINER_NAME
• Returns a JSON string with data about the container
• Can also query• docker inspect -f “{{ .NetworkSettings.IPAddres }}” web_server
• Really handy for scripting out things like reverse proxies
SunshinePHP 2015 36
Work with images
• docker pull IMAGE – Pulls down an image before using
• docker images – Lists all the images that are downloaded
• docker rmi IMAGE – Deletes an image if it’s not being used
SunshinePHP 2015 37
Questions?
SunshinePHP 2015 38