VAGRANT/DOCKER INTROBUILDING VMS EFFICIENTLY WITH VAGRANT
STEPPING INTO THE CONTAINER WORLD WITH DOCKERCreated by / @zepag @XwaldRob
VAGRANT
WHAT IS IT?
A tool to build VMs based on boxes (ISOs)
Used to be as close as possible to Prod
Initially build for VirtualBox and extended
Written in Ruby
Free (VirtualBox) | Pay (VMWare Fusion)
WHY SHOULD I CARE?Fast way to create a dedicated Dev environment
Pets vs Cattle: throw away VMs
It's much faster than creating a VM by hand and configuring it
HOW DO I INSTALL IT?Get VirtualBox
Download the Vagrant (Mac/Linux/Win)installer
Get a Box
HOW DO I ACCESS ITSERVICES
NAT
config.vm.network :forwarded_port, guest: 8080, host: 80
Private Network
config.vm.network "private_network", ip: "192.168.60.100"
Public Network
config.vm.network "public_network"
REMOTE CONNECTION
SSH/RDP
HOW DO I CUSTOMIZE IT?config.vm.provider "virtualbox" do |vb| # Display the VirtualBox GUI when booting the machine # vb.gui = # Customize the amount of memory on the VM: vb.cpus = 4 vb.memory = 4096 config.vm.hostname = "dockerbox"end
WHAT ABOUT CONFIGURATION MANAGEMENT?ALL MAJOR PROVISIONERS ARE SUPPORTED
shell
Chef
Puppet
Ansible
CFEngine
...
CREATE A SINGLE VMSHELL PROVISIONNING - PRIVATE NETWORK
> vagrant init chef/CentOS-7.0
Survival kit
uphaltsuspendresumereloadsshdestroy
CREATE A CLUSTER(1..$num_instances).each do |i| config.vm.define vm_name = "%s-%02d" % [$instance_name_prefix, i] do |config| config.vm.hostname = vm_name ... end config.vm.provider :virtualbox do |vb| vb.gui = vm_gui vb.memory = vm_memory vb.cpus = vm_cpus end
ip = "172.17.8.#{i+100}" config.vm.network :private_network, ip: ip [...]
end
DEMO: DOCKER VM
ANSIBLE PROVISIONING - PRIVATE NETWORK
---- hosts: all sudo: yes sudo_user: root tasks: - name: Download latest docker binary archive get_url: url: http://get.docker.io/builds/Linux/x86_64/docker-latest.tgz dest: /tmp [...]
DOCKER
WHAT IS IT?
Docker is an open platform for developers and sysadmins to
build, ship, and run distributed applications. Consisting of
Docker Engine, a portable, lightweight runtime and packaging
tool, and Docker Hub, a cloud service for sharing applications
and automating workflows, Docker enables apps to be
quickly assembled from components and eliminates the
friction between development, QA, and production
environments. As a result, IT can ship faster and run the same
app, unchanged, on laptops, data center VMs, and any cloud.
( )docker.com
SOLOMON HYKES, DOCKER’S FOUNDER & CTO, GIVES AN OVERVIEW OF DOCKER IN THIS SHORT VIDEO(7:16).
CONTAINERS?
RUNNING CONTAINERS EVERYWHERE!The underlying technology is mature (cgroups, namespaces,
copy-on-write systems)
Ability to run on any Linux server today: physical, virtual, VM,
cloud, OpenStack...
Ability to switch easily from one host to the other
Self contained environment = no dependency hell
WHAT'S IN IT FOR DEVS AND OPS?if you catch my drift ;-)
DEVS WORRY ABOUT
code
libraries
apps
data
all linux servers look the same
OPS WORRY ABOUT
logging
file system
monitoring
networking
all containers start, stop, copy, attach, etc ... the same way
THAT WAS THE ...... DON'T BURST MY BUBBLE MOMENT
MODERN SOFTWARE FACTORYTHE SAME CONTAINER CAN GO FROM DEV, TO TEST, TO QA, TO PROD
DOCKER ARCHITECTUREThe Docker daemon
Receives and processes incoming Docker API requests
The Docker clientCommand line tool - the docker binary
Talks to the Docker daemon via the Docker API
Docker Hub RegistryPublic image registry
The Docker daemon talks to it via the registry API
TRY IT!
RUNNING DOCKER
Linuxnative
OS X & Windowsvia a virtual machine
to get Docker installedAll you needUbuntu, Mac OS X, Windows, AWS ec2, Arch Linux, CentOS, Crux Linux, Debian, Fedora, Frugalware,
GCE, Gentoo, IBM Softlayer, Joyent Compute Service, Microsoft Azure, Rackspace Cloud, RHEL,Oracle Linux, Suse
THE "HELLO, WORLD" CONTAINERWe used one of the smallest, simplest images available: busybox
Busybox is typically used in embedded systems like routers, stripped down linux distros, ...
We ran a single process and echo'ed hello world
> docker run busybox echo "Hello World"
Hello, World
BARE-BONES UBUNTU ON CENTOS
Runs bash in a stripped ubuntu system on CentOS
> docker run -it ubuntu bashroot@6489e6302513:/# dpkg -l | wc -l189root@6489e6302513:/# ps -efUID PID PPID C STIME TTY TIME CMDroot 1 0 0 07:27 ? 00:00:00 bashroot 18 1 0 07:28 ? 00:00:00 ps -efroot@6489e6302513:/#
BACKGROUND CONTAINERS
A container that runs forever
A container running in the background
Listing runing containers
Show container logs (tailing)
Stop/Kill containers
Restart/Attach to a container
SO WHAT IS AN IMAGE?
DIFFERENCE BETWEEN CONTAINERS AND
IMAGES
An image is a read-only FS
A container is an encapsulated set of processes in a read-write copy of that FS
docker run starts a container from an image
OOP ANALOGY
Images are conceptually similar to classes
Layers are conceptually similar to inheritance
Containers are conceptually similar to instances
HOW DO WE MODIFY IMAGES THEN?We don't
We create a new container from that image
We make changes to that container
When done, we transform them into a new layer
A new image is created by staking the new layer on top of theold one
IMAGE NAMESPACESRoot: centos
User (Docker Hub): bob/infinity
Self-Hosted: registry.example.com:5000/a-private-image
BUILDING IMAGES INTERACTIVELYdocker commit
docker tag
docker diff
BUILDING IMAGES WITH A DOCKERFILEDockerfile
FROM centosENV REFRESHED_AT 2015-06-11RUN yum -y install wget
Run
docker build -t "bob/myimage" .
INSPECTING CONTAINERSdocker inspect presentation_pres_1 J '.[].Volumes'
If you want to parse JSON from the shell, use JQ
--format
docker inspect --format '{{ json .Created }}' presentation_pres_1
NETWORKING BASICS
All based on port mapping private addresses (because of IPV4)
-P --publish-all: will publish all exposed ports-p host:guest: manual allocation
SO LET'S DO SOMETHING INTERESTINGCROSS COMPILING A GO APP
We'll download
We'll compile and run your app
We'll cross compile it for linux, windows and OS X
golang images
WORKING WITH VOLUMESBypassing the copy-on-write system to obtain native disk I/O
performance
Bypassing copy-on-write to leave some files out of docker
commit
Sharing a directory between multiple containers
Sharing a directory between the host and a container
Sharing a single file between the host and a container
VOLUMES
IN A COMMAND
docker run -d -v /var/lib/postgresql postgresql
IN A DOCKERFILE
Volume /var/lib/postgresql
Volumes
same performance an host I/O
content is not included into a resulting image
content can not be changed in a Dockerfile
can be shared across containers
exist independently of containers
USE CASESYou want to decide on your FS strategy (LVM, ZFS, BtrFS, ...)
You have a separate disk with better performance (SSD) orresiliency (EBS) than the system disk, and you want to put
important data on that disk
You want to share a directory on your host with the container
What happens when you remove containers?
one container reference, last container orphan,/var/lib/docker
LINKING CONTAINERS
USING NAMES AND LINKS TO COMMUNICATE ACROSS CONTAINERS
Benefitcontainer isolation
Drawbackoperationally challenging (ambassadors, overlaynetwork)
Wordpress: 2 containers linked
DOCKER COMPOSE"BIG ASS" COMMANDS CAN BE REDUCED TO NOTHING
wordpress:
image: wordpress
links:
- db:mysql
ports:
- 8080:80
db:
image: mysql
environment:
MYSQL_ROOT_PASSWORD: pass1234
DOCKER HUBhttps://hub.docker.com/
push/pull/auto build (Github)
public/private($)
finding images/security
SECURITYDo not expose the docker API!
And ... do not expose the docker API!
For good measue: do not expose the docker API!
If you do: TLS!!!
--privileged (full access) or --net host (sniff all traffic in andout of the host)
There is more to it: containers don't contain, default user isroot, use external tools (SELinux)
TIP OF THE ICEBERGNow that you know more about docker, there is docker machine that lets you create docker hosts on
VirtualBox, AWS ec2, Rackspace, ... There's docker Swarm that allows you to mange docker hostckusters, Fleet/etcd (CoreOS), Kubernetes (Google), Consul (Hashicorp), Mesos (Apache/Twitter), etc
... for orchestration.
You've seen the tip of the iceberg ;)
DOCKER MACHINECREATE A DOCKER HOST WITH ONE COMMAND
> dm create -d amazonec2 \ --amazonec2-access-key akey \ --amazonec2-instance-type t2.micro \ --amazonec2-region us-east-1 \ --amazonec2-secret-key asecretkey \ --amazonec2-vpc-id avpc\ dockerec2
> dm create -d virtualbox dev
TODO
DOCKER SWARM
NATIVE CLUSTERING SYSTEM
This presentation was done with using in a VM runnnig
revealjs DockerVagrant Centos 7
You can download the presentation and the demos on Github