inBloom, Inc.

Server to CloudConvert a legacy platform to a micro-PaaS using

Docker

Todd Fritz

April 15. 2014

inBloom, Inc. 2

Agenda

• Whoami• Important Announcement• Background• Containers• Create Local Environment• Using Vagrant• Using Docker• Graphical Interfaces for Docker• Shipyard• Two Container Example• Advanced Docker• Questions• References

APRIL 2014

inBloom, Inc. 3

Whoami

Bio: http://www.linkedin/com/in/tfritz• Software Architect at inBloom

The opinions contained within this presentation may not represent my employer, but I think they should.

• Evangelist of layered, distributed, Message-oriented-Middleware• Current focus is middleware through caching, noSQL data store• Exposed to different companies, projects, people and

technologies• Novice bass player• Recent father of a five month old• Scuba diver; next adventure:

https://www.bikiniatoll.com/divetour.html

APRIL 2014

No sleep for you!

inBloom, Inc. 4

Important Announcement

APRIL 2014

inBloom, Inc. 5

Today is April 15th...

APRIL 2014

inBloom, Inc. 6

And, I am not a Dev Ops specialist.

Just took an interest and within a few weeks this is what I learned.

APRIL 2014

inBloom, Inc. 7

Background

APRIL 2014

inBloom, Inc. 8

Note: This presentation will available via slideshare after today.

This talk is part two of: http://www.slideshare.net/ToddFritz/2014-04-03legacytoc

loud Presented at Great Wide Open, April 3, 2014

Some files used while compiling this presentation https://github.com/inbloom/AJUG-2014-04-15-docker

APRIL 2014

inBloom, Inc. 9

Approach the Legacy Monolith

APRIL 2014

I’m a proud stovepipe, just bolted together,

vroom vroom vroom vroom vroom.

inBloom, Inc. 10

Decompose the Monolith

APRIL 2014

Oh, nooo... My job security...

inBloom, Inc. 11

Assemble a Decoupled, Modular System

APRIL 2014

I have free weeknights and weekends now...

inBloom, Inc. 12

Replacing a legacy system. Decompose. Analyze.

Employ an iterative methodology Leverage existing knowledge and literature Some analysis before Decompose and modularize (scale cube) Separation of concerns Proof of concepts are your friend

Deployment environments Private servers Cloud (private, public) Hybrid

Platform architectures Legacy PaaS xPaaS

APRIL 2014

inBloom, Inc. 13

xPaaS Topology

APRIL 2014

https://img.en25.com/Web/RedHat/JB_xPaaS_Tech_Overview_11454037_v3_0913cd_web.pdf

Enables specialization, layering, separated concerns, decoupling

inBloom, Inc. 14

Containers

APRIL 2014

inBloom, Inc. 15

Container Technologies (VEs)

• Warden (Cloud Foundry) https://github.com/cloudfoundry/warden

• Docker (from dotCloud, cloudlets) https://www.docker.io/

• Google LMCTFY (let me contain that for you) https://github.com/google/lmctfy december, 2013

• OpenVZ

APRIL 2014

inBloom, Inc. 16

Virtual Environment (Container)vs. Virtual Machine

APRIL 2014

http://www.slideshare.net/dotCloud/docker-intro-november

inBloom, Inc. 17

Docker (per Wikipedia) (1/2)

Docker:• Automates the deployment of applications inside

software containers.• Extends Linux Containers (LXC) with a high-level API to

provide a lightweight virtualization solution that runs processes in isolation.

• Utilizes LXC, cgroups, and the kernel itself – • Unlike traditional virtual machines it does not include a

separate operating system. • Kernel provides resource isolation (CPU, memory, block

I/O, network, etc.) and separate namespaces to completely isolate application's view of the operating environment.

APRIL 2014

inBloom, Inc. 18

Docker (per Wikipedia) (2/2)

Docker containers can be used to extend distributed systems so they run autonomously on a single physical machine, or with a single instance per node.

Enables nodes to be deployed as resources are available to provide a seamless platform as a service (PaaS) – style deployment for systems like Apache Cassandra, Riak and related distributed systems.’

Integrates with Chef, Puppet, Vagrant, Nova, etc.

APRIL 2014

inBloom, Inc. 19

More

Docker is a micro container framework for PaaS• https://www.docker.io/learn_more/• Open-source• Easier scalability• Lightweight, portable, insulated containers • Reusable from dev (“local cloud”) through

production • Can run at scale on VMs, bare metal, cloud;

virtually anywhere• Encapsulate any payload (application)• Run consistently on and between virtually any

serverAPRIL 2014

inBloom, Inc. 20APRIL 2014

http://www.slideshare.net/dotCloud/docker-intro-november

inBloom, Inc. 21

How it Works

• Docker builds on lxc which offers system-level virtualization and has existed since linux 2.6.32 (December, 2009) – but prefer kernel 3.8+

• Docker has three parts docker daemon runs as root to manage containers docker containers spawn from images, which are tiny and can be versioned docker repository allows images to be exchanged and versioned like code

(public or private) • Each container has its own ip address• Link exposed ports and variables across containers through configuration using

abassador containers to avoid hard coding (svendowideit): consumer redis-ambassador redis

• Port and pipework to expose containers outside host• Can share volumes, multi home, integrate containers into host network, and

much more (ajug)• Continuous integration can generate versioned docker images, web hooks, repo

notifications• Supervisor management tool to manage processes within container (

http://supervisord.org/introduction.html)

APRIL 2014

inBloom, Inc. 22

Docker Uses

• Common use cases: Automate application packaging and deployment Lightweight PaaS environments Automate testing, continuous integration, and

deployment Deploy and scale web apps, databases, backend

services• Growing adoption since dec 2013

• Red Hat fast-tracks Docker apps for enterprise Linux http://www.infoworld.com/t/application-virtualization

/red-hat-fast-tracks-docker-apps-enterprise-linux-238122

• Production ready deployment planned for December, 2014. Support services planned for early 2015APRIL 2014

inBloom, Inc. 23

Reusable Containers and Cook Books

APRIL 2014

http://www.slideshare.net/dotCloud/docker-intro-november

A Docker container image may already exist

inBloom, Inc. 24

Docker Basics

APRIL 2014

http://www.slideshare.net/dotCloud/docker-intro-november

Artifactory for virtualization images?

inBloom, Inc. 25

Docker Images

• The basic building block of a Docker container • Analogous to a slice of a VM image, containing

application code or binaries, as well as the execution environment and dependencies

• Images may be built atop each other• An image contains only the incremental changes

required to transform its base image to the state required by the image

• May contain metadata, such as how to run what is inside the image, expose ports, etc

• Acts as an instantiable container template

APRIL 2014

inBloom, Inc. 26

Docker Containers

• The result of starting a running process from an image and its dependencies

• Represent a single process or service• Intra-container communication via sockets

(Docker links). Containers can talk to each other.

• Familiar lifecycle: started, stopped, or kill• Can create images from previously run

containers, to persist changes made while container was executing

APRIL 2014

inBloom, Inc. 27

New in Docker 0.9

• Execution driver API Customize execution environment around container;

enables use of other isolation tools• Built in execution container – libcontainer

Alongside LXC, boosts stability, insulates Docker from different versions of LXC

APRIL 2014

inBloom, Inc. 28

But...we have Chef (or <other>)...

(Do not upset Dev Ops, ever...)

APRIL 2014

inBloom, Inc. 29

Step Away from the Ledge...

APRIL 2014

Image from the movie “The Lair of Filth” – no pun intended...

inBloom, Inc. 30

Chef & Docker

• Docker is new and not ready for Production (yet)• Docker is for light Virtual Images• Chef for Virtual Machines• Chef is tried and true• Chef proven for provisioning VMs or changes to

existing machines (small or complex)• Chef and Docker can be used together

Example: The Deis framework scales Chef nodes and Docker containers. But both are new.

Several other options including Tsuru (open source PaaS)

• Docker useful to encapsulate applications or services

APRIL 2014

inBloom, Inc. 31

“The Docker Book”

Not yet released, but available for pre-orderhttp://www.dockerbook.com/

1. Introduction to Docker2. Installing Docker3. Getting started with Docker4. Working with Docker images and repositories5. Testing with Docker6. Building services with Docker7. Using the Docker API8. Extending Docker

Also usefulhttp://kencochrane.net/blog/2013/08/the-docker-guidebook/

APRIL 2014

inBloom, Inc. 32APRIL 2014

Docker Deep Dive

inBloom, Inc. 33APRIL 2014

inBloom, Inc. 34

Create Local Environment

APRIL 2014

inBloom, Inc. 35

Install Prerequisites

• Talk will focus on VM which fits more deployment scenarios• Install VirtualBox (4.3.x)

https://www.virtualbox.org/ Download and install into Host OS

• Github repo for demo https://github.com/inbloom/AJUG-2014-04-15-docker.git

• Install Vagrant (1.5.x) – used for this talk http://www.vagrantup.com/ Download and install into Host OS Available Boxes: http://www.vagrantbox.es/

APRIL 2014

inBloom, Inc. 36

Running Docker

APRIL 2014

Common use case is to run within a VM Optional if host OS is Linux (e.g. Ubuntu) Benefit: A configured VM can be exported OS X users can try boot2docker

• “lighter” than VM, uses tiny core linux (24 Mb)• brew install boot2docker• https://github.com/boot2docker/boot2docker/• Has limitations so not used in this talk (better for

PoCs)• https://github.com/boot2docker/boot2docker/blob/

master/README.md

inBloom, Inc. 37

Create an Account with the Docker Index

https://index.docker.io/account/signup/ Sure looks like Maven Central. Versioned containers.

From a host with Docker installed:

$ docker loginUsername (): myusernamePassword:Email (): myusername@example.comLogin Succeeded

credentials are stored after login~/.dockercfg /var/lib/docker/.dockercfg

APRIL 2014

inBloom, Inc. 38

Search the Index

APRIL 2014

Search the Docker Index for images to reuse. (You may find places to contribute back images to the open source public repository.)

inBloom, Inc. 39

Command Line Search

APRIL 2014

Use search and be curious, for example, what has the founder of Docker pushed? You can download containers to reuse or examine contents for ideas.

inBloom, Inc. 40

Pull an Image

APRIL 2014

The index figures out the details.

Can also push images, etc.

inBloom, Inc. 41

Create a Private Repo

https://github.com/dotcloud/docker-registry 

git clone https://github.com/dotcloud/docker-registry.git

cd docker-registry

cp config_sample.yml config.yml

pip install -r requirements.txt

gunicorn --access-logfile - --log-level debug --debug -b 0.0.0.0:5000 -w 1 wsgi:application

APRIL 2014

inBloom, Inc. 42

Configure Private Repo

https://github.com/dotcloud/docker-registry/blob/master/README.mdhttp://blog.docker.io/2013/07/how-to-use-your-own-registry/

cp config/config_sample.yml config/config.yml

Example config:prod: loglevel: warn storage: s3 s3_access_key: _env:AWS_S3_ACCESS_KEY s3_secret_key: _env:AWS_S3_SECRET_KEY s3_bucket: _env:AWS_S3_BUCKET storage_path: /srv/docker smtp_host: localhost from_addr: docker@myself.com to_addr: my@myself.com

APRIL 2014

inBloom, Inc. 43

Pull from Public Push to Private Repo

# First, make sure you have the "ubuntu" repository:docker pull ubuntu

# Find the image id that corresponds to the ubuntu repositorydocker images | grep ubuntu | grep latest

ubuntu latest 8dbd9e392a96 12 weeks ago 263 MB (virtual 263 MB)

# Tag to create a repository with the full registry location.# The location becomes a permanent part of the repository name.docker tag 8dbd9e392a96 localhost.localdomain:5000/ubuntu

# Finally, push the new repository to its home location.docker push localhost.localdomain:5000/ubuntu

APRIL 2014

inBloom, Inc. 44

Dockerfiles

• Dockerfiles are used to build containers by scripting actions to make up each layer of an image

• Not as powerful as traditional configuration management software

• For example, in discrete steps you can instruct Docker to build an image by taking a default Ubuntu image, apt-get installing several dependencies, and then adding your application code. Each Dockerfile command creates a new image layer, and clever structuring of the commands will allow them to becached and re-used.

APRIL 2014

inBloom, Inc. 45

Anatomy of a Dockerfile (1/2)

https://www.docker.io/learn/dockerfile/level1/

# Always comment your codeFROM ubuntuMAINTAINER Uncle Sam, uncle.sam@irs.govRUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.listRUN apt-get updateRUN apt-get install -y memcached

The first line in a Dockerfile is FROM, which defines the base image (e.g. obtained via a docker search).

RUN instructions execute any command against the current image and commits. Commands can be layered to conform to version control paradigms.

APRIL 2014

inBloom, Inc. 46

Anatomy of a Dockerfile (2/2)

https://www.docker.io/learn/dockerfile/level2/

The ENTRYPOINT instruction triggers a command when the container starts# Launch memcached when launching the containerENTRYPOINT ["memcached", "-u", "daemon"]

May want ENTRYPOINT instructions to run as user other than root.ENTRYPOINT ["memcached"]USER daemon

The EXPOSE instruction exposes a port outside the containerEXPOSE 11211

APRIL 2014

inBloom, Inc. 47

Building an Image from a Dockerfile

If Dockerfile is in current directorydocker build .

From stdindocker build - < Dockerfile

From githubdocker build github.com/creack/docker-firefox

Then, do a “docker images” to viewREPOSITORY TAG ID CREATED SIZEubuntu 12.04 8dbd9e392a96 4 months ago 131.5 MB (virtual 131.5 MB)<none> <none> 1dcfa24c8ca6 About a minute ago 52.27 MB (virtual 183.8 MB)

APRIL 2014

inBloom, Inc. 48

Name the New Image

The new image lacks a name, so give it one

docker tag 1dcfa24c8ca6 memcached

Using the –t with build removes the added step

docker build -t memcached .

APRIL 2014

inBloom, Inc. 49

Create VM

clone git repo for this talk (OS X example)$ cd ~/Projects$ git clone git://github.com/inbloom/AJUG-2014-04-15-docker.git$ cd AJUG-2014-04-15-docker/01_create_env

Create VM using provided Vagrantfile Preconfigured to setup Docker Vagrant’s Docker Provisioner is your friend

• http://docs.vagrantup.com/v2/provisioning/docker.html http://blog.phusion.nl/2013/11/08/docker-friendly-vagrant-boxe

s/

$ vagrant up$ vagrant ssh

APRIL 2014

inBloom, Inc. 50

Vagrantfile (1/2)

# -*- mode: ruby -*-# vi: set ft=ruby :

# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "phusion-open-ubuntu-12.04-amd64" config.vm.box_url = "https://oss-binaries.phusionpassenger.com/vagrant/boxes/ubuntu-12.04.3-amd64-vbox.box"

config.vm.box_check_update = true config.vm.provider "virtualbox" do |v| v.name = "docker1" v.memory = 8192 v.cpus = 4 endAPRIL 2014

inBloom, Inc. 51

Vagrantfile (2/2)

if Dir.glob("#{File.dirname(__FILE__)}/.vagrant/machines/default/*/id").empty?

# Install Docker pkg_cmd = "wget -q -O - https://get.docker.io/gpg | apt-key add -;" \ "echo deb http://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list;" \ "apt-get update -qq; apt-get install -q -y --force-yes lxc-docker; ”

# Add vagrant user to the docker group pkg_cmd << "usermod -a -G docker vagrant; ”

config.vm.provision :shell, :inline => pkg_cmd end

end

Vagrant.configure("2") do |config| for i in 8000..9000 config.vm.network "forwarded_port", guest: i, host: i endendAPRIL 2014

inBloom, Inc. 52

Using Vagrant

APRIL 2014

inBloom, Inc. 53

Vagrant CLI (1/4)

A brief overview of Vagrant commands; not intended to replace other Production tools.

Usage$ vagrant [options] <command> [<args>] -v, --version Print the version and exit. -h, --help Print this help.

APRIL 2014

inBloom, Inc. 54

Vagrant CLI (2/4)

Common commands

box manages boxes: installation, removal, etc. connect connect to a remotely shared Vagrant environment destroy stops and deletes all traces of the vagrant machine halt stops the vagrant machine help shows the help for a subcommand init initializes a new Vagrant environment by creating a Vagrantfile login log in to Vagrant Cloud package packages a running vagrant environment into a box plugin manages plugins: install, uninstall, update, etc. provision provisions the vagrant machine reload restarts vagrant machine, loads new Vagrantfile configuration resume resume a suspended vagrant machine share share your Vagrant environment with anyone in the world ssh connects to machine via SSH ssh-config outputs OpenSSH valid configuration to connect to the machine status outputs status of the vagrant machine suspend suspends the machine up starts and provisions the vagrant environment

APRIL 2014

inBloom, Inc. 55

Vagrant CLI (3/4)

For help on any individual command vagrant <command> -h

Or to see subcommand featuresvagrant box <subcommand> -h

To see all subcommandsvagrant list-commands

APRIL 2014

inBloom, Inc. 56

Vagrant CLI (4/4)

$ vagrant package –h

Usage: vagrant package [options] [name]

Options:--base NAME Name of a VM in virtualbox to package as a base box--output NAME Name of the file to output--include FILE... Additional files to package with the box--vagrantfile FILE Vagrantfile to package with the box-h, --help Print this help

APRIL 2014

inBloom, Inc. 57

Vagrant Plugins

vagrant plugin install --plugin-source https://rubygems.org --plugin-prerelease vagrant-vbguestvagrant

vagrant plugin install vagrant-winnfsd

APRIL 2014

inBloom, Inc. 58

Export a Vagrant Box

Once your VM is setup and configured, you can create an image from it$ vagrant package --base my_base_box

To export a Vagrant box$ vagrant box add my_box package.box$ mkdir test_environment$ cd test_environment$ vagrant init my_box$ vagrant up$ vagrant ssh

APRIL 2014

inBloom, Inc. 59

Install Docker

whale you be my container?

APRIL 2014

inBloom, Inc. 60

Installation

It already is...

(starting with a “bare” base box may required more effort to setup the OS, install components)

APRIL 2014

inBloom, Inc. 61

Verify the Installation

vagrant@ubuntu-12:/vagrant$ docker infoContainers: 0Images: 0Storage Driver: aufs Root Dir: /var/lib/docker/aufs Dirs: 0Execution Driver: native-0.1Kernel Version: 3.8.0-35-generic

vagrant@ubuntu-12:/vagrant$ docker pull busybox

vagrant@ubuntu-12:/vagrant$ docker infoContainers: 0Images: 4

APRIL 2014

inBloom, Inc. 62

Testing Docker

Hello Worldhttp://docs.docker.io/en/latest/examples/hello_world/

vagrant@ubuntu-12:/vagrant$ sudo docker pull busybox

docker run busybox /bin/echo hello world

C1=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done”)

docker ps list

docker logs `C1`

APRIL 2014

inBloom, Inc. 63

Docker Container Lifecycle

docker run creates a container.docker stop stops it.docker start will start it again.docker restart restarts a container.docker rm deletes a container.docker kill sends a SIGKILL to a container. Has issues.

docker attach will connect to a running container.

docker wait blocks until container stops.

APRIL 2014

inBloom, Inc. 64

Container Info

Infodocker ps shows running containers.docker inspect looks at all the info on a container (including IP address).docker logs gets logs from container.docker events gets events from container.docker port shows public facing port of container.docker top shows running processes in container.docker diff shows changed files in the container's FS.

Import / ExportNo easy way to use Docker to import files into a container filesystem • Could use something like Cargo within a container to push in artifacts

docker cp copies files or folders out of container filesystemdocker export creates tarball from container filesystem

APRIL 2014

inBloom, Inc. 65

Docker Image Lifecycle

docker images shows all images

docker import creates an image from a tarball

docker build creates image from Dockerfile

docker commit creates image from a container

docker rmi removes an image

docker insert inserts a file from URL into image. (kind of odd, you'd think images would be immutable after create)

docker load loads an image from a tar archive as STDIN, including images and tags (as of 0.7)

docker save saves an image to a tar archive stream to STDOUT with all parent layers, tags & versions (as of 0.7)APRIL 2014

inBloom, Inc. 66

15 Docker Tips

http://www.centurylinklabs.com/15-quick-docker-tips

APRIL 2014

inBloom, Inc. 67

Graphical Interfaces for Docker

APRIL 2014

inBloom, Inc. 68

Two main options for a graphical UI to manage Docker

Shipyard• https://github.com/shipyard/shipyard/wiki/

QuickStart DockerUI

• https://github.com/crosbymichael/dockerui

Shipyard allows containers to be managed, linked, and inspected via a UI

APRIL 2014

inBloom, Inc. 69

Shipyard

APRIL 2014

inBloom, Inc. 70

Shipyard features

• Multiple host support• Create / Delete containers• View Images• Build Images (via uploaded Dockerfile or URL)• Import repositories• Private containers• Container metadata (description, etc.)• Applications: bind containers to applications that are setup

with hipache• Attach container (terminal emulation in the browser)• Container recovery (mark container as "protected" and it

will auto-restart upon fail/destroy/stop)• RESTful API

APRIL 2014

inBloom, Inc. 71

Shipyard (1/2)

1 line to install within a docker host:

docker run -i -t -v /var/run/docker.sock:/docker.sock shipyard/deploy setup

Shipyard Stack Deployed

You should be able to login with http://<docker-host-ip>:8000admin:shipyard

APRIL 2014

inBloom, Inc. 72

Shipyard (2/2)

Within each container to shipyard manage you will also need to setup and register the Shipyard Agent. See http://github.com/shipyard/shipyard-agent for details.

Download to the host:sudo curl https://github.com/shipyard/shipyard-agent/releases/download/v0.2.5/shipyard-agent -L -o /usr/local/bin/shipyard-agent

sudo chmod +x /usr/local/bin/shipyard-agent

Register the host:./shipyard-agent -url http://myshipyardhost:shipyardport -register

vagrant@ubuntu-12:/usr/local/bin$ ./shipyard-agent -url http://0.0.0.0:8000 -register2014/04/14 02:27:48 Using 10.0.2.15 for the Docker Host IP for Shipyard2014/04/14 02:27:48 If this is not correct or you want to use a different IP, please update the host in Shipyard2014/04/14 02:27:48 Registering at http://0.0.0.0:80002014/04/14 02:27:48 Agent Key: 597d7d4db3d44daca47ff114e48144d2

Register a host with the shipyard deployment.

shipyard-agent -url http://my-shipyard-host:port -key 597d7d4db3d44daca47ff114e48144d2

APRIL 2014

inBloom, Inc. 73APRIL 2014

Containers

inBloom, Inc. 74APRIL 2014

Container (Redis)

inBloom, Inc. 75APRIL 2014

Container (Redis logs)

inBloom, Inc. 76APRIL 2014

Images

inBloom, Inc. 77APRIL 2014

Applications

inBloom, Inc. 78APRIL 2014

Container Console

inBloom, Inc. 79

Two Container Example

APRIL 2014

inBloom, Inc. 80

Linking Containers

Links allow containers to communicate through TCP/IP ports.

Suppose we start a container that exposes port 1337

docker run -name CONTAINER

docker run -d -link CONTAINER:ALIAS -name LINKED user/wordpress

Exposed ports and aliases of parent will show up in child container

$ALIAS_PORT_1337_TCP_PORT$ALIAS_PORT_1337_TCP_ADDR

More robust example (many more can be found via Googling)http://blogs.atlassian.com/2013/11/docker-all-the-things-at-atlassian-automation-and-wiring/

APRIL 2014

inBloom, Inc. 81

About Ambassador Containers

Encourage portability by avoiding hardcoding and linking via an ambassador.(consumer) -> (redis-ambassador) --network--> (redis-ambassador) -> (redis)

• Avoids restarting a consumer to attach to a different service

• Restart the client ambassador container that the consumer is connected to, to rewire a consumer to talk to a different service

• This pattern allows a transparent transition to to a different docker host for a consumer

http://docs.docker.io/en/latest/use/ambassador_pattern_linking/

APRIL 2014

inBloom, Inc. 82

Ambassador Container Linking

- Host A: Startup Redisbig-server $ docker run -d --name redis crosbymichael/redis

- Host A: Add ambassador linked to Redisbig-server $ docker run -d --link redis:redis --name redis_ambassador -p 6379:6379 svendowideit/ambassador

- Host B: Add ambassador that sets envclient-server $ docker run -d --name redis_ambassador --expose 6379 -e REDIS_PORT_6379_TCP=tcp://192.168.1.52:6379 svendowideit/ambassador

- Host B: Use Redis client container to talk to remote serverclient-server $ docker run -i -t --rm --link redis_ambassador:redis relateiq/redis-cliredis 172.17.0.160:6379> pingPONGAPRIL 2014

inBloom, Inc. 83

Advanced Docker

APRIL 2014

inBloom, Inc. 84

Load Balanced

APRIL 2014

http://mdavey.wordpress.com/2014/01/07/devops-docker/

inBloom, Inc. 85

Distributed Producer-Consumer

APRIL 2014

http://www.appneta.com/blog/automated-testing-with-docker/

inBloom, Inc. 86

Docker and Open vSwitch (1/2)

• Docker and Open vSwitch for container isolation with VLANs between 2 hosts running Open vSwitch

• Containers 1 & 3 are on VLAN 10 whereas containers 2 & 4 are on VLAN 20 1 & 3 can ping each other but cannot ping 2 or 4

• 4 bridges, 10 interfaces, 2 VLANs, 1 GRE tunnel and 4 containers.

• Starts in 1 second...

• Source (with code and cook book): http://fbevmware.blogspot.com/2013/12/coupling-docker-and-open-vswitch.html

APRIL 2014

inBloom, Inc. 87

Docker and Open vSwitch (1/2)

APRIL 2014

inBloom, Inc. 88

PaaS Frameworks

• Deus• CoreOS• Flynn

APRIL 2014

inBloom, Inc. 89

Flynn uses etcd

A highly-available key value store for shared configuration and service discovery.

etcd is an open-source distributed key value store that provides the backbone of CoreOS clusters and the etcd client runs on each machine in a cluster. etcd gracefully handles master election during network partitions and the loss of the current master.

Your applications can read and write data into etcd. Common examples are storing database connection details, cache settings, feature flags, and more.

Features• Simple, curl-able API (HTTP + JSON)• Optional SSL client cert authentication• Benchmarked 1000s of writes/s per instance• Properly distributed using Raft protocol• Keys support TTL• Atomic test and set• Easily listen for changes to a prefix via HTTP long-polling

https://coreos.com/using-coreos/etcd/

APRIL 2014

inBloom, Inc. 90APRIL 2014

inBloom, Inc. 91

Flynn uses Systemd

CoreOS uses systemd as the core of its distributed init system, fleet.

Systemd is well supported in many Linux distros, making it familiar to most engineers. Every aspect of CoreOS is deeply integrated with systemd.• PerformanceSystemd boots extremely fast, with our goal to keep it under

1s.• JournalSystemd's logging journal has modern features such as JSON export,

forward sealing, and indexing for fast querying.• Socket ActivationWhile this might be a bit of a throw back to the inetd

days, we think socket activation is particularly useful for inter-service dependency management.

Systemd has an extremely rich syntax that can describe the attributes of a particular service. Your services can express hard or soft dependencies, the order of launch relative to those dependencies, and identify conflicting services.

Docker containers are much easier to manage when you can specify whether they automatically restart per container and customize the timing for restarting.

APRIL 2014

inBloom, Inc. 92

Flynn uses Discoverd

A simple but powerful service discovery system written in Go. Backed by etcd, but can be extended to use ZooKeeper or other distributed consistent stores.

Discoverd lets your services find each other in a constantly changing environment. With discoverd and a client you can:• Register a service as online• Locate online instances of a service• Get notified when instances of a service change• Determine a "leader" for any set of services

There are three pieces to the discoverd system:• discoverd itself• Client library and API• Backend store (etcd, Zookeeper, etc)

APRIL 2014

inBloom, Inc. 93

questions

APRIL 2014

inBloom, Inc. 94

references

APRIL 2014

inBloom, Inc. 95

reference material

https://www.docker.io/http://deis.io/overview/http://cjlarose.com/2014/03/08/run-docker-with-vagrant.html

http://www.vagrantup.com/http://blog.docker.io/2014/04/docker-0-10-quality-and-ops-tooling/http://docs.docker.io/en/latest/examples/hello_world/#running-exampleshttp://mesosphere.io/2013/09/26/docker-on-mesos/https://medium.com/devops-programming/7f5fd023158f

http://docs-v1.vagrantup.com/v1/docs/base_boxes.htmlhttp://docs.docker.io/en/latest/installation/ubuntulinux/https://phunehehe.net/docker-vs-chef-vagrant/http://www.centurylinklabs.com/top-10-startups-built-on-docker/http://www.slideshare.net/julienbarbier42/building-a-saas-using-dockerhttp://coreos.com/blog/docker-dynamic-ambassador-powered-by-etcd/https://github.com/shipyard/shipyard-agenthttp://blog.docker.io/http://blog.relateiq.com/why-docker-why-not-chef/

http://www.dockerbook.com/http://www.centurylinklabs.com/building-complex-apps-for-docker-on-coreos-and-fig/http://txt.fliglio.com/2013/12/service-discovery-with-docker-docker-links-and-beyond/http://www.centurylinklabs.com/auto-loadbalancing-with-fig-haproxy-and-serf/http://www.centurylinklabs.com/build-a-2-container-app-with-docker/http://sysadvent.blogspot.com/2013/12/day-13-controlling-cluster-of-servers.htmlhttp://txt.fliglio.com/2013/12/service-discovery-with-docker-docker-links-and-beyond/

APRIL 2014