VAGRANT/DOCKER INTROBUILDING VMS EFFICIENTLY WITH VAGRANT

STEPPING INTO THE CONTAINER WORLD WITH DOCKERCreated by / @zepag @XwaldRob

VAGRANT

WHAT IS IT?

A tool to build VMs based on boxes (ISOs)

Used to be as close as possible to Prod

Initially build for VirtualBox and extended

Written in Ruby

Free (VirtualBox) | Pay (VMWare Fusion)

WHY SHOULD I CARE?Fast way to create a dedicated Dev environment

Pets vs Cattle: throw away VMs

It's much faster than creating a VM by hand and configuring it

HOW DO I INSTALL IT?Get VirtualBox

Download the Vagrant (Mac/Linux/Win)installer

Get a Box

HOW DO I ACCESS ITSERVICES

NAT

config.vm.network :forwarded_port, guest: 8080, host: 80

Private Network

config.vm.network "private_network", ip: "192.168.60.100"

Public Network

config.vm.network "public_network"

REMOTE CONNECTION

SSH/RDP

HOW DO I CUSTOMIZE IT?config.vm.provider "virtualbox" do |vb| # Display the VirtualBox GUI when booting the machine # vb.gui = # Customize the amount of memory on the VM: vb.cpus = 4 vb.memory = 4096 config.vm.hostname = "dockerbox"end

WHAT ABOUT CONFIGURATION MANAGEMENT?ALL MAJOR PROVISIONERS ARE SUPPORTED

shell

Chef

Puppet

Ansible

CFEngine

...

CREATE A SINGLE VMSHELL PROVISIONNING - PRIVATE NETWORK

> vagrant init chef/CentOS-7.0

Survival kit

uphaltsuspendresumereloadsshdestroy

CREATE A CLUSTER(1..$num_instances).each do |i| config.vm.define vm_name = "%s-%02d" % [$instance_name_prefix, i] do |config| config.vm.hostname = vm_name ... end config.vm.provider :virtualbox do |vb| vb.gui = vm_gui vb.memory = vm_memory vb.cpus = vm_cpus end

ip = "172.17.8.#{i+100}" config.vm.network :private_network, ip: ip [...]

end

DEMO: DOCKER VM

ANSIBLE PROVISIONING - PRIVATE NETWORK

---- hosts: all sudo: yes sudo_user: root tasks: - name: Download latest docker binary archive get_url: url: http://get.docker.io/builds/Linux/x86_64/docker-latest.tgz dest: /tmp [...]

DOCKER

WHAT IS IT?

Docker is an open platform for developers and sysadmins to

build, ship, and run distributed applications. Consisting of

Docker Engine, a portable, lightweight runtime and packaging

tool, and Docker Hub, a cloud service for sharing applications

and automating workflows, Docker enables apps to be

quickly assembled from components and eliminates the

friction between development, QA, and production

environments. As a result, IT can ship faster and run the same

app, unchanged, on laptops, data center VMs, and any cloud.

( )docker.com

SOLOMON HYKES, DOCKER’S FOUNDER & CTO, GIVES AN OVERVIEW OF DOCKER IN THIS SHORT VIDEO(7:16).

CONTAINERS?

RUNNING CONTAINERS EVERYWHERE!The underlying technology is mature (cgroups, namespaces,

copy-on-write systems)

Ability to run on any Linux server today: physical, virtual, VM,

cloud, OpenStack...

Ability to switch easily from one host to the other

Self contained environment = no dependency hell

WHAT'S IN IT FOR DEVS AND OPS?if you catch my drift ;-)

DEVS WORRY ABOUT

code

libraries

apps

data

all linux servers look the same

OPS WORRY ABOUT

logging

file system

monitoring

networking

all containers start, stop, copy, attach, etc ... the same way

THAT WAS THE ...... DON'T BURST MY BUBBLE MOMENT

MODERN SOFTWARE FACTORYTHE SAME CONTAINER CAN GO FROM DEV, TO TEST, TO QA, TO PROD

DOCKER ARCHITECTUREThe Docker daemon

Receives and processes incoming Docker API requests

The Docker clientCommand line tool - the docker binary

Talks to the Docker daemon via the Docker API

Docker Hub RegistryPublic image registry

The Docker daemon talks to it via the registry API

TRY IT!

RUNNING DOCKER

Linuxnative

OS X & Windowsvia a virtual machine

to get Docker installedAll you needUbuntu, Mac OS X, Windows, AWS ec2, Arch Linux, CentOS, Crux Linux, Debian, Fedora, Frugalware,

GCE, Gentoo, IBM Softlayer, Joyent Compute Service, Microsoft Azure, Rackspace Cloud, RHEL,Oracle Linux, Suse

THE "HELLO, WORLD" CONTAINERWe used one of the smallest, simplest images available: busybox

Busybox is typically used in embedded systems like routers, stripped down linux distros, ...

We ran a single process and echo'ed hello world

> docker run busybox echo "Hello World"

Hello, World

BARE-BONES UBUNTU ON CENTOS

Runs bash in a stripped ubuntu system on CentOS

> docker run -it ubuntu bashroot@6489e6302513:/# dpkg -l | wc -l189root@6489e6302513:/# ps -efUID PID PPID C STIME TTY TIME CMDroot 1 0 0 07:27 ? 00:00:00 bashroot 18 1 0 07:28 ? 00:00:00 ps -efroot@6489e6302513:/#

BACKGROUND CONTAINERS

A container that runs forever

A container running in the background

Listing runing containers

Show container logs (tailing)

Stop/Kill containers

Restart/Attach to a container

SO WHAT IS AN IMAGE?

DIFFERENCE BETWEEN CONTAINERS AND

IMAGES

An image is a read-only FS

A container is an encapsulated set of processes in a read-write copy of that FS

docker run starts a container from an image

OOP ANALOGY

Images are conceptually similar to classes

Layers are conceptually similar to inheritance

Containers are conceptually similar to instances

HOW DO WE MODIFY IMAGES THEN?We don't

We create a new container from that image

We make changes to that container

When done, we transform them into a new layer

A new image is created by staking the new layer on top of theold one

IMAGE NAMESPACESRoot: centos

User (Docker Hub): bob/infinity

Self-Hosted: registry.example.com:5000/a-private-image

BUILDING IMAGES INTERACTIVELYdocker commit

docker tag

docker diff

BUILDING IMAGES WITH A DOCKERFILEDockerfile

FROM centosENV REFRESHED_AT 2015-06-11RUN yum -y install wget

Run

docker build -t "bob/myimage" .

INSPECTING CONTAINERSdocker inspect presentation_pres_1 J '.[].Volumes'

If you want to parse JSON from the shell, use JQ

--format

docker inspect --format '{{ json .Created }}' presentation_pres_1

NETWORKING BASICS

All based on port mapping private addresses (because of IPV4)

-P --publish-all: will publish all exposed ports-p host:guest: manual allocation

SO LET'S DO SOMETHING INTERESTINGCROSS COMPILING A GO APP

We'll download

We'll compile and run your app

We'll cross compile it for linux, windows and OS X

golang images

WORKING WITH VOLUMESBypassing the copy-on-write system to obtain native disk I/O

performance

Bypassing copy-on-write to leave some files out of docker

commit

Sharing a directory between multiple containers

Sharing a directory between the host and a container

Sharing a single file between the host and a container

VOLUMES

IN A COMMAND

docker run -d -v /var/lib/postgresql postgresql

IN A DOCKERFILE

Volume /var/lib/postgresql

Volumes

same performance an host I/O

content is not included into a resulting image

content can not be changed in a Dockerfile

can be shared across containers

exist independently of containers

USE CASESYou want to decide on your FS strategy (LVM, ZFS, BtrFS, ...)

You have a separate disk with better performance (SSD) orresiliency (EBS) than the system disk, and you want to put

important data on that disk

You want to share a directory on your host with the container

What happens when you remove containers?

one container reference, last container orphan,/var/lib/docker

LINKING CONTAINERS

USING NAMES AND LINKS TO COMMUNICATE ACROSS CONTAINERS

Benefitcontainer isolation

Drawbackoperationally challenging (ambassadors, overlaynetwork)

Wordpress: 2 containers linked

DOCKER COMPOSE"BIG ASS" COMMANDS CAN BE REDUCED TO NOTHING

wordpress:

image: wordpress

links:

- db:mysql

ports:

- 8080:80

db:

image: mysql

environment:

MYSQL_ROOT_PASSWORD: pass1234

DOCKER HUBhttps://hub.docker.com/

push/pull/auto build (Github)

public/private($)

finding images/security

SECURITYDo not expose the docker API!

And ... do not expose the docker API!

For good measue: do not expose the docker API!

If you do: TLS!!!

--privileged (full access) or --net host (sniff all traffic in andout of the host)

There is more to it: containers don't contain, default user isroot, use external tools (SELinux)

TIP OF THE ICEBERGNow that you know more about docker, there is docker machine that lets you create docker hosts on

VirtualBox, AWS ec2, Rackspace, ... There's docker Swarm that allows you to mange docker hostckusters, Fleet/etcd (CoreOS), Kubernetes (Google), Consul (Hashicorp), Mesos (Apache/Twitter), etc

... for orchestration.

You've seen the tip of the iceberg ;)

DOCKER MACHINECREATE A DOCKER HOST WITH ONE COMMAND

> dm create -d amazonec2 \ --amazonec2-access-key akey \ --amazonec2-instance-type t2.micro \ --amazonec2-region us-east-1 \ --amazonec2-secret-key asecretkey \ --amazonec2-vpc-id avpc\ dockerec2

> dm create -d virtualbox dev

TODO

DOCKER SWARM

NATIVE CLUSTERING SYSTEM

This presentation was done with using in a VM runnnig

revealjs DockerVagrant Centos 7

You can download the presentation and the demos on Github