Dockerize All The Things!

Chris Tankersley

@dragonmantank

SunshinePHP 2015

SunshinePHP 2015 1

Who Am I

• PHP Programmer for over 10 years

• Sysadmin/DevOps for around 8 years

• Using Linux for more than 15 years

• https://github.com/dragonmantank

SunshinePHP 2015 2

Docker

SunshinePHP 2015 3

What Is Docker?

“Docker is an open platform for developers and sysadmins to build, ship, and run distributed applications. Consisting of Docker Engine, a portable, lightweight runtime and packaging tool, and Docker Hub, a cloud service for sharing applications and automating workflows, Docker enables apps to be quickly assembled from components and eliminates the friction between development, QA, and production environments.”

SunshinePHP 2015 4

https://www.docker.com/whatisdocker/

What is it from a technical standpoint?

• Docker is a wrapper around Containers

• Docker Engine is the packaging portion that builds and runs the containers

• Docker Hub allows you to publish images for others to use

• Docker Machine is a bare-metal provisioning tool

• Docker Swarm is an load-balancing deployment tool

• Docker Compose is a multi-container build system

SunshinePHP 2015 5

Containers

SunshinePHP 2015 6

Normal Bare-Metal Server

SunshinePHP 2015 7

CPU RAM HD Network

Operating System

nginx PHP DB

Virtual Machines

SunshinePHP 2015 8

CPU RAM HD Network

Operating System

nginx PHP DB

Operating System

nginx PHP DB

Operating System

Hypervisor

Containers

SunshinePHP 2015 9

CPU RAM HD Network

Operating System

nginxnginx PHP DB PHP DB

Docker can use many different containers

• Since 0.9.0 it supports:• LXC (Linux Containers) – Started with LXC when it was released

• OpenVZ

• Systemd-nspawn

• libvert-sandbox

• Qemu/kvm

• BSD Jails

• Solaris Zones

• chroot

SunshinePHP 2015 10

Still regulated to Linux, BSD, and Solaris

• No native container drivers for OSX or Windows, as they don’t have their own container architecture

• Microsoft is helping with working on a Hyper-V container driver though

• I don’t think there is anything native planned for OSX

SunshinePHP 2015 11

Let’s use Docker

SunshinePHP 2015 12

Running a container

• `docker run` will run a container

• This will not restart an existing container, just create a new one

• docker run [options] IMAGE [command] [arguments]• [options ]modify the docker process for this container

• IMAGE is the image to use

• [command] is the command to run inside the container

• [arguments] are arguments for the command

SunshinePHP 2015 13

Running a simple shell

SunshinePHP 2015 14

Running Two Webservers

SunshinePHP 2015 15

Some Notes

• All three containers are 100% self contained

• Docker containers share common ancestors, but keep their own files

• `docker run` parameters:• --rm – Destroy a container once it exits

• -d – Run in the background (daemon mode)

• -i – Run in interactive mode

• --name – Give the container a name

• -p [local port]:[container port] – Forward the local port to the container port

SunshinePHP 2015 16

Volumes

SunshinePHP 2015 17

Modifying a running container

• `docker exec` can run a command inside of an existing container

• Use Volumes to share data

SunshinePHP 2015 18

Persistent Data with Volumes

• You can designate a volume with -v

• Volumes can be shared amongst containers

• Volumes can mount data from the host system

SunshinePHP 2015 19

Mounting from the host machine

SunshinePHP 2015 20

Mounting from the host isn’t perfect

• The container now has a window into your host machine

• Permissions can get screwy if you are modifying in the container• Most things it creates will be root by default, and you probably aren’t root on

the host machine

• Host-mounted volumes are not portable at all

SunshinePHP 2015 21

Container Data Volumes

• Uses a small container that does nothing but stores data

• Have our app containers use the data volume to store data

• Use ‘editor containers’ to go in and modify data when needed

SunshinePHP 2015 22

Mounting Data Volumes

SunshinePHP 2015 23

Why not run SSH inside of the container?

• Well, you can…

• Docker is designed for one command per container

• If you need to modify data, then you need to change your setup

• If you have to run SSH, then you need a way to run SSH and your command

SunshinePHP 2015 24

Why go through the hassle?

• Data volumes are portable

• Data volumes are safer

• Separates the app containers from data• Production can use a data volume, dev can use a host volume

• Our app containers stay small

SunshinePHP 2015 25

Network Linking

SunshinePHP 2015 26

Docker Links

• Allows containers to ‘see’ each other over the network

• Each container thinks the other one is just another machine

• Containers all have an internal network address, so we don’t need to expose everything through the host

SunshinePHP 2015 27

More Traditional Setup

SunshinePHP 2015 28

INTARWEBS Nginx PHP-FPM

Data Volume

Port 9000

Editor

Let’s Build It

SunshinePHP 2015 29

More Notes!

• We can now rebuild sections of the app as needed

• We can restart nginx without impacting PHP

• We can extend much easier

• Linked containers will not update if they are stopped/started• If we upgrade PHP, we have to destroy/create the web_server container again

SunshinePHP 2015 30

Creating your own Images

SunshinePHP 2015 31

Dockerfile

• Dockerfile is the configuration steps for an image

• Can be created from scratch, or based on another image

• Allows you to add files, create default volumes, ports, etc

• Can be used privately or pushed to Docker Hub

SunshinePHP 2015 32

FROM phusion/baseimage:0.9.10

# …

CMD ["/sbin/my_init"]

# Nginx-PHP Installation

RUN apt-get update

RUN apt-get install -y vim git curl wget build-essential python-software-properties\

php5-cli php5-fpm php5-mysql php5-pgsql php5-sqlite php5-curl\

php5-gd php5-mcrypt php5-intl php5-imap php5-tidy mysql-client

# …

RUN mkdir /var/www

ADD build/default /etc/nginx/sites-available/default

# …

EXPOSE 80 22

VOLUME /var/www

VOLUME /etc/nginx

VOLUME /etc/php/

VOLUME /var/log

RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

SunshinePHP 2015 33

Build it

docker build -t tag_name ./

• This runs through the Dockerfile and generates the image

• We can now use the tag name to run the image

SunshinePHP 2015 34

Other Helpful Commands

SunshinePHP 2015 35

Inspect a container

docker inspect [options] CONTAINER_NAME

• Returns a JSON string with data about the container

• Can also query• docker inspect -f “{{ .NetworkSettings.IPAddres }}” web_server

• Really handy for scripting out things like reverse proxies

SunshinePHP 2015 36

Work with images

• docker pull IMAGE – Pulls down an image before using

• docker images – Lists all the images that are downloaded

• docker rmi IMAGE – Deletes an image if it’s not being used

SunshinePHP 2015 37

Questions?

SunshinePHP 2015 38

http://ctankersley.comchris@ctankersley.com

@dragonmantank

https://joind.in/13464

SunshinePHP 2015 39