introduction to docker
DESCRIPTION
Docker overview, building blocks and short tutorial.TRANSCRIPT
Introduction to Introduction to dockerdocker
What will be in this talk
- Overview of docker features- Overview of docker building blocks- Comparison to other solutions- Quick docker tutorial- Dockerfile tips
What will not be in this talk
- Exploiting docker- Details of deploying docker infrastructure- Deep technical descriptions
Easy to learn
- Easy to learn- Easy to learn- Cool whale- Cool whale- Written in go- Written in go
But seriously?But seriously?
Architecture changes
http://martinfowler.com/articles/microservices/images/decentralised-data.png
Features - images
● Package every app in the same box (dependencies, working everywhere)
● Isolate things from each other● Standarized build procedure (Dockerfile)
ContainersContainers
Features - containers
● Managing containers– Running & stopping
– Inspect, logs, top, ps
– Save & load (from files)
– Diff & commit
● Mounting volumens– Share data
– Persistency
● Easy networking and linking containers
Works on Works on everyone'severyone's machinemachine
IsolationIsolation
PortabilityPortability
Features - workflow
● Docker deamon and cli● Docker hub and registry● Image versioning (pull, commit, pull, layers)
Docker building Docker building blocksblocks
How it's How it's cooked?cooked?
NamespacesNamespaces
http://blog.dotcloud.com/under-the-hood-linux-kernels-on-http://blog.dotcloud.com/under-the-hood-linux-kernels-on-dotcloud-partdotcloud-part
One of the overall goals of namespaces is to support the implementation of containers, a tool for lightweight virtualization.
Namespaces - GOAL
Wrap a particular global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource
Namespaces - HOW
Processes 'think' that they are the only processes on the system
Namespaces - Result
- pid
- numbering
- hierarchy
- cannot kill / ptrace in other namespaces
- net
- 20 apaches at 80
- mount
Namespaces - Examples
Control Control groupsgroups
http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-http://blog.dotcloud.com/kernel-secrets-from-the-paas-garage-part-24-cpart-24-c
Measure and limit resource usage for groups of
processes
Control groups
Docker vs VMDocker vs VM
Overhead
http://www.zdnet.com/what-is-docker-and-why-is-it-so-darn-popular-7000032269/
LightweightLightweightAndAndfastfast
Sharing OSSharing OS
Higher densityHigher density
Not really a VMNot really a VM
Why docker? Why docker? Why not lxc?Why not lxc?
Why docker? Why docker? Why not lxc?Why not lxc?
Why docker? Why docker? Why not lxc?Why not lxc?
Why docker? Why docker? Why not lxc?Why not lxc?
http://stackoverflow.com/questions/17989306/what-does-docker-add-to-just-plain-lxc
Docker tutorialDocker tutorial
Pull it!Pull it!$ docker pull busybox
● Search docker registry for repository of given name
● Downloads the repository
● Pulls only changes next time
Pull it!Pull it!$ docker pull busybox
● Search docker registry for repository of given name
● Downloads the repository
● Pulls only changes next time
Pull it!Pull it!$ docker pull busybox
● Search docker registry for repository of given name
● Downloads the repository
● Pulls only changes next time
Run it!Run it!$ docker run busybox:ubuntu-14.04 echo "hello"
● Make sure that image is available (downloads if not found)
● Create a container● Run a command
Run it!Run it!$ docker run -it busybox:ubuntu-14.04 sh
● -it → makes container interactive
● Create a container● Give you a shell
access
More complicated example
● Run redis in a container
● Run it as a deamon
● Bind it to network● Make storage
persistent
Run it!Run it!$ docker run -d -v /var/docker/redis:/data -p 6379:6379 --name=redis dockerfile/redis
● -d → launch as deamon
● -v /var/docker/redis:/data → mount directories
● -p 6379:6379 → forward ports
Run it!Run it!$ docker run -d -v /var/docker/redis:/data -p 6379:6379 --name=redis dockerfile/redis
● -d → launch as deamon
● -v /var/docker/redis:/data → mount directories
● -p 6379:6379 → forward ports
Run it!Run it!$ docker run -d -v /var/docker/redis:/data -p 6379:6379 --name=redis dockerfile/redis
● -d → launch as deamon
● -v /var/docker/redis:/data → mount directories
● -p 6379:6379 → forward ports
Watch it!Watch it!
$ docker ps
Prints out information about docker containers
Watch it!Watch it!
$ docker ps -a
Prints out information about all docker containers:
● Running● Exited
Watch it!Watch it!
$ docker logs -t --follow romantic_enstein
Get logs from stdin/stdout of container
● -t → show timestamp● --follow → similar to
tail -f
Watch it!Watch it!
$ docker inspect romantic_enstein
Get info about container
● Environment variables
● Ports● Links
Enter Enter inside!inside!
- nsenter
- ssh
● nsenter uses namespaces
● Ssh needs ssh server inside
Tidy upTidy up- docker rm <container_id>
- docker rmi <image_id>
● Docker images use lots of space
● Docker images can clog all your available space on server (no more pulling from registry)
Tidy upTidy up$ docker ps -a | grep 'Exited' | awk '{print $1}' | xargs docker rm
● Get ids of exited containers● Remove containers with given ids
Repository Repository workflowworkflow● docker diff <container_id>● docker commit
<contaner_id> attero/stuff:my-tag
● Versioning!● Tags● Multiple versions● Push & pull
What we learned so farWhat we learned so far
Repository workflow– Pull
– Commit
– Push
Tidying up after containers– Rm
– Rmi
Monitoring– Ps
– Logs
– Inspect
– Top
Running containers– Interactive
– Deamon
– Mounting
– Forwarding
Containers are nice
How about automation?
DOCKERFILE
DOCKERFILE
- Version control- Automation- Portability
DOCKERFILE
FROM ubuntu
MAINTAINER [email protected]
# Install tmuxRUN \ apt-get update && apt-get install tmux
RUN mkdir /home/hello
# Define working directory.WORKDIR /home/hello
# Define default command.CMD ["/bin/bash"]
DOCKERFILE
FROM ubuntu ← defines base imag
MAINTAINER [email protected] ← who is reponsible
# Install tmuxRUN \ apt-get update && apt-get install tmux
RUN mkdir /home/hello ← let's run some commands
# Define working directory.WORKDIR /home/hello ← let's start here
# Define default command.CMD ["/bin/bash"] ← default command to run without arguments in run
DOCKERFILE
Every command in Dockerfile is run on a different container
DOCKERFILE
Don't start services in dockerfile.
DOCKERFILE
Cache!- use it- save lots of time- not changed layers are reused
DOCKERFILE
- short- good base image- most changing things at the bottom
DOCKERFILE
Every command in Dockerfile is run on a different container
Learning resources
● http://docs.docker.com/#installation-guides● http://docs.docker.com/reference/builder/● http://docs.docker.com/reference/commandline/cli
/● https://crosbymichael.com/dockerfile-best-practic
es.html● http://docs.docker.com/articles/basics/● https://www.youtube.com/watch?v=XCVOxht34H
s● https://www.youtube.com/watch?v=9bvdc55xYdo
More Learning resources
● https://www.digitalocean.com/community/tutorials/docker-explained-how-to-containerize-python-web-applications
● http://phusion.github.io/baseimage-docker/● https://circleci.com/docs/docker● http://docs.docker.com/userguide/usingdocker/
Q&A