introduction to docker - lsi vitoria · presentation outline 1.the big picture 2.underlying...
TRANSCRIPT
![Page 1: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/1.jpg)
.
...... Introduction to Docker
Travis CardwellTokyo Linux Users Group
2014-01-18 Technical Meeting
![Page 2: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/2.jpg)
Presentation MotivationOS-level virtualization is becoming accessibleDocker makes it very easy to experiment with thetechnologyIf you have not already started learning aboutOS-level virtualization, now is the time!
Travis Cardwell Introduction to Docker 2 / 37
![Page 3: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/3.jpg)
Presentation Outline...1 The Big Picture...2 Underlying Technology...3 Docker...4 Use Cases...5 Demonstration...6 How To Get Started
Travis Cardwell Introduction to Docker 3 / 37
![Page 4: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/4.jpg)
.
...... The Big Picture
Travis Cardwell Introduction to Docker 4 / 37
![Page 5: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/5.jpg)
Virtualization
..
Bare Metal
.
Linux
.
KVM
.
Linux
.
...
.
KVM
.
Linux
.
...
Each virtual machine (VM)runs a full OSVMs require significantresourcesVMs take time to provisionand boot
Travis Cardwell Introduction to Docker 5 / 37
![Page 6: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/6.jpg)
Virtualization
..
Bare Metal
.
Linux
.
KVM
.
Linux
.
...
.
KVM
.
Linux
.
...
1967 first demo @IBM1997 Virtual PC1999 VMware2003 Xen
QEMU2007 KVM
VirtualBox
Travis Cardwell Introduction to Docker 5 / 37
![Page 7: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/7.jpg)
OS-Level Virtualization
..
Bare Metal
.
Linux
.
Container
.
...
.
Container
.
...
.
Container
....
Containers share the hostkernelFilesystem, network, etc. arevirtualizedRequires fewer resourcesA guest OS does not have toboot → starts fast
Travis Cardwell Introduction to Docker 6 / 37
![Page 8: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/8.jpg)
OS-Level Virtualization
..
Bare Metal
.
Linux
.
Container
.
...
.
Container
.
...
.
Container
....
1982 chroot1998 FreeBSD jails2001 Linux VServer
Virtuozzo2005 OpenVZ
Solaris Containers2007 AIX WPARS
HP-UX Containers2008 LXC
Travis Cardwell Introduction to Docker 6 / 37
![Page 9: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/9.jpg)
chroot
# export MY_CHROOT=/tmp/sid# mkdir $MY_CHROOT# debootstrap sid $MY_CHROOT \
http://ftp.jp.debian.org/debian/# mount proc $MY_CHROOT/proc -t proc# mount sysfs $MY_CHROOT/sys -t sysfs# chroot $MY_CHROOT /bin/bash
Travis Cardwell Introduction to Docker 7 / 37
![Page 10: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/10.jpg)
.
...... Underlying Technology
Travis Cardwell Introduction to Docker 8 / 37
![Page 11: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/11.jpg)
Kernel NamespacesNamespaces are used for isolation of:
filesystem - like chroot but more secureUTS (host and domain names)IPC (interprocess communication resources)PIDs (process ID number space)network stack (devices, addresses, routing, ports, etc.)users (user and group IDs)
Travis Cardwell Introduction to Docker 9 / 37
![Page 12: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/12.jpg)
Kernel Control Groupscgroups partition sets of tasks into hierarchical groupsAllows control over system resources:
resource limits (CPU, memory)bandwidth limits (block I/O)prioritizationaccess control (devices)
Provides accounting/metricsAllows management of tasks:
suspend/resume
Travis Cardwell Introduction to Docker 10 / 37
![Page 13: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/13.jpg)
LXC (LinuX Containers)Userspace interface for kernel containment features
lxc-create -t ubuntu -n p1lxc-start -n p1 -dlxc-lslxc-stop -n p1
Travis Cardwell Introduction to Docker 11 / 37
![Page 14: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/14.jpg)
aufsImplements a union mountOverlays filesystems, creating a unified hierarchySmaller size (diffs) allow for faster deployment
# cd /tmp# mkdir aufs-{orig,diff,mount}# debootstrap sid aufs-orig \
http://ftp.jp.debian.org/debian/# mount -t aufs \
-o br=/tmp/aufs-diff:/tmp/aufs-orig \none /tmp/aufs-mount
Travis Cardwell Introduction to Docker 12 / 37
![Page 15: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/15.jpg)
.
...... Docker
Travis Cardwell Introduction to Docker 13 / 37
![Page 16: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/16.jpg)
DockerCreated by dotCloud (now Docker, Inc.), aPlatform-as-a-Service companyCreated to automate the deployment of anyapplicationOpen source, on GitHub, active communityLicense: Apache 2.0
Travis Cardwell Introduction to Docker 14 / 37
![Page 17: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/17.jpg)
Feature: CompiledDocker is written in GoThe executable is statically compiled
Travis Cardwell Introduction to Docker 15 / 37
![Page 18: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/18.jpg)
Feature: LayersThe filesystem is layered using aufsChanges are committed, similar to git commits
Travis Cardwell Introduction to Docker 16 / 37
![Page 19: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/19.jpg)
Feature: DockerfilesConfiguration files that define how to build containersfrom imagesUse configuration tools, build tools, packages, etc.
FROM ubuntuRUN apt-get updateRUN apt-get upgrade -yRUN apt-get install -y build-essential
Travis Cardwell Introduction to Docker 17 / 37
![Page 20: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/20.jpg)
Feature: RegistryA server that stores repositoriesProvides an API for uploading/downloading themThere is a public registry called the indexOpen source, so you can host your own
# docker search ghc# docker pull afriel/ghc-head
# docker login localhost:8080# docker push tcard/gitit
Travis Cardwell Introduction to Docker 18 / 37
![Page 21: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/21.jpg)
Features Coming SoonContainer wiring and service discoveryPlugin APIBroader kernel supportCross-architecture support
Travis Cardwell Introduction to Docker 19 / 37
![Page 22: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/22.jpg)
Development StatusDevelopment is moving quite quicklyA production ready version is coming soon
0.1.0 2013-03-23 8 31 days0.2.0 2013-04-23 2 13 days0.3.0 2013-05-06 4 28 days0.4.0 2013-06-03 8 44 days0.5.0 2013-07-17 3 36 days0.6.0 2013-08-22 7+7 95 days0.7.0 2013-11-25 (6) (54 days)
Travis Cardwell Introduction to Docker 20 / 37
![Page 23: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/23.jpg)
Usage StatusCurrently requires x86_64Currently requires Linux 3.8 or higherCurrently not production readyContainers are not considered secure
Advice: Avoid root access in containersAdvice: Use SELinux if you need more security
Travis Cardwell Introduction to Docker 21 / 37
![Page 24: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/24.jpg)
.
...... Use Cases
Travis Cardwell Introduction to Docker 22 / 37
![Page 25: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/25.jpg)
DeploymentOS is included, so there are fewer parts to breakSame way for development, staging, and productionCan have fast transfer and boot timesScale applications and servicesExamples:
CoreOS is a distro for distributed platformsFlynn is an open source Platform-as-a-ServiceDokku is a mini-Heroku in 100 lines of BASH
Travis Cardwell Introduction to Docker 23 / 37
![Page 26: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/26.jpg)
Test AutomationTest across different distributions and library versionsPerform fast unit and integration testingExamples:
DNT tests code against multiple versions of Node.jssimultaneouslyNodeChecker is a website that tests all NPM modules
Travis Cardwell Introduction to Docker 24 / 37
![Page 27: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/27.jpg)
IsolationRun some services on battle-tested RHEL and otherson bleeding-edge ArchSandbox web applications; example:
JiffyLab is a Python/Unix web-based teaching environmentSandbox local applications; example:
Run Mozilla Firefox in an ephemeral container
Travis Cardwell Introduction to Docker 25 / 37
![Page 28: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/28.jpg)
Lightweight VirtualizationLaunch virtualized environments quicklyReduce resource requirementsUse Xpra (“screen for X”) to manage sessions
Travis Cardwell Introduction to Docker 26 / 37
![Page 29: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/29.jpg)
Share BuildsProvide quick access to difficult buildsProvide easy access to new usersExamples:
ghc-head repository provides latest builds of GHCdocker-selenium-firefox-chrome repository providesSelenium testing of specific browser buttons
Travis Cardwell Introduction to Docker 27 / 37
![Page 30: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/30.jpg)
.
...... Demonstration
Travis Cardwell Introduction to Docker 28 / 37
![Page 31: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/31.jpg)
ContainersSeparate process spaceSeparate filesystemsSeparate networking
Travis Cardwell Introduction to Docker 29 / 37
![Page 32: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/32.jpg)
CommittingThe service listens to virtual port 8888It can be routed that to any portThe service is run in detached mode
Travis Cardwell Introduction to Docker 30 / 37
![Page 33: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/33.jpg)
BusyBoxThe image is small: <5MBRun with the -rm option to automatically remove thecontainer
Travis Cardwell Introduction to Docker 31 / 37
![Page 34: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/34.jpg)
IPython ServiceThe service listens to virtual port 8888It can be routed that to any portBind mount a directory for data
Travis Cardwell Introduction to Docker 32 / 37
![Page 35: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/35.jpg)
Sandboxed FirefoxBind mount /tmp/.X11-unix (X11 unix socket)Bind mount /dev/sndGive access to c 116:* (ALSA)Pass the $DISPLAY environment variableChoose what to do with data:
Ephemeral: delete on closeData on host: bind mount a host directoryData container: use a volume
Travis Cardwell Introduction to Docker 33 / 37
![Page 36: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/36.jpg)
.
...... How To Get Started
Travis Cardwell Introduction to Docker 34 / 37
![Page 37: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/37.jpg)
Linux Beginners: Vagrant...1 Install VirtualBox...2 Install Vagrant...3 Install git...4 Deploy a Docker VM:
git clone https://github.com/dotcloud/docker.gitcd dockervagrant up
...5 Connect to the VM: vagrant ssh
...6 Run Docker in the VM: sudo docker
Travis Cardwell Introduction to Docker 35 / 37
![Page 38: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/38.jpg)
Linux Veterans: DebianWorks painlessly on Jessie (testing)Dependencies are listed in /hack/PACKAGERS.mdYou will need to:
Add some parameters to /etc/default/grubAdd a cgroup mount to /etc/fstabEnable forwarding in /etc/sysctl.conf
All output of lxc-checkconfig should be greenTo install Docker:
wget the binary from the Docker websitewget the SysVinit script from the GitHub repo
Travis Cardwell Introduction to Docker 36 / 37
![Page 39: Introduction to Docker - LSI Vitoria · Presentation Outline 1.The Big Picture 2.Underlying Technology 3.Docker 4.Use Cases 5.Demonstration 6.How To Get Started Travis Cardwell Introduction](https://reader030.vdocuments.us/reader030/viewer/2022040608/5ec56482040010522219d16b/html5/thumbnails/39.jpg)
Tokyo Docker Meetuphttp://www.meetup.com/Docker-Tokyo/First meeting has not been scheduled yet
Travis Cardwell Introduction to Docker 37 / 37