Can puppet help you run docker on a T2.Micro?
0 likes218 views
This document discusses how Puppet can be used to run Docker containers on an AWS EC2 t2.micro instance in a masterless configuration. It covers setting up masterless Puppet with cloud-init userdata to fetch configuration from infrastructure as code. Hiera is used to separate data from Puppet code for automatic parameter lookup. Roles and profiles are implemented to define the Docker host configuration. Modules are fetched from Puppetfile. Stages are used to order execution and Docker is configured using the docker module. In summary, masterless Puppet can help build and configure an EC2 instance to fetch Docker images and run containers defined in Hiera data.
![hieradata
• Separation of data from code
docker::run { $container:
image => $image,
command => $command,
memory_limit => $memory_limit,
cpuset => $cpuset,
ports => $ports,
expose => $expose,
volumes => $volumes,
links => $links,
use_name => $use_name,
running => $running,
volumes_from => $volumes_from,
net => $net,
username => $username,
hostname => $hostname,
env => $env,
dns => $dns,
dns_search => $dns_search,
lxc_conf => $lxc_conf,
restart_service => $restart_service,
disable_network => $disable_network,
privileged => $privileged,
detach => $detach,
extra_parameters => $extra_parameters,
pull_on_start => $pull_on_start,
depends => $depends,
tty => $tty,
require => $requires,
}
eyamld:
image: "nginx"
ports:
- "80:80"
env:
- NGINX_HOST=foobar.com
- NGINX_PORT=80
use_name: true
docker::run { ‘eyamld’:
image => "nginx",
command => undef,
memory_limit => 0b,
cpuset => [],
ports => ["80:80“],
expose => [],
volumes => [],
links => [],
use_name => true,
running => true,
volumes_from => [],
net => 'bridge',
username => false,
hostname => false,
env => [NGINX_HOST=foobar.com,
NGINX_PORT=80
],
dns => [],
dns_search => [],
lxc_conf => [],
restart_service => true,
disable_network => false,
privileged => false,
detach => true,
extra_parameters => undef,
pull_on_start => false,
depends => [],
tty => false,
require => [],
}
+ =](https://image.slidesharecdn.com/canpuppethelpyourundockerona-161109091200/85/Can-puppet-help-you-run-docker-on-a-T2-Micro-12-320.jpg)
![Roles and Profiles
• Defined as classes within either Roles Module or Profiles Module
• Roles contain Profiles
• Use include, require or class
class role::dockerhost {
include ::profile::base
include ::profile::os_limits
include ::profile::docker_base
include ::profile::docker_containers
class { '::profile::swapfile':
before => Class['profile::base']
}
}
# profile::docker_containers
class profile::docker_containers
($containers={}) {
create_resources (
'profile::docker_container', $containers )
}](https://image.slidesharecdn.com/canpuppethelpyourundockerona-161109091200/85/Can-puppet-help-you-run-docker-on-a-T2-Micro-17-320.jpg)
![ordering
• Require and before
class { ‘install-ssl':
installdir => "$installdir",
require => Exec['unarchive-source'],
before => File['copy-init-file'],
}](https://image.slidesharecdn.com/canpuppethelpyourundockerona-161109091200/85/Can-puppet-help-you-run-docker-on-a-T2-Micro-22-320.jpg)
![Stages
• Simple manifests best
• swapfile stage
stage { 'swapfile':
before => Stage['main'],
}
class { '::profile::swapfile':
stage => swapfile
before => Class['profile::base']
}](https://image.slidesharecdn.com/canpuppethelpyourundockerona-161109091200/85/Can-puppet-help-you-run-docker-on-a-T2-Micro-27-320.jpg)
![Stages
• Catalog compiles
• Runs each stage based on order
Notice: Compiled catalog for ip-10-96-4-130.internal in environment production in 2.10
Notice: /Stage[swapfile]/Profile::Swapfile/Exec[Create swap file /mnt/swap.1]/returns:
Notice: /Stage[swapfile]/Profile::Swapfile/File[/mnt/swap.1]/mode: mode changed '0644'
...
Notice: /Stage[main]/Profile::Docker_base/Exec[yum install -y docker-io]/returns:
Notice: /Stage[main]/Docker::Service/File[/etc/sysconfig/docker]/content: content](https://image.slidesharecdn.com/canpuppethelpyourundockerona-161109091200/85/Can-puppet-help-you-run-docker-on-a-T2-Micro-28-320.jpg)
Can puppet help you run docker on a T2.Micro?
- 1. Can Puppet help you run Docker on a T2.micro? Presented by: Neil Millard www.mitese.co.uk
- 2. whoami • Always programming • IT professional since 1995 • Devops / Infrastructure as Code • Helicopter pilot
- 3. Encryptinator! • Uses https://github.com/TomPoulton/hiera-eyaml Ruby gem • Containerised Sinatra app
- 4. agenda • Masterless puppet • Hieradata • Roles and Profiles • Modules • Ordering • AWS EC2 • Stages • Docker
- 5. Why Masterless puppet • Pets VS • Scale UP Cattle Scale OUT http://www.slideshare.net/gmccance/cern-data-centre-evolution - attrib Bill Baker/Microsoft https://www.iha.com
- 6. Why Masterless puppet • Puppet Masters • Pets • Maintenance • Care • Sometimes fragile
- 7. Why Masterless puppet • Rebuild rather than reconfigure • Temporary • Build Server -> work/develop -> destroy server
- 8. Masterless puppet • Bootstrapping • Cloud-init • userdata - Environment - Role
- 9. Masterless puppet • Bake or not to bake? • Preparing to run puppet Tru-strap https://github.com/MSMFG/tru-strap Args: Provisioning or configuration repository Role + Environment Facts, for hiera lookup • Install puppet
- 10. Masterless puppet • Fetch configuration (infrastructure as code) • Puppet • hieradata • Puppetfiles • manifests • modules • profiles • roles • https://github.com/neilmillard/puppet-dockerhost
- 11. agenda • Masterless puppet • Hieradata • Roles and Profiles • Modules (via Puppetfiles) • Ordering • AWS EC2 • Stages • Docker
- 12. hieradata • Separation of data from code docker::run { $container: image => $image, command => $command, memory_limit => $memory_limit, cpuset => $cpuset, ports => $ports, expose => $expose, volumes => $volumes, links => $links, use_name => $use_name, running => $running, volumes_from => $volumes_from, net => $net, username => $username, hostname => $hostname, env => $env, dns => $dns, dns_search => $dns_search, lxc_conf => $lxc_conf, restart_service => $restart_service, disable_network => $disable_network, privileged => $privileged, detach => $detach, extra_parameters => $extra_parameters, pull_on_start => $pull_on_start, depends => $depends, tty => $tty, require => $requires, } eyamld: image: "nginx" ports: - "80:80" env: - NGINX_HOST=foobar.com - NGINX_PORT=80 use_name: true docker::run { ‘eyamld’: image => "nginx", command => undef, memory_limit => 0b, cpuset => [], ports => ["80:80“], expose => [], volumes => [], links => [], use_name => true, running => true, volumes_from => [], net => 'bridge', username => false, hostname => false, env => [NGINX_HOST=foobar.com, NGINX_PORT=80 ], dns => [], dns_search => [], lxc_conf => [], restart_service => true, disable_network => false, privileged => false, detach => true, extra_parameters => undef, pull_on_start => false, depends => [], tty => false, require => [], } + =
- 13. hieradata • Separation of data from code • Automatic parameter lookup # In this example, $parameter's value gets set # when `myclass` is eventually declared. # Class definition: class myclass ($parameter_one = "default text") { file {'/tmp/foo': ensure => file, content => $parameter_one, } }
- 14. hieradata • Separation of data from code • Automatic parameter lookup • Code reuse with lookups profile::docker_containers::containers: eyamld: image: "nginx" ports: - "80:80" env: - NGINX_HOST=foobar.com - NGINX_PORT=80 use_name: true # profile::docker_containers class profile::docker_containers ($containers={}) { create_resources ( 'profile::docker_container', $containers ) }
- 15. hieradata • Hiera.yaml – configuration --- :backends: - eyaml - yaml :eyaml: :datadir: /etc/puppetlabs/puppet/hieradata :pkcs7_private_key: /etc/puppet/secure/keys/private_key.pkcs7.pem :pkcs7_public_key: /etc/puppet/secure/keys/public_key.pkcs7.pem :yaml: :datadir: /etc/puppetlabs/puppet/hieradata :hierarchy: - "%{::init_env}/%{::init_role}" - "%{::init_role}" - "%{::init_env}" - common
- 16. Roles and Profiles • Business Layer (Roles) only includes profiles no logic one server, one role • Implementation Layer (Profiles) Includes classes Modules and Resources create_resources{} Craig Dunn - http://www.slideshare.net/PuppetLabs/roles-talk Puppet - https://docs.puppet.com/pe/2016.2/r_n_p_intro.html http://www.slideshare.net/DaeHyung/learning-puppet-basic-thing #64
- 17. Roles and Profiles • Defined as classes within either Roles Module or Profiles Module • Roles contain Profiles • Use include, require or class class role::dockerhost { include ::profile::base include ::profile::os_limits include ::profile::docker_base include ::profile::docker_containers class { '::profile::swapfile': before => Class['profile::base'] } } # profile::docker_containers class profile::docker_containers ($containers={}) { create_resources ( 'profile::docker_container', $containers ) }
- 18. Modules • Puppetforge or Git (Github)
- 19. Modules • Librarian or r10k from Puppetfile forge "https://forgeapi.puppetlabs.com" # Base modules mod "saz/timezone", "3.0.1" mod "saz/rsyslog", "4.0.2"
- 20. agenda • Masterless puppet • Hieradata • Roles and Profiles • Modules • Ordering • AWS EC2 • Stages • Docker
- 21. ordering • Puppet execution is in parallel • Dependencies need order anchor { 'ntp::begin': } -> class { '::ntp::install': } -> class { '::ntp::config': } ~> class { '::ntp::service': } -> anchor { 'ntp::end': }
- 22. ordering • Require and before class { ‘install-ssl': installdir => "$installdir", require => Exec['unarchive-source'], before => File['copy-init-file'], }
- 23. ordering • -> • Everything else is attempted at the same time -> class { ‘install-ssl': installdir => "$installdir", } ->
- 24. The Puppet Run • Puppet catalog compilation • Puppet catalog apply http://www.slideshare.net/bernstein_aaron/puppet-introduction-26593192 #25 Data Hieradata
- 25. agenda • Masterless puppet • Hieradata • Roles and Profiles • Modules • Ordering • AWS EC2 • Stages • Docker
- 26. AWS EC2 • Flexible workloads • Is limiting on memory • May need a swapfile Model vCPU (burst) Mem (GiB) t2.nano 1 0.5 t2.micro 1 1 t2.small 1 2 t2.medium 2 4 t2.large 2 8
- 27. Stages • Simple manifests best • swapfile stage stage { 'swapfile': before => Stage['main'], } class { '::profile::swapfile': stage => swapfile before => Class['profile::base'] }
- 28. Stages • Catalog compiles • Runs each stage based on order Notice: Compiled catalog for ip-10-96-4-130.internal in environment production in 2.10 Notice: /Stage[swapfile]/Profile::Swapfile/Exec[Create swap file /mnt/swap.1]/returns: Notice: /Stage[swapfile]/Profile::Swapfile/File[/mnt/swap.1]/mode: mode changed '0644' ... Notice: /Stage[main]/Profile::Docker_base/Exec[yum install -y docker-io]/returns: Notice: /Stage[main]/Docker::Service/File[/etc/sysconfig/docker]/content: content
- 29. Stages • Ordering across stages WILL break • WARNING – use with care. Can cause dependency cycles
- 30. agenda • Masterless puppet • Hieradata • Roles and Profiles • Modules • Ordering • AWS EC2 • Stages • Docker
- 32. Docker • WhaleSay $ docker run docker/whalesay cowsay boo Unable to find image 'docker/whalesay:latest' locally latest: Pulling from docker/whalesay e9e06b06e14c: Pull complete a82efea989f9: Pull complete 37bea4ee0c81: Pull complete ... 99da72cfe067: Pull complete 5d5bd9951e26: Pull complete fb434121fc77: Already exists Digest: sha256:d6ee73f978a366cf97974115abe9c4099ed59c6f75c23d03c64446bb9cd49163 Status: Downloaded newer image for docker/whalesay:latest _____ < boo > -----
- 33. Docker • Dockerhost configuration docker run --name eweb -p 80:80 –e “NGINX_HOST=foobar.com” –e “NGINX_PORT=80” –d nginx • Docker compose profile::docker_containers::containers: eweb: image: "nginx" ports: - "80:80" env: - NGINX_HOST=foobar.com - NGINX_PORT=80 use_name: true # profile::docker_containers class profile::docker_containers ($containers={}) { create_resources ( 'profile::docker_container', $containers ) }
- 34. Docker • Volumes • Network • Resource Constraints • Ref: https://docs.docker.com/engine/reference/run/
- 35. Docker • Production? • Serverless • Jenkins builds • Scale
- 36. Docker • Swarm https://docs.docker.com/engine/swarm/swarm-tutorial/ https://github.com/jimfdavies/vagrant-docker-swarm • Amazon EC2 Container Service container management that supports Docker containers
- 37. Can Puppet help you run Docker on a T2.micro? • Boot, prep and build instance • Puppet builds catalog and apply configuration from your heiradata • Fetch images and run docker containers
- 38. Neil Millard Mitese Group w: www.mitese.co.uk & https://github.com/neilmillard e: neil@mitese.co.uk