Docking your services_with_docker
7 likes4,761 views
Haggai Philip Zagury, a DevOps engineer with over 10 years of experience, gave a presentation on how configuration management and deployment have changed between monolithic and microservices architectures. He discussed how Docker containers can help solve issues around isolation, security, and portability when deploying microservices compared to traditional virtual machines. Vagrant and Docker can be used together to create isolated development environments for testing applications locally.
![text
More images == GB/$$/PERF
Between 100MB & nGB
Cost in storage … [ e.g. S3 ]
Cost in performance [ VMware …]](https://image.slidesharecdn.com/dockingyourserviceswithdocker-140129053019-phpapp01/85/Docking-your-services_with_docker-24-320.jpg)
![text
Linux Containers (LXC) - Why ?
Features
• Kernel namespaces [ isolated processes, network etc ]
• Chroot & Seccomp (isolation)
• Control groups (a.k.a cgroups)
Limitation
• Only Linux !](https://image.slidesharecdn.com/dockingyourserviceswithdocker-140129053019-phpapp01/85/Docking-your-services_with_docker-34-320.jpg)
![Why DOCKER ?
Why?
• A wrapper for LXC
• An abstraction layer for LXC + features
So Why not “plain old” LXC ?
• Portable deployments across machines
•
•
•
LXC alone doesn't guarantee that !
Docker build - a “build tool” designed for portability
Application centric / OS centric [ Docker’s API ]
• SHA-1 (git like) based versioning
•
•
DRY / Reuse - 1 base image for many applications
Sharing - index (global) or registry (private / on prem)](https://image.slidesharecdn.com/dockingyourserviceswithdocker-140129053019-phpapp01/85/Docking-your-services_with_docker-37-320.jpg)
![Vagrant & Docker
Vagrant.configure("2") do |config|
config.vm.box = "dummy" config.vm.provider :docker do |docker|
docker.image = "your/image:tag"
docker.cmd
= ["/path/to/your", "command"]
end
end
vagrant
plugin
install
docker-‐provider
-‐
docker
friendly
vagrant
image](https://image.slidesharecdn.com/dockingyourserviceswithdocker-140129053019-phpapp01/85/Docking-your-services_with_docker-46-320.jpg)
![Search & Get an image
docker
search
<keyword>
root@docker-‐poc:/tmp#
docker
search
centos*6
NAME
DESCRIPTION
STARS
OFFICIAL
TRUSTED
saltstack/centos-‐6
0
[OK]
salgest/centos-‐6
0
[OK]
saltstack/centos-‐6-‐minimal
1
[OK]
leifw/tokumx-‐buildslave-‐centos-‐6
0
[OK]
tenforward/centos-‐i386
CentOS
6
32bit
image
0
hansode/rpmbuilder-‐rhel6
CentOS-‐6
with
rpmdevtools
0
...
hgp://index.Docker.io](https://image.slidesharecdn.com/dockingyourserviceswithdocker-140129053019-phpapp01/85/Docking-your-services_with_docker-48-320.jpg)
![Define your own
Dockerfile
-‐>
Redis
server
running
in
a
container
#
Docker
Image/tag
FROM
ubuntu:12.10
#
command(s)
to
execute
on
container
RUN
apt-‐get
update
RUN
apt-‐get
-‐y
install
redis-‐server
#
what
port
to
listen
on
EXPOSE
6379
#
once
container
is
acJve
what
binary
to
run
ENTRYPOINT
["/usr/bin/redis-‐server"]](https://image.slidesharecdn.com/dockingyourserviceswithdocker-140129053019-phpapp01/85/Docking-your-services_with_docker-49-320.jpg)
![Docker build
…
Processing
triggers
for
ureadahead
...
-‐-‐-‐>
ba4030995701
Step
4
:
EXPOSE
6379
-‐-‐-‐>
Running
in
24720beda74b
-‐-‐-‐>
6fdf06372117
Step
5
:
ENTRYPOINT
["/usr/bin/redis-‐server"]
-‐-‐-‐>
Running
in
c9b9480840ad
-‐-‐-‐>
a6dd4adbb425
Successfully
built
a6dd4adbb425
docker
images
REPOSITORY
TAG
IMAGE
ID
CREATED
VIRTUAL
SIZE
<none>
<none>
a6dd4adbb425
8
minutes
ago
297.2
MB](https://image.slidesharecdn.com/dockingyourserviceswithdocker-140129053019-phpapp01/85/Docking-your-services_with_docker-52-320.jpg)
![Docker tag & push
docker
tag
a6dd4adbb425
localhost:5000/redis_hagzag
docker
push
localhost:5000/redis_hagzag
The
push
refers
to
a
repository
[localhost:5000/redis_hagzag]
(len:
1)
Sending
image
list
Pushing
repository
localhost:5000/redis_hagzag
(1
tags)
27cf78414709:
Image
successfully
pushed
b750fe79269d:
Image
successfully
pushed
46a6f0556e96:
Image
successfully
pushed
ba4030995701:
Image
successfully
pushed
6fdf06372117:
Image
successfully
pushed
a6dd4adbb425:
Image
successfully
pushed
Pushing
tags
for
rev
[a6dd4adbb425]
on
{hgp://localhost:5000/v1/repositories/
redis_hagzag/tags/latest}](https://image.slidesharecdn.com/dockingyourserviceswithdocker-140129053019-phpapp01/85/Docking-your-services_with_docker-53-320.jpg)
Docking your services_with_docker
- 1. FullStack Developers Israel Docking micro services with Haggai Philip Zagury 28.1.2014 Google Campus T.A Hosted by:
- 2. WHO AM I ?
- 3. Haggai Philip Zagury, DevOps Engineer } { ● ● ● ● Continuous integration Continuous delivery It Operations Configuration management over 10 years of DevOps expertise
- 4. “ I am a member of Tikal's DevOps/ALM group. With over 15 members, we meet, share, contribute and code together on a monthly basis “
- 5. WHO WE ARE?
- 6. We help companies build, deliver, deploy, manage and optimize their products.
- 8. Where are we going today text
- 9. How CM & Deployment changed Between Monolithic & SOA / MSA
- 11. Stack => Stacks
- 13. More Technologies More Services (API’s)
- 14. More Technologies More Services (API’s) More Teams
- 15. ch team with Ea it’s own “madness”
- 16. MONOLITHIC app deployment FABRIC } 1 … n * n 1 … n
- 17. MONOLITHIC style for SOA/MSA FABRIC } service A * n service B service C
- 18. MONOLITHIC style for SOA/MSA Team / Service A
- 19. MONOLITHIC style for SOA/MSA Team / Service B
- 20. MONOLITHIC style for SOA/MSA Team / Service C
- 21. MONOLITHIC style for SOA/MSA FABRIC } * n
- 22. text MONOLITHIC “style” System provisioning (& OS provisioning) • Much more “base images” in order to save time Deployment takes much longer (ad hoc configuration) • • Consolidate in order to save time • Backup & Restore ? doesn’t save time :( • Security ?
- 23. text MONOLITHIC “style” I need xyz installed • Kernel version not supported • Other component's depend on that • Wait for next release / OS upgrade
- 24. text More images == GB/$$/PERF Between 100MB & nGB Cost in storage … [ e.g. S3 ] Cost in performance [ VMware …]
- 28. From library dependency runtime directory (encapsulation)
- 29. From library dependency runtime directory (encapsulation) “.service” (hybrid)
- 30. Choose 1 tool for the job ?! FABRIC } service A * n service B service C
- 31. Containers • OSLV -‐ OperaJng System Level VirtualizaJon (link) • API & tooling, which enable *nix users to easily create and manage system or applicaJon containers.
- 32. What are containers anyway ?
- 33. text Linux Containers (LXC) - Why ? Isn't there enough container tech ? • Solaris Zones (containers - link) Vserver • • Openvz • Chroot Why now ? • Solaris not widely used as linux/freebsd … Linux kernel support ( >= 2.6.27 ) • • Application segmentation • We really need it !!! => “.service” era
- 34. text Linux Containers (LXC) - Why ? Features • Kernel namespaces [ isolated processes, network etc ] • Chroot & Seccomp (isolation) • Control groups (a.k.a cgroups) Limitation • Only Linux !
- 35. text Revolution – Hard/Software From Rack servers => Blade
- 36. So what’s this DOCKER and why do I need it ?
- 37. Why DOCKER ? Why? • A wrapper for LXC • An abstraction layer for LXC + features So Why not “plain old” LXC ? • Portable deployments across machines • • • LXC alone doesn't guarantee that ! Docker build - a “build tool” designed for portability Application centric / OS centric [ Docker’s API ] • SHA-1 (git like) based versioning • • DRY / Reuse - 1 base image for many applications Sharing - index (global) or registry (private / on prem)
- 38. text Docker ( & LXC ) Solve ! ISOLATION • Daemon per container Any version is supported
- 39. text Docker ( & LXC ) Solve ! ISOLATION • Daemon per container SECURITY • Container == Independent ( user/group/service etc) • New version == new container ( not toe trading …)
- 40. text Docker ( & LXC ) Solve ! ISOLATION • Daemon per container SECURITY • Container == Independent ( user/group/service etc) • New version == new container ( not toe trading …) PORTABILITY • Container on DEV machine => to production • Deploy from private registry • Rollback == latest -1
- 41. VM vs Container • • • • No hypervisor layer No lib duplication Shared kernel VMS are “heavy” • • • • 5-10 x Faster Startup time VMS are “heavy” Better utilize HW (cloud)
- 42. Docker - lightweight • • Reuse kernel Add functionality to a container, version it, share it
- 43. Micro service example Docker • ROR front end • Key-‐value store Host / VM
- 44. Workflow(s)
- 45. The developer workflow ● How do we test locally ? { if running on windows / OSX } ● Define an interface with operations ?
- 46. Vagrant & Docker Vagrant.configure("2") do |config| config.vm.box = "dummy" config.vm.provider :docker do |docker| docker.image = "your/image:tag" docker.cmd = ["/path/to/your", "command"] end end vagrant plugin install docker-‐provider -‐ docker friendly vagrant image
- 47. Fast, isolated development environments using Docker. • Define your application’s environment • OS • Packages • Configuration ! etc • Number of machines ? • Define a container via Dockerfile • Use that Dockerfile to define your environment (via yaml file) web: workfl o w build: . links: -‐ db ports: -‐ 8000:8000 db: image: hagzag/pgsql
- 48. Search & Get an image docker search <keyword> root@docker-‐poc:/tmp# docker search centos*6 NAME DESCRIPTION STARS OFFICIAL TRUSTED saltstack/centos-‐6 0 [OK] salgest/centos-‐6 0 [OK] saltstack/centos-‐6-‐minimal 1 [OK] leifw/tokumx-‐buildslave-‐centos-‐6 0 [OK] tenforward/centos-‐i386 CentOS 6 32bit image 0 hansode/rpmbuilder-‐rhel6 CentOS-‐6 with rpmdevtools 0 ... hgp://index.Docker.io
- 49. Define your own Dockerfile -‐> Redis server running in a container # Docker Image/tag FROM ubuntu:12.10 # command(s) to execute on container RUN apt-‐get update RUN apt-‐get -‐y install redis-‐server # what port to listen on EXPOSE 6379 # once container is acJve what binary to run ENTRYPOINT ["/usr/bin/redis-‐server"]
- 50. Docker - Choose base docker pull user/container-‐name root@docker-‐poc:/tmp# docker pull saltstack/centos-‐6-‐minimal Pulling repository saltstack/centos-‐6-‐minimal aca320b373f2: Download complete f2f28f99c5fd: Download complete bf9724189396: Download complete e7adb01c55f6: Download complete a3f13a39bbbe: Download complete Git style “tags” Salt – inside …
- 51. Docker build build from Dockerfile docker build . Step 1 : FROM ubuntu:12.10 -‐-‐-‐> b750fe79269d Step 2 : RUN apt-‐get update -‐-‐-‐> Running in 0d768rc284d Fetched 9813 kB in 20s (481 kB/s) -‐-‐-‐> 46a6f0556e96 Step 3 : RUN apt-‐get -‐y install redis-‐server -‐-‐-‐> Running in 5ea88c37d21f The following extra packages will be installed: libjemalloc1 The following NEW packages will be installed: libjemalloc1 redis-‐server 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 319 kB of archives.
- 52. Docker build … Processing triggers for ureadahead ... -‐-‐-‐> ba4030995701 Step 4 : EXPOSE 6379 -‐-‐-‐> Running in 24720beda74b -‐-‐-‐> 6fdf06372117 Step 5 : ENTRYPOINT ["/usr/bin/redis-‐server"] -‐-‐-‐> Running in c9b9480840ad -‐-‐-‐> a6dd4adbb425 Successfully built a6dd4adbb425 docker images REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE <none> <none> a6dd4adbb425 8 minutes ago 297.2 MB
- 53. Docker tag & push docker tag a6dd4adbb425 localhost:5000/redis_hagzag docker push localhost:5000/redis_hagzag The push refers to a repository [localhost:5000/redis_hagzag] (len: 1) Sending image list Pushing repository localhost:5000/redis_hagzag (1 tags) 27cf78414709: Image successfully pushed b750fe79269d: Image successfully pushed 46a6f0556e96: Image successfully pushed ba4030995701: Image successfully pushed 6fdf06372117: Image successfully pushed a6dd4adbb425: Image successfully pushed Pushing tags for rev [a6dd4adbb425] on {hgp://localhost:5000/v1/repositories/ redis_hagzag/tags/latest}
- 54. The Deployment workflow ● Provide docker-registry service / interface ● Monitoring & Logging facilities ● Data binding / persistent configuration
- 55. Our service Docker • Using –name & -‐link • Linking containers by reference (not ip) Host / VM build run + -‐name, build run + -‐link tag = complete “.service” on a single node
- 56. Docker run & ps docker run -‐name redis -‐d a6dd4adbb425 docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9026507ef675 a6dd4adbb425 /usr/bin/redis-‐serve 12 minutes ago Up 12 minutes 6379/tcp redis 7e88dcb96856 registry:0.6.1 /bin/sh -‐c cd /docke 9 days ago Up 40 minutes 0.0.0.0:5000-‐>5000/ tcp condescending_thompson
- 57. Docker inspect docker inspect redis
- 58. What we achieved ? docker push <reg-‐name>/app-‐1 docker pull <reg-‐name>/app-‐1 take tag “latest” of app A In container responsibility ● Latest code ● Dependencies Out container responsibility ● Security & Remote access ● Logging ● Monitoring ● Networking Immutability ? - not just yet … but we are getting close
- 59. Evolving with Docker DevEnv • • • • FIG Vagrant – buggy Chef-‐docker (hgps://github.com/bflad/chef-‐docker) Chef Docker registry ( hgp://community.opscode.com/cookbooks/docker-‐registry) OpsEnv • Chef-‐docker (hgps://github.com/bflad/chef-‐docker) • Chef Docker registry ( hgp://community.opscode.com/cookbooks/docker-‐registry) • Puppet docker (hgp://forge.puppetlabs.com/garethr/docker) • DOTCLOUDS (focke authors) – About to base PASS based on Docker
- 61. A nodejs container …
- 62. Heroku like with Docker = Dokku hgps://github.com/progrium/dokku
- 63. Heroku like with LXC + Chef = Diez hgp://deis.io/ hgps://github.com/opdemand/deis
- 64. To Summarize • Very promising & almost J production ready • A great complementary to existing CM tooling • Simplifies deployment (I know it doesn’t seem so) text
- 65. Thank You Haggai Philip Zagury Email: hagzag@Jkalk.com