View
472
Download
4
Category
Preview:
Citation preview
INTRODUCTION TODOCKER
JOHANNES 'FISH' ZIEMKEtwitter/github: @discordianfish
Building Docker's infrastructure for central services
hub.docker.comdocker.comregistry
Former SoundCloud System and Infrastructureengineer
Scaled infrastructure by 10x in 2 years
DOCKER?Docker 1.4.1Open Source, written in Godeveloped publicly; GitHub, Mailinglists, DGABBuilds, packs and ships applications as lightweightcontainersBuild once, run (almost) everywhereLinux 3.10, OS X and Windows via transparent VMwrapper
CONTAINER VS VM
WHO CARES?
SOME DODocker 0.1 release Spring 2013by dotCloud (now Docker Inc)Rewrite of code that powers dotCloud PaaSSince release>70000 Images on central registry>54000 Dockerfiles on GitHub>100M Image downloads
WELL, OKAY..but why should I care?
TEST THINGS?Start always with a clean slateSpawn up complete test infrastructures in secondsRun your tests against various versions of libraries andservices
MAKE THINGS EASIER, HELPOR TEACH PEOPLE?
Provide students with software environmentDistribute complex setups as self-contained containerfor
Bioinformatics, Information sciencesYour favorite blogdocker run -p 8080:8080 -eURL=http://example.com fish/ghost
Empower people to run their own services
BUILDINGINFRASTRUCTURES?
90S INFRASTRUCTURESProprietary, homogeneous and often vertically scaledstackWaterfall design processRelease cycles of monthsHuge companies...targeting rather small audience/vertical businessesHuge IT/Ops departments
TODAY'SINFRASTRUCTURES
Agile development methods to move fastInterconnected services scaled horizontal inheterogenious environmentLots of spinning wheelsSeveral deploys per daySmall but fast growing startups targeting Millions ofusers
CHALLENGESManaging such infrastructures is incredible hardMillions of knobs and switchesBillions of possible combinationsHigh complexity make it hard to reason aboutNobody can completely understand it
Go away or I will replace you with a very small shell script
CONFIG MANAGEMENTDescribe what you want and how to get thereChange state somewhere, encode what might affectedCFEngine, Puppet, Chef, Ansible, SaltManage everything!Doesn't solve anything
MANAGING COMPLEXITYSimilar problems:
Software complexitymodules, classes, plugins
Human communicationnamed concepts like cat, nerd or car
Shipping goodsintermodal containers
Solution: Abstraction!
WHERE CAN DOCKER HELP?Containers = abstracted application, includingdependencies and configurationOperations = Adding/removing of containersThe container is the same where ever it runsLightweight; can be deployed/rolled back fast andeasilyIsolation makes sure one container isn't affectingothersClear separation of concerns
DEVELOPER: WHY I LOVEDOCKER
Because I just have to care about my container:
my librariesmy package managermy code
I own the container and don't care where it's running.
OPS: WHY I LOVE DOCKERBecause I just have to care about running containers:
provide systems with the Dockerresources planning & monitoringorchestration, remote access
I own the platform and don't care what's inside thecontainers
WHAT IS DOCKER EXACTLYDOING?
RUNNING COMMANDS ON:immutable, shippable, layered imageswith copy-on-write storage on topin isolated environmentvia RESTish API
SHIPPABLE IMAGESimmutablemultiple layersdefined by Dockerfile, built by builderpushed to/pulled from Docker registry
DOCKERFILE/BUILDERDockerfile: Simple text file with instructions:
FROM ubuntu:latestMAINTAINER Johannes 'fish' Ziemke <fish@docker.com>RUN aptget yq updateRUN aptget yq install nginxENTRYPOINT [ "/usr/sbin/nginx" ]CMD [ "g", "daemon off" ]
docker build creates image from DockerfileEach instruction creates new layerIf instruction hasn't changed, uses cached layerdocker push uploads image layers to registry
DOCKER REGISTRYhosting/delivery of imagesopen source projectsupports various storage backendshosted platform: hub.docker.com
COPY-ON-WRITE STORAGEProvides writable layer on top of (read-only) imagesPersists all changes done by running containerPluggable, supported drivers:
aufsbtrfsdevicemapperoverlayfsvfs
ISOLATED EXECUTIONPlugable, supported: lxc, nativeUsing kernel features:
namespacesIsolation by scopingAvailable: pid, mnt, net, uts, ipc, user
cgroups (control groups)limit, account and isolate resourcesCPU, memory, I/O and general devices
Future: solaris zones, BSD jails, full blown virtualization
DOCKER APIRESTish API, defaults to UNIX socketOptional TLS client and server authenticationThe system APINo need for any other remote accessReady for building your infrastructuredeployment/automation on top
FUTUREComposition: Multi-containerScheduling: Multi-hostTools
Docker nativefigKubernetesMesos
DEMO TIME!
THANKS!QUESTIONS?
Johannes 'fish' Ziemke/
GitHub/Twitter/Facebook: @discordianfishfish@docker.com fish@freigeist.org
Recommended