Title (46 pt. HP Simplified bold)
Docker and AnsibleContainer management made easy
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without
notice.
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#About the speaker
Patrick Galbraith HP Advanced Technology GroupHas worked at Blue
Gecko, MySQL AB, Classmates, Slashdot, Cobalt Group, US Navy,
K-martMySQL projects: memcached UDFs, DBD::mysql, federated storage
engineFamilyOutdoors
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without
notice.
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#
What is a container?
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Containers vs. VMsContainers
Multiple isolated userspace instancesOnly libraries and
components needed for application Runs on the same kernel (using
Cgroups). Much smaller, easier to package VERY fast to
start!Container runs using (a) specific process(es) SSH not
neededSecurity limited to appVMs
Entire OS installationContainer runs within OS (using Cgroups).
VM runs using emulation or virtualization on host OSEntire VM OS
and disk imagesLonger to startSSHSecurity issues of running OS
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#What is Docker?Application that manages containers (CLI,
API)Automates the deployment of applications inside software
containersWritten in Go, Opensource dotCloudUses union file system
(AUFS)Can use CLI to search Docker repos for images"literally LXC
with some awesomesauce on topNo dependency hell
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Why Docker?Makes it very easy to run and manage
containersConfigure/build once, run anywhereSmall footprint in
terms of disk and memoryWell-suited for SaaS/PaaSSecurity - you are
not running a VM and associated OS
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Docker conceptsImagesRead only layerActs as a template
for containersInheritanceimages can be pushed to and pulled from
public or private repos
DockerfileUsed for building images
ContainersApplications run using containers
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Dockerfile exampleFROM ubuntu:13.04MAINTAINER Patrick
aka CaptTofu Galbraith , [email protected]
# Update distributionRUN apt-get update \ && apt-get
upgrade -y \ && apt-get clean
RUN apt-get install -y ssh vim apache2-mpm-prefork
RUN mkdir /var/run/sshdRUN mkdir /root/.sshRUN chmod 700
/root/.ssh
# entrypoint scriptADD entrypoint.sh
/usr/local/sbin/entrypoint.sh
ADD docker.pem.pub /root/.ssh/authorized_keysRUN chown -R
root:root /root/.ssh
# Expose SSH and ApacheEXPOSE 22 80 443
ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"]
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Entrypoint script example#!/bin/bash
/usr/sbin/sshd -D $@service apache2 start
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Docker concepts
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Basic usagedocker run Make changesdocker commitdocker
push
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Dockerfiledocker build t username/my_imageContainer runs
Each step results in an a commit (image being created)CMD vs.
ENTRYPOINT
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Ansible + Dockerdocker moduledocker_images
moduledocker_facts moduleDocker inventory pluginUses docker-py
Docker client python library
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#What we usedHP Moonshot New server low power (1500W x2
min)Small footprintDesigned for targeted workloadsOne 4.3 U
container chassis45 cartridges
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Install Docker
$ ansible-galaxy install angstwad.docker_ubuntu- hosts:local
connection: local roles: -
angstwad.docker_ubuntuDOCKER_OPTS="--ip=0.0.0.0
--host=tcp://0.0.0.0:4243Example: install docker install
roleExample: add options to template deployed to
/etc/defaults/dockerExample: playbook to install using docker
install role
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Install Docker
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Install Docker
Example: running ansible to verify that Docker is installed on
containers
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker_images moduleBuilds Docker imagesSimple: add,
build or remove
- name: check or build percona XtraDB Cluster image
docker_image: docker_url=tcp://127.0.0.1:4243
path=../docker-image-source/pxc/" name=capttofu/pxc"
state=present
Example: playbook to build a Percona XtraDB Cluster
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker_images module
Example: build several images using playbook using
docker_images
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker_images module
Example: Display of newly built images
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker moduleContainer provisioning start, stop, delete
containersSet parameters on a container
Example: Playbook that builds Percona XtraDB Cluster image -
name: docker image control local_action: module: docker docker_url:
"tcp://somehost:4243" image: capttofu/percona_xtradb" name: db"
state: present" publish_all_ports: yes
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker module$ ansible-playbook site.yml -e
'hosts=moonshot'
$ ansible-playbook site.yml -e 'hosts=moonshot
docker_state=absent'
Example: Docker container control
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker module
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker module
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker_facts module
Populate large dictionary docker_facts containing information
about Docker container fleet and imagesTwo primary dictionary
entries: docker_containers and docker_images
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker_facts module- name: Gather info about containers
hosts: "{{ hosts }}" gather_facts: False tasks: - name: Get facts
about containers local_action: docker_url: tcp://{{
inventory_hostname }}:4243 module: docker_facts
- name: another facts test debug: msg="Host{{':'}} {{
inventory_hostname}} Container Name{{':'}} {{ item.key }} IP
Address{{':'}} {{ item.value.docker_networksettings.IPAddress }}
ssh port{{':'}} {{
item.value['docker_networksettings']['Ports']['22/tcp'][0]['HostPort']
}}" with_dict: docker_containersExample: print out container fleet
info
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker_facts module
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker_facts module- name: Gather info about containers
hosts: docker gather_facts: True tasks: - name: Get facts about
containers local_action: module: docker_facts name: db_1 images:
aff77f73ca3dExample: print out specific container or images
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker_facts module- name: Gather info about containers
hosts: "{{ hosts }}" gather_facts: True tasks: - name: Get facts
about containers local_action: docker_url: tcp://{{
inventory_hostname }}:4243 module: docker_facts images: all
- name: images info debug: msg="Image ID {{ item.key }} Repo
Tags {{ item.value.docker_repotags }}" with_dict:
docker_imagesExample: Print out all images
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker_facts module---
- name: Create an invetory file hosts: moonshot gather_facts:
yes tasks: - name: Get facts about containers local_action:
docker_url: tcp://{{ inventory_hostname }}:4243 module:
docker_facts
- name: docker_hosts template local_action: template
src=docker_hosts.txt.j2 dest=./docker_hosts_{{ inventory_hostname
}}.txtExample: Use docker_facts to print out inventory file
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#docker_facts module
[c10n1.atg.seattle.lan]c19n1_db_1 ansible_ssh_port=49270
ansible_ssh_host=c10n1.atg.seattle.lanc19n1_db_2
ansible_ssh_port=49275
ansible_ssh_host=c10n1.atg.seattle.lanc19n1_db_3
ansible_ssh_port=49280
ansible_ssh_host=c10n1.atg.seattle.lanc19n1_haproxy_1
ansible_ssh_port=49285
ansible_ssh_host=c10n1.atg.seattle.lanc19n1_haproxy_2
ansible_ssh_port=49287
ansible_ssh_host=c10n1.atg.seattle.lanc19n1_haproxy_3
ansible_ssh_port=49289
ansible_ssh_host=c10n1.atg.seattle.lanc19n1_haproxy_4
ansible_ssh_port=49291
ansible_ssh_host=c10n1.atg.seattle.lanc19n1_web_1
ansible_ssh_port=49240 ansible_ssh_host=c10n1.atg.seattle.lan...{%
for host in hostvars | sort %}[{{ host }}]{% for container in
docker_containers | sort %}{{ container }} ansible_ssh_port={{
docker_containers[container]['docker_networksettings']['Ports']['22/tcp'][0]['HostPort']
}} ansible_ssh_host={{ host }}{% endfor %}{% endfor %}The produced
file:Jinja template:
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Docker Dynamic inventoryAbility to manage elastic
resourcesPlugins provide a JSON output that serves as an inventory
list to useansible i plugin playbook.ymlansible i docker.py
main.yml
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Dynamic inventory---
- name: Create a docker.yml file hosts: moonshot gather_facts:
yes tasks: - name: docker.yml template local_action: template
src=docker.yml.j2 dest=./docker.yml
Example: Playbook to create a dynamic inventory config file
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Dynamic inventory---defaults: host:
unix:///var/run/docker.sock version: 1.9 timeout: 60
private_ssh_port: 22 default_ip: 127.0.0.1
hosts:{% for key in hostvars %} - host: tcp://{{ key }}:4243
version: 1.9 timeout: 60 default_ip: {{
hostvars[key]['ansible_default_ipv4']['address'] }}
{% endfor %}Example: Jinja template for docker inventory plugin
config file
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Dynamic inventoryhosts: - host:
tcp://c29n1.atg.seattle.lan:4243 version: 1.9 timeout: 60
default_ip: 10.99.33.38
- host: tcp://c15n1.atg.seattle.lan:4243 version: 1.9 timeout:
60 default_ip: 10.99.33.24
- host: tcp://c14n1.atg.seattle.lan:4243 version: 1.9 timeout:
60 default_ip: 10.99.33.23Example: Produced docker inventory plugin
config
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Dynamic inventory
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Cleanup
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#AcknowledgementsPaul Durivage
(https://github.com/angstwad)Yazz Atlas
(https://twitter.com/EntropyWorks)Brian Aker
(https://en.wikipedia.org/wiki/Brian_Aker, @brianaker, IRC
krow)Michael DeHaan (https://twitter.com/laserllama)
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#Resourceshttp://patg.nethttps://galaxy.ansible.com/list#/users/1488http://docker.iohttps://github.com/CaptTofu/ansible-docker-presentationhttps://github.com/CaptTofu/docker-image-sourcehttp://www.slideshare.net/PatrickGalbraith/docker-ansible-34909080http://blog.docker.io/2013/06/openstack-docker-manage-linux-containers-with-nova/https://index.docker.io/u/ewindisch/dockenstack/
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.HP
Restricted#
