Introduction to docker

Introduction to Docker

Virtualization Using Containers

Contents➢ a company and a platform➢ application-level virtualization➢ benefits➢ used technologies➢ usage➢ future


Who is Docker

“Docker is an open source platform for developers and sysadmins of distributed apps.”

Docker, Inc. is the company behind Docker

dotCloud → Y Combinator → 20.000$ → SF!

Who uses it?


What is application-level virtualization

Three types of virtualization technologies

1. emulation

2. virtualization

3. containers

Contents➢ a company and a platform➢ application-level virtualization

○ hw emulation○ os virtualization○ app containers

➢ benefits➢ used technologies➢ usage➢ future

Emulation

hardware (cpu, ram, disk, etc.) is emulatedo e.g., QEMUo allows:

| Application || Solaris || “emulation (e.g., of sparc)” || OS (e.g., Linux) || PC (e.g., intel) |




Virtualization (VMs)

virtualization with same hardwareo e.g., VmWare, Virtualbox, Xen..o allows:

| Application || Windows || “virtualization engine” || OS (e.g., Linux) || PC (e.g., intel) |




Containersan execution environment is virtualized

o e.g., Solaris Zones, Linux LXC, Docker..o allows:

| Application || Linux-ubuntu’s rootFS2 || “Linux docker engine” || Linux-centOS, rootFS1 || PC (e.g., intel) |

o Note: other app-level isolation: virtualenv, ruby rvm, go gvm..


Why use Docker

Some benefits of virtualizing applications are:

1. isolation

2. portability, shipping applications

3. specification of a complex system

Contents➢ a company and a platform➢ application-level virtualization➢ benefits

○ isolation○ portability○ specification

➢ used technologies➢ usage➢ future

Isolation● set of minimal functions with fewer resources than VMs,

o app isolated from other appso app isolated from OS

→ protects OS and apps from bugs in one appo but without much performance loss

● secure sandboxes,o principle of least privilege

● (future) manage resource usage (limit, prio, measure)




Portability, Shipping Applications

❖One App =➢ binaries (exec, libs, etc.)➢ data (assets, SQL DB, etc.)➢ configs (/etc/config/files)➢ logs

either in a containeror a composition

Portability (2)

Docker promise: Build, Ship, Run!○ reliable deployments○ develop here, run there

Portability (3)

a Pivot-Oriented Approach




Specification of a complex system

● Developers use Version Control Systems (Mercurial, git)

● DevOps use VCS as well for docs and scriptso ascii docs, chef, puppet, ansible, salt stack, …o and… Dockerfiles!

● Docker allows to version-control complex specifications:o Dockerfile: how to build imageso docker-compose.yml: how to orchestrate them


How does Docker work

Used technologies:

1. lightweight virtualization

2. incremental images

3. Docker Hub: an image registry

Contents➢ a company and a platform➢ application-level virtualization➢ benefits➢ used technologies

○ lightweight virtualization○ incremental images○ images registry

➢ usage➢ future

Lightweight Virtualization

● Docker is based on Linux technologieso namespaces, cgroups, capabilitieso driver = LXCo or now → driver = Libcontainer

a standard interface to making containers● Benefits

o low memory footprinto low disk footprint (see incremetal images after)o fast startup

Lightweight Virtualization (2)

● High level: we have a “lightweight VM”o own process spaceo own network interfaceo can run as rooto can have its own /sbin/init

● Low level: “chroot on steroids”o can also not have its own /sbin/inito share kernel with hosto no device emulation



➢ usage➢ future

Incremental Images● UnionFS

o files from separate FS(branches) can be overlaid

o forming a single coherent FSo branches may be read-only or read-write

● Docker Layerso each layer is mounted on top of prior layerso first layer = base image (scratch, busybox, ubuntu,..)o a read-only layer = an imageo the top read-write layer = container



➢ usage➢ future

Docker Hub: an image registry

● part of the Docker ecosystemo makes it easy to publish, search, and run containerso private

or publicregistries


How to build and run hello/Dockerfile$ cat DockerfileFROM ubuntu ← on top of a “base image”RUN touch /hello ← each instruction is cached$ docker build -t hello .Step 0 : FROM ubuntu:14.04 ---> 9bd07e480c5bStep 1 : RUN touch /hello ---> Running in b8dd4e965482 ---> 164c3bf53715Removing intermediate container b8dd4e965482Successfully built 164c3bf53715$ docker imagesREPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZEhello latest 164c3bf53715 38 seconds ago 192.7 MB$ docker run -i -t hello /bin/bash ← specify a command to be runroot@1a210c0a1846:/# ls -ls /hello 0 -rw-r--r-- 1 root root 0 May 18 14:31 /hello

Dockerfiles (1)

e.g., a jenkins slave: python2slave/DockerfileFROM ubuntu:14.04 ← on top of a “base image” with tagged version specifiedRUN adduser --quiet jenkinsRUN apt-get update && apt-get install -y python2.7 openssh-serverRUN mkdir -p /var/run/sshd ← create a dirRUN apt-get install -y --no-install-recommends openjdk-7-jdk[...]RUN apt-get install -y python-argparse python-gdata python-pipRUN pip install --upgrade python-redmineCOPY credentials/ /home/jenkins/credentials ← copy local data into the imageRUN chown -R jenkins:jenkins /home/jenkins/credentials/EXPOSE 22 ← open only one portCMD ["/usr/sbin/sshd", "-D"] ← finally run the app

Dockerfiles (2)

e.g., a nodejs serveur: docker_sinopia/DockerfileFROM dockerfile/nodejs ← on top of a more complex “base image”MAINTAINER Keyvan Fatehi <[email protected]> ← maintainer contactRUN adduser --disabled-password --gecos "" sinopiaRUN mkdir -p /opt/sinopia/storageWORKDIR /opt/sinopiaRUN npm install js-yaml sinopiaRUN chown -R sinopia:sinopia /opt/sinopiaUSER sinopia ← sets the user id to use when running the imageADD /config_gen.js /opt/sinopia/config_gen.jsADD /start.sh /opt/sinopia/start.shEXPOSE 4873 ← open only one portVOLUME /opt/sinopia ← make this directory accessible to other containers (or host)CMD ["/opt/sinopia/start.sh"] ← finally run the app

mailto:[email protected]

from build and run → to pull and run

● reminder: an image can be stored in the Hub

How to pull and run docker_sinopia[ (optional) $ docker pull keyvanfatehi/sinopia:latest ]$ docker run --name sinopia -d -p 4873:4873 keyvanfatehi/sinopia:latest$ docker logs -f sinopia

edit config (launch an ubuntu image with app=vi):$ docker stop sinopia$ docker run --volumes-from sinopia -it --rm ubuntu vi /opt/sinopia/config.yaml$ docker start sinopia$ docker logs -f sinopia

backup (find where a volume is located on the host)$ crontab -l59 * * * 1-5 /usr/bin/rsync -av `docker inspect sinopia | egrep '/opt/sinopia.*/vfs/' | cut -d\" -f4`/ /opt/sinopia >> /tmp/rsync.txt 2>&1(Note: /opt/sinopia=/opt/docker/vfs/dir/6e20429fcad2e82be8b3…72d9a464ab8622b15)

How to orchestrate docker_jenkinsE.g., a jenkins master = a data container + a server container:$ docker run -v /var/jenkins_home --name=data busybox true$ docker build -t myjenkins .$ docker run -d -u root -p 8081:8080 -p 50001:50001 --volumes-from=data --name=master myjenkins or:$ vi docker-compose.ymldata: image: busybox volumes: - /var/jenkins_homemaster: build . ports: - 50001:50000 volumes_from: - data$ docker-compose up


Where are we going● Competing standards: e.g., rkt from CoreOS● Docker: native clustering, security, hub, …

o swarm: heterogeneous nodes, load balancingo security: capabilities, image signingo intranet “Docker Hubs”

● Where am I going:o use orchestration (e.g., docker-compose , Kubernetes)o use resource control (e.g., nofile limit)o docker-level monitoringo mixing Docker and Ansible

Docker vs Configuration Tools

Beforeuse Ansible to● setup hardware/VM,● install packages,● deploy code,● run services.

Afteruse Ansible to● setup hardware/VM,● install Docker,● run containers.use Dockerfiles to● install packages,● deploy code,● run services.

End

Questions?

on-line tutorial: https://www.docker.com/tryit/

https://www.docker.com/tryit/

Software

Introduction to docker