Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH

  • Published on
    08-Sep-2014

  • View
    12.465

  • Download
    7

Embed Size (px)

DESCRIPTION

Using Docker to bake configuration.

Transcript

  • Deploying with Docker DevOps Days PGH 2014.05.30 a.k.a. provisioning docker containers and images with Chef Deploying with Docker (or not)
  • Why do we still need ?
  • But we have Dockerfiles!
  • Its a shell-script? $ cat SomeApp/Dockerle FROM ubuntu:13.10 RUN apt-get update; apt-get install apache RUN sed s/something/else/ /etc/apache/httpd.conf ADD shell-script.sh RUN shell-script.sh RUN [/usr/bin/apachectl, start]
  • I #!/bin/bash . oo # https://raw.githubusercontent.com/ # ewindisch/bashoo/master/lib/oo # Classes are created implicitly through functions function MsgWriter::new { self=$1; shift msg=$1; shift instance_var $self msg $msg } function MsgWriter::write { self=$1; shift echo $($self.msg) } new terminal is MsgWriter Hello World terminal.write
  • stack:~/devstack$ wc -l stack.sh functions functions-common lib/* lib/*/* | tail -n1 15490 total
  • DevOps or crazy-sauce ?
  • $ cd ~/rpm-chef $ cat Dockerfile FROM fedora RUN yum update yum -y install chef DockerChef
  • $ cd ~/omnibus-chef $ cat Dockerfile FROM fedora" RUN curl -L https://www.opscode.com/chef/install.sh | /bin/bash DockerChef
  • Traditional Chef Hardware OS Linux Chef Installs Chef Runs Congures
  • Images on HW is usually mutable Hardware Image Linux Chef Installs Chef Image' Linux Chef Creates Replaces Runs
  • Ephemeral environments are (somewhat) immutable. Hypervisor Image Linux Chef Runs Image' Linux Chef Chef Runs Congures VM Accesses COW
  • Chef-for-runtime $ cat Dockerfile FROM fedora RUN yum update; yum -y install chef ADD http://x/receipes.tar.gz /opt/chef" ADD solo.rb /etc/chef/solo.rb" CMD chef-solo -c /etc/chef/solo.rb ; ! apachectl start
  • Containers are THINGS
  • X
  • X
  • Servers vs Things Pets vs Cattle
  • LET US BAKE IMAGES! Let us BAKE images!
  • Containers are like ephemeral VMs* * Docker containers dont HAVE to be ephemeral, but its TheRightThing Docker Image Linux Chef Runs Image' Linux Chef Chef Runs Congures Container Accesses COW TM
  • Bakery Chef $ cat Dockerfile FROM fedora RUN yum update; yum -y install chef" ADD http://x/receipes.tar.gz /opt/chef" ADD solo.rb /etc/chef/solo.rb" RUN chef-solo -c /etc/chef/solo.rb
  • Burning configuration into images. Docker ContainerInitiates Creates Image Linux Chef Chef Runs Congures Build Creates
  • Expanded view: Burning configuration into images. Docker Image tagInitiates Image' Linux Chef Chef Build Image Linux Chef Creates Creates Runs Creates References 1 2
  • Anatomy of a Docker +Chef build & run Docker ContainerInitiates Creates Image Linux Chef Chef Runs Congures Chef Runs Congures Build Creates Stage 1 Stage 2
  • For All The Things! $ cat Dockerfile FROM fedora RUN yum update; yum -y install chef ADD http://x/receipes.tar.gz /opt/chef" ADD solo-stage1.rb /etc/chef/solo-stage1.rb" ADD solo-stage2.rb /etc/chef/solo-stage2.rb" RUN chef-solo -c /etc/chef/solo-stage1.rb" CMD chef-solo -c /etc/chef/solo-stage2.rb; " apachectl start
  • Does it converge? $ docker build rm . $ echo $? # pass or fail (This is great use of Docker as an alternative to VMs for testing Chef recipes targeting non-Docker production systems)
  • Deploying Docker (for real this time)
  • #!/bin/bash -x aws ec2 run-instances --image-id ami-e55a648c --key-name my-key --user-data "#include https://get.docker.io ip=$(aws ec2 describe-instances --output json --filter Name=instance-state-name,Values=running | python -c 'import json; import sys; print json.load(sys.stdin) [Reservations][0]["Instances"][0]["PublicIpAddress"]') ssh ubuntu@$ip sudo docker run cirros
  • # using https://github.com/bflad/chef-docker $ cat cookbooks/docker-registry/default.rb # Pull latest image docker_image 'samalba/docker-registry' ! # Run container exposing ports docker_container 'samalba/docker-registry' do detach true port '5000:5000' env 'SETTINGS_FLAVOR=local' volume '/mnt/docker:/docker-storage' end $ knife ec2 server create # yada yada yada
  • docker::run { 'helloworld': image => 'base', command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', ports => ['4444', '4555'], links => ['mysql:db'], use_name => true, volumes => ['/var/lib/couchdb', '/var/log'], volumes_from => '6446ea52fbc9', memory_limit => 10485760, # bytes username => 'example', hostname => 'example.com', env => ['FOO=BAR', 'FOO2=BAR2'], dns => ['8.8.8.8', '8.8.4.4'], restart_service => true, }
  • Orchestration for Docker with OpenStack Heat DockerInc::Docker: :Container VMs Baremetal
  • Heat Workow Heat API VM Docker NovaNova resource Docker resource Container1 Container2 Container3 HOT
  • heat_template_version: 2013-05-23 description: shared volumes example resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io ftp_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: mikz/vsftpd ports: [ 21:21 ] volumes: [ /ftp ] name: FTP apache_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: fedora/apache ports: [ 80:80 ] volumes-from: FTP cmd: rm -rf /var/www; ln -s /ftp /var/www; /run-apache.sh
  • Ansible - hosts: web sudo: yes tasks: - name: ensure redis container is running docker: image=crosbymichael/redis name=redis - name: ensure redis_ambassador container is running docker: image=svendowideit/ambassador ports=6379:6379 links=redis:redis name=redis_ambassador_ansible
  • Mesos Flynn.io
  • Creating Containers is Easy
  • Managing them SUCKS needs improvement
  • This is probably material for another talk
  • Container Inventory discoverd / sdutil serf skydock others?
  • X
  • X
  • Q & A @ewindisch