Docker in our cloud - Deploying OpenStack /w Docker @ Cloud-A

  • Published on

  • View

  • Download

Embed Size (px)


<ul><li><p>DockerIn our cloud</p><p> Jacob Godin (@jacob_godin) </p><p>Adam Thurlow (@thurloat)</p><p>#HOCM</p></li><li><p>What is Docker?</p><p>A transportable container shipping engine</p><p>Lightweight container isolationshared kernel / no virtualization / low overheadcgroups limit resource consumption</p><p>Copy-on-write / versioned container FScontainer layers &amp; base containers</p></li><li><p>What does that buy us?</p><p>Separation of operational concernssplits code / libs / data from logs / monitoring / host</p><p>Build it once, run it anywhere*use CI to build, test, &amp; deploy environments</p><p>Service oriented, immutable infrastructureProcesses dont go bangCommoditize everythingCentralized core images</p></li><li><p>How we leverage Docker</p><p>Continuous Integration of OpenStackquickly build new containersruns in staging, locally, and prod</p><p>Automated Deploymentsshared private registry over vpn</p><p>Drop in UpgradesOpenstack Grizzly -&gt; Juno by cycling 3 containers</p><p>Distributed Configurationetcd + confd = templated application config</p></li><li><p>docrane - Container Management</p><p>Leverages:etcd (distributed key/value store)docker-py (Docker API client for Python)</p><p></p><p>Docker container manager that relies on etcd to provide relevant configuration details. It watches for changes in configuration and automatically stops, removes, </p><p>recreates, and starts your Docker containers.</p></li><li><p>Drawbacks</p><p>Security! not meant for untrusted guests (yet) youre fully responsible for hardening</p><p>Networking! built-in docker networking is slow and prone to failure. docker-proxy &amp; magic NAT</p><p>Youth! breaking API changes frequently (still new).</p></li><li><p>Fin</p><p>Questions / Comments / Heckling</p><p>Find us afterward to chit chat.</p></li></ul>