Post on 08-Jul-2015
description
Docker 102
Immutable Infrastructure
Presented by: Adrian Otto
Prepared for: Docker Los Angeles
Date: September 10, 2014
Adrian Otto
• Principal Architect, Rackspace • PTL, Solum • Chair, OpenStack Containers Team • Co-Chair, OASIS CAMP Technical Committee
2
3
Quick Review of Docker 101
4
Docker 101 Slides http://www.slideshare.net/adrianjotto/docker-101-38986794
Please view slides above for my overview of Docker
5
Immutable Infrastructure
Immutable
[ih-myoo-tuh-buh l]
adjective 1. Not mutable; unchangeable; changeless.
Origin: 1375-1425; late Middle English < Latin immūtābilis.
6
Immutable
I - Mute - The - Bull
7
What is Immutable Infrastructure?
• Utopia
– Applications are deployed, and code is never modified.
– Configuration is never modified (in place)
– Patches are never applied
– Only administrative actions are “deploy” and “destroy”.
8
Who Cares?
• Rationale – Full Automation Means Consistency
– Re-Deploy More Often
– SHIP IT
– $$$
9
How?
• Any time you want to do a change to your app, redeploy.
• Any time you want to change your data schema, migration script.
10
11
Techniques
Feature Flags
• Assumes you control the code in the application
• Wrap new features in conditions
• Activate conditions in accordance with appropriate risk – By group
– By user settings
– By percentage of users
• De-Activate as needed (no re-deploy needed!)
12
Containerization with Docker
• Source repository contains a Dockerfile
• Build process produces a container
• Inject configuration using ENV key/pair values
• Use same container for test, stage, and prod
13
Limiting Downtime
• Green/Blue Deploy
1. Create live replica of database
2. Duplicate all application nodes with new code/config
3. Adjust routing (load balancer) to activate new code
14
App v1.0
App v1.0
App v1.1
App v1.1
Db v1.0
Db v1.1
LB
Limiting Risk
• Canary Deploy
1. Requires Feature Flags or Sticky LB Sessions
2. Back up your data
3. All nodes use the production database
4. Route new connections to new node(s)
15
App v1.0
App v1.0
App v1.1
Db v1.0 LB
When to Use Canary
• No contract breaking changes to your data schema – Or, you have an object versioned database
• You use feature flags • Impractical to test the feature outside production • Have a full backup of your data, and can restore
16
When to Use Blue/Green
• You are updating your data schema • You don’t have an object versioned database • You don’t have feature flags • Can test the feature outside production • Restoring from a backup is not practical (big data sets)
– Plan for the worst case scenario: Oops, my feature blew up!
17
18
Orchestration
Imperative and Declarative
Imperative – Define the process – Sequenced steps – Usually serialized – Expressed as a script
Examples – Shell scripts – Puppet scripts – Chef recipes
Declarative – Define the outcome – Ordering possible – Good for parallel work – Expressed as a DSL
Examples – Fig – Heat – Solum
19
Tools to Help
• Solum and OpenStack – Heat (HOT Files)
• Jenkins
• Ansible
• SaltStack
• Chef
20
Immutable Infrastructure with Docker
• Docker Public Registry • Private Registry
– Run as a container (There be Dragons!) – Run with Glance Backend (OpenStack) – Run with Swift Backend (OpenStack) – Run with S3 Backend (AWS)
• Docker Private Repos – Example: adrianotto/private – Not visible in the public registry – Only you can push/pull to/from the repo – 1 Private Repo is free – 5 private repos free for 2 months with promo code: docker-los-angeles – Allows for webhook integration – Can be shared with other users – Can be tagged
21
22
https://hub.docker.com
Using a Private Repo
[root@example~]# docker login!Username: h4x0r4u!Password: !Email: example@example.com![root@example~]# docker pull centos:centos6![root@example~]# docker run -i -t centos:centos6 /bin/bash!
bash-4.1# echo hello > hello.txt!bash-4.1# exit![root@example~]# docker ps –a!CONTAINER ID IMAGE COMMAND CREATED STATUS…!f7485ea35f26 centos:centos6 /bin/bash 4 minutes ago Exited (0) 2…![root@example~]# docker commit f7485ea35f26 h4x0r4u/private!
1898aef1c36014b3702c3532263a9064ba928b78a9b2ccf44a101c61028179cd![root@example~]# docker images!REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE!h4x0r4u/private latest 1898aef1c360 3 seconds ago 212.7 MB!centos centos6 68eb857ffb51 1 day ago 212.7 MB!
23
Note: Private repos can only be seen by you
Updating Base Images
[root@example~]# docker images!REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE!
centos centos6 b1bd49907d55 5 weeks ago 212.5 MB!centos centos7 b157b77b1a65 5 weeks ago 243.7 MB!
centos latest b157b77b1a65 5 weeks ago 243.7 MB![root@example~]# docker pull centos:centos6!68eb857ffb51: Download complete !511136ea3c5a: Download complete !
34e94e67e63a: Download complete ![root@example~]# docker images!REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE!
centos centos6 68eb857ffb51 1 day ago 212.7 MB!centos centos7 b157b77b1a65 5 weeks ago 243.7 MB!
centos latest b157b77b1a65 5 weeks ago 243.7 MB!
24
Hint: Automate for evergreen environment
25