Docker king-d00m

Oskars Gavriševs

2015@4f

Agenda:

● Virtualization.

● Docker installation.

● Why Docker.

● Show me the magic.

● Anti-patterns.

● What's left behind.

Virtualization

Virtualization

Makes all hardware simulation. Requires

hardware level support (AMD-V and Intel VT-x).

Also can be splitted in three types based on

hypervisor :

● Bare metal hypervisors

● Hosted hypervisors

● Mix type hypervisors

Seriously what is hypervisor ?

Bare metal hypervisors

Bare metal hypervisors (2)

● Citrx Xen Server

● VMware ESX/ESXi

● Microsoft Hyper-V

Hosted hypervisors

Hosted hypervisors (2)

● VirtualBox

● Wmvare Desktop

Mix type hypervisors

For example :

● Linux's Kernel-based Virtual Machine (KVM)

● FreeBSD's bhyve

Ok but where is Docker ?

On what virt. level is Docker ?

● Operating-system-level virtualization

● Requires Linux kernel spec. futures

Decker dependencies

● Requires different Linux kernel virtualization

futures (cgroups, namespaces, etc)

● Access these features through libs. : ○ libvirt

○ LXC

○ systemdnspawn

○ libcointainer (added after v. 0.9 )

● Mainline Linux kernel > 3.8 is enough

Docker dependencies (2)

Where can I run Docker ?

● On almost any Linux OS ( Ubuntu, RHEL,

CentOs, ….)

● IaaS (AWS, Rackspace Cloud, Google

cloud, ...)

● Also on virtualization itself :○ Xen (paravirtualization )(AWS uses it )

○ VirtualBox (full virtualization )

Where can I run Docker ? (2)

● Even Microsoft Windows can run Docker

Once again what is difference ?

Install Docker

Install on Mac

Mac

● Docker needs specific kernel instructions

(absent in mac kernel) so only option is to

run Docker in VM , you can use : ○ Boot2Docker

○ Kitematic.io

Boo2Docker

Boo2Docker

● Get latest release:

https://github.com/boot2docker/osx-

installer/releases/latest

● Install “Boot2Docker-x.x.x.pkg”

● Spin up Docker VM by executing : ○ “$ boot2docker init”

○ “$ boot2docker start”

Boo2Docker (2)

Boo2Docker (3)

● You can access VM and work with docker : ○ “$ boot2docker ssh”○ “$ docker ps”

OR

● Use docker CLI on mac (docker host on VM)○ “$ boot2docker shellinit”○ Export printed variables ○ ”$ docker ps”

boot2Docker(4)

Kitematic

Kitematic

● Get latest installation :

http://kitematic.com/download/

● Unzip and install

● You can create images only from docker

files

Kitematic (2)

Install on Ubuntu 14.04

Ubuntu

Install from docker repo (version 1.4.1):

● Install “https” pkg. :○ “$sudo apt-get update”○ “$sudo apt-get install apt-transport-https”

● Add key server ○ “$sudo apt-key adv --keyserver

hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9”

Ubuntu (2)

● Add docker repo ○ “$ sudo sh -c "echo deb

https://get.docker.com/ubuntu docker main\> /etc/apt/sources.list.d/docker.list”

● Install docker ○ “$ sudo apt-get update”○ “$ sudo apt-get install lxc-docker”○ “$ sudo docker ps ”

Ubuntu (3)

Install from Ubuntu maintained repo (version

1.0.1) (not recommended ):○ “$ sudo apt-get update”○ “$ sudo apt-get install docker.io” ○ “$ docker ps”

Install on Centos 6.5

Centos

Installation available only from 3rd party repos

(EPEL) (version 1.3.2):

● Add EPEL repo ○ “$ wget

http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm”

○ “$ sudo rpm -Uvh epel-release-6*.rpm”

Centos (2)

Centos (3)

● Install docker:○ “$ sudo yum install docker-io”

● Ensure service is started ○ “$ service docker start”○ “$ docker ps”

Ok so what so special in

this Docker ?

What so special

● Less overhead than VM

● Run anything, run everywhere

● Reproducible way of building images

(DockerFiles )

What so special (2)

● Snapshot based

file system, we can

build images on

top of others

What so special (3)

Docker allows to isolate:

● Process (own process space )

● File system (can use dedicated / can share )

● Memory amount

● CPU quotas

● Network (own network interface)

What so special (4)

● Compute efficiency :○ Processes runs straight on host

○ CPU performance (native performance )

○ Memory performance (few % shaved of )

○ Network performance (small overhead)

What so special (5)

● Use containers as building blocks for much

complicated system / environments

What so special (6)

● Docker = Docker CLI + Docker Daemon

What so special (7)

● Reuse other people's work (ecosystem)

What so special (8)

● We can isolate one process, different way of

delivering apps

What so special (9)

● Super fast ( virtualbox vs docker )

But I can do everything without docker

Yes ,- but its complicated

And docker makes it easy as:

Show me the magic

Docker command overview

Docker concepts

● image

● container

● container state

● registry

Docker pull

hub.docker.com

docker registry = artifactory (nexus)

Achtung bug spotted in boot2Docker

boot2Docker bug (2)

● add nameserver : “$echo 'nameserver 8.8.8.8' > /etc/resolv.conf”

● restart docker service on VM :“$/etc/init.d/docker restart”

Docker pull (2)

● Search images using “hub.docker.com”

Docker pull (3)

● Search images using docker cli: “$docker search image_name”

Docker pull (4)

● Pull images “$docker pull image_name”

Docker pull (5)

● Pull specific tag

“$docker pull image_name:tag”

Docker run

Docker run

● Container will run ( persist its state = 'UP' )

until process inside will return exit code

Docker run (2)

● Run container from image

“$docker run image_name command”

Docker run (3)

Docker run (4)

We can run container in two modes :

● Detached

● Interactive

Docker run detached

● Container runs in background we can

interact using : ○ network

○ shared volume

○ or attaching to process

Docker run detached (2)

“$docker run -d image_name command”

Docker run detached (3)

Docker run interactive

● Default mode

● Attach terminal (stdin, stdout, stderr) to

process

● Can attach pseudo-tty

Hold on, pseudo-tty ?

pseudo-tty (2)

Docker run interactive (2)

“$docker run -i -t image_name command”

Docker run interactive (3)

And why I need these “ -i , -t ” ?

Docker run interactive (4)

Docker run interactive (5)

But how to keep my container running when

detaching from them ?

Docker run interactive (6)

Remember if container is started in interactive

mode (-i -t) :

● “Control + C” = will detach from container

and terminate it

● “Control + P , Control + Q” = will detach

without termination

Ok, but how can I attach back ?

Attaching to container

You can try :

● Attach to existing process in container =

“docker attach”

● Run-attach new process in container =

“docker execute”

docker attach

Attach to primary process (pid 1) tty in running

container : “$docker attach container_name”

docker attach (2)

docker execute

Run and attach to new process in container : “$docker exec -i -t container_name command”

docker execute (2)

Hmm maybe we don't need attach to

containers

Container control tools

● Inspect container config = “docker inspect”

● Terminal output = “docker logs”

● Process state = “docker top”

● Exposed ports = “docker port”

docker inspect

Returns low level info. about container / image: “$docker inspect container_name / image_name”

docker logs

Shows output history of running process in

container: “$docker logs container_name”

docker top

Outputs processes running in container : “$docker top container_name”

docker commit

docker commit (2)

● We can make changes made in container

persistent by committing them to image.

● This is one approach how we can build

custom images.

docker commit (3)

“$docker commit container_name new_image_name”

docker build

docker build

● Second approach of building custom images

● We need 'Dockerfile' which will describe

changes made on base image.

docker build (2)

docker build (3)

“$docker buil -t image_name docker_file_url”

docker build (4)

docker build (5)

Stop, Stop

docker build (6)

● why “docker run” works without providing

process to execute in container ?

docker build (7)

Anti-patterns

Anti-patterns (1)

1) docker container = virtual machine

2) docker container = virtual machine

3) docker container = virtual machine

4) docker container = virtual machine

5) docker container = virtual machine

6) seriously !!!

- > one container one process

Anti-patterns (2)

● containers with built in sshd

- > no ssh, most things can be achieved with

built in tools

● persist data in container

- > use volumes

Anti-patterns (3)

● check app logs

- > use volumes

● restart service “/etc/init.d/my_srv restart”

- > send signal “docker kill -s <signal>”

● edit config / new app version

- > rebuild image from dockerfile

What is left outside this presentation.

Left behind

● Port forwarding

● File system , volumes

● Resource limitation

● Clustering

● Dockerfiles

● Container linkage