Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
Docker and Ansible Container management made easy
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
About the speaker Patrick Galbraith HP Advanced Technology Group
Has worked at Blue Gecko, MySQL AB, Classmates, Slashdot, Cobalt
Group, US Navy, K-mart MySQL projects: memcached UDFs, DBD::mysql,
federated storage engine Family Outdoors
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted3 What is a container?
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted4 Containers vs. VMs Containers Multiple isolated
userspace instances Only libraries and components needed for
application Runs on the same kernel (using Cgroups). Much smaller,
easier to package VERY fast to start! Container runs using (a)
specific process(es) SSH not needed Security limited to app VMs
Entire OS installation Container runs within OS (using Cgroups). VM
runs using emulation or virtualization on host OS Entire VM OS and
disk images Longer to start SSH Security issues of running OS
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted5 What is Docker? Application that manages containers
(CLI, API) Automates the deployment of applications inside software
containers Written in Go, Opensource dotCloud Uses union file
system (AUFS) Can use CLI to search Docker repos for images
"literally LXC with some awesomesauce on top No dependency
hell
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted6 Why Docker? Makes it very easy to run and manage
containers Configure/build once, run anywhere Small footprint in
terms of disk and memory Well-suited for SaaS/PaaS Security - you
are not running a VM and associated OS
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted7 Docker concepts Images Read only layer Acts as a
template for containers Inheritance images can be pushed to and
pulled from public or private repos Dockerfile Used for building
images Containers Applications run using containers
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted8 Dockerfile example FROM ubuntu:13.04 MAINTAINER
Patrick aka CaptTofu Galbraith , [email protected] # Update
distribution RUN apt-get update && apt-get upgrade -y
&& apt-get clean RUN apt-get install -y ssh vim
apache2-mpm-prefork RUN mkdir /var/run/sshd RUN mkdir /root/.ssh
RUN chmod 700 /root/.ssh # entrypoint script ADD entrypoint.sh
/usr/local/sbin/entrypoint.sh ADD docker.pem.pub
/root/.ssh/authorized_keys RUN chown -R root:root /root/.ssh #
Expose SSH and Apache EXPOSE 22 80 443 ENTRYPOINT
["/usr/local/sbin/entrypoint.sh"]
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted9 Entrypoint script example #!/bin/bash /usr/sbin/sshd
-D $@ service apache2 start
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted10 Docker concepts
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted11 Basic usage docker run Make changes docker commit
docker push
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted12 Dockerfile docker build t username/my_image
Container runs Each step results in an a commit (image being
created) CMD vs. ENTRYPOINT
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted13 Ansible + Docker docker module docker_images module
docker_facts module Docker inventory plugin Uses docker-py Docker
client python library
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted14 What we used HP Moonshot New server low power
(1500W x2 min) Small footprint Designed for targeted workloads One
4.3 U container chassis 45 cartridges
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted15 Install Docker $ ansible-galaxy install
angstwad.docker_ubuntu - hosts:local connection: local roles: -
angstwad.docker_ubuntu DOCKER_OPTS="--ip=0.0.0.0
--host=tcp://0.0.0.0:4243 Example: install docker install role
Example: add options to template deployed to /etc/defaults/docker
Example: playbook to install using docker install role
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted16 Install Docker
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted17 Install Docker Example: running ansible to verify
that Docker is installed on containers
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted18 docker_images module Builds Docker images Simple:
add, build or remove - name: check or build percona XtraDB Cluster
image docker_image: docker_url=tcp://127.0.0.1:4243
path=../docker-image-source/pxc/" name=capttofu/pxc" state=present
Example: playbook to build a Percona XtraDB Cluster
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted19 docker_images module Example: build several images
using playbook using docker_images
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted20 docker_images module Example: Display of newly
built images
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted21 docker module Container provisioning start, stop,
delete containers Set parameters on a container Example: Playbook
that builds Percona XtraDB Cluster image- name: docker image
control local_action: module: docker docker_url:
"tcp://somehost:4243" image: capttofu/percona_xtradb" name: db"
state: present" publish_all_ports: yes
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted22 docker module $ ansible-playbook site.yml -e
'hosts=moonshot' $ ansible-playbook site.yml -e 'hosts=moonshot
docker_state=absent' Example: Docker container control
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted23 docker module
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted24 docker module
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted25 docker_facts module Populate large dictionary
docker_facts containing information about Docker container fleet
and images Two primary dictionary entries: docker_containers and
docker_images
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted26 docker_facts module - name: Gather info about
containers hosts: "{{ hosts }}" gather_facts: False tasks: - name:
Get facts about containers local_action: docker_url: tcp://{{
inventory_hostname }}:4243 module: docker_facts - name: another
facts test debug: msg="Host{{':'}} {{ inventory_hostname}}
Container Name{{':'}} {{ item.key }} IP Address{{':'}} {{
item.value.docker_networksettings.IPAddress }} ssh port{{':'}} {{
item.value['docker_networksettings']['Ports']['22/tcp'][0]['HostPort']
}} with_dict: docker_containers Example: print out container fleet
info
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted27 docker_facts module
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted28 docker_facts module - name: Gather info about
containers hosts: docker gather_facts: True tasks: - name: Get
facts about containers local_action: module: docker_facts name:
db_1 images: aff77f73ca3d Example: print out specific container or
images
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted29 docker_facts module - name: Gather info about
containers hosts: "{{ hosts }}" gather_facts: True tasks: - name:
Get facts about containers local_action: docker_url: tcp://{{
inventory_hostname }}:4243 module: docker_facts images: all - name:
images info debug: msg="Image ID {{ item.key }} Repo Tags {{
item.value.docker_repotags }}" with_dict: docker_images Example:
Print out all images
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted30 docker_facts module --- - name: Create an invetory
file hosts: moonshot gather_facts: yes tasks: - name: Get facts
about containers local_action: docker_url: tcp://{{
inventory_hostname }}:4243 module: docker_facts - name:
docker_hosts template local_action: template
src=docker_hosts.txt.j2 dest=./docker_hosts_{{ inventory_hostname
}}.txt Example: Use docker_facts to print out inventory file
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted31 docker_facts module [c10n1.atg.seattle.lan]
c19n1_db_1 ansible_ssh_port=49270
ansible_ssh_host=c10n1.atg.seattle.lan c19n1_db_2
ansible_ssh_port=49275 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_db_3 ansible_ssh_port=49280
ansible_ssh_host=c10n1.atg.seattle.lan c19n1_haproxy_1
ansible_ssh_port=49285 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_haproxy_2 ansible_ssh_port=49287
ansible_ssh_host=c10n1.atg.seattle.lan c19n1_haproxy_3
ansible_ssh_port=49289 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_haproxy_4 ansible_ssh_port=49291
ansible_ssh_host=c10n1.atg.seattle.lan c19n1_web_1
ansible_ssh_port=49240 ansible_ssh_host=c10n1.atg.seattle.lan ...
{% for host in hostvars | sort %} [{{ host }}] {% for container in
docker_containers | sort %} {{ container }} ansible_ssh_port={{
docker_containers[container]['docker_networksettings']['Ports']['22/tcp'][0
ansible_ssh_host={{ host }} {% endfor %} {% endfor %} The produced
file: Jinja template:
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted32 Docker Dynamic inventory Ability to manage elastic
resources Plugins provide a JSON output that serves as an inventory
list to use ansible i plugin playbook.yml ansible i docker.py
main.yml
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted33 Dynamic inventory --- - name: Create a docker.yml
file hosts: moonshot gather_facts: yes tasks: - name: docker.yml
template local_action: template src=docker.yml.j2 dest=./docker.yml
Example: Playbook to create a dynamic inventory config file
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted34 Dynamic inventory --- defaults: host:
unix:///var/run/docker.sock version: 1.9 timeout: 60
private_ssh_port: 22 default_ip: 127.0.0.1 hosts: {% for key in
hostvars %} - host: tcp://{{ key }}:4243 version: 1.9 timeout: 60
default_ip: {{ hostvars[key]['ansible_default_ipv4']['address'] }}
{% endfor %} Example: Jinja template for docker inventory plugin
config file
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted35 Dynamic inventory hosts: - host:
tcp://c29n1.atg.seattle.lan:4243 version: 1.9 timeout: 60
default_ip: 10.99.33.38 - host: tcp://c15n1.atg.seattle.lan:4243
version: 1.9 timeout: 60 default_ip: 10.99.33.24 - host:
tcp://c14n1.atg.seattle.lan:4243 version: 1.9 timeout: 60
default_ip: 10.99.33.23 Example: Produced docker inventory plugin
config
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted36 Dynamic inventory
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted37 Cleanup
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted38 Acknowledgements Paul Durivage
(https://github.com/angstwad) Yazz Atlas
(https://twitter.com/EntropyWorks) Brian Aker
(https://en.wikipedia.org/wiki/Brian_Aker, @brianaker, IRC krow)
Michael DeHaan (https://twitter.com/laserllama)
Copyright 2012 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
HP Restricted39 Resources http://patg.net
https://galaxy.ansible.com/list#/users/1488 http://docker.io
https://github.com/CaptTofu/ansible-docker-presentation
https://github.com/CaptTofu/docker-image-source
http://www.slideshare.net/PatrickGalbraith/docker-ansible-34909080
http://blog.docker.io/2013/06/openstack-docker-manage-linux-containers-
with-nova/ https://index.docker.io/u/ewindisch/dockenstack/