docker and puppet — puppet camp l.a. — scale12x
DESCRIPTION
Docker is an Open Source engine to buid, run, and manage LXC containers. This presentation will give a quick intro about Docker from an Ops/DevOps perspective, and show how Docker can be integrated with Puppet; either by orchestrating Docker resources (Docker daemons, containers, and images) with a state-of-the-art Puppet deployment, or by using Puppet to create golden images in Docker itself.TRANSCRIPT
Dockerand
Puppet
Outline
● Intros● What's the point?● Docker for DevOps● Puppetizing Docker● Dockerizing Puppet● What's next?
Outline
● Intros● What's the point?● Docker for DevOps● Puppetizing Docker● Dockerizing Puppet● What's next?
@jpetazzo
●Wrote dotCloud PAAS deployment tools–EC2, LXC, Puppet, Python, Shell, ØMQ...
●Docker contributor–Docker-in-Docker, VPN-in-Docker,router-in-Docker... CONTAINERIZE ALL THE THINGS!
●Runs Docker in production–You shouldn't do it, but here's how anyway!
You
● Puppet?● Production?● Cloud?● Docker?
Outline
● Intros● What's the point?● Docker for DevOps● Puppetizing Docker● Dockerizing Puppet● What's next?
The promise
● CONTAINERS boot faster(than VMs)
● CONTAINERS have less overhead(more consolidation)
● CONTAINERS bring native performance(on bare metal)
● CONTAINERS are cloud-compatible(can run in VMs)
Outline
● Intros● What's the point?● Docker for DevOps● Puppetizing Docker● Dockerizing Puppet● What's next?
Hypervisor for containers
● Xen, KVM, VMWare... deal with VMs● Docker deals with containers (currently LXC)
Wait, what's a container?
High level approach:it's a lightweight VM
● own process space● own network interface● can run stuff as root● can have its own /sbin/init
(different from the host)
« Machine Container »
Low level approach:it's chroot on steroids
● can also not have its own /sbin/init● container = isolated process(es)● share kernel with host● no device emulation (neither HVM nor PV)
« Application Container »
How does it work?Isolation with namespaces
● pid● mnt● net● uts● ipc● user
How does it work?Isolation with cgroups
● memory● cpu● blkio● devices
How does it work?Copy-on-write storage
● Create a new machine instantly(Instead of copying its whole filesystem)
● Storage keeps track of what has changed● Since 0.7, Docker has a storage plugin system
(supports AUFS, thin snapshots, BTRFS, VFS)
Container format
● VM images have drawbacks– big, bulky, require special tools (and/or root)
– non-standard; conversions possible but slow
– snapshots possible but even less standard
● Container images are better– small, can be handled with tar
– simple delta snapshots
Build system (1/2)
● Shell scripts– OK-ish for simple stacks
– Tricky to handle all possible situations(that's why we have proper CM)
● Puppet (and others)– Great for convergence and repeatability
– Steep learning curve
Build system (2/2)
● Dockerfile!– Doesn't have to deal with « low-level stuff »
– Doesn't need all the goodness of CM
– If you know Shell, you already know Dockerfile
– Layered caching (only rebuild what's needed)
– Allows inheritance and composition
FROM ubuntu
RUN apt-get -y updateRUN apt-get install -y g++RUN apt-get install -y erlang-dev erlang-manpages erlang-base-hipe ...RUN apt-get install -y libmozjs185-dev libicu-dev libtool ...RUN apt-get install -y make wget
RUN wget http://.../apache-couchdb-1.3.1.tar.gz | tar -C /tmp -zxf-RUN cd /tmp/apache-couchdb-* && ./configure && make install
RUN printf "[httpd]\nport = 8101\nbind_address = 0.0.0.0" > /usr/local/etc/couchdb/local.d/docker.ini
EXPOSE 8101CMD ["/usr/local/bin/couchdb"]
docker build -t jpetazzo/couchdb .
REST API
● Docker = daemon with REST API● CLI = client for that REST API● Many tools already available
– dashboards, GUIs...
– orchestration (Maestro NG and more)
– OpenStack, PAAS, Mesos...
Open Source
● Docker repo on GitHub– More than 340 contributors and 1500 forks
– Hint: Docker Inc. headcount is less than 34...
● Communication channels– Mailing lists: docker-user and docker-dev
– IRC (Freenode): #docker and #docker-dev
Outline
● Intros● What's the point?● Docker for DevOps● Puppetizing Docker● Dockerizing Puppet● What's next?
First things first
https://github.com/garethr/garethr-docker
https://forge.puppetlabs.com/garethr/docker
Installing Docker with Puppet
include 'docker'
class { 'docker': version => '0.8.1'}
Warm up our image collection
# download the registry imagedocker::image { 'stackbrew/registry':}
# don't download all ubuntu,# just 'precise'docker::image { 'ubuntu': image_tag => 'precise'}
Run containers
docker::run { 'slavedb': image => 'jpetazzo/postgresql' command => '…' ports => ['5432', '22'], links => ['masterdb:master'], use_name => true, volumes => ['/var/lib/postgresql'], volumes_from => '420fc7e8aa20', memory_limit => 100000000, # bytes username => 'postgres', hostname => 'sdb.prod.dckr.io', env => ['FUZZINESS=42', FOO=BAR', 'FOO2=BAR2'], dns => ['8.8.8.8', '8.8.4.4'], restart_service => true
}
Outline
● Intros● What's the point?● Docker for DevOps● Puppetizing Docker● Dockerizing Puppet● What's next?
My other VM is a container
● write a Dockerfile to install $YOUR_CM● start tons of containers● run $YOUR_CM in them
Good if you want a mix of containers/VM/metal
But slower to deploy, and uses more resources
FROM ubuntu:12.04RUN apt-get install -qy wgetRUN mkdir /puppetWORKDIR /puppetRUN wget -q http://apt.puppetlabs.com/puppetlabs-release-precise.debRUN dpkg -i puppetlabs-release-precise.debRUN apt-get update -qRUN apt-get install -qy puppet-commonCMD puppet agent --no-daemonize --verbose
Sample Dockerfile
Lightweight, portable VMs
● Start containers instead of VMs– I can start 10 containers on this puny laptop!
– You can start those 10 containers too!(Even though you have a totally different laptop!)
– We can start those containers in the Cloud!
● Deploy sshd, syslogd, crond, etc.– You can... But do you have to?
The revolution will be containerized
● write a Dockerfile to install $YOUR_CM● … and run $YOUR_CM as part of build process● deploy fully baked images
Faster to deploy
Easier to rollback
FROM ubuntu:12.04RUN apt-get install -qy wgetRUN mkdir /puppetWORKDIR /puppetRUN wget -q http://apt.puppetlabs.com/puppetlabs-release-precise.debRUN dpkg -i puppetlabs-release-precise.debRUN apt-get update -qRUN apt-get install -qy puppet-commonENV FACTER_HOSTNAME database42ADD ./site.pp /puppet/site.ppRUN puppet apply site.pp
Sample Dockerfile
Outline
● Intros● What's the point?● Docker for DevOps● Puppetizing Docker● Dockerizing Puppet● What's next?
Docker provisioner
What if...● Puppet doesn't act on the system,
outputs a Dockerfile instead?● Puppet builds this Dockerfile,
and pushes the resulting image to a registry?● One node can build images,
while other nodes run those images?
A better Puppet agent
● Puppet agent is OK on « big » machines● Not so much on small containers● Can we run a single agent,
and have it « rotate » between containers?● Can we run that agent...
… in a container?
Thank you! Questions?
http://docker.io/
http://docker.com/
@docker
@jpetazzo