Docker

December 2014—Docker 1.3

Agenda

● What is Docker and Why it matters● What are containers● The Docker ecosystem (Engine, Hub, etc.)● How to get started with Docker

Whatis Docker

Whyit matters

Deploy everything

● Webapps● Backends● SQL, NoSQL● Big data● Message queues● … and more

Deploy almost* everywhere

Are you deploying in a manner thatis reliable & consistent ?

The Power of Containers

● If it works locally, it will work on the server● With exactly the same behavior● Regardless of versions● Regardless of distros● Regardless of dependencies

Deploy efficiently

● Containers are lightweight– Typical laptop runs 10-100 containers easily

– Typical server can run 100-1000 containers

● Containers can run at native speeds– Lies, damn lies, and other benchmarks:

http://qiita.com/syoyo/items/bea48de8d7c6d8c73435http://www.slideshare.net/BodenRussell/kvm-and-docker-lxc-benchmarking-with-openstack

Booting 15 OpenStack VMs:KVM vs Docker

Memory speed:Bare Metal vs Docker vs KVM

No overhead at all?● Processes are isolated,

but run straight on the host● Code path in containers

= code path on native● CPU performance

= native performance● Memory performance

= a few % shaved off for (optional) accounting● Network and disk I/O performance

= small overhead; can be reduced to zero

Should we get ridof

Virtual Machines?

NoNot yet

OK, butwhat is

Docker?

Docker Engine+ Docker Hub

= Docker Platform

The DockerEngine runscontainers.

The container metaphor

Problem: shipping goods

? ? ? ? ? ?

? ? ? ? ? ?

? ? ? ? ? ?

? ? ? ? ? ?

? ? ? ? ? ?

? ? ? ? ? ?

Solution:the intermodal shipping container

Solved!

Problem: shipping code

? ? ? ? ? ?

? ? ? ? ? ?

? ? ? ? ? ?

? ? ? ? ? ?

? ? ? ? ? ?

? ? ? ? ? ?

Solution:the Linux container

Solved!

OK, butwhat is a

container?

High level approach:it's a 'lightweight VM'

● Own process space● Own network interface● Can run stuff as root● Can have its own /sbin/init

(different from the host)

'Machine Container'

Low level approach:it's chroot on steroids

● Can also not have its own /sbin/init● Container = isolated process(es)● Share kernel with host● No device emulation (neither HVM nor PV)

'Application Container'

How does it work?Isolation with namespaces

● pid● mnt● net● uts● ipc● user

How does it work?Isolation with cgroups

● memory● cpu● blkio● devices

Alright, I get this.Containers = nimble Vms.

Let's just tell the CFO,and get back to work!

What happens whensomething becomes

10-100x cheaper?

Random example:testing

● Project X has 100 unit tests● Each test needs a pristine SQL database

Random example:testing

● Project X has 100 unit tests● Each test needs a pristine SQL database

● Plan A: spin up 1 database, clean after each use– If we don't clean correctly, random tests will fail

– Cleaning correctly can be expensive (e.g. reload DB)

Random example:testing

● Project X has 100 unit tests● Each test needs a pristine SQL database

● Plan B: spin up 100 databases– … in parallel: needs too much resources

– … one after the other: takes too long

Random example:testing

● Project X has 100 unit tests● Each test needs a pristine SQL database

● Plan C: spin up 100 databases in containers– fast, efficient (no overhead, copy-on-write)

– easy to implement without virtualization black belt

Containersmake testing(and many other things)

way easier

Stop.Demo time.

Separation of concerns:Dave the Developer

● Inside my container:– my code

– my libraries

– my package manager

– my app

– my data

Separation of concerns:Oscar the Ops guy

● Outside the container:– logging

– remote access

– network configuration

– monitoring

Separation of concerns:what it doesn't mean

« I don't have to care »≠

« I don't care »

Docker'sEntourage

Docker: the cast

● Docker Engine● Docker Hub● Docker, the community● Docker Inc, the company

Docker Engine

● Open Source engine to commoditize LXC

● Uses copy-on-write for quick provisioning

● Written in Go, runs as a daemon, comes with a CLI

● Everything exposed through a REST API

● Allows to build images in standard, reproducible way

● Allows to share images through registries

● Defines standard format for containers(stack of layers; 1 layer = tarball+metadata)

… Open Source?

● Nothing up the sleeve, everything on the table– Public GitHub repository:

https://github.com/docker/docker

– Bug reports: GitHub issue tracker

– Mailing lists: docker-user, docker-dev (Googlegroups)

– IRC channels: #docker, #docker-dev (Freenode)

– New features: GitHub pull requests (seeCONTRIBUTING.md)

– Docker Governance Advisory Board (elected bycontributors)

Docker Hub

Collection of services to make Docker more useful.● Public registry

(push/pull your images for free)● Private registry

(push/pull secret images for $)● Automated builds

(link github/bitbucket repo; trigger build oncommit)

● More to come!

Docker, the community

● >700 contributors● ~20 core maintainers● >40,000 Dockerized projects on GitHub● >60,000 repositories on Docker Hub● >25000 meetup members,

>140 cities, >50 countries● >2,000,000 downloads of boot2docker

Docker Inc, the company

● Headcount: ~70● Led by Open Source veteran Ben Golub

(GlusterFS)● Revenue:

– t-shirts and stickers featuring the cool blue whale

– SaaS delivered through Docker Hub

– Support & Training

First stepswith Docker

One-time setup● On your dev env (Linux, OS X, Windows)

– boot2docker (25 MB VM image)

– Natively (if you run Linux)

● On your servers (Linux)– Packages (Ubuntu, Debian, Fedora, Gentoo, Arch...)

– Single binary install (Golang FTW!)

– Easy provisioning on Azure, Rackspace, DigitalOcean...

– Special distros: CoreOS, Project Atomic

Authoring imageswith a Dockerfile

FROM ubuntu:14.04RUN apt-get updateRUN apt-get install -y nginxRUN echo 'Hi, I am in your container!' \ >/usr/share/nginx/html/index.html

CMD nginx -g "daemon off;"

EXPOSE 80

docker build -t joshnw/staticweb .docker run -P joshnw/staticweb

Authoring imageswith a Dockerfile

● Minimal learning curve● Rebuilds are easy● Caching system makes rebuilds faster● Single file to define the whole environment

The Docker workflow 1/2

● Work in dev environment(local machine or container)

● Other services (databases etc.) in containers(and behave just like the real thing!)

● Whenever you want to test « for real »:– Build in seconds

– Run instantly

The Docker workflow 2/2

Satisfied with your local build?● Push it to a registry (public or private)● Run it (automatically!) in CI/CD● Run it in production● Happiness!

Something goes wrong? Rollback painlessly!

Runningmultiple

containers

Fig

● Run your stack with one command: fig up

● Describe your stack with one file: fig.yml

● Example: run a (one node) Mesos cluster– Mesos master

– Mesos slave

– Volt framework

master: image: redjack/mesos-master command: mesos-master --work_dir=/mesos ports: - 5050:5050

slave: image: redjack/mesos-slave links: - master:master command: mesos-slave--master=master:5050--containerizers=docker,mesos volumes: - /sys/fs/cgroup:/sys/fs/cgroup -/var/run/docker.sock:/var/run/docker.sock - /usr/bin/docker:/bin/docker

volt: image: volt/volt links: - master:master command: --master=master:5050 ports: - 8080:8080

Do you evenChef?

Puppet?Ansible?

Salt?

Advanced concepts

● naming– give a unique name to your containers

● links– connect containers together

● volumes– separate code and data

– share data between containers

Summary

With Docker, I can:● put my software in containers● run those containers anywhere● write recipes to automatically build containers● use Fig to effortlessly start stacks of containers

Thank you! Questions?

http://docker.com/

@docker