DockerIn our cloud

Jacob Godin (@jacob_godin)

Adam Thurlow (@thurloat)

#HOCM

What is Docker?

A transportable container shipping engine

Lightweight container isolationshared kernel / no virtualization / low overhead

cgroups limit resource consumption

Copy-on-write / versioned container FScontainer layers & base containers

What does that buy us?

Separation of operational concernssplits code / libs / data from logs / monitoring / host

Build it once, run it anywhere*use CI to build, test, & deploy environments

Service oriented, immutable infrastructureProcesses don’t go bangCommoditize everythingCentralized core images

How we leverage Docker

Continuous Integration of OpenStackquickly build new containersruns in staging, locally, and prod

Automated Deploymentsshared private registry over vpn

Drop in UpgradesOpenstack Grizzly -> Juno by cycling 3 containers

Distributed Configurationetcd + confd = templated application config

docrane - Container Management

Leverages:etcd (distributed key/value store)docker-py (Docker API client for Python)

https://github.com/CloudBrewery/docrane/

“Docker container manager that relies on etcd to provide relevant configuration details. It watches for changes in configuration and automatically stops, removes,

recreates, and starts your Docker containers.”

Drawbacks

Security!● not meant for untrusted guests (yet)● you’re fully responsible for hardening

Networking!● built-in docker networking is slow and prone to failure.● docker-proxy & magic NAT

Youth!● breaking API changes frequently (still new).

Fin

Questions / Comments / Heckling

Find us afterward to chit chat.