environment isolation with docker (alex medvedev, alpari)
TRANSCRIPT
![Page 1: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/1.jpg)
Environment isolation with Docker
Alex Medvedev (fduch)Software Architect at Alpari
[email protected]: @alex_medwedew
1
![Page 2: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/2.jpg)
2
Docker in a nutshell
![Page 3: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/3.jpg)
What is Docker● Open-source project provides ability to develop, test and run applications
in exactly the same operation-system-level environment
● Isolates application environment in software containers
● Containers just like VM’s but much thinner and much faster
3
![Page 4: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/4.jpg)
Where you can use Docker?● Linux-based systems (natively): Ubuntu, Debian, Arch Linux, Fedora,
RedHat, etc● Mac OS X using lightweight VM● Windows 7, 8.1 using lightweight VM● Cloud Platforms: Amazon EC2, Google Cloud, Microsoft Azure etc
4
![Page 5: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/5.jpg)
Docker parts● Docker daemon with REST-like api that runs containers
● Docker Hub stores versioned container templates - images
5
![Page 6: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/6.jpg)
Container run example● Start daemon:
● Run container:
6
fduch@ub:/# docker -d
fduch@ub:/# docker run -it debian /bin/bashUnable to find image 'debian:latest' locallylatest: Pulling from debian64e5325c0d9d: Pull completebf84c1d84a8f: Already existsdebian:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.Digest: sha256:2613dd69166e1bcc0a3e4b1f7cfe30d3dfde7762aea0e2f467632bda681d9765Status: Downloaded newer image for debian:latestroot@6e823dba18d9:/# cat /etc/issueDebian GNU/Linux 8 \n \l
![Page 7: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/7.jpg)
Dockerfile
Strict-format file defines all the steps to take to build the image
7
![Page 8: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/8.jpg)
8
Isolation of Symfony 2 application in Docker container
![Page 9: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/9.jpg)
The Goal● Isolate Symfony 2 application environment inside Docker container: OS,
php extensions and php-fpm daemon
● Hold application code on the main (host) machine and mount it inside container
● Start container on the host
● Configure nginx on the host to serve php using container’s php-fpm daemon and to deliver static from host
9
![Page 10: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/10.jpg)
Isolation plan● Describe new docker image containing php-fpm and application system-
level dependencies using Dockerfile
● Build application image
● Prepare symfony 2 application code
● Configure web-server inside the host to work with application container
● Run container with application code inside
10
![Page 11: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/11.jpg)
Symfony 2 Dockerfile
11
FROM debian:jessie
MAINTAINER fduch <[email protected]>
RUN apt-get update \&& apt-get -y install php5-cli php5-json php5-intl php5-fpm php5-memcache php5-ldap php-apc php5-mysql php5 \&& rm -r /var/lib/apt/lists/*
VOLUME /var/www/app.local
COPY ["./entrypoint.sh", "/entrypoint.sh"]
ENTRYPOINT ["/entrypoint.sh"]
EXPOSE 9090
![Page 12: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/12.jpg)
Container entrypoint
entrypoint.sh:
12
#!/bin/bash
set -e
sed -i "s/listen = \/var\/run\/php5-fpm.sock/listen = 9090/g" /etc/php5/fpm/pool.d/www.conf \
&& /usr/sbin/php5-fpm --nodaemonize
![Page 13: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/13.jpg)
Building application image
Build application image using Dockerfile located in the same directory:
13
fduch@ub:/# docker build -t fduch/app_image .
![Page 14: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/14.jpg)
Prepare application code
14
fduch@ub:/# cd /tmp && wget http://<some url to sf2 app artifact>/app.tarfduch@ub:/# tar -xvf app.tar /var/www/project_name
![Page 15: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/15.jpg)
Nginx config● Set app.local host● Configure nginx:
15
server { server_name app.local; root /var/www/project_name/web;
location / { try_files $uri /app.php$is_args$args; }
location ~ ^/(app_dev|config)\.php(/|$) { fastcgi_pass app_upstream; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME /var/www/app.local/web$fastcgi_script_name; fastcgi_param HTTPS off; }}
upstream app_upstream{ server 127.0.0.1:9090;}
![Page 16: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/16.jpg)
Run application container
● Run application container in daemon mode:
● No PHP on the host, enjoy! :-)
16
fduch@ub:/# docker run -p 9090:9090 -d -v /var/www/project_name:/var/www/app.local fduch/app_image
![Page 17: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/17.jpg)
Leveraging several containers● You can put anything in containers (db, web server, application, etc) and link them together using secure tunnel
(--link option)● In Symfony 2 example you can easily isolate application code inside container with only php, git, and composer
and mount the code from it to php-fpm-container ● Using docker compose make things simplier
17
app: image: fduch/app_image volumes: - symfony:/var/www/app.localphp: image: fduch/php-fpm expose: - “9000” volumes_from: - appnginx: image: fduch/nginx ports: - “80:80” links: - php volumes_from: - app
![Page 18: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/18.jpg)
18
Isolating several environments inside container
![Page 19: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/19.jpg)
Why you need run container inside the other one?
● Dev VPS’s which probably can be containers (not only Docker but for example LXC) itself with the swarm of applications to develop
● CI stages (agents are containers)
● Fun :-)
19
![Page 20: Environment isolation with Docker (Alex Medvedev, Alpari)](https://reader035.vdocuments.site/reader035/viewer/2022062216/55cef415bb61ebca3d8b47ac/html5/thumbnails/20.jpg)
20
Not now about this!