Docker / Ansible
22
Docker / Ansible Stéphane Manciot 19/02/2015
-
Upload
stephane-manciot -
Category
Technology
-
view
656 -
download
0
Transcript of Docker / Ansible
Docker / Ansible
Stéphane Manciot 19/02/2015
Problem - the matrix from Hell
LXC - the intermodal shipping container
LXC - main features○ Portability
○ run everywhere ○ regardless of kernel version ○ regardless of host distro
○ run anything ○ if it can run on the host, it can run in the
container ○ i.e., if it can run on a Linux kernel, it can run
○ Isolation (namespaces) ○ Control resources (cgroups) ○ Lightweight VM (own process space, own network
interface …) without performance penalty (no device emulation)
DevOps - separation of concerns
○ Developer - Inside the container ○ my code ○ my libraries ○ my package manager ○ my app ○ my data
○ Operational - Outside the container ○ logging ○ remote access ○ network configuration ○ monitoring
Docker - main features○ a single application virtualization engine based
on containers ○ a standard, reproductible way to easily build and
share trusted images (Dockerfile, Stackbrew, docker-registry …)
○ each image is a stack of layers (1 layer = tarball + metadata)
○ a daemon running in the background ○ manages containers, images and builds ○ HTTP api (over UNIX or TCP socket) ○ embedded CLI talking to the api
LXC versus Docker
Docker - PaaS
○ Portability ○ Fast provisioning (Another Union File System) ○ Performance ○ processes are isolated, but run straight on the
host ○ CPU performance = native performance ○ almost native memory performance ○ network performance = small overhead
Docker - quick start○ search an image : sudo docker search debian ○ list images : sudo docker images ○ download an image : sudo docker pull debian ○ run a container : sudo docker run [OPTIONS]
IMAGE[:TAG] [COMMAND] [ARGS…] ○ list all containers : sudo docker ps -a ○ find the id of the last launched container : sudo
docker ps -l ○ commit container updates : sudo docker commit
ID [IMAGE[:TAG]] ○ inspect a container : sudo docker inspect ID ○ upload an image : sudo docker push IMAGE
Exercise
○ create a docker image from the latest debian image including oracle java7 as debian:oracle-java7
○ http://www.webupd8.org/2012/06/how-to-install-oracle-java-7-in-debian.html
Dockerfile○ Usage : sudo docker build -t=“IMAGE[:TAG]” . ○ Format : ○ # Comment ○ INSTRUCTION arguments
○ FROM image[:TAG] ○ MAINTAINER <name> ○ RUN <command> ○ CMD [“executable","param1","param2"] | CMD
[“param1","param2"] | CMD command param1 param2
Dockerfile○ EXPOSE <port> [<port>…] ○ ENV foo bar | ENV foo=bar ○ ADD <src>... <dest> ○ ADD hom* /mydir/ ○ ADD hom?.txt /mydir/ ○ ADD test aDir/
○ COPY <src>... <dest> ○ ENTRYPOINT ["executable", "param1",
“param2"] ○ VOLUME [“/data"] ○ WORKDIR /path/to/workdir ○ ONBUILD [INSTRUCTION]
Dockerfile - best practices
○ add a .dockerignore file ○ avoid installing unnecessary packages ○ run only one process per container ○ minimize the number of layers ○ put long or complex RUN statements on multiple
lines separated with backslashes ○ sort multi-line arguments ○ prefer COPY to ADD ○ use VOLUME for any mutable parts of your
image
Dockerfile - Examples
○ apache2
Dockerfile - Examples
Exercise
○ create a docker image from the latest debian image including oracle java7 as dockerfile/debian:oracle-java7 using Dockerfile
○ http://www.webupd8.org/2012/06/how-to-install-oracle-java-7-in-debian.html
Docker - overriding image defaults○ CMD ○ sudo docker run [OPTIONS] IMAGE[:TAG]
[COMMAND] [ARGS...] ○ ENTRYPOINT ○ sudo docker run -i -t --entrypoint /bin/bash
example/redis ○ EXPOSE (incoming ports) ○ --expose=[]: Expose a port or a range of ports
from the container without binding ○ -P : bind the exposed ports to a random port
on the host between 49153 and 65535 ○ -p [ip:][hostPort:]containerPort ○ --link <name or id container>:alias
Docker - overriding image defaults○ ENV ○ sudo docker run -e "deep=purple" --rm
ubuntu /bin/bash -c export ○ VOLUME ○ -v=[]: Create a bind mount with: [host-dir]:
[container-dir]:[rw|ro] ○ --volumes-from CONTAINER : share volumes
with another container ○ USER ○ -u="": Username or UID
○ WORKDIR ○ -w="": Working directory inside the container
Docker - ambassador pattern
(consumer) --> (es_http_client) ---network--->
(es_ambassador) --> (es)○ vagrant ssh mogobiz-db
○ sudo docker run -d --name es -P --volumes-from elasticsearch mogobiz/elasticsearch-1.3.6
○ sudo docker run -d --link es:es --name es_ambassador -p 192.168.56.110:19200:9200 -p 192.168.56.110:19300:9300 svendowideit/ambassador
○ vagrant ssh mogobiz-web
○ sudo docker run -d --name es_http_client --expose 9200 -e ELASTICSEARCH_PORT_9200_TCP=tcp://192.168.56.110:19200 svendowideit/ambassador
○ sudo docker run -t -i --rm --link es_http_client:elasticsearch --link mogobiz_db_client:mogobiz_db --name consumer -p 8080 busybox sh
○ / # env
Ansible and docker○ Build new image
○ Run a container
Vagrant and Ansible
Vagrant and Ansible
![Docker入門 - epaper.gotop.com.twepaper.gotop.com.tw/pdf/ACA020700.pdf · 48 Part I‧Docker 入門 ... ansible/centos7-ansible Ansible on Centos7 34 [OK] tutum/centos Centos image](https://static.fdocument.pub/doc/165x107/5af822427f8b9aac248cb64a/docker-part-idocker-ansiblecentos7-ansible-ansible-on-centos7.jpg)
