Docker  Introduc-on  &  Orchestra-on

Dr.  Elias  Weingärtner,  CTO  Architect  Team  

What  Problem  does  Docker  solve?

What  does  Docker  do  technically?

So:ware  Container  Image  

Containeriza>on  

DataCenter  

Developer  PC  

Instan>a>on  

Dockerfile  

„docker-­‐compose“  

„docker  run“  

Orchestra>on  of  Compound  Services  

A  Dockerfile  describes  how  to  turn  any  so;ware  ar<fact  Into  a  Docker  Image  

# A basic apache server. To use either add or bind mount content under /var/www FROM ubuntu:12.04

MAINTAINER Kimbro Staken version: 0.1

RUN apt-get update && apt-get install -y apache2 && apt-get clean && rm -rf /var/lib/apt/lists/*

ENV APACHE_RUN_USER www-data ENV APACHE_RUN_GROUP www-data ENV APACHE_LOG_DIR /var/log/apache2

EXPOSE 80

CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]

Install  Apache  into  Ubuntu  Image  

Dockerfile  by  example

hEps://github.com/kstaken/dockerfile-­‐examples  

Base  Image  

Metadata  

Basic  Apache2  configura<on  

Tell  Docker  that  the  container  exposes  HTTP  

How  to  start  it  up  

Docker  Images

•  Important:  Docker  executes  Docker  Images,  not  Dockerfiles  • A  Docker  image  contains  everything  to  run  the  so:ware  •  Binaries  (Think  /usr/bin)  •  Configura>on  (Think  /etc)  •  System  Libraries,  Auxiliary  Files,  System  Content  

•  Layered  File  System  •  Each  write  opera>on  adds  a  layer  to  the  file  system  •  Image  Inheritance  

Docker  Registry

• Central  repository  for  Docker  images  •  docker push <name> •  docker pull <name>

•  Enables  sharing  of  executable  images  •  Public  Docker  Registry:  Docker  Hub  (14000+  images)  

•  Enterprise  use:  Need  for  a  private  registry  

Docker  Links

• Wish:  Separa>on  of  Concerns  into  different  containers  •  Manual  “composi>on”  via  Docker  Links:  

à Containers  need  to  be  started  in  the  right  order  à Even  more  complexity  with  cross-­‐host  links  

mysql:3306  

1) docker pull mysql:latest docker pull httpd:latest

2) docker run -e MYSQL_ROOT_PASSWORD=123 --name mydb mysql 3) docker run –name web –link mydb:mydb httpd

The  need  for  orchestra-on

Some  „Fic>on“:  13  Containers  with    15  links  

Challenges  •  Container/Service  Dependencies  •  Star>ng  Order  •  Network  Dynamics  •  Ressource  Alloca>on  

Let‘s  do  this  manually  with  Docker  

Docker  Orchestra-on  Tools

•  Container  Instan>a>on  &  Order  •  Communica>on  between  containers  &  link  management  •  Wish  list:  •  Transparent  Container  placement  on  infrastructure  •  Support  for  service  redundancy  fail-­‐over  

Docker  orchestra>on  tools  automate  the  instan>a>on  of  service  landscapes.  

Docker  Orchestra-on  Tools

Today:  Brief  introduc>on  to  two  orchestra>on  tools  

Docker  Compose  Docker  Swarm  (Docker  Machine)  

Others:    Mesos,  Kubernetes,  Lafce  (Pivotal),  Helios  (Spo>fy),  SmartDataCenter,    Panamax,  Clocker…  

Docker  Compose/Swarm/Machine

• Docker  originally  had  no  orchestra>on  func>onality  

Now  • Docker  Compose  • Docker  Machine  • Docker  Swarm  

Docker  Compose  Example

docker-compose up will  start  Wordpress  +  MySQL  

web: build: . command: php -S 0.0.0.0:8000 -t /code ports: - "8000:8000" links: - db volumes: - .:/code db: image: orchardup/mysql environment: MYSQL_DATABASE: wordpress

docker-­‐compose.yml  

CoreOS

• Manages  en>re  Docker  Clusters  • Main  Components  •  CoreOS:  Minimal  Linux  Opera>ng  system  •  Docker:  Container  Run>me  •  etcd:  Distributed  key/value  store  à  Configura>on  Management  •  Fleet  

•  Cluster  Management  •  Distribute  service  on  cluster  •  Failover  support  

CoreOS  Architecture

CoreOS  Example:  High  Availability  Apache

Description=My Apache Frontend After=docker.service Requires=docker.service

[Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker kill apache1 ExecStartPre=-/usr/bin/docker rm apache1 ExecStartPre=/usr/bin/docker pull coreos/apache ExecStart=/usr/bin/docker run -rm --name apache1 -p 80:80

coreos/apache /usr/sbin/apache2ctl -D FOREGROUND ExecStop=/usr/bin/docker stop apache1

[X-Fleet] Conflicts=apache@*.service

Prerequisites  

Source:  CoreOS  Documenta>on  

Service    Instan<a<on  

HA:  Avoid  2  Apaches  on    one  host  

CoreOS  Example:  High  Availability  Apache

$  fleetctl  submit  apache@.service  $  fleetctl  start  apache@1  $  fleetctl  start  apache@2  $  fleetctl  list-­‐units  UNIT                              MACHINE                                      ACTIVE          SUB  apache@1.service      491586a6.../10.10.1.2        ac>ve            running  apache@2.service      148a18ff.../10.10.1.1        ac>ve            running  

Source:  CoreOS  Documenta>on  

Eight  golden  Rules  for  Docker  Containers

1.   One  Purpose:      Each  container  does  exactly  one  job  2.   Working:        The  container  is  func>onal        3.   Fix  Dependencies:    All  dependencies  of  the  container  are  sound  4.   Minimal:    Contains  only  bare  essen>als  5.   Whitebox    Sources  for  the  container  must  be  available    6.   Secure      The  container  is  tested  and  checked  regularly  7.   Limited      The  container  requires  only  limited  resource

8.   Trust      The  maintainer  of  the  container  is              trustworthy.  Its  content  is  not  

tampered.    

Summary

• Docker  provides  mobility  for  so:ware  ar>facts  •  „Build  once,  ship  anywhere“  

• Deployment  of  compound  services:  Orchestra>on  needed!  •  Different  toolchains  available.  

• Claim:  We  need  guidelines  for  Docker  use  at  Haufe.  •  Many  ques>ons  (unsorted)  

•  Use  of  private/public  Docker  registries?  •  Should  we  containerize  everything?  •  How  to  handle  cer>ficates?  •  Which  orchestra>on  platorm  to  use?  Which  backend  to  use  for  container  management?  

Outline