Docker on Power Systems

Slide 1

Csar Diniz MacielExecutive IT SpecialistIBM Corporate [email protected]

pCV4103 - Docker, lxc, lxd and friends

Copyright IBM Corporation 2014

Session objectives

After this session, you will be able to:Understand about containers and how they are useful for deploying applications;

Learn how to install Docker on Power Systems and how to deploy containers;

Learn basic Docker management commands, how to create images and how to move containers across systems;


Notes:

Instructor notes:Purpose List the unit objectivesDetails Additional information Transition statement

Agenda

What are containers?

Why containers?

Differences between containers and virtual machines

Docker on Power Systems

Installing Docker

Creating base image

Deploying containers

Comparing Docker to AIX Workload Partitions

Managing containers


What are Containers?

Two new features enabled containersCgroups and Name spaces

Different name space for processOwn process space

Can run stuff as root (Chroot)

Concept from Plan9 (1992)

Done with setns and unshare system call

Share the same kernel

No device emulation

A name space is completely separatedFull network stack on the new name spaceOwn routes

Own Firewall rules

Name resolution mechanism

Mount, PIDs, IPCs,

ServerHost OSLinux Container + Docker EngineMiddleware YMiddleware XAppAAppAAppA1AppA1AppBAppBAppB1

Container

What is Docker?

Operating system-based virtualization

Aimed at quick and efficient deployment of applications in a virtualized container environment.

From http://docker.comDocker is an open platform for developers and sysadmins to build, ship, and run distributed applications.

It runs as an isolated process in userspace on the host operating system, sharing the kernel with other containers. Thus, it enjoys the resource isolation and allocation benefits of VMs but is much more portable and efficient.


Why Docker

Fast to deploy

Lightweigth

Almost no performance impact for applications

Very efficient use of resources

Ability to pack applications, configuration files, pre-requisites, etc in a docker image for easy distribution and deployment.

Ability to run different Linux versions and flavors in the same host system.


Differences between Docker and virtual machines

Docker is an OS-based virtualization

Same concept as Virtualbox, Vmware Workstation, AIX WPAR, Solaris Containers, BSD Jails...

Kernel is shared among all containers

Every container runs the same kernel version

Kernel parameters are the same for all containers, as well as network and I/O

No strong isolation between containers processes are isolated from each other, but all containers run under the same OS instance


PortabilityIf it works locally, it will work on the server, with exactly the same behavior, regardless of versions, distro, dependencies

Quick boot

Faster provisioning

Can fit far more containers than VMs into a host

Simplified securityOnly need to fix things on the hosts

Lower CostsFewer operating systems to manage

Easy OS patching

Greater application mobility

Starting/Stoping a container is a about process management

Benefits of containers

ManualVMDockerProvision TimeDaysMinutesSeconds / ms

LXC is supported on all IBM Distros available

Docker on POWER is no different than Docker on x86 platforms from a usability perspective

Docker is only supported in Ubuntu 15.04 and Fedora 23 at the moment.Experimental at RHEL and SUSE

LXD is only available in Ubuntu 15.04http://images.linuxcontainers.org contains ppc64el images

There is a growing ecosystem of dockerized applications for POWER

System Z also supports it

https://www.ibm.com/developerworks/linux/linux390/docker.html

IBM POWER containers support

Installing Docker on Power Systems (after April 2015)

Docker now officially supported on
Ubuntu Vivid Vervet (15.04)

Install the docker packageapt-get install docker.io

Now part of the Ubuntu distribution and maintained by Canonical.


Using Docker

Docker users can install images from Docker Hub, a public repositores for Docker images

However, it is x86-oriented. That means that by default, docker pulls a x86 image from the server.

Multiarch support for Docker Hub is being worked
- Meanwhile, non-x86 images have distinct names to identify them, such as 'fedora22_ppc64le'

Docker on POWER users can create their own images, and then can share them by running a private Docker Hub

Most enterprises will probably have their own images in a private repository for security.


LXC is the base, distro independent, container infrastructure.Created in IBM/LTC in 2009

LXD is a controller over LXD allowing new features over LXCFile-system snapshot

Migration

Docker is an application delivery that uses containers technologiesFocused on images AnotherUnionFs (AUFS)

Was based on LXC in the beginning, now has it own technology called libcontainer

Focused on a few, hopefully 1, process

What is difference between Docker, LXC and LXD?

LXC, LXD and Docker usage

Similar to AIX System WPAR

Similar to AIX Application WPAR

Creating a Docker image

Simple ways to create images are:

Debian Bootstrap (debootstrap)

Ubuntu Core

Cloning a system into an image is also possibleAllows for migration from virtual machines to containers

Environment can be customized (i.e. applications installed, etc) before generating the image for container deployment.


Creating a Docker image using debootstrap

From Build and use Docker on the IBM POWER Linux platform document at IBM developerworks:

$ sudo apt-get install -y debootstrap

$ curl -o debootstrap.sh \ https://raw.githubusercontent.com/docker/docker/master/contrib/mkimage/debootstrap

$ chmod 755 debootstrap.sh

$ sudo ./debootstrap.sh ubuntu --components=main,universe trusty

$ sudo tar -C ubuntu -c . | docker import - ubuntu:14.04

$ docker tag ubuntu:14.04 ubuntu:trusty

$ docker tag ubuntu:14.04 ubuntu:latest

$ sudo rm -fr ubuntu


Creating a Docker image using Ubuntu Core

From Ubuntu Core on Docker for POWER

Download Ubuntu Core

Example for 14.04 version:

wget http://cdimage.ubuntu.com/ubuntu-core/trusty/daily/current/trusty-core-ppc64el.tar.gz

Import the files into dockercat trusty-core-ppc64el.tar.gz | docker import - ubuntucore 3ad6c6616b921b10a414238a226fb39eef85d8249ac7d767e84e275aaf90ab65

Verify that the image was created:docker images

Assure that your image is running fine:docker run ubuntucore ls


Creating a Docker image using an installed system

Creat a tar file with the filesystem structure

Useful to exclude /tmp, /proc, /sys and other filesystems not needed in the image

Example: tar cvf /tmp/ubuntu.tar --exclude='sys' --exclude='tmp' --exclude='proc' *

Import the files into dockercat ubuntu.tar | docker import - ubuntuinstall 3dcc622c3ef8922cceef85d8249ac7d767e84e275aaf90ab65

Verify that the image was created:docker images

Assure that your image is running fine:docker run ubuntuinstall ls



Similar concept of OS-based virtualization

AIX allows for multiple OS versions to coexist

Host partition must be on AIX 7

Hosted WPARS can be AIX 5.2, 5.3 or 7

Docker allows for multiple OS versionsHost partition does not have to be at latest level

Can host OS versions that are higher or lower

All run same kernel version, since it is shared by all containers, so while the OS version may change, the kernel does not



AIX WPARs are always persistent. Docker containers are not

You have to explicitly save the container in order to save changes made while running

Application data normally resides on data volumes, that are filesystems mounted by Docker, and these are persistent therefore application data is always saved to disk and does not require the commit operation on the container.

Each AIX WPAR is a separate image. Docker can instantiate multiple containers from the same image

Easier to deploy and maintain a pool of similar environments

Docker automatically assigns a new IP for each instance


Using Docker Containers

docker images

docker ps -a

docker run

docker run -i -t /bin/bash

docker rm

docker rmi

docker commit


Docker demo on Power Systems

As root, do:

docker -v

docker images

docker ps -a

cat /etc/lsb-release

docker run vividcore cat /etc/lsb-release

docker run ubuntu cat /etc/lsb-release





Example of running Apache on Docker

Based on customization script called Dockerfile

Dockerfile specifies image to base installation, adds extra packages, copy files and configures applications

Container started with port forwarding


Dockerfile

FROM ubuntu

MAINTAINER Breno Leitao

RUN apt-get update && apt-get install -y php5 libapache2-mod-php5 php5-mysql php5-cli && apt-get clean && rm -rf /var/lib/apt/lists/*

ENV APACHE_RUN_USER www-dataENV APACHE_RUN_GROUP www-dataENV APACHE_LOG_DIR /var/log/apache2ENV APACHE_PID_FILE /var/run/apache2/apache2.pidENV APACHE_RUN_DIR /var/run/apache2ENV APACHE_LOCK_DIR /var/lock/apache2

EXPOSE 80

CMD ["/usr/sbin/apache2", "-D", "FOREGROUND"]

Instruction set: https://docs.docker.com/reference/builder/

Example of running Apache on Docker

docker run -p 8080:80 -d apacheStarts the container in detached mode, and redirects container port 8080 to host partition port 80

Since it is running detached, control the container using docker commands (e.g. docker start, docker stop).


Moving a container to other system

docker save apache > apache.tar

copy apache.tar to other system

docker load < apache.tar

docker run -p 8080:80 -d apache


Managing containers

Many tools for managing docker containers

Tools are platform agnostic they talk to the docker daemon, so from the tool perspective it does not matter the platform

Docker containers from multiple systems/architectures can be managed by the same tool


Managing containers


Shipyard is an open source GUI for managing and deploying Docker containers

Managing containers


Conclusion

Containers offer a flexible way of deploying applications with minimum effort.

System resources can be used efficiently, and migration/deployment of new environments is quick and easy.

Docker integration with cloud management tools such as Openstack provides rapid instance deployment, and multi-platform container management.

Docker for Power Systems allow all these benefits to be used on a high performance and high reliability platform.


Continue growing your IBM skills

ibm.com/training provides a
comprehensive portfolio of skills and career
accelerators that are designed to meet all
your training needs.

Training in cities local to you - where and
when you need it, and in the format you want

Use IBM Training Search to locate public training classes
near to you with our five Global Training Providers

Private training is also available with our Global Training Providers

Demanding a high standard of quality
view the paths to success Browse Training Paths and Certifications to find the
course that is right for you

If you cant find the training that is right for you with our Global Training Providers, we can help.Contact IBM Training at [email protected]

Global Skills Initiative

Technical University/Symposia materials may not be reproduced in whole or in part without the prior written permission of IBM.9.0

Presentation title

Presentation subtitle (optional)


Click to edit Master title style

Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelClick to edit Master text stylesSecond levelThird levelFourth level

Fifth level




Fifth level

Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline Level

Seventh Outline LevelClick to edit Master text styles





Fifth level


Docker on Power Systems

Internet

Transcript of Docker on Power Systems