HP Advanced Technology Group: Docker and Ansible

Click here to load reader

  • date post

    19-Aug-2014
  • Category

    Engineering

  • view

    3.300
  • download

    6

Embed Size (px)

description

Ansible Docker modules and dynamic inventory plugins running on HP Moonshot, given at AnsibleFest NYC May 20, 2014

Transcript of HP Advanced Technology Group: Docker and Ansible

  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Docker and Ansible Container management made easy
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. About the speaker Patrick Galbraith HP Advanced Technology Group Has worked at Blue Gecko, MySQL AB, Classmates, Slashdot, Cobalt Group, US Navy, K-mart MySQL projects: memcached UDFs, DBD::mysql, federated storage engine Family Outdoors
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted3 What is a container?
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted4 Containers vs. VMs Containers Multiple isolated userspace instances Only libraries and components needed for application Runs on the same kernel (using Cgroups). Much smaller, easier to package VERY fast to start! Container runs using (a) specific process(es) SSH not needed Security limited to app VMs Entire OS installation Container runs within OS (using Cgroups). VM runs using emulation or virtualization on host OS Entire VM OS and disk images Longer to start SSH Security issues of running OS
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted5 What is Docker? Application that manages containers (CLI, API) Automates the deployment of applications inside software containers Written in Go, Opensource dotCloud Uses union file system (AUFS) Can use CLI to search Docker repos for images "literally LXC with some awesomesauce on top No dependency hell
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted6 Why Docker? Makes it very easy to run and manage containers Configure/build once, run anywhere Small footprint in terms of disk and memory Well-suited for SaaS/PaaS Security - you are not running a VM and associated OS
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted7 Docker concepts Images Read only layer Acts as a template for containers Inheritance images can be pushed to and pulled from public or private repos Dockerfile Used for building images Containers Applications run using containers
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted8 Dockerfile example FROM ubuntu:13.04 MAINTAINER Patrick aka CaptTofu Galbraith , [email protected] # Update distribution RUN apt-get update && apt-get upgrade -y && apt-get clean RUN apt-get install -y ssh vim apache2-mpm-prefork RUN mkdir /var/run/sshd RUN mkdir /root/.ssh RUN chmod 700 /root/.ssh # entrypoint script ADD entrypoint.sh /usr/local/sbin/entrypoint.sh ADD docker.pem.pub /root/.ssh/authorized_keys RUN chown -R root:root /root/.ssh # Expose SSH and Apache EXPOSE 22 80 443 ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"]
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted9 Entrypoint script example #!/bin/bash /usr/sbin/sshd -D [email protected] service apache2 start
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted10 Docker concepts
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted11 Basic usage docker run Make changes docker commit docker push
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted12 Dockerfile docker build t username/my_image Container runs Each step results in an a commit (image being created) CMD vs. ENTRYPOINT
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted13 Ansible + Docker docker module docker_images module docker_facts module Docker inventory plugin Uses docker-py Docker client python library
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted14 What we used HP Moonshot New server low power (1500W x2 min) Small footprint Designed for targeted workloads One 4.3 U container chassis 45 cartridges
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted15 Install Docker $ ansible-galaxy install angstwad.docker_ubuntu - hosts:local connection: local roles: - angstwad.docker_ubuntu DOCKER_OPTS="--ip=0.0.0.0 --host=tcp://0.0.0.0:4243 Example: install docker install role Example: add options to template deployed to /etc/defaults/docker Example: playbook to install using docker install role
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted16 Install Docker
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted17 Install Docker Example: running ansible to verify that Docker is installed on containers
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted18 docker_images module Builds Docker images Simple: add, build or remove - name: check or build percona XtraDB Cluster image docker_image: docker_url=tcp://127.0.0.1:4243 path=../docker-image-source/pxc/" name=capttofu/pxc" state=present Example: playbook to build a Percona XtraDB Cluster
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted19 docker_images module Example: build several images using playbook using docker_images
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted20 docker_images module Example: Display of newly built images
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted21 docker module Container provisioning start, stop, delete containers Set parameters on a container Example: Playbook that builds Percona XtraDB Cluster image- name: docker image control local_action: module: docker docker_url: "tcp://somehost:4243" image: capttofu/percona_xtradb" name: db" state: present" publish_all_ports: yes
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted22 docker module $ ansible-playbook site.yml -e 'hosts=moonshot' $ ansible-playbook site.yml -e 'hosts=moonshot docker_state=absent' Example: Docker container control
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted23 docker module
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted24 docker module
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted25 docker_facts module Populate large dictionary docker_facts containing information about Docker container fleet and images Two primary dictionary entries: docker_containers and docker_images
  • Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted26 docker_facts module - name: Gather info about containers hosts: "{{ hosts }}" gather_facts: False tasks: - name: Get facts about containers local_action: docker_url: tcp://{{ inventory_hostna