Introducing Docker to Mac Management – Nick McSpadden
-
Upload
macbrained -
Category
Technology
-
view
2.229 -
download
0
Transcript of Introducing Docker to Mac Management – Nick McSpadden
![Page 1: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/1.jpg)
Introducing Docker
Nick McSpadden Client Systems Manager Schools of the Sacred Heart, SF
![Page 3: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/3.jpg)
A tiny sandboxed minimal Linux environment.
Docker containers are designed to run a single service or
application.
![Page 4: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/4.jpg)
Thinner than running a new VM for a service.
![Page 5: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/5.jpg)
There are lots of Docker containers for basic services already available in the library:
![Page 6: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/6.jpg)
Making containers is straightforward
• Containers are based on Dockerfiles, which are text files that contain a series of instructions.
• Start with a base image (like Ubuntu, Debian, or a default library image).
• ADD files, RUN commands.
• EXPOSE open ports for incoming connections.
• Share VOLUMEs to other containers.
![Page 7: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/7.jpg)
What’s with all this Linux crap? How does this involve Macs?
![Page 8: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/8.jpg)
Look at OS X Server.appNot many services that are truly unique to OS X:
• Caching Service (arguable vs. squid)
• Messages (no one uses this)
• Time Machine Server (no one uses this)
• Xcode (don't, it'll hurt)
• OpenDirectory (not common in enterprise)
• Xsan (wait, this still exists?)
![Page 9: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/9.jpg)
And if you can do it in Linux...
You can run lots of neat Mac management tools without ever needing OS X Server,
or OS X at all.
![Page 10: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/10.jpg)
…you can do it in Docker!
![Page 11: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/11.jpg)
Introducing Docker …to Mac management!
![Page 12: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/12.jpg)
Demoing some Mac tools
• Munki: just a basic web server
• Reposado: just a basic web server, with Python
• Puppet: Just Puppet.
• Sal: Django, Python
• Databases: Postgres (for Sal)
Reposado Munki Puppet
Postgres
Sal
OS X client
![Page 13: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/13.jpg)
Anatomy of a Munki container
• This Munki container is just an Nginx web server.
• Port 80 is exposed for inbound connections (http).
• /munki_repo, where the Munki repo is stored, can be shared to other containers.
Nginx
Port 80
/munki_repo
![Page 14: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/14.jpg)
Anatomy of a Munki container - Dockerfile
FROM nginx
RUN mkdir -p /munki_repo
RUN mkdir -p /etc/nginx/sites-enabled/
ADD nginx.conf /etc/nginx/nginx.conf
ADD munki-repo.conf /etc/nginx/sites-enabled/
VOLUME /munki_repo
EXPOSE 80
Nginx
Port 80
/munki_repo
![Page 15: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/15.jpg)
docker run -d --name munki-data --entrypoint /bin/echo nmcspadden/munki “Data-only container for munki"
Run a Data-Only Container
Data containers store data without running (or using any system resources), so other containers can access that
data.
![Page 16: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/16.jpg)
Munki + Munki-data
Nginx
Port 80
/munki_repo
munki munki-data
Nginx, but never runs
munki & munki-data both share /munki_repo.
![Page 17: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/17.jpg)
Munki + Munki-data
/munki_repo
munki-data
Nginx, but never runs
If you remove munki, /munki_repo still exists, and contains the repo. You can create a new munki container
and it will have the same old repo.
![Page 18: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/18.jpg)
Munki + Munki-data
Nginx
Port 80
/munki_repo
munki
If you remove munki-data, /munki_repo is still there, just as if you remove munki.
![Page 19: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/19.jpg)
Munki + Munki-data
If you remove both containers, your data is gone.
![Page 20: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/20.jpg)
docker run -d --name munki --volumes-from munki-data --publish 80:80 --hostname=“munki" nmcspadden/munki
Run the Munki Container
We use --volumes-from to share the repo from the data container. Port 80 is open for inbound connections.
![Page 21: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/21.jpg)
What munki looks like when you run itThere's no content yet!
![Page 22: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/22.jpg)
SambaPort 445
Accessing the Munki container
• Munki repo is empty - we need to populate it.
• Use a container with Samba installed so we can use smb:// to access it.
• Link the samba container to the munki-data container to access /munki_repo.
munki
Port 80
OS X
smb://localhost/munki_repo
munki-data
/munki_repo
![Page 23: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/23.jpg)
docker run -d --name smb --volumes-from munki-data --publish 445:445 nmcspadden/smb-munki /munki_repo
Run the Samba Container
We use --volumes-from shares the repo from munki-data. Port 445 (smb://) is open for inbound connections.
![Page 24: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/24.jpg)
docker exec smb chown -R nobody:nogroup /munki_repo/
docker exec smb chmod -R ugo+rwx /munki_repo/
Fix the permissions
This allows authentication as guest. Access repo from Finder: smb://docker_ip/
![Page 25: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/25.jpg)
Create the Munki repo
![Page 26: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/26.jpg)
Use Autopkg to import VLC
defaults write com.github.autopkg MUNKI_REPO /Volumes/public
autopkg run VLC.munki MakeCatalogs.munki
manifestutil>new-manifest site_default >add-catalog release site_default>add-pkg VLC site_default
![Page 27: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/27.jpg)
Check the repo via browser!http://docker_ip/repo/manifests/site_default
![Page 28: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/28.jpg)
Configure the client
sudo defaults write /Library/Preferences/ManagedInstalls.plist
SoftwareRepoURL http://docker_ip/repo
![Page 29: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/29.jpg)
Final test!
sudo managedsoftwareupdate
sudo managedsoftwareudpate --installonly
Check /Applications - VLC.app is now present!
![Page 30: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/30.jpg)
Add more services!Sal
MunkiWebAdminMunkiReport
Reposado
Puppet
BSDPy (NetBoot)
Casper
Crypt
![Page 31: Introducing Docker to Mac Management – Nick McSpadden](https://reader030.fdocuments.us/reader030/viewer/2022032619/55c4896bbb61ebc8068b469e/html5/thumbnails/31.jpg)
Additional Resources
• Shameless self-promotion for my blog: http://osxdominion.wordpress.com
• "MacAdmins" organization on Docker hub: https://registry.hub.docker.com/repos/macadmins/
• Docker tutorial:https://www.docker.com/tryit/
• The Docker Book:http://www.dockerbook.com/