Docker king-d00m Oskars Gavriševs 2015@4f
Agenda:
● Virtualization.
● Docker installation.
● Why Docker.
● Show me the magic.
● Anti-patterns.
● What's left behind.
Virtualization
Makes all hardware simulation. Requires
hardware level support (AMD-V and Intel VT-x).
Also can be splitted in three types based on
hypervisor :
● Bare metal hypervisors
● Hosted hypervisors
● Mix type hypervisors
On what virt. level is Docker ?
● Operating-system-level virtualization
● Requires Linux kernel spec. futures
Decker dependencies
● Requires different Linux kernel virtualization
futures (cgroups, namespaces, etc)
● Access these features through libs. : ○ libvirt
○ LXC
○ systemdnspawn
○ libcointainer (added after v. 0.9 )
● Mainline Linux kernel > 3.8 is enough
Where can I run Docker ?
● On almost any Linux OS ( Ubuntu, RHEL,
CentOs, ….)
● IaaS (AWS, Rackspace Cloud, Google
cloud, ...)
● Also on virtualization itself :○ Xen (paravirtualization )(AWS uses it )
○ VirtualBox (full virtualization )
Mac
● Docker needs specific kernel instructions
(absent in mac kernel) so only option is to
run Docker in VM , you can use : ○ Boot2Docker
○ Kitematic.io
Boo2Docker
● Get latest release:
https://github.com/boot2docker/osx-
installer/releases/latest
● Install “Boot2Docker-x.x.x.pkg”
● Spin up Docker VM by executing : ○ “$ boot2docker init”
○ “$ boot2docker start”
Boo2Docker (3)
● You can access VM and work with docker : ○ “$ boot2docker ssh”○ “$ docker ps”
OR
● Use docker CLI on mac (docker host on VM)○ “$ boot2docker shellinit”○ Export printed variables ○ ”$ docker ps”
Kitematic
● Get latest installation :
http://kitematic.com/download/
● Unzip and install
● You can create images only from docker
files
Ubuntu
Install from docker repo (version 1.4.1):
● Install “https” pkg. :○ “$sudo apt-get update”○ “$sudo apt-get install apt-transport-https”
● Add key server ○ “$sudo apt-key adv --keyserver
hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9”
Ubuntu (2)
● Add docker repo ○ “$ sudo sh -c "echo deb
https://get.docker.com/ubuntu docker main\> /etc/apt/sources.list.d/docker.list”
● Install docker ○ “$ sudo apt-get update”○ “$ sudo apt-get install lxc-docker”○ “$ sudo docker ps ”
Ubuntu (3)
Install from Ubuntu maintained repo (version
1.0.1) (not recommended ):○ “$ sudo apt-get update”○ “$ sudo apt-get install docker.io” ○ “$ docker ps”
Centos
Installation available only from 3rd party repos
(EPEL) (version 1.3.2):
● Add EPEL repo ○ “$ wget
http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm”
○ “$ sudo rpm -Uvh epel-release-6*.rpm”
Centos (3)
● Install docker:○ “$ sudo yum install docker-io”
● Ensure service is started ○ “$ service docker start”○ “$ docker ps”
What so special
● Less overhead than VM
● Run anything, run everywhere
● Reproducible way of building images
(DockerFiles )
What so special (3)
Docker allows to isolate:
● Process (own process space )
● File system (can use dedicated / can share )
● Memory amount
● CPU quotas
● Network (own network interface)
What so special (4)
● Compute efficiency :○ Processes runs straight on host
○ CPU performance (native performance )
○ Memory performance (few % shaved of )
○ Network performance (small overhead)
boot2Docker bug (2)
● add nameserver : “$echo 'nameserver 8.8.8.8' > /etc/resolv.conf”
● restart docker service on VM :“$/etc/init.d/docker restart”
Docker run
● Container will run ( persist its state = 'UP' )
until process inside will return exit code
Docker run detached
● Container runs in background we can
interact using : ○ network
○ shared volume
○ or attaching to process
Docker run interactive
● Default mode
● Attach terminal (stdin, stdout, stderr) to
process
● Can attach pseudo-tty
Docker run interactive (6)
Remember if container is started in interactive
mode (-i -t) :
● “Control + C” = will detach from container
and terminate it
● “Control + P , Control + Q” = will detach
without termination
Attaching to container
You can try :
● Attach to existing process in container =
“docker attach”
● Run-attach new process in container =
“docker execute”
docker attach
Attach to primary process (pid 1) tty in running
container : “$docker attach container_name”
docker execute
Run and attach to new process in container : “$docker exec -i -t container_name command”
Container control tools
● Inspect container config = “docker inspect”
● Terminal output = “docker logs”
● Process state = “docker top”
● Exposed ports = “docker port”
docker inspect
Returns low level info. about container / image: “$docker inspect container_name / image_name”
docker commit (2)
● We can make changes made in container
persistent by committing them to image.
● This is one approach how we can build
custom images.
docker build
● Second approach of building custom images
● We need 'Dockerfile' which will describe
changes made on base image.
Anti-patterns (1)
1) docker container = virtual machine
2) docker container = virtual machine
3) docker container = virtual machine
4) docker container = virtual machine
5) docker container = virtual machine
6) seriously !!!
- > one container one process
Anti-patterns (2)
● containers with built in sshd
- > no ssh, most things can be achieved with
built in tools
● persist data in container
- > use volumes
Anti-patterns (3)
● check app logs
- > use volumes
● restart service “/etc/init.d/my_srv restart”
- > send signal “docker kill -s <signal>”
● edit config / new app version
- > rebuild image from dockerfile
Left behind
● Port forwarding
● File system , volumes
● Resource limitation
● Clustering
● Dockerfiles
● Container linkage