Linux Containers and Docker

Slides:



Advertisements
Similar presentations
Lightweight virtual system mechanism Gao feng
Advertisements

Kat Passen.  Open source platform to manage deployment  Acts as a layer between an OS and an application  Images not dependent on system – similar.
Introduction to Docker Jitendra Kumar Patel Saturday, January 24, 2015.
Docker Martin Meyer Agenda What is Docker? –Docker vs. Virtual Machine –History, Status, Run Platforms –Hello World Images and Containers.
Docker Martin Meyer Agenda What is Docker? –Docker vs. Virtual Machine –History, Status, Run Platforms Hello World Terminology: Image and.
Seafile - Scalable Cloud Storage System
Windows Azure Conference 2014 Running Docker on Windows Azure.
Working with Ubuntu Linux Track 2 Workshop June 2010 Pago Pago, American Samoa.
Johan Janssen, Info Support. Continuous delivery Docker Jenkins Questions.
Vagrant workflow Jul. 15, 2014.
GAAIN Virtual Appliances: Virtual Machine Technology for Scientific Data Analysis Arihant Patawari USC Stevens Neuroimaging and Informatics Institute July.
Breaking Barriers Exploding with Possibility Breaking Barriers Exploding with Possibility The Cloud Era Unveiled.
Infrastructure as code. “Enable the reconstruction of the business from nothing but a source code repository, an application data backup, and bare metal.
Docker and Container Technology
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Docker Overview Automating.
VM vs Container Xen, KVM, VMware, etc. Hardware emulation / paravirtualization Can run different OSs on the same box Dozens of instances OS sprawl problem.
Agenda Azure and Open source Introduction to Containers and Docker. Docker on Azure CoreOS and Why Get Started on Docker.
Embedded Software Design Week II Linux Intro Linux Kernel.
#msitconf. Damien Caro Technical Evangelist Manager, Что будет, если приложение поместить в контейнер? What happens if the application.
Advancing CernVM-FS and its Development Infrastructure José Molina Colmenero CERN EP-SFT.
Alfresco deployment with Docker Andrea Agili Software Engineer – Dr Wolf srl Tommaso Visconti DevOps – Dr Wolf srl.
Intro To Virtualization Mohammed Morsi
April 1st, 2009 Cobbler Provisioning Made Easy Jasper Capel.
OpenShift & SELinux Dan Walsh Twitter: #rhatdan
Seven Problems of Linux Containers
Building ARM IaaS Application Environment
Agenda:- DevOps Tools Chef Jenkins Puppet Apache Ant Apache Maven Logstash Docker New Relic Gradle Git.
INTRO TO Presenter: PhuongNQK.
Fundamentals Sunny Sharma Microsoft
VAGRANT AND DOCKER AS LEARNING ENVIRONMENTS
Application Sandboxes
Docker and Azure Container Service
Containers: The new network endpoint
Linux Containers Overview & Roadmap
Deploy, Manage, and Scale Your Apps with OpsWorks, Elastic Beanstalk, and CodeDeploy Part 1 – Elastic Beanstalk © 2017 Amazon Web Services, Inc. and.
Container-based Operating System Virtualization: A scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert Potzl, Marc E. Fiuczynski,
Docker Birthday #3.
In-Depth Introduction to Docker
Docker – kontejnerizacija na serveru Vedran Vučetić, SPAN
4th Forum How to easily offer your application as a self-service template by using OpenShift and GitLab-CI 4th Forum Alberto.
Machine Learning Workshop
Containers and Virtualisation
Structure of Unix OS.
ASP.NET in Linux and Windows containers
Andrew Pruski SQL Server & Containers
Containers in HPC By Raja.
Drupal VM and Docker4Drupal For Drupal Development Platform
Xen Summit Spring 2007 Platform Virtualization with XenEnterprise
Windows Server & Hyper-V Containers Vaggelis Kappas
Drupal VM and Docker4Drupal as Consistent Drupal Development Platform
Introduction to Docker
Microservices in Dyalog APL Morten Kromberg – 11th January 2018
Agenda Intro Why use containers at all? Linux Kernel: a pop of history
Haiyan Meng and Douglas Thain
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Intro about Contanier and Docker Technology
Orchestration & Container Management in EGI FedCloud
Openstack-alapú privát felhő üzemeltetés
Docker Some slides from Martin Meyer Vagrant Box:
CloudOpting - Hackathon
Introduction to Docker
DEVOPS & THE FUTURE OF TESTING
Oracle Container Cloud Service made easy HROUG Conference 2018
Architecture Agnostic Docker Build Systems
OpenStack Summit Berlin – November 14, 2018
Azure Container Service
Data science laboratory (DSLAB)
Container technology, Microservices, and DevOps
Building, Debugging & Deploying Containerized
Azure DevOps Simplified with Production Data
Presentation transcript:

Linux Containers and Docker

introduction Linux containers (LXC) are “lightweight” VMs Docker is a commoditized LXC technique that dramatically simplifies the use of LXC

Comparison between LXC/docker and VM

LXC technique Linux kernel provides the “control groups” (cgroups) functionality allows limitation and prioritization of resources (CPU, memory, block I/O, network, etc.) without the need for starting any VM “namespace isolation” functionality allows complete isolation of an applications' view of the operating environment, including process trees, networking, user IDs and mounted file systems.

Unique features Containers running in the user space Each container has Own process space Own network interface Own /sbin/init (coordinates the rest of the boot process and configures the environment for the user) Run stuff as root Share kernel with the host No device emulation

Isolation with namespaces Check the results of pid, mnt, net, uts, ipc, user Pid namespace Type “ps aux| wc –l” in host and the container Mnt namespace Type “wc –l /proc/mounts” in both Net namespace Install net-tools Type “ifconfig”

hostname namespace ipc namespace User namespace “hostname” Type “ipcs” UID 0-1999 in the first container mapped to UID 10000 – 11999 in host UID 0-1999 in the 2nd container mapped to UID 12000 – 13999 in host

Isolation with cgroups Memory Cpu Blkio devices

Memory cgroup keeps track pages used by each group: file (read/write/mmap from block devices; swap) anonymous (stack, heap, anonymous mmap) active (recently accessed) inactive (candidate for eviction) each page is charged to a group pages can be shared Individual (per-cgroup) limits and out-of-memory killer

CPU cgroup keep track of user/system CPU time set relative weight per group pin groups to specific CPU(s) Can be used to reserve CPUs for some apps

Blkio cgroup keep track IOs for each block device set relative weights read vs write; sync vs async set relative weights set throttle (limits) for each block device read vs write; bytes/sec vs operations/sec

Devices cgroup controls read/write/mknod permissions typically: allow: /dev/{tty,zero,random,null}... deny: everything else maybe: /dev/net/tun, /dev/fuse, /dev/kvm, /dev/dri... fine-grained control for GPU, virtualization, etc

Almost no overhead processes are isolated, but run straight on the host CPU performance = native performance memory performance = a few % shaved off for (optional) accounting network performance = small overhead; can be reduced to zero

Performance Networking Linear algebra

What is docker Open Source engine to commoditize LXC using copy-on-write for quick provisioning allowing to create and share images standard format for containers standard, reproducible way to easily build trusted images (Dockerfile, Stackbrew...)

Docker history 2013-03: Releases as Open Source 2013-09: Red Hat collaboration (Fedora, RHEL, OpenShift) 2014-03: 34th most starred GitHub project 2014-05: JAX Innovation Award (most innovative open technology)

the Docker engine runs in the background manages containers, images, and builds HTTP API (over UNIX or TCP socket) embedded CLI talking to the API

Setup docker Check the website for Linux, windows, OSX The “getting start” tutorial Samples of commands > docker run hello-world > docker run -t -i ubuntu bash

Building docker image With run/commit commands 1) docker run ubuntu bash 2) apt-get install this and that 3) docker commit <containerid> <imagename> 4) docker run <imagename> bash 5) git clone git://.../mycode 6) pip install -r requirements.txt 7) docker commit <containerid> <imagename> 8) repeat steps 4-7 as necessary 9) docker tag <imagename> <user/image> 10) docker push <user/image>

Base Image ubuntu:latest run Container cid1 base image cmd  new state New Image iid1 commit Container cid1 run Container cid2 Container cid3 Container cid4

Run/commit Pros Cons Convenient, nothing to learn Can roll back/forward if needed Cons Manual process Iterative changes stack up Full rebuilds are boring, error-prone

Authoring image with a dockerfile A sample dockerfile FROM ubuntu RUN apt-get -y update RUN apt-get install -y g++ RUN apt-get install -y erlang-dev erlang-manpages erlang-base-hipe ... RUN apt-get install -y libmozjs185-dev libicu-dev libtool ... RUN apt-get install -y make wget RUN wget http://.../apache-couchdb-1.3.1.tar.gz | tar -C /tmp -zxf- RUN cd /tmp/apache-couchdb-* && ./configure && make install RUN printf "[httpd]\nport = 8101\nbind_address = 0.0.0.0" > /usr/local/etc/couchdb/local.d/docker.ini EXPOSE 8101 CMD ["/usr/local/bin/couchdb"] Run the command to build: docker build -t your_account/couchdb .

Minimal learning curve Rebuilds are easy Caching system makes rebuilds faster Single file to define the whole environment!

Around docker Docker Images: Docker Hub Vagrant: «Docker for VMs» Automated Setup Puppet, Chef, Ansible, ... Docker Ecosystem skydock / skydns fig

Docker Hub Public repository of Docker images https://hub.docker.com/ docker search [term] Automated: Has been automatically built from Dockerfile Source for build is available on GitHub

Docker use cases Development Environment Environments for Integration Tests Quick evaluation of software Microservices Multi-Tenancy Unified execution environment (dev  test  prod (local, VM, cloud, ...)

Dev-> test->production code in local environment (« dockerized » or not) each push to the git repo triggers a hook the hook tells a build server to clone the code and run « docker build » (using the Dockerfile) the containers are tested (nosetests, Jenkins...), and if the tests pass, pushed to the registry production servers pull the containers and run them for network services, load balancers are updated