Deploying Hybrid-OS Applications with Docker EE Presenter Stephen Stack linkedin.com/in/ststack

Setup before we startup 1. Sign into Dell_Guest SSID – Stephen_stack@dell.com 2. Setup before we startup

What will we be doing today? Before we get started you will need: Internet Access Via EMC Guest RDP client (on Mac: Microsoft Remote Desktop) SSH client (on Windows: PuTTy) Slides: Docker EE Overview Hands On: Build an EE Cluster Hands On: Deploy a Linux application Slides: Migrating Traditional Apps with Docker Hands On: Migrate and deploy an IIS Web App Slides: Orchestration capabilities and Docker Compose Hands On: Deploy a multi-OS two service app

Docker EE Overview Container as a Service

Quick 10 second introductions & Docker experience IT Innovation, 25% Experience in the room? Quick 10 second introductions & Docker experience

What is a container? A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings. Available for both Linux and Windows based apps, containerized software will always run the same, regardless of the environment. Lightweight Containers running on a single machine share that machine's operating system kernel; they start instantly and use less compute and RAM. Images are constructed from filesystem layers and share common files. This minimizes disk usage and image downloads are much faster. Standard Containers are based on open standards and run on all major Linux distributions, Microsoft Windows, and on any infrastructure including VMs, bare-metal and in the cloud. Secure Containers isolate applications from one another and from the underlying infrastructure. With a reduced attack surface and less OS patching for operations, Containers are a more secure way of deploying applications.

Consistent User Experience for Docker Everywhere

Docker Enterprise Edition Docker Universal Control Plane Integrated Security Docker Engine Container runtime, orchestration, networking, volumes, plugins Docker Trusted Registry Operating Systems Config Mgt Monitoring Logging CI/CD ..more.. Images Networking Volumes Virtualization Public Cloud Physical Docker Datacenter

Docker Enterprise Edition Architecture UCP Manager Internal distributed store Docker EE

Docker Enterprise Edition Architecture UCP Manager Internal distributed store Docker EE UCP Worker Admin / User Deploy / manage

Docker Enterprise Edition Architecture Admin / User Deploy / manage LDAP/AD Monitoring Logging External CA Image Storage Docker EE Internal distributed store UCP Manager UCP Manager UCP Manager push / pull BYO TCP Load Balancer DTR Replica Worker DTR Replica Worker DTR Replica Worker UCP Worker UCP Worker UCP Worker UCP Worker Image Registry

The building block: Docker Engine Built in orchestration with scheduling, networking and security Powerful yet simple, built in orchestration Declarative app services Built in container centric networking Built in default security Extensible with plugins, drivers and open APIs Docker Engine Swarm Mode Manager Swarm Mode Worker Secrets TLS Certificate Authority Volumes Load Balancing Service Discovery Plugins Distributed store Networking Container Runtime

Deep Dive: UCP Manager Nodes Point and click UI to manage nodes, services, containers and networks CLI and API support Secure access control with LDAP/AD support and granular RBAC Content security policy Web UI Log Aggregator Monitoring Access Control Auth Server Docker Swarm CS Docker Engine Swarm Mode Manager Node

Deep Dive: DTR Replica Worker Nodes Point and click UI to manage repos, images and team collaboration Image management with labels, tag store and garbage collection HA and redundant system Content security with built in image signing and verification Wide variety of storage driver support for image store Web UI Log Aggregator Monitoring Registry Certificate Authority Config DB State DB Notary Server Notary Signer CS Docker Engine Swarm Mode Worker Node

Docker EE CaaS In Action DEVELOPERS IT OPERATIONS Microservices Security scan & sign Image Registry Control Plane Traditional docker store Third Party

Unique Advantages of Docker Enterprise Edition Secure Hybrid Orchestration Secure, Automated Supply Chain Infrastructure Independence Define application-centric policies and boundaries Manage diverse applications across mixed infrastructure with secure segmentation Streamline the app delivery process across all apps (Linux and Windows, traditional and microservices) Consistently manage all applications across any infrastructure Easily “lift and shift” apps onto new infrastructure provides a clear model for managing images, containers, and clusters as a single supply chain from Dev to Ops

Exercise 1: Build a Docker EE Cluster Exercise 2: Deploy a Linux application

Migrating Traditional Applications With Docker EE

Internal External What Is A Legacy App Really? LAMP Stack Java .NET The date in which that code was written isn’t the only indicator that you’re dealing with a legacy application. There’s several other behaviors to keep an eye out for. LAMP Stack Java Linux Contains a lot of lost knowledge Most updates are band-aid fixes. Windows Dynamic scaling isn’t possible, or takes way too long. .NET .NET IIS Maintenance windows are a quarterly or bi-annual event. And contain more anxiety than confidence

Methodology: Docker EE Modernizes Apps and Infrastructure The quickest way to cut into that 80% App Existing Application Convert to a container with Docker EE Modern Infrastructure Built on premise, in the cloud, or as part of a hybrid environment. Modern Methodologies Integrate to CI/CD and automation system Modern Microservices Add new services or start peeling off services from monolith code base

Why Docker for MTA Other Container Platforms Other Container Platforms ISV ISV Traditional Homegrown Traditional Homegrown Other Container Platforms Other Container Platforms Microservices/Cloud Native Microservices/Cloud Native Linux Windows Mainframe Cloud Cloud Mainframe Windows Linux Azure AWS Other Clouds

Our Exercise Today The quickest way to cut into that 80% App Existing Application Convert to a container with Docker EE Modern Infrastructure Built on premise, in the cloud, or as part of a hybrid environment.

Migrate and Deploy a Windows App Simple static web app built on IIS stored inside a VM Image2Docker creates Dockerfiles from VMs Supported Artifacts Microsoft Windows Server Roles and Features Microsoft Windows Add/Remove Programs (ARP) Microsoft Windows Server Domain Name Server (DNS) Microsoft Windows Internet Information Services (IIS) Apache Web Server

Windows Tweet App Partial Dockerfile FROM microsoft/windowsservercore RUN Add-WindowsFeature Web-Server EXPOSE 80 RUN Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -filter 'system.applicationHost/log' -name 'centralLogFileMode' -value 'CentralW3C'; WORKDIR C:\ COPY start.ps1 . COPY index.html C:\inetpub\wwwroot COPY windows.png C:\inetpub\wwwroot CMD .\start.ps1

Exercise 3: Migrate and deploy a Windows web app

Orchestration Capabilties & Docker Compose

Services \ Tasks Services provide a piece of functionality Based on a Docker image An application is made up of 1-n services Replicated Services and Global Services Tasks are the containers that actually do the work A service has 1-n tasks

How service deployment works $ docker service create declares the service name, network, image:tag and scale Declare Reconcile Schedule Engines check to see what is running and compared to what was declared to “true up” the environment Managers break down service into tasks, schedules them and workers execute tasks API – user submits the manifest to the API, gets committed to raft and that creates a service object Orchestrator – reconciliation loop. Watching the services and nodesand creates tasks based on reconciling the delta Allocator – watches for tasks and gives IP addresses or volumes to the tasks Scheduler – creates an assignment of the tasks to the nodes Dispatcher - workers connects to it to see what it gets - responsible for the heartbeats (GRPC) – link is always open Worker - Executor – start / stop / status of the task that is assigned to the worker node RAFT – compiled into the Engine, Worker Node Pinata - what does the user get by including 1.12 in Pinata at June 14 vs. June 20. Especially if service manifest is not yet available? Since they can’t swarm mode and since service manifest is not available Distributed state vs. Kube has single KV store over the network Ours is in memory and disk so it is super fast..miliseconds. Does not go over the network Replicated service – some # of the same Global service – one on every machine Before scheduler would need to open a connection

Services Engine Engine Engine Engine Engine Engine mynet Engine Engine Engine $ docker service create --replicas 3 --name frontend --network mynet  --publish 80:80/tcp frontend_image:latest

Services Engine Engine Engine Engine Engine Engine mynet Engine Engine Engine $ docker service create --replicas 3 --name frontend --network mynet  --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest

Node Failure Engine Engine Engine Engine Engine Engine mynet Engine Engine Engine $ docker service create --replicas 3 --name frontend --network mynet  --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest

Desired State ≠ Actual State Engine Engine Engine mynet Engine Engine $ docker service create --replicas 3 --name frontend --network mynet  --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest

Converge Back to Desired State mynet Engine Engine Engine Engine Engine $ docker service create --replicas 3 --name frontend --network mynet  --publish 80:80/tcp frontend_image:latest $ docker service create --name redis --network mynet redis:latest

Docker Compose: Multi Container Applications Without Compose With Compose Build and run one container at a time Manually connect containers together Must be careful with dependencies and start up order Define multi container app in compose.yml file Single command to deploy entire app Handles container dependencies Works with Docker Swarm, Networking, Volumes, Universal Control Plane Docker compose is Dockers tool for creating and deploying multi container applications. Without the use of Docker compose IT operations staff and developers are forced to manually construct their multi container application stacks. Containers need to be instantiated and then manually link those containers together. Additionally if there're any dependencies amongst the containers then administrators need to be careful about the start up order for the application stack. With Docker compose all of this happens automatically. Using a compose.yml file, developers can specify the containers that make up their application, as well as any dependencies between containers. And, because Compose is a native Docker application, it works with all the other Docker tools (Swarm, Machine, Networking, Volumes) – it even integrates with the upcoming Docker Universal Control Plane.

Docker Compose: Multi Container Applications containers: web: build: . command: python app.py ports: - "5000:5000" volumes: - .:/code environment: - PYTHONUNBUFFERED=1 redis: image: redis:latest command: redis-server --appendonly yes This compose file specifies a two container app. The first is the web container. That container will be built using a dockerfile in the current directory. When the container starts up it will run “python app.py” and expose port 5000 from the container to the host. It will also mount a volume for the code and set an environment variable. The second container will launch an instance of redis based on the latest public redis image.

Stacks: Multi-Service Applications A stack is a collection of related services Stacks are a Docker primitive docker stack deploy docker stack ps docker stack rm Implemented via a docker compose file

Exercise 4: Deploy and Manage a Hybrid-OS Application

Dell & Docker rexray

Learning resources