Configuration Management in a Containerized World

Julian Dunn

Product Manager

Chef Software, Inc.

February 2015

Top 3 Reasons for Docker's Success

1. Instant productivity

2. Developing is like shipping

3. Portable artifact

Build Test Ship Run

Build

FROM msdos:6.1

LOAD HIMEM.SYS

LOADHIGH EMM386.EXE

ENTRYPOINT AUTOEXEC.BAT

$ knife container docker build ...

• Open-source plugin to Chef's "knife"

• Use existing cookbooks to build containers

• https://github.com/chef/knife-container

Test

control_group "shellshock" do

control "ensure bash is a new enough version" do

expect(package('bash')).to be_installed.and at_version('> 4.1.2-25.el6.x86_64')

end

control "try to exploit shellshock" do

let(:cmd) { %q{env x='() { :;}; echo vulnerable' bash -c "echo test" }}

expect(shell_out(cmd).exitstatus)).to not_equal(1)

end

end

Ship

• Docker registry

• Kubernetes? Mesos?

• AWS CodeDeploy/Container Service?

• Other?

Run

• Per-container monitoring, metrics, inventory

• Resource allocation ("scheduling")

• Service discovery

• Controlled mutability

Fleet Management: Crossing the Machine Boundary

machine 'mysql_wordpress' do

recipe 'mysql'

recipe 'wordpress::database'

tag 'mysql_master'

end

num_webservers = 5

1.upto(num_webservers) do |i|

machine "wordpress#{i}" do

recipe 'apache'

recipe 'wordpress'

end

end

Thanks!jdunn@chef.io

julian_dunn

juliandunn