deploying docker (provisioning /w docker + chef/puppet) - devopsdayspgh
DESCRIPTION
Using Docker to bake configuration.TRANSCRIPT
Deployingwith Docker
DevOps Days PGH 2014.05.30
a.k.a. provisioning docker containers and images with Chef
Deployingwith Docker
(or not)
Why do we still need<insert tool here>?
But… we have Dockerfiles!
It’s a shell-script?
$ cat SomeApp/DockerfileFROM ubuntu:13.10 RUN apt-get update; apt-get install apache RUN sed ’s/something/else/‘ /etc/apache/httpd.conf ADD shell-script.shRUN shell-script.shRUN [‘/usr/bin/apachectl’, ‘start’]
I ♥ #!/bin/bash. oo # https://raw.githubusercontent.com/ # ewindisch/bashoo/master/lib/oo # Classes are created implicitly through functionsfunction MsgWriter::new { self=$1; shift msg=$1; shift instance_var $self msg $msg } function MsgWriter::write { self=$1; shift echo $($self.msg) } new terminal is MsgWriter “Hello World” terminal.write
stack:~/devstack$ wc -l stack.sh functions \ functions-common \ lib/* lib/*/* | tail -n1 15490 total
DevOpsor
crazy-sauce?
$ cd ~/rpm-chef $ cat Dockerfile FROM fedora RUN yum update \ yum -y install chef
Do
cker
Chef
$ cd ~/omnibus-chef $ cat Dockerfile FROM fedora"RUN curl -L \ https://www.opscode.com/chef/install.sh | /bin/bash
Do
cker
Chef
Traditional Chef
Hardware
OS
Linux
Chef
Installs Chef
Runs
Configures
Images on HWis usually mutable
Hardware
Image
Linux
Chef
Installs Chef
Image'
Linux
Chef
Creates
Replaces
Runs
Ephemeral environmentsare (somewhat) immutable.
Hypervisor
Image
Linux
Chef
Runs
Image'
Linux
Chef
Chef
Runs
Configures
VM
Accesses
COW
Chef-for-runtime
$ cat Dockerfile FROM fedora RUN yum update; \ yum -y install chef
ADD http://x/receipes.tar.gz /opt/chef"ADD solo.rb /etc/chef/solo.rb"CMD chef-solo -c /etc/chef/solo.rb ; \! apachectl start
Containersare
THINGS
X
X
Servers vs Things
Pets vs Cattle
LET US BAKEIMAGES!
Let us
BAKE
images!
Containers are like ephemeral VMs*
* Docker containers don’t HAVE to be ephemeral, but it’s TheRightThing
Docker
Image
Linux
Chef
Runs
Image'
Linux
Chef
Chef
Runs
Configures
Container
Accesses
COW
TM
Bakery Chef
$ cat Dockerfile FROM fedora RUN yum update; \ yum -y install chef"ADD http://x/receipes.tar.gz /opt/chef"ADD solo.rb /etc/chef/solo.rb"RUN chef-solo -c /etc/chef/solo.rb
Burning configuration into images.
Docker ContainerInitiates Creates
Image
Linux
Chef
Chef
Runs
Configures
Build Creates
Expanded view:Burning configuration into
images.
Docker Image tagInitiates
Image'
Linux
Chef
Chef
Build
Image
Linux
Chef
Creates
Creates
Runs Creates
References1
2
Anatomy of a Docker+Chef build & run
Docker ContainerInitiates Creates
Image
Linux
Chef
Chef
Runs
Configures
Chef
Runs
Configures
Build Creates
Stage 1 Stage 2
For All The Things!
$ cat Dockerfile FROM fedora RUN yum update; \ yum -y install chef ADD http://x/receipes.tar.gz /opt/chef"ADD solo-stage1.rb /etc/chef/solo-stage1.rb"ADD solo-stage2.rb /etc/chef/solo-stage2.rb"RUN chef-solo -c /etc/chef/solo-stage1.rb"CMD chef-solo -c /etc/chef/solo-stage2.rb; \" apachectl start
Does it converge?
$ docker build —rm . $ echo $? # pass or fail
(This is great use of Docker as an alternative to VMs for testing Chef recipes targeting non-Docker production systems)
Deploying Docker (for real this time)
#!/bin/bash -x aws ec2 run-instances \ --image-id ami-e55a648c \ --key-name my-key \ --user-data "#include https://get.docker.io” ip=$(aws ec2 describe-instances \ --output json \ --filter Name=instance-state-name,Values=running | python \ -c 'import json; import sys; print json.load(sys.stdin)[“Reservations”][0]["Instances"][0]["PublicIpAddress"]') ssh ubuntu@$ip sudo docker run cirros
# using https://github.com/bflad/chef-docker $ cat cookbooks/docker-registry/default.rb# Pull latest image docker_image 'samalba/docker-registry' !# Run container exposing ports docker_container 'samalba/docker-registry' do detach true port '5000:5000' env 'SETTINGS_FLAVOR=local' volume '/mnt/docker:/docker-storage' end $ knife ec2 server create # yada yada yada
docker::run { 'helloworld': image => 'base', command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', ports => ['4444', '4555'], links => ['mysql:db'], use_name => true, volumes => ['/var/lib/couchdb', '/var/log'], volumes_from => '6446ea52fbc9', memory_limit => 10485760, # bytes username => 'example', hostname => 'example.com', env => ['FOO=BAR', 'FOO2=BAR2'], dns => ['8.8.8.8', '8.8.4.4'], restart_service => true, }
7KH�'RFNHU�SOXJLQ�IRU�+HDW%\�XVLQJ�WKH�SOXJLQ��+HDW�FDQ�WDON�GLUHFWO\�WR�'RFNHU
Orchestration for Dockerwith OpenStack Heat
DockerInc::Docker::Container
VMs
Baremetal
Heat Workflow
Heat API
VM
Docker
NovaNova resource
Docker resource
Container1
Container2
Container3
HOT
heat_template_version: 2013-05-23 description: shared volumes example resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io ftp_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: mikz/vsftpd ports: [ “21:21” ] volumes: [ “/ftp” ] name: “FTP”
apache_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: fedora/apache ports: [ “80:80” ] volumes-from: “FTP” cmd: “rm -rf /var/www; ln -s /ftp /var/www; /run-apache.sh”
Ansible- hosts: web sudo: yes tasks: - name: ensure redis container is running docker: image=crosbymichael/redis name=redis - name: ensure redis_ambassador container is running docker: image=svendowideit/ambassador ports=6379:6379 links=redis:redis name=redis_ambassador_ansible
Mesos Flynn.io
Creating Containers is Easy
Managing them SUCKS
needs improvement
This is probably material for another
talk…
Container Inventory
• discoverd / sdutil • serf • skydock • others?
X
X
Q & A
@ewindisch