docker from scratch
TRANSCRIPT
![Page 2: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/2.jpg)
About me• 15 years “in the trenches cubicles”
• Developer of RTC (VoIP, IM, WebRTC) solutions
• Often dealing with DevOps topics
• Founder of RTCSoft in 2015
@giavac
https://github.com/giavac
![Page 3: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/3.jpg)
Objective of this presentation
![Page 4: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/4.jpg)
Docker usage scenarios• Run services
• Deployment mechanism
• Prototyping
• Testing
• Continuous Integration/Delivery
![Page 5: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/5.jpg)
What’s in a name?
![Page 6: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/6.jpg)
Previously on this show
http://www.slideshare.net/GiacomoVacca/docker-and-puppet-for-continuous-integration
![Page 7: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/7.jpg)
What is Docker, really?• An Open-Source (Go) framework to manage “container virtualisation”
• Docker isolates multiple user spaces (file systems) inside the same host
• The user space instances are called “Containers”
• They give you the illusion of being inside a VM
• Think about “execution environments” or “sandboxes”
• No need for an hypervisor (and so very quick to launch)
• Requires x64 Linux and kernel 3.8+
![Page 8: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/8.jpg)
Ingredients vs Cake
![Page 9: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/9.jpg)
Virtual Machines vs Docker
Source: https://www.docker.com/what-docker
![Page 10: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/10.jpg)
What Docker is not?
• A programming language
• An OS
• A Virtual Machine
• An image in the traditional hypervisor-based Virtual Machine concept
![Page 11: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/11.jpg)
Where is Docker used?• Uber, eBay, BBC News, shopify, ING
• and many others…
• Used by Google Cloud (with the Container Engine + Kubernetes)
source: https://www.docker.com/customers
![Page 12: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/12.jpg)
Who should know about Docker?• Developers
• Yes, even mobile developers
• Sysadmins
• “DevOps” people
• Architects/CTO/COO (want to save some money?)
• You (probably)
![Page 13: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/13.jpg)
Glossary• Docker, aka Docker Engine: the daemon managing docker images and containers (using namespaces and cgroups). It
runs on the (Linux-based) Host.
• Docker client: the binary interacting with the Docker Engine.
• Docker Image: a filesystem (read-only template) used to create a Container (think “the binary”)
• Docker Container: a running image providing a service (think “the process”)
• Host: the computer running the Docker Engine
• Docker Registry: a private or public (Docker Hub) collection of Docker Images
• Docker Machine: provision hosts and install Docker on them
• Docker Compose: create and manage multi-container architectures
• Docker Swarm: orchestrating tool to provision and schedule containers
![Page 15: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/15.jpg)
The Easiest Thing To Do…• $ docker run -it BASEIMAGE /bin/bash
• (will pull the BASEIMAGE layers)
• $ docker run -i -t ubuntu /bin/bash
• Do something inside the container (install packages, configure app): magic!
• $ docker commit CONTAINERID NEWIMAGELABEL
• Check created image with ‘docker images’
![Page 17: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/17.jpg)
Docker and the Kernel
• Containers interact with the kernel through system calls
• There are no parts of the kernel or kernel modules inside a container
• A container cannot use a different kernel (version) than the host
• The same kernel is shared by all the containers
![Page 18: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/18.jpg)
Workflow• Build an image (Dockerfile + base images pulled automatically)
• docker build -t gvacca/nginx .
• Store image in a registry (public, e.g. Dockerhub, or private)
• docker push gvacca/nginx
• Pull image on the target host
• docker pull gvacca/nginx
• Run container on the target host
• docker run -it gvacca/nginx
![Page 19: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/19.jpg)
Dockerfiles
• Files that contain the “recipe” to build an image
• Created and stored as any other source code
• Help defining and documenting the building process
• Define layer after layer the final image
![Page 20: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/20.jpg)
Dockerfile - exampleFROM ubuntu:latest
MAINTAINER Giacomo Vacca <[email protected]>
RUN apt-get update
# Install nginx RUN apt-get -y -q install nginx
# Prepare target dir for website (Must match global.conf) RUN mkdir -p /var/www/html
# Configure nginx COPY nginx/nginx.conf /etc/nginx/nginx.conf COPY nginx/global.conf /etc/nginx/conf.d/global.conf
EXPOSE 8080
CMD [ "/usr/sbin/nginx" ]
![Page 21: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/21.jpg)
Build an Imagedocker build -t USER/LABEL:TAG CONTEXT_PATH
$ docker build -t gvacca/nginx:1.0 .
The location of the Dockerfile defaults to ./Dockerfile
You can specify the actual Dockerfile path with ‘-f’, e.g.:
$ docker build -t gvacca/nginx -f ./Dockerfile.ubuntu
Analyze the “build history” of an image:
$docker history gvacca/nginx
The “build context” is composed by the files at a specified CONTEXT_PATH (dir or URL)
![Page 22: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/22.jpg)
Build an imagegvacca@dockerubuntu:~simple_nginx$ sudo docker build -t gvacca/simple-nginx . Sending build context to Docker daemon 7.168 kB Step 1 : FROM ubuntu:14.04 ---> 1d073211c498 … Step 2 : MAINTAINER Giacomo Vacca <[email protected]> ---> Running in 10a8334becfd ---> 559310abf4fb Removing intermediate container 10a8334becfd Step 3 : RUN apt-get update ---> Running in 873b09debab0 … Step 8 : EXPOSE 8080 ---> Running in a27f73413c02 ---> f5ef8527f2a3 Removing intermediate container a27f73413c02 Step 9 : CMD /usr/sbin/nginx ---> Running in d99de19cc782 ---> df76d20cd00f Removing intermediate container d99de19cc782 Successfully built df76d20cd00f
![Page 23: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/23.jpg)
List Available ImagesList locally available images:
$ docker images
Clean up useless images:
$ docker images -q --filter “dangling=true”
![Page 24: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/24.jpg)
Push an Image to Registry
$ docker push gvacca/nginx URL
$ docker push USER/LABEL REGISTRY_URL
![Page 25: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/25.jpg)
Pull an Image from Registry
$ docker pull gvacca/nginx
$ docker pull USER/LABEL
Will search in a local repo first, unless the full repo URL is specified.
![Page 26: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/26.jpg)
Run a Container$ docker run -i -t gvacca/nginx
$ docker run [--name NAME] [options] USER/LABEL [command]
If the image is not found locally Docker searches it remotely.
A container runs as long as there’s an active process in foreground.
See also ‘docker start|stop|restart ID’
![Page 27: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/27.jpg)
Check Running Containers$ docker ps [-a]
$ docker top
In general, use ‘docker info’ to get a summary
![Page 28: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/28.jpg)
Entering inside a running container$ docker attach CONTAINER_NAME
$ docker exec -it CONTAINER_NAME COMMAND
$ docker exec -it gvacca/nginx /bin/bash
$ docker logs CONTAINER_NAME
Or show processes running inside a container:
$ docker top CONTAINER_NAME
![Page 29: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/29.jpg)
Port MappingAssociation between the ports exposed by the container and the ports used on the host.
EXPOSE command for Dockerfile
Port mapping at run time: one or more ‘-p’ arguments to docker run.
No need for port mapping when the container is inside a network (see later).
You can expose port ranges (recent improvement).
![Page 30: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/30.jpg)
Volumes
• Share a folder between host and container.
• VOLUME command inside the Dockerfile
• Dynamic volume association at run time: one or more ‘-v’ arguments.
• Volumes shared by an image are available even if the container is not running (but it needs to still exist).
![Page 31: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/31.jpg)
Inspect a Container
$ docker inspect nginx
$ docker inspect CONTAINER_NAME
![Page 32: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/32.jpg)
Output of inspect{ "Id": "c61b85d3a9451d2ac3bbe301f54dc97b0df13c2835d0fb1f6214db64929e646d", "Created": "2016-01-05T09:47:16.125279193Z", "Path": "/bin/sh", "Args": [ "-c", "nginx" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 16817, …
![Page 33: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/33.jpg)
Keeping images clean$ apt-get remove --purge -y $BUILD_PACKAGES $(apt-mark showauto) && rm -rf /var/lib/apt/lists/*
https://www.dajobe.org/blog/2015/04/18/making-debian-docker-images-smaller/
![Page 34: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/34.jpg)
Docker Toolbox• You can run a Docker environment on your OSX/Windows laptop
• Docker Toolbox installs Docker Machine (‘client-machine’), which creates a Linux Virtual Machine (with VirtualBox) for you, with Docker Engine inside
• Docker Toolbox installs a docker client (‘docker’) on your machine
• The docker client connects to the Docker Engine running inside the VM
https://www.docker.com/docker-toolbox
![Page 35: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/35.jpg)
Run the containergvacca@dockerubuntu:simple_nginx$ sudo docker run -d --name nginx -p 8080:8080 -v $PWD/website:/var/www/html/website gvacca/simple-nginx add8d371f82f615ebbd121cea804511dcdafac893b14325366744797424fa44c
gvacca@dockerubuntu:simple_nginx$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES add8d371f82f gvacca/simple-nginx "/usr/sbin/nginx" 11 seconds ago Up 9 seconds 0.0.0.0:8080->8080/tcp nginx
gvacca@dockerubuntu:simple_nginx$ ps aux |grep docker root 792 0.0 4.7 693136 23740 ? Ssl Nov04 11:20 /usr/bin/docker daemon root 1977 0.0 2.6 152692 13172 ? Sl 11:26 0:00 docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.2 -container-port 8080
![Page 36: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/36.jpg)
Networks of Containers• “docker network” defined since Docker 1.9
• Create an isolated network, then attach containers to it
• Containers on different networks by default don’t see each other
• Internal private addressing managed by Docker
• Brilliant for prototyping and emulating entire architectures
• Better have one single application per container
![Page 37: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/37.jpg)
Docker inside DockerBut you need the privileged mode
![Page 38: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/38.jpg)
Orchestration• Docker Composer
• Docker Swarm
• Google’s Kubernetes
• Apache Mesos
• Puppet & others
![Page 39: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/39.jpg)
Docker as Slave for Jenkins• Associate specific Docker images to specific Jenkins build jobs
• Keep builds clean & reproducible (“Non-event releases”)
• Run slave containers on demand - stop them when not needed.
• Jenkins Plugin: https://wiki.jenkins-ci.org/display/JENKINS/Docker+Plugin
• Other Cloud methods, e.g. Mesos
![Page 40: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/40.jpg)
Jenkins to build Docker images• A Jenkins job:
• Checks out a Dockerfile from a repo
• Builds the image
• Upload the new image in a registry
• May re-use images for new builds (careful about integrity)
![Page 41: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/41.jpg)
Puppet to manage Docker containers• Module for docker: https://forge.puppetlabs.com/garethr/docker
• Installs Docker and required dependencies
• Launches the Docker daemon
• Sets DNS, users and other configuration items
• Pull images from selected repos
• Run containers (image + command)
![Page 42: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/42.jpg)
Run Jenkins inside Docker• Manage Jenkins with a dedicated image + volume with data
• From the official Docker registry: https://hub.docker.com/_/jenkins/
docker run -d -p 8080:8080 -p 50000:50000 -v ~:/var/jenkins_home jenkins
• TCP 8080: Web UI
• TCP 50000: interface to connect slaves
![Page 43: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/43.jpg)
Questions and AnswersThanks
![Page 44: Docker From Scratch](https://reader030.vdocuments.mx/reader030/viewer/2022020119/587cf7811a28ab564b8b74cb/html5/thumbnails/44.jpg)
Recommended Books• “The Docker book”, J. Turnbull, http://www.amazon.co.uk/Docker-
Book-Containerization-new-virtualization-ebook/dp/B00LRROTI4
• “Continuous Delivery”, J. Humble, http://www.amazon.com/Continuous-Delivery-Deployment-Automation-Addison-Wesley/dp/0321601912
• “Building Microservices”, S. Newman, http://shop.oreilly.com/product/0636920033158.do