docker.io @ centos 7 - secure and portable containers made easy
DESCRIPTION
The speaker Jürgen Brunks works for inovex GmbH as a senior linux systems engineer and designs, optimises and deploys highly scalable, automated linux environments for customers. For over 20 years he has been professionally with Unix/Linux and open source and could through numerous projects gained extensive practical experience. His duties include the design, construction and operation of systems. His focus is here in the Automation and Virtualization of highly available and highly scalable infrastructures.TRANSCRIPT
![Page 1: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/1.jpg)
docker.io @ CentOS 7
Secure And Portable
Containers Made Easy
Jürgen Brunk
Köln, 04.08.2014
![Page 2: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/2.jpg)
docker.io 2
1.Was ist Docker ?2.Was sind Container ?3.Warum Docker ?4.Architektur5.Praxis6.Docker unter CentOS 7 installieren7.Ein einfaches „Hello World“ Beispiel8.Grundlegende Docker Befehle9.Dockerfile
Agenda
![Page 3: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/3.jpg)
Was ist Docker ?
![Page 4: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/4.jpg)
docker.io 4
Was ist Docker ?
Das Docker* Framework erlaubt
es (Web-) Applikationen in schlanke, autarke
und portable Umgebungen, sog.
Container, zu verpacken
*) engl. Hafenarbeiter
![Page 5: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/5.jpg)
Was sind Container ?
![Page 6: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/6.jpg)
docker.io 6
Was sind Container ?
Operating system–level virtualization:z.B. jails, openvz, lxc, ...
Abgeschottete Teilmenge des Hostsystems(getrennter Process-, Netzwerk-, I/O-Raum)
Quasi „chroot on Steroids“
![Page 7: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/7.jpg)
docker.io 7
Container vs. VMs
![Page 8: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/8.jpg)
Warum Docker ?
![Page 9: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/9.jpg)
docker.io 9
Warum Docker? (The Matrix from Hell)
![Page 10: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/10.jpg)
docker.io 10
Vorteile für DEV
Einmal gebaut – läuft überall !
Saubere, sichere, portable Laufzeitumgebung für die Application
Kein Problem mit Dependencies, Paketen etc. während des Deployments
Jede Application ist ein isolierter Container mit ggf. unterschiedlichen SW-Versionen
![Page 11: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/11.jpg)
docker.io 11
Vorteile für OPS
Einmal konfiguriert – läuft überall !
Keine Inkonsistenzen mehr zwischen Dev-, QA-, Stage-, Prod-Umgebung
Schnelleres Deployment (continuous deployment / continuous integration)
Schlanke Container – bessere Performance als VM's
![Page 12: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/12.jpg)
docker.io 12
Warum es funktioniert (Trennung der Zuständigkeiten)
Entwickler:
Kümmert sich um das was innerhalb des Containers ist:
● sein Code / Daten
● seine Libs / Frameworks
● sein Package Manager
Alle Linux Server sehen gleich aus
Admin:
Kümmert sich um das was ausserhalb des Containers ist:
● Logging / Backup
● Remote Access
● Network Config
Alle Container starten und stoppen gleich
![Page 13: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/13.jpg)
ArchitekturArchitektur
![Page 14: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/14.jpg)
docker.io 14
Architektur
![Page 15: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/15.jpg)
docker.io 15
schlank
Docker basiert auf Linux ContainernMinimaler Overhead (cpu/io/network)
Verwendet layered Filesystem*
*)aufsbtrfsdevicemapper
![Page 16: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/16.jpg)
docker.io 16
portabel
Läuft auf jedem System das LXC unterstützt
Ubuntu, Debian, RHEL, CentOS, Fedora, Gentoo, Google Cloud, Rackspace Cloud, Amazon EC2, IBM Softlayer, Arch Linux, FrugalWare, Fedora, openSUSE, CRUX
Linux, CoreOS, ...
Microsoft Windows*, Apple OSX*,Raspberry PI*
![Page 17: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/17.jpg)
docker.io 17
autark
Ein Docker Container enthält alles nötige:
● Minimal Base OS (kein Kernel)● Libraries / Frameworks
● Application Code + Data
Ein Container kann überall da laufen wo auch Docker installiert werden kann
![Page 18: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/18.jpg)
docker.io 18
Docker Basics
![Page 19: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/19.jpg)
Fragen soweit ?
![Page 20: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/20.jpg)
Praxis
![Page 21: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/21.jpg)
docker.io 21
Praxis
Wirbauen
unsDocker
Container
![Page 22: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/22.jpg)
Docker unterCentOS 7 installieren
![Page 23: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/23.jpg)
docker.io 23
Docker unter CentOS 7 installieren
# EPEL Repo einbinden *)# rpm -Uvh http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm# yum clean all && yum makecache
# Docker installieren# yum install docker-io
# Docker Installation prüfen$ sudo docker info$ sudo docker version
# Docker Verzeichnis – hier liegt alles$ sudo ls -l /var/lib/docker/
# Docker Usage anzeigen lassen$ sudo docker
![Page 24: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/24.jpg)
Ein einfaches „Hello World“ Beispiel
![Page 25: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/25.jpg)
docker.io 25
Ein einfaches „Hello World“ Beispiel
# ein fertiges Image aus dem Docker Index ziehen$ sudo docker pull ubuntu
# alle lokalen Images auflisten$ sudo docker images
# einen Container erzeugen, Applikation# „/bin/echo“ laufen lassen und am Ende den# Container wieder entfernen$ sudo docker run --rm ubuntu \/bin/echo „Hello World“
![Page 26: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/26.jpg)
Grundlegende Docker Befehle
![Page 27: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/27.jpg)
docker.io 27
Grundlegende Docker Befehle
docker search <TERM>docker start | stop | kill | restart <CID>docker ps [-a|-s]docker imagesdocker pull <IMAGE>[:TAG]docker run [-i] <IMAGE> [<CMD>]docker build <PATH> | <URL> | -docker rm [-f] <CID>docker rmi [-f] <IMAGE>docker save <IMAGE>docker load
![Page 28: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/28.jpg)
Dockerfile
![Page 29: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/29.jpg)
docker.io 29
Dockerfile
# sshd## VERSION 0.0.1
FROM ubuntuMAINTAINER Thatcher R. Peskens "[email protected]"
# make sure the package repository is up to dateRUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.listRUN apt-get update
RUN apt-get install -y openssh-serverRUN mkdir /var/run/sshd RUN echo 'root:screencast' |chpasswd
EXPOSE 22CMD /usr/sbin/sshd -D
![Page 30: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/30.jpg)
docker.io 30
Container aus dem Dockerfile bauen
# Dockerfile erzeugen (Inhalt siehe letzte Folie)$ vi Dockerfile
# Docker Image bauen, temporäre Zwischenbuilds am Ende verwerfen$ sudo docker build --rm -t img_sshd .
# lokale Docker Images auflisten$ sudo docker imagesREPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZEimg_sshd latest 9b8cbe62ff21 2 minutes ago 313.6 MB
# neuen Container aus Image erzeugen und als Daemon starten$ sudo docker run -d -P --name ct_sshd img_sshdd25a3b457f1164abc0ab29c30581be3ac7b5594290ceece772bf0f4309c228f8
![Page 31: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/31.jpg)
docker.io 31
SSH Connect in den Container
# Container auflisten$ sudo docker ps --no-trunc=trueCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESd25a3b457f1164abc0ab29c30581be3ac7b5594290ceece772bf0f4309c228f8 img_sshd:latest /bin/sh -c '/usr/sbin/sshd -D' 4 minutes ago Up 3 minutes 0.0.0.0:49153->22/tcp ct_sshd
# Container → Host Port Mapping finden$ sudo docker port ct_sshd 220.0.0.0:49153
# SSH Connect via local Port forwarding (passwd = „screencast“)$ ssh -lroot -p49153 localhost
# SSH Connect via Container IP$ sudo docker inspect ct_sshd | grep IPAddress
![Page 32: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/32.jpg)
Noch Fragen ?
![Page 33: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/33.jpg)
Quellennachweise und Links
![Page 34: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/34.jpg)
docker.io 34
Quellennachweise
Quellennachweise:
www.docker.io
Images:
www.docker.iowww.jundiai.com.brruhrnachrichten.de
gist.github.com/simota/9043141slides.com/stevenborrelli/docker
![Page 35: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/35.jpg)
docker.io 35
Links
Links:
Docker Website:http://www.docker.io/
CoreOS:http://coreos.com/
Lightweight Linux for Docker:http://boot2docker.io/
Packer:http://www.packer.io/
![Page 36: docker.io @ CentOS 7 - Secure And Portable Containers Made Easy](https://reader033.vdocuments.mx/reader033/viewer/2022042701/559ea0271a28abcd048b4847/html5/thumbnails/36.jpg)
36
Vielen Dank für Ihre Aufmerksamkeit
Kontakt
Jürgen BrunkSystems Engineer
inovex GmbHOffice MünchenValentin-Linhof Str. 2D-81829 München
Mobil: 0173 3181 003Mail: [email protected]