dockerizing a symfony2 application
TRANSCRIPT
Dockerizing Symfony2application
Roman R.
Who am I?
Roman [email protected]
- Software Engineer at EPAM (more Dev than Ops)
- @founder of 2enota, and of adbar
- @co-organizer Lviv GDG
github.com/itspoma
skype: roman.rodomanskyy
linkedin.com/in/rodomansky
Questions
- who has tried Vagrant?
- who has tried Docker? (online tutorial)
- who has tried the real Docker? (deployed remote VM)
- Installed Docker locally? (under the boot2docker, or Vagrant)
- Who has written a Dockerfile? (and built it)
- An published image on Docker Hub?
- Deployed Docker image for stage?
● why Docker is so cool (container madness)
● what is Docker (and why it matters)
● what are Containers (w/ background)
● the Docker ecosystem (w/ tools)
● dockerizing Symfony2 application workflow
Agenda
Dockeris a trend
The problems
The problems
- application deploy harder than could be
- application can’t run, by reason of differences in environments
- deploying machines separately from applications
- used entire operating systems to deploy (with all of the security footprint that they
entail)
- heavy-weight virtualized servers without specifying CPU/memory/etc
- make a magic button to “publish app anywhere”
- container management
- different deployment mechanisms for custom nodes
The isolation problem
Project A: zend server, mysql, php 5.3
Project B: apache2, postresql, php 5.4, rabbitmq
Project C: apache2, mysql, php 5.6, oracle, solr, ldap
Hypervisor or Not?
vs VM
Speed:
VBox -> 1 min
docker -> 0.3 sec
Memory:
VBox -> 256 Mb
docker -> 1 Mb
Disk quota:
VBox: 1 Gb
docker: 100 kb
LinuX Containers
has been present in Linux kernels for 5+ years and now is considered fairly mature
others:
- lmctfy Let Me Contain That For You (Google)
- libcontainer (Docker)
Background: LXC
Background: namespaces
separate namespaces for containers
own mount
own net namespace (network interfaces)
own uts namespace (hostname)
own ipc namespace
own user namespace (mapping uid-s between inside/outside of)
Control Cgroups
is a Linux kernel feature
that limits and isolates the resource usage (CPU, memory, disk I/O, network, etc) of a collection of processes
Google engineers started work on this feature in 2006 under the name “process containers”
in 2007 changed name to “control groups”
the goal - to provide a unified interface to many different use cases
- memory
- cpu
- blkio
- devices
Background: cgroups
Build,Ship,Run
Any ApplicationAnywhere
- Build: package your application in a container
- Ship: move that container from a machine to another
- Run: execute that container
- Any application: anything that runs on Linux
- Anywhere: local VM, cloud instance, raspberry pi, baremetal...
The Idea
Hello, Docker. Who are you?
tool for managing LXC containers
client / hub
What is a Docker Container?
- high level = is a small virtual machine- with own process space, network interface- can run staff as root
- low level = it is a chroot on a steroids- isolation with namespaces- limitation by cgroups (own mount, own
- A container is a single service in a larger application- a web server (e.g., nginx)- an application server (e.g., PHP-FPM)- need a database server (e.g., MySQL)- Each of these services can be separated into its own Docker container
What is a Docker Image?
Imagine a Docker image
as a PHP class
bash$ docker search centos
https://registry.hub.docker.com/https://registry.hub.docker.com/_/centos/
bash$ docker push # image to the Hubbash$ docker pull # this image from any machine
is a cloud for sharing container images and automating workflows
free for public
paid for private
metadata + archives
similar to Git commits structure
What is a Docker Hub?
$ docker run -ti ubuntu /bin/bash
$ docker run -ti debian /bin/bash
$ docker run -ti fedora bash
$ docker run -ti centos bash
Your First Container
$ docker search centos
$ docker run --rm -ti centos:7 bash
$ docker run --rm -ti centos:6 bash
$ docker run --rm -ti centos:5 bash
root@container:/# cat /etc/issue
Building a Server with Dockerfile
- receipe to build a container
- start FROM a base image
- RUN commands on top of it
- easy to learn, easy to use
Dockerfile example
FROM ubuntu:14.04RUN apt-get updateRUN apt-get install -y nginxEXPOSE 80
bash$ docker build -t example/nginx .bash$ docker run -d -P example/nginx
Stop!Demo timeshow “simple-container”
https://github.com/itspoma/docker-symfony2/tree/master/env/simple-container/
demo time(single container)
Finally, run the web server
docker run -p 80:80 -d nginx-exampledocker ps
docker run -v /home/core/share:/var/www:rw -p 80:80 -d nginx-example
docker inspect <Container ID>
Linking Containers
if containers need to communicate with eachotherif your application container needs to communiate with a database container
$ docker run -p 3306:3306 -name mysql -d some-mysql-image$ docker run -p 80:80 -link mysql:db -d some-application-image
$ env | grep MYSQLMYSQL_PORT_3306_TCP_ADDR=172.17.0.8MYSQL_PORT_3306_TCP_PORT=3306
demo time(multiple container)
Docker ecosystem
Docker Engineopen-source tool, written in Go, runs as a daemon, comes with a CLI, has a REST API
Docker Hubregistry of services, public/private repos, automated builds
Docker community> 600 contributors~20 core mainainers> 50k repos on Docker Hub
Docker ComposeDocker MachineDocker Swarm
Docker Machine
Automatically setups up Dockeron your computer,on cloud providers,and inside your data center.
Can provisione any host.
bash$ docker-machine create -d virtualbox devbash$ docker-machine create -d digitalocean dev
Docker Swarm
Provides native clustering capabilities to turn a
group of Docker engines into a single, virtual
Docker Engine.
run your stack with one command: docker-
compose up
describe your stack with one file: docker-
compose.yml
# docker-compose.yml
web: image: php:5.6-apache links: - db:db volumes: - .:/var/www/html
db: image: postgres
Docker Compose
demo time(using Compose)
And, push it to the stage
git clone http://github/repo.gitdocker-compose up -d
Zero DownTime
attach Attach to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
diff Inspect changes on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
images List images
history Show the history of an image
images List images
inspect Return low-level information on a container or image
port Lookup the public-facing port that is NAT-ed to PRIVATE_PORT
ps List containers
...
Making Docker commands
1) The Shared Base Container(s)
2) The Shared Volume Dev Container
3) The Dev Tools Container
4) The Test In A Different Environment containers
5) The Build Container
6) The Installation Container
7) The Default-Service-In-A-Box Containers
8) The Infrastructure / Glue Containers
Docker development patterns
● docker stats (built-in)
● CAdvisor (available as container, free)
● Scout (SASS, paid)
● Data Dog (SASS, free)
● Sensu (container, free)
Containers Monitoring
$ docker stats 18ef566e1cba 61403b48f054 e1d1e09f0dc1
CONTAINER CPU % MEM USAGE/LIMIT MEM % NET
I/O
18ef566e1cba 0.44% 264.7 MiB/1.957 GiB 13.21% 1.988 KiB/648 B
61403b48f054 0.00% 684 KiB/1.957 GiB 0.03% 2.32 KiB/648 B
e1d1e09f0dc1 0.01% 17.85 MiB/1.957 GiB 0.89% 5.158 KiB/40.1
KiB
Containers Monitoring: docker stats
docker run \ --volume=/:/rootfs:ro \ --volume=/var/run:/var/run:rw \ --volume=/sys:/sys:ro \ --volume=/var/lib/docker/:/var/lib/docker:ro \ --publish=8080:8080 \ --detach=true \ --name=cadvisor \ google/cadvisor:latest
$ open http://$(boot2docker ip):8080/
Containers Monitoring: CAdvisor
Resources
- Docker Cheat
Sheet https://github.com/wsargent/docker-cheat-sheet
- Docker for Developers - Jérôme Petazzoni
https://www.youtube.com/watch?v=FdkNAjjO5yQ
- https://github.com/veggiemonk/awesome-docker
Sources: https://github.com/itspoma/docker-symfony2
Summary
With Docker, you can:
- you fairly easily can build servers
- put your software into container
- run those containers anywhere
- write receipes to automatically build containers
- automate testing, building, hosting using the Docker Hub
Everything in the environment is under your control
ship the entire environment instead of just code!
The end.
Thanks!