how reconnix is using docker
DESCRIPTION
Presentation about how we are using Docker at Reconnix.TRANSCRIPT
How
is using ….
Docker is an open-source engine that automates the
deployment of any application as a lightweight,
portable, self-sufficient container that will run
virtually anywhere.
Great, another virtualisation technology?
Guest OS
Hypervisor
Host OS
Server
Guest OS
App A
Bins / Libs
App B
Bins / Libs
Virtual Machines
App A
Bins / Libs
Docker Engine
Host OS
Server
App B
Bins / Libs
Docker
Docker is ....
• Written in GO, originally written in Python • A simple CLI and REST-like API to …. • LXC (Linux Containers)
• Namespace - Isolate processes • cGroups - Provision resources for processes • UnionFS & AUFS Support - For images
• Linux Containers have been around for years !!
Docker Containers.
Example Dockerfile.FROM russmckendrick/base:latest
MAINTAINER Russ McKendrick <[email protected]>
ADD nginx.repo /etc/yum.repos.d/
RUN yum -y install nginx mariadb php php-fpm php-mysql php-pdo php-devel php-gd php-pecl-memcache php-pspell php-snmp php-xmlrpc php-xml python-setuptools && yum clean all
RUN easy_install pip && pip install "pip>=1.4,<1.5" --upgrade && pip install supervisor
RUN useradd webserver -u 666 && gpasswd -a webserver apache
ADD conf-supervisord.conf /etc/supervisord.conf
ADD default.conf /etc/nginx/conf.d/default.conf
RUN curl -sS https://getcomposer.org/installer | php && mv composer.phar /usr/local/bin/composer
ADD run /usr/local/bin/
RUN chmod +x /usr/local/bin/run
CMD ["/usr/local/bin/run"]
bootfs Kernel
Base Imagerussmckendrick/base
RUN yum -y installImage
RUN easy_install pipImage
WritableContainer
Containers, images & AUFS
Docker images can be pulled from the following sources.
• Docker Hub (http://hub.docker.com/) • Third party hosts such as quay.io • A Private Docker Registry (self hosted) • Or build as needed on your host machine
using Dockerfiles
To launch two containers & link them together run:
docker run -d --name="database" -v /home/containers/database:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=y0Urp455w0rd -e
MYSQL_DATABASE=wibble -e MYSQL_USER=rah -e MYSQL_PASSWORD=y0UrDbP455w0rD russmckendrick/mariadb
docker run -d -p 80 --name=“webserver” -v /home/containers/web:/var/www/html -e VIRTUAL_HOST=demo.docker.reconnix.com -e
PHP_POOL=demoapp --link database:db russmckendrick/nginx-php
Launching Containers.
Can quickly get confusing.
Container Management.
Docker has a large Eco System & Community.
Ansible (http://www.ansible.com/home) | AWS Beanstalk (https://aws.amazon.com/elasticbeanstalk/)
Blockade (http://blockade.readthedocs.org/en/latest/) | Chef (http://www.getchef.com/)
Clocker (https://github.com/brooklyncentral/clocker) | Consul (http://www.consul.io/)
Crane (https://github.com/michaelsauter/crane) | Decking.io (http://decking.io/) | Deis (http://deis.io/)
Dockerize (https://dockerize.it/) | Dockermix (https://github.com/kstaken/dockermix)
DockerUI (https://github.com/crosbymichael/dockerui) | Dokku (https://github.com/progrium/dokku/)
Drydock (https://github.com/xpensia/drydock) | Fig (http://orchardup.github.io/fig/)
Flynn (http://flynn.io) | Gaudi (https://github.com/marmelab/gaudi)
GearD (http://openshift.github.io/geard/) | Guardrail (https://www.scriptrock.com/)
Kubernetes (https://github.com/GoogleCloudPlatform/kubernetes)
Maestro (https://github.com/toscanini/maestro) | MaestroNG (https://github.com/signalfuse/maestro-ng)
Octohost (http://www.octohost.io/) | Packer.io (http://www.packer.io)
Puppet (https://www.puppetlabs.com) | Shipper (https://github.com/mailgun/shipper)
Shipyard (https://github.com/shipyard/shipyard) | Stackmachine (https://stackmachine.com/)
Stampede.io (https://github.com/cattleio/stampede)
Vagrant (https://github.com/welvet/docker_vagrant)
Reconnix needed …
• Something that was light weight • Something which is developer friendly • Something which could run anywhere Docker
is installed
Fig.
Fig … • Is a developer friendly wrapper for Docker • Provides isolated development environments • Can scale up & down with a single command • Allows you to ship your configuration • Uses an easy to follow syntax which is similar
to the flags used by Docker, but in a single YAML file
• Has a “run once” feature meaning you can a single commands on a Container, useful for PHPUnit etc
• Is now owned by Docker, Inc.
Example fig.yml.webserver:
image: russmckendrick/nginx-php
volumes:
- ./web:/var/www/html/
ports:
- 80
environment:
PHP_POOL: demoapp
VIRTUAL_HOST: demo.docker.reconnix.com
links:
- databaseserver:db
databaseserver:
image: russmckendrick/mariadb
volumes:
- ./database:/var/lib/mysql/
Routing Web Traffic.
How do we route web traffic in a way which doesn’t
complicate things?
• Wildcard DNS e.g. *.docker.reconnix.com • A Proxy which automatically configures itself …
To launch a container which acts a http proxy run;
docker run -d -p 80:80 --name=“router” -v /var/run/docker.sock:/tmp/docker.sock -t russmckendrick/nginx-
proxy
it binds to port 80 & watches for containers launching which have the “VIRTUAL_HOST=”
variable set. When one launches it reconfigures NGINX to route to the containers port 80.
Connecting to Containers.
If you need access to the containers there is no need to configure SSH.
“nsenter” & “docker-enter”
these easily allow you to access the containers via a console.
Production.
There are lots of options for Production.
• Replicate development environment on a single server or VM
• Use a Clustered Operating System such as CoreOS
• Run multiple servers with shared storage • Run a Galera cluster or DBaaS for database
Example: Legacy Code.
• Docker image with PHP4 installed • CPU & Memory limits put in place • Code mounted read-only • “Media” directories can be mounted no-exec • This means:
• If hacked, only container exposed • Can easily rebuild if needed • Very easy to migrate
Demo.
https://reconnix.com/