SlideShare ist ein Scribd-Unternehmen logo

Perspectives on Docker

RightScale
RightScale

Slides from Docker Meetup Santa Barbara http://www.meetup.com/Docker-Santa-Barbara/events/211823612/

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
Perspectives on Docker 10 things not to forget before deploying Docker in production Docker Meetup @ RightScale Raphael Simon & Thorsten von Eicken October 21st 2014
Docker from Theory to Production How to cruise … … and what to avoid
Containers vs. Virtual Machines Differences: ● Size ● Boot time ● Performance ● Isolation ● Compatibility
Containers vs. Processes textbook process regs PGM MEM proc real process regs MEM proc /etc /lib /bin container regs MEM proc /etc /lib /bin net ⇒Containers are processes with env, not mini-VMs
Docker Benefits @RightScale 1. Dev & ops contract Dev responsible for app containers contents Ops responsible for container surrounds Not against devops, but ops handles >30 apps 2. App portability Make it easier for our customers to run an app anywhere VMs need to be customized for each cloud (or bare metal) Rather than installing apps each time, just drop down containers
Containers in a VM Container 1 Runs app 1 Tenant A Container 2 Runs app 2 Tenant A VM 1 Tenant A Host 1 Container 3 Runs app 3 Tenant B Container 4 Runs app 4 Tenant B VM 1 Tenant B ● Containers are produced by development ● VMs are produced and managed by ops ● Hosts are managed by the cloud provider Do not trust containers to provide a hard security boundary
10 Things not to Forget before deploying Docker in production
1. Logging – how Docker does it Docker captures stdout/stderr docker logs command prints combined stdout/err docker logs -f : running tail (from the beginning!) $ docker run --name hello -d busybox echo hello Santa Barbara a3c0caa675e106cc0cf208dade762afcc341ed5b9ea8f3d75b6e2092745a5faa $ docker logs hello hello Santa Barbara $
1: Logging – how not to do it ● Log to stdout/stderr and collect them in the VM ○ Not all apps log to stdout/err, many don’t add timestamps ○ No log rotation (can use logrotate with copytruncate) ○ No tailing to ship the logs ● Run syslog daemon inside the container ○ Containers ≠ VMs ○ Configuration hell
1: Logging – solutions ● Bind-mount /tmp/dev -> /dev ○ Can’t bind-mount /dev/log! ○ Move /dev/log to /tmp/dev/log ○ See http://jpetazzo.github.io/2014/08/24/syslog-docker/ ● Fix docker daemon to handle logging ○ Fixing stdout/err is happening (#7195) ○ Ready to add support for syslog source, but not active container docker syslog file stdout/err json
2: Monitoring – how not to do it ● Monitoring daemon inside each container ○ Container ≠ VM ○ Monitoring daemons require privs ○ Configuration/management hell
Monitoring – how to do it ● Collect stats in VM using container-aware monitoring ○ Stats are in /sys/fs/cgroup/… See: Docker doc article on run-time metrics ○ Docker support: cAdvisor, DataDog, … ? ● Or just monitor at the process level $ docker run --name hello -d busybox sleep 60 3a804b088b432035c5cee541f4baef3cc728d27dded3378fd253c6b4abeb077a $ cat /sys/fs/cgroup/cpuacct/docker/3a804b088b432035c5cee541f4ba ef3cc728d27dded3378fd253c6b4abeb077a/cpuacct.usage_percpu 630924 4774818 7494614 3622216
3. Secrets – how not to do it DEMO
3. Secrets – Solutions Setup context prior to build: $ cat Makefile # Setup context then build image build: Dockerfile git clone git@github.com:rightscale/docker_demo docker build -t raphael/demo . rm -rf docker_demo $ cat Dockerfile FROM rightscale/ruby-212 ADD docker_demo /docker_demo
3. Secrets – Take away ● Each Dockerfile ADD and RUN command results in a new committed layer ● All image layers (built or pulled) are readily accessible ● For now: Make sure to remove any unnecessary credential from the context prior to building ● In the future: Take advantage of “nested builds”, see #7115
4. Container access ● Launch image manually with custom command to troubleshoot ● Inspect files inside running container ● Launch shell into running container using docker exec (new in 1.3) $ docker exec -it hopeful_shockley /bin/sh # ps -ax PID TTY STAT TIME COMMAND 1 ? Ss+ 0:00 /bin/bash ← Main container process 43 ? S 0:00 /bin/sh 49 ? R+ 0:00 ps -ax
5. Aufs vs. btrfs ● aufs corruption of container filesystems, scope unknown, issue #7229 ● btrfs seems to work better (default in CoreOS) ● btrfs “requires” separate partition $ mkfs.btrfs /dev/xvdb $ mount /dev/xvdb /mnt $ mkdir -p /mnt/docker $ ln -sf /mnt/docker /var/lib/docker $ sed -i -e '/DOCKER_OPTS/s/.*/DOCKER_OPTS="-s=btrfs"/' /etc/default/docker $ restart docker
6. Got Infinite disk space? ● Container logs grow indefinitely ○ Use logrotate with copytruncate ● Containers accumulate indefinitely ○ Becomes an issue if containers are frequently restarted due to upgrades or crashes ○ Use docker run --rm ■ but then how do you troubleshoot? ○ Write script to docker rm old unused containers?
7. Huge Containers – how not to do it Overlays don’t go away FROM ubuntu:14.04 RUN apt-get update RUN apt-get install -y libjpeg RUN apt-get install -y libjpeg-dev build-essential gcc 109 MB ADD source /build 5 MB? WORKDIR /build - RUN ./configure 0 MB RUN make 100 MB? RUN make install CMD /usr/local/bin/myexe
7. Huge Containers – solutions Use a tools container, share build results via volume In the future: “nested builds” #7115, “squash” #4232 ? FROM ubuntu:14.04 VOLUME /opt/app ADD src /build WORKDIR /build RUN apt-get update RUN apt-get install -y libjpeg-dev build-essential gcc RUN ./configure RUN make RUN make install RUN mkdir -p /opt/app RUN cp -r /build/out/* /opt/app/
8. Very slow container downloads ● Downloading docker images is very slow ● The problem isn’t bandwidth… see #7291 ● Caching can help depending on use-case Boot time steps Docker RightScript Launch and boot 53s 49s Prep VM environment 36s 16s Install & launch zookeeper, redis, kafka, mariadb, graphite, statsd 4m57s 1m5s Install ruby n/a 54s Install & launch custom apps 2m23s 3m3s TOTAL 8m50s 6m8s
9. Backups Userguide: backup-restore-or-migrate-data-volumes ● Create DB container with /data volume ● Backup /data “anytime” from the VM ● Or launch 2nd backup container with --volumes-from ➣ Simple in a 1-off server, but how to automate in general?
10. Docker Clusters ● Does Docker Cluster software solve all these issues? ● Kubernetes, Mesos, Fleet, … ○ apparently not (yet?) ● But, they require an overlay network… Container 1 Runs app 1 172.16.4.3 VM 1 Container 2 Runs app 1 172.16.4.6 VM 2 10.0.0.1 10.0.0.2
Wrapping up Why docker? ● dev-to-CI-to-prod workflow ● portability: same container in different VMs Putting it into production: ● simple for one-off apps ● still WIP for system-wide deployment Overall very promising and great to work with Most pain points are actively being worked on
Perspectives on Docker 10 things not to forget before deploying Docker in production — the end — Raphael Simon & Thorsten von Eicken

Empfohlen

Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
The Lies We Tell Our Code (#seascale 2015 04-22)
The Lies We Tell Our Code (#seascale 2015 04-22)The Lies We Tell Our Code (#seascale 2015 04-22)
The Lies We Tell Our Code (#seascale 2015 04-22)
Casey Bisson
 
Solving Real World Production Problems with Docker
Solving Real World Production Problems with DockerSolving Real World Production Problems with Docker
Solving Real World Production Problems with Docker
Marc Campbell
 
Learn docker in 90 minutes
Learn docker in 90 minutesLearn docker in 90 minutes
Learn docker in 90 minutes
Larry Cai
 
Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016
Walid Shaari
 
Hide your development environment and application in a container
Hide your development environment and application in a containerHide your development environment and application in a container
Hide your development environment and application in a container
Johan Janssen
 
Using Docker in the Real World
Using Docker in the Real WorldUsing Docker in the Real World
Using Docker in the Real World
Tim Haak
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作
kao kuo-tung
 

Empfohlen

Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
The Lies We Tell Our Code (#seascale 2015 04-22)
The Lies We Tell Our Code (#seascale 2015 04-22)The Lies We Tell Our Code (#seascale 2015 04-22)
The Lies We Tell Our Code (#seascale 2015 04-22)
Casey Bisson
 
Solving Real World Production Problems with Docker
Solving Real World Production Problems with DockerSolving Real World Production Problems with Docker
Solving Real World Production Problems with Docker
Marc Campbell
 
Learn docker in 90 minutes
Learn docker in 90 minutesLearn docker in 90 minutes
Learn docker in 90 minutes
Larry Cai
 
Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016Docker 101 @KACST Saudi HPC 2016
Docker 101 @KACST Saudi HPC 2016
Walid Shaari
 
Hide your development environment and application in a container
Hide your development environment and application in a containerHide your development environment and application in a container
Hide your development environment and application in a container
Johan Janssen
 
Using Docker in the Real World
Using Docker in the Real WorldUsing Docker in the Real World
Using Docker in the Real World
Tim Haak
 
Docker 原理與實作
Docker 原理與實作Docker 原理與實作
Docker 原理與實作
kao kuo-tung
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
dotCloud
 
Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨
Ruoshi Ling
 
[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode
Akihiro Suda
 
Using docker to develop NAS applications
Using docker to develop NAS applicationsUsing docker to develop NAS applications
Using docker to develop NAS applications
Terry Chen
 
App container rkt
App container rktApp container rkt
App container rkt
Xiaofeng Guo
 
Docker - introduction
Docker - introductionDocker - introduction
Docker - introduction
Michał Kurzeja
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7
Aater Suleman
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
Michael Boelen
 
Docker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesDocker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutes
Luciano Fiandesio
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
Justyna Ilczuk
 
Docker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing Meetup
Jérôme Petazzoni
 
Tech Talk - Vagrant
Tech Talk - VagrantTech Talk - Vagrant
Tech Talk - Vagrant
Thomas Krille
 
Docker 101 - Intro to Docker
Docker 101 - Intro to DockerDocker 101 - Intro to Docker
Docker 101 - Intro to Docker
Adrian Otto
 
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGHDeploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Erica Windisch
 
Intro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and WindowsIntro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
Thomas Chacko
 
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/20146 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
Christian Beedgen
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
Jérôme Petazzoni
 
Containers: The What, Why, and How
Containers: The What, Why, and HowContainers: The What, Why, and How
Containers: The What, Why, and How
Sneha Inguva
 
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
謝 宗穎
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
Ganesh Samarthyam
 
Open design at large scale
Open design at large scaleOpen design at large scale
Open design at large scale
shykes
 
Open Design at large scale by Solomon Hykes
Open Design at large scale by Solomon HykesOpen Design at large scale by Solomon Hykes
Open Design at large scale by Solomon Hykes
Docker, Inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨
Ruoshi Ling
 
[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode
Akihiro Suda
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
Michael Boelen
 
Tech Talk - Vagrant
Tech Talk - VagrantTech Talk - Vagrant
Tech Talk - Vagrant
Thomas Krille
 

Was ist angesagt? (20)

Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨Docker 初探,實驗室中的運貨鯨
Docker 初探,實驗室中的運貨鯨
 
[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode[DockerCon 2019] Hardening Docker daemon with Rootless mode
[DockerCon 2019] Hardening Docker daemon with Rootless mode
 
Using docker to develop NAS applications
Using docker to develop NAS applicationsUsing docker to develop NAS applications
Using docker to develop NAS applications
 
App container rkt
App container rktApp container rkt
App container rkt
 
Docker - introduction
Docker - introductionDocker - introduction
Docker - introduction
 
Docker at Flux7
Docker at Flux7Docker at Flux7
Docker at Flux7
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
 
Docker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutesDocker 101 - from 0 to Docker in 30 minutes
Docker 101 - from 0 to Docker in 30 minutes
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Docker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing MeetupDocker Tips And Tricks at the Docker Beijing Meetup
Docker Tips And Tricks at the Docker Beijing Meetup
 
Tech Talk - Vagrant
Tech Talk - VagrantTech Talk - Vagrant
Tech Talk - Vagrant
 
Docker 101 - Intro to Docker
Docker 101 - Intro to DockerDocker 101 - Intro to Docker
Docker 101 - Intro to Docker
 
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGHDeploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
 
Intro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and WindowsIntro- Docker Native for OSX and Windows
Intro- Docker Native for OSX and Windows
 
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/20146 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
6 Million Ways To Log In Docker - NYC Docker Meetup 12/17/2014
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
 
Containers: The What, Why, and How
Containers: The What, Why, and HowContainers: The What, Why, and How
Containers: The What, Why, and How
 
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
 

Andere mochten auch

Open Design at large scale by Solomon Hykes
Open Design at large scale by Solomon HykesOpen Design at large scale by Solomon Hykes
Open Design at large scale by Solomon Hykes
Docker, Inc.
 
Docker Deployments
Docker DeploymentsDocker Deployments
Docker Deployments
Docker, Inc.
 
Node Powered Mobile
Node Powered MobileNode Powered Mobile
Node Powered Mobile
Tim Caswell
 
Real Time Web with Node
Real Time Web with NodeReal Time Web with Node
Real Time Web with Node
Tim Caswell
 
muCon 2016: "Seven (More) Deadly Sins of Microservices"
muCon 2016: "Seven (More) Deadly Sins of Microservices"muCon 2016: "Seven (More) Deadly Sins of Microservices"
muCon 2016: "Seven (More) Deadly Sins of Microservices"
Daniel Bryant
 

Andere mochten auch (20)

Open design at large scale
Open design at large scaleOpen design at large scale
Open design at large scale
 
Open Design at large scale by Solomon Hykes
Open Design at large scale by Solomon HykesOpen Design at large scale by Solomon Hykes
Open Design at large scale by Solomon Hykes
 
Docker Deployments
Docker DeploymentsDocker Deployments
Docker Deployments
 
Introduction to docker and docker compose
Introduction to docker and docker composeIntroduction to docker and docker compose
Introduction to docker and docker compose
 
Node Powered Mobile
Node Powered MobileNode Powered Mobile
Node Powered Mobile
 
Real Time Web with Node
Real Time Web with NodeReal Time Web with Node
Real Time Web with Node
 
Application Logging With The ELK Stack
Application Logging With The ELK StackApplication Logging With The ELK Stack
Application Logging With The ELK Stack
 
Docker Swarm & Machine
Docker Swarm & MachineDocker Swarm & Machine
Docker Swarm & Machine
 
ELK: Moose-ively scaling your log system
ELK: Moose-ively scaling your log systemELK: Moose-ively scaling your log system
ELK: Moose-ively scaling your log system
 
muCon 2016: "Seven (More) Deadly Sins of Microservices"
muCon 2016: "Seven (More) Deadly Sins of Microservices"muCon 2016: "Seven (More) Deadly Sins of Microservices"
muCon 2016: "Seven (More) Deadly Sins of Microservices"
 
Building large scale applications in yarn with apache twill
Building large scale applications in yarn with apache twillBuilding large scale applications in yarn with apache twill
Building large scale applications in yarn with apache twill
 
Harnessing the power of YARN with Apache Twill
Harnessing the power of YARN with Apache TwillHarnessing the power of YARN with Apache Twill
Harnessing the power of YARN with Apache Twill
 
Using machine learning to determine drivers of bounce and conversion
Using machine learning to determine drivers of bounce and conversionUsing machine learning to determine drivers of bounce and conversion
Using machine learning to determine drivers of bounce and conversion
 
Fall in Love with Graphs and Metrics using Grafana
Fall in Love with Graphs and Metrics using GrafanaFall in Love with Graphs and Metrics using Grafana
Fall in Love with Graphs and Metrics using Grafana
 
Модель системы Continuous Integration в компании Positive Technologies | Тиму...
Модель системы Continuous Integration в компании Positive Technologies | Тиму...Модель системы Continuous Integration в компании Positive Technologies | Тиму...
Модель системы Continuous Integration в компании Positive Technologies | Тиму...
 
Grafana and MySQL - Benefits and Challenges
Grafana and MySQL - Benefits and ChallengesGrafana and MySQL - Benefits and Challenges
Grafana and MySQL - Benefits and Challenges
 
Icinga Camp Barcelona - Current State of Icinga
Icinga Camp Barcelona - Current State of IcingaIcinga Camp Barcelona - Current State of Icinga
Icinga Camp Barcelona - Current State of Icinga
 
Monitoring the #DevOps way
Monitoring the #DevOps wayMonitoring the #DevOps way
Monitoring the #DevOps way
 
Alexei Vladishev - Opening Speech
Alexei Vladishev - Opening SpeechAlexei Vladishev - Opening Speech
Alexei Vladishev - Opening Speech
 
Andrew Nelson - Zabbix and SNMP on Linux
Andrew Nelson - Zabbix and SNMP on LinuxAndrew Nelson - Zabbix and SNMP on Linux
Andrew Nelson - Zabbix and SNMP on Linux
 

Ähnlich wie Perspectives on Docker

Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
Docker, Inc.
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
Docker, Inc.
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
Docker, Inc.
 

Ähnlich wie Perspectives on Docker (20)

Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
Docker primer and tips
Docker primer and tipsDocker primer and tips
Docker primer and tips
 
Adventures in docker compose
Adventures in docker composeAdventures in docker compose
Adventures in docker compose
 
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik DornJDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
JDD2014: Docker.io - versioned linux containers for JVM devops - Dominik Dorn
 
DCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker ContainersDCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker Containers
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Techtalks: taking docker to production
Techtalks: taking docker to productionTechtalks: taking docker to production
Techtalks: taking docker to production
 
JOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to ProductionJOSA TechTalk: Taking Docker to Production
JOSA TechTalk: Taking Docker to Production
 
Docker Basics & Alfresco Content Services
Docker Basics & Alfresco Content ServicesDocker Basics & Alfresco Content Services
Docker Basics & Alfresco Content Services
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
 
Containers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech TalkContainers without docker | DevNation Tech Talk
Containers without docker | DevNation Tech Talk
 
Magento Docker Setup.pdf
Magento Docker Setup.pdfMagento Docker Setup.pdf
Magento Docker Setup.pdf
 
Docker in everyday development
Docker in everyday developmentDocker in everyday development
Docker in everyday development
 
Docker linuxday 2015
Docker linuxday 2015Docker linuxday 2015
Docker linuxday 2015
 
Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016
 

Mehr von RightScale

Mehr von RightScale (20)

10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance10 Must-Have Automated Cloud Policies for IT Governance
10 Must-Have Automated Cloud Policies for IT Governance
 
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsKubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScale
 
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About NowPrepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
Prepare Your Enterprise Cloud Strategy for 2019: 7 Things to Think About Now
 
How to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your EnterpriseHow to Set Up a Cloud Cost Optimization Process for your Enterprise
How to Set Up a Cloud Cost Optimization Process for your Enterprise
 
Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)Multi-Cloud Management with RightScale CMP (Demo)
Multi-Cloud Management with RightScale CMP (Demo)
 
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBMComparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
Comparing Cloud VM Types and Prices: AWS vs Azure vs Google vs IBM
 
How to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale OptimaHow to Allocate and Report Cloud Costs with RightScale Optima
How to Allocate and Report Cloud Costs with RightScale Optima
 
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
Should You Move Between AWS, Azure, or Google Clouds? Considerations, Pros an...
 
Using RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider ToolsUsing RightScale CMP with Cloud Provider Tools
Using RightScale CMP with Cloud Provider Tools
 
Best Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceBest Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and Compliance
 
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and MoreAutomating Multi-Cloud Policies for AWS, Azure, Google, and More
Automating Multi-Cloud Policies for AWS, Azure, Google, and More
 
The 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for EnterprisesThe 5 Stages of Cloud Management for Enterprises
The 5 Stages of Cloud Management for Enterprises
 
9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs9 Ways to Reduce Cloud Storage Costs
9 Ways to Reduce Cloud Storage Costs
 
Serverless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBMServerless Comparison: AWS vs Azure vs Google vs IBM
Serverless Comparison: AWS vs Azure vs Google vs IBM
 
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP SuccessBest Practices for Cloud Managed Services Providers: The Path to CMP Success
Best Practices for Cloud Managed Services Providers: The Path to CMP Success
 
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBMCloud Storage Comparison: AWS vs Azure vs Google vs IBM
Cloud Storage Comparison: AWS vs Azure vs Google vs IBM
 
2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report2018 Cloud Trends: RightScale State of the Cloud Report
2018 Cloud Trends: RightScale State of the Cloud Report
 
Got a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP HelpsGot a Multi-Cloud Strategy? How RightScale CMP Helps
Got a Multi-Cloud Strategy? How RightScale CMP Helps
 
How to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale OptimaHow to Manage Cloud Costs with RightScale Optima
How to Manage Cloud Costs with RightScale Optima
 

Kürzlich hochgeladen

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Perspectives on Docker

  • 1. Perspectives on Docker 10 things not to forget before deploying Docker in production Docker Meetup @ RightScale Raphael Simon & Thorsten von Eicken October 21st 2014
  • 2. Docker from Theory to Production How to cruise … … and what to avoid
  • 3. Containers vs. Virtual Machines Differences: ● Size ● Boot time ● Performance ● Isolation ● Compatibility
  • 4. Containers vs. Processes textbook process regs PGM MEM proc real process regs MEM proc /etc /lib /bin container regs MEM proc /etc /lib /bin net ⇒Containers are processes with env, not mini-VMs
  • 5. Docker Benefits @RightScale 1. Dev & ops contract Dev responsible for app containers contents Ops responsible for container surrounds Not against devops, but ops handles >30 apps 2. App portability Make it easier for our customers to run an app anywhere VMs need to be customized for each cloud (or bare metal) Rather than installing apps each time, just drop down containers
  • 6. Containers in a VM Container 1 Runs app 1 Tenant A Container 2 Runs app 2 Tenant A VM 1 Tenant A Host 1 Container 3 Runs app 3 Tenant B Container 4 Runs app 4 Tenant B VM 1 Tenant B ● Containers are produced by development ● VMs are produced and managed by ops ● Hosts are managed by the cloud provider Do not trust containers to provide a hard security boundary
  • 7. 10 Things not to Forget before deploying Docker in production
  • 8. 1. Logging – how Docker does it Docker captures stdout/stderr docker logs command prints combined stdout/err docker logs -f : running tail (from the beginning!) $ docker run --name hello -d busybox echo hello Santa Barbara a3c0caa675e106cc0cf208dade762afcc341ed5b9ea8f3d75b6e2092745a5faa $ docker logs hello hello Santa Barbara $
  • 9. 1: Logging – how not to do it ● Log to stdout/stderr and collect them in the VM ○ Not all apps log to stdout/err, many don’t add timestamps ○ No log rotation (can use logrotate with copytruncate) ○ No tailing to ship the logs ● Run syslog daemon inside the container ○ Containers ≠ VMs ○ Configuration hell
  • 10. 1: Logging – solutions ● Bind-mount /tmp/dev -> /dev ○ Can’t bind-mount /dev/log! ○ Move /dev/log to /tmp/dev/log ○ See http://jpetazzo.github.io/2014/08/24/syslog-docker/ ● Fix docker daemon to handle logging ○ Fixing stdout/err is happening (#7195) ○ Ready to add support for syslog source, but not active container docker syslog file stdout/err json
  • 11. 2: Monitoring – how not to do it ● Monitoring daemon inside each container ○ Container ≠ VM ○ Monitoring daemons require privs ○ Configuration/management hell
  • 12. Monitoring – how to do it ● Collect stats in VM using container-aware monitoring ○ Stats are in /sys/fs/cgroup/… See: Docker doc article on run-time metrics ○ Docker support: cAdvisor, DataDog, … ? ● Or just monitor at the process level $ docker run --name hello -d busybox sleep 60 3a804b088b432035c5cee541f4baef3cc728d27dded3378fd253c6b4abeb077a $ cat /sys/fs/cgroup/cpuacct/docker/3a804b088b432035c5cee541f4ba ef3cc728d27dded3378fd253c6b4abeb077a/cpuacct.usage_percpu 630924 4774818 7494614 3622216
  • 13. 3. Secrets – how not to do it DEMO
  • 14. 3. Secrets – Solutions Setup context prior to build: $ cat Makefile # Setup context then build image build: Dockerfile git clone git@github.com:rightscale/docker_demo docker build -t raphael/demo . rm -rf docker_demo $ cat Dockerfile FROM rightscale/ruby-212 ADD docker_demo /docker_demo
  • 15. 3. Secrets – Take away ● Each Dockerfile ADD and RUN command results in a new committed layer ● All image layers (built or pulled) are readily accessible ● For now: Make sure to remove any unnecessary credential from the context prior to building ● In the future: Take advantage of “nested builds”, see #7115
  • 16. 4. Container access ● Launch image manually with custom command to troubleshoot ● Inspect files inside running container ● Launch shell into running container using docker exec (new in 1.3) $ docker exec -it hopeful_shockley /bin/sh # ps -ax PID TTY STAT TIME COMMAND 1 ? Ss+ 0:00 /bin/bash ← Main container process 43 ? S 0:00 /bin/sh 49 ? R+ 0:00 ps -ax
  • 17. 5. Aufs vs. btrfs ● aufs corruption of container filesystems, scope unknown, issue #7229 ● btrfs seems to work better (default in CoreOS) ● btrfs “requires” separate partition $ mkfs.btrfs /dev/xvdb $ mount /dev/xvdb /mnt $ mkdir -p /mnt/docker $ ln -sf /mnt/docker /var/lib/docker $ sed -i -e '/DOCKER_OPTS/s/.*/DOCKER_OPTS="-s=btrfs"/' /etc/default/docker $ restart docker
  • 18. 6. Got Infinite disk space? ● Container logs grow indefinitely ○ Use logrotate with copytruncate ● Containers accumulate indefinitely ○ Becomes an issue if containers are frequently restarted due to upgrades or crashes ○ Use docker run --rm ■ but then how do you troubleshoot? ○ Write script to docker rm old unused containers?
  • 19. 7. Huge Containers – how not to do it Overlays don’t go away FROM ubuntu:14.04 RUN apt-get update RUN apt-get install -y libjpeg RUN apt-get install -y libjpeg-dev build-essential gcc 109 MB ADD source /build 5 MB? WORKDIR /build - RUN ./configure 0 MB RUN make 100 MB? RUN make install CMD /usr/local/bin/myexe
  • 20. 7. Huge Containers – solutions Use a tools container, share build results via volume In the future: “nested builds” #7115, “squash” #4232 ? FROM ubuntu:14.04 VOLUME /opt/app ADD src /build WORKDIR /build RUN apt-get update RUN apt-get install -y libjpeg-dev build-essential gcc RUN ./configure RUN make RUN make install RUN mkdir -p /opt/app RUN cp -r /build/out/* /opt/app/
  • 21. 8. Very slow container downloads ● Downloading docker images is very slow ● The problem isn’t bandwidth… see #7291 ● Caching can help depending on use-case Boot time steps Docker RightScript Launch and boot 53s 49s Prep VM environment 36s 16s Install & launch zookeeper, redis, kafka, mariadb, graphite, statsd 4m57s 1m5s Install ruby n/a 54s Install & launch custom apps 2m23s 3m3s TOTAL 8m50s 6m8s
  • 22. 9. Backups Userguide: backup-restore-or-migrate-data-volumes ● Create DB container with /data volume ● Backup /data “anytime” from the VM ● Or launch 2nd backup container with --volumes-from ➣ Simple in a 1-off server, but how to automate in general?
  • 23. 10. Docker Clusters ● Does Docker Cluster software solve all these issues? ● Kubernetes, Mesos, Fleet, … ○ apparently not (yet?) ● But, they require an overlay network… Container 1 Runs app 1 172.16.4.3 VM 1 Container 2 Runs app 1 172.16.4.6 VM 2 10.0.0.1 10.0.0.2
  • 24. Wrapping up Why docker? ● dev-to-CI-to-prod workflow ● portability: same container in different VMs Putting it into production: ● simple for one-off apps ● still WIP for system-wide deployment Overall very promising and great to work with Most pain points are actively being worked on
  • 25. Perspectives on Docker 10 things not to forget before deploying Docker in production — the end — Raphael Simon & Thorsten von Eicken