SlideShare ist ein Scribd-Unternehmen logo

Docker Dojo

Hugo González Labrador
Hugo González Labrador

Dojo given at ESEI, Uvigo. The slides include a set of great slides from a presentation made by Elvin Sindrilaru at CERN. Docker is an open platform for building, shipping and running distributed applications. It gives programmers, development teams and operations engineers the common toolbox they need to take advantage of the distributed and networked nature of modern applications.

Internet
1 von 38
Downloaden Sie, um offline zu lesen
Hugo González Labrador Docker is an open platform for building, shipping and running distributed applications. It gives programmers, development teams and operations engineers the common toolbox they need to take advantage of the distributed and networked nature of modern applications. Hugo González Labrador Miércoles 7 de Octubre en el aula SO3 a las 17:00
HOLY SHIP!
“I once heard that hypervisors are the living proof of operating system's incompetence” Glauber Costa's talk at LinuxCon Europe 2012 https://lwn.net/Articles/524952/
Hypervisor Physical Resources (RAM, CPU, Network …) Kernel HOST OS OS Apps VM Kernel OS Apps Hypervisor OS Apps VM Kernel Hypervisor OS Apps VM Kernel
Physical Resources (RAM, CPU, Network …) Kernel HOST OS Container OS Apps Container OS Apps Container OS Apps Container OS Apps Container OS Apps Container OS Apps
Can you run 1000 VMs on your host ?
2334 web servers running in containers on a single Raspberry Pi 2.
Docker containers and orchestration Elvin Sindrilaru IT Data and Storage Services Group
Outline • Understanding Linux containers • Linux namespaces • Linux cgroups • Docker containers • Containers orchestration • Security considerations • Benefits 4/16/2015 Docker containers and orchestration 3
What is a container? 4/16/2015 Docker containers and orchestration 4 "Cmglee Container City 2" by Cmglee - Own work. Licensed under CC BY-SA 3.0 via Wikimedia Commons
Linux containers • Based on two technologies • Linux namespaces • Linux control groups (cgroups) 4/16/2015 Docker containers and orchestration 5
Linux namespace (1) • The purpose of a namespace is to wrap a particular global system resource in an abstraction that makes it appear to the process within the namespace that they have their own isolated instance of the global resource. 4/16/2015 Docker containers and orchestration 6
Linux namespace (2) • Currently there are 6 namespaces implemented in the Linux Kernel: • Mount namespaces – isolate the set of file-system mount points seen by a group of processes (Linux 2.6.19) • UTS namespaces – isolate two system identifiers – nodename and domainname. (UNIX Time-sharing System) • IPC namespaces – isolate inter-process communication resources e.g. POSIX message queues 4/16/2015 Docker containers and orchestration 7
Linux namespace (3) • Network namespaces – provides isolation of system resources associated with networking. Each network namespace has its own network devices, IP addresses, port numbers etc. • PID namespaces – isolate process ID number space. Processes in different PID namespaces can have the same PID number. • User namespace – isolates the process user and group ID number spaces. A process’s UID and GID can be different inside and outside a user namespace i.e a process can have full root privileges inside a user namespace, but is unprivileged for operations outside the namespace. (Linux 3.8) 4/16/2015 Docker containers and orchestration 8
Linux cgroups (1) • Cgroups allow allocating resources to user-defined groups of processes running on the system • Cgroup subsystems (resources controllers) = kernel modules aware of cgroups which allocate varying levels of system resources to cgroups • Everything is exposed through a virtual filesystem: • /cgroups, /sys/fs/cgroup … - mountpoint may vary • Currently up to 10 subsystems: • blkio – set limits on input/output access to/from block devices such as physical drives • cpuset – assign individual CPUs and memory nodes to tasks in a cgroup • memory – set limits on memory used by tasks in a cgroup • etc … 4/16/2015 Docker containers and orchestration 9
Linux cgroups (2) • libcgroup package provides command line utilities for manipulating cgroups. • lssubsys – list available subsystems • lscgroup – list defined cgroups • cgget – get parameters of cgroup • cset – set parameters of cgroup • cgexec – start a process in a particular cgroup • cgclassify – move running task to one or more cgroups 4/16/2015 Docker containers and orchestration 10
Linux containers a.k.a LXC • Containers • tool for lightweight virtualization • provides a group of processes the illusion that they are the only processes on the system • Advantages in comparison to traditional VM: • Fast to deploy - seconds • Small memory footprint - MBs • Complete isolation without a hypervisor Namespaces + Cgroups => Linux containers 4/16/2015 Docker containers and orchestration 11
Linux containers – CLI • lxc package contains tools to manipulate containers • lxc-create • Setup a container (rootfs and configuration) • lxc-start • Boot a container • lxc-console • Attach a console if started in background • lxc-attach • Start a process inside a container • lxc-stop • Shutdown a container • lxc-destroy • Destroy the container created with lxc-create 4/16/2015 Docker containers and orchestration 12
Docker containers • “A container is a basic tool, consisting of any device creating a partially or fully enclosed space that can be used to contain, store and transport objects or materials.” http://en.wikipedia.org/wiki/Container • “Open-source project to easily create light-weight, portable, self-sufficient containers from any application” https://www.docker.com/whatisdocker/ • Docker motto: “Build, Ship and Run Any App, Anywhere” 4/16/2015 Docker containers and orchestration 13
Docker interaction • Client-server model • Docker daemon • Process that manages the containers • Creates files systems, assigns IP addresses, routes packages, manages processes => needs root privileges • Can bind to Unix or TCP sockets and supports TLS • RESTful API • Docker client • Same binary as the daemon • Makes GET and POST request to the daemon 4/16/2015 Docker containers and orchestration 14
Docker client-server interaction 4/16/2015 Docker containers and orchestration 15 • The client can run on the same host or on a different one from the daemon
VMs vs. Docker containers • VMs are fully virtualized • Containers are optimized for single applications, but can also run a full system 4/16/2015 Docker containers and orchestration 16
Docker filesystem • Typical Linux system needs two filesystems: • Boot file system (bootfs) • Root file system (rootfs) - /dev, /etc, /bin, /lib … • Docker uses by default Another Unionfs (AUFS) which is copy-on- write • AUFS • Helps sharing common portions of the fs among containers • Layers are read-only and the merger of these layers is visible to the processes • Any changes to the fs go into the rd/wr layer 4/16/2015 Docker containers and orchestration 17
Docker Images • Image • Never changes • Stack of read-only fs layers • Changes go in the topmost writable layer created when the container starts • Changes are discarded by default when the container is destroyed • Where to get Docker Images from? • https://registry.hub.docker.com/ • Similar to what GitHub is for Git - think “git repository for images” • Use your own private registry e.g. pull the docker registry image and run it in a container 4/16/2015 Docker containers and orchestration 18
Docker Containers • Container • Read-write layer • Information about Parent Image (RO layers) • Unique id + network configuration + resource limits • Containers have state: running / exited • Exited container • preserves file system state • does NOT preserve memory state • Containers can be promoted to an Image using “docker commit” Takes a snapshot of the whole filesystem (RW+RO) 4/16/2015 Docker containers and orchestration 19
Docker paradigm shift • Motto: “write-once-run-anywhere” • Developers: • Concentrate on building applications • Run them inside containers • Avoid the all too common: “But it works fine on my machine …” • Sysadmins/operations/DevOps: • Keep containers running in production • No more “dependency hell” … almost … at least not traditional ones ⇒ Clean separation of roles ⇒ Single underlying tool which (hopefully) simplifies: ⇒ code management ⇒ deployment process 4/16/2015 Docker containers and orchestration 20
Demo Docker containers 4/16/2015 Docker containers and orchestration 21
Docker workflow automation • Dockerfile • Repeatable method to build Docker images – makefile equivalent • DSL(Domain Specific Language) representing instructions on setting up an image • Used together with the context by the “docker build” command to create a new image 4/16/2015 Docker containers and orchestration 22 # Use the fedora base image FROM fedora:20 MAINTAINER Elvin Sindrilaru, esindril@cern.ch, CERN 2015 # Add a file from the host to the container ADD testfile.dat /tmp/testfile # Install some packages RUN yum -y --nogpg install screen emacs # Command executed when container started CMD /bin/bash
Containers orchestration • Orchestration describes the automated arrangement, coordination and management of complex systems, middleware and services. • Library dependencies “sort of” become container dependencies 4/16/2015 Docker containers and orchestration 23
Container data management using volumes • Docker volume • Directory separated from the container’s root filesystem • Managed by the docker daemon and can be shared among containers • Changes to the volume are not captured by the image • Used to mount a directory of the host system inside the container • A volume persists until the last container using it exits • Data-only containers • Expose a volume to other data-accessing containers • Prevents volumes from being destroyed if containers stop or crash 4/16/2015 Docker containers and orchestration 24
Linking containers • Not all containers need to bind internal ports to host ports • E.g. only front-end applications need to connect to backend services • Linking within the same host • Profit from the unified view that the docker daemon has over all running containers • Use the --link option: • E.g. docker run --link CONTAINER_ID:ALIAS … • Effectively alters the /etc/hosts file • Cross host linking • Requires a distributed, consistent discovery service • Much more complicated • Needs a distributed key-value store to keep info about running containers e.g. etcd • Application must be aware of the discovery service 4/16/2015 Docker containers and orchestration 25
Docker Machine & Compose • Machine • Creates Docker hosts on a variety of cloud providers • Built-in support for: VirtualBox, OpenStack, GCE, AWS etc. • Manages the Docker daemon • Configures the client to talk to the new Docker host • Perfect starting point for OSX and Windows users • Compose • Define and run complex applications / multiple containers • Provide the recipe in a YAML file • Interact with the running containers 4/16/2015 Docker containers and orchestration 26
Other orchestration tools/frameworks • Kubernetes • https://github.com/GoogleCloudPlatform/kubern etes • Shipyard • https://github.com/shipyard/shipyard • LXC/LXD/CGManage • https://linuxcontainers.org/ 4/16/2015 Docker containers and orchestration 27
Demo Docker orchestration 4/16/2015 Docker containers and orchestration 28
Security considerations • Docker containers are started with a reduced capability set which restricts: • Mount/unmount devices • Managing raw sockets • Some fs operations • Fine-grained control of capabilities using the docker --cap-add -- cap-drop options • End-goal is to run even the Docker daemon as a non-root user and delegate operations to dedicated subprocesses • Run Docker daemon on: • Unix socket for single-instance setup • TCP socket with TLS for multi-instance setup • Keep the host Kernel updated with latest security patches 4/16/2015 Docker containers and orchestration 29
Docker – Benefits • Portable deployment across machines – overcomes machine specific configuration issues • Application-centric – optimized for deployment of applications and not machines • Automatic build – can use any configuration management system (puppet, chef, ansible etc) to automate the build of containers • Versioning - git like capabilities to track container versions • Component reuse – any container can become a base image • Sharing – use the public registry to distribute container images, just like a git repository 4/16/2015 Docker containers and orchestration 30
Docker Dojo

Empfohlen

Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationImesh Gunaratne
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Boden Russell
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolationallingeek
 
Introduction to automated environment management with Docker Containers - for...
Introduction to automated environment management with Docker Containers - for...Introduction to automated environment management with Docker Containers - for...
Introduction to automated environment management with Docker Containers - for...Lucas Jellema
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
 
Understanding LXC & Docker
Understanding LXC & DockerUnderstanding LXC & Docker
Understanding LXC & DockerComprinno Technologies
 
Docker introduction for Carbon IT
Docker introduction for Carbon ITDocker introduction for Carbon IT
Docker introduction for Carbon ITyannick grenzinger
 
Virtual Machines and Docker
Virtual Machines and DockerVirtual Machines and Docker
Virtual Machines and DockerDanish Khakwani
 

Empfohlen

Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationImesh Gunaratne
 
Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Linux Container Brief for IEEE WG P2302
Linux Container Brief for IEEE WG P2302Boden Russell
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolationallingeek
 
Introduction to automated environment management with Docker Containers - for...
Introduction to automated environment management with Docker Containers - for...Introduction to automated environment management with Docker Containers - for...
Introduction to automated environment management with Docker Containers - for...Lucas Jellema
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
 
Understanding LXC & Docker
Understanding LXC & DockerUnderstanding LXC & Docker
Understanding LXC & DockerComprinno Technologies
 
Docker introduction for Carbon IT
Docker introduction for Carbon ITDocker introduction for Carbon IT
Docker introduction for Carbon ITyannick grenzinger
 
Virtual Machines and Docker
Virtual Machines and DockerVirtual Machines and Docker
Virtual Machines and DockerDanish Khakwani
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerPhil Estes
 
Docker
DockerDocker
DockerMutlu Okuducu
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101inside-BigData.com
 
Docker
DockerDocker
DockerRamchandra Koty
 
Docker basics
Docker basicsDocker basics
Docker basicsClaudio Montoya
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with ThomasThomas Tong, FRM, PMP
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Boden Russell
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containersGoogle
 
The building blocks of docker.
The building blocks of docker.The building blocks of docker.
The building blocks of docker.Chafik Belhaoues
 
Containers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to KubernetesContainers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to KubernetesShreyas MM
 
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPostgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPivotalOpenSourceHub
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)rajdeep
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
 
Docker based-pipelines
Docker based-pipelinesDocker based-pipelines
Docker based-pipelinesDevOps.com
 
Microservices, Containers and Docker
Microservices, Containers and DockerMicroservices, Containers and Docker
Microservices, Containers and DockerIoannis Papapanagiotou
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyBoden Russell
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
 
Docker internals
Docker internalsDocker internals
Docker internalsRohit Jnagal
 
Jv review flow
Jv review flowJv review flow
Jv review flowbj-stewart
 
Worried About Meth Labs Destroying Your Investment Property
Worried About Meth Labs Destroying Your Investment PropertyWorried About Meth Labs Destroying Your Investment Property
Worried About Meth Labs Destroying Your Investment PropertyBrian Crawford
 

Weitere ähnliche Inhalte

Was ist angesagt?

Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerPhil Estes
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101inside-BigData.com
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Boden Russell
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containersGoogle
 
The building blocks of docker.
The building blocks of docker.The building blocks of docker.
The building blocks of docker.Chafik Belhaoues
 
Containers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to KubernetesContainers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to KubernetesShreyas MM
 
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPostgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPivotalOpenSourceHub
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)rajdeep
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Jérôme Petazzoni
 
Docker based-pipelines
Docker based-pipelinesDocker based-pipelines
Docker based-pipelinesDevOps.com
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyBoden Russell
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
 

Was ist angesagt? (20)

Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
 
Docker
DockerDocker
Docker
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
 
Docker
DockerDocker
Docker
 
Docker basics
Docker basicsDocker basics
Docker basics
 
Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
 
Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)Realizing Linux Containers (LXC)
Realizing Linux Containers (LXC)
 
runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...runC: The little engine that could (run Docker containers) by Docker Captain ...
runC: The little engine that could (run Docker containers) by Docker Captain ...
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
 
The building blocks of docker.
The building blocks of docker.The building blocks of docker.
The building blocks of docker.
 
Containers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to KubernetesContainers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to Kubernetes
 
Postgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh ShahPostgre sql linuxcontainers by Jignesh Shah
Postgre sql linuxcontainers by Jignesh Shah
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
 
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
Cgroups, namespaces, and beyond: what are containers made from? (DockerCon Eu...
 
Docker based-pipelines
Docker based-pipelinesDocker based-pipelines
Docker based-pipelines
 
Microservices, Containers and Docker
Microservices, Containers and DockerMicroservices, Containers and Docker
Microservices, Containers and Docker
 
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copyLinux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy
 
How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016How Secure Is Your Container? ContainerCon Berlin 2016
How Secure Is Your Container? ContainerCon Berlin 2016
 
Docker internals
Docker internalsDocker internals
Docker internals
 

Andere mochten auch

Jv review flow
Jv review flowJv review flow
Jv review flowbj-stewart
 
Worried About Meth Labs Destroying Your Investment Property
Worried About Meth Labs Destroying Your Investment PropertyWorried About Meth Labs Destroying Your Investment Property
Worried About Meth Labs Destroying Your Investment PropertyBrian Crawford
 
Research on Donor Characteristics and Motivations-Misawa & Walker
Research on Donor Characteristics and Motivations-Misawa & WalkerResearch on Donor Characteristics and Motivations-Misawa & Walker
Research on Donor Characteristics and Motivations-Misawa & WalkerDr. Adam G. Walker ✔
 
Content? We've Forgotten About Social Media Behaviour
Content? We've Forgotten About Social Media BehaviourContent? We've Forgotten About Social Media Behaviour
Content? We've Forgotten About Social Media BehaviourPhilippa Dunjay
 
Testing data and metadata backends with ClawIO
Testing data and metadata backends with ClawIOTesting data and metadata backends with ClawIO
Testing data and metadata backends with ClawIOHugo González Labrador
 
Bandwidth dan Throughput
Bandwidth dan ThroughputBandwidth dan Throughput
Bandwidth dan ThroughputSelamet Hariadi
 
Technical specifications for Phase 1 Wastewater Network tank interceptors
Technical specifications for Phase 1 Wastewater Network tank interceptorsTechnical specifications for Phase 1 Wastewater Network tank interceptors
Technical specifications for Phase 1 Wastewater Network tank interceptorsLaith Abdel Nabi
 
Module 5 online session
Module 5 online sessionModule 5 online session
Module 5 online sessionTetiana
 
LinkedIn Business Canvas - Versione 2.0
LinkedIn Business Canvas - Versione 2.0LinkedIn Business Canvas - Versione 2.0
LinkedIn Business Canvas - Versione 2.0Leonardo Bellini
 

Andere mochten auch (12)

Jv review flow
Jv review flowJv review flow
Jv review flow
 
Worried About Meth Labs Destroying Your Investment Property
Worried About Meth Labs Destroying Your Investment PropertyWorried About Meth Labs Destroying Your Investment Property
Worried About Meth Labs Destroying Your Investment Property
 
Archiving Deferred Representations Using a Two-Tiered Crawling Approach. Just...
Archiving Deferred Representations Using a Two-Tiered Crawling Approach. Just...Archiving Deferred Representations Using a Two-Tiered Crawling Approach. Just...
Archiving Deferred Representations Using a Two-Tiered Crawling Approach. Just...
 
Social science
Social scienceSocial science
Social science
 
Research on Donor Characteristics and Motivations-Misawa & Walker
Research on Donor Characteristics and Motivations-Misawa & WalkerResearch on Donor Characteristics and Motivations-Misawa & Walker
Research on Donor Characteristics and Motivations-Misawa & Walker
 
Content? We've Forgotten About Social Media Behaviour
Content? We've Forgotten About Social Media BehaviourContent? We've Forgotten About Social Media Behaviour
Content? We've Forgotten About Social Media Behaviour
 
Testing data and metadata backends with ClawIO
Testing data and metadata backends with ClawIOTesting data and metadata backends with ClawIO
Testing data and metadata backends with ClawIO
 
Bandwidth dan Throughput
Bandwidth dan ThroughputBandwidth dan Throughput
Bandwidth dan Throughput
 
WAJ gen.specs 2007
WAJ gen.specs 2007WAJ gen.specs 2007
WAJ gen.specs 2007
 
Technical specifications for Phase 1 Wastewater Network tank interceptors
Technical specifications for Phase 1 Wastewater Network tank interceptorsTechnical specifications for Phase 1 Wastewater Network tank interceptors
Technical specifications for Phase 1 Wastewater Network tank interceptors
 
Module 5 online session
Module 5 online sessionModule 5 online session
Module 5 online session
 
LinkedIn Business Canvas - Versione 2.0
LinkedIn Business Canvas - Versione 2.0LinkedIn Business Canvas - Versione 2.0
LinkedIn Business Canvas - Versione 2.0
 

Ähnlich wie Docker Dojo

An Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersAn Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersKento Aoyama
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with DockerRavindu Fernando
 
An introduction to contianers and Docker for PHP developers
An introduction to contianers and Docker for PHP developersAn introduction to contianers and Docker for PHP developers
An introduction to contianers and Docker for PHP developersRobert McFrazier
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetesKrishna-Kumar
 
Docker - the what why and hows
Docker - the what why and howsDocker - the what why and hows
Docker - the what why and howsSouvik Maji
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSFrank Munz
 
Introduction to Containers and Docker for PHP developers
Introduction to Containers and Docker for PHP developersIntroduction to Containers and Docker for PHP developers
Introduction to Containers and Docker for PHP developersRobert McFrazier
 
Introduction to Containers and Docker for PHP developers
Introduction to Containers and Docker for PHP developersIntroduction to Containers and Docker for PHP developers
Introduction to Containers and Docker for PHP developersRobert McFrazier
 
Central Iowa Linux Users Group: November Meeting -- Container showdown
Central Iowa Linux Users Group: November Meeting -- Container showdownCentral Iowa Linux Users Group: November Meeting -- Container showdown
Central Iowa Linux Users Group: November Meeting -- Container showdownAndrew Denner
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and dockerFabio Fumarola
 
IIUG 2017 Conference - Informix and Docker
IIUG 2017 Conference - Informix and DockerIIUG 2017 Conference - Informix and Docker
IIUG 2017 Conference - Informix and DockerPradeep Natarajan
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetesDongwon Kim
 

Ähnlich wie Docker Dojo (20)

Docker
Docker Docker
Docker
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
 
Docker.pptx
Docker.pptxDocker.pptx
Docker.pptx
 
An Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux ContainersAn Updated Performance Comparison of Virtual Machines and Linux Containers
An Updated Performance Comparison of Virtual Machines and Linux Containers
 
Getting started with Docker
Getting started with DockerGetting started with Docker
Getting started with Docker
 
An introduction to contianers and Docker for PHP developers
An introduction to contianers and Docker for PHP developersAn introduction to contianers and Docker for PHP developers
An introduction to contianers and Docker for PHP developers
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Docker - the what why and hows
Docker - the what why and howsDocker - the what why and hows
Docker - the what why and hows
 
Docker.ppt
Docker.pptDocker.ppt
Docker.ppt
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCS
 
Introduction to Containers and Docker for PHP developers
Introduction to Containers and Docker for PHP developersIntroduction to Containers and Docker for PHP developers
Introduction to Containers and Docker for PHP developers
 
Introduction to Containers and Docker for PHP developers
Introduction to Containers and Docker for PHP developersIntroduction to Containers and Docker for PHP developers
Introduction to Containers and Docker for PHP developers
 
Developer workflow with docker
Developer workflow with dockerDeveloper workflow with docker
Developer workflow with docker
 
presentation on Docker
presentation on Dockerpresentation on Docker
presentation on Docker
 
Docker Workshop
Docker WorkshopDocker Workshop
Docker Workshop
 
Central Iowa Linux Users Group: November Meeting -- Container showdown
Central Iowa Linux Users Group: November Meeting -- Container showdownCentral Iowa Linux Users Group: November Meeting -- Container showdown
Central Iowa Linux Users Group: November Meeting -- Container showdown
 
Docker
DockerDocker
Docker
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and docker
 
IIUG 2017 Conference - Informix and Docker
IIUG 2017 Conference - Informix and DockerIIUG 2017 Conference - Informix and Docker
IIUG 2017 Conference - Informix and Docker
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 

Kürzlich hochgeladen

Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 

Kürzlich hochgeladen (20)

Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 

Docker Dojo

  • 1. Hugo González Labrador Docker is an open platform for building, shipping and running distributed applications. It gives programmers, development teams and operations engineers the common toolbox they need to take advantage of the distributed and networked nature of modern applications. Hugo González Labrador Miércoles 7 de Octubre en el aula SO3 a las 17:00
  • 3. “I once heard that hypervisors are the living proof of operating system's incompetence” Glauber Costa's talk at LinuxCon Europe 2012 https://lwn.net/Articles/524952/
  • 4. Hypervisor Physical Resources (RAM, CPU, Network …) Kernel HOST OS OS Apps VM Kernel OS Apps Hypervisor OS Apps VM Kernel Hypervisor OS Apps VM Kernel
  • 5. Physical Resources (RAM, CPU, Network …) Kernel HOST OS Container OS Apps Container OS Apps Container OS Apps Container OS Apps Container OS Apps Container OS Apps
  • 6. Can you run 1000 VMs on your host ?
  • 7. 2334 web servers running in containers on a single Raspberry Pi 2.
  • 8.
  • 9. Docker containers and orchestration Elvin Sindrilaru IT Data and Storage Services Group
  • 10. Outline • Understanding Linux containers • Linux namespaces • Linux cgroups • Docker containers • Containers orchestration • Security considerations • Benefits 4/16/2015 Docker containers and orchestration 3
  • 11. What is a container? 4/16/2015 Docker containers and orchestration 4 "Cmglee Container City 2" by Cmglee - Own work. Licensed under CC BY-SA 3.0 via Wikimedia Commons
  • 12. Linux containers • Based on two technologies • Linux namespaces • Linux control groups (cgroups) 4/16/2015 Docker containers and orchestration 5
  • 13. Linux namespace (1) • The purpose of a namespace is to wrap a particular global system resource in an abstraction that makes it appear to the process within the namespace that they have their own isolated instance of the global resource. 4/16/2015 Docker containers and orchestration 6
  • 14. Linux namespace (2) • Currently there are 6 namespaces implemented in the Linux Kernel: • Mount namespaces – isolate the set of file-system mount points seen by a group of processes (Linux 2.6.19) • UTS namespaces – isolate two system identifiers – nodename and domainname. (UNIX Time-sharing System) • IPC namespaces – isolate inter-process communication resources e.g. POSIX message queues 4/16/2015 Docker containers and orchestration 7
  • 15. Linux namespace (3) • Network namespaces – provides isolation of system resources associated with networking. Each network namespace has its own network devices, IP addresses, port numbers etc. • PID namespaces – isolate process ID number space. Processes in different PID namespaces can have the same PID number. • User namespace – isolates the process user and group ID number spaces. A process’s UID and GID can be different inside and outside a user namespace i.e a process can have full root privileges inside a user namespace, but is unprivileged for operations outside the namespace. (Linux 3.8) 4/16/2015 Docker containers and orchestration 8
  • 16. Linux cgroups (1) • Cgroups allow allocating resources to user-defined groups of processes running on the system • Cgroup subsystems (resources controllers) = kernel modules aware of cgroups which allocate varying levels of system resources to cgroups • Everything is exposed through a virtual filesystem: • /cgroups, /sys/fs/cgroup … - mountpoint may vary • Currently up to 10 subsystems: • blkio – set limits on input/output access to/from block devices such as physical drives • cpuset – assign individual CPUs and memory nodes to tasks in a cgroup • memory – set limits on memory used by tasks in a cgroup • etc … 4/16/2015 Docker containers and orchestration 9
  • 17. Linux cgroups (2) • libcgroup package provides command line utilities for manipulating cgroups. • lssubsys – list available subsystems • lscgroup – list defined cgroups • cgget – get parameters of cgroup • cset – set parameters of cgroup • cgexec – start a process in a particular cgroup • cgclassify – move running task to one or more cgroups 4/16/2015 Docker containers and orchestration 10
  • 18. Linux containers a.k.a LXC • Containers • tool for lightweight virtualization • provides a group of processes the illusion that they are the only processes on the system • Advantages in comparison to traditional VM: • Fast to deploy - seconds • Small memory footprint - MBs • Complete isolation without a hypervisor Namespaces + Cgroups => Linux containers 4/16/2015 Docker containers and orchestration 11
  • 19. Linux containers – CLI • lxc package contains tools to manipulate containers • lxc-create • Setup a container (rootfs and configuration) • lxc-start • Boot a container • lxc-console • Attach a console if started in background • lxc-attach • Start a process inside a container • lxc-stop • Shutdown a container • lxc-destroy • Destroy the container created with lxc-create 4/16/2015 Docker containers and orchestration 12
  • 20. Docker containers • “A container is a basic tool, consisting of any device creating a partially or fully enclosed space that can be used to contain, store and transport objects or materials.” http://en.wikipedia.org/wiki/Container • “Open-source project to easily create light-weight, portable, self-sufficient containers from any application” https://www.docker.com/whatisdocker/ • Docker motto: “Build, Ship and Run Any App, Anywhere” 4/16/2015 Docker containers and orchestration 13
  • 21. Docker interaction • Client-server model • Docker daemon • Process that manages the containers • Creates files systems, assigns IP addresses, routes packages, manages processes => needs root privileges • Can bind to Unix or TCP sockets and supports TLS • RESTful API • Docker client • Same binary as the daemon • Makes GET and POST request to the daemon 4/16/2015 Docker containers and orchestration 14
  • 22. Docker client-server interaction 4/16/2015 Docker containers and orchestration 15 • The client can run on the same host or on a different one from the daemon
  • 23. VMs vs. Docker containers • VMs are fully virtualized • Containers are optimized for single applications, but can also run a full system 4/16/2015 Docker containers and orchestration 16
  • 24. Docker filesystem • Typical Linux system needs two filesystems: • Boot file system (bootfs) • Root file system (rootfs) - /dev, /etc, /bin, /lib … • Docker uses by default Another Unionfs (AUFS) which is copy-on- write • AUFS • Helps sharing common portions of the fs among containers • Layers are read-only and the merger of these layers is visible to the processes • Any changes to the fs go into the rd/wr layer 4/16/2015 Docker containers and orchestration 17
  • 25. Docker Images • Image • Never changes • Stack of read-only fs layers • Changes go in the topmost writable layer created when the container starts • Changes are discarded by default when the container is destroyed • Where to get Docker Images from? • https://registry.hub.docker.com/ • Similar to what GitHub is for Git - think “git repository for images” • Use your own private registry e.g. pull the docker registry image and run it in a container 4/16/2015 Docker containers and orchestration 18
  • 26. Docker Containers • Container • Read-write layer • Information about Parent Image (RO layers) • Unique id + network configuration + resource limits • Containers have state: running / exited • Exited container • preserves file system state • does NOT preserve memory state • Containers can be promoted to an Image using “docker commit” Takes a snapshot of the whole filesystem (RW+RO) 4/16/2015 Docker containers and orchestration 19
  • 27. Docker paradigm shift • Motto: “write-once-run-anywhere” • Developers: • Concentrate on building applications • Run them inside containers • Avoid the all too common: “But it works fine on my machine …” • Sysadmins/operations/DevOps: • Keep containers running in production • No more “dependency hell” … almost … at least not traditional ones ⇒ Clean separation of roles ⇒ Single underlying tool which (hopefully) simplifies: ⇒ code management ⇒ deployment process 4/16/2015 Docker containers and orchestration 20
  • 28. Demo Docker containers 4/16/2015 Docker containers and orchestration 21
  • 29. Docker workflow automation • Dockerfile • Repeatable method to build Docker images – makefile equivalent • DSL(Domain Specific Language) representing instructions on setting up an image • Used together with the context by the “docker build” command to create a new image 4/16/2015 Docker containers and orchestration 22 # Use the fedora base image FROM fedora:20 MAINTAINER Elvin Sindrilaru, esindril@cern.ch, CERN 2015 # Add a file from the host to the container ADD testfile.dat /tmp/testfile # Install some packages RUN yum -y --nogpg install screen emacs # Command executed when container started CMD /bin/bash
  • 30. Containers orchestration • Orchestration describes the automated arrangement, coordination and management of complex systems, middleware and services. • Library dependencies “sort of” become container dependencies 4/16/2015 Docker containers and orchestration 23
  • 31. Container data management using volumes • Docker volume • Directory separated from the container’s root filesystem • Managed by the docker daemon and can be shared among containers • Changes to the volume are not captured by the image • Used to mount a directory of the host system inside the container • A volume persists until the last container using it exits • Data-only containers • Expose a volume to other data-accessing containers • Prevents volumes from being destroyed if containers stop or crash 4/16/2015 Docker containers and orchestration 24
  • 32. Linking containers • Not all containers need to bind internal ports to host ports • E.g. only front-end applications need to connect to backend services • Linking within the same host • Profit from the unified view that the docker daemon has over all running containers • Use the --link option: • E.g. docker run --link CONTAINER_ID:ALIAS … • Effectively alters the /etc/hosts file • Cross host linking • Requires a distributed, consistent discovery service • Much more complicated • Needs a distributed key-value store to keep info about running containers e.g. etcd • Application must be aware of the discovery service 4/16/2015 Docker containers and orchestration 25
  • 33. Docker Machine & Compose • Machine • Creates Docker hosts on a variety of cloud providers • Built-in support for: VirtualBox, OpenStack, GCE, AWS etc. • Manages the Docker daemon • Configures the client to talk to the new Docker host • Perfect starting point for OSX and Windows users • Compose • Define and run complex applications / multiple containers • Provide the recipe in a YAML file • Interact with the running containers 4/16/2015 Docker containers and orchestration 26
  • 34. Other orchestration tools/frameworks • Kubernetes • https://github.com/GoogleCloudPlatform/kubern etes • Shipyard • https://github.com/shipyard/shipyard • LXC/LXD/CGManage • https://linuxcontainers.org/ 4/16/2015 Docker containers and orchestration 27
  • 35. Demo Docker orchestration 4/16/2015 Docker containers and orchestration 28
  • 36. Security considerations • Docker containers are started with a reduced capability set which restricts: • Mount/unmount devices • Managing raw sockets • Some fs operations • Fine-grained control of capabilities using the docker --cap-add -- cap-drop options • End-goal is to run even the Docker daemon as a non-root user and delegate operations to dedicated subprocesses • Run Docker daemon on: • Unix socket for single-instance setup • TCP socket with TLS for multi-instance setup • Keep the host Kernel updated with latest security patches 4/16/2015 Docker containers and orchestration 29
  • 37. Docker – Benefits • Portable deployment across machines – overcomes machine specific configuration issues • Application-centric – optimized for deployment of applications and not machines • Automatic build – can use any configuration management system (puppet, chef, ansible etc) to automate the build of containers • Versioning - git like capabilities to track container versions • Component reuse – any container can become a base image • Sharing – use the public registry to distribute container images, just like a git repository 4/16/2015 Docker containers and orchestration 30