4. LXC - main features
○ Portability
○ run everywhere
○ regardless of kernel version
○ regardless of host distro
○ run anything
○ if it can run on the host, it can run in the
container
○ i.e., if it can run on a Linux kernel, it can run
○ Isolation (namespaces)
○ Control resources (cgroups)
○ Lightweight VM (own process space, own network
interface …) without performance penalty (no
device emulation)
5. DevOps - separation of concerns
○ Developer - Inside the container
○ my code
○ my libraries
○ my package manager
○ my app
○ my data
○ Operational - Outside the container
○ logging
○ remote access
○ network configuration
○ monitoring
6. Docker - main features
○ a single application virtualization engine based
on containers
○ a standard, reproductible way to easily build and
share trusted images (Dockerfile, Stackbrew,
docker-registry …)
○ each image is a stack of layers (1 layer = tarball
+ metadata)
○ a daemon running in the background
○ manages containers, images and builds
○ HTTP api (over UNIX or TCP socket)
○ embedded CLI talking to the api
8. Docker - PaaS
○ Portability
○ Fast provisioning (Another Union File System)
○ Performance
○ processes are isolated, but run straight on the
host
○ CPU performance = native performance
○ almost native memory performance
○ network performance = small overhead
9. Docker - quick start
○ search an image : sudo docker search debian
○ list images : sudo docker images
○ download an image : sudo docker pull debian
○ run a container : sudo docker run [OPTIONS]
IMAGE[:TAG] [COMMAND] [ARGS…]
○ list all containers : sudo docker ps -a
○ find the id of the last launched container : sudo
docker ps -l
○ commit container updates : sudo docker commit
ID [IMAGE[:TAG]]
○ inspect a container : sudo docker inspect ID
○ upload an image : sudo docker push IMAGE
10. Exercise
○ create a docker image from the latest debian
image including oracle java7 as debian:oracle-
java7
○ http://www.webupd8.org/2012/06/how-to-install-
oracle-java-7-in-debian.html
13. Dockerfile - best practices
○ add a .dockerignore file
○ avoid installing unnecessary packages
○ run only one process per container
○ minimize the number of layers
○ put long or complex RUN statements on multiple
lines separated with backslashes
○ sort multi-line arguments
○ prefer COPY to ADD
○ use VOLUME for any mutable parts of your
image
16. Exercise
○ create a docker image from the latest debian
image including oracle java7 as dockerfile/
debian:oracle-java7 using Dockerfile
○ http://www.webupd8.org/2012/06/how-to-install-
oracle-java-7-in-debian.html
17. Docker - overriding image defaults
○ CMD
○ sudo docker run [OPTIONS] IMAGE[:TAG]
[COMMAND] [ARGS...]
○ ENTRYPOINT
○ sudo docker run -i -t --entrypoint /bin/bash
example/redis
○ EXPOSE (incoming ports)
○ --expose=[]: Expose a port or a range of ports
from the container without binding
○ -P : bind the exposed ports to a random port
on the host between 49153 and 65535
○ -p [ip:][hostPort:]containerPort
○ --link <name or id container>:alias
18. Docker - overriding image defaults
○ ENV
○ sudo docker run -e "deep=purple" --rm
ubuntu /bin/bash -c export
○ VOLUME
○ -v=[]: Create a bind mount with: [host-dir]:
[container-dir]:[rw|ro]
○ --volumes-from CONTAINER : share volumes
with another container
○ USER
○ -u="": Username or UID
○ WORKDIR
○ -w="": Working directory inside the container