SlideShare ist ein Scribd-Unternehmen logo

Docker

Chen Chun
Chen Chun

What happens when you start a container with docker?

Software
1 von 35
Downloaden Sie, um offline zu lesen
ramichen@tencent.com
An old interview question • what happens when you open an website? • https://github.com/alex/what-happens-when
What happens when you start a container with docker?
A simple docker example root@boot2docker:/home/docker# ip ad show eth1 4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:00:27:91:99:33 brd ff:ff:ff:ff:ff:ff inet 192.168.59.103/24 brd 192.168.59.255 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::a00:27ff:fe91:9933/64 scope link valid_lft forever preferred_lft forever root@boot2docker:/home/docker# root@boot2docker:/home/docker# docker run -d -P redis 6f858e1563a56574031a61e65fb8ab356752d03440b24d65739eed64f2ef84df root@boot2docker:/home/docker# root@boot2docker:/home/docker# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6f858e1563a5 redis:latest "/entrypoint.sh redi 3 seconds ago Up 2 seconds 0.0.0.0:49154->6379/tcp kickass_colden root@boot2docker:/home/docker# root@boot2docker:/home/docker# docker run -it --entrypoint /bin/bash redis root@63d30ea140b2:/data# redis-cli -h 192.168.59.103 -p 49154 192.168.59.103:49154> set k 123 OK 192.168.59.103:49154> get k "123"
What happened here • We created a container with its own filesystem, network stack, process space, resource limitation • We started a redis-server in the container. • We created another container. We ran redis-cli in it to connect to the preview redis-server with host ip and proxy port.
How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
What is a redis image FROM dockerfile/ubuntu # Install Redis. RUN cd /tmp && wget http://download.redis.io/redis-stable.tar.gz && tar xvzf redis-stable.tar.gz && cd redis-stable && make && make install && cp -f src/redis-sentinel /usr/local/bin && mkdir -p /etc/redis && cp -f *.conf /etc/redis && rm -rf /tmp/redis-stable* && sed -i 's/^(bind .*)$/# 1/' /etc/redis/redis.conf && sed -i 's/^(daemonize .*)$/# 1/' /etc/redis/redis.conf && sed -i 's/^(dir .*)$/# 1ndir /data/' /etc/redis/redis.conf && sed -i 's/^(logfile .*)$/# 1/' /etc/redis/redis.conf # Define mountable directories. VOLUME ["/data"] # Define working directory. WORKDIR /data # Define default command. CMD ["redis-server", "/etc/redis/redis.conf"] # Expose ports. EXPOSE 6379
Image • A read-only Layer is called an image. An image never changes. • Each image may depend on one more image which forms the layer beneath it. We sometimes say that the lower image is the parent of the upper image. • Each image may depend on one more image which forms the layer beneath it. We say that the lower image is the parent of the upper image.
How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
How to make a image • Use dockerfile • Use docker commit manually (deprecated)
Create a root image • https://github.com/docker/docker/blob/master/ contrib/mkimage-busybox.sh • https://github.com/docker/docker/blob/master/ docs/articles/baseimages.md
How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
What is a container? • A Linux container is a copy of a Linux environment located in a file system which is jail environment but uses Linux NameSpaces, it runs its own init process, separate process space, separate filesystem and separate network stack which is virtualized by the root OS running on the hardware.
Concept of image and container • Docker image is a layer in the file system • Containers are two layers - Layer one is init layer based on image - Layer two is the actual container content 511136ea3c5a df7546f9f060 ea13149945cb 4986bf8c1536 142b6a3eae4 0 142b6a3eae4 0-init Container Image RW RO /dev /dev/console /dev/shm /etc /etc/hostname /etc/hosts /dev/mtab -> /proc/mounts
How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
Linux kernel Namespace • UTS(hostname), Mount(mount points), IPC(System V IPC), User(UIDs), Pid(processes), Net(network stack) • The kernel namespace API, clone, setns, unshare • /proc/[pid]/ns/ directory $ ls -l /proc/$$/ns lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 ipc -> ipc:[4026531839] lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 mnt -> mnt:[4026531840] lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 net -> net:[4026531956] lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 pid -> pid:[4026531836] lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 user -> user:[4026531837] lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 uts -> uts:[4026531838]
setns • reassociate process with a namespace • int setns(int fd, int nstype); • CLONE_NEWIPC/CLONE_NEWNET/CLONE_NEWNS/ CLONE_NEWPID/CLONE_NEWUSER/CLONE_NEWUTS • Each process has a /proc/[pid]/ns/ subdirectory containing one entry for each namespace that supports being manipulated by setns(2)
Join pid namespace func joinNS(namespaces []configs.Namespace) error { for _, ns := range namespaces { if ns.Path != "" { f, err := os.OpenFile(ns.Path, os.O_RDONLY, 0) if err != nil { return err } err = system.Setns(f.Fd(), uintptr(ns.Syscall())) f.Close() if err != nil { return err } } } return nil }
How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
Storage Driver • Docker implements vfs, aufs, device mapper, btrfs, overlayfs, zfs currently. • Storage driver should have the following feather - Copy on write - Shared memory cache • Performance http://developerblog.redhat.com/ 2014/09/30/overview-storage-scalability-docker/
Aufs • Work on File-level • Combine multiple branches in a specific order • Each branch is just a normal directory • Opening a file - look it up in each branch, starting from the top, open the first one if find - If attempts writing into it, copy it to the read-write (top) branch, then open the copy - That "copy-up" operation can take a while if the file is big! • Deleting a file - A whiteout file is created
Device Mapper
Device Mapper • Work on Block-level • Each container and each image gets its own block device • At any given time, it is possible to take a snapshot of a container or an image • data/metadata is sparse file • recommend to put data on real disk loop0 data metadata /dev/mapper/docker-{major}: {minor}-{indoor}-pool loop0 volume 1 volume 2
How to make its owner filesystem 1. mount every parent layer and rw layer diff/ $cid-init on mnt/$cid-init 2. make extra files, dir, links in mnt/$cid-init 3. mount every parent layer and rw layer diff/ $cid and ro layer diff/$cid-init on mnt/$cid 4. setns to join existing mount namespace 5. mount proc/sysfs/tmpfs/cgroup… 6. create devices, setup dev symlinks, init filesystem 7. chdir diff/$cid && chroot . note : underline parts made by initprocess, others made by docker daemon. more in rootfs_linux.go 511136ea3c5a df7546f9f060 ea13149945cb 4986bf8c1536 142b6a3eae4 0 142b6a3eae4 0-init /var/lib/docker/aufs/diff /var/lib/docker/aufs/mnt 142b6a3eae4 0
How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
Network mode • Docker supports bridge/none/container/host mode • How bridge mode work?
Bridge mode 1. create docker0 bridge, add eth1 to docker0, set up docker0 iptable rule 2. create a veth device, attach one to docker0, put another into container’s network namespace. 3. allocate a free ip 4. set up iptable rules and userland proxy 5. setns to join existing network namespace 6. change the name of veth device to eth1 in container 7. set mac address, ip, mtu of veth device 8. set up default gateway and route note : underline parts made by initprocess, others made by docker daemon. host eth1 10.27.149.90 docker0 172.17.42.1 contianer0 eth1 172.17.0.4 vethdb6e696 contianer1 eth1 172.17.0.5 veth8df64b7 veth device bridge physical device
Consistent mac address • Docker generates mac addresse for veth device consistent for a given ip address. • This can avoid arp cache issues func generateMacAddr(ip net.IP) net.HardwareAddr {
 hw := make(net.HardwareAddr, 6)
 
 // The first byte of the MAC address has to comply with these rules:
 // 1. Unicast: Set the least-significant bit to 0.
 // 2. Address is locally administered: Set the second-least-significant bit (U/L) to 1.
 // 3. As "small" as possible: The veth address has to be "smaller" than the bridge address.
 hw[0] = 0x02
 
 // The first 24 bits of the MAC represent the Organizationally Unique Identifier (OUI).
 // Since this address is locally administered, we can do whatever we want as long as
 // it doesn't conflict with other addresses.
 hw[1] = 0x42
 
 // Insert the IP address into the last 32 bits of the MAC address.
 // This is a simple way to guarantee the address will be consistent and unique.
 copy(hw[2:], ip.To4())
 
 return hw
 }
Port Mapping • Docker daemon use a map to record ports and ip mappings • Connect to local subset - userland proxy: docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49153 - container-ip 172.17.0.2 -container-port 6379 - Hairpin nat (new docker versions) - enable /sys/class/net/$vethname/brport/hairpin_mode • Connect to others - iptables -I POSTROUTING -t nat -s 172.17.42.1/16 ! -o docker0 -j MASQUERADE - iptables -t nat -A DOCKER -p tcp -d 0/0 --dport 49153 ! -i docker0 -j DNAT --to- destination 172.17.0.2:6379
How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
Cgroups support by docker • cgroup components: cpuset, cpu, cpuacct, memory, devices, freezer, net_cls, blkio • docker run option: --memory, --cpuset, --cpu- shares, --device • docker pause/unpause • After start background “docker native” process, docker daemon echo the pid of it to cgroup dirs like /cgroup/memory/docker/$cid/memory.limit_in_bytes
How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
How container starts 1. creates a socketpair and starts a background child process “docker native” 2. create network devices and applies cgroup settings. 3. send configuration to “docker native” 4. receive error message, wait for “docker native” to exit 5. “docker native” receive config and env from socketpair 6. “docker native” join existing namespace with fd in /proc/$pid/ns/* 7. init file system… 8. exec entrypoint “docker native” is the init process in container daemon docker native entrypoint start config errors exec client startcreate
Reference • Docker image specification • Linux container • Deep dive into Docker storage drivers • Docker Architecture (v1.3) • Hairpin_NAT • Linux Programmer's Manual NAMESPACES

Empfohlen

Docker From Scratch
Docker From ScratchDocker From Scratch
Docker From ScratchGiacomo Vacca
 
Docker - From Walking To Running
Docker - From Walking To RunningDocker - From Walking To Running
Docker - From Walking To RunningGiacomo Vacca
 
A Hands-on Introduction to Docker
A Hands-on Introduction to DockerA Hands-on Introduction to Docker
A Hands-on Introduction to DockerCodeOps Technologies LLP
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshopRuncy Oommen
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics Ganesh Samarthyam
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSFrank Munz
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerJérôme Petazzoni
 

Empfohlen

Docker From Scratch
Docker From ScratchDocker From Scratch
Docker From ScratchGiacomo Vacca
 
Docker - From Walking To Running
Docker - From Walking To RunningDocker - From Walking To Running
Docker - From Walking To RunningGiacomo Vacca
 
A Hands-on Introduction to Docker
A Hands-on Introduction to DockerA Hands-on Introduction to Docker
A Hands-on Introduction to DockerCodeOps Technologies LLP
 
Docker Introductory workshop
Docker Introductory workshopDocker Introductory workshop
Docker Introductory workshopRuncy Oommen
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XJérôme Petazzoni
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics Ganesh Samarthyam
 
Docker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSDocker from A to Z, including Swarm and OCCS
Docker from A to Z, including Swarm and OCCSFrank Munz
 
Shipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerShipping Applications to Production in Containers with Docker
Shipping Applications to Production in Containers with DockerJérôme Petazzoni
 
The state of the swarm
The state of the swarmThe state of the swarm
The state of the swarmMathieu Buffenoir
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux ContainerBalaji Rajan
 
Docker and the Container Ecosystem
Docker and the Container EcosystemDocker and the Container Ecosystem
Docker and the Container Ecosystempsconnolly
 
Learn docker in 90 minutes
Learn docker in 90 minutesLearn docker in 90 minutes
Learn docker in 90 minutesLarry Cai
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsBen Hall
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics CodeOps Technologies LLP
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Jérôme Petazzoni
 
Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker vishnu rao
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2Liang Bo
 
Continuous Integration and Kamailio
Continuous Integration and KamailioContinuous Integration and Kamailio
Continuous Integration and KamailioGiacomo Vacca
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - QuizCodeOps Technologies LLP
 
Puppet and Vagrant in development
Puppet and Vagrant in developmentPuppet and Vagrant in development
Puppet and Vagrant in developmentAdam Culp
 
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16 What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16 Docker, Inc.
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To DockerDr. Syed Hassan Amin
 
Installaling Puppet Master and Agent
Installaling Puppet Master and AgentInstallaling Puppet Master and Agent
Installaling Puppet Master and AgentRanjit Avasarala
 
Docker module 1
Docker module 1Docker module 1
Docker module 1Liang Bo
 
Docker Started
Docker StartedDocker Started
Docker StartedVictor S. Recio
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
 
Basic docker for developer
Basic docker for developerBasic docker for developer
Basic docker for developerWeerayut Hongsa
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionMANAOUIL Karim
 
Fudcon Talk : Storage Troubleshooting from OS side
Fudcon Talk : Storage Troubleshooting from OS sideFudcon Talk : Storage Troubleshooting from OS side
Fudcon Talk : Storage Troubleshooting from OS sideAjit Subhash Mote
 
Layers box agder docker
Layers box agder dockerLayers box agder docker
Layers box agder dockerIstvanKoren
 

Weitere ähnliche Inhalte

Was ist angesagt?

Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux ContainerBalaji Rajan
 
Docker and the Container Ecosystem
Docker and the Container EcosystemDocker and the Container Ecosystem
Docker and the Container Ecosystempsconnolly
 
Learn docker in 90 minutes
Learn docker in 90 minutesLearn docker in 90 minutes
Learn docker in 90 minutesLarry Cai
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsBen Hall
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Jérôme Petazzoni
 
Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker vishnu rao
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2Liang Bo
 
Continuous Integration and Kamailio
Continuous Integration and KamailioContinuous Integration and Kamailio
Continuous Integration and KamailioGiacomo Vacca
 
Puppet and Vagrant in development
Puppet and Vagrant in developmentPuppet and Vagrant in development
Puppet and Vagrant in developmentAdam Culp
 
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16 What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16 Docker, Inc.
 
Installaling Puppet Master and Agent
Installaling Puppet Master and AgentInstallaling Puppet Master and Agent
Installaling Puppet Master and AgentRanjit Avasarala
 
Docker module 1
Docker module 1Docker module 1
Docker module 1Liang Bo
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
 
Basic docker for developer
Basic docker for developerBasic docker for developer
Basic docker for developerWeerayut Hongsa
 

Was ist angesagt? (20)

The state of the swarm
The state of the swarmThe state of the swarm
The state of the swarm
 
Docker - The Linux Container
Docker - The Linux ContainerDocker - The Linux Container
Docker - The Linux Container
 
Docker and the Container Ecosystem
Docker and the Container EcosystemDocker and the Container Ecosystem
Docker and the Container Ecosystem
 
Learn docker in 90 minutes
Learn docker in 90 minutesLearn docker in 90 minutes
Learn docker in 90 minutes
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based Deployments
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9
 
Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker Visualising Basic Concepts of Docker
Visualising Basic Concepts of Docker
 
99cloud Docker Training module 2
99cloud Docker Training module 299cloud Docker Training module 2
99cloud Docker Training module 2
 
Continuous Integration and Kamailio
Continuous Integration and KamailioContinuous Integration and Kamailio
Continuous Integration and Kamailio
 
Docker by Example - Quiz
Docker by Example - QuizDocker by Example - Quiz
Docker by Example - Quiz
 
Puppet and Vagrant in development
Puppet and Vagrant in developmentPuppet and Vagrant in development
Puppet and Vagrant in development
 
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16 What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To Docker
 
Installaling Puppet Master and Agent
Installaling Puppet Master and AgentInstallaling Puppet Master and Agent
Installaling Puppet Master and Agent
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
 
Docker Started
Docker StartedDocker Started
Docker Started
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
Basic docker for developer
Basic docker for developerBasic docker for developer
Basic docker for developer
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 

Andere mochten auch

Fudcon Talk : Storage Troubleshooting from OS side
Fudcon Talk : Storage Troubleshooting from OS sideFudcon Talk : Storage Troubleshooting from OS side
Fudcon Talk : Storage Troubleshooting from OS sideAjit Subhash Mote
 
Layers box agder docker
Layers box agder dockerLayers box agder docker
Layers box agder dockerIstvanKoren
 
Docker AWS TechCONNECT Boston, 28-July-2015
Docker AWS TechCONNECT Boston, 28-July-2015Docker AWS TechCONNECT Boston, 28-July-2015
Docker AWS TechCONNECT Boston, 28-July-2015Docker, Inc
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014Carlo Bonamico
 
Optimizing Docker Images
Optimizing Docker ImagesOptimizing Docker Images
Optimizing Docker ImagesBrian DeHamer
 
Docker on AWS OpsWorks
Docker on AWS OpsWorksDocker on AWS OpsWorks
Docker on AWS OpsWorksJonathan Weiss
 
WebLogic im Docker Container
WebLogic im Docker ContainerWebLogic im Docker Container
WebLogic im Docker ContainerAndreas Koop
 
Immutable infrastructure with Docker and EC2
Immutable infrastructure with Docker and EC2Immutable infrastructure with Docker and EC2
Immutable infrastructure with Docker and EC2dotCloud
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)rajdeep
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker, Inc.
 
Docker introduction
Docker introductionDocker introduction
Docker introductiondotCloud
 
Docker Use Cases on Raspberry Pi
Docker Use Cases on Raspberry PiDocker Use Cases on Raspberry Pi
Docker Use Cases on Raspberry PiPhilip Zheng
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker, Inc.
 

Andere mochten auch (14)

Fudcon Talk : Storage Troubleshooting from OS side
Fudcon Talk : Storage Troubleshooting from OS sideFudcon Talk : Storage Troubleshooting from OS side
Fudcon Talk : Storage Troubleshooting from OS side
 
Layers box agder docker
Layers box agder dockerLayers box agder docker
Layers box agder docker
 
Docker AWS TechCONNECT Boston, 28-July-2015
Docker AWS TechCONNECT Boston, 28-July-2015Docker AWS TechCONNECT Boston, 28-July-2015
Docker AWS TechCONNECT Boston, 28-July-2015
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Optimizing Docker Images
Optimizing Docker ImagesOptimizing Docker Images
Optimizing Docker Images
 
Docker on AWS OpsWorks
Docker on AWS OpsWorksDocker on AWS OpsWorks
Docker on AWS OpsWorks
 
WebLogic im Docker Container
WebLogic im Docker ContainerWebLogic im Docker Container
WebLogic im Docker Container
 
Immutable infrastructure with Docker and EC2
Immutable infrastructure with Docker and EC2Immutable infrastructure with Docker and EC2
Immutable infrastructure with Docker and EC2
 
Docker Architecture (v1.3)
Docker Architecture (v1.3)Docker Architecture (v1.3)
Docker Architecture (v1.3)
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup Slides
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Docker Use Cases on Raspberry Pi
Docker Use Cases on Raspberry PiDocker Use Cases on Raspberry Pi
Docker Use Cases on Raspberry Pi
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
 

Ähnlich wie Docker

Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionBen Hall
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Novaclayton_oneill
 
BDM32: AdamCloud Project - Part II
BDM32: AdamCloud Project - Part IIBDM32: AdamCloud Project - Part II
BDM32: AdamCloud Project - Part IIDavid Lauzon
 
Big Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and MesosBig Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and MesosHeiko Loewe
 
Docker 1.5
Docker 1.5Docker 1.5
Docker 1.5rajdeep
 
OSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js TutorialOSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js TutorialTom Croucher
 
手把手帶你學Docker 03042017
手把手帶你學Docker 03042017手把手帶你學Docker 03042017
手把手帶你學Docker 03042017Paul Chao
 
Develop QNAP NAS App by Docker
Develop QNAP NAS App by DockerDevelop QNAP NAS App by Docker
Develop QNAP NAS App by DockerTerry Chen
 
How to swim with a whale
How to swim with a whaleHow to swim with a whale
How to swim with a whaleŁukasz Siudut
 
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, OrchestrationThe Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, OrchestrationErica Windisch
 
桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作Philip Zheng
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQDocker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQJérôme Petazzoni
 
Docker workshop
Docker workshopDocker workshop
Docker workshopEvans Ye
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
 

Ähnlich wie Docker (20)

Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
 
Dockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and NovaDockerizing the Hard Services: Neutron and Nova
Dockerizing the Hard Services: Neutron and Nova
 
BDM32: AdamCloud Project - Part II
BDM32: AdamCloud Project - Part IIBDM32: AdamCloud Project - Part II
BDM32: AdamCloud Project - Part II
 
Docker.io
Docker.ioDocker.io
Docker.io
 
Big Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and MesosBig Data in Container; Hadoop Spark in Docker and Mesos
Big Data in Container; Hadoop Spark in Docker and Mesos
 
Docker 1.5
Docker 1.5Docker 1.5
Docker 1.5
 
OSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js TutorialOSCON 2011 - Node.js Tutorial
OSCON 2011 - Node.js Tutorial
 
手把手帶你學Docker 03042017
手把手帶你學Docker 03042017手把手帶你學Docker 03042017
手把手帶你學Docker 03042017
 
Develop QNAP NAS App by Docker
Develop QNAP NAS App by DockerDevelop QNAP NAS App by Docker
Develop QNAP NAS App by Docker
 
How to swim with a whale
How to swim with a whaleHow to swim with a whale
How to swim with a whale
 
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, OrchestrationThe Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
 
Rac on NFS
Rac on NFSRac on NFS
Rac on NFS
 
#WeSpeakLinux Session
#WeSpeakLinux Session#WeSpeakLinux Session
#WeSpeakLinux Session
 
桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作桃園市教育局Docker技術入門與實作
桃園市教育局Docker技術入門與實作
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQDocker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
 
Docker workshop
Docker workshopDocker workshop
Docker workshop
 
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
 

Kürzlich hochgeladen

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 

Kürzlich hochgeladen (20)

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 

Docker

  • 2. An old interview question • what happens when you open an website? • https://github.com/alex/what-happens-when
  • 3. What happens when you start a container with docker?
  • 4. A simple docker example root@boot2docker:/home/docker# ip ad show eth1 4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 08:00:27:91:99:33 brd ff:ff:ff:ff:ff:ff inet 192.168.59.103/24 brd 192.168.59.255 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::a00:27ff:fe91:9933/64 scope link valid_lft forever preferred_lft forever root@boot2docker:/home/docker# root@boot2docker:/home/docker# docker run -d -P redis 6f858e1563a56574031a61e65fb8ab356752d03440b24d65739eed64f2ef84df root@boot2docker:/home/docker# root@boot2docker:/home/docker# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6f858e1563a5 redis:latest "/entrypoint.sh redi 3 seconds ago Up 2 seconds 0.0.0.0:49154->6379/tcp kickass_colden root@boot2docker:/home/docker# root@boot2docker:/home/docker# docker run -it --entrypoint /bin/bash redis root@63d30ea140b2:/data# redis-cli -h 192.168.59.103 -p 49154 192.168.59.103:49154> set k 123 OK 192.168.59.103:49154> get k "123"
  • 5. What happened here • We created a container with its own filesystem, network stack, process space, resource limitation • We started a redis-server in the container. • We created another container. We ran redis-cli in it to connect to the preview redis-server with host ip and proxy port.
  • 6. How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
  • 7. How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
  • 8. What is a redis image FROM dockerfile/ubuntu # Install Redis. RUN cd /tmp && wget http://download.redis.io/redis-stable.tar.gz && tar xvzf redis-stable.tar.gz && cd redis-stable && make && make install && cp -f src/redis-sentinel /usr/local/bin && mkdir -p /etc/redis && cp -f *.conf /etc/redis && rm -rf /tmp/redis-stable* && sed -i 's/^(bind .*)$/# 1/' /etc/redis/redis.conf && sed -i 's/^(daemonize .*)$/# 1/' /etc/redis/redis.conf && sed -i 's/^(dir .*)$/# 1ndir /data/' /etc/redis/redis.conf && sed -i 's/^(logfile .*)$/# 1/' /etc/redis/redis.conf # Define mountable directories. VOLUME ["/data"] # Define working directory. WORKDIR /data # Define default command. CMD ["redis-server", "/etc/redis/redis.conf"] # Expose ports. EXPOSE 6379
  • 9. Image • A read-only Layer is called an image. An image never changes. • Each image may depend on one more image which forms the layer beneath it. We sometimes say that the lower image is the parent of the upper image. • Each image may depend on one more image which forms the layer beneath it. We say that the lower image is the parent of the upper image.
  • 10. How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
  • 11. How to make a image • Use dockerfile • Use docker commit manually (deprecated)
  • 12. Create a root image • https://github.com/docker/docker/blob/master/ contrib/mkimage-busybox.sh • https://github.com/docker/docker/blob/master/ docs/articles/baseimages.md
  • 13. How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
  • 14. What is a container? • A Linux container is a copy of a Linux environment located in a file system which is jail environment but uses Linux NameSpaces, it runs its own init process, separate process space, separate filesystem and separate network stack which is virtualized by the root OS running on the hardware.
  • 15. Concept of image and container • Docker image is a layer in the file system • Containers are two layers - Layer one is init layer based on image - Layer two is the actual container content 511136ea3c5a df7546f9f060 ea13149945cb 4986bf8c1536 142b6a3eae4 0 142b6a3eae4 0-init Container Image RW RO /dev /dev/console /dev/shm /etc /etc/hostname /etc/hosts /dev/mtab -> /proc/mounts
  • 16. How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
  • 17. Linux kernel Namespace • UTS(hostname), Mount(mount points), IPC(System V IPC), User(UIDs), Pid(processes), Net(network stack) • The kernel namespace API, clone, setns, unshare • /proc/[pid]/ns/ directory $ ls -l /proc/$$/ns lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 ipc -> ipc:[4026531839] lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 mnt -> mnt:[4026531840] lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 net -> net:[4026531956] lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 pid -> pid:[4026531836] lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 user -> user:[4026531837] lrwxrwxrwx. 1 mtk mtk 0 Jan 14 01:20 uts -> uts:[4026531838]
  • 18. setns • reassociate process with a namespace • int setns(int fd, int nstype); • CLONE_NEWIPC/CLONE_NEWNET/CLONE_NEWNS/ CLONE_NEWPID/CLONE_NEWUSER/CLONE_NEWUTS • Each process has a /proc/[pid]/ns/ subdirectory containing one entry for each namespace that supports being manipulated by setns(2)
  • 19. Join pid namespace func joinNS(namespaces []configs.Namespace) error { for _, ns := range namespaces { if ns.Path != "" { f, err := os.OpenFile(ns.Path, os.O_RDONLY, 0) if err != nil { return err } err = system.Setns(f.Fd(), uintptr(ns.Syscall())) f.Close() if err != nil { return err } } } return nil }
  • 20. How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
  • 21. Storage Driver • Docker implements vfs, aufs, device mapper, btrfs, overlayfs, zfs currently. • Storage driver should have the following feather - Copy on write - Shared memory cache • Performance http://developerblog.redhat.com/ 2014/09/30/overview-storage-scalability-docker/
  • 22. Aufs • Work on File-level • Combine multiple branches in a specific order • Each branch is just a normal directory • Opening a file - look it up in each branch, starting from the top, open the first one if find - If attempts writing into it, copy it to the read-write (top) branch, then open the copy - That "copy-up" operation can take a while if the file is big! • Deleting a file - A whiteout file is created
  • 24. Device Mapper • Work on Block-level • Each container and each image gets its own block device • At any given time, it is possible to take a snapshot of a container or an image • data/metadata is sparse file • recommend to put data on real disk loop0 data metadata /dev/mapper/docker-{major}: {minor}-{indoor}-pool loop0 volume 1 volume 2
  • 25. How to make its owner filesystem 1. mount every parent layer and rw layer diff/ $cid-init on mnt/$cid-init 2. make extra files, dir, links in mnt/$cid-init 3. mount every parent layer and rw layer diff/ $cid and ro layer diff/$cid-init on mnt/$cid 4. setns to join existing mount namespace 5. mount proc/sysfs/tmpfs/cgroup… 6. create devices, setup dev symlinks, init filesystem 7. chdir diff/$cid && chroot . note : underline parts made by initprocess, others made by docker daemon. more in rootfs_linux.go 511136ea3c5a df7546f9f060 ea13149945cb 4986bf8c1536 142b6a3eae4 0 142b6a3eae4 0-init /var/lib/docker/aufs/diff /var/lib/docker/aufs/mnt 142b6a3eae4 0
  • 26. How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
  • 27. Network mode • Docker supports bridge/none/container/host mode • How bridge mode work?
  • 28. Bridge mode 1. create docker0 bridge, add eth1 to docker0, set up docker0 iptable rule 2. create a veth device, attach one to docker0, put another into container’s network namespace. 3. allocate a free ip 4. set up iptable rules and userland proxy 5. setns to join existing network namespace 6. change the name of veth device to eth1 in container 7. set mac address, ip, mtu of veth device 8. set up default gateway and route note : underline parts made by initprocess, others made by docker daemon. host eth1 10.27.149.90 docker0 172.17.42.1 contianer0 eth1 172.17.0.4 vethdb6e696 contianer1 eth1 172.17.0.5 veth8df64b7 veth device bridge physical device
  • 29. Consistent mac address • Docker generates mac addresse for veth device consistent for a given ip address. • This can avoid arp cache issues func generateMacAddr(ip net.IP) net.HardwareAddr {
 hw := make(net.HardwareAddr, 6)
 
 // The first byte of the MAC address has to comply with these rules:
 // 1. Unicast: Set the least-significant bit to 0.
 // 2. Address is locally administered: Set the second-least-significant bit (U/L) to 1.
 // 3. As "small" as possible: The veth address has to be "smaller" than the bridge address.
 hw[0] = 0x02
 
 // The first 24 bits of the MAC represent the Organizationally Unique Identifier (OUI).
 // Since this address is locally administered, we can do whatever we want as long as
 // it doesn't conflict with other addresses.
 hw[1] = 0x42
 
 // Insert the IP address into the last 32 bits of the MAC address.
 // This is a simple way to guarantee the address will be consistent and unique.
 copy(hw[2:], ip.To4())
 
 return hw
 }
  • 30. Port Mapping • Docker daemon use a map to record ports and ip mappings • Connect to local subset - userland proxy: docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 49153 - container-ip 172.17.0.2 -container-port 6379 - Hairpin nat (new docker versions) - enable /sys/class/net/$vethname/brport/hairpin_mode • Connect to others - iptables -I POSTROUTING -t nat -s 172.17.42.1/16 ! -o docker0 -j MASQUERADE - iptables -t nat -A DOCKER -p tcp -d 0/0 --dport 49153 ! -i docker0 -j DNAT --to- destination 172.17.0.2:6379
  • 31. How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
  • 32. Cgroups support by docker • cgroup components: cpuset, cpu, cpuacct, memory, devices, freezer, net_cls, blkio • docker run option: --memory, --cpuset, --cpu- shares, --device • docker pause/unpause • After start background “docker native” process, docker daemon echo the pid of it to cgroup dirs like /cgroup/memory/docker/$cid/memory.limit_in_bytes
  • 33. How this happened • What is a redis image? How to make it? • What is a container? How to make its own filesystem, network stack, process space, resource limitation? • How container starts?
  • 34. How container starts 1. creates a socketpair and starts a background child process “docker native” 2. create network devices and applies cgroup settings. 3. send configuration to “docker native” 4. receive error message, wait for “docker native” to exit 5. “docker native” receive config and env from socketpair 6. “docker native” join existing namespace with fd in /proc/$pid/ns/* 7. init file system… 8. exec entrypoint “docker native” is the init process in container daemon docker native entrypoint start config errors exec client startcreate
  • 35. Reference • Docker image specification • Linux container • Deep dive into Docker storage drivers • Docker Architecture (v1.3) • Hairpin_NAT • Linux Programmer's Manual NAMESPACES