CFEngine and Docker: Containers in the desired state
10
www.cfengine.com CFEngine & Docker Bishwa Shrestha
-
Upload
normation -
Category
Technology
-
view
108 -
download
5
description
As the use of linux containers continue to grow, system administrators are facing the need for managing and auditing them. These tiny ""machines"" pose similar challenges as the traditional servers or virtual machines: 1. Process management Make sure certain processes are running on specific containers Make sure processes do not misbehave 2. Patch management Make sure certain packages are installed on the system 3. Config management Make sure a configuration file contains certain lines (in-container config management) Make sure certain files do not grow beyond a given size 4. Reporting How many containers are running webservers? Which containers are running on which hardware/machine/location? (inventory management) To solve all these challenges we have a familiar tool that has been keeping sysadmins' promises for a long time: CFEngine. CFEngine agents can be distributed as lightweight Docker images which, when deployed, pull policies from the policy-server and do what they do best - keep the containers in the desired state. In this talk I will demonstrate how easy it is to deploy CFEngine in containers from Docker images and have the agents report back to the CFEngine Mission Portal. Presentation by Bishwa Shrestha from CFEngine
Transcript of CFEngine and Docker: Containers in the desired state
www.cfengine.com
CFEngine & Docker
Bishwa Shrestha
Docker
• Open source project to manage Linux containers
– Container technology is not itself new
– Other containers: Solaris Zones, OpenVZ, AIX VIOS, ...
• Containers are suddenly easier to use
• Versioning and sharing straightforward
• http://www.docker.io
● Rapid adoption
– Over 400,000 downloads
– over 300 contributors
● System administrators will need to manage such systems
CFEngine
• Lightweight configuration management
and automation tool
• Runs is almost anything
without much impact on the system
Docker in CFEngine
● Stress testing– Serving policy updates / file copy (cf-serverd)
– Report collection (enterprise)
● Upgrade testing● Staging Environments● Integration in the build pipeline
What next?
● Where does CFEngine fit?
– Long-running systems tend to drift
– Where there is drift, there is a need for desired state
– In-container configuration and process management and / or
– Orchestration through APIs?
● Adjustments– cf-monitord – stats generated are for the base
hardware, eg. CPU, disk usage
– Process scope and visibility – openvz.org
– Adapting to the docker model of versioning and sharing
Lets discuss the possibilities!
@awsiv (twitter)
help-cfengine (google groups)
#cfengine (IRC)
Links
• www.docker.io
• docs.docker.io/en/latest/examples/cfengine_process_management/
• www.cfengine.com/blog/cfengine-and-docker-ensure-application-availability-and-container-integrity
• github.com/estenberg/cfe-docker
