Deployingwith Docker

DevOps Days PGH 2014.05.30

a.k.a. provisioning docker containers and images with Chef

Deployingwith Docker

(or not)

Why do we still need<insert tool here>?

But… we have Dockerfiles!

It’s a shell-script?

$ cat SomeApp/DockerfileFROM ubuntu:13.10 RUN apt-get update; apt-get install apache RUN sed ’s/something/else/‘ /etc/apache/httpd.conf ADD shell-script.shRUN shell-script.shRUN [‘/usr/bin/apachectl’, ‘start’]

I ♥ #!/bin/bash. oo # https://raw.githubusercontent.com/ # ewindisch/bashoo/master/lib/oo # Classes are created implicitly through functionsfunction MsgWriter::new { self=$1; shift msg=$1; shift instance_var $self msg $msg } function MsgWriter::write { self=$1; shift echo $($self.msg) } new terminal is MsgWriter “Hello World” terminal.write

stack:~/devstack$ wc -l stack.sh functions \ functions-common \ lib/* lib/*/* | tail -n1 15490 total

DevOpsor

crazy-sauce?

$ cd ~/rpm-chef $ cat Dockerfile FROM fedora RUN yum update \ yum -y install chef

Do

cker

Chef

$ cd ~/omnibus-chef $ cat Dockerfile FROM fedora"RUN curl -L \ https://www.opscode.com/chef/install.sh | /bin/bash

Do

cker

Chef

Traditional Chef

Hardware

OS

Linux

Chef

Installs Chef

Runs

Configures

Images on HWis usually mutable

Hardware

Image

Linux

Chef

Installs Chef

Image'

Linux

Chef

Creates

Replaces

Runs

Ephemeral environmentsare (somewhat) immutable.

Hypervisor

Image

Linux

Chef

Runs

Image'

Linux

Chef

Chef

Runs

Configures

VM

Accesses

COW

Chef-for-runtime

$ cat Dockerfile FROM fedora RUN yum update; \ yum -y install chef

ADD http://x/receipes.tar.gz /opt/chef"ADD solo.rb /etc/chef/solo.rb"CMD chef-solo -c /etc/chef/solo.rb ; \! apachectl start

Containersare

THINGS

X

X

Servers vs Things

Pets vs Cattle

LET US BAKEIMAGES!

Let us

BAKE

images!

Containers are like ephemeral VMs*

* Docker containers don’t HAVE to be ephemeral, but it’s TheRightThing

Docker

Image

Linux

Chef

Runs

Image'

Linux

Chef

Chef

Runs

Configures

Container

Accesses

COW

TM

Bakery Chef

$ cat Dockerfile FROM fedora RUN yum update; \ yum -y install chef"ADD http://x/receipes.tar.gz /opt/chef"ADD solo.rb /etc/chef/solo.rb"RUN chef-solo -c /etc/chef/solo.rb

Burning configuration into images.

Docker ContainerInitiates Creates

Image

Linux

Chef

Chef

Runs

Configures

Build Creates

Expanded view:Burning configuration into

images.

Docker Image tagInitiates

Image'

Linux

Chef

Chef

Build

Image

Linux

Chef

Creates

Creates

Runs Creates

References1

2

Anatomy of a Docker+Chef build & run

Docker ContainerInitiates Creates

Image

Linux

Chef

Chef

Runs

Configures

Chef

Runs

Configures

Build Creates

Stage 1 Stage 2

For All The Things!

$ cat Dockerfile FROM fedora RUN yum update; \ yum -y install chef ADD http://x/receipes.tar.gz /opt/chef"ADD solo-stage1.rb /etc/chef/solo-stage1.rb"ADD solo-stage2.rb /etc/chef/solo-stage2.rb"RUN chef-solo -c /etc/chef/solo-stage1.rb"CMD chef-solo -c /etc/chef/solo-stage2.rb; \" apachectl start

Does it converge?

$ docker build —rm . $ echo $? # pass or fail

(This is great use of Docker as an alternative to VMs for testing Chef recipes targeting non-Docker production systems)

Deploying Docker (for real this time)

#!/bin/bash -x aws ec2 run-instances \ --image-id ami-e55a648c \ --key-name my-key \ --user-data "#include https://get.docker.io” ip=$(aws ec2 describe-instances \ --output json \ --filter Name=instance-state-name,Values=running | python \ -c 'import json; import sys; print json.load(sys.stdin)[“Reservations”][0]["Instances"][0]["PublicIpAddress"]') ssh ubuntu@$ip sudo docker run cirros

# using https://github.com/bflad/chef-docker $ cat cookbooks/docker-registry/default.rb# Pull latest image docker_image 'samalba/docker-registry' !# Run container exposing ports docker_container 'samalba/docker-registry' do detach true port '5000:5000' env 'SETTINGS_FLAVOR=local' volume '/mnt/docker:/docker-storage' end $ knife ec2 server create # yada yada yada

docker::run { 'helloworld': image => 'base', command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"', ports => ['4444', '4555'], links => ['mysql:db'], use_name => true, volumes => ['/var/lib/couchdb', '/var/log'], volumes_from => '6446ea52fbc9', memory_limit => 10485760, # bytes username => 'example', hostname => 'example.com', env => ['FOO=BAR', 'FOO2=BAR2'], dns => ['8.8.8.8', '8.8.4.4'], restart_service => true, }

7KH�'RFNHU�SOXJLQ�IRU�+HDW%\�XVLQJ�WKH�SOXJLQ��+HDW�FDQ�WDON�GLUHFWO\�WR�'RFNHU

Orchestration for Dockerwith OpenStack Heat

DockerInc::Docker::Container

VMs

Baremetal

Heat Workflow

Heat API

VM

Docker

NovaNova resource

Docker resource

Container1

Container2

Container3

HOT

heat_template_version: 2013-05-23 description: shared volumes example resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io ftp_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: mikz/vsftpd ports: [ “21:21” ] volumes: [ “/ftp” ] name: “FTP”

apache_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: fedora/apache ports: [ “80:80” ] volumes-from: “FTP” cmd: “rm -rf /var/www; ln -s /ftp /var/www; /run-apache.sh”

Ansible- hosts: web sudo: yes tasks: - name: ensure redis container is running docker: image=crosbymichael/redis name=redis - name: ensure redis_ambassador container is running docker: image=svendowideit/ambassador ports=6379:6379 links=redis:redis name=redis_ambassador_ansible

Mesos Flynn.io

Creating Containers is Easy

Managing them SUCKS

needs improvement

This is probably material for another

talk…

Container Inventory

• discoverd / sdutil • serf • skydock • others?

X

X

Q & A

@ewindisch