docker for people · docker is the worlds leading software container platform. developers use...
TRANSCRIPT
Docker for PeopleA brief and fairly painless introduction to Docker
Friday, November 17th 11:00 - 11:45
NM TIE 2017 1
Greg GómezSung-Hee Lee
The University of New MexicoIT
Docker for PeopleAgenda:
Greg: Theory
Sung-Hee: Practice (Demo)
NM TIE 2017 2
Note
We’re (mainly) php developers, so we’ll be using LAMP (Linux, Apache, MySQL, php) for many all of our examples.
Not all version numbers in this presentation are real; some are entirely fictional.
NM TIE 2017 3
What Is Docker?
Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.
NM TIE 2017 4
What Is Docker?
Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.
NM TIE 2017 5
What Is Docker?
Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.
NM TIE 2017 6
What Is Docker?
Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.
NM TIE 2017 7
What Is Docker?
Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.
NM TIE 2017 8
What Is Docker?
Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.
NM TIE 2017 9
Why the confusion?
• Docker has been moving fast, and there have been many updates.
• The result is that there are some discrepancies even in relatively new documents.
• There’s also confusion about what Docker is.
• It’s not a VM (although it can run (and did) run in one).
NM TIE 2017 10
Containerization’s Not New
Like many other ‘new’ technologies, Docker is a next step in the evolution of a number of existing technologies.
Arising from the need to prevent applications (and users) from interfering with one another on a single system.
Initially in the late 1970s, there’s been steady improvements since the turn of the century. Especially with the Linux kernal.
NM TIE 2017 11
It’s not a VM!
NM TIE 2017 12
Docker is not a virtual machine.
A simplified view of the innards of a standard computer.
NM TIE 2017 13
Hardware
Kernel
Operating System
Application ApplicationApplication
Important: what’s a kernel?
NM TIE 2017 14
Hardware
Kernel
Operating System
Application ApplicationApplication
Important: what’s a kernel?
NM TIE 2017 15
• The kernel is the core of the Operating System. It controls the entire system.
• It also acts as a proxy between hardware and peripherals such as keyboards, monitors, network cards, etc.
• The kernel controls things like access to hardware, certain operations, and other features.
Important: what’s a kernel?
NM TIE 2017 16
CPU
Kernel
Operating System
Application ApplicationApplication
Memory Devices
What’s a Virtual Machine (VM)?
NM TIE 2017 17
• It’s a simulation of a computer, running on simulated hardware.
Simplified Virtual Machine (VM)
NM TIE 2017 18
Hardware
Kernel
Operating System
Application ApplicationVM (Hypervisor)
Kernel
(Guest) Operating System
Application ApplicationApplication
Kernel
Operating System
Application Application Application
NM TIE 2017 19
Hardware
Kernel
Operating System
ApplicationApplication VM (Hypervisor)
Kernel
Operating System
Application ApplicationApplication
Kernel
(Guest) Operating System
Application ApplicationApplication
Simplified Virtual Machine(s) (VMs)
It’s a Container Manager!
NM TIE 2017 20
Hardware
Kernel
Operating System
Application ApplicationDocker
Container Engine
ApplicationContainer
Application
Container
Application
Container Engine
Application
Container Engine
ApplicationApplication
Application
Application
Runtime Isolation
NM TIE 2017 21
Container Engine
ApplicationContainer Engine
Application
Container
Application
Container Engine
Application
Container Engine
ApplicationApplication
Application
Application
Runtime Isolation
NM TIE 2017 22
Container Engine
php 8.19
Container Engine
php 5.x
Runtime Isolation
NM TIE 2017 23
Container Engine
php 8.19
Container Engine
php 5.x
Container Engine
mySQL 4
Container Engine
mySQL 6
Container Engine
Apache 3
Container Engine
Apache 5
Runtime Isolation
NM TIE 2017 24
Container Engine
mySQL 4
Container Engine
mySQL 6
Container Engine
Apache 5
Container Engine
php 8.19
Container Engine
php 5.x
Container Engine
Apache 3
Container Engine
php 8.19
Runtime Isolation
NM TIE 2017 25
Container
php 5.x
mySQL 4
Apache 5
Container
php 7.x
mySQL 5
nginx
Runtime Isolation
NM TIE 2017 26
Container
php 5.x
mySQL 4
Apache 5
Container
php 7.x
mySQL 5
nginx
Host OS’ diskphp, etc. files
here!
Runtime Isolation
NM TIE 2017 27
Container Engine
php 5.x
mySQL 4
Apache 5
Container Engine
php 7.x
mySQL 5
nginx
Host OS’ diskphp files here!
Editor, IDE, etc.
What makes it so cool (good, easy)…
NM TIE 2017 28
What makes it so cool (good, easy)…
It utilizes a single kernel, so it saves lots of resources.
Well-configured Docker configuration files make it easy to create stable, reusable development environments.
Less finicky than VMs(?).
Easier to keep up with updates to php, MySQL, etc. (Because you’re not relying on your *AMP vendor to update).
Easier to segregate Projects.
NM TIE 2017 29
What makes it so difficult…
It doesn’t make managing containerized apps any easier.
IOW, to master Docker a good working knowledge of *ix systems, networking, resources, automation, etc. is required.
Therefore, customizing Docker is more Ops than Dev.
Creating customized Images requires some knowledge of *ix (moderate to expert)
NM TIE 2017 30
Docker Repository
• A centralized location with many Images.
• Some are official, many are from the community.
• There’s probably an existing Image that does what you need.
• Link!
NM TIE 2017 31
Main use-cases for developers
• Develop locally and deploy files
• Develop locally and deploy Containers.
NM TIE 2017 32
Develop locally and deploy files
• Eliminate *AMP (MAMP, XAMP, etc.)
• Easily try new versions of your stack.• For example, want to see how your php 5 code runs on php 7?
• Close parity with your production environment.• But not necessarily exact
• Eg: Prod = php 5.6.12; your dev = php 5.6.19
NM TIE 2017 33
Develop locally and deploy files - workflow
• Install Docker, etc.
• Get an image that suites you.
• Get your database, browser, etc., going.
• Code (implement new features, fix bugs, etc.)• (Edit, save, refresh).
• Commit to your versioning tool, if you’re using one.
• Deploy your code (for testing, acceptance, production, etc.)
• Does NOT eliminate works on my machine issues.
NM TIE 2017 34
Develop locally and deploy Containers.
• Requires your Ops team to be ready (because they need to have Docker running on target systems).
• Install Docker.• Get an image that suites you.• Code (implement new features, fix bugs, etc.)• Deploy your Container (for testing, acceptance, production, etc.)• Eliminates works on my machine issues.
NM TIE 2017 35
Pros
• Great deal of freedom for developers.
• Less Ops knowledge than VMs.
• Eliminate VMs.
• Eliminate *AMP stacks.
• In a fully realized Docker shop, less stressful deployments• Blue Green
• Widely developed, adopted and supported by very large enterprises like Google, Red Hat, Microsoft, etc., etc.
NM TIE 2017 36
Cons
• Great deal of freedom for developers.• My project uses Lua, Caddy and CockroachDB!!
• Neat, huh!?!?
• Mastery requires non-trivial knowledge of *ix.• More Ops than Dev.
• The new hotness• But it’s probably here to stay.
NM TIE 2017 37
The Process – Innards –Essential Knowledge
NM TIE 2017 38
Dockerfile Image Container
An image is a lightweight, stand-alone, executable…
A container is a runtime instance of an image…
A Dockerfile is a text document…
dockerbuild
dockerrun
Dockerfile
NM TIE 2017 39
Dockerfile
A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession1.
dockerbuild
Image
NM TIE 2017 40
Image
An image is a lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and configfiles2.
dockerrun
Containers
NM TIE 2017 41
Container
A container is a runtime instance of an image—what the image becomes in memory when actually executed.
It runs completely isolated from the host environment by default, only accessing host files and ports if configured to do so2.
What about security?
• What about it?
NM TIE 2017 42
Demo…
Sung-Hee Lee
NM TIE 2017 43
References and Resources• http://rhelblog.redhat.com/2015/08/28/the-history-of-containers/• https://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-
docker-2016• https://en.wikipedia.org/wiki/Kernel_(operating_system)• https://en.wikipedia.org/wiki/Hypervisor• Redhat’s developer site - https://developers.redhat.com/.• Docker’s site - https://www.docker.com/.• Play with Docker - https://labs.play-with-docker.com/.
NM TIE 2017 44