Docker for PeopleA brief and fairly painless introduction to Docker

Friday, November 17th 11:00 - 11:45

NM TIE 2017 1

Greg GómezSung-Hee Lee

The University of New MexicoIT

Docker for PeopleAgenda:

Greg: Theory

Sung-Hee: Practice (Demo)

NM TIE 2017 2

Note

We’re (mainly) php developers, so we’ll be using LAMP (Linux, Apache, MySQL, php) for many all of our examples.

Not all version numbers in this presentation are real; some are entirely fictional.

NM TIE 2017 3

What Is Docker?

Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.

NM TIE 2017 4

What Is Docker?

Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.

NM TIE 2017 5

What Is Docker?

Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.

NM TIE 2017 6

What Is Docker?

Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.

NM TIE 2017 7

What Is Docker?

Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.

NM TIE 2017 8

What Is Docker?

Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers. Operators use Docker to run and manage apps side-by-side in isolated containers to get better compute density. Enterprises use Docker to build agile software delivery pipelines to ship new features faster, more securely and with confidence for both Linux and Windows Server apps.

NM TIE 2017 9

Why the confusion?

• Docker has been moving fast, and there have been many updates.

• The result is that there are some discrepancies even in relatively new documents.

• There’s also confusion about what Docker is.

• It’s not a VM (although it can run (and did) run in one).

NM TIE 2017 10

Containerization’s Not New

Like many other ‘new’ technologies, Docker is a next step in the evolution of a number of existing technologies.

Arising from the need to prevent applications (and users) from interfering with one another on a single system.

Initially in the late 1970s, there’s been steady improvements since the turn of the century. Especially with the Linux kernal.

NM TIE 2017 11

It’s not a VM!

NM TIE 2017 12

Docker is not a virtual machine.

A simplified view of the innards of a standard computer.

NM TIE 2017 13

Hardware

Kernel

Operating System

Application ApplicationApplication

Important: what’s a kernel?

NM TIE 2017 14

Hardware

Kernel

Operating System

Application ApplicationApplication

Important: what’s a kernel?

NM TIE 2017 15

• The kernel is the core of the Operating System. It controls the entire system.

• It also acts as a proxy between hardware and peripherals such as keyboards, monitors, network cards, etc.

• The kernel controls things like access to hardware, certain operations, and other features.

Important: what’s a kernel?

NM TIE 2017 16

CPU

Kernel

Operating System

Application ApplicationApplication

Memory Devices

What’s a Virtual Machine (VM)?

NM TIE 2017 17

• It’s a simulation of a computer, running on simulated hardware.

Simplified Virtual Machine (VM)

NM TIE 2017 18

Hardware

Kernel

Operating System

Application ApplicationVM (Hypervisor)

Kernel

(Guest) Operating System

Application ApplicationApplication

Kernel

Operating System

Application Application Application

NM TIE 2017 19

Hardware

Kernel

Operating System

ApplicationApplication VM (Hypervisor)

Kernel

Operating System

Application ApplicationApplication

Kernel

(Guest) Operating System

Application ApplicationApplication

Simplified Virtual Machine(s) (VMs)

It’s a Container Manager!

NM TIE 2017 20

Hardware

Kernel

Operating System

Application ApplicationDocker

Container Engine

ApplicationContainer

Application

Container

Application

Container Engine

Application

Container Engine

ApplicationApplication

Application

Application

Runtime Isolation

NM TIE 2017 21

Container Engine

ApplicationContainer Engine

Application

Container

Application

Container Engine

Application

Container Engine

ApplicationApplication

Application

Application

Runtime Isolation

NM TIE 2017 22

Container Engine

php 8.19

Container Engine

php 5.x

Runtime Isolation

NM TIE 2017 23

Container Engine

php 8.19

Container Engine

php 5.x

Container Engine

mySQL 4

Container Engine

mySQL 6

Container Engine

Apache 3

Container Engine

Apache 5

Runtime Isolation

NM TIE 2017 24

Container Engine

mySQL 4

Container Engine

mySQL 6

Container Engine

Apache 5

Container Engine

php 8.19

Container Engine

php 5.x

Container Engine

Apache 3

Container Engine

php 8.19

Runtime Isolation

NM TIE 2017 25

Container

php 5.x

mySQL 4

Apache 5

Container

php 7.x

mySQL 5

nginx

Runtime Isolation

NM TIE 2017 26

Container

php 5.x

mySQL 4

Apache 5

Container

php 7.x

mySQL 5

nginx

Host OS’ diskphp, etc. files

here!

Runtime Isolation

NM TIE 2017 27

Container Engine

php 5.x

mySQL 4

Apache 5

Container Engine

php 7.x

mySQL 5

nginx

Host OS’ diskphp files here!

Editor, IDE, etc.

What makes it so cool (good, easy)…

NM TIE 2017 28

What makes it so cool (good, easy)…

It utilizes a single kernel, so it saves lots of resources.

Well-configured Docker configuration files make it easy to create stable, reusable development environments.

Less finicky than VMs(?).

Easier to keep up with updates to php, MySQL, etc. (Because you’re not relying on your *AMP vendor to update).

Easier to segregate Projects.

NM TIE 2017 29

What makes it so difficult…

It doesn’t make managing containerized apps any easier.

IOW, to master Docker a good working knowledge of *ix systems, networking, resources, automation, etc. is required.

Therefore, customizing Docker is more Ops than Dev.

Creating customized Images requires some knowledge of *ix (moderate to expert)

NM TIE 2017 30

Docker Repository

• A centralized location with many Images.

• Some are official, many are from the community.

• There’s probably an existing Image that does what you need.

• Link!

NM TIE 2017 31

Main use-cases for developers

• Develop locally and deploy files

• Develop locally and deploy Containers.

NM TIE 2017 32

Develop locally and deploy files

• Eliminate *AMP (MAMP, XAMP, etc.)

• Easily try new versions of your stack.• For example, want to see how your php 5 code runs on php 7?

• Close parity with your production environment.• But not necessarily exact

• Eg: Prod = php 5.6.12; your dev = php 5.6.19

NM TIE 2017 33

Develop locally and deploy files - workflow

• Install Docker, etc.

• Get an image that suites you.

• Get your database, browser, etc., going.

• Code (implement new features, fix bugs, etc.)• (Edit, save, refresh).

• Commit to your versioning tool, if you’re using one.

• Deploy your code (for testing, acceptance, production, etc.)

• Does NOT eliminate works on my machine issues.

NM TIE 2017 34

Develop locally and deploy Containers.

• Requires your Ops team to be ready (because they need to have Docker running on target systems).

• Install Docker.• Get an image that suites you.• Code (implement new features, fix bugs, etc.)• Deploy your Container (for testing, acceptance, production, etc.)• Eliminates works on my machine issues.

NM TIE 2017 35

Pros

• Great deal of freedom for developers.

• Less Ops knowledge than VMs.

• Eliminate VMs.

• Eliminate *AMP stacks.

• In a fully realized Docker shop, less stressful deployments• Blue Green

• Widely developed, adopted and supported by very large enterprises like Google, Red Hat, Microsoft, etc., etc.

NM TIE 2017 36

Cons

• Great deal of freedom for developers.• My project uses Lua, Caddy and CockroachDB!!

• Neat, huh!?!?

• Mastery requires non-trivial knowledge of *ix.• More Ops than Dev.

• The new hotness• But it’s probably here to stay.

NM TIE 2017 37

The Process – Innards –Essential Knowledge

NM TIE 2017 38

Dockerfile Image Container

An image is a lightweight, stand-alone, executable…

A container is a runtime instance of an image…

A Dockerfile is a text document…

dockerbuild

dockerrun

Dockerfile

NM TIE 2017 39

Dockerfile

A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession1.

dockerbuild

Image

NM TIE 2017 40

Image

An image is a lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and configfiles2.

dockerrun

Containers

NM TIE 2017 41

Container

A container is a runtime instance of an image—what the image becomes in memory when actually executed.

It runs completely isolated from the host environment by default, only accessing host files and ports if configured to do so2.

What about security?

• What about it?

NM TIE 2017 42

Demo…

Sung-Hee Lee

NM TIE 2017 43

References and Resources• http://rhelblog.redhat.com/2015/08/28/the-history-of-containers/• https://blog.aquasec.com/a-brief-history-of-containers-from-1970s-chroot-to-

docker-2016• https://en.wikipedia.org/wiki/Kernel_(operating_system)• https://en.wikipedia.org/wiki/Hypervisor• Redhat’s developer site - https://developers.redhat.com/.• Docker’s site - https://www.docker.com/.• Play with Docker - https://labs.play-with-docker.com/.

NM TIE 2017 44