introducción a docker - librecon 2016

Introducción a Docker22-11-2016 LibreCon 2016 Bilbao

2 / 33(C) 2016 Hopla! Software & Subsidiaries

About Us

• Only Docker Value-Added Master Reseller in Spain, Portugal and LATAM

• Only distributor for EDB in Spain, Italy & LATAM• Presence in France, Spain, Portugal, Mexico &

Colombia• We provide 24x7 Support in Spanish for:

• Docker• PostgreSQL – EDB

• 12 Engineers


SUPPORT

● Break & Fix support L

1-2 ; local lang● 24x7 local languages● Proactive support w/

extensive

monitoring

LICENSES / SOLUTIONS

● Subscriptions:

EnterpriseDB,

Docker, Bacula● Management,

Monitoring &

Tooling

TRAINING

● Official + custom

EDB & Docker● Custom advanced

Enterprise training

TOOLS

● Migration solutions● Architectural

consulting &

re-engineering● Advanced / custom

functionalities

What we do


Local References


¿Qué es Docker?


Software Containers and Docker Containers: Wikipedia• Software Containers:

Operating-system-level virtualization is a server virtualization method in which the kernel of an operating system allows the existence of multiple isolated user-space instances, instead of just one. Examples: chroot, LXC, OpenVZ, Solaris Containers (Zones), FreeBSD Jail, VMWare ThinApp

• Docker containers Designed to wrap up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries, anything you can install on a server. This guarantees that it will always run the same, regardless of the environment it is running in.


Container Technology

Used Technologies• cgroups• Kernel namespaces

• PID• NET• IPC• MNT• UTS: Unix Timesharing System

• Union Filesystems: • AUFS• Btrfs• Vfs• DeviceMapper

• Container format: libcontainer, but some other will be supported: BSD Jails or Solaris Zones


Motivation: Microservices and SOA


Applications: Paradigm change

• Applications are no longer monolithic

• SOA implies multiple app stacks

• Services are decoupled

• Developers focused on Functionality

• Scalability


Multiple Technologies, A Common Problem


Problem Solved Again!!!

Concepts

• Image

• Container

• Engine / Client

• Security• Attack surface• SE Linux• Networking

• Persistence vs Ephemeral

Concepts

• Orchestrating Containers

• Swarm

• Compose

mysql: image: mysql:5.5 environment: MYSQL_ROOT_PASSWORD: rootpasswd MYSQL_DATABASE: drupal volumes: - ./conf/mysql/conf.d:/etc/mysql/conf.d ports: - "3306"

redis: image: redis:2.8 ports: - "6379"

solr: build: ../../build/drupal-solr ports: - "8983"

web: build: ../../build/drupal-nginx-php55x ports: - "80" - "443" - "22" volumes: - /opt/code/example/drupal:/var/www links: - mysql - redis - solr

Docker: High Level Architecture

Concepts

• Manage Images

• Registry / Trusted Registry

• Notary

• Extending Functionality

• Engine Plugins

• Volumes

• Networking

Docker Enterprise Solutions

• Cloud Products

• Docker Hub

• Docker Cloud

• On-Premise Products

• Docker Universal Control Plane

• Docker Trusted Registry


Developers IT Operations

BUILDDevelopment Environments

SHIPSecure Content & Collaboration

RUNDeploy, Manage, Scale

Docker CaaS Overview


Introducing Docker Datacenter

Integrated, end-to-end platform for agile application development and management in production


Docker Datacenter integrates with existing enterprise systems


Why Docker?

Docker Ecosystem


Integration: CI/CD

21

Developer

Versioncontrol

1. Development 2. Test 3. Stage / Production

QA / QE

SysadminProject Management


Dockerizing an existing complex application


Dockerizing an existing complex application (detail)• Remarkable elements

• Gateway to external services• Proxy for controlled access to the Internet (i.e. restricted)• Synchronizing gateway (w/ semaphore!)• Centralized configuration• User-controlled app-wide events

• Service Discovery … and consumption!• Auto-register (declaratively) containers upon startup• Containers can also register themselves• ALL services are available in the catalog, and resolvable via

DNS. Non-standard ports are supported too – SRV [RFC 2782]• Legacy services use the same mechanism


Dockerizing an existing complex application (detail – cont.)• Event-driven reconfiguration

• Central distributed KV stores config params• Changes to configuration trigger reconfig actions

...and cluster-wide actions – management at scale!e.g.: apply patches, reconfigure services

• Comms security with performance• Hardware-accelerated flow separation till switches (VLAN)• Kernel-enforced/accelerated private network per application• Centrally-configured restricted access to the internet• Service consumption only over trusted datapath

DR/BC-ready: multi-DC & auto-failover

Dockerization of Legacy Systems Benefits: Cost Reduction• 100 VMs Frontal Servers

• Apache2.2 on CentOS6-7; mpm-event[ILK]+php5-fpm 5.3• 4GB de RAM average• 2 or 4 vCPU • 10GB minimal disk image (tipically 25GB)

• That makes 400GB RAM and 200 vCPU

• 5 VMs with 8vCPUs and 32GB RAM• 60% RAM and 80% CPUs savings


Escalado PostgresqlArchitecture and network

SELECTS

This demo shows how a STATEFUL application can be managed and scaled using containers.

Master Slave

Replication

Writes


Escalado PostgresqlOne click scale

Scale in one click:• Application Server• DB Pool• Horizontal DB ScaleAND…Autoscale DB under several

configurable parameters.

SELECTSELECT

Master Slave

Replication

Slave

Replication


Container Advantages

• BUSINESS: • Time to Market.

• Faster development cycles.

• More releases in less time

• Scalability: 0,5s to launch a new container



• IT ORGS: • Responsibilities Segregation



• DEVELOPMENT: • Portability

• Development Deployment→

• CI & testing simplified• Reproducible builds &

deploy• Fast rollback made possible• Deterministic operations

• Common CI tools• Native Jenkins plugin available• GitLab, Gerrit, Bamboo too

...no need to abandon BCPs!



• OPERATIONS: Efficiency• Higher density: 100s

containers/server vs 10’s VM/server

• Elasticity: grow and shrink. Better “pay per use”

• Management simplification. No need for virtualization

• Repeteable Architectures. Design once, deploy 100’s times

• Decoupling of OS from the applications: Independent evolution

33 / 33

[email protected]