Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Docker @ OMsignal

No description
by

Henri Bouvier

on 11 March 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Docker @ OMsignal

Smaller memory footprint
Faster startup time
Immutable Images
Linking container between hosts
"hijacking"
network
traffic
Ambassador (socat)
openvswitch
modify your code to use a distributed
K/V store
etcd
zookeeper
registrator
discoverd
(now part of flynn)
template engine
confd
DNS
skydock
References & resources
http://domino.research.ibm.com/library/cyberdig.nsf/papers/0929052195DD819C85257D2300681E7B/$File/rc25482.pdf
http://www.nkode.io/2014/08/24/valuable-docker-links.html
https://github.com/gliderlabs/registrator
https://github.com/crosbymichael/skydock
https://github.com/flynn-archive/discoverd
https://flynn.io/docs
https://github.com/kelseyhightower/confd
http://mesos.apache.org
http://kubernetes.io
https://www.consul.io
https://coreos.com
http://deis.io/deis-0-9-0-dockerfiles-domains-and-ha-routing/
https://docs.docker.com/articles/ambassador_pattern_linking/
http://stage1.io/blog/making-docker-containers-communicate/
https://blog.docker.com/2013/11/introducing-trusted-builds/
http://www.techbar.me/writing-dockerfile/
http://forty9ten.com/post/74408475976/docker-service-discovery
https://github.com/steeve/boot2docker
http://tonyhb.com/unsuck-your-vagrant-developing-in-one-vm-with-vagrant-and-docker
http://jipiboily.com/2014/from-zero-to-fully-working-ci-server-in-less-than-10-minutes-with-drone-docker/
http://phusion.github.io/baseimage-docker/
http://www.activestate.com/blog/2014/01/deploying-your-own-private-docker-registry
http://www.siliconfidential.com/articles/dns-service-discovery-docker/
https://serversforhackers.com/articles/2014/03/20/getting-started-with-docker/
http://mmckeen.net/blog/2013/12/27/advanced-docker-provisioning-with-packer/
http://www.linuxjournal.com/content/docker-lightweight-linux-containers-consistent-development-and-deployment
http://goldmann.pl/blog/2014/01/21/connecting-docker-containers-on-multiple-hosts/
http://wiredcraft.com/posts/2014/07/30/dns-and-docker-containers.html
https://docs.docker.com/articles/dockerfile_best-practices/
http://sysadvent.blogspot.ca/2014/12/day-1-docker-in-production-reality-not.html
http://blog.takipi.com/ignore-the-hype-5-docker-misconceptions-java-developers-should-consider/
http://iops.io/blog/docker-hype/
http://zeroturnaround.com/rebellabs/docker-for-java-developers-how-to-sandbox-your-app-in-a-clean-environment/
http://blog.iron.io/2015/01/the-ephemeral-life-of-dockerized.html
A journey to production...
Docker
DB_PORT_27017_TCP_PORT: 3000
DB_PORT_27017_TCP_ADDR: 172.17.0.2
Backend container
driver.connection(
)
Database container
port: 27017
$ docker start --name backend -p 80:8080
--link database:db
backend
$ docker start --name database -p 3000:27017 mongodb
AMI
.vbox
Kickstart
"Process(es)"
isolation through
chroot
namespaces
cgroups
UnionFS
What is Docker
VM vs Docker
Each container
is just a process
Many identical processes
# Base image (composition)
FROM
ubuntu:trusty
RUN
apt-get update -y
# Define directory to be mountable on the docker host.
VOLUME
[ "/var/lib/mongodb/data", "/var/log/mongodb" ]
Dockerfile
# Install MongoDB
RUN
apt-get install -y mongodb-10gen
# Startup command (e.g. no initd, upstart nor systemd)
CMD
/usr/bin/mongod --dbpath=/var/lib/mongodb/data

# The only exposed TCP port on the docker host
EXPOSE
27017
s"${DB_PORT_27017_TCP_ADDR}:" +
s"${DB_PORT_27017_TCP_PORT}"
$ docker build --tag=mongodb .
http://www.omsignal.com/pages/careers
Private
Registry
Jenkin
github
Developer
pull
git push
trigger build
tag container

push container
deploy
1
2
3
4
5
pull
6
serf
coreOS
*
deis
consul
kubernetes
mesosphere
docker swarm
and many more...
Orchestration
service configuration
name: app
hostname: app
image: omsignal/rest-service
env:
- "PRODUCTION=yes"
volumes: [ {
container_path: "/var/log/app",
mount_point: "/media/volume/app001",
volume_id: "vol-ab123fe3",
media_type: "magnetic",
size: 128
}]
ports : [
{
port : 8080
proto : "tcp",
public_port : 80,
routes : {
https : [
{
location : "^~ /app",
}
]
}
}
]


Key takeaways
Docker alone may not be enough
Optimize the docker hosts as you would a VM
Use --volume to write outside of the containers
One container, one responsibility
dependencies:
- database
Custom deployment tool
What is available
Continuous Improvement
Quick Survey
Who has tried Docker?

Who uses Docker for real?
Before we start
"With great technologies come great problems."
swarm
. . .
Jenkin
Constraints
We started early 2014
Docker 1.0 not released yet.
Docker-related products are not mature either.
We doubted the overall performance of Docker
Non intrusive
Same "deployment process" for dev and prod
Our Pre-launch date was June 2014
category: web
start these before
rule engine uses this
to find suitable host
used to write nginx rule
attach external volume
to host
inject environment
variables
create DNS rule
compile and package
From the
Docker host
What a container looks
like from the Docker host
What it looks like from the inside of the container
PXE server
dnsmasq
10.0.0.3
10.0.0.4
10.0.0.5
omfleet
start container
run system-checks
update DNS
update nginx https routes
dnsmasq
10.0.0.3
10.0.0.4
database
event queue
driver.connection
s"${DB_PORT_27017_TCP_ADDR}"
10.0.0.5
backend
)
$ docker start --name backend -d -e DB_PORT_27017_TCP_ADDR=database -p 80:8080 backend
(
K.I.S.S
*
*
* used in integration
* not available at the time
create / attach volume
format (btrfs)
mount
(1)
(2)
(3)
(4)
~80 processes (tinycore)
~2 processes (mongodb)
Host network
Container network
Network isolation
Host file system
Container file system
Container OS version
Host OS version
OS isolation
File system isolation
Docker ecosystem
push
pull
Process isolation
immutable
mutable
*
--link
--link
???
Docker hosts don't know about each others
$ ssh docker@db-host.omsignal.com
# docker start --name database -p 3000:27017 mongodb
# exit
$ ssh docker@app-host.omsignal.com
# docker start --name backend -p 80:8080 backend
# exit
$
Now imagine you have to start multiple services
on multiple docker hosts
omfleet
(1) Create VPC

(2) Auto-Scaling groups

(3) Start Specialized docker
instances (db, web, processing)
OMsignal fleet
~

[
omfleet unit list --omland production
~

[
omfleet build all
OMsignal dev/op cycle
~

[
omfleet unit start all
~

[
omfleet unit stop all
About me
*
If you are curious about docker performance, read IBM evalution of docker (first reference at the end)
Docker 201 - Production
Docker 101 - Introduction
Send network traffic to container
Full transcript