What is Docker

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. 

Docker

Virtual Machines

Each virtualized application includes not only the application - which may be only 10s of MB - and the necessary binaries and libraries, but also an entire guest operating system - which may weigh 10s of GB.

The Docker Engine container comprises just the application and its dependencies. It runs as an isolated process in userspace on the host operating system, sharing the kernel with other containers. Thus, it enjoys the resource isolation and allocation benefits of VMs but is much more portable and efficient.

Docker - how it works?

• Written in go
• Based on Linux containers (LXC) replaced with libcontainer​
• Control groups (cgroups)
  • ​limits, accounts for and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes.
• Kernel namespaces
• Layered filesystem
  • ​btrfs
  • devmapper thin provisioning & loopback mounts​
• Minimal overhead (cpu/io/network)
• Uses a copy-on-write filesystem to track changes

Docker Applications

• docker-registry
• libcontainer           (github.com/docker/libcontainer)
• Fig                           (github.com/docker/fig)
   
• Machine                  (github.com/docker/machine)
• Swarm                    (github.com/docker/swarm)
• Compose               (slideshare.net/Docker/compose-breakout-aanand-prasad)                                                                            multi-container apps

Docker Registry

Text

http://osv.io/blog/blog/2014/06/19/containers-hypervisors-part-2/

Docker Registry - Push

sudo docker login -u xxx -p xxx https://docker.photobox.com:443
sudo docker build -t photobox/service-members  .;
sudo docker tag photobox/service-members docker.photobox.com:443/photobox/service-members
sudo docker push docker.photobox.com:443/photobox/service-members

Docker Registry - Pull

sudo docker pull docker.photobox.com:443/photobox/service-members
sudo docker run -it --rm service-members

Fig - Orchestration for a single server

db:
  image: orchardup/postgresql
  ports:
    - 5432
web:
  build: .
  command: bundle exec rackup -p 3000
  volumes:
    - .:/myapp
  ports:
    - 3000:3000
  links:
    - db

Fig - Orchestration for a single server

Dockerfile

# Pull base image.

FROM dockerfile/nodejs

# Install Bower & Grunt

RUN npm install -g bower grunt-cli
ADD package.json /tmp/package.json

RUN cd /tmp && npm install

RUN mkdir -p /opt/app && cp -a /tmp/node_modules /opt/app/

WORKDIR /opt/app

ADD . /opt/app

EXPOSE 3000

CMD ["node", "server.js"]

Docker Flow

(http://blog.octo.com/en/docker-registry-first-steps/)

Docker links

• docker run -name first -p 5432 -d <container hash>
  

• docker run -name second -link first:db <hash>

• Enviroment variables will be exposed in the container

• Limitation is that linking is static: you cannot change the associations links provide without destroying (at least one) container

Ambassador Pattern

(https://docs.docker.com/articles/ambassador_pattern_linking/)

Docker in production?

Docker ecosystem

Core OS

• coreos
• fleet (https://github.com/coreos/fleet)
• etcd (https://github.com/coreos/etcd)
• coreos-cloudinit (https://github.com/coreos/coreos-cloudinit)

Etcd

 A highly-available key value store for shared configuration and service discovery. Etcd gracefully handles master election during network partitions and the loss of the current master.

Raft: https://speakerdeck.com/benbjohnson/raft-the-understandable-distributed-consensus-protocol

Logs replicated to each follower in the cluster.

Fleet - coreos as a cluster

Holds a lease on etcd

Fleet - Single Unit

Fleet - High Availability Service

Cloudinit - coreos

#cloud-config

coreos:
  etcd:
    discovery: https://discovery.etcd.io/aac54adeea788d0aa2a9c529f0856c43
    addr: $private_ipv4:4001
    peer-addr: $private_ipv4:7001
  units:
    - name: etcd.service
      command: start
    - name: fleet.service
      command: start
    - name: host.service
      command: start
      runtime: no
      content: |
        [Unit]
        Description=Host announcer
        After=etcd.service
        Requires=etcd.service
        [Service]
        Environment=COREOS_PRIVATE_IPV4=$private_ipv4
        ExecStart=/bin/bash -c "while true; do echo setting host %b to $COREOS_PRIVATE_IPV4; etcdctl set /hosts/%m $COREOS_PRIVATE_IPV4 --ttl 60; sleep 45; done"
        ExecStop=/usr/bin/etcdctl rm /hosts/%m
        [X-Fleet]
        X-Conflicts=host.service