Ciber

- Og hvem er vi?

Stein-Bjarne

  • Studert på HiNT en gang for lenge, lenge siden
  • Jobbet med systemutvikling i 18 år
  • Jobber som systemutvikler/devops for DIFI på bl.a. ID Porten
  • Liker å automatisere og effektivisere og lære nytt

Kyrre

  • Master fra Ifi
  • Jobbet i tre år, alle år i Ciber
  • Jobber med devops hos Oslo Kommune
  • Liker seg best i Ubuntu med Python og Ruby
  • Faglig fokus
  • Java, .NET, SAP, test
  • Java og .NET sertifiseringer
  • Fagdager og konferanser
  • Lønningspølse, julelunsj
  • Teamsamling
  • Mangekamp, og mange bedriftidrettslag (brettspill, klatring, fotball, squash, ...)
  • Skjer noe 4 av 5 ukedager

Docker

- Noen som har hørt om det?

Docker Images

FROM java:openjdk-8-jdk-alpine

COPY maven /maven/

ENTRYPOINT ["java","-jar","/maven/kontaktregister.jar"]
FROM alpine:3.4

USER root

RUN mkdir -p /deployments

# JAVA_APP_DIR is used by run-java.sh for finding the binaries
ENV JAVA_APP_DIR=/deployments


# /dev/urandom is used as random source, which is prefectly safe
# according to http://www.2uo.de/myths-about-urandom/
RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
 && apk add --update \
    curl \
    openjdk8-jre-base \
 && rm -rf /var/cache/apk/ \
 && echo "securerandom.source=file:/dev/urandom" >> /usr/lib/jvm/default-jvm/jre/lib/security/java.security

# Agent bond including Jolokia and jmx_exporter
ADD agent-bond-opts /opt/run-java-options
RUN mkdir -p /opt/agent-bond \
 && curl http://central.maven.org/maven2/io/fabric8/agent-bond-agent/0.1.4/agent-bond-agent-0.1.4.jar \
          -o /opt/agent-bond/agent-bond.jar \
 && chmod 444 /opt/agent-bond/agent-bond.jar \
 && chmod 755 /opt/run-java-options
ADD jmx_exporter_config.yml /opt/agent-bond/
EXPOSE 8778 9779

# Add run script as /deployments/run-java.sh and make it executable
COPY run-java.sh debug-options container-limits java-default-options /deployments/
RUN chmod 755 /deployments/run-java.sh /deployments/java-default-options /deployments/container-limits /deployments/debug-options




CMD [ "/deployments/run-java.sh" ]
$ sudo docker build .
Sending build context to Docker daemon 3.072 kB
Step 1 : FROM java:openjdk-8-jdk-alpine
openjdk-8-jdk-alpine: Pulling from library/java

3690ec4760f9: Already exists 
cfdb77eb56b4: Pull complete 
0d438913956e: Pull complete 
Digest: sha256:63eb1c79f609dbaa2c587ba3eb772e8e453229ce91fffc378725ca16435348e9
Status: Downloaded newer image for java:openjdk-8-jdk-alpine
 ---> f23144173f4f
Step 2 : COPY maven /maven/
 ---> 40d1f13c325e
Removing intermediate container 0f9ab0ab158d
Step 3 : ENTRYPOINT java -jar /maven/kontaktregister.jar
 ---> Running in 079de001d0aa
 ---> 0ba9ba7944dc
Removing intermediate container 079de001d0aa
Successfully built 0ba9ba7944dc
$ sudo docker build .
Sending build context to Docker daemon 3.072 kB
Step 1 : FROM java:openjdk-8-jdk-alpine
 ---> f23144173f4f
Step 2 : COPY maven /maven/
 ---> Using cache
 ---> 40d1f13c325e
Step 3 : ENTRYPOINT java -jar /maven/kontaktregister.jar
 ---> Using cache
 ---> 0ba9ba7944dc
Successfully built 0ba9ba7944dc

Docker

vs

Virtual Machine

Docker i produksjon

Docker hos Oslo Kommune

  • Overvåking ved hjelp av Kibana og Grafana
  • Hjemmesnekrete verktøy
  • Utfordring med gammel Docker
  • Problemer med nettverket

Docker hos Difi

  • Jenkins for automatisk bygg og testing av brancher og push til repository/registry
  • Nexus 
  • Egenutviklede applikasjoner
    • Statistikkmotor
    • SAML metadata-validator
    • Ingest-api for statistikk
    • Kontaktregister for overføring av statistikk

How to!

DEMO

(In case of emergency, next slide)

Dockerfile

FROM alpine:3.4

RUN apk update

# nginx
RUN apk add nginx
RUN mkdir -p /run/nginx

# start up
ENTRYPOINT nginx -g 'daemon off;'

Bygg

$ sudo docker build --tag nginx .
Sending build context to Docker daemon  5.12 kB
Step 1 : FROM alpine:3.4
 ---> baa5d63471ea
Step 2 : RUN apk update
 ---> Using cache
 ---> 2e5619c9caa7
Step 3 : RUN apk add nginx
 ---> Using cache
 ---> 95a4848b546b
Step 4 : RUN mkdir -p /run/nginx
 ---> Using cache
 ---> ccd52cd2286b
Step 5 : ENTRYPOINT nginx -g 'daemon off;'
 ---> Running in 79399fc4d9ce
 ---> b88fed45c51a
Removing intermediate container 79399fc4d9ce
Successfully built b88fed45c51a

Run

$ sudo docker run --detach --name nginx-demo nginx
8b7edd53dba5e178d92365243c9a1f44ade31af0fa1afb23a608533195b57409

PS og curl

$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
8b7edd53dba5        nginx               "/bin/sh -c 'nginx -g"   4 seconds ago       Up 4 seconds                            nginx-demo

# Vi trenger IP for å curl
$ sudo docker inspect --format '{{ .NetworkSettings.IPAddress }}' nginx-demo
172.17.0.3

$ curl 172.17.0.3
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

logs

$ sudo docker logs nginx-demo
# Doh, eksempelet logger jo ikke noe...

exec

$ sudo docker exec --interactive --tty nginx-demo sh
/ #
/ # cat /var/log/nginx/access.log 
172.17.0.1 - - [08/Nov/2016:21:23:00 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"

exec

# la oss kjøre opp noe som logger

$ sudo docker run --tty nginx-2 --name nginx-demo-2
172.17.0.1 - - [08/Nov/2016:21:40:20 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:21 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:22 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:23 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"

# ny terminal
$ sudo docker logs nginx-demo-2
172.17.0.1 - - [08/Nov/2016:21:40:20 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:21 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:22 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:23 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
$ sudo docker build .
Sending build context to Docker daemon 7.196 MB
Step 1 : FROM alpine:3.4
 ---> baa5d63471ea
Step 2 : RUN apk update
 ---> Using cache
 ---> 2e5619c9caa7
Step 3 : RUN apk add ca-certificates
 ---> Using cache
 ---> 31eedc255297
Step 4 : RUN apk add ruby
 ---> Using cache
 ---> ab8cf7b8d9f9
Step 5 : RUN gem install rack --no-document --no-rdoc
 ---> Using cache
 ---> 0cbe6db17faf
Step 6 : ADD config.ru /root/config.ru
 ---> Using cache
 ---> 443da6d9526b
Step 7 : ADD startup.sh /usr/local/bin/startup
 ---> Using cache
 ---> be999ab502b0
Step 8 : WORKDIR /root
 ---> Using cache
 ---> dfb6548cf26a
Step 9 : ENTRYPOINT 'rackup'
 ---> Using cache
 ---> 4efd89fef370
Successfully built 4efd89fef370

litt mer avansert

# Check Ruby version
$ sudo docker run --rm --interactive --tty ab8cf7b8d9f9 sh
/ # ruby --version
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux-musl]

How to!

- The next step

lage tar og scp

$ sudo docker save -o nginx.tar nginx

$ ll -h
-rw-rw---- 1 kyrremann kyrremann 6,9M nov.   8 22:42 nginx.tar

$ scp nginx.tar user@server:/root/docker/
# opplasting...

$ ssh user@server
/ $ user@server /root:
/ $ user@server /root: cd docker
/ $ user@server /root/docker: sudo docker load -i nginx.tar
Loaded image: nginx:latest
/ $ user@server /root/docker: sudo docker run --detach --name nginx-demo nginx

$ curl https://www.fakeserver.com/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
 

Push til Docker Hub

  • Dockerhub er gratis, kan ha ett privat repository
  • Må autentisere før push
  • Kan gi tillatelse til andre å pushe
    • Prosjektdeltagere
    • Byggservere
  • Images er klart til bruk med en gang etter upload

Fabric8

  • fabric8 har modul/plugin til maven hvor docker er integrert i prosjektet
  • Kan settes opp til maven goals
  • Genererer Dockerfile og .tar
  • Genererer docker images og legger det lokalt på maskinen
  • Docker-bygget kan kjøres i en kontainer etter bygg
  • Imaget kan pushes til Dockerhub direkte etter bygg
<configuration>
    <images>
        <image>
            <build>
                <from>java:openjdk-8-jdk-alpine</from>
                <entryPoint>
                    <exec>
                        <arg>java</arg>
                        <arg>-jar</arg>
                        <arg>/maven/tzentech/demo-kontaktregister</arg>
                    </exec>
                </entryPoint>
            </build>
            <name>${difi.docker.registry}/${project.artifactId}:${project.version}</name>
            <run>
                <ports>
                    <port>9000:9000</port>
                </ports>
            </run>
        </image>
    </images>
</configuration>

DEMO

Docker hjemme

- Hvordan kan docker hjelpe deg?

Teste

  • Egne prosjekter
  • Teste andres software
  • OS
  • Databaser
  • Farlige ting

Hvorfor

  • Enkelt å rydde opp - bare å slette en container.
  • Container kan sammenlignes med å kjøre i en sandbox. Farlige ting slipper ikke ut.
FROM alpine:3.4

RUN mkdir -p /var/lib/postgresql/data \
    && chown -R postgres:postgres /var/lib/postgresql/data
VOLUME /var/lib/postgresql/data

ENTRYPOINT ["/bin/echo", "Data-only container"]
sudo docker build --tag data-container .

sudo docker run -d --name data data-container

sudo docker run --volumes-from data --name postgres -e POSTGRES_PASSWORD=db_password -e POSTGRES_USER=db_user -e POSTGRES_DB=db_name -d kiasaki/alpine-postgres

PostgreSQL DB

Det var alt

- noen spørsmål?

Docker in practise

By Kyrre Havik

Docker in practise

En presentasjon om Docker, og hvordan Ciber Norge AS bruker det

  • 346