Ciber
- Og hvem er vi?
Stein-Bjarne
- Studert på HiNT en gang for lenge, lenge siden
- Jobbet med systemutvikling i 18 år
- Jobber som systemutvikler/devops for DIFI på bl.a. ID Porten
- Liker å automatisere og effektivisere og lære nytt
Kyrre
- Master fra Ifi
- Jobbet i tre år, alle år i Ciber
- Jobber med devops hos Oslo Kommune
- Liker seg best i Ubuntu med Python og Ruby
- Faglig fokus
- Java, .NET, SAP, test
- Java og .NET sertifiseringer
- Fagdager og konferanser
- Lønningspølse, julelunsj
- Teamsamling
- Mangekamp, og mange bedriftidrettslag (brettspill, klatring, fotball, squash, ...)
- Skjer noe 4 av 5 ukedager
Docker
- Noen som har hørt om det?
Docker Images
FROM java:openjdk-8-jdk-alpine
COPY maven /maven/
ENTRYPOINT ["java","-jar","/maven/kontaktregister.jar"]
FROM alpine:3.4
USER root
RUN mkdir -p /deployments
# JAVA_APP_DIR is used by run-java.sh for finding the binaries
ENV JAVA_APP_DIR=/deployments
# /dev/urandom is used as random source, which is prefectly safe
# according to http://www.2uo.de/myths-about-urandom/
RUN echo "http://dl-4.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
&& apk add --update \
curl \
openjdk8-jre-base \
&& rm -rf /var/cache/apk/ \
&& echo "securerandom.source=file:/dev/urandom" >> /usr/lib/jvm/default-jvm/jre/lib/security/java.security
# Agent bond including Jolokia and jmx_exporter
ADD agent-bond-opts /opt/run-java-options
RUN mkdir -p /opt/agent-bond \
&& curl http://central.maven.org/maven2/io/fabric8/agent-bond-agent/0.1.4/agent-bond-agent-0.1.4.jar \
-o /opt/agent-bond/agent-bond.jar \
&& chmod 444 /opt/agent-bond/agent-bond.jar \
&& chmod 755 /opt/run-java-options
ADD jmx_exporter_config.yml /opt/agent-bond/
EXPOSE 8778 9779
# Add run script as /deployments/run-java.sh and make it executable
COPY run-java.sh debug-options container-limits java-default-options /deployments/
RUN chmod 755 /deployments/run-java.sh /deployments/java-default-options /deployments/container-limits /deployments/debug-options
CMD [ "/deployments/run-java.sh" ]$ sudo docker build .
Sending build context to Docker daemon 3.072 kB
Step 1 : FROM java:openjdk-8-jdk-alpine
openjdk-8-jdk-alpine: Pulling from library/java
3690ec4760f9: Already exists
cfdb77eb56b4: Pull complete
0d438913956e: Pull complete
Digest: sha256:63eb1c79f609dbaa2c587ba3eb772e8e453229ce91fffc378725ca16435348e9
Status: Downloaded newer image for java:openjdk-8-jdk-alpine
---> f23144173f4f
Step 2 : COPY maven /maven/
---> 40d1f13c325e
Removing intermediate container 0f9ab0ab158d
Step 3 : ENTRYPOINT java -jar /maven/kontaktregister.jar
---> Running in 079de001d0aa
---> 0ba9ba7944dc
Removing intermediate container 079de001d0aa
Successfully built 0ba9ba7944dc$ sudo docker build .
Sending build context to Docker daemon 3.072 kB
Step 1 : FROM java:openjdk-8-jdk-alpine
---> f23144173f4f
Step 2 : COPY maven /maven/
---> Using cache
---> 40d1f13c325e
Step 3 : ENTRYPOINT java -jar /maven/kontaktregister.jar
---> Using cache
---> 0ba9ba7944dc
Successfully built 0ba9ba7944dc
Docker
vs
Virtual Machine
Docker i produksjon
Docker hos Oslo Kommune
- Overvåking ved hjelp av Kibana og Grafana
- Hjemmesnekrete verktøy
- Utfordring med gammel Docker
- Problemer med nettverket
Docker hos Difi
- Jenkins for automatisk bygg og testing av brancher og push til repository/registry
- Nexus
- Egenutviklede applikasjoner
- Statistikkmotor
- SAML metadata-validator
- Ingest-api for statistikk
- Kontaktregister for overføring av statistikk
How to!
DEMO
(In case of emergency, next slide)
Dockerfile
FROM alpine:3.4
RUN apk update
# nginx
RUN apk add nginx
RUN mkdir -p /run/nginx
# start up
ENTRYPOINT nginx -g 'daemon off;'
Bygg
$ sudo docker build --tag nginx .
Sending build context to Docker daemon 5.12 kB
Step 1 : FROM alpine:3.4
---> baa5d63471ea
Step 2 : RUN apk update
---> Using cache
---> 2e5619c9caa7
Step 3 : RUN apk add nginx
---> Using cache
---> 95a4848b546b
Step 4 : RUN mkdir -p /run/nginx
---> Using cache
---> ccd52cd2286b
Step 5 : ENTRYPOINT nginx -g 'daemon off;'
---> Running in 79399fc4d9ce
---> b88fed45c51a
Removing intermediate container 79399fc4d9ce
Successfully built b88fed45c51aRun
$ sudo docker run --detach --name nginx-demo nginx
8b7edd53dba5e178d92365243c9a1f44ade31af0fa1afb23a608533195b57409
PS og curl
$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8b7edd53dba5 nginx "/bin/sh -c 'nginx -g" 4 seconds ago Up 4 seconds nginx-demo
# Vi trenger IP for å curl
$ sudo docker inspect --format '{{ .NetworkSettings.IPAddress }}' nginx-demo
172.17.0.3
$ curl 172.17.0.3
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
logs
$ sudo docker logs nginx-demo
# Doh, eksempelet logger jo ikke noe...
exec
$ sudo docker exec --interactive --tty nginx-demo sh
/ #
/ # cat /var/log/nginx/access.log
172.17.0.1 - - [08/Nov/2016:21:23:00 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
exec
# la oss kjøre opp noe som logger
$ sudo docker run --tty nginx-2 --name nginx-demo-2
172.17.0.1 - - [08/Nov/2016:21:40:20 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:21 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:22 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:23 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
# ny terminal
$ sudo docker logs nginx-demo-2
172.17.0.1 - - [08/Nov/2016:21:40:20 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:21 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:22 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"
172.17.0.1 - - [08/Nov/2016:21:40:23 +0000] "GET / HTTP/1.1" 200 612 "-" "curl/7.47.0"$ sudo docker build .
Sending build context to Docker daemon 7.196 MB
Step 1 : FROM alpine:3.4
---> baa5d63471ea
Step 2 : RUN apk update
---> Using cache
---> 2e5619c9caa7
Step 3 : RUN apk add ca-certificates
---> Using cache
---> 31eedc255297
Step 4 : RUN apk add ruby
---> Using cache
---> ab8cf7b8d9f9
Step 5 : RUN gem install rack --no-document --no-rdoc
---> Using cache
---> 0cbe6db17faf
Step 6 : ADD config.ru /root/config.ru
---> Using cache
---> 443da6d9526b
Step 7 : ADD startup.sh /usr/local/bin/startup
---> Using cache
---> be999ab502b0
Step 8 : WORKDIR /root
---> Using cache
---> dfb6548cf26a
Step 9 : ENTRYPOINT 'rackup'
---> Using cache
---> 4efd89fef370
Successfully built 4efd89fef370
litt mer avansert
# Check Ruby version
$ sudo docker run --rm --interactive --tty ab8cf7b8d9f9 sh
/ # ruby --version
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux-musl]
How to!
- The next step
lage tar og scp
$ sudo docker save -o nginx.tar nginx
$ ll -h
-rw-rw---- 1 kyrremann kyrremann 6,9M nov. 8 22:42 nginx.tar
$ scp nginx.tar user@server:/root/docker/
# opplasting...
$ ssh user@server
/ $ user@server /root:
/ $ user@server /root: cd docker
/ $ user@server /root/docker: sudo docker load -i nginx.tar
Loaded image: nginx:latest
/ $ user@server /root/docker: sudo docker run --detach --name nginx-demo nginx
$ curl https://www.fakeserver.com/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
Push til Docker Hub
- Dockerhub er gratis, kan ha ett privat repository
- Må autentisere før push
- Kan gi tillatelse til andre å pushe
- Prosjektdeltagere
- Byggservere
- Images er klart til bruk med en gang etter upload
Fabric8
- fabric8 har modul/plugin til maven hvor docker er integrert i prosjektet
- Kan settes opp til maven goals
- Genererer Dockerfile og .tar
- Genererer docker images og legger det lokalt på maskinen
- Docker-bygget kan kjøres i en kontainer etter bygg
- Imaget kan pushes til Dockerhub direkte etter bygg
<configuration>
<images>
<image>
<build>
<from>java:openjdk-8-jdk-alpine</from>
<entryPoint>
<exec>
<arg>java</arg>
<arg>-jar</arg>
<arg>/maven/tzentech/demo-kontaktregister</arg>
</exec>
</entryPoint>
</build>
<name>${difi.docker.registry}/${project.artifactId}:${project.version}</name>
<run>
<ports>
<port>9000:9000</port>
</ports>
</run>
</image>
</images>
</configuration>DEMO
Docker hjemme
- Hvordan kan docker hjelpe deg?
Teste
- Egne prosjekter
- Teste andres software
- OS
- Databaser
- Farlige ting
Hvorfor
- Enkelt å rydde opp - bare å slette en container.
- Container kan sammenlignes med å kjøre i en sandbox. Farlige ting slipper ikke ut.
FROM alpine:3.4
RUN mkdir -p /var/lib/postgresql/data \
&& chown -R postgres:postgres /var/lib/postgresql/data
VOLUME /var/lib/postgresql/data
ENTRYPOINT ["/bin/echo", "Data-only container"]
sudo docker build --tag data-container .
sudo docker run -d --name data data-container
sudo docker run --volumes-from data --name postgres -e POSTGRES_PASSWORD=db_password -e POSTGRES_USER=db_user -e POSTGRES_DB=db_name -d kiasaki/alpine-postgres
PostgreSQL DB
Det var alt
- noen spørsmål?
Docker in practise
By Kyrre Havik
Docker in practise
En presentasjon om Docker, og hvordan Ciber Norge AS bruker det
