Snakes on a Ship

What docker containers can do for the Python developer

Let's start filling your head!

(Short) History

  • A bunch of .go files, released 2013-01-19 on github
  • A global OSS community and enterprise SaaS/PaaS hype since summer 2014
  • IANA-assigned ports 2375 and 2376 in 2014
  • Supported by every modern Linux distro
  • Supported by lots of $money from major tech investors

What does Docker do?

Vs

OS vs. Process Virtualization

Inside a Container

  • Run multiple Linux distros in the same Kernel space
    on your docker host system, meaning:
    • Low memory consumption
    • Quick startup time for new container instances
    • Production and development environments can be exactly the same (finally!)
  • Every container is based on an immutable filesystem image and the changes needed to run your app get stacked and isolated on top of this base image using aufs
  • Your application lives in a single container, based on an image
  • Your application's dependencies like DBs and stuff run in other containers. They are interlinked at runtime with --link
  • Every part of the stack is cached on the docker host to make starting, stopping and building containers fast

Some Dockerspeak

  • What is an image?
    • A portable blueprint for your container
      based on a single textfile called Dockerfile
  • What is a container?
    • A running Linux server based on an image which is
      usually executing a single application in a small
      pidspace and may be interlinked with other containers
  • What is a volume?
    • Space on disk which gets mounted to one or multiple containers during their runtime for data persistence
  • What is a Docker registry?
    • Github for Dockerfiles
  • What is Github?

Mindset

  • Don't think of virtualization, think of running processes
  • Containers are tiny and should only run one process
  • Software in containers shouldn't be updated at runtime but replaced by a new version (=immutable deployments)
  • Containers are isolated from each other by default
  • Build complex stacks by interlinking containers
  • Data is stored outside the container on the Docker host
  • Containers can be exported and imported as tarfiles. With docker, you just deal with files, not with disk images
    • docker cp jenkins_container:/var/jenkins_home - \
      >./jenkins_home.tar.gz

Lets run...

Python 2 and 3

$> docker run -i -t python:2
$> docker run -i -t python:3

Note:

  1. We just instantiated a Docker container on our remote Docker host based on an Docker image for Python
  2. Our local `docker` client attached an interactive pseudo-TTY for in and output
  3. Strg+c kills the container

Start a module

$> docker run -it -p 8888:8888 \ python:3 python -m http.server 8888
$> curl -i <server>:8888
  1. We just instantiated a Docker container on our remote Docker host based on an Docker image for Python
  2. Our local `docker` client attached an interactive pseudo-TTY for in and output
  3. We overwrite the default CMD with our own command

A bit of introspection

$> docker info

$> docker stats
$> docker run -it -d --name utnubu ubuntu
$> docker inspect utnubu | jq '.'
$> docker exec -it utnubu /bin/bash
$> # ps, top, uname -a, apt-get, what you want
  1. We just instantiated a Docker container on our remote Docker host based on an Docker image for Ubuntu
  2. We check some information about the container

Lets dockerize a flask web app

using a little Dockerfile to build our own image

Our application

from flask import Flask


app = Flask(__name__)

 

@app.route("/")
def hello():
    return "Hello World!"

 

if __name__ == "__main__":
    app.run(host='0.0.0.0', port=5000)

./Dockerfile

FROM python:3

ADD ./app.py app.py

RUN pip install flask
EXPOSE 5000
CMD ["python", "app.py"]

We now have:

​ /tmp/flaskapp $> tree
.
├── Dockerfile
└── app.py

Build, check & run
our new container

$> docker build -t demoapp .
$> docker images
$> docker run -d -p 8888:5000 demoapp
$> docker ps
$> open http://$(docker-machine ip):8888/

The good

  • User friendly & lightweight

  • Solves the dependency hell

  • Reusability by design

  • Client/server RESTful communication API

  • Promotes github-like community and collaboration through a public registry (or your private registry)

  • Data in- and output is
    (tar-)file based

  • Massive, growing ecosystem

The bad (IMHO)

  • Dockerfiles feel restrictive and dowdy compared to ansible playbooks for example

    • ​Then again: Integration in Ansible is great!

  • No orchestration built in, this has been solved by docker swarm

  • The Docker volumes are an afterthought, not a first class citizen, this has been addressed by the `docker volume` subcommand

  • Security (more room for privilege-escalation and human error)

Snakes on a Ship

By Stefan Antoni

Made with Slides.com

Snakes on a Ship

An introduction to Docker from the perspective of a Python developer.

  • 2,602

More from Stefan Antoni