beyond golden containers
play

Beyond Golden Containers Complementing Docker with Puppet David - PowerPoint PPT Presentation

Jul 14, 2023 •138 likes •445 views

Beyond Golden Containers Complementing Docker with Puppet David Lutterkort @lutterkort lutter@puppetlabs.com What's that container doing ? FROM fedora:20 FROM fedora:20 MAINTAINER scollier <scollier@redhat.com> MAINTAINER scollier

  1. Beyond Golden Containers Complementing Docker with Puppet David Lutterkort @lutterkort lutter@puppetlabs.com

  3. What's that container doing ? FROM fedora:20 FROM fedora:20 MAINTAINER scollier <scollier@redhat.com> MAINTAINER scollier <scollier@redhat.com> RUN yum -y update && yum clean all RUN yum -y update && yum clean all RUN yum -y install couchdb && yum clean all RUN yum -y install couchdb && yum clean all RUN sed \ RUN sed \ -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' \ -e 's/^bind_address = .*$/bind_address = 0.0.0.0/' \ -i /etc/couchdb/default.ini -i /etc/couchdb/default.ini ADD local.ini /etc/couchdb/local.ini ADD local.ini /etc/couchdb/local.ini EXPOSE 5984 EXPOSE 5984 CMD ["/bin/sh", "-e", "/usr/bin/couchdb", CMD ["/bin/sh", "-e", "/usr/bin/couchdb", "-a", "/etc/couchdb/default.ini", "-a", "/etc/couchdb/default.ini", "-a", "/etc/couchdb/local.ini", "-a", "/etc/couchdb/local.ini", "-b", "-r", "5", "-R"] "-b", "-r", "5", "-R"]

  4. http://northshorekid.com/event/campfire-stories-marini-farm

  5. http://www.partialhospitalization.com/2010/08/363/

  6. What’s that machine doing ? lang en_US.UTF-8 lang en_US.UTF-8 keyboard us keyboard us … … rootpw --iscrypted $1$uw6MV$m6VtUWPed4SqgoW6fKfTZ/ rootpw --iscrypted $1$uw6MV$m6VtUWPed4SqgoW6fKfTZ/ part / --size 1024 --fstype ext4 --ondisk sda part / --size 1024 --fstype ext4 --ondisk sda repo --name=fedora —mirrorlist=… repo --name=fedora —mirrorlist=… repo --name=updates —mirrorlist=… repo --name=updates —mirrorlist=… %packages %packages @core @core %end %end %post %post curl http://example.com/the-script.pl | /usr/bin/perl curl http://example.com/the-script.pl | /usr/bin/perl

  7. http://www.gcksa.com/en/

  11. Overview • Puppet from 10,000 feet • Managing the host • Building images – without a master ( puppet apply ) – with a master ( puppet agent ) • Runtjme confjguratjon

  12. Dataflow in Puppet

  13. A basic manifest class webserver { class webserver { package { 'httpd': package { 'httpd': ensure => latest ensure => latest } -> } -> file { '/etc/httpd/conf.d/local.conf': file { '/etc/httpd/conf.d/local.conf': ensure => file, ensure => file, mode => 644, mode => 644, source => 'puppet:///modules/httpd/local.conf', source => 'puppet:///modules/httpd/local.conf', } -> } -> service { 'httpd': service { 'httpd': ensure => running, ensure => running, enable => true, enable => true, subscribe => File['/etc/httpd/conf.d/local.conf'], subscribe => File['/etc/httpd/conf.d/local.conf'], } } } }

  14. Override via inheritance class webserver2 inherits webserver { class webserver2 inherits webserver { File['/etc/httpd/conf.d/local.conf'] { File['/etc/httpd/conf.d/local.conf'] { source => 'puppet:///modules/httpd/other-local.conf', source => 'puppet:///modules/httpd/other-local.conf', } } } }

  15. The site-wide manifest node host1.example.com { node host1.example.com { class { 'webserver': } class { 'webserver': } } } node host2.example.com { node host2.example.com { class { 'webserver2': } class { 'webserver2': } } } node host3.example.com { node host3.example.com { class {'mongodb::server': class {'mongodb::server': port => 27018 port => 27018 } } } }

  17. Overview • Puppet from 10,000 feet • Managing the host • Building images – without a master ( puppet apply ) – with a master ( puppet agent ) • Runtjme confjguratjon

  18. Managing the host Gareth Rushgrove’s module: htups://forge.puppetlabs.com/garethr/docker • Install docker • Manage images • Run containers • Version 2.0.0 just released

  19. Setting up Docker class { 'docker': class { 'docker': tcp_bind => 'tcp://127.0.0.1:4243', tcp_bind => 'tcp://127.0.0.1:4243', socket_bind => 'unix:///var/run/docker.sock', socket_bind => 'unix:///var/run/docker.sock', } }

  20. Pulling down images docker::image { 'ubuntu': docker::image { 'ubuntu': image_tag => 'precise' image_tag => 'precise' } }

  21. Running containers docker::run { 'appserver2': docker::run { 'appserver2': image => 'fedora:20', image => 'fedora:20', command => '/usr/sbin/init', command => '/usr/sbin/init', ports => ['80', '443'], ports => ['80', '443'], links => ['mysql:db'], links => ['mysql:db'], use_name => true, use_name => true, volumes => ['/var/lib/couchdb', '/var/log'], volumes => ['/var/lib/couchdb', '/var/log'], volumes_from => 'appserver1', volumes_from => 'appserver1', memory_limit => 10485760, # bytes memory_limit => 10485760, # bytes username => 'appy', username => 'appy', hostname => 'app2.example.com', hostname => 'app2.example.com', env => ['FOO=BAR', 'FOO2=BAR2'], env => ['FOO=BAR', 'FOO2=BAR2'], dns => ['8.8.8.8', ‘8.8.4.4'] dns => ['8.8.8.8', ‘8.8.4.4'] } }

  22. Overview • Puppet from 10,000 feet • Managing the host • Building images – without a master ( puppet apply ) – with a master ( puppet agent ) • Runtjme confjguratjon

  23. Dockerfile for puppet apply FROM fedora:20 FROM fedora:20 MAINTAINER James Turnbull <james@lovedthanlost.net> MAINTAINER James Turnbull <james@lovedthanlost.net> ADD modules /tmp/modules ADD modules /tmp/modules RUN yum -y install puppet; \ RUN yum -y install puppet; \ puppet apply --modulepath=/tmp/modules \ puppet apply --modulepath=/tmp/modules \ -e "class { 'nginx': service_ensure => disable }”; \ -e "class { 'nginx': service_ensure => disable }”; \ rm -rf /tmp/modules rm -rf /tmp/modules EXPOSE 80 EXPOSE 80 CMD ["nginx"] CMD ["nginx"]

  24. Dockerfile for puppet agent FROM fedora:20 FROM fedora:20 MAINTAINER David Lutterkort <lutter@watzmann.net> MAINTAINER David Lutterkort <lutter@watzmann.net> ADD puppet /tmp/puppet-docker ADD puppet /tmp/puppet-docker RUN yum -y install puppet; \ RUN yum -y install puppet; \ /tmp/puppet-docker/bin/puppet-docker /tmp/puppet-docker/bin/puppet-docker

  25. Support files > tree puppet > tree puppet puppet/ puppet/ ├── bin ├── bin │ └── puppet-docker │ └── puppet-docker ├── config.yaml ├── config.yaml └── ssl └── ssl ├── agent-cert.pem ├── agent-cert.pem ├── agent-private.pem ├── agent-private.pem ├── agent-public.pem ├── agent-public.pem └── ca.pem └── ca.pem

  26. Configure agent run > cat puppet/config.yaml > cat puppet/config.yaml --- --- certname: docker.example.com certname: docker.example.com server: puppet-master.example.com server: puppet-master.example.com facts: facts: container: docker container: docker build: true build: true

  27. Dockerfile for puppet agent FROM fedora:20 FROM fedora:20 MAINTAINER David Lutterkort <lutter@watzmann.net> MAINTAINER David Lutterkort <lutter@watzmann.net> ADD puppet /tmp/puppet-docker ADD puppet /tmp/puppet-docker RUN yum -y install puppet; \ RUN yum -y install puppet; \ /tmp/puppet-docker/bin/puppet-docker /tmp/puppet-docker/bin/puppet-docker

  28. Overview • Puppet from 10,000 feet • Managing the host • Building images – without a master ( puppet apply ) – with a master ( puppet agent ) • Runtjme confjguratjon

  29. Runtime configuration • Oneshot at container launch • Install an init system (systemd) – run cron or puppetd – run target service(s) • Possibly move to one agent per host

  30. Summary • Manage container hosts with htups://forge.puppetlabs.com/garethr/docker • Sample materials for puppet agent etc. at htups://github.com/lutuer/puppet-docker Questjons ?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are not going to be the answer to preventing your application from being compromised, but they can limit the damage from a compromise. How do

823 views • 25 slides
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are

508 views • 38 slides
Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega @jmortegac Agenda Introduction to containers security Linux Containers(LXC) Docker Security Security pipeline &amp;&amp; Container

807 views • 57 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at BlaBlaCar pgDay Paris, Mar 15, 2018 BlaBlaCar Overview Todays agenda PostgreSQL usage at BlaBlaCar Switching to a new implementation

844 views • 40 slides
A Golden Investment Opportunity 1 Golden Eagle Mining An Overview Golden Eagle

A Golden Investment Opportunity 1 Golden Eagle Mining An Overview Golden Eagle

Main document title here 08 March 2011 A Golden Investment Opportunity 1 Golden Eagle Mining An Overview Golden Eagle Mining (GEM) is a mineral exploration and development company with a primary focus on gold, in proven

573 views • 15 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change An Approach Required Software Processes Cultural Changes Additional Concerns Lessons Learned Why This Talk? Containers are

678 views • 49 slides
SEVEN GOLDEN RULES 2 Semana de la CONSTRUCCIN SEVEN GOLDEN RULES Leadership COMMITMENT

SEVEN GOLDEN RULES 2 Semana de la CONSTRUCCIN SEVEN GOLDEN RULES Leadership COMMITMENT

VISION ZERO 7 Golden Rules Cristin Moraga Torres Vice President - ISSA Mining Gerente General CEO Mutual de Seguridad CChC - Chile 1 Visin Zero. Las 7 reglas de oro Agregamos valor, protegiendo a las personas. SEVEN GOLDEN RULES 2

193 views • 16 slides
Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs Google Wisdom: VMs and Containers are similar but different Try running containers in VMs for security Containers are best for scale-out

314 views • 17 slides
Press &amp; Analyst Conference July 1 , 2 0 1 1 Acquisition of Golden Foods/ Golden Brands

Press &amp; Analyst Conference July 1 , 2 0 1 1 Acquisition of Golden Foods/ Golden Brands

Arne Frank CEO Anders Bystrm CFO Fredrik Nilsson Head of IR Press &amp; Analyst Conference July 1 , 2 0 1 1 Acquisition of Golden Foods/ Golden Brands Todays agenda AAK Acceleration and AAK US Acquisition of Golden Foods/ Golden

166 views • 13 slides
our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can make us way more efficient containers can save us money on hosting containers sound interesting company founded in 2013

848 views • 30 slides
October 2 - Golden Gate Park on the National Stage Golden Gate Park in the news. Uninvited Guests

October 2 - Golden Gate Park on the National Stage Golden Gate Park in the news. Uninvited Guests

t o r y o f A H i s Golden Gate Park Fromm Institute - Fall 2019 - John Freeman October 2 - Golden Gate Park on the National Stage Golden Gate Park in the news. Uninvited Guests at Golden Gate Park Wedding Photo Shoot! Ferries

862 views • 21 slides
The proposed containers are &quot;Flat-pack&quot; type. Disassembled and reduced as

The proposed containers are &quot;Flat-pack&quot; type. Disassembled and reduced as

CON-IMEX CONTAINERS 2009 AKAR Logistics 70 Beecham Court Owings Mills, MD 21117 USA Sophia Akar Tel: + 410-961-7232 / + 410-961-0327 Fax: + 410-356-8267 sophia@akarlogistics.com 1 / 20 GENERAL The proposed containers are

313 views • 20 slides
Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk Introductions David Porter Fairport Containers Director Steve Collinson Managing Director Fairport Containers Ltd Tam Unsworth Recycling Banks

552 views • 28 slides
Welcome Quibbletown Golden Knights A guide to understanding the responsibilities of the Golden

Welcome Quibbletown Golden Knights A guide to understanding the responsibilities of the Golden

Welcome Quibbletown Golden Knights A guide to understanding the responsibilities of the Golden Knights. Who are the Golden Knights Our brand new school mascotchosen by all of you! A school community centered on some core values and

334 views • 8 slides
Physics @ LHC (Physics @ TeV) Status of LHC/ATLAS/CMS and Physics explored at LHC

Physics @ LHC (Physics @ TeV) Status of LHC/ATLAS/CMS and Physics explored at LHC

Physics @ LHC (Physics @ TeV) Status of LHC/ATLAS/CMS and Physics explored at LHC Fundamentalist of High Energy Physics (U. Tokyo) [0] Introduction: Most important/urgent topics in Particle Physics are: (1) Understanding of the origin

800 views • 62 slides
Decision Tree R Greiner Cmput 466 / 551 Learning Decision Trees Def'n: Decision Trees

Decision Tree R Greiner Cmput 466 / 551 Learning Decision Trees Def'n: Decision Trees

HTF: 9.2 B: 14.4 R N , C h a p t e r 1 8 1 8 . 3 Decision Tree R Greiner Cmput 466 / 551 Learning Decision Trees Def'n: Decision Trees Algorithm for Learning Decision Trees Entropy, Inductive Bias (Occam's

1.43k views • 87 slides
Grav ravitatio itational W al Wav aves es in in th the L e LIG IGO - - VIR IRGO era

Grav ravitatio itational W al Wav aves es in in th the L e LIG IGO - - VIR IRGO era

Grav ravitatio itational W al Wav aves es in in th the L e LIG IGO - - VIR IRGO era era or listening to the symphony of the Universe L.Milano Department of Physical Sciences University of Federico II Naples &amp; INFN Napoli

650 views • 42 slides
ASPECTS OF CLASSICAL DYNAMICS IN HOLOGRAPHIC MATRIX MODELS David Berenstein (UCSB/ DAMTP

ASPECTS OF CLASSICAL DYNAMICS IN HOLOGRAPHIC MATRIX MODELS David Berenstein (UCSB/ DAMTP

ASPECTS OF CLASSICAL DYNAMICS IN HOLOGRAPHIC MATRIX MODELS David Berenstein (UCSB/ DAMTP Cambridge) GAUGE/GRAVITY DUALITY s a l a u ! q s e m e e r t a s y e s s e m h u T t n a u q STANDARD DICTIONARY

1.22k views • 72 slides
IPOFRAZIONAMENTO NEL TUMORE PROSTATICO: dove s8amo andando e

IPOFRAZIONAMENTO NEL TUMORE PROSTATICO: dove s8amo andando e

IPOFRAZIONAMENTO NEL TUMORE PROSTATICO: dove s8amo andando e quanto siamo compe88vi &quot; DICHIARAZIONE Relatore: FILIPPO ALONGI Come da nuova regolamentazione della Commissione Nazionale per la

611 views • 44 slides
Using Machine Learning to Improve Automatic Vectorization Kevin Stock Louis-Nol Pouchet P .

Using Machine Learning to Improve Automatic Vectorization Kevin Stock Louis-Nol Pouchet P .

Using Machine Learning to Improve Automatic Vectorization Kevin Stock Louis-Nol Pouchet P . Sadayappan The Ohio State University January 24, 2012 HiPEAC Conference Paris, France Introduction: HiPEAC12 Vectorization Observations

346 views • 22 slides
Introduction TACO goal: develop tools, methods and a design flow for rapidly specifying,

Introduction TACO goal: develop tools, methods and a design flow for rapidly specifying,

TACO: Rapid Design Space Exploration for Protocol Processors Seppo Virtanen Johan Lilius Tero Nurmi Tomi Westerlund Turku Centre for Computer Science (TUCS) Lemminkaisenkatu 14 A, FIN-20520 Turku, Finland seppo.virtanen@utu.fi,

555 views • 11 slides
An industrial case study of TACO Benjamin Lesage , Stephen Law, Iain Bate Icons courtesy of

An industrial case study of TACO Benjamin Lesage , Stephen Law, Iain Bate Icons courtesy of

An industrial case study of TACO Benjamin Lesage , Stephen Law, Iain Bate Icons courtesy of https://icons8.com/ Context 2 Rolls-Royce VISIUMCORE platform Integrated instruction tracing and timing Instructions execution is

931 views • 44 slides

More recommend