container based virtualization docker
play

Container-based virtualization: Docker Corso di Sistemi Distribuiti - PDF document

Jan 28, 2023 •214 likes •437 views

Macroarea di Ingegneria Dipartimento di Ingegneria Civile e Ingegneria Informatica Container-based virtualization: Docker Corso di Sistemi Distribuiti e Cloud Computing A.A. 2019/20 Valeria Cardellini Laurea Magistrale in Ingegneria

  1. Macroarea di Ingegneria Dipartimento di Ingegneria Civile e Ingegneria Informatica Container-based virtualization: Docker Corso di Sistemi Distribuiti e Cloud Computing A.A. 2019/20 Valeria Cardellini Laurea Magistrale in Ingegneria Informatica Case study: Docker • Lightweight, open and secure container-based virtualization – Containers include the application and all of its dependencies, but share the OS kernel with other containers – Containers run as an isolated process in userspace on the host OS – Containers are also not tied to any specific infrastructure Valeria Cardellini - SDCC 2019/20 1

  2. Docker internals • Docker is written in Go language • With respect to other OS-level virtualization solutions, Docker is a higher-level platform that exploits Linux kernel mechanisms such as cgroups and namespaces – First versions based on Linux Containers (LXC) – Then based on its own libcontainer runtime that uses Linux kernel namespaces and cgroups directly • Docker adds to LXC – Portable deployment across machines – Versioning, i.e., git-like capabilities – Component reuse – Shared libraries, see Docker Hub hub.docker.com Valeria Cardellini - SDCC 2019/20 2 Docker internals • libcontainer (now included in opencontainers/runc ): cross-system abstraction layer aimed to support a wide range of isolation technologies Valeria Cardellini - SDCC 2019/20 3

  3. Component diagram of Docker Valeria Cardellini - SDCC 2019/20 4 Docker engine • Docker Engine: client- server application composed by: – A server, called coker daemon – A REST API which specifies interfaces that programs can use to control and interact with the daemon – A command line interface (CLI) client See https://docs.docker.com/engine/docker-overview/ Valeria Cardellini - SDCC 2019/20 5

  4. Docker architecture • Docker uses a client-server architecture – The Docker client talks to the Docker daemon , which builds, runs, and distributes Docker containers – Client and daemon communicate via sockets or REST API Valeria Cardellini - SDCC 2019/20 6 Docker image • Read-only template used to create a Docker container • The Build component of Docker – Enables the distribution of apps with their runtime environment • Incorporates all the dependencies and configuration necessary to apps to run, eliminating the need to install packages and troubleshoot – Target machine must be Docker-enabled • Docker can build images automatically by reading instructions from a Dockerfile – A text file with simple, well-defined syntax • Images can be pulled and pushed towards a public/private registry • Image name: [registry/][user/]name[:tag] – Default for tag is latest Valeria Cardellini - SDCC 2019/20 7

  5. Docker image: Dockerfile • Image can be created from a Dockerfile and a context – Dockerfile: instructions to assemble the image – Context: set of files (e.g., application, libraries) – Often, an image is based on another image (e.g., ubuntu) • Dockerfile syntax # Comment INSTRUCTION arguments • Instructions in a Dockerfile run in order • Some instructions FROM : to specify parent image (mandatory) RUN : to execute any command in a new layer on top of current image and commit results ENV : to set environment variables EXPOSE : container listens on specified network ports at runtime CMD : to provide defaults for executing container Valeria Cardellini - SDCC 2019/20 8 Docker image: Dockerfile • Example of Dockerfile to build the image of a container that will run a Python app # Use an official Python runtime as a parent image FROM python:2.7-slim # Set the working directory to /app WORKDIR /app # Copy the current directory contents into the container at /app ADD . /app # Install any needed packages specified in requirements.txt RUN pip install --trusted-host pypi.python.org -r requirements.txt # Make port 80 available to the world outside this container EXPOSE 80 # Define environment variable ENV NAME World # Run app.py when the container launches CMD ["python", "app.py"] See https://docs.docker.com/v17.09/get-started/part2/ Valeria Cardellini - SDCC 2019/20 9

  6. Docker image: build • Build image from Dockerfile $ docker build [OPTIONS] PATH | URL | - ⎼ E.g., to build the image for Python app (see Dockerfile in previous slide) $ docker build -t friendlyhello . Valeria Cardellini - SDCC 2019/20 10 Docker image: layers • Each image consists of a series of layers • Docker uses union file systems to combine these layers into a single unified view – Layers are stacked on top of each other to form a base for a container’s root file system – Based on copy-on-write (COW) principle Valeria Cardellini - SDCC 2019/20 11

  7. Docker image: layers • Layering pros - Enable layer sharing and reuse, installing common layers only once and saving bandwidth and storage space - Manage dependencies and separate concerns - Facilitate software specializations See https://docs.docker.com/storage/storagedriver/ Valeria Cardellini - SDCC 2019/20 12 Docker image: layers and Dockerfile • Each layer represents an instruction in the image’s Dockerfile • Each layer except the very last one is read-only • To inspect an image, including image layers $ docker inspect imageid Valeria Cardellini - SDCC 2019/20 13

  8. Docker image: storage • Containers should be stateless. Ideally: – Very little data is written to container’s writable layer – Data should be written on Docker volumes – Nevertheless: some workloads require to write data to the container’s writable layer • The storage driver controls how images and containers are stored and managed on the Docker host • Multiple choices for the storage driver - Including AuFS and Overlay2 (at file level), Device Mapper, btrfs and zfs (at block level) - Storage driver’s choice can affect the performance of containerized applications - See https://dockr.ly/2FstUe6 Valeria Cardellini - SDCC 2019/20 14 Docker container and registry • Docker container : runnable instance of a Docker image – Run, start, stop, move, or delete a container using Docker API or CLI commands – The Run component of Docker - Docker containers are stateless: when a container is deleted, any data written not stored in a data volume is deleted along with the container • Docker registry : stateless server-side application that stores and lets you distribute Docker images - Open library of images - The Distribute component of Docker - Docker-hosted registries: Docker Hub, Docker Store (open source and enterprise verified images) Valeria Cardellini - SDCC 2019/20 15

  9. Docker: run command • When you run a container whose image is not yet installed but is available on Docker Hub Courtesy of “Docker in Action” by J. Nickoloff Valeria Cardellini - SDCC 2019/20 16 State transitions of Docker containers Courtesy of “Docker in Action” by J. Nickoloff Valeria Cardellini - SDCC 2019/20 17

  10. Commands: Docker info • Obtain system-wide info on Docker installation $ docker info Including: – How many images, containers and their status – Storage driver – Operating system, architecture, total memory – Docker registry – Docker Swarm status Valeria Cardellini - SDCC 2019/20 18 Commands: image handling • List images on host (i.e., local repository) $ docker images • List every image, including intermediate image layers: $ docker images –a • Options to list images by name and tag, to list image digests (sha256), to filter images, to format the output, e.g., $ docker images --filter reference=ubuntu • Remove an image $ docker rmi imageid Can also use imagename instead of imageid Valeria Cardellini - SDCC 2019/20 19

  11. Command: run $ docker run [OPTIONS] IMAGE [COMMAND] [ARGS] • Most common options --name assign a name to the container detached mode (in background) -d interactive (keep STDIN open even if not attached) -i -t allocate a pseudo-tty --expose expose a range of ports inside the container -p publish a container's port or a range of ports to the host -v bind and mount a volume -e set environment variables --link add link to other containers • The “Hello World” container $ docker run alpine /bin/echo 'Hello world' - alpine: lightweight Linux distro with reduced image size Valeria Cardellini - SDCC 2019/20 20 Commands: containers management • List containers – Only running containers: $ docker ps • Alternatively, $ docker container ls – All containers (even stopped or killed containers): $ docker ps -a Can also use containername • Container lifecycle instead of containerid – Stop running container $ docker stop containerid – Start stopped container $ docker start containerid – Kill running container $ docker kill containerid – Remove container (need to stop it before attempting removal) $ docker rm containerid Valeria Cardellini - SDCC 2019/20 Valeria Cardellini - SDCC 2018/19 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Container-based virtualization: Docker Corso di Sistemi Distribuiti e Cloud Computing A.A.

Container-based virtualization: Docker Corso di Sistemi Distribuiti e Cloud Computing A.A.

Universit degli Studi di Roma Tor Vergata Dipartimento di Ingegneria Civile e Ingegneria Informatica Container-based virtualization: Docker Corso di Sistemi Distribuiti e Cloud Computing A.A. 2018/19 Valeria Cardellini Case study:

979 views • 20 slides
Container-based virtualization Process-level Extensively used in Lightweight virtualization

Container-based virtualization Process-level Extensively used in Lightweight virtualization

C NTR Lightweight OS Containers Jrg Thalheim, Pramod Bhatotia Pedro Fonseca Baris Kasikci USENIX ATC 2018 Container-based virtualization Process-level Extensively used in Lightweight virtualization production isolation Namespaces

250 views • 22 slides
Docker Review Basic Commands docker image ls # list images currently present locally docker

Docker Review Basic Commands docker image ls # list images currently present locally docker

Docker Review Basic Commands docker image ls # list images currently present locally docker container ls # list running containers docker run <image_name> # run an image as a container docker exec <container> <command> # run a

1.1k views • 6 slides
Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y

Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y

Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y install docker s ystemctl start docker systemctl enable docker docker images - Launch pre-canned container: hello-world (busybox is another good

480 views • 4 slides
A Gentle Introduction to Container-based CI for Coq projects rik Martin-Dorel ACADIE team /

A Gentle Introduction to Container-based CI for Coq projects rik Martin-Dorel ACADIE team /

Introduction to Container-based CI/CD Presentation of docker-coq About docker-keeper and concluding remarks A Gentle Introduction to Container-based CI for Coq projects rik Martin-Dorel ACADIE team / IRIT lab. / Univ. Toulouse III - Paul

524 views • 25 slides
Summary To learn how to set up a container-based platform, called Docker, for use in all class

Summary To learn how to set up a container-based platform, called Docker, for use in all class

1 Due: Today, 11:59 pm CMPSC 300 Bioinformatics Fall 2019 Lab 1: Installing Software and a Written Reflection Summary To learn how to set up a container-based platform, called Docker, for use in all class activities, labs and practicals. To

580 views • 8 slides
Deliver Docker Containers Continuously on AWS Philipp Garbe @pgarbe Google Container So many

Deliver Docker Containers Continuously on AWS Philipp Garbe @pgarbe Google Container So many

Deliver Docker Containers Continuously on AWS Philipp Garbe @pgarbe Google Container So many choices... Engine Azure Container Services Cloud Foundrys Amazon ECS Diego Kubernetes Docker Swarm Mesosphere CoreOS Marathon Fleet

465 views • 45 slides
Container-based Virtualization University of Amsterdam MSc. System & Network Engineering

Container-based Virtualization University of Amsterdam MSc. System & Network Engineering

Power Efficiency of Hypervisor and Container-based Virtualization University of Amsterdam MSc. System & Network Engineering Research Project II Jeroen van Kessel 02-02-2016 Supervised by: dr. ir. Arie Taal dr. Paola Grosso Significance

761 views • 26 slides
Virtualization with Docker Matthias Schnepf Karlsruhe Institute of Technology (KIT), SCC/ETP 0

Virtualization with Docker Matthias Schnepf Karlsruhe Institute of Technology (KIT), SCC/ETP 0

Virtualization with Docker Matthias Schnepf Karlsruhe Institute of Technology (KIT), SCC/ETP 0 2019-11-05 Cake meeting Matthias Schnepf SCC/ETP Virtualization with Docker www.kit.edu KIT The Research University in the Helmholtz

1.26k views • 17 slides
INTRODUCTION TO DOCKER ADRIAN MOUAT SO WHAT IS DOCKER? SIMILAR TO A LIGHTWEIGHT VM Both

INTRODUCTION TO DOCKER ADRIAN MOUAT SO WHAT IS DOCKER? SIMILAR TO A LIGHTWEIGHT VM Both

INTRODUCTION TO DOCKER ADRIAN MOUAT SO WHAT IS DOCKER? SIMILAR TO A LIGHTWEIGHT VM Both provide isolated environments Docker is much more efficient 64-bit Linux only (currently) CONTAINERIZATION A Docker container is a portable store for a

674 views • 29 slides
CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT Chief Scientist @ Container Solutions Wrote

CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT Chief Scientist @ Container Solutions Wrote

CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT Chief Scientist @ Container Solutions Wrote "Using Docker" for O'Reilly 40% Discount with AUTHD code Free Docker Security minibook http://www.oreilly.com/webops-perf/free/docker-

1.06k views • 68 slides
containerization: more than the new virtualization Jrme Petazzoni (@jpetazzo) Grumpy

containerization: more than the new virtualization Jrme Petazzoni (@jpetazzo) Grumpy

containerization: more than the new virtualization Jrme Petazzoni (@jpetazzo) Grumpy French DevOps - Go away or I will replace you with a very small shell script Runs everything in containers - Docker-in-Docker - VPN-in-Docker -

1.06k views • 61 slides
Integrating container-based virtualization technologies into ARC-powered grid infrastructure

Integrating container-based virtualization technologies into ARC-powered grid infrastructure

Integrating container-based virtualization technologies into ARC-powered grid infrastructure Oleksandr Boretskyi, Oleksandr Bohomaz, Andrii Salnikov Taras Schevchenko National University of Kyiv e-mail: grid@grid.org.ua Koice 2016 Software

518 views • 15 slides
Java/JVM com Docker em produo: lies das trincheiras Leonardo Zanivan panga@apache.org

Java/JVM com Docker em produo: lies das trincheiras Leonardo Zanivan panga@apache.org

Java/JVM com Docker em produo: lies das trincheiras Leonardo Zanivan panga@apache.org Why Docker Container? Review: Why Docker Container? Environments (dev, test, UAT, prod) Productivity (onboarding, develop, test) Single

530 views • 24 slides
Docker & Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1

Docker & Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1

Docker & Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1 About Docker at OVH 2014-2015: Home-made container orchestrator, Sailabove, based on LXC 2016: Switch to Docker & Mesos/Marathon 6

487 views • 19 slides
Containers/Docker Mirna Alaisami Matthias Haeussler What is a container? in general 2

Containers/Docker Mirna Alaisami Matthias Haeussler What is a container? in general 2

Containers/Docker Mirna Alaisami Matthias Haeussler What is a container? in general 2 What is a Container? "in General" The term comes originally from the transportation world! A shipping container is any

620 views • 47 slides
1. Packages in R - Why and How - are all installed in the correct places by a single command that

1. Packages in R - Why and How - are all installed in the correct places by a single command that

The following slides are (only) an Introduction to R packages. How to Write an R Package Additionally, we will work with The reference : the Writing R Extensions manual 1 . We will get an overview and consider some

586 views • 9 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
ENGN2219/COMP6719 ComputerArchitecture&Simulation RameshSankaranarayana

ENGN2219/COMP6719 ComputerArchitecture&Simulation RameshSankaranarayana

ENGN2219/COMP6719 ComputerArchitecture&Simulation RameshSankaranarayana Semester1,2020 (basedonoriginalmaterialbyBenSwitandUweZimmer) 1 Week3:MemoryOperations 2 Outline addresses

1.36k views • 93 slides
Extension: Combiner Functions import org.apache.hadoop.io.IntWritable; import

Extension: Combiner Functions import org.apache.hadoop.io.IntWritable; import

10/6/2011 import java.io.IOException; import org.apache.hadoop.fs.Path; Extension: Combiner Functions import org.apache.hadoop.io.IntWritable; import org.apache.hadoop.io.Text; import org.apache.hadoop.mapred.FileInputFormat; import

177 views • 7 slides
CS 327E Class 10 November 18, 2019 1) What is meant by the following usage pattern? A. The

CS 327E Class 10 November 18, 2019 1) What is meant by the following usage pattern? A. The

CS 327E Class 10 November 18, 2019 1) What is meant by the following usage pattern? A. The elements in the PCollection are split up such that 1/2 of the elements are written to BigQuery and 1/2 are written to Bigtable. B. The same

689 views • 15 slides
Preview question In a 32-bit Linux/x86 program, which of these objects would have the lowest

Preview question In a 32-bit Linux/x86 program, which of these objects would have the lowest

Preview question In a 32-bit Linux/x86 program, which of these objects would have the lowest address (numerically least when CSci 5271 considered as unsigned)? Introduction to Computer Security A. An environment variable Day 3: Low-level

97 views • 7 slides
Files This Week: Read Chapter 3 Administrative: Rock.c The Operating System &

Files This Week: Read Chapter 3 Administrative: Rock.c The Operating System &

Outline Previously (and Chap 1 & 2 from text) Covered Brief UNIX history/interface UNIX overview - process, shell, file Brief intro to basic file I/O - open(), close(), read(), write(), lseek(), fprintf (library call) Unix System

534 views • 14 slides
CSE440: Introduction to HCI Methods for Design, Prototyping and Evaluating User Interaction

CSE440: Introduction to HCI Methods for Design, Prototyping and Evaluating User Interaction

CSE440: Introduction to HCI Methods for Design, Prototyping and Evaluating User Interaction Lecture 12: Nigini Oliveira Heuristic Evaluation Abhinav Yadav Liang He Angel Vuong Jeremy Viny What we will do today Inspection-based methods

797 views • 79 slides

More recommend