lxc docker and the future of software delivery
play

LXC, Docker, and the future of software delivery Linuxcon New - PowerPoint PPT Presentation

Nov 20, 2022 •640 likes •1.11k views

LXC, Docker, and the future of software delivery Linuxcon New Orleans, 2013 Jrme Petazzoni, dotCloud Inc. Outline Why Linux Containers? What are Linux Containers exactly? What do we need on top of LXC? Why Docker?

  1. LXC, Docker, and the future of software delivery Linuxcon – New Orleans, 2013 Jérôme Petazzoni, dotCloud Inc.

  2. Outline ● Why Linux Containers? ● What are Linux Containers exactly? ● What do we need on top of LXC? ● Why Docker? ● What is Docker exactly? ● Where is it going?

  3. Why Linux Containers? What are we trying to solve?

  4. The Matrix From Hell

  5. The Matrix From Hell

  6. Many payloads ● backend services (API) ● databases ● distributed stores ● webapps

  7. Many payloads ● Go ● Java ● Node.js ● PHP ● Python ● Ruby ● …

  8. Many payloads ● CherryPy ● Django ● Flask ● Plone ● ...

  9. Many payloads ● Apache ● Gunicorn ● uWSGI ● ...

  10. Many payloads + your code

  11. Many targets ● your local development environment ● your coworkers' developement environment ● your Q&A team's test environment ● some random demo/test server ● the staging server(s) ● the production server(s) ● bare metal ● virtual machines ● shared hosting + your dog's Raspberry Pi

  12. Many targets ● BSD ● Linux ● OS X ● Windows

  13. Many targets ● BSD ● Linux ● OS X ● Windows

  14. The Matrix From Hell Static ? ? ? ? ? ? ? website Web ? ? ? ? ? ? ? frontend background ? ? ? ? ? ? ? workers ? ? ? ? ? ? ? User DB Analytics ? ? ? ? ? ? ? DB ? ? ? ? ? ? ? Queue Development Single Prod Contributor’s Customer QA Server Onsite Cluster Public Cloud VM Server laptop Servers

  15. Real-world analogy: containers

  16. Many products ● clothes ● electronics ● raw materials ● wine ● …

  17. Many transportation methods ● ships ● trains ● trucks ● ...

  18. Another matrix from hell ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

  19. Solution to the transport problem: the intermodal shipping container

  20. Solution to the transport problem: the intermodal shipping container ● 90% of all cargo now shipped in a standard container ● faster and cheaper to load and unload on ships (by an order of magnitude) ● less theft, less damage ● freight cost used to be >25% of final goods cost, now <3% ● 5000 ships deliver 200M containers per year

  21. Solution to the deployment problem: the Linux container

  22. Linux containers... ● run everywhere – regardless of kernel version – regardless of host distro – (but container and host architecture must match) ● run anything – if it can run on the host, it can run in the container – i.e., if it can run on a Linux kernel, it can run

  23. What are Linux Containers exactly?

  24. High level approach: it's a lightweight VM ● own process space ● own network interface ● can run stuff as root ● can have its own /sbin/init (different from the host)

  25. Low level approach: it's chroot on steroids ● can also not have its own /sbin/init ● container = isolated process(es) ● share kernel with host ● no device emulation (neither HVM nor PV)

  26. Separation of concerns: Dave the Developer ● inside my container: – my code – my libraries – my package manager – my app – my data

  27. Separation of concerns: Oscar the Ops guy ● outside the container: – logging – remote access – network configuration – monitoring

  28. How does it work? Isolation with namespaces ● pid ● mnt ● net ● uts ● ipc ● user

  29. How does it work? Isolation with cgroups ● memory ● cpu ● blkio ● devices

  30. Efficiency: almost no overhead ● processes are isolated, but run straight on the host ● CPU performance = native performance ● memory performance = a few % shaved off for (optional) accounting ● network performance = small overhead; can be optimized to zero overhead

  31. Efficiency: storage-friendly ● unioning filesystems (AUFS, overlayfs) ● snapshotting filesystems (BTRFS, ZFS) ● copy-on-write (thin snapshots with LVM or device-mapper) This wasn't part of LXC at first; but you definitely want it!

  32. Efficiency: storage-friendly ● provisioning now takes a few milliseconds ● … and a few kilobytes ● creating a new base/image/whateveryoucallit takes a few seconds

  33. Docker

  34. What's Docker? ● Open Source engine to commoditize LXC ● using copy-on-write for quick provisioning ● allowing to create and share images ● propose a standard format for containers

  35. Yes, but... ● « I don't need Docker; I can do all that stuff with LXC tools, rsync, some scripts! » ● correct on all accounts; but it's also true for apt, dpkg, rpm, yum, etc. ● the whole point is to commoditize , i.e. make it ridiculously easy to use

  36. Docker: authoring images ● you can author « images » – either with « run+commit » cycles, taking snapshots – or with a Dockerfile (=source code for a container) – both ways, it's ridiculously easy ● you can run them – anywhere – multiple times

  37. Dockerfile example FROM ubuntu RUN apt-get -y update RUN apt-get install -y g++ RUN apt-get install -y erlang-dev erlang-manpages erlang-base-hipe ... RUN apt-get install -y libmozjs185-dev libicu-dev libtool ... RUN apt-get install -y make wget RUN wget http://.../apache-couchdb-1.3.1.tar.gz | tar -C /tmp -zxf- RUN cd /tmp/apache-couchdb-* && ./configure && make install RUN printf "[httpd]\nport = 8101\nbind_address = 0.0.0.0" > /usr/local/etc/couchdb/local.d/docker.ini EXPOSE 8101 CMD ["/usr/local/bin/couchdb"]

  38. Docker: sharing images ● you can push/pull images to/from a registry (public or private) ● you can search images through a public index ● dotCloud maintains a collection of base images (Ubuntu, Fedora...) ● satisfaction guaranteed or your money back

  39. Docker: not sharing images ● private registry – for proprietary code – or security credentials – or fast local access

  40. Typical workflow ● code in local environment (« dockerized » or not) ● each push to the git repo triggers a hook ● the hook tells a build server to clone the code and run « docker build » (using the Dockerfile) ● the containers are tested (nosetests, Jenkins...), and if the tests pass, pushed to the registry ● production servers pull the containers and run them ● for network services, load balancers are updated

  41. Hybrid clouds ● Docker is part of OpenStack « Havana », as a Nova driver + Glance translator ● typical workflow: – code on local environment – push container to Glance-backed registry – run and manage containers using OpenStack APIs ● Docker confirmed to work with: Digital Ocean, EC2, Joyent, Linode, and many more (not praising a specific vendor, just pointing that it « just works »)

  42. Docker: the community ● Docker: >160 contributors ● latest milestone (0.6): 40 contributors ● GitHub repository: >600 forks

  43. Docker: the ecosystem ● CoreOS (full distro based on Docker) ● Deis (PAAS; available) ● Dokku (mini-Heroku in 100 lines of bash) ● Flynn (PAAS; in development) ● Maestro (orchestration from a simple YAML file) ● OpenStack integration ● Shipper (fabric-like orchestration) And many more

  44. Docker roadmap ● Today: Docker 0.6 – LXC – AUFS ● Tomorrow: Docker 0.7 – LXC – device-mapper thin snapshots (target: RHEL) ● The day after: Docker 1.0 – LXC, libvirt, qemu, KVM, OpenVZ, chroot… – multiple storage back-ends – plugins

  45. Thank you! Questions? http://docker.io/ https://github.com/dotcloud/docker @docker @jpetazzo

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Docker Orchestration: Beyond the Basics Aaron Lehmann Software Engineer, Docker About me

Docker Orchestration: Beyond the Basics Aaron Lehmann Software Engineer, Docker About me

Docker Orchestration: Beyond the Basics Aaron Lehmann Software Engineer, Docker About me Software engineer at Docker Maintainer on SwarmKit and Docker Engine open source projects Focusing on distributed state, task scheduling,

1.29k views • 62 slides
Docker for Developers Michael Hrivnak Principal Software Engineer - Red Hat Inc.

Docker for Developers Michael Hrivnak Principal Software Engineer - Red Hat Inc.

Docker for Developers Michael Hrivnak Principal Software Engineer - Red Hat Inc. @michael_hrivnak Docker is Popular Deployment gets most of the attention. 1 Developer 1 Laptop 3 Skills Exit Codes $ sudo docker run -it --rm centos:centos7

347 views • 17 slides
Continuous Delivery mit Docker Berlin Expert Days 2014 Dr. Halil-Cem Grsoy adesso AG 04.04.14

Continuous Delivery mit Docker Berlin Expert Days 2014 Dr. Halil-Cem Grsoy adesso AG 04.04.14

Continuous Delivery mit Docker Berlin Expert Days 2014 Dr. Halil-Cem Grsoy adesso AG 04.04.14 04.04.14 Continuous Delivery mit Docker http://www.flickr.com/photos/jpmartineau/501718334/ Definition und Provisionierung eines Linux-Containers

694 views • 26 slides
Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y

Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y

Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y install docker s ystemctl start docker systemctl enable docker docker images - Launch pre-canned container: hello-world (busybox is another good

480 views • 4 slides
docker service is the new docker run Getting Started with Docker Clustering Mike Goelzer /

docker service is the new docker run Getting Started with Docker Clustering Mike Goelzer /

docker service is the new docker run Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker run nginx 2013-14 docker run -p 3375:2375 swarm ; 2014-15

688 views • 34 slides
RPM Packaging How software delivery works and why RPM packaging is more current than ever Fabio

RPM Packaging How software delivery works and why RPM packaging is more current than ever Fabio

RPM Packaging How software delivery works and why RPM packaging is more current than ever Fabio Alessandro Locati 26 October 2016 Outline Intro Deployments RPM Processes RPM and Docker 1 Intro About me RPM user since 2001 IT

1.06k views • 88 slides
Containers, Docker, and Security: State of the Union 1 / 38 Who am I? Jrme Petazzoni

Containers, Docker, and Security: State of the Union 1 / 38 Who am I? Jrme Petazzoni

Containers, Docker, and Security: State of the Union 1 / 38 Who am I? Jrme Petazzoni (@jpetazzo) French software engineer living in California Joined Docker (dotCloud) more than 4 years ago (I was at Docker before it was cool! ) I built

420 views • 38 slides
The Modern Platform in 2020 Justin Cormack Who am I? Engineer at Docker in Cambridge, UK. Docker

The Modern Platform in 2020 Justin Cormack Who am I? Engineer at Docker in Cambridge, UK. Docker

The Modern Platform in 2020 Justin Cormack Who am I? Engineer at Docker in Cambridge, UK. Docker developers Work on security, systems software, applications, LinuxKit, containers @justincormack 2 From OS to languages? From OS to

843 views • 39 slides
INTRODUCTION TO DOCKER ADRIAN MOUAT SO WHAT IS DOCKER? SIMILAR TO A LIGHTWEIGHT VM Both

INTRODUCTION TO DOCKER ADRIAN MOUAT SO WHAT IS DOCKER? SIMILAR TO A LIGHTWEIGHT VM Both

INTRODUCTION TO DOCKER ADRIAN MOUAT SO WHAT IS DOCKER? SIMILAR TO A LIGHTWEIGHT VM Both provide isolated environments Docker is much more efficient 64-bit Linux only (currently) CONTAINERIZATION A Docker container is a portable store for a

674 views • 29 slides
Docker Provider The Docker provider is used to interact with Docker containers and images. It uses

Docker Provider The Docker provider is used to interact with Docker containers and images. It uses

Docker Provider The Docker provider is used to interact with Docker containers and images. It uses the Docker API to manage the lifecycle of Docker containers. Because the Docker provider uses the Docker API, it is immediately compatible not only

553 views • 34 slides
Getting to DevOps with Docker Brian (bex) Exelbierd Software Engineer @ Red Hat

Getting to DevOps with Docker Brian (bex) Exelbierd Software Engineer @ Red Hat

Getting to DevOps with Docker Brian (bex) Exelbierd Software Engineer @ Red Hat Various Roles in IT since 1995 Programmer $ whoami Analyst @bexelbie Manager (Ops, Dev, Special Projects) Slides URL:

850 views • 48 slides
Docker: Testing the Waters LA-UR 15-25901 1 LA-UR 15-25901 Docker: Theres No Containing

Docker: Testing the Waters LA-UR 15-25901 1 LA-UR 15-25901 Docker: Theres No Containing

Eric Holm Skyler Manzanares Yuxin (Kelly) Wang http://gerardable.com/wp-content/uploads/2014/12/docker-whale-home-logo.png Docker: Testing the Waters LA-UR 15-25901 1 LA-UR 15-25901 Docker: Theres No Containing this Whale! Free,

997 views • 28 slides
Docker meets Python A look on the Docker SDK for Python pip install docker Jan Wagner

Docker meets Python A look on the Docker SDK for Python pip install docker Jan Wagner

Docker meets Python A look on the Docker SDK for Python pip install docker Jan Wagner Data Science Consultant accantec group | Alstertor 17 | 20095 Hamburg | Tel.: +49 (40) 67 59 59 0 | Fax.: +49 (40) 67 59 59 29 | www.accantec.de |

664 views • 29 slides
1 Agenda Docker world Containers VS Virtual machine Security concerns Conclusion Whoami

1 Agenda Docker world Containers VS Virtual machine Security concerns Conclusion Whoami

12.03.2019 Docker security 1 Agenda Docker world Containers VS Virtual machine Security concerns Conclusion Whoami M.Sc Computer Security M.Sc Software Development Worked previously as an embedded software developer Actually

586 views • 54 slides
Docker Review Basic Commands docker image ls # list images currently present locally docker

Docker Review Basic Commands docker image ls # list images currently present locally docker

Docker Review Basic Commands docker image ls # list images currently present locally docker container ls # list running containers docker run &lt;image_name&gt; # run an image as a container docker exec &lt;container&gt; &lt;command&gt; # run a

1.1k views • 6 slides
Software Delivery and NOPSEMA Who we are What we do What we need John Townsend Chief

Software Delivery and NOPSEMA Who we are What we do What we need John Townsend Chief

Software Delivery and NOPSEMA Who we are What we do What we need John Townsend Chief Information Officer Mike Waters Software Solutions Manager 5th December 2018 Contents About NOPSEMA Software Delivery at NOPSEMA What we

337 views • 23 slides
Unikernel Experiment Theory, practice and perspective @argent_smith Evrone.com {Tver.io} 1 /

Unikernel Experiment Theory, practice and perspective @argent_smith Evrone.com {Tver.io} 1 /

Unikernel Experiment Theory, practice and perspective @argent_smith Evrone.com {Tver.io} 1 / 18 ~$ whoami Unikernel Experiment 2 / 18 ~$ whoami Unikernel Experiment 2 / 18 ~$ whoami Unikernel Experiment 3 / 18 ~$ whoami Unikernel

640 views • 31 slides
Erlang(n) risk models with risky investments Corina Constantinescu Johann Radon Institute for

Erlang(n) risk models with risky investments Corina Constantinescu Johann Radon Institute for

Erlang(n) risk models with risky investments Corina Constantinescu Johann Radon Institute for Computational and Applied Mathematics Austrian Academy of Sciences joint work with H. Albrecher, University of Linz &amp; RICAM E. Thomann, Oregon

457 views • 33 slides
Orbis UUID Generation, using Consistent Hashing in Erlang UUID [42-bit Timestamp, 12-bit Shard,

Orbis UUID Generation, using Consistent Hashing in Erlang UUID [42-bit Timestamp, 12-bit Shard,

Orbis UUID Generation, using Consistent Hashing in Erlang UUID [42-bit Timestamp, 12-bit Shard, 10-bit Sequence] Timestamp Use Unix Epoch, in milliseconds, with an offset. Subtract offset at generation time, add on decoding time.

295 views • 6 slides
Veri fi cation of Erlang-style Concurrency Emanuele DOsualdo , Jonathan Kochems and Luke Ong

Veri fi cation of Erlang-style Concurrency Emanuele DOsualdo , Jonathan Kochems and Luke Ong

Veri fi cation of Erlang-style Concurrency Emanuele DOsualdo , Jonathan Kochems and Luke Ong Department of Computer Science University of Oxford 11 September 2012 1 The goal Automatic Veri fi cation 1 The goal Automatic Veri fi cation of

996 views • 85 slides
McErlang a Model Checker for Erlang Programs Lars- Ake Fredlund, Clara Benac Earle

McErlang a Model Checker for Erlang Programs Lars- Ake Fredlund, Clara Benac Earle

McErlang a Model Checker for Erlang Programs Lars- Ake Fredlund, Clara Benac Earle Universidad Polit ecnica de Madrid McErlang basics McErlang is useful for checking concurrent software , not for checking sequential software

957 views • 78 slides
M4S1 - Central Limit Theorem Professor Jarad Niemi STAT 226 - Iowa State University September

M4S1 - Central Limit Theorem Professor Jarad Niemi STAT 226 - Iowa State University September

M4S1 - Central Limit Theorem Professor Jarad Niemi STAT 226 - Iowa State University September 28, 2018 Professor Jarad Niemi (STAT226@ISU) M4S1 - Central Limit Theorem September 28, 2018 1 / 24 Outline Sampling distribution Standard error

372 views • 24 slides
22 September 2017 Webex Chairs: Pascal Thubert IPv6 over the TSCH Thomas Watteyne mode of IEEE

22 September 2017 Webex Chairs: Pascal Thubert IPv6 over the TSCH Thomas Watteyne mode of IEEE

22 September 2017 Webex Chairs: Pascal Thubert IPv6 over the TSCH Thomas Watteyne mode of IEEE 802.15.4 Etherpad for Minutes: https://etherpad.tools.ietf.org/p/6tisch 6TiSCH interim 22 September 2017 Note Well Any submission to the IETF

319 views • 20 slides
Advice for Getting Models Work Mahdi Roozbahani Lecturer, Computational Science and Engineering,

Advice for Getting Models Work Mahdi Roozbahani Lecturer, Computational Science and Engineering,

CX4242: Advice for Getting Models Work Mahdi Roozbahani Lecturer, Computational Science and Engineering, Georgia Tech These slides are adopted from Polo, Andrew w. Moore, and Vivek Srikumar, and Chao Zhang Outline Model Diagnostics

669 views • 28 slides

More recommend