A introduction to Docker

Amit

Dev and Ops Challenges

● Dev Environment

● Code migration to staging

● Dependency issues

● Conflicts and time issue

● Frequent code changes and new build

● Redeployment frequency

● Steps automation

Solution

● Use Virtualization

● Create standard template as per dev requirement

● Move to Docker

– Question: What is docker???

– Docker is an amazing technology and it just simplifies both workflows and communication.

– Docker help devs to create an image with all the dependency and bundled it and send for ops testing

– Easy to build

– Easy to deploy

– Maintaining change set is quite easy

– Maintaining images and comparison across releases is easy

Docker Image Flow

Code changes and push images

Ship to Repository

Perform testing

Testing team deploy image

Push to staging

●

● Developers build the Docker image and ship it to the registry.

● Operations engineers provide configuration details to the container and provision resources.

● Developers trigger deployment.

● Dependency issues resolved

● Testing and redeployment become easier

Docker Workflow

● Pull a base image● Run a container,extend and commit● Part 2 results in a new image● Push image to remote repository● Pull extended image to extended environment

and run as container●

Docker Commit● Pull a new container image

docker pull rhel7:latest

docker run rhel7:latest /bin/bash

● Modify the container:

touch testfile.sh

● Commit the container image

docker commit 1fc66a69a3d2 -t amit23comp/openwriteup:1.0.0

● Docker login to hub.docker.com

[root@localhost amit]# docker login

Username (amit23comp):

Password:

WARNING: login credentials saved in /root/.docker/config.json

Login Succeeded

….

[root@localhost amit]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

amit23comp/openwriteup 1.0.0 ffe2bf92f0aa 47 minutes ago 193 MB

docker tag amit23comp/openwriteup:1.0.0 hub.docker.com:5000/amit23comp/openwriteup'

$ docker commit c16378f943fe rhel-httpd

Now, push the image to the registry using the image ID. In this example the registry is on host named registry-host and listening on port 5000. To do this, tag the image with the host name or IP address, and the port of the registry:

$ docker tag rhel-httpd registry-host:5000/myadmin/rhel-httpd$ docker push registry-host:5000/myadmin/rhel-httpd

[root@localhost amit]# docker push hub.docker.com:5000/amit23comp/openwriteupThe push refers to a repository [hub.docker.com:5000/amit23comp/openwriteup]

Docker Registry

● Docker hub

https://hub.docker.com

● Create a Docker hub account

https://hub.docker.com/account/signup

[root@localhost amit]# docker login

Username: amit*****

Password:

Email: amit@openwriteup.com

WARNING: login credentials saved in /root/.docker/config.json

Login Succeeded

●

●

Docker file

Dockerfile

Image

Container

Docker hub

Build

Run

StopStart

Restart

Commit

Push

Pull

Image

● Image are read only

● Its contains multi layer

● Push and pull image from registry

● Container are read -write

● When we install and commit, its create a new image.

● This way its create a new layer for it

● Understanding the image layer and cache

● Minimize the image layer and maximize the image cache

Docker file continue..

explanation

● Host kernel : Its linux kernel, which is shared across all the containers

● Image: It can be any linux flavor : In above pic its a debian image. Its a readonly. Its persistent

● Container: Next layer in the pic is container, Its writable. We have added a editor in the container. “ Add emacs”. Since container is writable, but non-persistent.

● We have committed the image, and its become the new image, its a readonly.

● We can pull and push the image to the repo.

● From the repo we can pull the image and it become container and its writable.

● Image is readonly and containers are writeable.

● Once its committed we can not remove from image, we can remove from container

Layers benefit in docker file

Docker build

● docker build

This command will create image from the docker file

● docker build -t openwriteup/java:1.0.0 .

Above command will build the image from the docker file, we need to specify the dockerfile path. In above command we have mentioned the “.” at end of the command, its means dockerfile is located in current working directory

● “ -t “ option is for tagging, it tag the new image with followed by the version.

● Docker file syntax:

Instruction ----> argument

Each instruction commits create a new layer in the image

Docker file : example

# pull base image

FROM fedora:latest

RUN \

yum update && \

yum install java

# We are chaining the RUN command, so in the single command we are creating #one layer. Its create only one layer, so its chaining will help, we can avoid multiple #layer

#define default command

CMD [“java”]

Another example

#Download image with java 8

FROM dockerfile/java:oracle-java8

MAINTAINER Openwriteup

#Install MAVEN into the image

RUN apt-get update && \

echo '--->Install maven”\

apt-get install -y maven

#Create a working directory code

WORKDIR /code

#openport

EXPOSE 8080

Build image practice

● Avoid installing unnecessary packages: In order to reduce the complexity,dependencies,filesize and build size

● Run only one process per container:Decoupling application into multiple container makes it much easier to scale horizontally and reuse containers

● Minimize number of layers: Chained the instruction

RUN apt-get update && apt-get install -y \

git \

gcc \

emacs

● Build cache :During docker build we should use it.I

Docker file Command

● FROM

● RUN

● CMD

● EXPOSE

● ENV

● ENTRYPOINT

● COPY

● ADD

● WORKDIR

Difference between commands● Entrypoint and CMD

CMD [“mvn”,”exec:java”]

ENTRYPOINT[“mvn”], now “exec:java” needs to be passed as argument for docker run command.

● CMD simply sets a command to run in the image if no arguments are passed to docker run, if arguments are passed to docker run then the command is overridden.

● If docker files uses only ENTRYPOINT,the argument passed to docker run will always passed to entrypoint.

● If docker files declares both ENTRYPOINT AND CMD, and no arguments are passed to docker run ,then the argument to CMD will be passed to declared entrypoint

● COPY and ADD

CACHE:

If we make any change in image, Unchanged layers will be treated as cached and speeds everything up. As a result only new layers will only take time.

Image building

● As above pic, we can see

“Removing container...”

● For each layer building, docker build create a container and create layer inside that, and removing that container after commit.

● Again same point: Container a writable and images are read only

● Docker images will list

docker image

Some docker commands

● Specify the name of container

docker run –name <openwriteup>

● Run dameonised container:

docker run -d –name <openwriteup>

● Specify port number in the command

docker run -d -p 8080:8080

● Kill container

docker rm <container id>

● Container use and reuse: Vanished it once done, its not for storing.

….

● Run interactive

docker run -d -p 8080:8080 -t -i <image id> --name <name of container>

● Docker attach

docker attach <container name or id>

● Find the ip of container

docker inspect -format '{{.NetworkSettings.IPAddress}} <container id>

[root@localhost amit]# docker inspect --format '{{.NetworkSettings.IPAddress}}' 1fc66a69a3

172.17.0.2

● Chroot :Its spawn the container, Its create a filesystem inside the linux system. Its provides the kind of JAIL. Chroot file system jail

● Namespace: Process resource management and virtualization. Provide network stack ,memory,process isolation

● Cgroups: Control group inside the name, control the amount of memory and cpu utilization.

● Systemd: Guaranty of service. Management of process

● Lxc /docker containers