Docker – OS Level Virtualization

Michael Liut, Ph.D. CandidateMcMaster University

What are virtual machines (VMs)?

u An abstraction of physical hardwareu e.g. turning one server into many

u Hypervisor allows multiple VMs to run on a single machine.

u Each VM includes:u a full copy of an operating systemu necessary binaries and libraries

2

What is “OS Level Virtualization”?

u An operating system feature allowing the kernel to have multiple isolated user-space instances (a.k.a. “containers”). u Think of “sandboxing”.

u Very little overhead as programs in virtual partitions use the OS’s normal system call interface and are not subject to emulation or an intermediary VM.

3

What are containers?

u Containers are not virtual machines!

u Containers are an abstraction at the application layer.

u Containers are: u Lightweight

u Stand-alone

u Executable package of software

4

What is Docker?

u Lightweightu Can run on a single machine

u Standardu Based on open standards

u Can run on all major Linux distributions, Windows, VMs, cloud, etc...

u Secureu Isolation of applications and

underlying infrastructure.

u Security and Compliance Standards

5

Types of Applications

u Statelessu An application with a single function

or service – IoT.

u Web, Print, and CDN Servers

u Statefulu Databases

u Mail Servers

u Transaction Solutions (home banking)

6

Docker and Virtual Machines

u A lot of flexibility in deploying

and managing applications!

7

Limiting a container’s resource

u No resource constraints, by default.

u Docker can enforce hard and soft memory limits.

u Each container’s access to the CPU cycles is unlimited, by default. u Configuration of the Completely Fair Scheduler (CFS) and

Real-time Scheduler are possible.

8

Runtime Metrics

u Docker statistics allow administrators to live stream runtime metrics.

Container CPU % Mem Usage / Limit MEM % Net I/O Block I/O

container1 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB

container2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 646 B 12.4 MB / 0 B

9

Memory Metrics: Memory.Stat

u Additional memory metrics can be found in the “memory” cgroup. u For example:

cache 11492564992 rss 1930993664 mapped_file 306728960 pgpgin 406632648 pgpgout 403355412 swap 0 pgfault 728281223 pgmajfault 1724 inactive_anon 46608384 active_anon 1884520448 inactive_file 7003344896 active_file 4489052160

unevictable 32768 hierarchical_memory_limit9223372036854775807 hierarchical_memsw_limit9223372036854775807 total_cache 11492564992 total_rss 1930993664 total_mapped_file 306728960 total_pgpgin 406632648 total_pgpgout 403355412 total_swap 0 total_pgfault 728281223

total_pgmajfault 1724 total_inactive_anon 46608384 total_active_anon 1884520448 total_inactive_file 7003344896 total_active_file 4489052160 total_unevictable 32768

10

Manage Application Data

u Possible to store data within writable layer of a container.u Cons in doing so:

1. Writable layers must have their filesystem managed by storage driver; reducing performance.

2. A terminated container makes data access difficult.

3. Data in the containers are highly coupled to the container. You can’t move this data elsewhere easily.

u The concept of mounting becomes key!

11

Manage Application Data

u Volumes are part of the host file system, managed by Docker.

u Bind mounts* can be stored anywhere on the host.

u Tmpfs mounts are stored in memory and never written to the host filesystem.

*an alternate view of a directory tree for storage devices. A bind mount takes an existing directory tree and replicates it under a different point; mimicking the original.

12

When to use Docker?

u If you need to build and share disk images.

u If you need to flexibly manage resources/system infrastructures.

u As a version control system for your entire application’s OS.

u To run applications/programs on the same computer as your server.

u If you want to distribute/collaborate on an application’s OS with a team.

u There is a huge community: https://hub.docker.com

u If you need an application to go through multiple phases of development (development/testing/quality assurance/production).

13

Why use Docker?

u Your infrastructure is held constant (aka “immutable infrastructure”).

u Gives developers the ability to produce an application faster and more consistently.

u Its ability to elastically scale

u Start with 5 containers over 5 Amazon EC2 instances. When there is an increase in user traffic, trigger an increase of containers (e.g. 20 containers over 20 EC2 instances) and vice versa.

u VMs are fat (resource intensive) and you can only deploy so many on one server.

u e.g. UbuntuVM = 4GB while Ubuntu Docker Container = 188MB

14

Docker Editions 15

Thanks For Listening!

Q A&

16

Enjoyed the talk?

u You may consider checking out Kubernetes!u An open-source system for automating deployment,

scaling, and management of containerized applications.

u https://kubernetes.io

u You may consider checking out BusyBox!u Provides several stripped-down Unix tools in a single

executable file (2.1MB compressed).

u https://busybox.net

17

References

u Docker for the Virtualization Admin, 2016 Docker.

u https://www.docker.com/what-container

u https://docs.docker.com/

u https://github.com/docker/compliance

u Many of the images used herein are from the Docker website

u https://www.docker.com/

u https://www.ctl.io/developers/blog/post/what-is-docker-and-when-to-use-it/

u Stateless vs. Stateful (and images)

u https://robinsystems.com/blog/stateless-vs-stateful-containers-1/

18