Docker – OS Level Virtualization
Michael Liut, Ph.D. CandidateMcMaster University
What are virtual machines (VMs)?
u An abstraction of physical hardwareu e.g. turning one server into many
u Hypervisor allows multiple VMs to run on a single machine.
u Each VM includes:u a full copy of an operating systemu necessary binaries and libraries
2
What is “OS Level Virtualization”?
u An operating system feature allowing the kernel to have multiple isolated user-space instances (a.k.a. “containers”). u Think of “sandboxing”.
u Very little overhead as programs in virtual partitions use the OS’s normal system call interface and are not subject to emulation or an intermediary VM.
3
What are containers?
u Containers are not virtual machines!
u Containers are an abstraction at the application layer.
u Containers are: u Lightweight
u Stand-alone
u Executable package of software
4
What is Docker?
u Lightweightu Can run on a single machine
u Standardu Based on open standards
u Can run on all major Linux distributions, Windows, VMs, cloud, etc...
u Secureu Isolation of applications and
underlying infrastructure.
u Security and Compliance Standards
5
Types of Applications
u Statelessu An application with a single function
or service – IoT.
u Web, Print, and CDN Servers
u Statefulu Databases
u Mail Servers
u Transaction Solutions (home banking)
6
Docker and Virtual Machines
u A lot of flexibility in deploying
and managing applications!
7
Limiting a container’s resource
u No resource constraints, by default.
u Docker can enforce hard and soft memory limits.
u Each container’s access to the CPU cycles is unlimited, by default. u Configuration of the Completely Fair Scheduler (CFS) and
Real-time Scheduler are possible.
8
Runtime Metrics
u Docker statistics allow administrators to live stream runtime metrics.
Container CPU % Mem Usage / Limit MEM % Net I/O Block I/O
container1 0.07% 796 KB / 64 MB 1.21% 788 B / 648 B 3.568 MB / 512 KB
container2 0.07% 2.746 MB / 64 MB 4.29% 1.266 KB / 646 B 12.4 MB / 0 B
9
Memory Metrics: Memory.Stat
u Additional memory metrics can be found in the “memory” cgroup. u For example:
cache 11492564992 rss 1930993664 mapped_file 306728960 pgpgin 406632648 pgpgout 403355412 swap 0 pgfault 728281223 pgmajfault 1724 inactive_anon 46608384 active_anon 1884520448 inactive_file 7003344896 active_file 4489052160
unevictable 32768 hierarchical_memory_limit9223372036854775807 hierarchical_memsw_limit9223372036854775807 total_cache 11492564992 total_rss 1930993664 total_mapped_file 306728960 total_pgpgin 406632648 total_pgpgout 403355412 total_swap 0 total_pgfault 728281223
total_pgmajfault 1724 total_inactive_anon 46608384 total_active_anon 1884520448 total_inactive_file 7003344896 total_active_file 4489052160 total_unevictable 32768
10
Manage Application Data
u Possible to store data within writable layer of a container.u Cons in doing so:
1. Writable layers must have their filesystem managed by storage driver; reducing performance.
2. A terminated container makes data access difficult.
3. Data in the containers are highly coupled to the container. You can’t move this data elsewhere easily.
u The concept of mounting becomes key!
11
Manage Application Data
u Volumes are part of the host file system, managed by Docker.
u Bind mounts* can be stored anywhere on the host.
u Tmpfs mounts are stored in memory and never written to the host filesystem.
*an alternate view of a directory tree for storage devices. A bind mount takes an existing directory tree and replicates it under a different point; mimicking the original.
12
When to use Docker?
u If you need to build and share disk images.
u If you need to flexibly manage resources/system infrastructures.
u As a version control system for your entire application’s OS.
u To run applications/programs on the same computer as your server.
u If you want to distribute/collaborate on an application’s OS with a team.
u There is a huge community: https://hub.docker.com
u If you need an application to go through multiple phases of development (development/testing/quality assurance/production).
13
Why use Docker?
u Your infrastructure is held constant (aka “immutable infrastructure”).
u Gives developers the ability to produce an application faster and more consistently.
u Its ability to elastically scale
u Start with 5 containers over 5 Amazon EC2 instances. When there is an increase in user traffic, trigger an increase of containers (e.g. 20 containers over 20 EC2 instances) and vice versa.
u VMs are fat (resource intensive) and you can only deploy so many on one server.
u e.g. UbuntuVM = 4GB while Ubuntu Docker Container = 188MB
14
Docker Editions 15
Thanks For Listening!
Q A&
16
Enjoyed the talk?
u You may consider checking out Kubernetes!u An open-source system for automating deployment,
scaling, and management of containerized applications.
u https://kubernetes.io
u You may consider checking out BusyBox!u Provides several stripped-down Unix tools in a single
executable file (2.1MB compressed).
u https://busybox.net
17
References
u Docker for the Virtualization Admin, 2016 Docker.
u https://www.docker.com/what-container
u https://docs.docker.com/
u https://github.com/docker/compliance
u Many of the images used herein are from the Docker website
u https://www.docker.com/
u https://www.ctl.io/developers/blog/post/what-is-docker-and-when-to-use-it/
u Stateless vs. Stateful (and images)
u https://robinsystems.com/blog/stateless-vs-stateful-containers-1/
18