More Related Content
Similar to HP Advanced Technology Group: Docker and Ansible (20)
HP Advanced Technology Group: Docker and Ansible
- 1. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Docker and Ansible
Container management made easy
- 2. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
About the speaker
● Patrick Galbraith
● HP Advanced Technology Group
● Has worked at Blue Gecko, MySQL AB, Classmates,
Slashdot, Cobalt Group, US Navy, K-mart
● MySQL projects: memcached UDFs, DBD::mysql,
federated storage engine
● Family
● Outdoors
- 3. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted3
What is a container?
- 4. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted4
Containers vs. VMs
Containers
● Multiple isolated userspace instances
● Only libraries and components needed
for application
● Runs on the same kernel (using
Cgroups).
● Much smaller, easier to package
● VERY fast to start!
● Container runs using (a) specific
process(es)
● SSH not needed
● Security limited to app
VMs
● Entire OS installation
● Container runs within OS (using
Cgroups).
● VM runs using emulation or
virtualization on host OS
● Entire VM OS and disk images
● Longer to start
● SSH
● Security issues of running OS
- 5. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted5
What is Docker?
● Application that manages containers (CLI, API)
● Automates the deployment of applications inside software containers
● Written in Go, Opensource dotCloud
● Uses union file system (AUFS)
● Can use CLI to search Docker repos for images
● "literally LXC with some awesomesauce on top”
● No “dependency hell”
- 6. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted6
Why Docker?
● Makes it very easy to run and manage containers
● Configure/build once, run anywhere
● Small footprint in terms of disk and memory
● Well-suited for SaaS/PaaS
● Security - you are not running a VM and associated
OS
- 7. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted7
Docker concepts
● Images
● Read only layer
● Acts as a template for containers
● Inheritance
● images can be pushed to and pulled from public
or private repos
● Dockerfile
● Used for building images
● Containers
● Applications run using containers
- 8. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted8
Dockerfile example
FROM ubuntu:13.04
MAINTAINER Patrick aka CaptTofu Galbraith , patg@patg.net
# Update distribution
RUN apt-get update
&& apt-get upgrade -y
&& apt-get clean
RUN apt-get install -y ssh vim apache2-mpm-prefork
RUN mkdir /var/run/sshd
RUN mkdir /root/.ssh
RUN chmod 700 /root/.ssh
# entrypoint script
ADD entrypoint.sh /usr/local/sbin/entrypoint.sh
ADD docker.pem.pub /root/.ssh/authorized_keys
RUN chown -R root:root /root/.ssh
# Expose SSH and Apache
EXPOSE 22 80 443
ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"]
- 9. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted9
Entrypoint script example
#!/bin/bash
/usr/sbin/sshd -D $@
service apache2 start
- 10. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted10
Docker concepts
- 11. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted11
Basic usage
● docker run
● Make changes
● docker commit
● docker push
- 12. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted12
Dockerfile
● docker build –t username/my_image
● Container runs
● Each step results in an a commit (image being
created)
● CMD vs. ENTRYPOINT
- 13. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted13
Ansible + Docker
● docker module
● docker_images module
● docker_facts module
● Docker inventory plugin
● Uses docker-py Docker client python library
- 14. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted14
What we used
● HP Moonshot
● New server – low power (1500W x2 min)
● Small footprint
● Designed for targeted workloads
● One 4.3 U container chassis
● 45 cartridges
- 15. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted15
Install Docker
$ ansible-galaxy install angstwad.docker_ubuntu
- hosts:local
connection: local
roles:
- angstwad.docker_ubuntu
DOCKER_OPTS="--ip=0.0.0.0 --host=tcp://0.0.0.0:4243”
Example: install docker install role
Example: add options to template deployed to /etc/defaults/docker
Example: playbook to install using docker install role
- 16. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted16
Install Docker
- 17. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted17
Install Docker
Example: running ansible to verify that Docker is installed on containers
- 18. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted18
docker_images module
● Builds Docker images
● Simple: add, build or remove
- name: check or build percona XtraDB Cluster image
docker_image: docker_url=“tcp://127.0.0.1:4243”
path=”../docker-image-source/pxc/"
name=”capttofu/pxc" state=present
Example: playbook to build a Percona XtraDB Cluster
- 19. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted19
docker_images module
Example: build several images using playbook using docker_images
- 20. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted20
docker_images module
Example: Display of newly built images
- 21. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted21
docker module
● Container provisioning – start, stop, delete containers
● Set parameters on a container
Example: Playbook that builds Percona XtraDB Cluster
image- name: docker image control
local_action:
module: docker
docker_url: "tcp://somehost:4243"
image: ”capttofu/percona_xtradb"
name: ”db"
state: ”present"
publish_all_ports: yes
- 22. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted22
docker module
$ ansible-playbook site.yml -e 'hosts=moonshot'
$ ansible-playbook site.yml -e 'hosts=moonshot docker_state=absent'
Example: Docker container control
- 23. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted23
docker module
- 24. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted24
docker module
- 25. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted25
docker_facts module
● Populate large dictionary docker_facts containing
information about Docker container fleet and images
● Two primary dictionary entries: docker_containers
and docker_images
- 26. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted26
docker_facts module
- name: Gather info about containers
hosts: "{{ hosts }}"
gather_facts: False
tasks:
- name: Get facts about containers
local_action:
docker_url: tcp://{{ inventory_hostname }}:4243
module: docker_facts
- name: another facts test
debug: msg="Host{{':'}} {{ inventory_hostname}} Container Name{{':'}} {{ item.key }}
IP Address{{':'}} {{ item.value.docker_networksettings.IPAddress }}
ssh port{{':'}} {{ item.value['docker_networksettings']['Ports']['22/tcp'][0]['HostPort'] }}
with_dict: docker_containers
Example: print out container fleet info
- 27. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted27
docker_facts module
- 28. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted28
docker_facts module
- name: Gather info about
containers
hosts: docker
gather_facts: True
tasks:
- name: Get facts about
containers
local_action:
module: docker_facts
name: db_1
images: aff77f73ca3d
Example: print out specific container or images
- 29. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted29
docker_facts module
- name: Gather info about containers
hosts: "{{ hosts }}"
gather_facts: True
tasks:
- name: Get facts about containers
local_action:
docker_url: tcp://{{ inventory_hostname }}:4243
module: docker_facts
images: all
- name: images info
debug: msg="Image ID {{ item.key }} Repo Tags {{
item.value.docker_repotags }}"
with_dict: docker_images
Example: Print out all images
- 30. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted30
docker_facts module
---
- name: Create an invetory file
hosts: moonshot
gather_facts: yes
tasks:
- name: Get facts about containers
local_action:
docker_url: tcp://{{ inventory_hostname }}:4243
module: docker_facts
- name: docker_hosts template
local_action: template src=docker_hosts.txt.j2 dest=./docker_hosts_{{ inventory_hostname }}.txt
Example: Use docker_facts to print out inventory file
- 31. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted31
docker_facts module
[c10n1.atg.seattle.lan]
c19n1_db_1 ansible_ssh_port=49270 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_db_2 ansible_ssh_port=49275 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_db_3 ansible_ssh_port=49280 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_haproxy_1 ansible_ssh_port=49285 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_haproxy_2 ansible_ssh_port=49287 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_haproxy_3 ansible_ssh_port=49289 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_haproxy_4 ansible_ssh_port=49291 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_web_1 ansible_ssh_port=49240 ansible_ssh_host=c10n1.atg.seattle.lan
...
{% for host in hostvars | sort %}
[{{ host }}]
{% for container in docker_containers | sort %}
{{ container }} ansible_ssh_port={{ docker_containers[container]['docker_networksettings']['Ports']['22/tcp'][0
ansible_ssh_host={{ host }}
{% endfor %}
{% endfor %}
The produced file:
Jinja template:
- 32. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted32
Docker Dynamic inventory
● Ability to manage elastic resources
● Plugins provide a JSON output that serves as an
inventory list to use
● ansible –i plugin playbook.yml
● ansible –i docker.py main.yml
- 33. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted33
Dynamic inventory
---
- name: Create a docker.yml file
hosts: moonshot
gather_facts: yes
tasks:
- name: docker.yml template
local_action: template src=docker.yml.j2 dest=./docker.yml
Example: Playbook to create a dynamic inventory config file
- 34. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted34
Dynamic inventory
---
defaults:
host: unix:///var/run/docker.sock
version: 1.9
timeout: 60
private_ssh_port: 22
default_ip: 127.0.0.1
hosts:
{% for key in hostvars %}
- host: tcp://{{ key }}:4243
version: 1.9
timeout: 60
default_ip: {{
hostvars[key]['ansible_default_ipv4']['address'] }}
{% endfor %}
Example: Jinja template for docker inventory plugin config file
- 35. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted35
Dynamic inventory
hosts:
- host: tcp://c29n1.atg.seattle.lan:4243
version: 1.9
timeout: 60
default_ip: 10.99.33.38
- host: tcp://c15n1.atg.seattle.lan:4243
version: 1.9
timeout: 60
default_ip: 10.99.33.24
- host: tcp://c14n1.atg.seattle.lan:4243
version: 1.9
timeout: 60
default_ip: 10.99.33.23
…
Example: Produced docker inventory plugin config
- 36. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted36
Dynamic inventory
- 37. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted37
Cleanup
- 38. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted38
Acknowledgements
• Paul Durivage (https://github.com/angstwad)
• Yazz Atlas (https://twitter.com/EntropyWorks)
• Brian Aker (https://en.wikipedia.org/wiki/Brian_Aker, @brianaker, IRC krow)
• Michael DeHaan (https://twitter.com/laserllama)
- 39. © Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted39
Resources
• http://patg.net
• https://galaxy.ansible.com/list#/users/1488
• http://docker.io
• https://github.com/CaptTofu/ansible-docker-presentation
• https://github.com/CaptTofu/docker-image-source
• http://www.slideshare.net/PatrickGalbraith/docker-ansible-34909080
• http://blog.docker.io/2013/06/openstack-docker-manage-linux-containers-
with-nova/
• https://index.docker.io/u/ewindisch/dockenstack/