Maciej Lasyk, profile picture
Uploaded byMaciej Lasyk
ODP, PDF11,980 views

Linux containers & Devops

The document discusses the benefits and functionalities of Docker and Linux containers in the context of DevOps, emphasizing automation, reduced deployment times, and solving common issues like dependency hell. It elaborates on Docker's architecture, including images, containers, and security considerations, while also addressing integration with tools like Ansible for orchestration and continuous integration. The presentation aims to educate participants on effectively using Docker for improved software development and deployment processes.

Embed presentation

Downloaded 52 times
Linux containers & Devops Maciej Lasyk Atmosphere Shuttle #02 – Wrocław 2015-04-17
Join Fedora Infrastructure! - learn Ansible - learn Docker with Fedora Dockerfiles http://fedoraproject.org/en/join-fedora
How many of you... Quick survey
How many of you... →Knows what Docker is? Quick survey
How many of you... →Knows what Docker is? →Played with Docker? Quick survey
How many of you... →Knows what Docker is? →Played with Docker? →Runs it on production? Quick survey
With Docker we can solve many problems Why use Docker?
With Docker we can solve many problems →“it works on my machine” Why use Docker?
With Docker we can solve many problems →“it works on my machine” →reducing build & deploy time Why use Docker?
With Docker we can solve many problems →“it works on my machine” →reducing build & deploy time →Infrastructure configuration spaghetti – automation! Why use Docker?
With Docker we can solve many problems →“it works on my machine” →reducing build & deploy time →Infrastructure configuration spaghetti – automation! →Libs dependency hell Why use Docker?
With Docker we can solve many problems →“it works on my machine” →reducing build & deploy time →Infrastructure configuration spaghetti – automation! →Libs dependency hell →Cost control and granularity Why use Docker?
Docker – what is it?
“automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere” Docker – what is it?
Java’s promise: Write Once. Run Anywhere. Docker – what is it?
Docker – what is it? Even on Windows now! https://blog.docker.com/2014/10/docker-microsoft-partner-distributed-applications/ Java’s promise: Write Once. Run Anywhere.
Docker – what is it? Is Docker is lightweight?
====================================================== Package Arch Version Repository Size ====================================================== Installing: docker-io x86_64 1.3.0-1.fc20 updates 4.3 M Is Docker is lightweight? Docker – what is it?
====================================================== Package Arch Version Repository Size ====================================================== Installing: docker-io x86_64 1.3.0-1.fc20 updates 4.3 M Is Docker is lightweight? ====================================================== Package Arch Version Repository Size ====================================================== Installing: docker-io x86_64 1.5.0-2.fc21 updates 26 M Docker – what is it?
Docker – what is it? http://sattia.blogspot.com/2014/05/docker-lightweight-linux-containers-for.html
Docker – how it works? http://blog.docker.com/2014/03/docker-0-9-introducing-execution-drivers-and-libcontainer/
→LXC & libcontainer Docker – how it works?
→LXC & libcontainer →control groups Docker – how it works?
→LXC & libcontainer →control groups →kernel namespaces Docker – how it works?
→LXC & libcontainer →control groups →kernel namespaces →layered filesystem →devmapper thin provisioning & loopback mounts →no more AUFS (perf sucks) →OverlayFS! Docker – how it works?
Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behavior control groups (cgroups)
Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behavior →grouping processes →allocating resources to particular groups →memory →network →CPU →storage bandwidth (I/O throttling) →device whitelisting control groups (cgroups)
little demo #1 control groups (cgroups)
Providing a unique views of the system for processes. Kernel Namespaces
Providing a unique views of the system for processes. → PID – PIDs isolation Kernel Namespaces
Providing a unique views of the system for processes. → PID – PIDs isolation → NET – network isolation (via virt-ifaces; demo) Kernel Namespaces
Providing a unique views of the system for processes. → PID – PIDs isolation → NET – network isolation (via virt-ifaces; demo) → IPC – won't use this Kernel Namespaces
Providing a unique views of the system for processes. → PID – PIDs isolation → NET – network isolation (via virt-ifaces; demo) → IPC – won't use this → MNT – chroot like; deals w/mountpoints Kernel Namespaces
Providing a unique views of the system for processes. → PID – PIDs isolation → NET – network isolation (via virt-ifaces; demo) → IPC – won't use this → MNT – chroot like; deals w/mountpoints → UTS – deals w/hostname Kernel Namespaces
Kernel Namespaces little demo #2
+ hell fast (you'll see) OverlayFS
+ hell fast (you'll see) + page cache sharing OverlayFS
+ hell fast (you'll see) + page cache sharing + finally in upstream kernel (in rhel from 7.2, 3.18) OverlayFS
+ hell fast (you'll see) + page cache sharing + finally in upstream kernel (in rhel from 7.2, 3.18) + finally supported by docker (-s overlay) OverlayFS
+ hell fast (you'll see) + page cache sharing + finally in upstream kernel (in rhel from 7.2, 3.18) + finally supported by docker (-s overlay) - SELinux not there yet (but will be) OverlayFS
http://developerblog.redhat.com/2014/09/30/overview-storage-scalability-docker/ OverlayFS
http://developerblog.redhat.com/2014/09/30/overview-storage-scalability-docker/ OverlayFS
http://developerblog.redhat.com/2014/09/30/overview-storage-scalability-docker/ OverlayFS
let's demo again OverlayFS
Linux Containers = namespaces + cgroups + storage Linux containers equation
→ images → read only → act as templates Docker – concepts
→ images → read only → act as templates → Dockerfile → like a makefile → commands order & cache'ing → extends the base image → results in a new image Docker – concepts
→ images → read only → act as templates → Dockerfile → like a makefile → commands order & cache'ing → extends the base image → results in a new image → Containers: instances running apps Docker – concepts
→ images → read only → act as templates → Dockerfile → like a makefile → commands order & cache'ing → extends the base image → results in a new image → Containers: instances running apps Docker – concepts dockerfile + base image = docker container
FROM fedora MAINTAINER scollier <scollier@redhat.com> RUN yum -y update && yum clean all RUN yum -y install nginx && yum clean all RUN echo "daemon off;" >> /etc/nginx/nginx.conf RUN echo "nginx on Fedora" > /srv/www/index.html EXPOSE 80 CMD [ "/usr/sbin/nginx" ] Dockerfile
Docker events http://gliderlabs.com/blog/2015/04/14/docker-events-explained/
Docker – registry http://osv.io/blog/blog/2014/06/19/containers-hypervisors-part-2/
Docker – registry → git like semantics → pull, push, commit → private and public registry → https://github.com/dotcloud/docker-registry → yum install docker-registry $ docker pull $ docker push $ docker commit
Docker – images hierarchy http://blog.octo.com/en/docker-registry-first-steps/
base image -> child image -> grandchild image Docker – images hierarchy
base image -> child image -> grandchild image Docker – images hierarchy Git’s promise: Tiny footprint with lightning fast performance
→ Isolation via kernel namespaces → Additional layer of security: SELinux / AppArmor / GRSEC → Each container gets own network stack → control groups for resources limiting Docker – security f20 policy: https://git.fedorahosted.org/cgit/selinux-policy.git/tree/docker.te?h=f20-contrib What's there? seinfo -t -x | grep docker sesearch -A -s docker_t (and the rest) or just unpack docker.pp with semodule_unpackage
Docker – security http://www.projectatomic.io/blog/2014/08/is-it-safe-a-look-at-docker-and-security-from-linuxcon/
Docker – security
Docker – use cases CI Stack http://sattia.blogspot.com/2014/05/docker-lightweight-linux-containers-for.html
Continuous Integration → local dev → with Docker it's easy to standardize envs → deployment → rolling updates (e.g. w/Ansible) → testing → unit testing of any commit on dedicated env → don't worry about cleaning up after testing → paralleled tests across any machines Docker – use cases
→ version control system for apps → microservices → Docker embraces granularity → Services can be deployed independently and faster → paralleled tests across any machines → continuous delivery → PaaS Docker – use cases
Orchestration at scale w/Docker
This might be a little problem Orchestration at scale w/Docker
This might be a little problem Orchestration at scale w/Docker
Orchestration at scale w/Docker
http://www.cloudssky.com/en/blog/Docker-Is-Not-Enough
Ansible + Docker & Docker + Ansible
Ansible docker core module: http://docs.ansible.com/docker_module.html Docker & Ansible - hosts: web sudo: yes tasks: - name: run httpd servers docker: > image=centos command="service httpd start" ports=8080 count=5 memory_limit=32MB link=mysql expose=8080 registry=... volume=...
Building image with Ansible: Docker & Ansible FROM ansible/centos7-ansible:stable ADD ansible /srv/example WORKDIR /srv/example RUN ansible-playbook web.yml -c local EXPOSE 80 CMD ["/usr/sbin/nginx"]
Building image with Ansible: Docker & Ansible FROM ansible/centos7-ansible:stable ADD ansible /srv/example WORKDIR /srv/example RUN ansible-playbook web.yml -c local EXPOSE 80 CMD ["/usr/sbin/nginx"] ansible/web.yml: - name: Install webserver hosts: localhost tasks: - yum: pkg=nginx state=latest - shell: echo "ansible" > /usr/share/nginx/html/index.html
Docker & Ansible Yet another demo?
→ automated service discovery and registration framework → ideal for SOA architectures → ideal for continuous integration & delivery → solves “works on my machine” problem SmartStack
→ automated service discovery and registration framework → ideal for SOA architectures → ideal for continuous integration & delivery → solves “works on my machine” problem SmartStack haproxy + nerve + synapse + zookeper = smartstack
Synapse → discovery service (via zookeeper or etcd) → installed on every node → writes haproxy configuration → application doesn't have to be aware of this → works same on bare / VM / docker → https://github.com/airbnb/nerve SmartStack
SmartStack
Nerve → health checks (pluggable) → register service info to zookeper (or etcd) → https://github.com/airbnb/synapse SmartStack
SmartStack
SmartStack
Smartstack + Docker = <3
Smartstack + Docker = <3 but also remember about Consul (come to #dockerkrk 2 meetup!)
Wanna learn Docker? http://dockerbook.com/
Freenode #docker #KrkDocker meetups (http://www.meetup.com/Docker-Krakow-Poland/) https://github.com/docker/docker
sources? → docker.io documentation → dockerbook.com → slideshare! → zounds of blogposts (urls provided) → and some experience ;)
Looking for a job? - Software Engineer (java) - Information Security Manager - Product Analyst Catch me: maciek@lasyk.info
Linux containers & Devops Maciej Lasyk Atmosphere Shuttle #02 – Wrocław 2015-04-17

More Related Content

PDF
Docker, Linux Containers (LXC), and security
byJérôme Petazzoni
 
PDF
Docker Security: Are Your Containers Tightly Secured to the Ship?
byMichael Boelen
 
ODP
"Containers do not contain"
byMaciej Lasyk
 
ODP
Orchestrating docker containers at scale (PJUG edition)
byMaciej Lasyk
 
ODP
Orchestrating docker containers at scale (#DockerKRK edition)
byMaciej Lasyk
 
ODP
RHEL/Fedora + Docker (and SELinux)
byMaciej Lasyk
 
PDF
Docker 1.11
byMaciej Lasyk
 
ODP
Programowanie AWSa z CLI, boto, Ansiblem i libcloudem
byMaciej Lasyk
 
Docker, Linux Containers (LXC), and security
byJérôme Petazzoni
 
Docker Security: Are Your Containers Tightly Secured to the Ship?
byMichael Boelen
 
"Containers do not contain"
byMaciej Lasyk
 
Orchestrating docker containers at scale (PJUG edition)
byMaciej Lasyk
 
Orchestrating docker containers at scale (#DockerKRK edition)
byMaciej Lasyk
 
RHEL/Fedora + Docker (and SELinux)
byMaciej Lasyk
 
Docker 1.11
byMaciej Lasyk
 
Programowanie AWSa z CLI, boto, Ansiblem i libcloudem
byMaciej Lasyk
 

What's hot

PDF
A Hands-on Introduction to Docker
byCodeOps Technologies LLP
 
PPTX
Docker 1.11 Presentation
bySreenivas Makam
 
PDF
Docker, Linux Containers, and Security: Does It Add Up?
byJérôme Petazzoni
 
PPTX
Docker Networking - Common Issues and Troubleshooting Techniques
bySreenivas Makam
 
PDF
Security of Linux containers in the cloud
byDobrica Pavlinušić
 
PDF
Docker - introduction
byMichał Kurzeja
 
PDF
The state of the swarm
byMathieu Buffenoir
 
PDF
Stop disabling SELinux!
byMaciej Lasyk
 
PDF
What should be PID 1 in a container ? by Ranjith Rajaram for #rootConf 2017
byRanjith Rajaram
 
PDF
Orchestrating Docker containers at scale
byMaciej Lasyk
 
PDF
Agile Brown Bag - Vagrant & Docker: Introduction
byAgile Partner S.A.
 
PDF
Continuous Integration: SaaS vs Jenkins in Cloud
byIdeato
 
PDF
Docker 101 @KACST Saudi HPC 2016
byWalid Shaari
 
PDF
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
byJérôme Petazzoni
 
PDF
Securing Containers, One Patch at a Time - Michael Crosby, Docker
byDocker, Inc.
 
PDF
Docker and kernel security
bysmart_bit
 
PDF
Docker at Flux7
byAater Suleman
 
PDF
Docker Security in Production Overview
byDelve Labs
 
PDF
Puppet and Vagrant in development
byAdam Culp
 
PDF
Docker 101 - from 0 to Docker in 30 minutes
byLuciano Fiandesio
 
A Hands-on Introduction to Docker
byCodeOps Technologies LLP
 
Docker 1.11 Presentation
bySreenivas Makam
 
Docker, Linux Containers, and Security: Does It Add Up?
byJérôme Petazzoni
 
Docker Networking - Common Issues and Troubleshooting Techniques
bySreenivas Makam
 
Security of Linux containers in the cloud
byDobrica Pavlinušić
 
Docker - introduction
byMichał Kurzeja
 
The state of the swarm
byMathieu Buffenoir
 
Stop disabling SELinux!
byMaciej Lasyk
 
What should be PID 1 in a container ? by Ranjith Rajaram for #rootConf 2017
byRanjith Rajaram
 
Orchestrating Docker containers at scale
byMaciej Lasyk
 
Agile Brown Bag - Vagrant & Docker: Introduction
byAgile Partner S.A.
 
Continuous Integration: SaaS vs Jenkins in Cloud
byIdeato
 
Docker 101 @KACST Saudi HPC 2016
byWalid Shaari
 
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition
byJérôme Petazzoni
 
Securing Containers, One Patch at a Time - Michael Crosby, Docker
byDocker, Inc.
 
Docker and kernel security
bysmart_bit
 
Docker at Flux7
byAater Suleman
 
Docker Security in Production Overview
byDelve Labs
 
Puppet and Vagrant in development
byAdam Culp
 
Docker 101 - from 0 to Docker in 30 minutes
byLuciano Fiandesio
 

Viewers also liked

PDF
June 2013 StartUp Health Insights Funding Report
byStartUp Health
 
PDF
Certificate_MCP 1
byMaarten Brant
 
PPT
戏剧文学艺术鉴赏
bywall1999
 
DOCX
Planificacion de pastorcitos
byAntotoo
 
PPT
Mapas conceptuales acto creativo n 2
byIE Simona Duque
 
PPT
Sherborn: Scholz - BHL-Europe: Tools and Services for Legacy Taxonomic Litera...
byICZN
 
PPTX
КРЕЧЕТ Беспилотные аэрофотосъёмочные системы
bykulibin
 
PPT
The Europeana group: integrating the projects Project overviews
byEuropeana
 
PPT
W:\Jane Smith\Biodiversity Heritage Library News From Europe Ala2010
bysmithje
 
PDF
Измерване и анализ на аудитория на сайт с Google Analytics™
byInteractive Seminars
 
PPT
Natural Europe - BHL Europe Liaison meeting 2011
byNikos Manouselis
 
PDF
Grafico diario del dax perfomance index para el 07 12-2011
byExperiencia Trading
 
PPTX
Pretotyping
byClassBrain
 
DOC
A bouquet of Allāh (God Almighty's) beauties. english
byHarunyahyaEnglish
 
PPT
社會回饋
bymountaineer
 
PPSX
ARRA-Management-Retail
byArnoud Van Raak
 
PDF
Actu Défense du 12 janvier
byMinistère des Armées
 
PDF
Perfil credibilidad persuasion etica- ¿que factores hacen que un cliente teng...
byCredibility Profile
 
PPTX
Using Social Media for Gift Shops
byState Government of Virginia, Department of Conservation and Recreation, Virginia State Parks
 
PPT
Cp knowledge: 31 fbt presentation ankit
byPavan Kumar Vijay
 
June 2013 StartUp Health Insights Funding Report
byStartUp Health
 
Certificate_MCP 1
byMaarten Brant
 
戏剧文学艺术鉴赏
bywall1999
 
Planificacion de pastorcitos
byAntotoo
 
Mapas conceptuales acto creativo n 2
byIE Simona Duque
 
Sherborn: Scholz - BHL-Europe: Tools and Services for Legacy Taxonomic Litera...
byICZN
 
КРЕЧЕТ Беспилотные аэрофотосъёмочные системы
bykulibin
 
The Europeana group: integrating the projects Project overviews
byEuropeana
 
W:\Jane Smith\Biodiversity Heritage Library News From Europe Ala2010
bysmithje
 
Измерване и анализ на аудитория на сайт с Google Analytics™
byInteractive Seminars
 
Natural Europe - BHL Europe Liaison meeting 2011
byNikos Manouselis
 
Grafico diario del dax perfomance index para el 07 12-2011
byExperiencia Trading
 
Pretotyping
byClassBrain
 
A bouquet of Allāh (God Almighty's) beauties. english
byHarunyahyaEnglish
 
社會回饋
bymountaineer
 
ARRA-Management-Retail
byArnoud Van Raak
 
Actu Défense du 12 janvier
byMinistère des Armées
 
Perfil credibilidad persuasion etica- ¿que factores hacen que un cliente teng...
byCredibility Profile
 
Using Social Media for Gift Shops
byState Government of Virginia, Department of Conservation and Recreation, Virginia State Parks
 
Cp knowledge: 31 fbt presentation ankit
byPavan Kumar Vijay
 

Similar to Linux containers & Devops

ODP
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
byDocker, Inc.
 
PDF
Introduction to docker and docker compose
byLalatendu Mohanty
 
PDF
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
byDocker, Inc.
 
PDF
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
bydotCloud
 
PDF
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
PPTX
Dockerizing a Symfony2 application
byRoman Rodomansky
 
PDF
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
PDF
A Gentle Introduction to Docker and Containers
byDocker, Inc.
 
PDF
Introduction to Docker and Containers
byDocker, Inc.
 
PDF
Docker handons-workshop-for-charity
byYusuf Hadiwinata Sutandar
 
PDF
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
bydotCloud
 
PDF
A Gentle Introduction To Docker And All Things Containers
byJérôme Petazzoni
 
PDF
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
bydotCloud
 
PDF
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
byJérôme Petazzoni
 
PDF
Docker presentation | Paris Docker Meetup
bydotCloud
 
PDF
Docker and-containers-for-development-and-deployment-scale12x
byrkr10
 
PDF
Docker_AGH_v0.1.3
byWitold 'Ficio' Kopel
 
PDF
Docker Introduction + what is new in 0.9
byJérôme Petazzoni
 
PDF
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
byJérôme Petazzoni
 
PDF
Introduction to Docker (as presented at December 2013 Global Hackathon)
byJérôme Petazzoni
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
byDocker, Inc.
 
Introduction to docker and docker compose
byLalatendu Mohanty
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
byDocker, Inc.
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
bydotCloud
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
byYandex
 
Dockerizing a Symfony2 application
byRoman Rodomansky
 
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
A Gentle Introduction to Docker and Containers
byDocker, Inc.
 
Introduction to Docker and Containers
byDocker, Inc.
 
Docker handons-workshop-for-charity
byYusuf Hadiwinata Sutandar
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
bydotCloud
 
A Gentle Introduction To Docker And All Things Containers
byJérôme Petazzoni
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
bydotCloud
 
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
byJérôme Petazzoni
 
Docker presentation | Paris Docker Meetup
bydotCloud
 
Docker and-containers-for-development-and-deployment-scale12x
byrkr10
 
Docker_AGH_v0.1.3
byWitold 'Ficio' Kopel
 
Docker Introduction + what is new in 0.9
byJérôme Petazzoni
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
byJérôme Petazzoni
 
Introduction to Docker (as presented at December 2013 Global Hackathon)
byJérôme Petazzoni
 

More from Maciej Lasyk

PDF
Rundeck & Ansible
byMaciej Lasyk
 
PDF
Git Submodules
byMaciej Lasyk
 
ODP
Node.js security
byMaciej Lasyk
 
ODP
Monitoring with Nagios and Ganglia
byMaciej Lasyk
 
PDF
High Availability (HA) Explained
byMaciej Lasyk
 
PDF
Continuous Security in DevOps
byMaciej Lasyk
 
PPTX
Shall we play a game?
byMaciej Lasyk
 
PPTX
Shall we play a game? PL version
byMaciej Lasyk
 
ODP
Ghost in the shell
byMaciej Lasyk
 
PDF
Under the Dome (of failure driven pipeline)
byMaciej Lasyk
 
ODP
Co powinieneś wiedzieć na temat devops?f
byMaciej Lasyk
 
ODP
Scaling and securing node.js apps
byMaciej Lasyk
 
ODP
About cultural change w/Devops
byMaciej Lasyk
 
ODP
High Availability (HA) Explained - second edition
byMaciej Lasyk
 
Rundeck & Ansible
byMaciej Lasyk
 
Git Submodules
byMaciej Lasyk
 
Node.js security
byMaciej Lasyk
 
Monitoring with Nagios and Ganglia
byMaciej Lasyk
 
High Availability (HA) Explained
byMaciej Lasyk
 
Continuous Security in DevOps
byMaciej Lasyk
 
Shall we play a game?
byMaciej Lasyk
 
Shall we play a game? PL version
byMaciej Lasyk
 
Ghost in the shell
byMaciej Lasyk
 
Under the Dome (of failure driven pipeline)
byMaciej Lasyk
 
Co powinieneś wiedzieć na temat devops?f
byMaciej Lasyk
 
Scaling and securing node.js apps
byMaciej Lasyk
 
About cultural change w/Devops
byMaciej Lasyk
 
High Availability (HA) Explained - second edition
byMaciej Lasyk
 

Recently uploaded

PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PPTX
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PDF
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
Gemini vs ChatGPT : Comparing Top AI Models
byDigicarrom
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
10 Things AI-First Apps Do Differently by iProgrammer Solutions
byiProgrammer Solutions Private Limited
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 

Linux containers & Devops

  • 1.
    Linux containers &Devops Maciej Lasyk Atmosphere Shuttle #02 – Wrocław 2015-04-17
  • 2.
    Join Fedora Infrastructure! -learn Ansible - learn Docker with Fedora Dockerfiles http://fedoraproject.org/en/join-fedora
  • 3.
    How many ofyou... Quick survey
  • 4.
    How many ofyou... →Knows what Docker is? Quick survey
  • 5.
    How many ofyou... →Knows what Docker is? →Played with Docker? Quick survey
  • 6.
    How many ofyou... →Knows what Docker is? →Played with Docker? →Runs it on production? Quick survey
  • 7.
    With Docker wecan solve many problems Why use Docker?
  • 8.
    With Docker wecan solve many problems →“it works on my machine” Why use Docker?
  • 9.
    With Docker wecan solve many problems →“it works on my machine” →reducing build & deploy time Why use Docker?
  • 10.
    With Docker wecan solve many problems →“it works on my machine” →reducing build & deploy time →Infrastructure configuration spaghetti – automation! Why use Docker?
  • 11.
    With Docker wecan solve many problems →“it works on my machine” →reducing build & deploy time →Infrastructure configuration spaghetti – automation! →Libs dependency hell Why use Docker?
  • 12.
    With Docker wecan solve many problems →“it works on my machine” →reducing build & deploy time →Infrastructure configuration spaghetti – automation! →Libs dependency hell →Cost control and granularity Why use Docker?
  • 13.
  • 14.
    “automates the deploymentof any application as a lightweight, portable, self-sufficient container that will run virtually anywhere” Docker – what is it?
  • 15.
    Java’s promise: WriteOnce. Run Anywhere. Docker – what is it?
  • 16.
    Docker – whatis it? Even on Windows now! https://blog.docker.com/2014/10/docker-microsoft-partner-distributed-applications/ Java’s promise: Write Once. Run Anywhere.
  • 17.
    Docker – whatis it? Is Docker is lightweight?
  • 18.
    ====================================================== Package Arch VersionRepository Size ====================================================== Installing: docker-io x86_64 1.3.0-1.fc20 updates 4.3 M Is Docker is lightweight? Docker – what is it?
  • 19.
    ====================================================== Package Arch VersionRepository Size ====================================================== Installing: docker-io x86_64 1.3.0-1.fc20 updates 4.3 M Is Docker is lightweight? ====================================================== Package Arch Version Repository Size ====================================================== Installing: docker-io x86_64 1.5.0-2.fc21 updates 26 M Docker – what is it?
  • 20.
    Docker – whatis it? http://sattia.blogspot.com/2014/05/docker-lightweight-linux-containers-for.html
  • 21.
    Docker – howit works? http://blog.docker.com/2014/03/docker-0-9-introducing-execution-drivers-and-libcontainer/
  • 22.
  • 23.
    →LXC & libcontainer →controlgroups Docker – how it works?
  • 24.
    →LXC & libcontainer →controlgroups →kernel namespaces Docker – how it works?
  • 25.
    →LXC & libcontainer →controlgroups →kernel namespaces →layered filesystem →devmapper thin provisioning & loopback mounts →no more AUFS (perf sucks) →OverlayFS! Docker – how it works?
  • 26.
    Control Groups providea mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behavior control groups (cgroups)
  • 27.
    Control Groups providea mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behavior →grouping processes →allocating resources to particular groups →memory →network →CPU →storage bandwidth (I/O throttling) →device whitelisting control groups (cgroups)
  • 28.
    little demo #1 controlgroups (cgroups)
  • 29.
    Providing a uniqueviews of the system for processes. Kernel Namespaces
  • 30.
    Providing a uniqueviews of the system for processes. → PID – PIDs isolation Kernel Namespaces
  • 31.
    Providing a uniqueviews of the system for processes. → PID – PIDs isolation → NET – network isolation (via virt-ifaces; demo) Kernel Namespaces
  • 32.
    Providing a uniqueviews of the system for processes. → PID – PIDs isolation → NET – network isolation (via virt-ifaces; demo) → IPC – won't use this Kernel Namespaces
  • 33.
    Providing a uniqueviews of the system for processes. → PID – PIDs isolation → NET – network isolation (via virt-ifaces; demo) → IPC – won't use this → MNT – chroot like; deals w/mountpoints Kernel Namespaces
  • 34.
    Providing a uniqueviews of the system for processes. → PID – PIDs isolation → NET – network isolation (via virt-ifaces; demo) → IPC – won't use this → MNT – chroot like; deals w/mountpoints → UTS – deals w/hostname Kernel Namespaces
  • 35.
  • 36.
    + hell fast(you'll see) OverlayFS
  • 37.
    + hell fast(you'll see) + page cache sharing OverlayFS
  • 38.
    + hell fast(you'll see) + page cache sharing + finally in upstream kernel (in rhel from 7.2, 3.18) OverlayFS
  • 39.
    + hell fast(you'll see) + page cache sharing + finally in upstream kernel (in rhel from 7.2, 3.18) + finally supported by docker (-s overlay) OverlayFS
  • 40.
    + hell fast(you'll see) + page cache sharing + finally in upstream kernel (in rhel from 7.2, 3.18) + finally supported by docker (-s overlay) - SELinux not there yet (but will be) OverlayFS
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
    Linux Containers =namespaces + cgroups + storage Linux containers equation
  • 46.
    → images → readonly → act as templates Docker – concepts
  • 47.
    → images → readonly → act as templates → Dockerfile → like a makefile → commands order & cache'ing → extends the base image → results in a new image Docker – concepts
  • 48.
    → images → readonly → act as templates → Dockerfile → like a makefile → commands order & cache'ing → extends the base image → results in a new image → Containers: instances running apps Docker – concepts
  • 49.
    → images → readonly → act as templates → Dockerfile → like a makefile → commands order & cache'ing → extends the base image → results in a new image → Containers: instances running apps Docker – concepts dockerfile + base image = docker container
  • 50.
    FROM fedora MAINTAINER scollier<scollier@redhat.com> RUN yum -y update && yum clean all RUN yum -y install nginx && yum clean all RUN echo "daemon off;" >> /etc/nginx/nginx.conf RUN echo "nginx on Fedora" > /srv/www/index.html EXPOSE 80 CMD [ "/usr/sbin/nginx" ] Dockerfile
  • 51.
  • 52.
  • 53.
    Docker – registry →git like semantics → pull, push, commit → private and public registry → https://github.com/dotcloud/docker-registry → yum install docker-registry $ docker pull $ docker push $ docker commit
  • 54.
    Docker – imageshierarchy http://blog.octo.com/en/docker-registry-first-steps/
  • 55.
    base image -> childimage -> grandchild image Docker – images hierarchy
  • 56.
    base image -> childimage -> grandchild image Docker – images hierarchy Git’s promise: Tiny footprint with lightning fast performance
  • 57.
    → Isolation viakernel namespaces → Additional layer of security: SELinux / AppArmor / GRSEC → Each container gets own network stack → control groups for resources limiting Docker – security f20 policy: https://git.fedorahosted.org/cgit/selinux-policy.git/tree/docker.te?h=f20-contrib What's there? seinfo -t -x | grep docker sesearch -A -s docker_t (and the rest) or just unpack docker.pp with semodule_unpackage
  • 58.
  • 59.
  • 60.
    Docker – usecases CI Stack http://sattia.blogspot.com/2014/05/docker-lightweight-linux-containers-for.html
  • 61.
    Continuous Integration → localdev → with Docker it's easy to standardize envs → deployment → rolling updates (e.g. w/Ansible) → testing → unit testing of any commit on dedicated env → don't worry about cleaning up after testing → paralleled tests across any machines Docker – use cases
  • 62.
    → version controlsystem for apps → microservices → Docker embraces granularity → Services can be deployed independently and faster → paralleled tests across any machines → continuous delivery → PaaS Docker – use cases
  • 63.
  • 64.
    This might bea little problem Orchestration at scale w/Docker
  • 65.
    This might bea little problem Orchestration at scale w/Docker
  • 66.
  • 67.
  • 68.
  • 69.
    Ansible docker coremodule: http://docs.ansible.com/docker_module.html Docker & Ansible - hosts: web sudo: yes tasks: - name: run httpd servers docker: > image=centos command="service httpd start" ports=8080 count=5 memory_limit=32MB link=mysql expose=8080 registry=... volume=...
  • 70.
    Building image withAnsible: Docker & Ansible FROM ansible/centos7-ansible:stable ADD ansible /srv/example WORKDIR /srv/example RUN ansible-playbook web.yml -c local EXPOSE 80 CMD ["/usr/sbin/nginx"]
  • 71.
    Building image withAnsible: Docker & Ansible FROM ansible/centos7-ansible:stable ADD ansible /srv/example WORKDIR /srv/example RUN ansible-playbook web.yml -c local EXPOSE 80 CMD ["/usr/sbin/nginx"] ansible/web.yml: - name: Install webserver hosts: localhost tasks: - yum: pkg=nginx state=latest - shell: echo "ansible" > /usr/share/nginx/html/index.html
  • 72.
    Docker & Ansible Yetanother demo?
  • 73.
    → automated servicediscovery and registration framework → ideal for SOA architectures → ideal for continuous integration & delivery → solves “works on my machine” problem SmartStack
  • 74.
    → automated servicediscovery and registration framework → ideal for SOA architectures → ideal for continuous integration & delivery → solves “works on my machine” problem SmartStack haproxy + nerve + synapse + zookeper = smartstack
  • 75.
    Synapse → discovery service(via zookeeper or etcd) → installed on every node → writes haproxy configuration → application doesn't have to be aware of this → works same on bare / VM / docker → https://github.com/airbnb/nerve SmartStack
  • 76.
  • 77.
    Nerve → health checks(pluggable) → register service info to zookeper (or etcd) → https://github.com/airbnb/synapse SmartStack
  • 78.
  • 79.
  • 80.
  • 81.
    Smartstack + Docker= <3 but also remember about Consul (come to #dockerkrk 2 meetup!)
  • 82.
  • 83.
    Freenode #docker #KrkDocker meetups(http://www.meetup.com/Docker-Krakow-Poland/) https://github.com/docker/docker
  • 84.
    sources? → docker.io documentation →dockerbook.com → slideshare! → zounds of blogposts (urls provided) → and some experience ;)
  • 85.
    Looking for ajob? - Software Engineer (java) - Information Security Manager - Product Analyst Catch me: maciek@lasyk.info
  • 86.
    Linux containers &Devops Maciej Lasyk Atmosphere Shuttle #02 – Wrocław 2015-04-17

Editor's Notes

  • #4 - knows vagrant? - knows differences between hyplev2 hyplev1 and containers? - czy quick sort jest szybszy od heap sorta (kopcowanie)?
  • #5 - knows vagrant? - knows differences between hyplev2 hyplev1 and containers? - czy quick sort jest szybszy od heap sorta (kopcowanie)?
  • #6 - knows vagrant? - knows differences between hyplev2 hyplev1 and containers? - czy quick sort jest szybszy od heap sorta (kopcowanie)?
  • #7 - knows vagrant? - knows differences between hyplev2 hyplev1 and containers? - czy quick sort jest szybszy od heap sorta (kopcowanie)?
  • #27 Google, 2006 (process containers), 2007 published as control groups Podział procesów na grupy hierarhiczne Kernel zarządza dostępem do wybrancyh kontrolerów (subsystemów)
  • #29 ps -o cgroup cat /proc/self/cgroup cgcreate -t docent:docent -g cpu:/test-subgroup1 cgset -r cpuset.cpus=0 test-subgroup1 cgexec -g cpu:-subgroup1 /bin/bash cgdelete -g cpu:/test-subgroup1 ps -o cgroup cat /proc/self/cgroup Cd /sys/fs/cgroup/memory Ls Mkdir test1 &amp;&amp; cd test1 &amp;&amp; ls Cat memory.iimit_in_bytes echo 104857600 &amp;gt; memory.limit_in_bytes Cat memory.limit_in_bytes &amp;&amp; Cat memory.oom_control Echo $$ &amp;gt;&amp;gt; tasks Vim ~/mem-hog.c &amp;&amp; ~/mem-hog Echo 1 &amp;gt; memory.oom_control ~/mem-hog I na drugiej konsoli cat memory.oom_control Echo 0 &amp;gt; memory.oom_control
  • #31 PID: pid 1, main view different PIDs NET: own routing table, iptables rules and chains
  • #32 PID: pid 1, main view different PIDs NET: own routing table, iptables rules and chains
  • #33 PID: pid 1, main view different PIDs NET: own routing table, iptables rules and chains
  • #34 PID: pid 1, main view different PIDs NET: own routing table, iptables rules and chains
  • #35 PID: pid 1, main view different PIDs NET: own routing table, iptables rules and chains
  • #36 ip netns list ip netns add green ip link add veth0 type veth peer name veth1 ip link list ip link set veth1 netns green ip netns exec green ip link list ip netns exec green ip addr add 10.11.12.13/24 dev veth1 ip netns exec green ip a
  • #45 systemctl status docker -l docker info cd /etc/sysconfig ls docker* vim docker-storage restart...
  • #46 systemctl status docker -l cd /etc/sysconfig ls docker* vim docker-storage restart...
  • #73 cd ~/Dropbox/private/Prezentacje/atmosphere-shuttle-2-2015/dockerfiles Pokazać dockerfile I web.yml docker build --rm -t fedora-ansible-docker-nginx . docker create --name docker-ansible-test -p 127.0.0.1:83:80 -t fedora-ansible-docker-nginx Docekr ps -a &amp;&amp; docker start ABC