Skip to content

Latest commit

 

History

History
579 lines (474 loc) · 16.8 KB

slides.md

File metadata and controls

579 lines (474 loc) · 16.8 KB

dOcKeR, iNfRaStRuCtUrE aNd MiCrOsErViCeS nOtEs


Docker stuff

  • tools

  • plugins

  • gr8 container

gliderlabs/logspout

  • greift per docker event / socket die Log STDOUT und STDERR der Docker Container ab.
  • start logspout
docker run -d --name="logspout" --volume=/var/run/docker.sock:
/tmp/docker.sock --publish=127.0.0.1:8000:80 gliderlabs/logspout
  • curl the logs
curl http://172.17.0.108:8000/logs
curl http://172.17.0.108:8000/logs/id:containerid
curl http://172.17.0.108:8000/logs/name:containername

pprof and flame graph: performance tests

flocker data volume management

consul

docker run -d -p 8400:8400 -p 8500:8500 -p 8600:53/udp -h node1 
progrium/consul -server -bootstrap -ui-dir /ui

JOIN_IP="$(docker inspect -f '{{.NetworkSettings.IPAddress}}' node1)"

docker run -d --name node2 -h node2 progrium/consul -server -join 
$JOIN_IP

docker run -d --name node3 -h node3 progrium/consul -server -join 
$JOIN_IP

 curl -s http://10.xx.xx.20:8500/v1/catalog/services
 curl -s http://10.xx.xx.20:8500/v1/catalog/service/dockerui

gliderlabs/registrator

docker run -d -v /var/run/docker.sock:/tmp/docker.sock -h 
  $HOSTNAME gliderlabs/registrator consul://10.xx.xx.20:8500

Lorry.io

DRAY

ImageLayers

ZODIAC

watchtower

prometheus

ruxit

Full stack web application monitoring (SaaS)
Web, Application, Server, Network, Cloud Monitoring (not open source)
![logo](/images/ruxit-screen.png)

rancher convoy

rancher os

  • 20 mb linux distribution
  • gesamte os läuft in docker containern
  • an os made of containers

Docker Management Frameworks

  • simple solution: dockerui

  • kubernetes

  • kitematic

  • panamax

  • rancher server

  • mesos

  • swarm

  • shipyard

dockerui

![logo](/images/dockerui-1.png)
- simple solution, to monitor, start and stop containers

dockerui

![logo](/images/dockerui-2.png)

kubernetes

![logo](/images/kubernetes-logo.jpg)
- opensource cluster management software von google
- scheduler for docker containers
- pods, labels, replication controllers
- google cloud or selfhosting

kitematic

![logo](/images/kitematic-logo.png)
- opensource gui management for docker containers
- easy to use
- docker hub integration
- included virtualbox image
- only running on mac and windows
- included in docker toolbox

kitematic

logo

panamax

![logo](/images/panamax-logo.jpg)
- complex multi container management
- runs in virtualbox (coreos) with vagrant and homebrew
- templates (combination of containers)
- sharing templates
- stitching containers together
- fleetctl

panamax

logo

rancher server platform

![logo](/images/rancher-logo.png)
- framework provides private container services and environments
- powerful container management platform (tools, ui, container graphs)
- resource management, health checking, recovery, service discovery, load balancing...
 
docker run -d --restart=always -p 8080:8080 rancher/server

rancher server platform

logo

mesos

![logo](/images/mesos-logo.png)
- open-source cluster manager by Apache
- designed to scale to large clusters involving hundreds or thousands of hosts
- using zookeeper, Marathon Scheduler, ...

swarm

- native clustering tool for Docker
- uses the standard Docker API
- turns a pool of Docker hosts into a single, virtual Docker host

shipyard

![logo](/images/shipyard-logo.png)
- 100% compatible with the Docker Remote API

Security

docker-bench-security

docker container, that checks several best practices
![screen](/images/security-benchmark.png)

docklock

favourite docker cmd cheats

alias

  • alias dl="docker ps -l -q" -> last container id

  • alias d="docker"

  • alias drm="docker rm"

  • alias dps="docker ps"

  • alias dpsas="docker ps -as"

  • alias dkd="docker run -d -P"

  • alias dockercleani='printf "\n>>> Deleting untagged images\n\n" && docker rmi $(docker images -q -f dangling=true)'

bashcompletion

  • /etc/bash_completion.d/ (yum install ...)
  • wget bash docker

sublime syntax highlightning docker files

useful docker commands

  • remove all containers
 drm -f $(dps -aq)
  • start a stopped container and attach to it 
     function da () {  
 docker start $1 && docker attach $1 }
  • top der laufenden container 
     docker stats $(docker ps -q)
  • Kill all running containers 
     docker kill $(docker ps -q)
  • delete old containers
docker ps -a | grep 'weeks ago' | awk '{print $1}' | xargs docker rm
  • delete danling images
docker rmi $(docker images -q -f dangling=true)

container runs

docker run -d -p 8000:8000 -v
/Users/nikomahle/Dockerfiles/mySlides:/revealjs/md amouat/revealjs:latest
  • best simple UI: dockerui
docker run -d -p 9000:9000 --privileged -v /var/run/docker.sock:/var/run/docker.sock
dockerui/dockerui

Registry v1

docker run -d -p 5000:5000 registry
docker run -p 8080:8080 -e REG1=http://localhost:5000/v1/ -d atcol/docker-registry-ui
docker tag jenkins:1.596.2-8u45 localhost:5000/jenkins:1.596.2-8u45
docker push localhost:5000/jenkins:1.596.2-8u45

Registry v2

docker run -d -p 5000:5000 --restart=always --name registry registry:2

container images

jenkins hacks

  • start jenkins master
docker run -p 5555:8080 -p 50000:50000 -d -v 
/Users/nikomahle/Dockerfiles/jenkins/jenkins-data:/var/jenkins_home nikom-jenkins:1.596.2-jdk7u79-1
  • get slave.jar
wget http://hostname.de:8080/jnlpJars/slave.jar
  • connect to jenkins master after manual adding of new node in jenkins master gui
wget http://hostname.de:8080/jnlpJars/slave.jar

cool Dockerfiles in Dockerhub

  • otechlabs

  • devopsil

  • progrium

  • atmoz

useful DockerFile cmd

RUN rm /etc/localtime && ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime

PAAS in docker world

tutum

docker platform across any cloud
![logo](/images/tutum-screen.png)

sloppy.io

container as a service (beta status)
sloppy.json config file
![logo](/images/sloppy-screen.png)

giantswarm.io

container as a service (alpha status)

dokku (dockerizing simple mini heroku)

deis

  • open source paas für selfhosting zwecke

  • stack: coreos + docker + heroku light workflow

  • deploy application mit git push (gitreceive)

  • includes Heroku buildpacks like dokku

  • http://deis.io/overview/

deis

![logo](/images/deis.png)

wercker

  • http://devcenter.wercker.com/learn/basics/introduction.html

  • Docker-based platform for developing, building and delivering applications as microservices, containers and in the cloud.

  • wercker workflow: develop, build, notify, deploy to docker hub, private registry

  • API call to a scheduler (such as Kubernetes or Mesosphere) to notify that there is a new version of a container image ready to be scheduled.

wercker

![logo](/images/wercker-1.png)

wercker

![logo](/images/wercker-2.png)

famous companies / commiter groups

CenturyLink

  • panamax (drag and drop management)

  • Lorry.io (docker-compose.yml validator and composer)

  • DRAY (docker workflow engine)

  • ImageLayers (visualize docker images and containers)

  • ZODIAC (deployment and rollback of docker apps)

  • watchtower (autom. detecting and restarting new cont. with new image)

Gliderlabs (Jeff Lindsay)

  • registrator

  • progrium

  • megalith

Hashicorp

HashiCorp is the creator of the open source projects Vagrant, Packer, Terraform, Serf, and Consul, and the commercial product Atlas.
![logo](/images/hashicorp-ecosystem.png)

Rancher Labs

  • rancher server
  • rancher os

Netflix stack microservices

  • Netflix Eureka

  • Netflix Ribbon

  • Netflix Hystrix

Netflix Eureka

  • Service Discovery Server Netflix Eureka allows microservices to register themselves at runtime as they appear in the system landscape.

Netflix Ribbon

  • Dynamic Routing and Load Balancer Netflix Ribbon can be used by service consumers to lookup services at runtime. Ribbon uses the information available in Eureka to locate appropriate service instances. If more than one instance is found, Ribbon will apply load balancing to spread the requests over the available instances. Ribbon does not run as a separate service but instead as an embedded component in each service consumer.

Netflix Hystrix

  • Circuit breaker Netflix Hystrix provides circuit breaker capabilities to a service consumer. If a service doesn’t respond, Hystrix can redirect the call to an internal fallback method in the service consumer. If a service repeatedly fails to respond, Hystrix will open the circuit and fast fail (i.e. fallback method) on every subsequent call until the service is available again. To determine wether the service is available again Hystrix allow some requests to try out the service even if the circuit is open. Hystrix executes embedded within its service consumer.

Netflix Zuul

  • Zuul is the front door for all requests from devices and web sites to the backend of the Netflix streaming application. As an edge service application, Zuul is built to enable dynamic routing, monitoring, resiliency and security. It also has the ability to route requests to multiple Amazon Auto Scaling Groups as appropriate.

  • https://github.com/Netflix/zuul/wiki/Getting-Started

Netflix Ribbon

  • Ribbon is a client side IPC library that is battle-tested in cloud. It provides the following features Load balancing, Fault tolerance Multiple protocol (HTTP, TCP, UDP) support in an asynchronous and reactive model, Caching and batching

microservice mindmap

logo

infrastructure solutions

hashicorp terraform

  • creating, combining, and modifying infrastructure

  • CAPS (Chef, Ansible, Puppet, Salt) are mainly for centrally controlling what lives inside a large number of instances. I.e. processes, files, etc.

  • terraform is mainly for creating instances themselves (and other cloud resources like load balancers etc).

  • codify entire infrastructures and datacenters into high-level abstractions for easier replication and management

  • https://www.scriptrock.com/articles/infrastructure-as-code-showdown-terraform-vs.-cloudformation

hashicorp packer

  • tool for creating machine images and deployable artifacts such as AMIs, OpenStack images, Docker containers, etc.

hashicorp serf

  • tool for cluster membership and failure detection. Consul uses Serf’s gossip protocol as the foundation for service discovery.

hashicorp vagrant

  • tool for managing development environments that mirror production

hashicorp atlas

  • unites Packer, Terraform, and Consul to make application delivery a versioned, auditable, repeatable, and collaborative process.

some other great infrastructure solutions

pancake.io

  • hosting dropbox files as static web pages

ngrok

  • https://ngrok.com
  • secure tunnels to localhost
  • expose a local web server to the public internet

still to research / todo

copyright Niko Mahle niko.mahle@googlemail.com