Docker Introduction

Objectives

Key objectives of this chapter

• Docker introduction
• Linux cgroups and namespaces
• Docker vs traditional virtualization
• Docker command-line

What is Docker

• Docker is an open-source (and 100% free) project for IT automation
• You can view Docker as a system for creating virtual environments which are extremely lightweight virtual machines
• Docker allows the deployment of applications and their dependencies inside Linux containers supporting the multi-tenancy deployment model on a single host
  • A container is a group of controlled processes associated with a separate tenant executed in isolation from other tenants
• Written in the Go programming language

Notes:

The Go programming language (also referred to as golang) was developed at Google in 2007 and release in 2009. It is a compiled language – it does not require a VM to run it (like in C# or Java) – with automated garbage collection. Go offers a balance between type safety and dynamic type capabilities; it supports imperative and concurrent programming paradigms.

Where Can I Run Docker?

• Docker runs on any modern-kernel Linux distributions
  • You can install Docker inside a VirtualBox and run it on OS X or Windows
  • Docker can be booted from the small footprint Linux distribution boot2docker

Docker and Containerization on Linux

• Docker leverages resource isolation features of the modern Linux kernel offered by cgroups and kernel namespaces
  • The cgroups and kernel namespaces features allow creation of strongly isolated containers acting as very lightweight virtual machines running on a single Linux host
• Docker helps abstract operating-system-level virtualization on Linux using abstracted virtualization interfaces based on libvirt, LXC (LinuX Containers) and systemd-nspawn
  • As of version 0.9, Docker has the capability to directly use virtualization facilities provided by the Linux kernel via its own libcontainer library

Linux Kernel Features: cgroups and namespaces

• The control group kernel feature (cgroup) is used by the Linux kernel to allocate system resources such as CPU, I/O, memory, and network subject to limits, quotas, prioritization, and other control arrangements
• The kernel provides access to multiple subsystems through the cgroup interface
  • Examples of subsystems (controllers):
    • The memory controller for limiting memory use
    • The cpuacct controller for keeping track of CPU usage
• The cgroups facility was merged into the Linux kernel version 2.6.24
• Systems that use cgroups: Docker, Linux Containers (LXC), Hadoop, etc.
• The namespaces feature is a related to cgroups facility that enables different applications to act as separate tenants with completely isolated views of the operating environment, including users, process trees, network, and mounted file systems

The Docker-Linux Kernel Interfaces

Source: Adapted from https://en.wikipedia.org/wiki/Docker_(software)

Docker Containers vs Traditional Virtualization {#docker-containers-vs-traditional-virtualization .SlideHeader}

• System virtualization tools or emulators like KVM, Xen, HyperV, VMware, etc. boot virtual machines from a complete guest OS image (of your choice) and basically emulate a complete machine, which results in a high operational overhead
• Virtual environments created by Docker run on the existing kernel’s image of the host’s OS without a need for a hypervisor
  • This leads to very low overhead and significantly faster container start-up time
• Docker-provisioned containers do not include or require a separate operating system (it runs in the host’s OS)
  • This circumnstance puts a significant limitation on your OS choices

Docker Containers vs Traditional Virtualization

• Overall, traditional virtualization has advantages over Docker in that you have a choice of guest OSes (as long as the machine architecture is supported)
  • You can get only some (limited) choice of Linux distros
    • You still have some choice: e.g. you can deploy a Fedora container on a Debian host
  • You can, however, run a Windows VM inside a Linux machine using virtual machine emulators like VirtualBox (with less engineering efficiency)
• With Linux containers, you can achieve a higher level of deployed application density compared with traditional VMs (10x more units!)
• Docker runs everything through a central daemon which is not a particularly reliable and secure processing model

Docker as Platform-as-a-Service

• Docker defines an API for creating, deploying and managing containers that make up highly distributed systems spanning multiple physical machines
  • Docker-based systems can also efficiently run multiple isolated applications on a single physical machine
• On-demand provisioning of applications by Docket supports the Platform-as-a-Service (PaaS)–style deployment and scaling

Docker Integration

• Docker can be integrated with a number of IT automation tools that extend its capabilities, including
  • Ansible
  • Chef
  • Jenkins
  • Puppet
  • Salt
• Docker is also deployed on a number of Cloud platforms
  • Amazon Web Services
  • Google Cloud Platform
  • Microsoft Azure
  • OpenStack
  • Rackspace

Docker Services

• Docker deployment model is application-centric and in this context provides the following services and tools:
  • A uniform format for bundling an application along with its dependencies which is portable across different machines
  • Tools for automatic assembling a container from source code: make, maven, Debian packages, RPMs, etc.
  • Container versioning with deltas between versions

Docker Application Container Public Repository

• Docker community maintains the repository for official and public domain Docker application images: https://hub.docker.com/account/signup

Competing Systems

• Rocket container runtime from CoreOS (an open source lightweight Linux kernel-based operating system)
• LXD for Ubuntu from Canonical (the company behind Ubuntu)
• The LXC (Linux Containers), used by Docker internally
• Many more are on the way …
• Other systems exist for non-Linux OSes

Docker Command-line

• The following commands are shown as executed by the root (privileged) user:

docker run ubuntu echo ‘Yo Docker!’

• This command (not very useful) will create a docker container on the fly and execute the echo command on it and then shuts down

docker ps -a

• This command will list all the containers along with their IDs created by Docker

Starting, Inspecting, and Stopping Docker Containers

docker start -i <container_id>

• This command will start an existing stopped container in interactive (-i) mode (you will get the target system shell on start-up)

docker inspect <container_id>

• This command will provide JSON-encoded information about the running container identified by container_id

docker stop <container_id>

• This command will stop the running container identified by container_id

Summary

• Docker is a system for creating virtual environments which are, for all intents and purposes, lightweight virtual machines
• Docker containers can only run the type of OS that matches the host’s OS
• Docker containers are extremely lightweight (although not so robust and secure), allowing you to achieve a higher level of deployed application density compared with traditional VMs (10x more units!)
• On-demand provisioning of applications by Docket supports the Platform-as-a-Service (PaaS)–style deployment and scaling

Related Training

DevOps Fundamentals