Docker Introduction Objectives Key objectives of this chapter Docker introduction Linux cgroups and namespaces Docker vs traditional virtualization Docker command-line What is Docker Docker is an open-source (and 100% free) project for IT automation You can view Docker as a system for creating virtual environments which are extremely lightweight virtual machines Docker allows the deployment of applications and their dependencies inside Linux containers supporting the multi-tenancy deployment model on a single host A container is a group of controlled processes associated with a separate tenant executed in isolation from other tenants Written in the Go programming language Notes: The Go programming language (also referred to as golang) was developed at Google in 2007 and release in 2009. It is a compiled language – it does not require a VM to run it (like in C# or Java) – with automated garbage collection. Go offers a balance between type safety and dynamic type capabilities; it supports imperative and concurrent programming paradigms. Where Can I Run Docker? Docker runs on any modern-kernel Linux distributions You can install Docker inside a VirtualBox and run it on OS X or Windows Docker can be booted from the small footprint Linux distribution boot2docker Docker and Containerization on Linux Docker leverages resource isolation features of the modern Linux kernel offered by cgroups and kernel namespaces The cgroups and kernel namespaces features allow creation of strongly isolated containers acting as very lightweight virtual machines running on a single Linux host Docker helps abstract operating-system-level virtualization on Linux using abstracted virtualization interfaces based on libvirt, LXC (LinuX Containers) and systemd-nspawn As of version 0.9, Docker has the capability to directly use virtualization facilities provided by the Linux kernel via its own libcontainer library Linux Kernel Features: cgroups and namespaces The control group kernel feature (cgroup) is used by the Linux kernel to allocate system resources such as CPU, I/O, memory, and network subject to limits, quotas, prioritization, and other control arrangements The kernel provides access to multiple subsystems through the cgroup interface Examples of subsystems (controllers): The memory controller for limiting memory use The cpuacct controller for keeping track of CPU usage The cgroups facility was merged into the Linux kernel version 2.6.24 Systems that use cgroups: Docker, Linux Containers (LXC), Hadoop, etc. The namespaces feature is a related to cgroups facility that enables different applications to act as separate tenants with completely isolated views of the operating environment, including users, process trees, network, and mounted file systems The Docker-Linux Kernel Interfaces Source: Adapted from https://en.wikipedia.org/wiki/Docker_(software) Docker Containers vs Traditional Virtualization {#docker-containers-vs-traditional-virtualization .SlideHeader} System virtualization tools or emulators like KVM, Xen, HyperV, VMware, etc. boot virtual machines from a complete guest OS image (of your choice) and basically emulate a complete machine, which results in a high operational overhead Virtual environments created by Docker run on the existing kernel’s image of the host’s OS without a need for a hypervisor This leads to very low overhead and significantly faster container start-up time Docker-provisioned containers do not include or require a separate operating system (it runs in the host’s OS) This circumnstance puts a significant limitation on your OS choices Docker Containers vs Traditional Virtualization Overall, traditional virtualization has advantages over Docker in that you have a choice of guest OSes (as long as the machine architecture is supported) You can get only some (limited) choice of Linux distros You still have some choice: e.g. you can deploy a Fedora container on a Debian host You can, however, run a Windows VM inside a Linux machine using virtual machine emulators like VirtualBox (with less engineering efficiency) With Linux containers, you can achieve a higher level of deployed application density compared with traditional VMs (10x more units!) Docker runs everything through a central daemon which is not a particularly reliable and secure processing model Docker as Platform-as-a-Service Docker defines an API for creating, deploying and managing containers that make up highly distributed systems spanning multiple physical machines Docker-based systems can also efficiently run multiple isolated applications on a single physical machine On-demand provisioning of applications by Docket supports the Platform-as-a-Service (PaaS)–style deployment and scaling Docker Integration Docker can be integrated with a number of IT automation tools that extend its capabilities, including Ansible Chef Jenkins Puppet Salt Docker is also deployed on a number of Cloud platforms Amazon Web Services Google Cloud Platform Microsoft Azure OpenStack Rackspace Docker Services Docker deployment model is application-centric and in this context provides the following services and tools: A uniform format for bundling an application along with its dependencies which is portable across different machines Tools for automatic assembling a container from source code: make, maven, Debian packages, RPMs, etc. Container versioning with deltas between versions Docker Application Container Public Repository Docker community maintains the repository for official and public domain Docker application images: https://hub.docker.com/account/signup Competing Systems Rocket container runtime from CoreOS (an open source lightweight Linux kernel-based operating system) LXD for Ubuntu from Canonical (the company behind Ubuntu) The LXC (Linux Containers), used by Docker internally Many more are on the way … Other systems exist for non-Linux OSes Docker Command-line The following commands are shown as executed by the root (privileged) user: docker run ubuntu echo ‘Yo Docker!’ This command (not very useful) will create a docker container on the fly and execute the echo command on it and then shuts down docker ps -a This command will list all the containers along with their IDs created by Docker Starting, Inspecting, and Stopping Docker Containers docker start -i <container_id> This command will start an existing stopped container in interactive (-i) mode (you will get the target system shell on start-up) docker inspect <container_id> This command will provide JSON-encoded information about the running container identified by container_id docker stop <container_id> This command will stop the running container identified by container_id Summary Docker is a system for creating virtual environments which are, for all intents and purposes, lightweight virtual machines Docker containers can only run the type of OS that matches the host’s OS Docker containers are extremely lightweight (although not so robust and secure), allowing you to achieve a higher level of deployed application density compared with traditional VMs (10x more units!) On-demand provisioning of applications by Docket supports the Platform-as-a-Service (PaaS)–style deployment and scaling Related Training WA2451 DevOps Fundamentals KB-013 Docker Introduction was last modified: October 16th, 2018 by admin
Docker Introduction Objectives Key objectives of this chapter Docker introduction Linux cgroups and namespaces Docker vs traditional virtualization Docker command-line What is Docker Docker is an open-source (and 100% free) project for IT automation You can view Docker as a system for creating virtual environments which are extremely lightweight virtual machines Docker allows the deployment of applications and their dependencies inside Linux containers supporting the multi-tenancy deployment model on a single host A container is a group of controlled processes associated with a separate tenant executed in isolation from other tenants Written in the Go programming language Notes: The Go programming language (also referred to as golang) was developed at Google in 2007 and release in 2009. It is a compiled language – it does not require a VM to run it (like in C# or Java) – with automated garbage collection. Go offers a balance between type safety and dynamic type capabilities; it supports imperative and concurrent programming paradigms. Where Can I Run Docker? Docker runs on any modern-kernel Linux distributions You can install Docker inside a VirtualBox and run it on OS X or Windows Docker can be booted from the small footprint Linux distribution boot2docker Docker and Containerization on Linux Docker leverages resource isolation features of the modern Linux kernel offered by cgroups and kernel namespaces The cgroups and kernel namespaces features allow creation of strongly isolated containers acting as very lightweight virtual machines running on a single Linux host Docker helps abstract operating-system-level virtualization on Linux using abstracted virtualization interfaces based on libvirt, LXC (LinuX Containers) and systemd-nspawn As of version 0.9, Docker has the capability to directly use virtualization facilities provided by the Linux kernel via its own libcontainer library Linux Kernel Features: cgroups and namespaces The control group kernel feature (cgroup) is used by the Linux kernel to allocate system resources such as CPU, I/O, memory, and network subject to limits, quotas, prioritization, and other control arrangements The kernel provides access to multiple subsystems through the cgroup interface Examples of subsystems (controllers): The memory controller for limiting memory use The cpuacct controller for keeping track of CPU usage The cgroups facility was merged into the Linux kernel version 2.6.24 Systems that use cgroups: Docker, Linux Containers (LXC), Hadoop, etc. The namespaces feature is a related to cgroups facility that enables different applications to act as separate tenants with completely isolated views of the operating environment, including users, process trees, network, and mounted file systems The Docker-Linux Kernel Interfaces Source: Adapted from https://en.wikipedia.org/wiki/Docker_(software) Docker Containers vs Traditional Virtualization {#docker-containers-vs-traditional-virtualization .SlideHeader} System virtualization tools or emulators like KVM, Xen, HyperV, VMware, etc. boot virtual machines from a complete guest OS image (of your choice) and basically emulate a complete machine, which results in a high operational overhead Virtual environments created by Docker run on the existing kernel’s image of the host’s OS without a need for a hypervisor This leads to very low overhead and significantly faster container start-up time Docker-provisioned containers do not include or require a separate operating system (it runs in the host’s OS) This circumnstance puts a significant limitation on your OS choices Docker Containers vs Traditional Virtualization Overall, traditional virtualization has advantages over Docker in that you have a choice of guest OSes (as long as the machine architecture is supported) You can get only some (limited) choice of Linux distros You still have some choice: e.g. you can deploy a Fedora container on a Debian host You can, however, run a Windows VM inside a Linux machine using virtual machine emulators like VirtualBox (with less engineering efficiency) With Linux containers, you can achieve a higher level of deployed application density compared with traditional VMs (10x more units!) Docker runs everything through a central daemon which is not a particularly reliable and secure processing model Docker as Platform-as-a-Service Docker defines an API for creating, deploying and managing containers that make up highly distributed systems spanning multiple physical machines Docker-based systems can also efficiently run multiple isolated applications on a single physical machine On-demand provisioning of applications by Docket supports the Platform-as-a-Service (PaaS)–style deployment and scaling Docker Integration Docker can be integrated with a number of IT automation tools that extend its capabilities, including Ansible Chef Jenkins Puppet Salt Docker is also deployed on a number of Cloud platforms Amazon Web Services Google Cloud Platform Microsoft Azure OpenStack Rackspace Docker Services Docker deployment model is application-centric and in this context provides the following services and tools: A uniform format for bundling an application along with its dependencies which is portable across different machines Tools for automatic assembling a container from source code: make, maven, Debian packages, RPMs, etc. Container versioning with deltas between versions Docker Application Container Public Repository Docker community maintains the repository for official and public domain Docker application images: https://hub.docker.com/account/signup Competing Systems Rocket container runtime from CoreOS (an open source lightweight Linux kernel-based operating system) LXD for Ubuntu from Canonical (the company behind Ubuntu) The LXC (Linux Containers), used by Docker internally Many more are on the way … Other systems exist for non-Linux OSes Docker Command-line The following commands are shown as executed by the root (privileged) user: docker run ubuntu echo ‘Yo Docker!’ This command (not very useful) will create a docker container on the fly and execute the echo command on it and then shuts down docker ps -a This command will list all the containers along with their IDs created by Docker Starting, Inspecting, and Stopping Docker Containers docker start -i <container_id> This command will start an existing stopped container in interactive (-i) mode (you will get the target system shell on start-up) docker inspect <container_id> This command will provide JSON-encoded information about the running container identified by container_id docker stop <container_id> This command will stop the running container identified by container_id Summary Docker is a system for creating virtual environments which are, for all intents and purposes, lightweight virtual machines Docker containers can only run the type of OS that matches the host’s OS Docker containers are extremely lightweight (although not so robust and secure), allowing you to achieve a higher level of deployed application density compared with traditional VMs (10x more units!) On-demand provisioning of applications by Docket supports the Platform-as-a-Service (PaaS)–style deployment and scaling Related Training WA2451 DevOps Fundamentals KB-013 Docker Introduction was last modified: October 16th, 2018 by admin
