The Revolution Will Be
Credits
The @docker presentation to beat is https://github.com/jbarratt/dockertalk …. Thanks @jbarratt for looking past the buzz and doing our work justice. -- Solomon Hykes
In the beginning, there was the computer
What do we need to share?
- Resources: We all get enough (but not too much)
- Security/Privacy: We stay out of each other's stuff
- Dependencies: Apps & Libs I need
Many Strategies
Impacts
Virtuozzo/OpenVZ ("Thick Containers")
Density/Efficiency: We should care.
- Profit
- Extra servers, networking gear
- Power Costs
- Performance
- See (1)
- Social and Environmental Responsibility
- Power usage = C02
- Shipping = C02
- Manufacturing = Precious Metals, Toxic Waste
- Also, can be terrible working conditions.
On Power
TL;DR Today's Cloud Might Need Improvement
Apps & Server Layer
How do we ship our applications?
A Hypothetical Python App
- We need python 3.2. Damn, distro doesn't provide it.
- Need a library that clashes with the system's version. Damn.
- We package the whole mess, using
virtualenvand some glue. - Oh, and we need redis 2.6 for Lua support. Distro has 2.4. Triple damn.
- Oh, and the QA team has standardized on Centos.
- Oh, BTW, the new search service is a node.js app, that's cool, right?
Netflix Model
- Bake an entire server image
- Test as a unit
- Use for deploy and rollback
Progress! But, 'the computer' is a very chunky unit of abstraction.
The Tricky Bits
- Lots of sysadmin surface area
- Additional Daemons to run & manage
- Large images to juggle. 1 byte change? 0.5 GB image.
- Boot Times. 2 seconds - 15 mins (OpenStack nodepool)
- Density isn't great.
What about PaaS?
Cool! "Process Virtualization Not Server Virtualization."
Sort of.
- Local dev, QA, staging can be tough to clone their versions of.
- Hard upper bound on troubleshooting
- Generally fixed userland
- Lots of capability limits (daemons, storage, networking, etc)
DREAM WITH ME
What is Docker?
“Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application.”
What is Docker?
What is Docker?
Portability & Density
- Extremely Lightweight
- Build containers manually or with many flavors of repeatable process
- Run those on local, dev, QA, stage, prod, cloud, PaaS...
Who is Docker?
Tons of people!
- Open Sourced by dotCloud, part of a family of other great tools. (hipache)
- < 1 year old, but hundreds of committers, and it's blogged about constantly
- Quick Survey?
Ecosystem:
Huge and Growing.
Not Just Docker
- LXC vanilla // OpenStack
- CloudLinux
- lmctfy
But Docker is Crazy.
- PaaS: Cocaine (!!!!), dotCloud, Deis, OpenShift, Flynn, Dokku..
- IaaS: OpenStack (Standard in Havana)
- VPS: Many/Most providers possible if not easy (Linode, DO)
- Distros: CoreOS
- Config Management: Puppet, Chef, Salt, Ansible
- Orchestration: Heat, Maestro, Mesos, Toscanni
- Dashboards: Docker-UI, Shipyard, Horizon
Security
- Pretty tested stuff
- Ubuntu ships with extra hardening (AppArmor vs /proc/sys*)
- Can be layered (e.g. OpenShift, SELinux)
- Lower priv mode coming soon
- Docker Index, Handle With Care. (Build Dockerfiles)
How do I play?
curl http://get.docker.io | sudo sh
Or
# Install vagrant, then...
$ git clone https://github.com/dotcloud/docker.git
$ vagrant up
$ vagrant ssh
$ sudo docker
Should I do more than play?
- Not rated as "production ready" due to API volatility
- Very usable for nearline applications (e.g. testing)