Using Docker Developing and Deploying Software with Containers (Adrian Mouat) (z-library.sk, 1lib.sk, z-lib.sk)

📄 File Format: PDF

💾 File Size: 8.2 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

Adrian Mouat Using Docker DEVELOPING AND DEPLOYING SOFTWARE WITH CONTAINERS www.it-ebooks.info

📄 Page 2

www.it-ebooks.info

📄 Page 3

Adrian Mouat Boston Using Docker www.it-ebooks.info

📄 Page 4

978-1-491-91576-9 [LSI] Using Docker by Adrian Mouat Copyright © 2016 Adrian Mouat. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://safaribooksonline.com). For more information, contact our corporate/ institutional sales department: 800-998-9938 or corporate@oreilly.com. Editor: Brian Anderson Production Editor: Melanie Yarbrough Copyeditor: Christina Edwards Proofreader: Amanda Kersey Indexer: WordCo Indexing Services Interior Designer: David Futato Cover Designer: Randy Comer Illustrator: Rebecca Demarest December 2015: First Edition Revision History for the First Edition 2015-12-07: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781491915769 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Using Docker, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights. www.it-ebooks.info

📄 Page 5

To those who try, whether they fail or succeed. www.it-ebooks.info

📄 Page 6

www.it-ebooks.info

📄 Page 7

Table of Contents Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Part I. Background and Basics 1. The What and Why of Containers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Containers Versus VMs 4 Docker and Containers 6 Docker: A History 8 Plugins and Plumbing 10 64-Bit Linux 10 2. Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Installing Docker on Linux 13 Run SELinux in Permissive Mode 14 Running Without sudo 15 Installing Docker on Mac OS or Windows 15 A Quick Check 17 3. First Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Running Your First Image 19 The Basic Commands 20 Building Images from Dockerfiles 24 Working with Registries 27 Private Repositories 29 Using the Redis Official Image 30 Conclusion 33 v www.it-ebooks.info

📄 Page 8

4. Docker Fundamentals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 The Docker Architecture 35 Underlying Technologies 36 Surrounding Technologies 37 Docker Hosting 39 How Images Get Built 39 The Build Context 39 Image Layers 41 Caching 43 Base Images 44 Dockerfile Instructions 46 Connecting Containers to the World 49 Linking Containers 49 Managing Data with Volumes and Data Containers 51 Sharing Data 53 Data Containers 54 Common Docker Commands 55 The run Command 56 Managing Containers 59 Docker Info 62 Container Info 62 Dealing with Images 63 Using the Registry 66 Conclusion 67 Part II. The Software Lifecycle with Docker 5. Using Docker in Development. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Say “Hello World!” 71 Automating with Compose 81 The Compose Workflow 83 Conclusion 84 6. Creating a Simple Web App. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Creating a Basic Web Page 86 Taking Advantage of Existing Images 88 Add Some Caching 93 Microservices 96 Conclusion 97 vi | Table of Contents www.it-ebooks.info

📄 Page 9

7. Image Distribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Image and Repository Naming 99 The Docker Hub 100 Automated Builds 102 Private Distribution 104 Running Your Own Registry 104 Commerical Registries 111 Reducing Image Size 111 Image Provenance 113 Conclusion 114 8. Continuous Integration and Testing with Docker. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Adding Unit Tests to Identidock 116 Creating a Jenkins Container 121 Triggering Builds 128 Pushing the Image 129 Responsible Tagging 129 Staging and Production 131 Image Sprawl 131 Using Docker to Provision Jenkins Slaves 132 Backing Up Jenkins 132 Hosted CI Solutions 133 Testing and Microservices 133 Testing in Production 135 Conclusion 135 9. Deploying Containers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Provisioning Resources with Docker Machine 138 Using a Proxy 141 Execution Options 147 Shell Scripts 148 Using a Process Manager (or systemd to Rule Them All) 150 Using a Configuration Management Tool 153 Host Configuration 157 Choosing an OS 157 Choosing a Storage Driver 157 Specialist Hosting Options 160 Triton 160 Google Container Engine 162 Amazon EC2 Container Service 162 Giant Swarm 165 Persistent Data and Production Containers 167 Table of Contents | vii www.it-ebooks.info

📄 Page 10

Sharing Secrets 167 Saving Secrets in the Image 167 Passing Secrets in Environment Variables 168 Passing Secrets in Volumes 168 Using a Key-Value Store 169 Networking 170 Production Registry 170 Continuous Deployment/Delivery 171 Conclusion 171 10. Logging and Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Logging 174 The Default Docker Logging 174 Aggregating Logs 176 Logging with ELK 176 Docker Logging with syslog 187 Grabbing Logs from File 193 Monitoring and Alerting 194 Monitoring with Docker Tools 194 cAdvisor 196 Cluster Solutions 197 Commercial Monitoring and Logging Solutions 201 Conclusion 201 Part III. Tools and Techniques 11. Networking and Service Discovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Ambassadors 206 Service Discovery 210 etcd 210 SkyDNS 215 Consul 219 Registration 223 Other Solutions 225 Networking Options 226 Bridge 226 Host 227 Container 228 None 228 New Docker Networking 228 Network Types and Plugins 230 viii | Table of Contents www.it-ebooks.info

📄 Page 11

Networking Solutions 230 Overlay 231 Weave 233 Flannel 237 Project Calico 242 Conclusion 246 12. Orchestration, Clustering, and Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 Clustering and Orchestration Tools 250 Swarm 251 Fleet 257 Kubernetes 263 Mesos and Marathon 271 Container Management Platforms 282 Rancher 282 Clocker 283 Tutum 285 Conclusion 286 13. Security and Limiting Containers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Things to Worry About 290 Defense-in-Depth 292 Least Privilege 292 Securing Identidock 293 Segregate Containers by Host 295 Applying Updates 296 Avoid Unsupported Drivers 299 Image Provenance 300 Docker Digests 300 Docker Content Trust 301 Reproducible and Trustworthy Dockerfiles 305 Security Tips 307 Set a User 307 Limit Container Networking 309 Remove Setuid/Setgid Binaries 311 Limit Memory 312 Limit CPU 313 Limit Restarts 314 Limit Filesystems 314 Limit Capabilities 315 Apply Resource Limits (ulimits) 316 Run a Hardened Kernel 318 Table of Contents | ix www.it-ebooks.info

📄 Page 12

Linux Security Modules 318 SELinux 319 AppArmor 322 Auditing 322 Incident Response 323 Future Features 324 Conclusion 324 Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327 x | Table of Contents www.it-ebooks.info

📄 Page 13

Preface Containers are a lightweight and portable store for an application and its dependencies. Written down by itself, this sounds dry and boring. But the process improvements made possible by containers are anything but; used correctly, containers can be game- changing. So persuasive is the lure of the architectures and workflows made possible by containers that it feels like every major IT company has gone in a year from never having heard of Docker or containers to actively investigating and using them. The rise of Docker has been astonishing. I don’t remember any technology that has had such a fast and profound effect on the IT industry. This book is my attempt to help you understand why containers are so important, what you stand to gain from adopting containerization and, most importantly, how to go about it. Who Should Read This Book This book tries to take a holistic approach to Docker, explaining the reasons for using Docker and showing how to use it and how to integrate it into a software- development workflow. The book covers the entire software lifecycle, from develop‐ ment through to production and maintenance. I have tried to avoid assuming too much of the reader beyond a basic knowledge of Linux and software development in general. The intended readership is primarily software developers, operations engineers, and system administrators (particularly those keen to develop a DevOps approach), but technically informed managers and enthusiasts should also be able to get something out of this book. Why I Wrote This Book I was in the fortunate position to learn about and use Docker while it was still in the early stages of its meteoric rise. When the opportunity to write this book appeared, I leapt at it with both hands. If my scribblings can help some of you to understand and xi www.it-ebooks.info

📄 Page 14

make the most of the containerization movement, I will have achieved more than I have in years of developing software. I truly hope that you enjoy reading this book and that it helps you on the path to using Docker in your organization. Navigating This Book This book is organized roughly as follows: • Part I starts by explaining what containers are and why you should be interested in them, before going into a tutorial chapter showing the basics of Docker. It ends with a large chapter explaining the fundamental concepts and technology in Docker, including an overview of the various Docker commands. • Part II explains how to use Docker in a software-development lifecycle. It starts by showing how to set up a development environment, before building a simple web application that is used as an ongoing example through the rest of Part II. The chapter covers development, testing, and integration, as well as how to deploy containers and how to effectively monitor and log a production system. • Part III goes into advanced details and the tools and techniques needed to run multihost clusters of Docker containers safely and reliably. If you are already using Docker and need to understand how to scale up or solve networking and security issues, this is for you. Conventions Used in This Book The following typographical conventions are used in this book: Italic Indicates new terms, URLs, email addresses, filenames, and file extensions. Constant width Used for program listings, as well as within paragraphs to refer to program ele‐ ments such as variable or function names, databases, data types, environment variables, statements, and keywords. Constant width bold Shows commands or other text that should be typed literally by the user. Constant width italic Shows text that should be replaced with user-supplied values or by values deter‐ mined by context. xii | Preface www.it-ebooks.info

📄 Page 15

This icon signifies a tip, suggestion, or general note. This icon indicates a warning or caution. Using Code Examples Supplemental material (code examples, exercises, etc.) is available for download at https://github.com/using-docker/. This book is here to help you get your job done. In general, if example code is offered with this book, you may use it in your programs and documentation. You do not need to contact us for permission unless you’re reproducing a significant portion of the code. For example, writing a program that uses several chunks of code from this book does not require permission. Selling or distributing a CD-ROM of examples from O’Reilly books does require permission. Answering a question by citing this book and quoting example code does not require permission. Incorporating a signifi‐ cant amount of example code from this book into your product’s documentation does require permission. We appreciate, but do not require, attribution. An attribution usually includes the title, author, publisher, and ISBN. For example: “Using Docker by Adrian Mouat (O’Reilly). Copyright 2016 Adrian Mouat, 978-1-491-91576-9.” If you feel your use of code examples falls outside fair use or the permission given above, feel free to contact us at permissions@oreilly.com. Safari® Books Online Safari Books Online is an on-demand digital library that deliv‐ ers expert content in both book and video form from the world’s leading authors in technology and business. Technology professionals, software developers, web designers, and business and crea‐ tive professionals use Safari Books Online as their primary resource for research, problem solving, learning, and certification training. Preface | xiii www.it-ebooks.info

📄 Page 16

Safari Books Online offers a range of plans and pricing for enterprise, government, education, and individuals. Members have access to thousands of books, training videos, and prepublication manuscripts in one fully searchable database from publishers like O’Reilly Media, Prentice Hall Professional, Addison-Wesley Professional, Microsoft Press, Sams, Que, Peachpit Press, Focal Press, Cisco Press, John Wiley & Sons, Syngress, Morgan Kauf‐ mann, IBM Redbooks, Packt, Adobe Press, FT Press, Apress, Manning, New Riders, McGraw-Hill, Jones & Bartlett, Course Technology, and hundreds more. For more information about Safari Books Online, please visit us online. How to Contact Us Please address comments and questions concerning this book to the publisher: O’Reilly Media, Inc. 1005 Gravenstein Highway North Sebastopol, CA 95472 800-998-9938 (in the United States or Canada) 707-829-0515 (international or local) 707-829-0104 (fax) We have a web page for this book, where we list errata, examples, and any additional information. You can access this page at http://bit.ly/using-docker. To comment or ask technical questions about this book, send email to bookques‐ tions@oreilly.com. For more information about our books, courses, conferences, and news, see our web‐ site at http://www.oreilly.com. Find us on Facebook: http://facebook.com/oreilly Follow us on Twitter: http://twitter.com/oreillymedia Watch us on YouTube: http://www.youtube.com/oreillymedia Acknowledgments I am immensely grateful for all the help, advice, and criticism I received during the writing of this book. If I missed your name in the following list, please accept my apologies; your contribution was appreciated whether I acted on it or not. For their generous feedback, I would like to thank Ally Hume, Tom Sugden, Lukasz Guminski, Tilaye Alemu, Sebastien Goasguen, Maxim Belooussov, Michael Boelen, xiv | Preface www.it-ebooks.info

📄 Page 17

Ksenia Burlachenko, Carlos Sanchez, Daniel Bryant, Christoffer Holmstedt, Mike Rathbun, Fabrizio Soppelsa, Yung-Jin Hu, Jouni Miikki, and Dale Bewley. For technical conversations and input on specific technologies in the book, I would like to thank Andrew Kennedy, Peter White, Alex Pollitt, Fintan Ryan, Shaun Cramp‐ ton, Spike Curtis, Alexis Richardson, Ilya Dmitrichenko, Casey Bisson, Thijs Schnitger, Sheng Liang, Timo Derstappen, Puja Abbassi, Alexander Larsson, and Kel‐ sey Hightower. For allowing me to reuse monsterid.js, I would like to thank Kevin Gaudin. For all their help, I would like to thank the O’Reilly staff, in particular my editor Brian Anderson and Meghan Blanchette, for starting the whole process. Diogo Mónica and Mark Coleman—thanks to both of you for answering my last- minute plea for help. A particular shout-out has to go to two companies: Container Solutions and Cloud‐ Soft. Jamie Dobson and Container Solutions kept me busy blogging and speaking at events, and put me in contact with several people who had an impact on this book. CloudSoft graciously allowed me to use their office during the writing of this book and hosted the Edinburgh Docker meetup, both of which were very important to me. For putting up with my obsession and moaning over the book, I would like to thank all my friends and family; you know who you are (and are unlikely to read this any‐ way). Finally, I would like to thank the BBC 6 Music DJs who provided the soundtrack to this book, including Lauren Laverne, Radcliffe and Maconie, Shaun Keaveny, and Iggy Pop. Preface | xv www.it-ebooks.info

📄 Page 18

www.it-ebooks.info

📄 Page 19

PART I Background and Basics In the first part of this book, we’ll start by taking look at what containers are and why they are becoming so popular. This is followed by an introduction to Docker and the key concepts you need to understand to make the most of containers. www.it-ebooks.info

📄 Page 20

www.it-ebooks.info