HP Advanced Technology Group: Docker and Ansible

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Docker and Ansible
Container management made easy

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
About the speaker
● Patrick Galbraith
● HP Advanced Technology Group
● Has worked at Blue Gecko, MySQL AB, Classmates,
Slashdot, Cobalt Group, US Navy, K-mart
● MySQL projects: memcached UDFs, DBD::mysql,
federated storage engine
● Family
● Outdoors

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted3
What is a container?

Containers vs. VMs
Containers
● Multiple isolated userspace instances
● Only libraries and components needed
for application
● Runs on the same kernel (using
Cgroups).
● Much smaller, easier to package
● VERY fast to start!
● Container runs using (a) specific
process(es)
● SSH not needed
● Security limited to app
VMs
● Entire OS installation
● Container runs within OS (using
Cgroups).
● VM runs using emulation or
virtualization on host OS
● Entire VM OS and disk images
● Longer to start
● SSH
● Security issues of running OS

What is Docker?
● Application that manages containers (CLI, API)
● Automates the deployment of applications inside software containers
● Written in Go, Opensource dotCloud
● Uses union file system (AUFS)
● Can use CLI to search Docker repos for images
● "literally LXC with some awesomesauce on top”
● No “dependency hell”

Why Docker?
● Makes it very easy to run and manage containers
● Configure/build once, run anywhere
● Small footprint in terms of disk and memory
● Well-suited for SaaS/PaaS
● Security - you are not running a VM and associated
OS

Docker concepts
● Images
● Read only layer
● Acts as a template for containers
● Inheritance
● images can be pushed to and pulled from public
or private repos
● Dockerfile
● Used for building images
● Containers
● Applications run using containers

Dockerfile example
FROM ubuntu:13.04
MAINTAINER Patrick aka CaptTofu Galbraith , patg@patg.net
# Update distribution
RUN apt-get update
&& apt-get upgrade -y
&& apt-get clean
RUN apt-get install -y ssh vim apache2-mpm-prefork
RUN mkdir /var/run/sshd
RUN mkdir /root/.ssh
RUN chmod 700 /root/.ssh
# entrypoint script
ADD entrypoint.sh /usr/local/sbin/entrypoint.sh
ADD docker.pem.pub /root/.ssh/authorized_keys
RUN chown -R root:root /root/.ssh
# Expose SSH and Apache
EXPOSE 22 80 443
ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"]

Entrypoint script example
#!/bin/bash
/usr/sbin/sshd -D $@
service apache2 start

Docker concepts

Basic usage
● docker run
● Make changes
● docker commit
● docker push

Dockerfile
● docker build –t username/my_image
● Container runs
● Each step results in an a commit (image being
created)
● CMD vs. ENTRYPOINT

Ansible + Docker
● docker module
● docker_images module
● docker_facts module
● Docker inventory plugin
● Uses docker-py Docker client python library

What we used
● HP Moonshot
● New server – low power (1500W x2 min)
● Small footprint
● Designed for targeted workloads
● One 4.3 U container chassis
● 45 cartridges

Install Docker
$ ansible-galaxy install angstwad.docker_ubuntu
- hosts:local
connection: local
roles:
- angstwad.docker_ubuntu
DOCKER_OPTS="--ip=0.0.0.0 --host=tcp://0.0.0.0:4243”
Example: install docker install role
Example: add options to template deployed to /etc/defaults/docker
Example: playbook to install using docker install role

Install Docker

Install Docker
Example: running ansible to verify that Docker is installed on containers

docker_images module
● Builds Docker images
● Simple: add, build or remove
- name: check or build percona XtraDB Cluster image
docker_image: docker_url=“tcp://127.0.0.1:4243”
path=”../docker-image-source/pxc/"
name=”capttofu/pxc" state=present
Example: playbook to build a Percona XtraDB Cluster

Example: build several images using playbook using docker_images

Example: Display of newly built images

docker module
● Container provisioning – start, stop, delete containers
● Set parameters on a container
Example: Playbook that builds Percona XtraDB Cluster
image- name: docker image control
local_action:
module: docker
docker_url: "tcp://somehost:4243"
image: ”capttofu/percona_xtradb"
name: ”db"
state: ”present"
publish_all_ports: yes

docker module
$ ansible-playbook site.yml -e 'hosts=moonshot'
$ ansible-playbook site.yml -e 'hosts=moonshot docker_state=absent'
Example: Docker container control

docker module

docker_facts module
● Populate large dictionary docker_facts containing
information about Docker container fleet and images
● Two primary dictionary entries: docker_containers
and docker_images

docker_facts module
- name: Gather info about containers
hosts: "{{ hosts }}"
gather_facts: False
tasks:
- name: Get facts about containers
local_action:
docker_url: tcp://{{ inventory_hostname }}:4243
module: docker_facts
- name: another facts test
debug: msg="Host{{':'}} {{ inventory_hostname}} Container Name{{':'}} {{ item.key }}
IP Address{{':'}} {{ item.value.docker_networksettings.IPAddress }}
ssh port{{':'}} {{ item.value['docker_networksettings']['Ports']['22/tcp'][0]['HostPort'] }}
with_dict: docker_containers
Example: print out container fleet info

docker_facts module

docker_facts module
- name: Gather info about
containers
hosts: docker
gather_facts: True
tasks:
- name: Get facts about
containers
local_action:
name: db_1
images: aff77f73ca3d
Example: print out specific container or images

docker_facts module
- name: Gather info about containers
hosts: "{{ hosts }}"
gather_facts: True
tasks:
local_action:
images: all
- name: images info
debug: msg="Image ID {{ item.key }} Repo Tags {{
item.value.docker_repotags }}"
with_dict: docker_images
Example: Print out all images

docker_facts module
---
- name: Create an invetory file
hosts: moonshot
gather_facts: yes
tasks:
local_action:
- name: docker_hosts template
local_action: template src=docker_hosts.txt.j2 dest=./docker_hosts_{{ inventory_hostname }}.txt
Example: Use docker_facts to print out inventory file

docker_facts module
[c10n1.atg.seattle.lan]
c19n1_db_1 ansible_ssh_port=49270 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_haproxy_1 ansible_ssh_port=49285 ansible_ssh_host=c10n1.atg.seattle.lan
c19n1_web_1 ansible_ssh_port=49240 ansible_ssh_host=c10n1.atg.seattle.lan
...
{% for host in hostvars | sort %}
[{{ host }}]
{% for container in docker_containers | sort %}
{{ container }} ansible_ssh_port={{ docker_containers[container]['docker_networksettings']['Ports']['22/tcp'][0
ansible_ssh_host={{ host }}
{% endfor %}
{% endfor %}
The produced file:
Jinja template:

Docker Dynamic inventory
● Ability to manage elastic resources
● Plugins provide a JSON output that serves as an
inventory list to use
● ansible –i plugin playbook.yml
● ansible –i docker.py main.yml

Dynamic inventory
---
- name: Create a docker.yml file
hosts: moonshot
gather_facts: yes
tasks:
- name: docker.yml template
local_action: template src=docker.yml.j2 dest=./docker.yml
Example: Playbook to create a dynamic inventory config file

Dynamic inventory
---
defaults:
host: unix:///var/run/docker.sock
version: 1.9
timeout: 60
private_ssh_port: 22
default_ip: 127.0.0.1
hosts:
{% for key in hostvars %}
- host: tcp://{{ key }}:4243
version: 1.9
timeout: 60
default_ip: {{
hostvars[key]['ansible_default_ipv4']['address'] }}
{% endfor %}
Example: Jinja template for docker inventory plugin config file

Dynamic inventory
hosts:
- host: tcp://c29n1.atg.seattle.lan:4243
version: 1.9
timeout: 60
default_ip: 10.99.33.38
version: 1.9
timeout: 60
default_ip: 10.99.33.24
version: 1.9
timeout: 60
default_ip: 10.99.33.23
…
Example: Produced docker inventory plugin config

Dynamic inventory

Cleanup

Acknowledgements
• Paul Durivage (https://github.com/angstwad)
• Yazz Atlas (https://twitter.com/EntropyWorks)
• Brian Aker (https://en.wikipedia.org/wiki/Brian_Aker, @brianaker, IRC krow)
• Michael DeHaan (https://twitter.com/laserllama)

Resources
• http://patg.net
• https://galaxy.ansible.com/list#/users/1488
• http://docker.io
• https://github.com/CaptTofu/ansible-docker-presentation
• https://github.com/CaptTofu/docker-image-source
• http://www.slideshare.net/PatrickGalbraith/docker-ansible-34909080
• http://blog.docker.io/2013/06/openstack-docker-manage-linux-containers-
with-nova/
• https://index.docker.io/u/ewindisch/dockenstack/

HP Advanced Technology Group: Docker and Ansible

More Related Content

What's hot

Viewers also liked

Similar to HP Advanced Technology Group: Docker and Ansible

Recently uploaded

HP Advanced Technology Group: Docker and Ansible