container based virtualization docker
play

Container-based virtualization: Docker Corso di Sistemi Distribuiti - PDF document

Jan 28, 2023 •214 likes •437 views

Macroarea di Ingegneria Dipartimento di Ingegneria Civile e Ingegneria Informatica Container-based virtualization: Docker Corso di Sistemi Distribuiti e Cloud Computing A.A. 2019/20 Valeria Cardellini Laurea Magistrale in Ingegneria

  1. Macroarea di Ingegneria Dipartimento di Ingegneria Civile e Ingegneria Informatica Container-based virtualization: Docker Corso di Sistemi Distribuiti e Cloud Computing A.A. 2019/20 Valeria Cardellini Laurea Magistrale in Ingegneria Informatica Case study: Docker • Lightweight, open and secure container-based virtualization – Containers include the application and all of its dependencies, but share the OS kernel with other containers – Containers run as an isolated process in userspace on the host OS – Containers are also not tied to any specific infrastructure Valeria Cardellini - SDCC 2019/20 1

  2. Docker internals • Docker is written in Go language • With respect to other OS-level virtualization solutions, Docker is a higher-level platform that exploits Linux kernel mechanisms such as cgroups and namespaces – First versions based on Linux Containers (LXC) – Then based on its own libcontainer runtime that uses Linux kernel namespaces and cgroups directly • Docker adds to LXC – Portable deployment across machines – Versioning, i.e., git-like capabilities – Component reuse – Shared libraries, see Docker Hub hub.docker.com Valeria Cardellini - SDCC 2019/20 2 Docker internals • libcontainer (now included in opencontainers/runc ): cross-system abstraction layer aimed to support a wide range of isolation technologies Valeria Cardellini - SDCC 2019/20 3

  3. Component diagram of Docker Valeria Cardellini - SDCC 2019/20 4 Docker engine • Docker Engine: client- server application composed by: – A server, called coker daemon – A REST API which specifies interfaces that programs can use to control and interact with the daemon – A command line interface (CLI) client See https://docs.docker.com/engine/docker-overview/ Valeria Cardellini - SDCC 2019/20 5

  4. Docker architecture • Docker uses a client-server architecture – The Docker client talks to the Docker daemon , which builds, runs, and distributes Docker containers – Client and daemon communicate via sockets or REST API Valeria Cardellini - SDCC 2019/20 6 Docker image • Read-only template used to create a Docker container • The Build component of Docker – Enables the distribution of apps with their runtime environment • Incorporates all the dependencies and configuration necessary to apps to run, eliminating the need to install packages and troubleshoot – Target machine must be Docker-enabled • Docker can build images automatically by reading instructions from a Dockerfile – A text file with simple, well-defined syntax • Images can be pulled and pushed towards a public/private registry • Image name: [registry/][user/]name[:tag] – Default for tag is latest Valeria Cardellini - SDCC 2019/20 7

  5. Docker image: Dockerfile • Image can be created from a Dockerfile and a context – Dockerfile: instructions to assemble the image – Context: set of files (e.g., application, libraries) – Often, an image is based on another image (e.g., ubuntu) • Dockerfile syntax # Comment INSTRUCTION arguments • Instructions in a Dockerfile run in order • Some instructions FROM : to specify parent image (mandatory) RUN : to execute any command in a new layer on top of current image and commit results ENV : to set environment variables EXPOSE : container listens on specified network ports at runtime CMD : to provide defaults for executing container Valeria Cardellini - SDCC 2019/20 8 Docker image: Dockerfile • Example of Dockerfile to build the image of a container that will run a Python app # Use an official Python runtime as a parent image FROM python:2.7-slim # Set the working directory to /app WORKDIR /app # Copy the current directory contents into the container at /app ADD . /app # Install any needed packages specified in requirements.txt RUN pip install --trusted-host pypi.python.org -r requirements.txt # Make port 80 available to the world outside this container EXPOSE 80 # Define environment variable ENV NAME World # Run app.py when the container launches CMD ["python", "app.py"] See https://docs.docker.com/v17.09/get-started/part2/ Valeria Cardellini - SDCC 2019/20 9

  6. Docker image: build • Build image from Dockerfile $ docker build [OPTIONS] PATH | URL | - ⎼ E.g., to build the image for Python app (see Dockerfile in previous slide) $ docker build -t friendlyhello . Valeria Cardellini - SDCC 2019/20 10 Docker image: layers • Each image consists of a series of layers • Docker uses union file systems to combine these layers into a single unified view – Layers are stacked on top of each other to form a base for a container’s root file system – Based on copy-on-write (COW) principle Valeria Cardellini - SDCC 2019/20 11

  7. Docker image: layers • Layering pros - Enable layer sharing and reuse, installing common layers only once and saving bandwidth and storage space - Manage dependencies and separate concerns - Facilitate software specializations See https://docs.docker.com/storage/storagedriver/ Valeria Cardellini - SDCC 2019/20 12 Docker image: layers and Dockerfile • Each layer represents an instruction in the image’s Dockerfile • Each layer except the very last one is read-only • To inspect an image, including image layers $ docker inspect imageid Valeria Cardellini - SDCC 2019/20 13

  8. Docker image: storage • Containers should be stateless. Ideally: – Very little data is written to container’s writable layer – Data should be written on Docker volumes – Nevertheless: some workloads require to write data to the container’s writable layer • The storage driver controls how images and containers are stored and managed on the Docker host • Multiple choices for the storage driver - Including AuFS and Overlay2 (at file level), Device Mapper, btrfs and zfs (at block level) - Storage driver’s choice can affect the performance of containerized applications - See https://dockr.ly/2FstUe6 Valeria Cardellini - SDCC 2019/20 14 Docker container and registry • Docker container : runnable instance of a Docker image – Run, start, stop, move, or delete a container using Docker API or CLI commands – The Run component of Docker - Docker containers are stateless: when a container is deleted, any data written not stored in a data volume is deleted along with the container • Docker registry : stateless server-side application that stores and lets you distribute Docker images - Open library of images - The Distribute component of Docker - Docker-hosted registries: Docker Hub, Docker Store (open source and enterprise verified images) Valeria Cardellini - SDCC 2019/20 15

  9. Docker: run command • When you run a container whose image is not yet installed but is available on Docker Hub Courtesy of “Docker in Action” by J. Nickoloff Valeria Cardellini - SDCC 2019/20 16 State transitions of Docker containers Courtesy of “Docker in Action” by J. Nickoloff Valeria Cardellini - SDCC 2019/20 17

  10. Commands: Docker info • Obtain system-wide info on Docker installation $ docker info Including: – How many images, containers and their status – Storage driver – Operating system, architecture, total memory – Docker registry – Docker Swarm status Valeria Cardellini - SDCC 2019/20 18 Commands: image handling • List images on host (i.e., local repository) $ docker images • List every image, including intermediate image layers: $ docker images –a • Options to list images by name and tag, to list image digests (sha256), to filter images, to format the output, e.g., $ docker images --filter reference=ubuntu • Remove an image $ docker rmi imageid Can also use imagename instead of imageid Valeria Cardellini - SDCC 2019/20 19

  11. Command: run $ docker run [OPTIONS] IMAGE [COMMAND] [ARGS] • Most common options --name assign a name to the container detached mode (in background) -d interactive (keep STDIN open even if not attached) -i -t allocate a pseudo-tty --expose expose a range of ports inside the container -p publish a container's port or a range of ports to the host -v bind and mount a volume -e set environment variables --link add link to other containers • The “Hello World” container $ docker run alpine /bin/echo 'Hello world' - alpine: lightweight Linux distro with reduced image size Valeria Cardellini - SDCC 2019/20 20 Commands: containers management • List containers – Only running containers: $ docker ps • Alternatively, $ docker container ls – All containers (even stopped or killed containers): $ docker ps -a Can also use containername • Container lifecycle instead of containerid – Stop running container $ docker stop containerid – Start stopped container $ docker start containerid – Kill running container $ docker kill containerid – Remove container (need to stop it before attempting removal) $ docker rm containerid Valeria Cardellini - SDCC 2019/20 Valeria Cardellini - SDCC 2018/19 21

Recommend

Container-based virtualization: Docker Corso di Sistemi Distribuiti e Cloud Computing A.A.

Container-based virtualization: Docker Corso di Sistemi Distribuiti e Cloud Computing A.A.

Universit degli Studi di Roma Tor Vergata Dipartimento di Ingegneria Civile e Ingegneria Informatica Container-based virtualization: Docker Corso di Sistemi Distribuiti e Cloud Computing A.A. 2018/19 Valeria Cardellini Case study:

979 views • 20 slides
Container-based virtualization Process-level Extensively used in Lightweight virtualization

Container-based virtualization Process-level Extensively used in Lightweight virtualization

C NTR Lightweight OS Containers Jrg Thalheim, Pramod Bhatotia Pedro Fonseca Baris Kasikci USENIX ATC 2018 Container-based virtualization Process-level Extensively used in Lightweight virtualization production isolation Namespaces

250 views • 22 slides
Docker Review Basic Commands docker image ls # list images currently present locally docker

Docker Review Basic Commands docker image ls # list images currently present locally docker

Docker Review Basic Commands docker image ls # list images currently present locally docker container ls # list running containers docker run <image_name> # run an image as a container docker exec <container> <command> # run a

1.1k views • 6 slides
Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y

Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y

Setup docker rm $(docker ps -aq) docker network rm my_net Demo - Install and activate yum -y install docker s ystemctl start docker systemctl enable docker docker images - Launch pre-canned container: hello-world (busybox is another good

480 views • 4 slides
A Gentle Introduction to Container-based CI for Coq projects rik Martin-Dorel ACADIE team /

A Gentle Introduction to Container-based CI for Coq projects rik Martin-Dorel ACADIE team /

Introduction to Container-based CI/CD Presentation of docker-coq About docker-keeper and concluding remarks A Gentle Introduction to Container-based CI for Coq projects rik Martin-Dorel ACADIE team / IRIT lab. / Univ. Toulouse III - Paul

524 views • 25 slides
Summary To learn how to set up a container-based platform, called Docker, for use in all class

Summary To learn how to set up a container-based platform, called Docker, for use in all class

1 Due: Today, 11:59 pm CMPSC 300 Bioinformatics Fall 2019 Lab 1: Installing Software and a Written Reflection Summary To learn how to set up a container-based platform, called Docker, for use in all class activities, labs and practicals. To

580 views • 8 slides
Deliver Docker Containers Continuously on AWS Philipp Garbe @pgarbe Google Container So many

Deliver Docker Containers Continuously on AWS Philipp Garbe @pgarbe Google Container So many

Deliver Docker Containers Continuously on AWS Philipp Garbe @pgarbe Google Container So many choices... Engine Azure Container Services Cloud Foundrys Amazon ECS Diego Kubernetes Docker Swarm Mesosphere CoreOS Marathon Fleet

465 views • 45 slides
Container-based Virtualization University of Amsterdam MSc. System & Network Engineering

Container-based Virtualization University of Amsterdam MSc. System & Network Engineering

Power Efficiency of Hypervisor and Container-based Virtualization University of Amsterdam MSc. System & Network Engineering Research Project II Jeroen van Kessel 02-02-2016 Supervised by: dr. ir. Arie Taal dr. Paola Grosso Significance

761 views • 26 slides
Virtualization with Docker Matthias Schnepf Karlsruhe Institute of Technology (KIT), SCC/ETP 0

Virtualization with Docker Matthias Schnepf Karlsruhe Institute of Technology (KIT), SCC/ETP 0

Virtualization with Docker Matthias Schnepf Karlsruhe Institute of Technology (KIT), SCC/ETP 0 2019-11-05 Cake meeting Matthias Schnepf SCC/ETP Virtualization with Docker www.kit.edu KIT The Research University in the Helmholtz

1.26k views • 17 slides
INTRODUCTION TO DOCKER ADRIAN MOUAT SO WHAT IS DOCKER? SIMILAR TO A LIGHTWEIGHT VM Both

INTRODUCTION TO DOCKER ADRIAN MOUAT SO WHAT IS DOCKER? SIMILAR TO A LIGHTWEIGHT VM Both

INTRODUCTION TO DOCKER ADRIAN MOUAT SO WHAT IS DOCKER? SIMILAR TO A LIGHTWEIGHT VM Both provide isolated environments Docker is much more efficient 64-bit Linux only (currently) CONTAINERIZATION A Docker container is a portable store for a

674 views • 29 slides
CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT Chief Scientist @ Container Solutions Wrote

CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT Chief Scientist @ Container Solutions Wrote

CONTAINER AND MICROSERVICE SECURITY ADRIAN MOUAT Chief Scientist @ Container Solutions Wrote "Using Docker" for O'Reilly 40% Discount with AUTHD code Free Docker Security minibook http://www.oreilly.com/webops-perf/free/docker-

1.06k views • 68 slides
containerization: more than the new virtualization Jrme Petazzoni (@jpetazzo) Grumpy

containerization: more than the new virtualization Jrme Petazzoni (@jpetazzo) Grumpy

containerization: more than the new virtualization Jrme Petazzoni (@jpetazzo) Grumpy French DevOps - Go away or I will replace you with a very small shell script Runs everything in containers - Docker-in-Docker - VPN-in-Docker -

1.06k views • 61 slides
Integrating container-based virtualization technologies into ARC-powered grid infrastructure

Integrating container-based virtualization technologies into ARC-powered grid infrastructure

Integrating container-based virtualization technologies into ARC-powered grid infrastructure Oleksandr Boretskyi, Oleksandr Bohomaz, Andrii Salnikov Taras Schevchenko National University of Kyiv e-mail: grid@grid.org.ua Koice 2016 Software

518 views • 15 slides
Java/JVM com Docker em produo: lies das trincheiras Leonardo Zanivan panga@apache.org

Java/JVM com Docker em produo: lies das trincheiras Leonardo Zanivan panga@apache.org

Java/JVM com Docker em produo: lies das trincheiras Leonardo Zanivan panga@apache.org Why Docker Container? Review: Why Docker Container? Environments (dev, test, UAT, prod) Productivity (onboarding, develop, test) Single

530 views • 24 slides
Docker & Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1

Docker & Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1

Docker & Mesos/Marathon in production at OVH Balthazar Rouberol https://ovh.to/6bRrkAn 1 About Docker at OVH 2014-2015: Home-made container orchestrator, Sailabove, based on LXC 2016: Switch to Docker & Mesos/Marathon 6

487 views • 19 slides
Containers/Docker Mirna Alaisami Matthias Haeussler What is a container? in general 2

Containers/Docker Mirna Alaisami Matthias Haeussler What is a container? in general 2

Containers/Docker Mirna Alaisami Matthias Haeussler What is a container? in general 2 What is a Container? "in General" The term comes originally from the transportation world! A shipping container is any

620 views • 47 slides
Convergence of your virtualization and container infrastructures with KubeVirt Fabian Deutsch,

Convergence of your virtualization and container infrastructures with KubeVirt Fabian Deutsch,

Convergence of your virtualization and container infrastructures with KubeVirt Fabian Deutsch, Red Hat, Virtualization & IaaS, FOSDEM 2018 1 Hello. Fedora user and former package maintainer oVirt and KubeVirt Contributor Working at Red

648 views • 42 slides
CONTAINER ORCHESTRATION WITH SWARM MODE, MESOS/MARATHON AND KUBERNETES ADRIAN MOUAT WHO AM I?

CONTAINER ORCHESTRATION WITH SWARM MODE, MESOS/MARATHON AND KUBERNETES ADRIAN MOUAT WHO AM I?

CONTAINER ORCHESTRATION WITH SWARM MODE, MESOS/MARATHON AND KUBERNETES ADRIAN MOUAT WHO AM I? Chief Scientist at Container Solutions Wrote "Using Docker" for O'Reilly 40% discount with code AUTHD Docker Captain @adrianmouat WHAT

1.4k views • 59 slides
Hyper: Make VM Runs Like Container Xu Wang <xu@hyper.sh> Hyper HQ Agenda Lesson

Hyper: Make VM Runs Like Container Xu Wang <xu@hyper.sh> Hyper HQ Agenda Lesson

Hyper: Make VM Runs Like Container Xu Wang <xu@hyper.sh> Hyper HQ Agenda Lesson learned from docker Hyper: App-centric VM Hyper and Xen Next step Docker Seems to Beat VM Everywhere Docker announced in 2013 and release

531 views • 13 slides
Docker@OVH with Mesos/Marathon June 28th 2016 @devatoria @brouberol Devops / Python charmer

Docker@OVH with Mesos/Marathon June 28th 2016 @devatoria @brouberol Devops / Python charmer

Docker@OVH with Mesos/Marathon June 28th 2016 @devatoria @brouberol Devops / Python charmer Devops / Golang artist The Docker ecosystem Docker Engine : run containerized processes (aka: containers) Docker Compose : run multi-container

381 views • 13 slides
docker service is the new docker run Getting Started with Docker Clustering Mike Goelzer /

docker service is the new docker run Getting Started with Docker Clustering Mike Goelzer /

docker service is the new docker run Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker run nginx 2013-14 docker run -p 3375:2375 swarm ; 2014-15

688 views • 34 slides
Network Virtualization What is Network Virtualization? Abstraction of the physical network

Network Virtualization What is Network Virtualization? Abstraction of the physical network

Network Virtualization What is Network Virtualization? Abstraction of the physical network Support for multiple logical networks running on a common shared physical substrate A container of network services Aspects of the

589 views • 21 slides
Developing and Testing Java Microservices on Docker Todd Fasullo Dir. Engineering 4/20/2016

Developing and Testing Java Microservices on Docker Todd Fasullo Dir. Engineering 4/20/2016

Developing and Testing Java Microservices on Docker Todd Fasullo Dir. Engineering 4/20/2016 Agenda Who is Smartsheet + why we started using Docker Docker fundamentals Demo - creating a service Demo - building service + Docker container Demo

510 views • 29 slides
Isolating Processes using Docker User Namespaces and Seccomp 4 October 2016 Paul Novarese

Isolating Processes using Docker User Namespaces and Seccomp 4 October 2016 Paul Novarese

Isolating Processes using Docker User Namespaces and Seccomp 4 October 2016 Paul Novarese Technical Account Manager Docker, Inc. pvn@docker.com @pvn Agenda Preliminaries Container Security Considerations Containment

585 views • 20 slides

More recommend